orbitchat 3.10.8 → 3.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/bin/orbitchat.js +4 -0
  2. package/dist/assets/ChartRenderer-6ita77oC.js +97 -0
  3. package/dist/assets/{MermaidRenderer-BNgxU_bM.js → MermaidRenderer-B_R73JsW.js} +60 -60
  4. package/dist/assets/MusicRenderer-CPyadT-W.js +18 -0
  5. package/dist/assets/SVGRenderer-Cchy5MKU.js +6 -0
  6. package/dist/assets/architectureDiagram-3BPJPVTR-Bz1EN93N.js +36 -0
  7. package/dist/assets/{blockDiagram-GPEHLZMM-C_xOdSW3.js → blockDiagram-GPEHLZMM-CHYDm_Lr.js} +2 -2
  8. package/dist/assets/{c4Diagram-AAUBKEIU-CfvQYM_q.js → c4Diagram-AAUBKEIU-B_6S0PMo.js} +4 -4
  9. package/dist/assets/channel-CWHSY5eE.js +1 -0
  10. package/dist/assets/{chunk-2J33WTMH-DeY8TrNw.js → chunk-2J33WTMH-BV3EfJJt.js} +1 -1
  11. package/dist/assets/{chunk-4BX2VUAB-DIj3bLrU.js → chunk-4BX2VUAB-BcKFg9ac.js} +1 -1
  12. package/dist/assets/{chunk-55IACEB6-I4-oEJEd.js → chunk-55IACEB6-CxpA0yYo.js} +1 -1
  13. package/dist/assets/{chunk-727SXJPM-DCx2l0Oh.js → chunk-727SXJPM-C6ztUlOi.js} +1 -1
  14. package/dist/assets/{chunk-AQP2D5EJ-D4KlRvHF.js → chunk-AQP2D5EJ-D0QacfL_.js} +1 -1
  15. package/dist/assets/{chunk-FMBD7UC4-CqHLqk3L.js → chunk-FMBD7UC4-BpZP0Y5U.js} +1 -1
  16. package/dist/assets/{chunk-ND2GUHAM-CHJjdC0m.js → chunk-ND2GUHAM-CIMv0vkh.js} +1 -1
  17. package/dist/assets/{chunk-QZHKN3VN-slcsUOxD.js → chunk-QZHKN3VN-BLoQ7vNo.js} +1 -1
  18. package/dist/assets/classDiagram-4FO5ZUOK-BwRqrNXe.js +1 -0
  19. package/dist/assets/classDiagram-v2-Q7XG4LA2-BwRqrNXe.js +1 -0
  20. package/dist/assets/cose-bilkent-S5V4N54A-mbAzpJrA.js +1 -0
  21. package/dist/assets/dagre-BM42HDAG-BQ7-MHMw.js +4 -0
  22. package/dist/assets/diagram-2AECGRRQ-C0ZixFtN.js +43 -0
  23. package/dist/assets/diagram-5GNKFQAL-DBgq4hcl.js +10 -0
  24. package/dist/assets/{diagram-KO2AKTUF-7mueA6fZ.js → diagram-KO2AKTUF-CqwtJ8Ej.js} +2 -2
  25. package/dist/assets/diagram-LMA3HP47-D6J87aBh.js +24 -0
  26. package/dist/assets/diagram-OG6HWLK6-Bf54QS67.js +24 -0
  27. package/dist/assets/{erDiagram-TEJ5UH35-hortthG_.js → erDiagram-TEJ5UH35-qNkhON0R.js} +13 -13
  28. package/dist/assets/{flowDiagram-I6XJVG4X-DgvKpDc5.js → flowDiagram-I6XJVG4X-BwQGcinJ.js} +2 -2
  29. package/dist/assets/{ganttDiagram-6RSMTGT7-DR5xWqhT.js → ganttDiagram-6RSMTGT7-B-WPdey_.js} +2 -2
  30. package/dist/assets/gitGraphDiagram-PVQCEYII-DFG0aAjb.js +106 -0
  31. package/dist/assets/graphExportUtils-DrqBjeAI.js +1 -0
  32. package/dist/assets/index-DWeVNozJ.js +379 -0
  33. package/dist/assets/index-UF7Fwxkp.css +1 -0
  34. package/dist/assets/infoDiagram-5YYISTIA-C02VmOAb.js +2 -0
  35. package/dist/assets/{ishikawaDiagram-YF4QCWOH-8YrFferA.js → ishikawaDiagram-YF4QCWOH-Btfoip0T.js} +2 -2
  36. package/dist/assets/{journeyDiagram-JHISSGLW-Bix7jj_6.js → journeyDiagram-JHISSGLW-MVzNSI30.js} +4 -4
  37. package/dist/assets/{kanban-definition-UN3LZRKU-CJP7JJpX.js → kanban-definition-UN3LZRKU-BnLLL1jo.js} +9 -9
  38. package/dist/assets/{mindmap-definition-RKZ34NQL-Dk78wf-k.js → mindmap-definition-RKZ34NQL-tn7nCqb-.js} +2 -2
  39. package/dist/assets/pieDiagram-4H26LBE5-CHgnNebB.js +30 -0
  40. package/dist/assets/{quadrantDiagram-W4KKPZXB-DhA3Ltj3.js → quadrantDiagram-W4KKPZXB-Bm7UohUT.js} +2 -2
  41. package/dist/assets/{requirementDiagram-4Y6WPE33-BwRKT1Ti.js → requirementDiagram-4Y6WPE33-BP-byfJK.js} +2 -2
  42. package/dist/assets/sankeyDiagram-5OEKKPKP-CxvcmFYi.js +40 -0
  43. package/dist/assets/{sequenceDiagram-3UESZ5HK-IjZb9M7w.js → sequenceDiagram-3UESZ5HK-BFEVEsXC.js} +14 -14
  44. package/dist/assets/stateDiagram-AJRCARHV-DEYpacKC.js +1 -0
  45. package/dist/assets/stateDiagram-v2-BHNVJYJU-BBm-kMbL.js +1 -0
  46. package/dist/assets/{timeline-definition-PNZ67QCA-ZZ8vXqsw.js → timeline-definition-PNZ67QCA-IXjMR4fY.js} +2 -2
  47. package/dist/assets/{vendor-auth-CF3lY_Q5.js → vendor-auth-BWxE55Ta.js} +1 -1
  48. package/dist/assets/{vennDiagram-CIIHVFJN-Dqi0_zje.js → vennDiagram-CIIHVFJN-DznHQ1BW.js} +2 -2
  49. package/dist/assets/{wardleyDiagram-YWT4CUSO-D7_vAxp3.js → wardleyDiagram-YWT4CUSO-BV1onbUZ.js} +2 -2
  50. package/dist/assets/{xychartDiagram-2RQKCTM6-BgFNWh3u.js → xychartDiagram-2RQKCTM6-45qjdQfn.js} +2 -2
  51. package/dist/index.html +3 -3
  52. package/package.json +5 -3
  53. package/dist/assets/ChartRenderer-DmEe5ux0.js +0 -105
  54. package/dist/assets/MusicRenderer-fgx5dq-k.js +0 -18
  55. package/dist/assets/SVGRenderer-CZNFFAA_.js +0 -6
  56. package/dist/assets/architectureDiagram-3BPJPVTR-Bfi6eFLn.js +0 -36
  57. package/dist/assets/channel-zLwrxaPB.js +0 -1
  58. package/dist/assets/classDiagram-4FO5ZUOK-CDbYhIhU.js +0 -1
  59. package/dist/assets/classDiagram-v2-Q7XG4LA2-CDbYhIhU.js +0 -1
  60. package/dist/assets/cose-bilkent-S5V4N54A-HnZrIUzr.js +0 -1
  61. package/dist/assets/dagre-BM42HDAG-Cl88doFf.js +0 -4
  62. package/dist/assets/diagram-2AECGRRQ-2lPidS0l.js +0 -43
  63. package/dist/assets/diagram-5GNKFQAL-_tROgYB3.js +0 -10
  64. package/dist/assets/diagram-LMA3HP47-BxKOasa5.js +0 -24
  65. package/dist/assets/diagram-OG6HWLK6-Bwf3i6eI.js +0 -24
  66. package/dist/assets/gitGraphDiagram-PVQCEYII-RJLy0nV8.js +0 -106
  67. package/dist/assets/index-DnyY0OCY.js +0 -366
  68. package/dist/assets/index-DqIwGcah.css +0 -1
  69. package/dist/assets/infoDiagram-5YYISTIA-CdzF2MjL.js +0 -2
  70. package/dist/assets/pieDiagram-4H26LBE5-DkAjb9PV.js +0 -30
  71. package/dist/assets/sankeyDiagram-5OEKKPKP-Cq7Z3xZr.js +0 -40
  72. package/dist/assets/stateDiagram-AJRCARHV-CbH0JxsR.js +0 -1
  73. package/dist/assets/stateDiagram-v2-BHNVJYJU-CzKw24Ws.js +0 -1
@@ -2,4 +2,4 @@ import{r as L,R as Sl}from"./vendor-markdown-BRX1CUPf.js";var gs=function(r,e){r
2
2
  In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)})()}function op(r){return function(){return new Sr(r.apply(this,arguments))}}function Sr(r){var e,t;function n(i,s){try{var a=r[i](s),c=a.value,l=c instanceof El;Promise.resolve(l?c.v:c).then(function(h){if(l){var d=i==="return"&&c.k?i:"next";if(!c.k||h.done)return n(d,h);h=r[d](h).value}o(!!a.done,h)},function(h){n("throw",h)})}catch(h){o(2,h)}}function o(i,s){i===2?e.reject(s):e.resolve({value:s,done:i}),(e=e.next)?n(e.key,e.arg):t=null}this._invoke=function(i,s){return new Promise(function(a,c){var l={key:i,arg:s,resolve:a,reject:c,next:null};t?t=t.next=l:(e=t=l,n(i,s))})},typeof r.return!="function"&&(this.return=void 0)}typeof SuppressedError=="function"&&SuppressedError,Sr.prototype[typeof Symbol=="function"&&Symbol.asyncIterator||"@@asyncIterator"]=function(){return this},Sr.prototype.next=function(r){return this._invoke("next",r)},Sr.prototype.throw=function(r){return this._invoke("throw",r)},Sr.prototype.return=function(r){return this._invoke("return",r)};const ip={timeoutInSeconds:60},ms=1e4,Dc="memory",ys={name:"auth0-spa-js",version:"2.21.2"},Pl=()=>Date.now(),ye="default";class ne extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,ne.prototype)}static fromPayload(e){let t=e.error,n=e.error_description;return new ne(t,n)}}class na extends ne{constructor(e,t,n){let o=arguments.length>3&&arguments[3]!==void 0?arguments[3]:null;super(e,t),this.state=n,this.appState=o,Object.setPrototypeOf(this,na.prototype)}}class ra extends ne{constructor(e,t,n,o){let i=arguments.length>4&&arguments[4]!==void 0?arguments[4]:null;super(e,t),this.connection=n,this.state=o,this.appState=i,Object.setPrototypeOf(this,ra.prototype)}}class nr extends ne{constructor(){super("timeout","Timeout"),Object.setPrototypeOf(this,nr.prototype)}}class oa extends nr{constructor(e){super(),this.popup=e,Object.setPrototypeOf(this,oa.prototype)}}class ia extends ne{constructor(e){super("cancelled","Popup closed"),this.popup=e,Object.setPrototypeOf(this,ia.prototype)}}class sa extends ne{constructor(){super("popup_open","Unable to open a popup for loginWithPopup - window.open returned `null`"),Object.setPrototypeOf(this,sa.prototype)}}class Fr extends ne{constructor(e,t,n,o){super(e,t),this.mfa_token=n,this.mfa_requirements=o,Object.setPrototypeOf(this,Fr.prototype)}}class pi extends ne{constructor(e,t){super("missing_refresh_token","Missing Refresh Token (audience: '".concat(Ho(e,["default"]),"', scope: '").concat(Ho(t),"')")),this.audience=e,this.scope=t,Object.setPrototypeOf(this,pi.prototype)}}class aa extends ne{constructor(e,t){super("missing_scopes","Missing requested scopes after refresh (audience: '".concat(Ho(e,["default"]),"', missing scope: '").concat(Ho(t),"')")),this.audience=e,this.scope=t,Object.setPrototypeOf(this,aa.prototype)}}class fi extends ne{constructor(e){super("use_dpop_nonce","Server rejected DPoP proof: wrong nonce"),this.newDpopNonce=e,Object.setPrototypeOf(this,fi.prototype)}}function Ho(r){return r&&!(arguments.length>1&&arguments[1]!==void 0?arguments[1]:[]).includes(r)?r:""}const Ko=()=>window.crypto,dr=()=>{const r="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";let e="";for(;e.length<43;){const t=Ko().getRandomValues(new Uint8Array(43-e.length));for(const n of t)e.length<43&&n<198&&(e+=r[n%66])}return e},Oi=r=>btoa(r),sp=[{key:"name",type:["string"]},{key:"version",type:["string","number"]},{key:"env",type:["object"]}],ws=function(r){let e=arguments.length>1&&arguments[1]!==void 0&&arguments[1];return Object.keys(r).reduce((t,n)=>{if(e&&n==="env")return t;const o=sp.find(i=>i.key===n);return o&&o.type.includes(typeof r[n])&&(t[n]=r[n]),t},{})},Er=r=>{var e=r.clientId,t=Ne(r,["clientId"]);return new URLSearchParams((n=>Object.keys(n).filter(o=>n[o]!==void 0).reduce((o,i)=>Object.assign(Object.assign({},o),{[i]:n[i]}),{}))(Object.assign({client_id:e},t))).toString()},Lc=async r=>await Ko().subtle.digest({name:"SHA-256"},new TextEncoder().encode(r)),Hc=r=>(e=>decodeURIComponent(atob(e).split("").map(t=>"%"+("00"+t.charCodeAt(0).toString(16)).slice(-2)).join("")))(r.replace(/_/g,"/").replace(/-/g,"+")),Kc=r=>{const e=new Uint8Array(r);return(t=>{const n={"+":"-","/":"_","=":""};return t.replace(/[+/=]/g,o=>n[o])})(window.btoa(String.fromCharCode(...Array.from(e))))};var wn=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{},Ol={},ca={};Object.defineProperty(ca,"__esModule",{value:!0});var ap=(function(){function r(){var e=this;this.locked=new Map,this.addToLocked=function(t,n){var o=e.locked.get(t);o===void 0?n===void 0?e.locked.set(t,[]):e.locked.set(t,[n]):n!==void 0&&(o.unshift(n),e.locked.set(t,o))},this.isLocked=function(t){return e.locked.has(t)},this.lock=function(t){return new Promise(function(n,o){e.isLocked(t)?e.addToLocked(t,n):(e.addToLocked(t),n())})},this.unlock=function(t){var n=e.locked.get(t);if(n!==void 0&&n.length!==0){var o=n.pop();e.locked.set(t,n),o!==void 0&&setTimeout(o,0)}else e.locked.delete(t)}}return r.getInstance=function(){return r.instance===void 0&&(r.instance=new r),r.instance},r})();ca.default=function(){return ap.getInstance()};var $e=wn&&wn.__awaiter||function(r,e,t,n){return new(t||(t=Promise))(function(o,i){function s(l){try{c(n.next(l))}catch(h){i(h)}}function a(l){try{c(n.throw(l))}catch(h){i(h)}}function c(l){l.done?o(l.value):new t(function(h){h(l.value)}).then(s,a)}c((n=n.apply(r,e||[])).next())})},Xe=wn&&wn.__generator||function(r,e){var t,n,o,i,s={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:a(0),throw:a(1),return:a(2)},typeof Symbol=="function"&&(i[Symbol.iterator]=function(){return this}),i;function a(c){return function(l){return(function(h){if(t)throw new TypeError("Generator is already executing.");for(;s;)try{if(t=1,n&&(o=2&h[0]?n.return:h[0]?n.throw||((o=n.return)&&o.call(n),0):n.next)&&!(o=o.call(n,h[1])).done)return o;switch(n=0,o&&(h=[2&h[0],o.value]),h[0]){case 0:case 1:o=h;break;case 4:return s.label++,{value:h[1],done:!1};case 5:s.label++,n=h[1],h=[0];continue;case 7:h=s.ops.pop(),s.trys.pop();continue;default:if(o=s.trys,!((o=o.length>0&&o[o.length-1])||h[0]!==6&&h[0]!==2)){s=0;continue}if(h[0]===3&&(!o||h[1]>o[0]&&h[1]<o[3])){s.label=h[1];break}if(h[0]===6&&s.label<o[1]){s.label=o[1],o=h;break}if(o&&s.label<o[2]){s.label=o[2],s.ops.push(h);break}o[2]&&s.ops.pop(),s.trys.pop();continue}h=e.call(r,s)}catch(d){h=[6,d],n=0}finally{t=o=0}if(5&h[0])throw h[1];return{value:h[0]?h[1]:void 0,done:!0}})([c,l])}}},ur=wn;Object.defineProperty(Ol,"__esModule",{value:!0});var Sn=ca,Ni="browser-tabs-lock-key",lo={key:function(r){return $e(ur,void 0,void 0,function(){return Xe(this,function(e){throw new Error("Unsupported")})})},getItem:function(r){return $e(ur,void 0,void 0,function(){return Xe(this,function(e){throw new Error("Unsupported")})})},clear:function(){return $e(ur,void 0,void 0,function(){return Xe(this,function(r){return[2,window.localStorage.clear()]})})},removeItem:function(r){return $e(ur,void 0,void 0,function(){return Xe(this,function(e){throw new Error("Unsupported")})})},setItem:function(r,e){return $e(ur,void 0,void 0,function(){return Xe(this,function(t){throw new Error("Unsupported")})})},keySync:function(r){return window.localStorage.key(r)},getItemSync:function(r){return window.localStorage.getItem(r)},clearSync:function(){return window.localStorage.clear()},removeItemSync:function(r){return window.localStorage.removeItem(r)},setItemSync:function(r,e){return window.localStorage.setItem(r,e)}};function xi(r){return new Promise(function(e){return setTimeout(e,r)})}function Mi(r){for(var e="0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz",t="",n=0;n<r;n++)t+=e[Math.floor(61*Math.random())];return t}var cp=(function(){function r(e){this.acquiredIatSet=new Set,this.storageHandler=void 0,this.id=Date.now().toString()+Mi(15),this.acquireLock=this.acquireLock.bind(this),this.releaseLock=this.releaseLock.bind(this),this.releaseLock__private__=this.releaseLock__private__.bind(this),this.waitForSomethingToChange=this.waitForSomethingToChange.bind(this),this.refreshLockWhileAcquired=this.refreshLockWhileAcquired.bind(this),this.storageHandler=e,r.waiters===void 0&&(r.waiters=[])}return r.prototype.acquireLock=function(e,t){return t===void 0&&(t=5e3),$e(this,void 0,void 0,function(){var n,o,i,s,a,c,l;return Xe(this,function(h){switch(h.label){case 0:n=Date.now()+Mi(4),o=Date.now()+t,i=Ni+"-"+e,s=this.storageHandler===void 0?lo:this.storageHandler,h.label=1;case 1:return Date.now()<o?[4,xi(30)]:[3,8];case 2:return h.sent(),s.getItemSync(i)!==null?[3,5]:(a=this.id+"-"+e+"-"+n,[4,xi(Math.floor(25*Math.random()))]);case 3:return h.sent(),s.setItemSync(i,JSON.stringify({id:this.id,iat:n,timeoutKey:a,timeAcquired:Date.now(),timeRefreshed:Date.now()})),[4,xi(30)];case 4:return h.sent(),(c=s.getItemSync(i))!==null&&(l=JSON.parse(c)).id===this.id&&l.iat===n?(this.acquiredIatSet.add(n),this.refreshLockWhileAcquired(i,n),[2,!0]):[3,7];case 5:return r.lockCorrector(this.storageHandler===void 0?lo:this.storageHandler),[4,this.waitForSomethingToChange(o)];case 6:h.sent(),h.label=7;case 7:return n=Date.now()+Mi(4),[3,1];case 8:return[2,!1]}})})},r.prototype.refreshLockWhileAcquired=function(e,t){return $e(this,void 0,void 0,function(){var n=this;return Xe(this,function(o){return setTimeout(function(){return $e(n,void 0,void 0,function(){var i,s,a;return Xe(this,function(c){switch(c.label){case 0:return[4,Sn.default().lock(t)];case 1:return c.sent(),this.acquiredIatSet.has(t)?(i=this.storageHandler===void 0?lo:this.storageHandler,(s=i.getItemSync(e))===null?(Sn.default().unlock(t),[2]):((a=JSON.parse(s)).timeRefreshed=Date.now(),i.setItemSync(e,JSON.stringify(a)),Sn.default().unlock(t),this.refreshLockWhileAcquired(e,t),[2])):(Sn.default().unlock(t),[2])}})})},1e3),[2]})})},r.prototype.waitForSomethingToChange=function(e){return $e(this,void 0,void 0,function(){return Xe(this,function(t){switch(t.label){case 0:return[4,new Promise(function(n){var o=!1,i=Date.now(),s=!1;function a(){if(s||(window.removeEventListener("storage",a),r.removeFromWaiting(a),clearTimeout(c),s=!0),!o){o=!0;var l=50-(Date.now()-i);l>0?setTimeout(n,l):n(null)}}window.addEventListener("storage",a),r.addToWaiting(a);var c=setTimeout(a,Math.max(0,e-Date.now()))})];case 1:return t.sent(),[2]}})})},r.addToWaiting=function(e){this.removeFromWaiting(e),r.waiters!==void 0&&r.waiters.push(e)},r.removeFromWaiting=function(e){r.waiters!==void 0&&(r.waiters=r.waiters.filter(function(t){return t!==e}))},r.notifyWaiters=function(){r.waiters!==void 0&&r.waiters.slice().forEach(function(e){return e()})},r.prototype.releaseLock=function(e){return $e(this,void 0,void 0,function(){return Xe(this,function(t){switch(t.label){case 0:return[4,this.releaseLock__private__(e)];case 1:return[2,t.sent()]}})})},r.prototype.releaseLock__private__=function(e){return $e(this,void 0,void 0,function(){var t,n,o,i;return Xe(this,function(s){switch(s.label){case 0:return t=this.storageHandler===void 0?lo:this.storageHandler,n=Ni+"-"+e,(o=t.getItemSync(n))===null?[2]:(i=JSON.parse(o)).id!==this.id?[3,2]:[4,Sn.default().lock(i.iat)];case 1:s.sent(),this.acquiredIatSet.delete(i.iat),t.removeItemSync(n),Sn.default().unlock(i.iat),r.notifyWaiters(),s.label=2;case 2:return[2]}})})},r.lockCorrector=function(e){for(var t=Date.now()-5e3,n=e,o=[],i=0;;){var s=n.keySync(i);if(s===null)break;o.push(s),i++}for(var a=!1,c=0;c<o.length;c++){var l=o[c];if(l.includes(Ni)){var h=n.getItemSync(l);if(h!==null){var d=JSON.parse(h);(d.timeRefreshed===void 0&&d.timeAcquired<t||d.timeRefreshed!==void 0&&d.timeRefreshed<t)&&(n.removeItemSync(l),a=!0)}}}a&&r.notifyWaiters()},r.waiters=void 0,r})(),hp=Ol.default=cp;class lp{async runWithLock(e,t,n){const o=new AbortController,i=setTimeout(()=>o.abort(),t);try{return await navigator.locks.request(e,{mode:"exclusive",signal:o.signal},async s=>{if(clearTimeout(i),!s)throw new Error("Lock not available");return await n()})}catch(s){throw clearTimeout(i),(s==null?void 0:s.name)==="AbortError"?new nr:s}}}class dp{constructor(){this.activeLocks=new Set,this.lock=new hp,this.pagehideHandler=()=>{this.activeLocks.forEach(e=>this.lock.releaseLock(e)),this.activeLocks.clear()}}async runWithLock(e,t,n){let o=!1;for(let i=0;i<10&&!o;i++)o=await this.lock.acquireLock(e,t);if(!o)throw new nr;this.activeLocks.add(e),this.activeLocks.size===1&&typeof window<"u"&&window.addEventListener("pagehide",this.pagehideHandler);try{return await n()}finally{this.activeLocks.delete(e),await this.lock.releaseLock(e),this.activeLocks.size===0&&typeof window<"u"&&window.removeEventListener("pagehide",this.pagehideHandler)}}}function up(){return typeof navigator<"u"&&typeof((r=navigator.locks)===null||r===void 0?void 0:r.request)=="function"?new lp:new dp;var r}let Ui=null;const pp=new TextEncoder,fp=new TextDecoder;function Nr(r){return typeof r=="string"?pp.encode(r):fp.decode(r)}function Fc(r){if(typeof r.modulusLength!="number"||r.modulusLength<2048)throw new mp(`${r.name} modulusLength must be at least 2048 bits`)}async function gp(r,e,t){if(t.usages.includes("sign")===!1)throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');const n=`${xr(Nr(JSON.stringify(r)))}.${xr(Nr(JSON.stringify(e)))}`;return`${n}.${xr(await crypto.subtle.sign((function(o){switch(o.algorithm.name){case"ECDSA":return{name:o.algorithm.name,hash:"SHA-256"};case"RSA-PSS":return Fc(o.algorithm),{name:o.algorithm.name,saltLength:32};case"RSASSA-PKCS1-v1_5":return Fc(o.algorithm),{name:o.algorithm.name};case"Ed25519":return{name:o.algorithm.name}}throw new dn})(t),t,Nr(n)))}`}let vs;Uint8Array.prototype.toBase64?vs=r=>(r instanceof ArrayBuffer&&(r=new Uint8Array(r)),r.toBase64({alphabet:"base64url",omitPadding:!0})):vs=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function xr(r){return vs(r)}class dn extends Error{constructor(e){var t;super(e??"operation not supported"),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}class mp extends Error{constructor(e){var t;super(e),this.name=this.constructor.name,(t=Error.captureStackTrace)===null||t===void 0||t.call(Error,this,this.constructor)}}function yp(r){switch(r.algorithm.name){case"RSA-PSS":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"PS256";throw new dn("unsupported RsaHashedKeyAlgorithm hash name")})(r);case"RSASSA-PKCS1-v1_5":return(function(e){if(e.algorithm.hash.name==="SHA-256")return"RS256";throw new dn("unsupported RsaHashedKeyAlgorithm hash name")})(r);case"ECDSA":return(function(e){if(e.algorithm.namedCurve==="P-256")return"ES256";throw new dn("unsupported EcKeyAlgorithm namedCurve")})(r);case"Ed25519":return"Ed25519";default:throw new dn("unsupported CryptoKey algorithm name")}}function Nl(r){return r instanceof CryptoKey}function xl(r){return Nl(r)&&r.type==="public"}async function wp(r,e,t,n,o,i){const s=r==null?void 0:r.privateKey,a=r==null?void 0:r.publicKey;if(!Nl(c=s)||c.type!=="private")throw new TypeError('"keypair.privateKey" must be a private CryptoKey');var c;if(!xl(a))throw new TypeError('"keypair.publicKey" must be a public CryptoKey');if(a.extractable!==!0)throw new TypeError('"keypair.publicKey.extractable" must be true');if(typeof e!="string")throw new TypeError('"htu" must be a string');if(typeof t!="string")throw new TypeError('"htm" must be a string');if(n!==void 0&&typeof n!="string")throw new TypeError('"nonce" must be a string or undefined');if(o!==void 0&&typeof o!="string")throw new TypeError('"accessToken" must be a string or undefined');return gp({alg:yp(s),typ:"dpop+jwt",jwk:await Ml(a)},Object.assign(Object.assign({},i),{iat:Math.floor(Date.now()/1e3),jti:crypto.randomUUID(),htm:t,nonce:n,htu:e,ath:o?xr(await crypto.subtle.digest("SHA-256",Nr(o))):void 0}),s)}async function Ml(r){const{kty:e,e:t,n,x:o,y:i,crv:s}=await crypto.subtle.exportKey("jwk",r);return{kty:e,crv:s,e:t,n,x:o,y:i}}const Ul="dpop-nonce",vp=["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:token-exchange","urn:okta:params:oauth:grant-type:webauthn","http://auth0.com/oauth/grant-type/mfa-oob","http://auth0.com/oauth/grant-type/mfa-otp","http://auth0.com/oauth/grant-type/mfa-recovery-code"];function bp(){return(async function(r,e){var t;let n;if(r.length===0)throw new TypeError('"alg" must be a non-empty string');switch(r){case"PS256":n={name:"RSA-PSS",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"RS256":n={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256",modulusLength:2048,publicExponent:new Uint8Array([1,0,1])};break;case"ES256":n={name:"ECDSA",namedCurve:"P-256"};break;case"Ed25519":n={name:"Ed25519"};break;default:throw new dn}return crypto.subtle.generateKey(n,(t=e==null?void 0:e.extractable)!==null&&t!==void 0&&t,["sign","verify"])})("ES256",{extractable:!1})}function Cp(r){return(async function(e){if(!xl(e))throw new TypeError('"publicKey" must be a public CryptoKey');if(e.extractable!==!0)throw new TypeError('"publicKey.extractable" must be true');const t=await Ml(e);let n;switch(t.kty){case"EC":n={crv:t.crv,kty:t.kty,x:t.x,y:t.y};break;case"OKP":n={crv:t.crv,kty:t.kty,x:t.x};break;case"RSA":n={e:t.e,kty:t.kty,n:t.n};break;default:throw new dn("unsupported JWK kty")}return xr(await crypto.subtle.digest({name:"SHA-256"},Nr(JSON.stringify(n))))})(r.publicKey)}function Tp(r){let e=r.keyPair,t=r.url,n=r.method,o=r.nonce,i=r.accessToken;const s=(function(a){const c=new URL(a);return c.search="",c.hash="",c.href})(t);return wp(e,s,n,o,i)}const bs=(r,e)=>new Promise(function(t,n){const o=new MessageChannel;o.port1.onmessage=function(i){i.data.error?n(new Error(i.data.error)):t(i.data),o.port1.close()},e.postMessage(r,[o.port2])}),Dl=(r,e,t)=>{const n=new AbortController;let o;return e.signal=n.signal,Promise.race([fetch(r,e),new Promise((i,s)=>{o=setTimeout(()=>{n.abort(),s(new Error("Timeout when executing 'fetch'"))},t)})]).finally(()=>{clearTimeout(o)})},kp=async function(r,e,t,n,o,i){let s=arguments.length>6&&arguments[6]!==void 0?arguments[6]:ms;return o?(async(a,c,l,h,d,p,u,f,g)=>bs({type:"refresh",auth:{audience:c,scope:l},timeout:d,fetchUrl:a,fetchOptions:h,useFormData:u,useMrrt:f,skipTokenStorage:g},p))(r,e,t,n,s,o,i,arguments.length>7?arguments[7]:void 0,arguments.length>8?arguments[8]:void 0):(async(a,c,l)=>{const h=await Dl(a,c,l);return{ok:h.ok,json:await h.json(),headers:(d=h.headers,[...d].reduce((p,u)=>{let f=Ke(u,2),g=f[0],y=f[1];return p[g]=y,p},{}))};var d})(r,n,s)};async function Ll(r,e,t,n,o,i,s,a,c,l,h){if(c){const _=await c.generateProof({url:r,method:o.method||"GET",nonce:await c.getNonce()});o.headers=Object.assign(Object.assign({},o.headers),{dpop:_})}let d,p=null;for(let _=0;_<3;_++)try{d=await kp(r,t,n,o,i,s,e,a,h),p=null;break}catch(O){p=O}if(p)throw p;const u=d.json,f=u.error,g=u.error_description,y=Ne(u,["error","error_description"]),m=d,b=m.headers,C=m.ok;let k;if(c&&(k=b[Ul],k&&await c.setNonce(k)),!C){const _=g||"HTTP error. Unable to fetch ".concat(r);if(f==="mfa_required")throw new Fr(f,_,y.mfa_token,y.mfa_requirements);if(f==="missing_refresh_token")throw new pi(t,n);if(f==="use_dpop_nonce"){if(!c||!k||l)throw new fi(k);return Ll(r,e,t,n,o,i,s,a,c,!0,h)}throw new ne(f||"request_error",_)}return y}async function jc(r,e,t){var n=r.baseUrl,o=r.timeout,i=r.audience,s=r.scope,a=r.auth0Client,c=r.useFormData,l=r.useMrrt,h=r.dpop,d=Ne(r,["baseUrl","timeout","audience","scope","auth0Client","useFormData","useMrrt","dpop"]);const p=d.grant_type==="urn:ietf:params:oauth:grant-type:token-exchange",u=d.grant_type==="urn:okta:params:oauth:grant-type:webauthn",f=d.grant_type==="refresh_token"&&l,g=p||u||f,y=Object.assign(Object.assign(Object.assign({},d),g&&i&&{audience:i}),g&&s&&{scope:s}),m=u||!c,b=m?JSON.stringify(y):Er(y),C=(k=d.grant_type,vp.includes(k));var k;return await Ll("".concat(n,"/oauth/token"),o,i||ye,s,{method:"POST",body:b,headers:{"Content-Type":m?"application/json":"application/x-www-form-urlencoded","Auth0-Client":btoa(JSON.stringify(ws(a||ys)))}},e,c,l,C?h:void 0,void 0,t)}const Po=function(){for(var r=arguments.length,e=new Array(r),t=0;t<r;t++)e[t]=arguments[t];return(n=e.filter(Boolean).join(" ").trim().split(/\s+/),Array.from(new Set(n))).join(" ");var n},pr=(r,e,t)=>{let n;return t&&(n=r[t]),n||(n=r[ye]),Po(n,e)},un="@@auth0spajs@@",xn="@@user@@";class xe{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:un,n=arguments.length>2?arguments[2]:void 0;this.prefix=t,this.suffix=n,this.clientId=e.clientId,this.scope=e.scope,this.audience=e.audience}toKey(){return[this.prefix,this.clientId,this.audience,this.scope,this.suffix].filter(Boolean).join("::")}static fromKey(e){const t=Ke(e.split("::"),4),n=t[0],o=t[1],i=t[2],s=t[3];return new xe({clientId:o,scope:s,audience:i},n)}static fromCacheEntry(e){const t=e.scope,n=e.audience,o=e.client_id;return new xe({scope:t,audience:n,clientId:o})}}class _p{set(e,t){localStorage.setItem(e,JSON.stringify(t))}get(e){const t=window.localStorage.getItem(e);if(t)try{return JSON.parse(t)}catch{return}}remove(e){localStorage.removeItem(e)}allKeys(){return Object.keys(window.localStorage).filter(e=>e.startsWith(un))}}class Hl{constructor(){this.enclosedCache=(function(){let e={};return{set(t,n){e[t]=n},get(t){const n=e[t];if(n)return n},remove(t){delete e[t]},allKeys:()=>Object.keys(e)}})()}}class Ip{constructor(e,t,n){this.cache=e,this.keyManifest=t,this.nowProvider=n||Pl}async setIdToken(e,t,n){var o;const i=this.getIdTokenCacheKey(e);await this.cache.set(i,{id_token:t,decodedToken:n}),await((o=this.keyManifest)===null||o===void 0?void 0:o.add(i))}async getIdToken(e){const t=await this.cache.get(this.getIdTokenCacheKey(e.clientId));if(!t&&e.scope&&e.audience){const n=await this.get(e);return!n||!n.id_token||!n.decodedToken?void 0:{id_token:n.id_token,decodedToken:n.decodedToken}}if(t)return{id_token:t.id_token,decodedToken:t.decodedToken}}async get(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:0,n=arguments.length>2&&arguments[2]!==void 0&&arguments[2],o=arguments.length>3?arguments[3]:void 0;var i;let s=await this.cache.get(e.toKey()),a=e;if(!s){const h=await this.getCacheKeys();if(!h)return;const d=this.matchExistingCacheKey(e,h);if(d&&(s=await this.cache.get(d),a=xe.fromKey(d)),!s&&n&&o!=="cache-only")return this.getEntryWithRefreshToken(e,h)}if(!s)return;const c=await this.nowProvider(),l=Math.floor(c/1e3);return s.expiresAt-t<l?s.body.refresh_token?this.modifiedCachedEntry(s,a):(await this.cache.remove(a.toKey()),void await((i=this.keyManifest)===null||i===void 0?void 0:i.remove(a.toKey()))):s.body}async modifiedCachedEntry(e,t){const n={refresh_token:e.body.refresh_token,audience:e.body.audience,scope:e.body.scope},o={body:n,expiresAt:e.expiresAt};return await this.cache.set(t.toKey(),o),{refresh_token:n.refresh_token,audience:n.audience,scope:n.scope}}async set(e){var t;const n=new xe({clientId:e.client_id,scope:e.scope,audience:e.audience}),o=await this.wrapCacheEntry(e);await this.cache.set(n.toKey(),o),await((t=this.keyManifest)===null||t===void 0?void 0:t.add(n.toKey()))}async remove(e,t,n){const o=new xe({clientId:e,scope:n,audience:t});await this.cache.remove(o.toKey())}async stripRefreshToken(e){var t;const n=await this.getCacheKeys();if(n)for(const o of n){const i=await this.cache.get(o);((t=i==null?void 0:i.body)===null||t===void 0?void 0:t.refresh_token)===e&&(delete i.body.refresh_token,await this.cache.set(o,i))}}async clear(e){var t;const n=await this.getCacheKeys();n&&(await n.filter(o=>!e||o.includes(e)).reduce(async(o,i)=>{await o,await this.cache.remove(i)},Promise.resolve()),await((t=this.keyManifest)===null||t===void 0?void 0:t.clear()))}async wrapCacheEntry(e){const t=await this.nowProvider();return{body:e,expiresAt:Math.floor(t/1e3)+e.expires_in}}async getCacheKeys(){var e;return this.keyManifest?(e=await this.keyManifest.get())===null||e===void 0?void 0:e.keys:this.cache.allKeys?this.cache.allKeys():void 0}getIdTokenCacheKey(e){return new xe({clientId:e},un,xn).toKey()}matchExistingCacheKey(e,t){return t.filter(n=>{var o;const i=xe.fromKey(n),s=new Set(i.scope&&i.scope.split(" ")),a=((o=e.scope)===null||o===void 0?void 0:o.split(" "))||[],c=i.scope&&a.reduce((l,h)=>l&&s.has(h),!0);return i.prefix===un&&i.clientId===e.clientId&&i.audience===e.audience&&c})[0]}async getEntryWithRefreshToken(e,t){var n;for(const o of t){const i=xe.fromKey(o);if(i.prefix===un&&i.clientId===e.clientId){const s=await this.cache.get(o);if(!((n=s==null?void 0:s.body)===null||n===void 0)&&n.refresh_token)return{refresh_token:s.body.refresh_token,audience:s.body.audience,scope:s.body.scope}}}}async getRefreshTokensByAudience(e,t){var n;const o=await this.getCacheKeys();if(!o)return[];const i=new Set;for(const s of o){const a=xe.fromKey(s);if(a.prefix===un&&a.clientId===t&&a.audience===e){const c=await this.cache.get(s);!((n=c==null?void 0:c.body)===null||n===void 0)&&n.refresh_token&&i.add(c.body.refresh_token)}}return Array.from(i)}async updateEntry(e,t){var n;const o=await this.getCacheKeys();if(o)for(const i of o){const s=await this.cache.get(i);((n=s==null?void 0:s.body)===null||n===void 0?void 0:n.refresh_token)===e&&(s.body.refresh_token=t,await this.cache.set(i,s))}}}class Sp{constructor(e,t,n){this.storage=e,this.clientId=t,this.cookieDomain=n,this.storageKey="".concat("a0.spajs.txs",".").concat(this.clientId)}create(e){this.storage.save(this.storageKey,e,{daysUntilExpire:1,cookieDomain:this.cookieDomain})}get(){return this.storage.get(this.storageKey)}remove(){this.storage.remove(this.storageKey,{cookieDomain:this.cookieDomain})}}const fr=r=>typeof r=="number",Ep=["iss","aud","exp","nbf","iat","jti","azp","nonce","auth_time","at_hash","c_hash","acr","amr","sub_jwk","cnf","sip_from_tag","sip_date","sip_callid","sip_cseq_num","sip_via_branch","orig","dest","mky","events","toe","txn","rph","sid","vot","vtm"],Ap=r=>{if(!r.id_token)throw new Error("ID token is required but missing");const e=(i=>{const s=i.split("."),a=Ke(s,3),c=a[0],l=a[1],h=a[2];if(s.length!==3||!c||!l||!h)throw new Error("ID token could not be decoded");const d=JSON.parse(Hc(l)),p={__raw:i},u={};return Object.keys(d).forEach(f=>{p[f]=d[f],Ep.includes(f)||(u[f]=d[f])}),{encoded:{header:c,payload:l,signature:h},header:JSON.parse(Hc(c)),claims:p,user:u}})(r.id_token);if(!e.claims.iss)throw new Error("Issuer (iss) claim must be a string present in the ID token");if(e.claims.iss!==r.iss)throw new Error('Issuer (iss) claim mismatch in the ID token; expected "'.concat(r.iss,'", found "').concat(e.claims.iss,'"'));if(!e.user.sub)throw new Error("Subject (sub) claim must be a string present in the ID token");if(e.header.alg!=="RS256")throw new Error('Signature algorithm of "'.concat(e.header.alg,'" is not supported. Expected the ID token to be signed with "RS256".'));if(!e.claims.aud||typeof e.claims.aud!="string"&&!Array.isArray(e.claims.aud))throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(r.aud))throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(r.aud,'" but was not one of "').concat(e.claims.aud.join(", "),'"'));if(e.claims.aud.length>1){if(!e.claims.azp)throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");if(e.claims.azp!==r.aud)throw new Error('Authorized Party (azp) claim mismatch in the ID token; expected "'.concat(r.aud,'", found "').concat(e.claims.azp,'"'))}}else if(e.claims.aud!==r.aud)throw new Error('Audience (aud) claim mismatch in the ID token; expected "'.concat(r.aud,'" but found "').concat(e.claims.aud,'"'));if(r.nonce){if(!e.claims.nonce)throw new Error("Nonce (nonce) claim must be a string present in the ID token");if(e.claims.nonce!==r.nonce)throw new Error('Nonce (nonce) claim mismatch in the ID token; expected "'.concat(r.nonce,'", found "').concat(e.claims.nonce,'"'))}if(r.max_age&&!fr(e.claims.auth_time))throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");if(e.claims.exp==null||!fr(e.claims.exp))throw new Error("Expiration Time (exp) claim must be a number present in the ID token");if(!fr(e.claims.iat))throw new Error("Issued At (iat) claim must be a number present in the ID token");const t=r.leeway||60,n=new Date(r.now||Date.now()),o=new Date(0);if(o.setUTCSeconds(e.claims.exp+t),n>o)throw new Error("Expiration Time (exp) claim error in the ID token; current time (".concat(n,") is after expiration time (").concat(o,")"));if(e.claims.nbf!=null&&fr(e.claims.nbf)){const i=new Date(0);if(i.setUTCSeconds(e.claims.nbf-t),n<i)throw new Error("Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (".concat(n,") is before ").concat(i))}if(e.claims.auth_time!=null&&fr(e.claims.auth_time)){const i=new Date(0);if(i.setUTCSeconds(parseInt(e.claims.auth_time)+r.max_age+t),n>i)throw new Error("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (".concat(n,") is after last auth at ").concat(i))}if(r.organization){const i=r.organization.trim();if(i.startsWith("org_")){const s=i;if(!e.claims.org_id)throw new Error("Organization ID (org_id) claim must be a string present in the ID token");if(s!==e.claims.org_id)throw new Error('Organization ID (org_id) claim mismatch in the ID token; expected "'.concat(s,'", found "').concat(e.claims.org_id,'"'))}else{const s=i.toLowerCase();if(!e.claims.org_name)throw new Error("Organization Name (org_name) claim must be a string present in the ID token");if(s!==e.claims.org_name)throw new Error('Organization Name (org_name) claim mismatch in the ID token; expected "'.concat(s,'", found "').concat(e.claims.org_name,'"'))}}return e};var jr=wn&&wn.__assign||function(){return jr=Object.assign||function(r){for(var e,t=1,n=arguments.length;t<n;t++)for(var o in e=arguments[t])Object.prototype.hasOwnProperty.call(e,o)&&(r[o]=e[o]);return r},jr.apply(this,arguments)};function gr(r,e){if(!e)return"";var t="; "+r;return e===!0?t:t+"="+e}function Rp(r,e,t){return encodeURIComponent(r).replace(/%(23|24|26|2B|5E|60|7C)/g,decodeURIComponent).replace(/\(/g,"%28").replace(/\)/g,"%29")+"="+encodeURIComponent(e).replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g,decodeURIComponent)+(function(n){if(typeof n.expires=="number"){var o=new Date;o.setMilliseconds(o.getMilliseconds()+864e5*n.expires),n.expires=o}return gr("Expires",n.expires?n.expires.toUTCString():"")+gr("Domain",n.domain)+gr("Path",n.path)+gr("Secure",n.secure)+gr("SameSite",n.sameSite)})(t)}function Pp(){return(function(r){for(var e={},t=r?r.split("; "):[],n=/(%[\dA-F]{2})+/gi,o=0;o<t.length;o++){var i=t[o].split("="),s=i.slice(1).join("=");s.charAt(0)==='"'&&(s=s.slice(1,-1));try{e[i[0].replace(n,decodeURIComponent)]=s.replace(n,decodeURIComponent)}catch{}}return e})(document.cookie)}var Op=function(r){return Pp()[r]};function Kl(r,e,t){document.cookie=Rp(r,e,jr({path:"/"},t))}var Fl=Kl,jl=function(r,e){Kl(r,"",jr(jr({},e),{expires:-1}))};const Mn={get(r){const e=Op(r);if(e!==void 0)return JSON.parse(e)},save(r,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0,sameSite:"none"}),t!=null&&t.daysUntilExpire&&(n.expires=t.daysUntilExpire),t!=null&&t.cookieDomain&&(n.domain=t.cookieDomain),Fl(r,JSON.stringify(e),n)},remove(r,e){let t={};e!=null&&e.cookieDomain&&(t.domain=e.cookieDomain),jl(r,t)}},Di="_legacy_",Np={get(r){return Mn.get(r)||Mn.get("".concat(Di).concat(r))},save(r,e,t){let n={};window.location.protocol==="https:"&&(n={secure:!0}),t!=null&&t.daysUntilExpire&&(n.expires=t.daysUntilExpire),t!=null&&t.cookieDomain&&(n.domain=t.cookieDomain),Fl("".concat(Di).concat(r),JSON.stringify(e),n),Mn.save(r,e,t)},remove(r,e){let t={};e!=null&&e.cookieDomain&&(t.domain=e.cookieDomain),jl(r,t),Mn.remove(r,e),Mn.remove("".concat(Di).concat(r),e)}},xp={get(r){if(typeof sessionStorage>"u")return;const e=sessionStorage.getItem(r);return e!=null?JSON.parse(e):void 0},save(r,e){sessionStorage.setItem(r,JSON.stringify(e))},remove(r){sessionStorage.removeItem(r)}};var Jt;(function(r){r.Code="code",r.ConnectCode="connect_code"})(Jt||(Jt={}));function Mp(r,e,t){var n=e===void 0?null:e,o=(function(c,l){var h=atob(c);if(l){for(var d=new Uint8Array(h.length),p=0,u=h.length;p<u;++p)d[p]=h.charCodeAt(p);return String.fromCharCode.apply(null,new Uint16Array(d.buffer))}return h})(r,t!==void 0&&t),i=o.indexOf(`
3
3
  `,10)+1,s=o.substring(i)+(n?"//# sourceMappingURL="+n:""),a=new Blob([s],{type:"application/javascript"});return URL.createObjectURL(a)}var zc,Wc,Jc,Li,Up=(zc="Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7ZnVuY3Rpb24gZShlLHQpeyhudWxsPT10fHx0PmUubGVuZ3RoKSYmKHQ9ZS5sZW5ndGgpO2Zvcih2YXIgcj0wLG89QXJyYXkodCk7cjx0O3IrKylvW3JdPWVbcl07cmV0dXJuIG99ZnVuY3Rpb24gdCh0LHIpe3JldHVybiBmdW5jdGlvbihlKXtpZihBcnJheS5pc0FycmF5KGUpKXJldHVybiBlfSh0KXx8ZnVuY3Rpb24oZSx0KXt2YXIgcj1udWxsPT1lP251bGw6InVuZGVmaW5lZCIhPXR5cGVvZiBTeW1ib2wmJmVbU3ltYm9sLml0ZXJhdG9yXXx8ZVsiQEBpdGVyYXRvciJdO2lmKG51bGwhPXIpe3ZhciBvLG4scyxpLGE9W10sYz0hMCxsPSExO3RyeXtpZihzPShyPXIuY2FsbChlKSkubmV4dCwwPT09dCl7aWYoT2JqZWN0KHIpIT09cilyZXR1cm47Yz0hMX1lbHNlIGZvcig7IShjPShvPXMuY2FsbChyKSkuZG9uZSkmJihhLnB1c2goby52YWx1ZSksYS5sZW5ndGghPT10KTtjPSEwKTt9Y2F0Y2goZSl7bD0hMCxuPWV9ZmluYWxseXt0cnl7aWYoIWMmJm51bGwhPXIucmV0dXJuJiYoaT1yLnJldHVybigpLE9iamVjdChpKSE9PWkpKXJldHVybn1maW5hbGx5e2lmKGwpdGhyb3cgbn19cmV0dXJuIGF9fSh0LHIpfHxmdW5jdGlvbih0LHIpe2lmKHQpe2lmKCJzdHJpbmciPT10eXBlb2YgdClyZXR1cm4gZSh0LHIpO3ZhciBvPXt9LnRvU3RyaW5nLmNhbGwodCkuc2xpY2UoOCwtMSk7cmV0dXJuIk9iamVjdCI9PT1vJiZ0LmNvbnN0cnVjdG9yJiYobz10LmNvbnN0cnVjdG9yLm5hbWUpLCJNYXAiPT09b3x8IlNldCI9PT1vP0FycmF5LmZyb20odCk6IkFyZ3VtZW50cyI9PT1vfHwvXig/OlVpfEkpbnQoPzo4fDE2fDMyKSg/OkNsYW1wZWQpP0FycmF5JC8udGVzdChvKT9lKHQscik6dm9pZCAwfX0odCxyKXx8ZnVuY3Rpb24oKXt0aHJvdyBuZXcgVHlwZUVycm9yKCJJbnZhbGlkIGF0dGVtcHQgdG8gZGVzdHJ1Y3R1cmUgbm9uLWl0ZXJhYmxlIGluc3RhbmNlLlxuSW4gb3JkZXIgdG8gYmUgaXRlcmFibGUsIG5vbi1hcnJheSBvYmplY3RzIG11c3QgaGF2ZSBhIFtTeW1ib2wuaXRlcmF0b3JdKCkgbWV0aG9kLiIpfSgpfWNsYXNzIHIgZXh0ZW5kcyBFcnJvcntjb25zdHJ1Y3RvcihlLHQpe3N1cGVyKHQpLHRoaXMuZXJyb3I9ZSx0aGlzLmVycm9yX2Rlc2NyaXB0aW9uPXQsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsci5wcm90b3R5cGUpfXN0YXRpYyBmcm9tUGF5bG9hZChlKXtsZXQgdD1lLmVycm9yLG89ZS5lcnJvcl9kZXNjcmlwdGlvbjtyZXR1cm4gbmV3IHIodCxvKX19Y2xhc3MgbyBleHRlbmRzIHJ7Y29uc3RydWN0b3IoZSx0KXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIiwiTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyIuY29uY2F0KG4oZSxbImRlZmF1bHQiXSksIicsIHNjb3BlOiAnIikuY29uY2F0KG4odCksIicpIikpLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXQsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsby5wcm90b3R5cGUpfX1mdW5jdGlvbiBuKGUpe3JldHVybiBlJiYhKGFyZ3VtZW50cy5sZW5ndGg+MSYmdm9pZCAwIT09YXJndW1lbnRzWzFdP2FyZ3VtZW50c1sxXTpbXSkuaW5jbHVkZXMoZSk/ZToiIn0iZnVuY3Rpb24iPT10eXBlb2YgU3VwcHJlc3NlZEVycm9yJiZTdXBwcmVzc2VkRXJyb3I7Y29uc3Qgcz1lPT57dmFyIHQ9ZS5jbGllbnRJZCxyPWZ1bmN0aW9uKGUsdCl7dmFyIHI9e307Zm9yKHZhciBvIGluIGUpT2JqZWN0LnByb3RvdHlwZS5oYXNPd25Qcm9wZXJ0eS5jYWxsKGUsbykmJnQuaW5kZXhPZihvKTwwJiYocltvXT1lW29dKTtpZihudWxsIT1lJiYiZnVuY3Rpb24iPT10eXBlb2YgT2JqZWN0LmdldE93blByb3BlcnR5U3ltYm9scyl7dmFyIG49MDtmb3Iobz1PYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKGUpO248by5sZW5ndGg7bisrKXQuaW5kZXhPZihvW25dKTwwJiZPYmplY3QucHJvdG90eXBlLnByb3BlcnR5SXNFbnVtZXJhYmxlLmNhbGwoZSxvW25dKSYmKHJbb1tuXV09ZVtvW25dXSl9cmV0dXJuIHJ9KGUsWyJjbGllbnRJZCJdKTtyZXR1cm4gbmV3IFVSTFNlYXJjaFBhcmFtcygoZT0+T2JqZWN0LmtleXMoZSkuZmlsdGVyKHQ9PnZvaWQgMCE9PWVbdF0pLnJlZHVjZSgodCxyKT0+T2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LHQpLHtbcl06ZVtyXX0pLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IGk9e30sYT1udWxsO2NvbnN0IGM9KGUsdCk9PiIiLmNvbmNhdChlLCJ8IikuY29uY2F0KHQpLGw9KGUsdCk9PnQuc3RhcnRzV2l0aCgiIi5jb25jYXQoZSwifCIpKSx1PWU9PntPYmplY3QuZW50cmllcyhpKS5mb3JFYWNoKHI9PntsZXQgbz10KHIsMiksbj1vWzBdO29bMV09PT1lJiZkZWxldGUgaVtuXX0pfSxmPWU9Pntjb25zdCB0PW5ldyBVUkxTZWFyY2hQYXJhbXMoZSkscj17fTtyZXR1cm4gdC5mb3JFYWNoKChlLHQpPT57clt0XT1lfSkscn0sZD1hc3luYyBlPT57bGV0IHIsbixhPWUuZGF0YSx1PWEudGltZW91dCxkPWEuYXV0aCxoPWEuZmV0Y2hVcmwscD1hLmZldGNoT3B0aW9ucyx5PWEudXNlRm9ybURhdGEsZz1hLnVzZU1ycnQsYj1hLnNraXBUb2tlblN0b3JhZ2UsTz10KGUucG9ydHMsMSlbMF0saz17fTtjb25zdCBtPWR8fHt9LGo9bS5hdWRpZW5jZSx2PW0uc2NvcGU7dHJ5e2NvbnN0IGU9eT9mKHAuYm9keSk6SlNPTi5wYXJzZShwLmJvZHkpO2lmKCFlLnJlZnJlc2hfdG9rZW4mJiJyZWZyZXNoX3Rva2VuIj09PWUuZ3JhbnRfdHlwZSl7aWYobj0oKGUsdCk9PmlbYyhlLHQpXSkoaix2KSwhbiYmZyl7Y29uc3QgZT1pLmxhdGVzdF9yZWZyZXNoX3Rva2VuLHQ9KChlLHQpPT4hIU9iamVjdC5rZXlzKGkpLmZpbmQocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBvPWwodCxyKSxuPXIuc3BsaXQoInwiKVsxXS5zcGxpdCgiICIpLHM9ZS5zcGxpdCgiICIpLmV2ZXJ5KGU9Pm4uaW5jbHVkZXMoZSkpO3JldHVybiBvJiZzfX0pKSh2LGopO2UmJiF0JiYobj1lKX1pZighbil0aHJvdyBuZXcgbyhqLHYpO3AuYm9keT15P3MoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LGUpLHtyZWZyZXNoX3Rva2VuOm59KSk6SlNPTi5zdHJpbmdpZnkoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LGUpLHtyZWZyZXNoX3Rva2VuOm59KSl9bGV0IGEsZDsiZnVuY3Rpb24iPT10eXBlb2YgQWJvcnRDb250cm9sbGVyJiYoYT1uZXcgQWJvcnRDb250cm9sbGVyLHAuc2lnbmFsPWEuc2lnbmFsKTt0cnl7ZD1hd2FpdCBQcm9taXNlLnJhY2UoWyhNPXUsbmV3IFByb21pc2UoZT0+c2V0VGltZW91dChlLE0pKSksZmV0Y2goaCxPYmplY3QuYXNzaWduKHt9LHApKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIE8ucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFkKXJldHVybiBhJiZhLmFib3J0KCksdm9pZCBPLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2lmKFM9ZC5oZWFkZXJzLGs9Wy4uLlNdLnJlZHVjZSgoZSxyKT0+e2xldCBvPXQociwyKSxuPW9bMF0scz1vWzFdO3JldHVybiBlW25dPXMsZX0se30pLHI9YXdhaXQgZC5qc29uKCksYilyZXR1cm4gZGVsZXRlIHIucmVmcmVzaF90b2tlbix2b2lkIE8ucG9zdE1lc3NhZ2Uoe29rOmQub2ssanNvbjpyLGhlYWRlcnM6a30pO3IucmVmcmVzaF90b2tlbj8oZyYmKGkubGF0ZXN0X3JlZnJlc2hfdG9rZW49ci5yZWZyZXNoX3Rva2VuLF89bix3PXIucmVmcmVzaF90b2tlbixPYmplY3QuZW50cmllcyhpKS5mb3JFYWNoKGU9PntsZXQgcj10KGUsMiksbz1yWzBdO3JbMV09PT1fJiYoaVtvXT13KX0pKSwoKGUsdCxyKT0+e2lbYyh0LHIpXT1lfSkoci5yZWZyZXNoX3Rva2VuLGosdiksZGVsZXRlIHIucmVmcmVzaF90b2tlbik6KChlLHQpPT57ZGVsZXRlIGlbYyhlLHQpXX0pKGosdiksTy5wb3N0TWVzc2FnZSh7b2s6ZC5vayxqc29uOnIsaGVhZGVyczprfSl9Y2F0Y2goZSl7Ty5wb3N0TWVzc2FnZSh7b2s6ITEsanNvbjp7ZXJyb3I6ZS5lcnJvcixlcnJvcl9kZXNjcmlwdGlvbjplLm1lc3NhZ2V9LGhlYWRlcnM6a30pfXZhciBfLHcsUyxNfSxoPWFzeW5jIGU9PntsZXQgcj1lLmRhdGEsbz1yLnRpbWVvdXQsbj1yLmF1dGgsYT1yLmZldGNoVXJsLGM9ci5mZXRjaE9wdGlvbnMsZD1yLnVzZUZvcm1EYXRhLGg9dChlLnBvcnRzLDEpWzBdO2NvbnN0IHA9KG58fHt9KS5hdWRpZW5jZTt0cnl7Y29uc3QgZT0oZT0+e2NvbnN0IHI9bmV3IFNldDtyZXR1cm4gT2JqZWN0LmVudHJpZXMoaSkuZm9yRWFjaChvPT57bGV0IG49dChvLDIpLHM9blswXSxpPW5bMV07bChlLHMpJiZyLmFkZChpKX0pLEFycmF5LmZyb20ocil9KShwKTtpZigwPT09ZS5sZW5ndGgpcmV0dXJuIHZvaWQgaC5wb3N0TWVzc2FnZSh7b2s6ITB9KTtjb25zdCByPWQ/ZihjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtmb3IoY29uc3QgdCBvZiBlKXtjb25zdCBlPWQ/cyhPYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30scikse3Rva2VuOnR9KSk6SlNPTi5zdHJpbmdpZnkoT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LHIpLHt0b2tlbjp0fSkpO2xldCBuLGksbCxmOyJmdW5jdGlvbiI9PXR5cGVvZiBBYm9ydENvbnRyb2xsZXImJihuPW5ldyBBYm9ydENvbnRyb2xsZXIsaT1uLnNpZ25hbCk7dHJ5e2Y9YXdhaXQgUHJvbWlzZS5yYWNlKFtuZXcgUHJvbWlzZShlPT57bD1zZXRUaW1lb3V0KGUsbyl9KSxmZXRjaChhLE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxjKSx7Ym9keTplLHNpZ25hbDppfSkpXSkuZmluYWxseSgoKT0+Y2xlYXJUaW1lb3V0KGwpKX1jYXRjaChlKXtyZXR1cm4gdm9pZCBoLnBvc3RNZXNzYWdlKHtlcnJvcjplLm1lc3NhZ2V9KX1pZighZilyZXR1cm4gbiYmbi5hYm9ydCgpLHZvaWQgaC5wb3N0TWVzc2FnZSh7ZXJyb3I6IlRpbWVvdXQgd2hlbiBleGVjdXRpbmcgJ2ZldGNoJyJ9KTtpZighZi5vayl7bGV0IGU7dHJ5e2NvbnN0IHQ9SlNPTi5wYXJzZShhd2FpdCBmLnRleHQoKSk7ZT10LmVycm9yX2Rlc2NyaXB0aW9ufWNhdGNoKGUpe31yZXR1cm4gdm9pZCBoLnBvc3RNZXNzYWdlKHtlcnJvcjplfHwiSFRUUCBlcnJvciAiLmNvbmNhdChmLnN0YXR1cyl9KX11KHQpfWgucG9zdE1lc3NhZ2Uoe29rOiEwfSl9Y2F0Y2goZSl7aC5wb3N0TWVzc2FnZSh7ZXJyb3I6ZS5tZXNzYWdlfHwiVW5rbm93biBlcnJvciBkdXJpbmcgdG9rZW4gcmV2b2NhdGlvbiJ9KX19LHA9KGUsdCk9PntpZighYSlyZXR1cm4hMTt0cnl7Y29uc3Qgcj1uZXcgVVJMKGEpLm9yaWdpbixvPW5ldyBVUkwoZS5mZXRjaFVybCk7cmV0dXJuIG8ub3JpZ2luPT09ciYmby5wYXRobmFtZT09PXR9Y2F0Y2goZSl7cmV0dXJuITF9fTthZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIixlPT57Y29uc3Qgcj1lLmRhdGEsbz10KGUucG9ydHMsMSlbMF07aWYoISgidHlwZSJpbiByKXx8ImluaXQiIT09ci50eXBlKXJldHVybiJ0eXBlImluIHImJiJjbGVhciI9PT1yLnR5cGU/KGk9e30sdm9pZChudWxsPT1vfHxvLnBvc3RNZXNzYWdlKHtvazohMH0pKSk6InR5cGUiaW4gciYmInJldm9rZSI9PT1yLnR5cGU/cChyLCIvb2F1dGgvcmV2b2tlIik/dm9pZCBoKGUpOnZvaWQobnVsbD09b3x8by5wb3N0TWVzc2FnZSh7b2s6ITEsanNvbjp7ZXJyb3I6ImludmFsaWRfZmV0Y2hfdXJsIixlcnJvcl9kZXNjcmlwdGlvbjoiVW5hdXRob3JpemVkIGZldGNoIFVSTCJ9LGhlYWRlcnM6e319KSk6dm9pZCgiZmV0Y2hVcmwiaW4gciYmcChyLCIvb2F1dGgvdG9rZW4iKT9kKGUpOm51bGw9PW98fG8ucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOiJpbnZhbGlkX2ZldGNoX3VybCIsZXJyb3JfZGVzY3JpcHRpb246IlVuYXV0aG9yaXplZCBmZXRjaCBVUkwifSxoZWFkZXJzOnt9fSkpO2lmKG51bGw9PT1hKXRyeXtuZXcgVVJMKHIuYWxsb3dlZEJhc2VVcmwpLGE9ci5hbGxvd2VkQmFzZVVybH1jYXRjaChlKXtyZXR1cm59fSl9KCk7Cgo=",Wc=null,Jc=!1,function(r){return Li=Li||Mp(zc,Wc,Jc),new Worker(Li,r)});const Hi={};class Dp{constructor(e,t){this.cache=e,this.clientId=t,this.manifestKey=this.createManifestKeyFrom(this.clientId)}async add(e){var t;const n=new Set(((t=await this.cache.get(this.manifestKey))===null||t===void 0?void 0:t.keys)||[]);n.add(e),await this.cache.set(this.manifestKey,{keys:[...n]})}async remove(e){const t=await this.cache.get(this.manifestKey);if(t){const n=new Set(t.keys);return n.delete(e),n.size>0?await this.cache.set(this.manifestKey,{keys:[...n]}):await this.cache.remove(this.manifestKey)}}get(){return this.cache.get(this.manifestKey)}clear(){return this.cache.remove(this.manifestKey)}createManifestKeyFrom(e){return"".concat(un,"::").concat(e)}}const Bc="auth0.is.authenticated",Lp={memory:()=>new Hl().enclosedCache,localstorage:()=>new _p},Gc=r=>Lp[r],Vc=r=>{const e=r.openUrl,t=r.onRedirect,n=Ne(r,["openUrl","onRedirect"]);return Object.assign(Object.assign({},n),{openUrl:e===!1||e?e:t})},Zc=(r,e)=>{const t=(e==null?void 0:e.split(" "))||[];return((r==null?void 0:r.split(" "))||[]).every(n=>t.includes(n))},nn={NONCE:"nonce",KEYPAIR:"keypair"};class Hp{constructor(e){this.clientId=e}getVersion(){return 1}createDbHandle(){const e=window.indexedDB.open("auth0-spa-js",this.getVersion());return new Promise((t,n)=>{e.onupgradeneeded=()=>Object.values(nn).forEach(o=>e.result.createObjectStore(o)),e.onerror=()=>n(e.error),e.onsuccess=()=>t(e.result)})}async getDbHandle(){return this.dbHandle||(this.dbHandle=await this.createDbHandle()),this.dbHandle}async executeDbRequest(e,t,n){const o=n((await this.getDbHandle()).transaction(e,t).objectStore(e));return new Promise((i,s)=>{o.onsuccess=()=>i(o.result),o.onerror=()=>s(o.error)})}buildKey(e){const t=e?"_".concat(e):"auth0";return"".concat(this.clientId,"::").concat(t)}setNonce(e,t){return this.save(nn.NONCE,this.buildKey(t),e)}setKeyPair(e){return this.save(nn.KEYPAIR,this.buildKey(),e)}async save(e,t,n){await this.executeDbRequest(e,"readwrite",o=>o.put(n,t))}findNonce(e){return this.find(nn.NONCE,this.buildKey(e))}findKeyPair(){return this.find(nn.KEYPAIR,this.buildKey())}find(e,t){return this.executeDbRequest(e,"readonly",n=>n.get(t))}async deleteBy(e,t){const n=await this.executeDbRequest(e,"readonly",o=>o.getAllKeys());await Promise.all((n==null?void 0:n.filter(t).map(o=>this.executeDbRequest(e,"readwrite",i=>i.delete(o))))||[])}deleteByClientId(e,t){return this.deleteBy(e,n=>typeof n=="string"&&n.startsWith("".concat(t,"::")))}clearNonces(){return this.deleteByClientId(nn.NONCE,this.clientId)}clearKeyPairs(){return this.deleteByClientId(nn.KEYPAIR,this.clientId)}}class Kp{constructor(e){this.storage=new Hp(e)}getNonce(e){return this.storage.findNonce(e)}setNonce(e,t){return this.storage.setNonce(e,t)}async getOrGenerateKeyPair(){let e=await this.storage.findKeyPair();return e||(e=await bp(),await this.storage.setKeyPair(e)),e}async generateProof(e){const t=await this.getOrGenerateKeyPair();return Tp(Object.assign({keyPair:t},e))}async calculateThumbprint(){return Cp(await this.getOrGenerateKeyPair())}async clear(){await Promise.all([this.storage.clearNonces(),this.storage.clearKeyPairs()])}}var Dn;(function(r){r.Bearer="Bearer",r.DPoP="DPoP"})(Dn||(Dn={}));class Fp{constructor(e,t){this.hooks=t,this.config=Object.assign(Object.assign({},e),{fetch:e.fetch||(typeof window>"u"?fetch:window.fetch.bind(window))})}isAbsoluteUrl(e){return/^(https?:)?\/\//i.test(e)}buildUrl(e,t){if(t){if(this.isAbsoluteUrl(t))return t;if(e)return"".concat(e.replace(/\/?\/$/,""),"/").concat(t.replace(/^\/+/,""))}throw new TypeError("`url` must be absolute or `baseUrl` non-empty.")}getAccessToken(e){return this.config.getAccessToken?this.config.getAccessToken(e):this.hooks.getAccessToken(e)}extractUrl(e){return typeof e=="string"?e:e instanceof URL?e.href:e.url}buildBaseRequest(e,t){if(!this.config.baseUrl)return new Request(e,t);const n=this.buildUrl(this.config.baseUrl,this.extractUrl(e)),o=e instanceof Request?new Request(n,e):n;return new Request(o,t)}setAuthorizationHeader(e,t){let n=arguments.length>2&&arguments[2]!==void 0?arguments[2]:Dn.Bearer;e.headers.set("authorization","".concat(n," ").concat(t))}async setDpopProofHeader(e,t){if(!this.config.dpopNonceId)return;const n=await this.hooks.getDpopNonce(),o=await this.hooks.generateDpopProof({accessToken:t,method:e.method,nonce:n,url:e.url});e.headers.set("dpop",o)}async prepareRequest(e,t){const n=await this.getAccessToken(t);let o,i;typeof n=="string"?(o=this.config.dpopNonceId?Dn.DPoP:Dn.Bearer,i=n):(o=n.token_type,i=n.access_token),this.setAuthorizationHeader(e,i,o),o===Dn.DPoP&&await this.setDpopProofHeader(e,i)}getHeader(e,t){return Array.isArray(e)?new Headers(e).get(t)||"":typeof e.get=="function"?e.get(t)||"":e[t]||""}hasUseDpopNonceError(e){if(e.status!==401)return!1;const t=this.getHeader(e.headers,"www-authenticate");return t.includes("invalid_dpop_nonce")||t.includes("use_dpop_nonce")}async handleResponse(e,t){const n=this.getHeader(e.headers,Ul);if(n&&await this.hooks.setDpopNonce(n),!this.hasUseDpopNonceError(e))return e;if(!n||!t.onUseDpopNonceError)throw new fi(n);return t.onUseDpopNonceError()}async internalFetchWithAuth(e,t,n,o){const i=this.buildBaseRequest(e,t);await this.prepareRequest(i,o);const s=await this.config.fetch(i);return this.handleResponse(s,n)}fetchWithAuth(e,t,n){const o={onUseDpopNonceError:()=>this.internalFetchWithAuth(e,t,Object.assign(Object.assign({},o),{onUseDpopNonceError:void 0}),n)};return this.internalFetchWithAuth(e,t,o,n)}}class jp{constructor(e,t){this.myAccountFetcher=e,this.apiBase=t}async connectAccount(e){const t=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/connected-accounts/connect"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)},{scope:["create:me:connected_accounts"]});return this._handleResponse(t)}async completeAccount(e){const t=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/connected-accounts/complete"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)},{scope:["create:me:connected_accounts"]});return this._handleResponse(t)}async getFactors(){const e=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/factors"),{method:"GET"},{scope:["read:me:factors"]});return(await this._handleResponse(e)).factors}async getAuthenticationMethods(e){const t=e?"?".concat(new URLSearchParams({type:e})):"",n=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/authentication-methods").concat(t),{method:"GET"},{scope:["read:me:authentication_methods"]});return(await this._handleResponse(n)).authentication_methods}async getAuthenticationMethod(e){const t=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/authentication-methods/").concat(encodeURIComponent(e)),{method:"GET"},{scope:["read:me:authentication_methods"]});return this._handleResponse(t)}async deleteAuthenticationMethod(e){const t=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/authentication-methods/").concat(encodeURIComponent(e)),{method:"DELETE"},{scope:["delete:me:authentication_methods"]});t.ok||await this._handleResponse(t)}async updateAuthenticationMethod(e,t){const n=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/authentication-methods/").concat(encodeURIComponent(e)),{method:"PATCH",headers:{"Content-Type":"application/json"},body:JSON.stringify(t)},{scope:["update:me:authentication_methods"]});return this._handleResponse(n)}async enrollmentChallenge(e){var t;const n=await this.myAccountFetcher.fetchWithAuth("".concat(this.apiBase,"v1/authentication-methods"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)},{scope:["create:me:authentication_methods"]}),o=await this._handleResponse(n),i=(t=n.headers.get("location"))!==null&&t!==void 0?t:"",s=decodeURIComponent(i.split("/").pop()||"");return Object.assign(Object.assign({},o),{id:s,location:i})}async enrollmentVerify(e){const t=e,n=t.location;t.type;const o=Ne(t,["location","type"]),i=await this.myAccountFetcher.fetchWithAuth("".concat(n,"/verify"),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(o)},{scope:["create:me:authentication_methods"]});return this._handleResponse(i)}async _handleResponse(e){let t;try{t=await e.text(),t=JSON.parse(t)}catch(n){throw new Fo({type:"invalid_json",status:e.status,title:"Invalid JSON response",detail:t||String(n)})}if(e.ok)return t;throw new Fo(t)}}class Fo extends Error{constructor(e){let t=e.type,n=e.status,o=e.title,i=e.detail,s=e.validation_errors;super(i),this.name="MyAccountApiError",this.type=t,this.status=n,this.title=o,this.detail=i,this.validation_errors=s,Object.setPrototypeOf(this,Fo.prototype)}}const zp={otp:{authenticatorTypes:["otp"]},sms:{authenticatorTypes:["oob"],oobChannels:["sms"]},email:{authenticatorTypes:["oob"],oobChannels:["email"]},push:{authenticatorTypes:["oob"],oobChannels:["auth0"]},voice:{authenticatorTypes:["oob"],oobChannels:["voice"]}},Wp="http://auth0.com/oauth/grant-type/mfa-otp",Jp="http://auth0.com/oauth/grant-type/mfa-oob",Bp="http://auth0.com/oauth/grant-type/mfa-recovery-code";var uo,Ki;let Cs;(typeof navigator>"u"||(uo=navigator.userAgent)===null||uo===void 0||(Ki=uo.startsWith)===null||Ki===void 0||!Ki.call(uo,"Mozilla/5.0 "))&&(Cs="".concat("oauth4webapi","/").concat("v3.8.6"));function rr(r,e){if(r==null)return!1;try{return r instanceof e||Object.getPrototypeOf(r)[Symbol.toStringTag]===e.prototype[Symbol.toStringTag]}catch{return!1}}const Te="ERR_INVALID_ARG_VALUE",Ue="ERR_INVALID_ARG_TYPE";function Y(r,e,t){const n=new TypeError(r,{cause:t});return Object.assign(n,{code:e}),n}const We=Symbol(),Ts=Symbol(),ks=Symbol(),at=Symbol(),Rt=Symbol(),Gp=new TextEncoder,Vp=new TextDecoder;function jn(r){return typeof r=="string"?Gp.encode(r):Vp.decode(r)}let _s,zl;Uint8Array.prototype.toBase64?_s=r=>(r instanceof ArrayBuffer&&(r=new Uint8Array(r)),r.toBase64({alphabet:"base64url",omitPadding:!0})):_s=e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));const t=[];for(let n=0;n<e.byteLength;n+=32768)t.push(String.fromCharCode.apply(null,e.subarray(n,n+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")};function fn(r){return typeof r=="string"?zl(r):_s(r)}zl=Uint8Array.fromBase64?r=>{try{return Uint8Array.fromBase64(r,{alphabet:"base64url"})}catch(e){throw Y("The input to be decoded is not correctly encoded.",Te,e)}}:r=>{try{const e=atob(r.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"")),t=new Uint8Array(e.length);for(let n=0;n<e.length;n++)t[n]=e.charCodeAt(n);return t}catch(e){throw Y("The input to be decoded is not correctly encoded.",Te,e)}};class He extends Error{constructor(e,t){var n;super(e,t),I(this,"code",void 0),this.name=this.constructor.name,this.code=Es,(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}class ha extends Error{constructor(e,t){var n;super(e,t),I(this,"code",void 0),this.name=this.constructor.name,t!=null&&t.code&&(this.code=t==null?void 0:t.code),(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}function N(r,e,t){return new ha(r,{code:e,cause:t})}function Zp(r,e){if((function(t,n){if(!(t instanceof CryptoKey))throw Y("".concat(n," must be a CryptoKey"),Ue)})(r,e),r.type!=="private")throw Y("".concat(e," must be a private CryptoKey"),Te)}function jo(r){return r!==null&&typeof r=="object"&&!Array.isArray(r)}function gi(r){rr(r,Headers)&&(r=Object.fromEntries(r.entries()));const e=new Headers(r??{});if(Cs&&!e.has("user-agent")&&e.set("user-agent",Cs),e.has("authorization"))throw Y('"options.headers" must not include the "authorization" header name',Te);return e}function Wl(r,e){if(e!==void 0){if(typeof e=="function"&&(e=e(r.href)),!(e instanceof AbortSignal))throw Y('"options.signal" must return or be an instance of AbortSignal',Ue);return e}}function $c(r){return r.includes("//")?r.replace("//","/"):r}async function $p(r,e){return(async function(t,n,o,i){if(!(t instanceof URL))throw Y('"'.concat(n,'" must be an instance of URL'),Ue);la(t,(i==null?void 0:i[We])!==!0);const s=o(new URL(t.href)),a=gi(i==null?void 0:i.headers);return a.set("accept","application/json"),((i==null?void 0:i[at])||fetch)(s.href,{body:void 0,headers:Object.fromEntries(a.entries()),method:"GET",redirect:"manual",signal:Wl(s,i==null?void 0:i.signal)})})(r,"issuerIdentifier",t=>{switch(e==null?void 0:e.algorithm){case void 0:case"oidc":(function(n,o){n.pathname=$c("".concat(n.pathname,"/").concat(o))})(t,".well-known/openid-configuration");break;case"oauth2":(function(n,o){let i=arguments.length>2&&arguments[2]!==void 0&&arguments[2];n.pathname==="/"?n.pathname=o:n.pathname=$c("".concat(o,"/").concat(i?n.pathname:n.pathname.replace(/(\/)$/,"")))})(t,".well-known/oauth-authorization-server");break;default:throw Y('"options.algorithm" must be "oidc" (default), or "oauth2"',Te)}return t},e)}function $t(r,e,t,n,o){try{if(typeof r!="number"||!Number.isFinite(r))throw Y("".concat(t," must be a number"),Ue,o);if(r>0)return;if(e){if(r!==0)throw Y("".concat(t," must be a non-negative number"),Te,o);return}throw Y("".concat(t," must be a positive number"),Te,o)}catch(i){throw n?N(i.message,n,o):i}}function ae(r,e,t,n){try{if(typeof r!="string")throw Y("".concat(e," must be a string"),Ue,n);if(r.length===0)throw Y("".concat(e," must not be empty"),Te,n)}catch(o){throw t?N(o.message,t,n):o}}function Jl(r){(function(e,t){if(Zl(e)!==t)throw(function(n){let o='"response" content-type must be ';for(var i=arguments.length,s=new Array(i>1?i-1:0),a=1;a<i;a++)s[a-1]=arguments[a];if(s.length>2){const c=s.pop();o+="".concat(s.join(", "),", or ").concat(c)}else s.length===2?o+="".concat(s[0]," or ").concat(s[1]):o+=s[0];return N(o,Xl,n)})(e,t)})(r,"application/json")}function Bl(){return fn(crypto.getRandomValues(new Uint8Array(32)))}function Xp(r){switch(r.algorithm.name){case"RSA-PSS":return(function(e){switch(e.algorithm.hash.name){case"SHA-256":return"PS256";case"SHA-384":return"PS384";case"SHA-512":return"PS512";default:throw new He("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}})(r);case"RSASSA-PKCS1-v1_5":return(function(e){switch(e.algorithm.hash.name){case"SHA-256":return"RS256";case"SHA-384":return"RS384";case"SHA-512":return"RS512";default:throw new He("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}})(r);case"ECDSA":return(function(e){switch(e.algorithm.namedCurve){case"P-256":return"ES256";case"P-384":return"ES384";case"P-521":return"ES512";default:throw new He("unsupported EcKeyAlgorithm namedCurve",{cause:e})}})(r);case"Ed25519":case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return r.algorithm.name;case"EdDSA":return"Ed25519";default:throw new He("unsupported CryptoKey algorithm name",{cause:r})}}function zo(r){const e=r==null?void 0:r[Ts];return typeof e=="number"&&Number.isFinite(e)?e:0}function Is(r){const e=r==null?void 0:r[ks];return typeof e=="number"&&Number.isFinite(e)&&Math.sign(e)!==-1?e:30}function Wo(){return Math.floor(Date.now()/1e3)}function nt(r){if(typeof r!="object"||r===null)throw Y('"as" must be an object',Ue);ae(r.issuer,'"as.issuer"')}function rt(r){if(typeof r!="object"||r===null)throw Y('"client" must be an object',Ue);ae(r.client_id,'"client.client_id"')}function Xc(r){return ae(r,'"clientSecret"'),(e,t,n,o)=>{n.set("client_id",t.client_id),n.set("client_secret",r)}}function Yp(r,e){const t=(i=r)instanceof CryptoKey?{key:i}:(i==null?void 0:i.key)instanceof CryptoKey?(i.kid!==void 0&&ae(i.kid,'"kid"'),{key:i.key,kid:i.kid}):{},n=t.key,o=t.kid;var i;return Zp(n,'"clientPrivateKey.key"'),async(s,a,c,l)=>{const h={alg:Xp(n),kid:o},d=(function(p,u){const f=Wo()+zo(u);return{jti:Bl(),aud:p.issuer,exp:f+60,iat:f,nbf:f,iss:u.client_id,sub:u.client_id}})(s,a);c.set("client_id",a.client_id),c.set("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),c.set("client_assertion",await(async function(p,u,f){if(!f.usages.includes("sign"))throw Y('CryptoKey instances used for signing assertions must include "sign" in their "usages"',Te);const g="".concat(fn(jn(JSON.stringify(p))),".").concat(fn(jn(JSON.stringify(u)))),y=fn(await crypto.subtle.sign((function(m){switch(m.algorithm.name){case"ECDSA":return{name:m.algorithm.name,hash:yf(m)};case"RSA-PSS":switch(qc(m),m.algorithm.hash.name){case"SHA-256":case"SHA-384":case"SHA-512":return{name:m.algorithm.name,saltLength:parseInt(m.algorithm.hash.name.slice(-3),10)>>3};default:throw new He("unsupported RSA-PSS hash name",{cause:m})}case"RSASSA-PKCS1-v1_5":return qc(m),m.algorithm.name;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":case"Ed25519":return m.algorithm.name}throw new He("unsupported CryptoKey algorithm name",{cause:m})})(f),f,jn(g)));return"".concat(g,".").concat(y)})(h,d,n))}}const Qp=URL.parse?(r,e)=>URL.parse(r,e):(r,e)=>{try{return new URL(r,e)}catch{return null}};function la(r,e){if(e&&r.protocol!=="https:")throw N("only requests to HTTPS are allowed",Yl,r);if(r.protocol!=="https:"&&r.protocol!=="http:")throw N("only HTTP and HTTPS requests are allowed",Ql,r)}function Yc(r,e,t,n){let o;if(typeof r!="string"||!(o=Qp(r)))throw N("authorization server metadata does not contain a valid ".concat(t?'"as.mtls_endpoint_aliases.'.concat(e,'"'):'"as.'.concat(e,'"')),r===void 0?gf:mf,{attribute:t?"mtls_endpoint_aliases.".concat(e):e});return la(o,n),o}function Xr(r,e,t,n){return t&&r.mtls_endpoint_aliases&&e in r.mtls_endpoint_aliases?Yc(r.mtls_endpoint_aliases[e],e,t,n):Yc(r[e],e,t,n)}class mi extends Error{constructor(e,t){var n;super(e,t),I(this,"cause",void 0),I(this,"code",void 0),I(this,"error",void 0),I(this,"status",void 0),I(this,"error_description",void 0),I(this,"response",void 0),this.name=this.constructor.name,this.code=pf,this.cause=t.cause,this.error=t.cause.error,this.status=t.response.status,this.error_description=t.cause.error_description,Object.defineProperty(this,"response",{enumerable:!1,value:t.response}),(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}class Gl extends Error{constructor(e,t){var n,o;super(e,t),I(this,"cause",void 0),I(this,"code",void 0),I(this,"error",void 0),I(this,"error_description",void 0),this.name=this.constructor.name,this.code=ff,this.cause=t.cause,this.error=t.cause.get("error"),this.error_description=(n=t.cause.get("error_description"))!==null&&n!==void 0?n:void 0,(o=Error.captureStackTrace)===null||o===void 0||o.call(Error,this,this.constructor)}}class da extends Error{constructor(e,t){var n;super(e,t),I(this,"cause",void 0),I(this,"code",void 0),I(this,"response",void 0),I(this,"status",void 0),this.name=this.constructor.name,this.code=uf,this.cause=t.cause,this.status=t.response.status,this.response=t.response,Object.defineProperty(this,"response",{enumerable:!1}),(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}const Jo="[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+",qp="("+Jo+')\\s*=\\s*"((?:[^"\\\\]|\\\\[\\s\\S])*)"',ef="("+Jo+")\\s*=\\s*("+Jo+")",tf=new RegExp("^[,\\s]*("+Jo+")"),nf=new RegExp("^[,\\s]*"+qp+"[,\\s]*(.*)"),rf=new RegExp("^[,\\s]*"+ef+"[,\\s]*(.*)"),of=new RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");async function ua(r,e,t){if(r.status!==e){let o;var n;throw(function(i){let s;if(s=(function(a){if(!rr(a,Response))throw Y('"response" must be an instance of Response',Ue);const c=a.headers.get("www-authenticate");if(c===null)return;const l=[];let h=c;for(;h;){var d;let g=h.match(tf);const y=(d=g)===null||d===void 0?void 0:d[1].toLowerCase();if(!y)return;const m=h.substring(g[0].length);if(m&&!m.match(/^[\s,]/))return;const b=m.match(/^\s+(.*)$/),C=!!b;h=b?b[1]:void 0;const k={};let _;if(C)for(;h;){let S,x;if(g=h.match(nf)){var p=Ke(g,4);if(S=p[1],x=p[2],h=p[3],x.includes("\\"))try{x=JSON.parse('"'.concat(x,'"'))}catch{}k[S.toLowerCase()]=x}else{if(!(g=h.match(rf))){if(g=h.match(of)){if(Object.keys(k).length)break;var u=Ke(g,3);_=u[1],h=u[2];break}return}var f=Ke(g,4);S=f[1],x=f[2],h=f[3],k[S.toLowerCase()]=x}}else h=m||void 0;const O={scheme:y,parameters:k};_&&(O.token68=_),l.push(O)}return l.length?l:void 0})(i))throw new da("server responded with a challenge in the WWW-Authenticate HTTP Header",{cause:s,response:i})})(r),(o=await(async function(i){if(i.status>399&&i.status<500){Qr(i),Jl(i);try{const s=await i.clone().json();if(jo(s)&&typeof s.error=="string"&&s.error.length)return s}catch{}}})(r))?(await((n=r.body)===null||n===void 0?void 0:n.cancel()),new mi("server responded with an error in the response body",{cause:o,response:r})):N('"response" is not a conform '.concat(t," response (unexpected HTTP status code)"),ga,r)}}function Vl(r){if(!fa.has(r))throw Y('"options.DPoP" is not a valid DPoPHandle',Te)}function Zl(r){var e;return(e=r.headers.get("content-type"))===null||e===void 0?void 0:e.split(";")[0]}async function pa(r,e,t,n,o,i,s){return await t(r,e,o,i),i.set("content-type","application/x-www-form-urlencoded;charset=UTF-8"),((s==null?void 0:s[at])||fetch)(n.href,{body:o,headers:Object.fromEntries(i.entries()),method:"POST",redirect:"manual",signal:Wl(n,s==null?void 0:s.signal)})}async function Yr(r,e,t,n,o,i){var s;const a=Xr(r,"token_endpoint",e.use_mtls_endpoint_aliases,(i==null?void 0:i[We])!==!0);o.set("grant_type",n);const c=gi(i==null?void 0:i.headers);c.set("accept","application/json"),(i==null?void 0:i.DPoP)!==void 0&&(Vl(i.DPoP),await i.DPoP.addProof(a,c,"POST"));const l=await pa(r,e,t,a,o,c,i);return i==null||(s=i.DPoP)===null||s===void 0||s.cacheNonce(l,a),l}const $l=new WeakMap,sf=new WeakMap;function Ss(r){if(!r.id_token)return;const e=$l.get(r);if(!e)throw Y('"ref" was already garbage collected or did not resolve from the proper sources',Te);return e}async function Xn(r,e,t,n,o,i){if(nt(r),rt(e),!rr(t,Response))throw Y('"response" must be an instance of Response',Ue);await ua(t,200,"Token Endpoint"),Qr(t);const s=await yi(t);if(ae(s.access_token,'"response" body "access_token" property',K,{body:s}),ae(s.token_type,'"response" body "token_type" property',K,{body:s}),s.token_type=s.token_type.toLowerCase(),s.expires_in!==void 0){let a=typeof s.expires_in!="number"?parseFloat(s.expires_in):s.expires_in;$t(a,!0,'"response" body "expires_in" property',K,{body:s}),s.expires_in=a}if(s.refresh_token!==void 0&&ae(s.refresh_token,'"response" body "refresh_token" property',K,{body:s}),s.scope!==void 0&&typeof s.scope!="string")throw N('"response" body "scope" property must be a string',K,{body:s});if(s.id_token!==void 0){ae(s.id_token,'"response" body "id_token" property',K,{body:s});const a=["aud","exp","iat","iss","sub"];e.require_auth_time===!0&&a.push("auth_time"),e.default_max_age!==void 0&&($t(e.default_max_age,!0,'"client.default_max_age"'),a.push("auth_time")),n!=null&&n.length&&a.push(...n);const c=await(async function(d,p,u,f,g){let y,m,b=d.split("."),C=b[0],k=b[1],_=b.length;if(_===5){if(g===void 0)throw new He("JWE decryption is not configured",{cause:d});var O=(d=await g(d)).split(".");C=O[0],k=O[1],_=O.length}if(_!==3)throw N("Invalid JWT",K,d);try{y=JSON.parse(jn(fn(C)))}catch(x){throw N("failed to parse JWT Header body as base64url encoded JSON",Bo,x)}if(!jo(y))throw N("JWT Header must be a top level object",K,d);if(p(y),y.crit!==void 0)throw new He('no JWT "crit" header parameter extensions are supported',{cause:{header:y}});try{m=JSON.parse(jn(fn(k)))}catch(x){throw N("failed to parse JWT Payload body as base64url encoded JSON",Bo,x)}if(!jo(m))throw N("JWT Payload must be a top level object",K,d);const S=Wo()+u;if(m.exp!==void 0){if(typeof m.exp!="number")throw N('unexpected JWT "exp" (expiration time) claim type',K,{claims:m});if(m.exp<=S-f)throw N('unexpected JWT "exp" (expiration time) claim value, expiration is past current timestamp',zr,{claims:m,now:S,tolerance:f,claim:"exp"})}if(m.iat!==void 0&&typeof m.iat!="number")throw N('unexpected JWT "iat" (issued at) claim type',K,{claims:m});if(m.iss!==void 0&&typeof m.iss!="string")throw N('unexpected JWT "iss" (issuer) claim type',K,{claims:m});if(m.nbf!==void 0){if(typeof m.nbf!="number")throw N('unexpected JWT "nbf" (not before) claim type',K,{claims:m});if(m.nbf>S+f)throw N('unexpected JWT "nbf" (not before) claim value',zr,{claims:m,now:S,tolerance:f,claim:"nbf"})}if(m.aud!==void 0&&typeof m.aud!="string"&&!Array.isArray(m.aud))throw N('unexpected JWT "aud" (audience) claim type',K,{claims:m});return{header:y,claims:m,jwt:d}})(s.id_token,vf.bind(void 0,e.id_token_signed_response_alg,r.id_token_signing_alg_values_supported,"RS256"),zo(e),Is(e),o).then(lf.bind(void 0,a)).then(cf.bind(void 0,r)).then(af.bind(void 0,e.client_id)),l=c.claims,h=c.jwt;if(Array.isArray(l.aud)&&l.aud.length!==1){if(l.azp===void 0)throw N('ID Token "aud" (audience) claim includes additional untrusted audiences',It,{claims:l,claim:"aud"});if(l.azp!==e.client_id)throw N('unexpected ID Token "azp" (authorized party) claim value',It,{expected:e.client_id,claims:l,claim:"azp"})}l.auth_time!==void 0&&$t(l.auth_time,!0,'ID Token "auth_time" (authentication time)',K,{claims:l}),sf.set(t,h),$l.set(s,l)}if((i==null?void 0:i[s.token_type])!==void 0)i[s.token_type](t,s);else if(s.token_type!=="dpop"&&s.token_type!=="bearer")throw new He("unsupported `token_type` value",{cause:{body:s}});return s}function af(r,e){if(Array.isArray(e.claims.aud)){if(!e.claims.aud.includes(r))throw N('unexpected JWT "aud" (audience) claim value',It,{expected:r,claims:e.claims,claim:"aud"})}else if(e.claims.aud!==r)throw N('unexpected JWT "aud" (audience) claim value',It,{expected:r,claims:e.claims,claim:"aud"});return e}function cf(r,e){var t,n;const o=(t=(n=r[ql])===null||n===void 0?void 0:n.call(r,e))!==null&&t!==void 0?t:r.issuer;if(e.claims.iss!==o)throw N('unexpected JWT "iss" (issuer) claim value',It,{expected:o,claims:e.claims,claim:"iss"});return e}const fa=new WeakSet,Qc=Symbol(),hf={aud:"audience",c_hash:"code hash",client_id:"client id",exp:"expiration time",iat:"issued at",iss:"issuer",jti:"jwt id",nonce:"nonce",s_hash:"state hash",sub:"subject",ath:"access token hash",htm:"http method",htu:"http uri",cnf:"confirmation",auth_time:"authentication time"};function lf(r,e){for(const t of r)if(e.claims[t]===void 0)throw N('JWT "'.concat(t,'" (').concat(hf[t],") claim missing"),K,{claims:e.claims});return e}const Fi=Symbol(),ji=Symbol();async function df(r,e,t,n){return typeof(n==null?void 0:n.expectedNonce)=="string"||typeof(n==null?void 0:n.maxAge)=="number"||n!=null&&n.requireIdToken?(async function(o,i,s,a,c,l,h){const d=[];switch(a){case void 0:a=Fi;break;case Fi:break;default:ae(a,'"expectedNonce" argument'),d.push("nonce")}switch(c!=null||(c=i.default_max_age),c){case void 0:c=ji;break;case ji:break;default:$t(c,!0,'"maxAge" argument'),d.push("auth_time")}const p=await Xn(o,i,s,d,l,h);ae(p.id_token,'"response" body "id_token" property',K,{body:p});const u=Ss(p);if(c!==ji){const f=Wo()+zo(i),g=Is(i);if(u.auth_time+c<f-g)throw N("too much time has elapsed since the last End-User authentication",zr,{claims:u,now:f,tolerance:g,claim:"auth_time"})}if(a===Fi){if(u.nonce!==void 0)throw N('unexpected ID Token "nonce" claim value',It,{expected:void 0,claims:u,claim:"nonce"})}else if(u.nonce!==a)throw N('unexpected ID Token "nonce" claim value',It,{expected:a,claims:u,claim:"nonce"});return p})(r,e,t,n.expectedNonce,n.maxAge,n[Rt],n.recognizedTokenTypes):(async function(o,i,s,a,c){const l=await Xn(o,i,s,void 0,a,c),h=Ss(l);if(h){if(i.default_max_age!==void 0){$t(i.default_max_age,!0,'"client.default_max_age"');const d=Wo()+zo(i),p=Is(i);if(h.auth_time+i.default_max_age<d-p)throw N("too much time has elapsed since the last End-User authentication",zr,{claims:h,now:d,tolerance:p,claim:"auth_time"})}if(h.nonce!==void 0)throw N('unexpected ID Token "nonce" claim value',It,{expected:void 0,claims:h,claim:"nonce"})}return l})(r,e,t,n==null?void 0:n[Rt],n==null?void 0:n.recognizedTokenTypes)}const uf="OAUTH_WWW_AUTHENTICATE_CHALLENGE",pf="OAUTH_RESPONSE_BODY_ERROR",Es="OAUTH_UNSUPPORTED_OPERATION",ff="OAUTH_AUTHORIZATION_RESPONSE_ERROR",Bo="OAUTH_PARSE_ERROR",K="OAUTH_INVALID_RESPONSE",Xl="OAUTH_RESPONSE_IS_NOT_JSON",ga="OAUTH_RESPONSE_IS_NOT_CONFORM",Yl="OAUTH_HTTP_REQUEST_FORBIDDEN",Ql="OAUTH_REQUEST_PROTOCOL_FORBIDDEN",zr="OAUTH_JWT_TIMESTAMP_CHECK_FAILED",It="OAUTH_JWT_CLAIM_COMPARISON_FAILED",As="OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED",gf="OAUTH_MISSING_SERVER_METADATA",mf="OAUTH_INVALID_SERVER_METADATA";function Qr(r){if(r.bodyUsed)throw Y('"response" body has been used already',Te)}function qc(r){const e=r.algorithm;if(typeof e.modulusLength!="number"||e.modulusLength<2048)throw new He("unsupported ".concat(e.name," modulusLength"),{cause:r})}function yf(r){switch(r.algorithm.namedCurve){case"P-256":return"SHA-256";case"P-384":return"SHA-384";case"P-521":return"SHA-512";default:throw new He("unsupported ECDSA namedCurve",{cause:r})}}async function wf(r){if(r.method!=="POST")throw Y("form_post responses are expected to use the POST method",Te,{cause:r});if(Zl(r)!=="application/x-www-form-urlencoded")throw Y("form_post responses are expected to use the application/x-www-form-urlencoded content-type",Te,{cause:r});return(async function(e){if(e.bodyUsed)throw Y("form_post Request instances must contain a readable body",Te,{cause:e});return e.text()})(r)}function vf(r,e,t,n){if(r===void 0)if(Array.isArray(e)){if(!e.includes(n.alg))throw N('unexpected JWT "alg" header parameter',K,{header:n,expected:e,reason:"authorization server metadata"})}else{if(t===void 0)throw N('missing client or server configuration to verify used JWT "alg" header parameter',void 0,{client:r,issuer:e,fallback:t});if(typeof t=="string"?n.alg!==t:typeof t=="function"?!t(n.alg):!t.includes(n.alg))throw N('unexpected JWT "alg" header parameter',K,{header:n,expected:t,reason:"default value"})}else if(typeof r=="string"?n.alg!==r:!r.includes(n.alg))throw N('unexpected JWT "alg" header parameter',K,{header:n,expected:r,reason:"client configuration"})}function hn(r,e){const t=r.getAll(e),n=t[0];if(t.length>1)throw N('"'.concat(e,'" parameter must be provided only once'),K);return n}const bf=Symbol(),Cf=Symbol();function Tf(r,e,t,n){if(nt(r),rt(e),t instanceof URL&&(t=t.searchParams),!(t instanceof URLSearchParams))throw Y('"parameters" must be an instance of URLSearchParams, or URL',Ue);if(hn(t,"response"))throw N('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()',K,{parameters:t});const o=hn(t,"iss"),i=hn(t,"state");if(!o&&r.authorization_response_iss_parameter_supported)throw N('response parameter "iss" (issuer) missing',K,{parameters:t});if(o&&o!==r.issuer)throw N('unexpected "iss" (issuer) response parameter value',K,{expected:r.issuer,parameters:t});switch(n){case void 0:case Cf:if(i!==void 0)throw N('unexpected "state" response parameter encountered',K,{expected:void 0,parameters:t});break;case bf:break;default:if(ae(n,'"expectedState" argument'),i!==n)throw N(i===void 0?'response parameter "state" missing':'unexpected "state" response parameter value',K,{expected:n,parameters:t})}if(hn(t,"error"))throw new Gl("authorization response from the server is an error",{cause:t});const s=hn(t,"id_token"),a=hn(t,"token");if(s!==void 0||a!==void 0)throw new He("implicit and hybrid flows are not supported");return c=new URLSearchParams(t),fa.add(c),c;var c}async function yi(r){let e,t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Jl;try{e=await r.json()}catch(n){throw t(r),N('failed to parse "response" body as JSON',Bo,n)}if(!jo(e))throw N('"response" body must be a top level object',K,{body:e});return e}const zi=Symbol(),ql=Symbol(),eh=new TextEncoder,Yn=new TextDecoder;function Wi(r){const e=new Uint8Array(r.length);for(let t=0;t<r.length;t++){const n=r.charCodeAt(t);if(n>127)throw new TypeError("non-ASCII string encountered in encode()");e[t]=n}return e}function ed(r){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(r);const e=atob(r),t=new Uint8Array(e.length);for(let n=0;n<e.length;n++)t[n]=e.charCodeAt(n);return t}function qr(r){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof r=="string"?r:Yn.decode(r),{alphabet:"base64url"});let e=r;e instanceof Uint8Array&&(e=Yn.decode(e)),e=e.replace(/-/g,"+").replace(/_/g,"/");try{return ed(e)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}const Ft=function(r){return new TypeError("CryptoKey does not support this operation, its ".concat(arguments.length>1&&arguments[1]!==void 0?arguments[1]:"algorithm.name"," must be ").concat(r))},En=(r,e)=>r.name===e;function Ji(r,e){var t;if(t=r.hash,parseInt(t.name.slice(4),10)!==e)throw Ft("SHA-".concat(e),"algorithm.hash")}function kf(r,e,t){switch(e){case"HS256":case"HS384":case"HS512":if(!En(r.algorithm,"HMAC"))throw Ft("HMAC");Ji(r.algorithm,parseInt(e.slice(2),10));break;case"RS256":case"RS384":case"RS512":if(!En(r.algorithm,"RSASSA-PKCS1-v1_5"))throw Ft("RSASSA-PKCS1-v1_5");Ji(r.algorithm,parseInt(e.slice(2),10));break;case"PS256":case"PS384":case"PS512":if(!En(r.algorithm,"RSA-PSS"))throw Ft("RSA-PSS");Ji(r.algorithm,parseInt(e.slice(2),10));break;case"Ed25519":case"EdDSA":if(!En(r.algorithm,"Ed25519"))throw Ft("Ed25519");break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":if(!En(r.algorithm,e))throw Ft(e);break;case"ES256":case"ES384":case"ES512":{if(!En(r.algorithm,"ECDSA"))throw Ft("ECDSA");const n=(function(o){switch(o){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}})(e);if(r.algorithm.namedCurve!==n)throw Ft(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}(function(n,o){if(!n.usages.includes(o))throw new TypeError("CryptoKey does not support this operation, its usages must include ".concat(o,"."))})(r,t)}function td(r,e){for(var t=arguments.length,n=new Array(t>2?t-2:0),o=2;o<t;o++)n[o-2]=arguments[o];if((n=n.filter(Boolean)).length>2){const s=n.pop();r+="one of type ".concat(n.join(", "),", or ").concat(s,".")}else n.length===2?r+="one of type ".concat(n[0]," or ").concat(n[1],"."):r+="of type ".concat(n[0],".");if(e==null)r+=" Received ".concat(e);else if(typeof e=="function"&&e.name)r+=" Received function ".concat(e.name);else if(typeof e=="object"&&e!=null){var i;(i=e.constructor)!==null&&i!==void 0&&i.name&&(r+=" Received an instance of ".concat(e.constructor.name))}return r}const th=function(r,e){for(var t=arguments.length,n=new Array(t>2?t-2:0),o=2;o<t;o++)n[o-2]=arguments[o];return td("Key for the ".concat(r," algorithm must be "),e,...n)};class ge extends Error{constructor(e,t){var n;super(e,t),I(this,"code","ERR_JOSE_GENERIC"),this.name=this.constructor.name,(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}I(ge,"code","ERR_JOSE_GENERIC");class Je extends ge{constructor(e,t){let n=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"unspecified",o=arguments.length>3&&arguments[3]!==void 0?arguments[3]:"unspecified";super(e,{cause:{claim:n,reason:o,payload:t}}),I(this,"code","ERR_JWT_CLAIM_VALIDATION_FAILED"),I(this,"claim",void 0),I(this,"reason",void 0),I(this,"payload",void 0),this.claim=n,this.reason=o,this.payload=t}}I(Je,"code","ERR_JWT_CLAIM_VALIDATION_FAILED");class Rs extends ge{constructor(e,t){let n=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"unspecified",o=arguments.length>3&&arguments[3]!==void 0?arguments[3]:"unspecified";super(e,{cause:{claim:n,reason:o,payload:t}}),I(this,"code","ERR_JWT_EXPIRED"),I(this,"claim",void 0),I(this,"reason",void 0),I(this,"payload",void 0),this.claim=n,this.reason=o,this.payload=t}}I(Rs,"code","ERR_JWT_EXPIRED");class nd extends ge{constructor(){super(...arguments),I(this,"code","ERR_JOSE_ALG_NOT_ALLOWED")}}I(nd,"code","ERR_JOSE_ALG_NOT_ALLOWED");class Le extends ge{constructor(){super(...arguments),I(this,"code","ERR_JOSE_NOT_SUPPORTED")}}I(Le,"code","ERR_JOSE_NOT_SUPPORTED");I(class extends ge{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"decryption operation failed",arguments.length>1?arguments[1]:void 0),I(this,"code","ERR_JWE_DECRYPTION_FAILED")}},"code","ERR_JWE_DECRYPTION_FAILED");I(class extends ge{constructor(){super(...arguments),I(this,"code","ERR_JWE_INVALID")}},"code","ERR_JWE_INVALID");class ce extends ge{constructor(){super(...arguments),I(this,"code","ERR_JWS_INVALID")}}I(ce,"code","ERR_JWS_INVALID");class dt extends ge{constructor(){super(...arguments),I(this,"code","ERR_JWT_INVALID")}}I(dt,"code","ERR_JWT_INVALID");I(class extends ge{constructor(){super(...arguments),I(this,"code","ERR_JWK_INVALID")}},"code","ERR_JWK_INVALID");class ma extends ge{constructor(){super(...arguments),I(this,"code","ERR_JWKS_INVALID")}}I(ma,"code","ERR_JWKS_INVALID");class ya extends ge{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"no applicable key found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),I(this,"code","ERR_JWKS_NO_MATCHING_KEY")}}I(ya,"code","ERR_JWKS_NO_MATCHING_KEY");class rd extends ge{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"multiple matching keys found in the JSON Web Key Set",arguments.length>1?arguments[1]:void 0),I(this,Symbol.asyncIterator,void 0),I(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS")}}I(rd,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");class od extends ge{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"request timed out",arguments.length>1?arguments[1]:void 0),I(this,"code","ERR_JWKS_TIMEOUT")}}I(od,"code","ERR_JWKS_TIMEOUT");class id extends ge{constructor(){super(arguments.length>0&&arguments[0]!==void 0?arguments[0]:"signature verification failed",arguments.length>1?arguments[1]:void 0),I(this,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED")}}I(id,"code","ERR_JWS_SIGNATURE_VERIFICATION_FAILED");const sd=r=>{if((r==null?void 0:r[Symbol.toStringTag])==="CryptoKey")return!0;try{return r instanceof CryptoKey}catch{return!1}},ad=r=>(r==null?void 0:r[Symbol.toStringTag])==="KeyObject",nh=r=>sd(r)||ad(r);function rh(r,e,t){try{return qr(r)}catch{throw new t("Failed to base64url decode the ".concat(e))}}function Pt(r){if(typeof(e=r)!="object"||e===null||Object.prototype.toString.call(r)!=="[object Object]")return!1;var e;if(Object.getPrototypeOf(r)===null)return!0;let t=r;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(r)===t}const Ps=r=>Pt(r)&&typeof r.kty=="string";async function _f(r,e,t){if(e instanceof Uint8Array){if(!r.startsWith("HS"))throw new TypeError((function(n){for(var o=arguments.length,i=new Array(o>1?o-1:0),s=1;s<o;s++)i[s-1]=arguments[s];return td("Key must be ",n,...i)})(e,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",e,{hash:"SHA-".concat(r.slice(-3)),name:"HMAC"},!1,[t])}return kf(e,r,t),e}async function If(r,e,t,n){const o=await _f(r,e,"verify");(function(s,a){if(s.startsWith("RS")||s.startsWith("PS")){const c=a.algorithm.modulusLength;if(typeof c!="number"||c<2048)throw new TypeError("".concat(s," requires key modulusLength to be 2048 bits or larger"))}})(r,o);const i=(function(s,a){const c="SHA-".concat(s.slice(-3));switch(s){case"HS256":case"HS384":case"HS512":return{hash:c,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:c,name:"RSA-PSS",saltLength:parseInt(s.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:c,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:c,name:"ECDSA",namedCurve:a.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:s};default:throw new Le("alg ".concat(s," is not supported either by JOSE or your javascript runtime"))}})(r,o.algorithm);try{return await crypto.subtle.verify(i,o,t,n)}catch{return!1}}const po='Invalid or unsupported JWK "alg" (Algorithm) Parameter value';async function Oo(r){var e,t;if(!r.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');const n=(function(a){let c,l;switch(a.kty){case"AKP":switch(a.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":c={name:a.alg},l=a.priv?["sign"]:["verify"];break;default:throw new Le(po)}break;case"RSA":switch(a.alg){case"PS256":case"PS384":case"PS512":c={name:"RSA-PSS",hash:"SHA-".concat(a.alg.slice(-3))},l=a.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":c={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(a.alg.slice(-3))},l=a.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":c={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(a.alg.slice(-3),10)||1)},l=a.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new Le(po)}break;case"EC":switch(a.alg){case"ES256":case"ES384":case"ES512":c={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[a.alg]},l=a.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":c={name:"ECDH",namedCurve:a.crv},l=a.d?["deriveBits"]:[];break;default:throw new Le(po)}break;case"OKP":switch(a.alg){case"Ed25519":case"EdDSA":c={name:"Ed25519"},l=a.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":c={name:a.crv},l=a.d?["deriveBits"]:[];break;default:throw new Le(po)}break;default:throw new Le('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:c,keyUsages:l}})(r),o=n.algorithm,i=n.keyUsages,s=E({},r);return s.kty!=="AKP"&&delete s.alg,delete s.use,crypto.subtle.importKey("jwk",s,o,(e=r.ext)!==null&&e!==void 0?e:!r.d&&!r.priv,(t=r.key_ops)!==null&&t!==void 0?t:i)}const An="given KeyObject instance cannot be used for this algorithm";let Vt;const oh=async function(r,e,t){let n=arguments.length>3&&arguments[3]!==void 0&&arguments[3];Vt||(Vt=new WeakMap);let o=Vt.get(r);if(o!=null&&o[t])return o[t];const i=await Oo(E(E({},e),{},{alg:t}));return n&&Object.freeze(r),o?o[t]=i:Vt.set(r,{[t]:i}),i};async function Sf(r,e){if(r instanceof Uint8Array||sd(r))return r;if(ad(r)){if(r.type==="secret")return r.export();if("toCryptoKey"in r&&typeof r.toCryptoKey=="function")try{return((n,o)=>{Vt||(Vt=new WeakMap);let i=Vt.get(n);if(i!=null&&i[o])return i[o];const s=n.type==="public",a=!!s;let c;if(n.asymmetricKeyType==="x25519"){switch(o){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw new TypeError(An)}c=n.toCryptoKey(n.asymmetricKeyType,a,s?[]:["deriveBits"])}if(n.asymmetricKeyType==="ed25519"){if(o!=="EdDSA"&&o!=="Ed25519")throw new TypeError(An);c=n.toCryptoKey(n.asymmetricKeyType,a,[s?"verify":"sign"])}switch(n.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":if(o!==n.asymmetricKeyType.toUpperCase())throw new TypeError(An);c=n.toCryptoKey(n.asymmetricKeyType,a,[s?"verify":"sign"])}if(n.asymmetricKeyType==="rsa"){let h;switch(o){case"RSA-OAEP":h="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":h="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":h="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":h="SHA-512";break;default:throw new TypeError(An)}if(o.startsWith("RSA-OAEP"))return n.toCryptoKey({name:"RSA-OAEP",hash:h},a,s?["encrypt"]:["decrypt"]);c=n.toCryptoKey({name:o.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:h},a,[s?"verify":"sign"])}if(n.asymmetricKeyType==="ec"){var l;const h=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get((l=n.asymmetricKeyDetails)===null||l===void 0?void 0:l.namedCurve);if(!h)throw new TypeError(An);const d={ES256:"P-256",ES384:"P-384",ES512:"P-521"};d[o]&&h===d[o]&&(c=n.toCryptoKey({name:"ECDSA",namedCurve:h},a,[s?"verify":"sign"])),o.startsWith("ECDH-ES")&&(c=n.toCryptoKey({name:"ECDH",namedCurve:h},a,s?[]:["deriveBits"]))}if(!c)throw new TypeError(An);return i?i[o]=c:Vt.set(n,{[o]:c}),c})(r,e)}catch(n){if(n instanceof TypeError)throw n}let t=r.export({format:"jwk"});return oh(r,t,e)}if(Ps(r))return r.k?qr(r.k):oh(r,r,e,!0);throw new Error("unreachable")}const Bi=(r,e)=>{if(r.byteLength!==e.length)return!1;for(let t=0;t<r.byteLength;t++)if(r[t]!==e[t])return!1;return!0},Mr=r=>{const e=r.data[r.pos++];if(128&e){const t=127&e;let n=0;for(let o=0;o<t;o++)n=n<<8|r.data[r.pos++];return n}return e},Ur=(r,e,t)=>{if(r.data[r.pos++]!==e)throw new Error(t)},ih=(r,e)=>{const t=r.data.subarray(r.pos,r.pos+e);return r.pos+=e,t},Ef=r=>{const e=(o=>{Ur(o,6,"Expected algorithm OID");const i=Mr(o);return ih(o,i)})(r);if(Bi(e,[43,101,110]))return"X25519";if(!Bi(e,[42,134,72,206,61,2,1]))throw new Error("Unsupported key algorithm");Ur(r,6,"Expected curve OID");const t=Mr(r),n=ih(r,t);for(const o of[{name:"P-256",oid:[42,134,72,206,61,3,1,7]},{name:"P-384",oid:[43,129,4,0,34]},{name:"P-521",oid:[43,129,4,0,35]}]){const i=o.name,s=o.oid;if(Bi(n,s))return i}throw new Error("Unsupported named curve")},Af=async(r,e,t,n)=>{var o;let i,s;const a=()=>["sign"];switch(t){case"PS256":case"PS384":case"PS512":i={name:"RSA-PSS",hash:"SHA-".concat(t.slice(-3))},s=a();break;case"RS256":case"RS384":case"RS512":i={name:"RSASSA-PKCS1-v1_5",hash:"SHA-".concat(t.slice(-3))},s=a();break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":i={name:"RSA-OAEP",hash:"SHA-".concat(parseInt(t.slice(-3),10)||1)},s=["decrypt","unwrapKey"];break;case"ES256":case"ES384":case"ES512":i={name:"ECDSA",namedCurve:{ES256:"P-256",ES384:"P-384",ES512:"P-521"}[t]},s=a();break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":try{const c=n.getNamedCurve(e);i=c==="X25519"?{name:"X25519"}:{name:"ECDH",namedCurve:c}}catch{throw new Le("Invalid or unsupported key format")}s=["deriveBits"];break;case"Ed25519":case"EdDSA":i={name:"Ed25519"},s=a();break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":i={name:t},s=a();break;default:throw new Le('Invalid or unsupported "alg" (Algorithm) value')}return crypto.subtle.importKey(r,e,i,(o=n==null?void 0:n.extractable)!==null&&o!==void 0?o:!1,s)},Rf=(r,e,t)=>{var n;const o=((s,a)=>ed(s.replace(a,"")))(r,/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\s)/g);let i=t;return e!=null&&(n=e.startsWith)!==null&&n!==void 0&&n.call(e,"ECDH-ES")&&(i||(i={}),i.getNamedCurve=s=>{const a={data:s,pos:0};return(function(c){Ur(c,48,"Invalid PKCS#8 structure"),Mr(c),Ur(c,2,"Expected version field");const l=Mr(c);c.pos+=l,Ur(c,48,"Expected algorithm identifier"),Mr(c)})(a),Ef(a)}),Af("pkcs8",o,e,i)},Rn=r=>r==null?void 0:r[Symbol.toStringTag],Gi=(r,e,t)=>{if(e.use!==void 0){let i;switch(t){case"sign":case"verify":i="sig";break;case"encrypt":case"decrypt":i="enc"}if(e.use!==i)throw new TypeError('Invalid key for this operation, its "use" must be "'.concat(i,'" when present'))}if(e.alg!==void 0&&e.alg!==r)throw new TypeError('Invalid key for this operation, its "alg" must be "'.concat(r,'" when present'));if(Array.isArray(e.key_ops)){var n,o;let i;switch(!0){case t==="verify":case r==="dir":case r.includes("CBC-HS"):i=t;break;case r.startsWith("PBES2"):i="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(r):i=!r.includes("GCM")&&r.endsWith("KW")?"unwrapKey":t;break;case t==="encrypt":i="wrapKey";break;case t==="decrypt":i=r.startsWith("RSA")?"unwrapKey":"deriveBits"}if(i&&((n=e.key_ops)===null||n===void 0||(o=n.includes)===null||o===void 0?void 0:o.call(n,i))===!1)throw new TypeError('Invalid key for this operation, its "key_ops" must include "'.concat(i,'" when present'))}return!0};function Pf(r,e,t){switch(r.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":((n,o,i)=>{if(!(o instanceof Uint8Array)){if(Ps(o)){if((s=>s.kty==="oct"&&typeof s.k=="string")(o)&&Gi(n,o,i))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!nh(o))throw new TypeError(th(n,o,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(o.type!=="secret")throw new TypeError("".concat(Rn(o),' instances for symmetric algorithms must be of type "secret"'))}})(r,e,t);break;default:((n,o,i)=>{if(Ps(o))switch(i){case"decrypt":case"sign":if((s=>s.kty!=="oct"&&(s.kty==="AKP"&&typeof s.priv=="string"||typeof s.d=="string"))(o)&&Gi(n,o,i))return;throw new TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if((s=>s.kty!=="oct"&&s.d===void 0&&s.priv===void 0)(o)&&Gi(n,o,i))return;throw new TypeError("JSON Web Key for this operation must be a public JWK")}if(!nh(o))throw new TypeError(th(n,o,"CryptoKey","KeyObject","JSON Web Key"));if(o.type==="secret")throw new TypeError("".concat(Rn(o),' instances for asymmetric algorithms must not be of type "secret"'));if(o.type==="public")switch(i){case"sign":throw new TypeError("".concat(Rn(o),' instances for asymmetric algorithm signing must be of type "private"'));case"decrypt":throw new TypeError("".concat(Rn(o),' instances for asymmetric algorithm decryption must be of type "private"'))}if(o.type==="private")switch(i){case"verify":throw new TypeError("".concat(Rn(o),' instances for asymmetric algorithm verifying must be of type "public"'));case"encrypt":throw new TypeError("".concat(Rn(o),' instances for asymmetric algorithm encryption must be of type "public"'))}})(r,e,t)}}var fo,Vi;let wt,sh;(typeof navigator>"u"||(fo=navigator.userAgent)===null||fo===void 0||(Vi=fo.startsWith)===null||Vi===void 0||!Vi.call(fo,"Mozilla/5.0 "))&&(sh="".concat("openid-client","/").concat("v6.8.4"),wt={"user-agent":sh});const fe=r=>No.get(r);let No,go;function cd(r){return r!==void 0?Xc(r):(go||(go=new WeakMap),(e,t,n,o)=>{let i;return(i=go.get(t))||((function(s,a){if(typeof s!="string")throw vt("".concat(a," must be a string"),to);if(s.length===0)throw vt("".concat(a," must not be empty"),eo)})(t.client_secret,'"metadata.client_secret"'),i=Xc(t.client_secret),go.set(t,i)),i(e,t,n,o)})}const et=at,eo="ERR_INVALID_ARG_VALUE",to="ERR_INVALID_ARG_TYPE";function vt(r,e,t){const n=new TypeError(r,{cause:t});return Object.assign(n,{code:e}),n}function Of(r){return(async function(e){return ae(e,"codeVerifier"),fn(await crypto.subtle.digest("SHA-256",jn(e)))})(r)}function Nf(){return Bl()}class Go extends Error{constructor(e,t){var n;super(e,t),I(this,"code",void 0),this.name=this.constructor.name,this.code=t==null?void 0:t.code,(n=Error.captureStackTrace)===null||n===void 0||n.call(Error,this,this.constructor)}}function _e(r,e,t){return new Go(r,{cause:e,code:t})}function ke(r){if(r instanceof TypeError||r instanceof Go||r instanceof mi||r instanceof Gl||r instanceof da)throw r;if(r instanceof ha)switch(r.code){case Yl:throw _e("only requests to HTTPS are allowed",r,r.code);case Ql:throw _e("only requests to HTTP or HTTPS are allowed",r,r.code);case ga:throw _e("unexpected HTTP response status code",r.cause,r.code);case Xl:throw _e("unexpected response content-type",r.cause,r.code);case Bo:throw _e("parsing error occured",r,r.code);case K:throw _e("invalid response encountered",r,r.code);case It:throw _e("unexpected JWT claim value encountered",r,r.code);case As:throw _e("unexpected JSON attribute value encountered",r,r.code);case zr:throw _e("JWT timestamp claim value failed validation",r,r.code);default:throw _e(r.message,r,r.code)}if(r instanceof He)throw _e("unsupported operation",r,r.code);if(r instanceof DOMException)switch(r.name){case"OperationError":throw _e("runtime operation error",r,Es);case"NotSupportedError":throw _e("runtime unsupported operation",r,Es);case"TimeoutError":throw _e("operation timed out",r,"OAUTH_TIMEOUT");case"AbortError":throw _e("operation aborted",r,"OAUTH_ABORT")}throw new Go("something went wrong",{cause:r})}async function xf(r,e,t,n,o){const i=await(async function(c,l){var h,d;if(!(c instanceof URL))throw vt('"server" must be an instance of URL',to);const p=!c.href.includes("/.well-known/"),u=(h=l==null?void 0:l.timeout)!==null&&h!==void 0?h:30,f=AbortSignal.timeout(1e3*u),g=await(p?$p(c,{algorithm:l==null?void 0:l.algorithm,[at]:l==null?void 0:l[et],[We]:l==null||(d=l.execute)===null||d===void 0?void 0:d.includes(hh),signal:f,headers:new Headers(wt)}):((l==null?void 0:l[et])||fetch)((la(c,l==null||(y=l.execute)===null||y===void 0||!y.includes(hh)),c.href),{headers:Object.fromEntries(new Headers(E({accept:"application/json"},wt)).entries()),body:void 0,method:"GET",redirect:"manual",signal:f})).then(m=>(async function(b,C){const k=b;if(!(k instanceof URL)&&k!==zi)throw Y('"expectedIssuerIdentifier" must be an instance of URL',Ue);if(!rr(C,Response))throw Y('"response" must be an instance of Response',Ue);if(C.status!==200)throw N('"response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)',ga,C);Qr(C);const _=await yi(C);if(ae(_.issuer,'"response" body "issuer" property',K,{body:_}),k!==zi&&new URL(_.issuer).href!==k.href)throw N('"response" body "issuer" property does not match the expected value',As,{expected:k.href,body:_,attribute:"issuer"});return _})(zi,m)).catch(ke);var y;return p&&new URL(g.issuer).href!==c.href&&((function(m,b,C){return!(m.origin!=="https://login.microsoftonline.com"||C!=null&&C.algorithm&&C.algorithm!=="oidc"||(b[hd]=!0,0))})(c,g,l)||(function(m,b){return!(!m.hostname.endsWith(".b2clogin.com")||b!=null&&b.algorithm&&b.algorithm!=="oidc")})(c,l)||(()=>{throw new Go("discovered metadata issuer does not match the expected issuer",{code:As,cause:{expected:c.href,body:g,attribute:"issuer"}})})()),g})(r,o),s=new Qn(i,e,t,n);let a=fe(s);if(o!=null&&o[et]&&(a.fetch=o[et]),o!=null&&o.timeout&&(a.timeout=o.timeout),o!=null&&o.execute)for(const c of o.execute)c(s);return s}new TextDecoder;const hd=Symbol();class Qn{constructor(e,t,n,o){var i,s,a,c,l;if(typeof t!="string"||!t.length)throw vt('"clientId" must be a non-empty string',to);if(typeof n=="string"&&(n={client_secret:n}),((i=n)===null||i===void 0?void 0:i.client_id)!==void 0&&t!==n.client_id)throw vt('"clientId" and "metadata.client_id" must be the same',eo);const h=E(E({},structuredClone(n)),{},{client_id:t});let d;h[Ts]=(s=(a=n)===null||a===void 0?void 0:a[Ts])!==null&&s!==void 0?s:0,h[ks]=(c=(l=n)===null||l===void 0?void 0:l[ks])!==null&&c!==void 0?c:30,d=o||(typeof h.client_secret=="string"&&h.client_secret.length?cd(h.client_secret):(g,y,m,b)=>{m.set("client_id",y.client_id)});let p=Object.freeze(h);const u=structuredClone(e);hd in e&&(u[ql]=g=>{let y=g.claims.tid;return e.issuer.replace("{tenantid}",y)});let f=Object.freeze(u);No||(No=new WeakMap),No.set(this,{__proto__:null,as:f,c:p,auth:d,tlsOnly:!0,jwksCache:{}})}serverMetadata(){const e=structuredClone(fe(this).as);return(function(t){Object.defineProperties(t,(function(n){return{supportsPKCE:{__proto__:null,value(){var o;let i=arguments.length>0&&arguments[0]!==void 0?arguments[0]:"S256";return((o=n.code_challenge_methods_supported)===null||o===void 0?void 0:o.includes(i))===!0}}}})(t))})(e),e}clientMetadata(){return structuredClone(fe(this).c)}get timeout(){return fe(this).timeout}set timeout(e){fe(this).timeout=e}get[et](){return fe(this).fetch}set[et](e){fe(this).fetch=e}}function no(r){Object.defineProperties(r,(function(e){let t;if(e.expires_in!==void 0){const n=new Date;n.setSeconds(n.getSeconds()+e.expires_in),t=n.getTime()}return{expiresIn:{__proto__:null,value(){if(t){const n=Date.now();return t>n?Math.floor((t-n)/1e3):0}}},claims:{__proto__:null,value(){try{return Ss(this)}catch{return}}}}})(r))}async function ah(r,e,t){var n;let o=arguments.length>3&&arguments[3]!==void 0&&arguments[3];const i=(n=r.headers.get("retry-after"))===null||n===void 0?void 0:n.trim();if(i===void 0)return;let s;if(/^\d+$/.test(i))s=parseInt(i,10);else{const a=new Date(i);if(Number.isFinite(a.getTime())){const c=new Date,l=a.getTime()-c.getTime();l>0&&(s=Math.ceil(l/1e3))}}if(o&&!Number.isFinite(s))throw new ha("invalid Retry-After header value",{cause:r});s>e&&await ld(s-e,t)}function ld(r,e){return new Promise((t,n)=>{const o=i=>{try{e.throwIfAborted()}catch(a){return void n(a)}if(i<=0)return void t();const s=Math.min(i,5);setTimeout(()=>o(i-s),1e3*s)};o(r)})}async function ch(r,e){xt(r);const t=fe(r),n=t.as,o=t.c,i=t.auth,s=t.fetch,a=t.tlsOnly,c=t.timeout;return(async function(l,h,d,p,u){nt(l),rt(h);const f=Xr(l,"backchannel_authentication_endpoint",h.use_mtls_endpoint_aliases,(u==null?void 0:u[We])!==!0),g=new URLSearchParams(p);g.set("client_id",h.client_id);const y=gi(u==null?void 0:u.headers);return y.set("accept","application/json"),pa(l,h,d,f,g,y,u)})(n,o,i,e,{[at]:s,[We]:!a,headers:new Headers(wt),signal:_n(c)}).then(l=>(async function(h,d,p){if(nt(h),rt(d),!rr(p,Response))throw Y('"response" must be an instance of Response',Ue);await ua(p,200,"Backchannel Authentication Endpoint"),Qr(p);const u=await yi(p);ae(u.auth_req_id,'"response" body "auth_req_id" property',K,{body:u});let f=typeof u.expires_in!="number"?parseFloat(u.expires_in):u.expires_in;return $t(f,!0,'"response" body "expires_in" property',K,{body:u}),u.expires_in=f,u.interval!==void 0&&$t(u.interval,!1,'"response" body "interval" property',K,{body:u}),u})(n,o,l)).catch(ke)}async function dd(r,e,t,n){var o,i;xt(r),t=new URLSearchParams(t);let s=(o=e.interval)!==null&&o!==void 0?o:5;const a=(i=n==null?void 0:n.signal)!==null&&i!==void 0?i:AbortSignal.timeout(1e3*e.expires_in);try{await ld(s,a)}catch(S){ke(S)}const c=fe(r),l=c.as,h=c.c,d=c.auth,p=c.fetch,u=c.tlsOnly,f=c.nonRepudiation,g=c.timeout,y=c.decrypt,m=(S,x)=>dd(r,E(E({},e),{},{interval:S}),t,E(E({},n),{},{signal:a,flag:x})),b=(function(S,x){const te=_n(x);if(!te)return{signal:S,cleanup(){}};const re=new AbortController,Q=Pe=>{const Mt=Pe.target;re.abort(Mt.reason)};return S.aborted?re.abort(S.reason):te.aborted?re.abort(te.reason):(S.addEventListener("abort",Q,{once:!0}),te.addEventListener("abort",Q,{once:!0})),{signal:re.signal,cleanup(){S.removeEventListener("abort",Q),te.removeEventListener("abort",Q)}}})(a,g),C=await(async function(S,x,te,re,Q){nt(S),rt(x),ae(re,'"authReqId"');const Pe=new URLSearchParams(Q==null?void 0:Q.additionalParameters);return Pe.set("auth_req_id",re),Yr(S,x,te,"urn:openid:params:grant-type:ciba",Pe,Q)})(l,h,d,e.auth_req_id,{[at]:p,[We]:!u,additionalParameters:t,DPoP:n==null?void 0:n.DPoP,headers:new Headers(wt),signal:b.signal}).catch(ke).finally(b.cleanup);var k;if(C.status===503&&C.headers.has("retry-after"))return await ah(C,s,a,!0),await((k=C.body)===null||k===void 0?void 0:k.cancel()),m(s);const _=(async function(S,x,te,re){return Xn(S,x,te,void 0,re==null?void 0:re[Rt],re==null?void 0:re.recognizedTokenTypes)})(l,h,C,{[Rt]:y});let O;try{O=await _}catch(S){if(or(S,n))return m(s,St);if(S instanceof mi)switch(S.error){case"slow_down":s+=5;case"authorization_pending":return await ah(S.response,s,a),m(s)}ke(S)}return O.id_token&&await(f==null?void 0:f(C)),no(O),O}function hh(r){fe(r).tlsOnly=!1}async function ud(r,e,t,n,o){if(xt(r),!((o==null?void 0:o.flag)===St||e instanceof URL||(function(S,x){try{return Object.getPrototypeOf(S)[Symbol.toStringTag]===x}catch{return!1}})(e,"Request")))throw vt('"currentUrl" must be an instance of URL, or Request',to);let i,s;const a=fe(r),c=a.as,l=a.c,h=a.auth,d=a.fetch,p=a.tlsOnly,u=a.jarm,f=a.hybrid,g=a.nonRepudiation,y=a.timeout,m=a.decrypt,b=a.implicit;if((o==null?void 0:o.flag)===St)i=o.authResponse,s=o.redirectUri;else{if(!(e instanceof URL)){const S=e;switch(e=new URL(e.url),S.method){case"GET":break;case"POST":const x=new URLSearchParams(await wf(S));if(f)e.hash=x.toString();else for(const te of x.entries()){var C=Ke(te,2);const re=C[0],Q=C[1];e.searchParams.append(re,Q)}break;default:throw vt("unexpected Request HTTP method",eo)}}switch(s=(function(S){return(S=new URL(S)).search="",S.hash="",S.href})(e),!0){case!!u:i=await u(e,t==null?void 0:t.expectedState);break;case!!f:i=await f(e,t==null?void 0:t.expectedNonce,t==null?void 0:t.expectedState,t==null?void 0:t.maxAge);break;case!!b:throw new TypeError("authorizationCodeGrant() cannot be used by response_type=id_token clients");default:try{i=Tf(c,l,e.searchParams,t==null?void 0:t.expectedState)}catch(S){ke(S)}}}const k=await(async function(S,x,te,re,Q,Pe,Mt){if(nt(S),rt(x),!fa.has(re))throw Y('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()',Te);ae(Q,'"redirectUri"');const lr=hn(re,"code");if(!lr)throw N('no authorization code in "callbackParameters"',K);const tn=new URLSearchParams(Mt==null?void 0:Mt.additionalParameters);return tn.set("redirect_uri",Q),tn.set("code",lr),Pe!==Qc&&(ae(Pe,'"codeVerifier"'),tn.set("code_verifier",Pe)),Yr(S,x,te,"authorization_code",tn,Mt)})(c,l,h,i,s,(t==null?void 0:t.pkceCodeVerifier)||Qc,{additionalParameters:n,[at]:d,[We]:!p,DPoP:o==null?void 0:o.DPoP,headers:new Headers(wt),signal:_n(y)}).catch(ke);typeof(t==null?void 0:t.expectedNonce)!="string"&&typeof(t==null?void 0:t.maxAge)!="number"||(t.idTokenExpected=!0);const _=df(c,l,k,{expectedNonce:t==null?void 0:t.expectedNonce,maxAge:t==null?void 0:t.maxAge,requireIdToken:t==null?void 0:t.idTokenExpected,[Rt]:m});let O;try{O=await _}catch(S){if(or(S,o))return ud(r,void 0,t,n,E(E({},o),{},{flag:St,authResponse:i,redirectUri:s}));ke(S)}return O.id_token&&await(g==null?void 0:g(k)),no(O),O}async function pd(r,e,t,n){xt(r),t=new URLSearchParams(t);const o=fe(r),i=o.as,s=o.c,a=o.auth,c=o.fetch,l=o.tlsOnly,h=o.nonRepudiation,d=o.timeout,p=o.decrypt,u=await(async function(y,m,b,C,k){nt(y),rt(m),ae(C,'"refreshToken"');const _=new URLSearchParams(k==null?void 0:k.additionalParameters);return _.set("refresh_token",C),Yr(y,m,b,"refresh_token",_,k)})(i,s,a,e,{[at]:c,[We]:!l,additionalParameters:t,DPoP:n==null?void 0:n.DPoP,headers:new Headers(wt),signal:_n(d)}).catch(ke),f=(async function(y,m,b,C){return Xn(y,m,b,void 0,C==null?void 0:C[Rt],C==null?void 0:C.recognizedTokenTypes)})(i,s,u,{[Rt]:p});let g;try{g=await f}catch(y){if(or(y,n))return pd(r,e,t,E(E({},n),{},{flag:St}));ke(y)}return g.id_token&&await(h==null?void 0:h(u)),no(g),g}async function fd(r,e,t){xt(r),e=new URLSearchParams(e);const n=fe(r),o=n.as,i=n.c,s=n.auth,a=n.fetch,c=n.tlsOnly,l=n.timeout,h=await(async function(u,f,g,y,m){return nt(u),rt(f),Yr(u,f,g,"client_credentials",new URLSearchParams(y),m)})(o,i,s,e,{[at]:a,[We]:!c,DPoP:t==null?void 0:t.DPoP,headers:new Headers(wt),signal:_n(l)}).catch(ke),d=(async function(u,f,g,y){return Xn(u,f,g,void 0,void 0,void 0)})(o,i,h);let p;try{p=await d}catch(u){if(or(u,t))return fd(r,e,E(E({},t),{},{flag:St}));ke(u)}return no(p),p}function Os(r,e){xt(r);const t=fe(r),n=t.as,o=t.c,i=t.tlsOnly,s=t.hybrid,a=t.jarm,c=t.implicit,l=Xr(n,"authorization_endpoint",!1,i);if((e=new URLSearchParams(e)).has("client_id")||e.set("client_id",o.client_id),!e.has("request_uri")&&!e.has("request")){if(e.has("response_type")||e.set("response_type",s?"code id_token":c?"id_token":"code"),c&&!e.has("nonce"))throw vt("response_type=id_token clients must provide a nonce parameter in their authorization request parameters",eo);a&&e.set("response_mode","jwt")}for(const d of e.entries()){var h=Ke(d,2);const p=h[0],u=h[1];l.searchParams.append(p,u)}return l}async function gd(r,e,t){xt(r);const n=Os(r,e),o=fe(r),i=o.as,s=o.c,a=o.auth,c=o.fetch,l=o.tlsOnly,h=o.timeout,d=await(async function(f,g,y,m,b){var C;nt(f),rt(g);const k=Xr(f,"pushed_authorization_request_endpoint",g.use_mtls_endpoint_aliases,(b==null?void 0:b[We])!==!0),_=new URLSearchParams(m);_.set("client_id",g.client_id);const O=gi(b==null?void 0:b.headers);O.set("accept","application/json"),(b==null?void 0:b.DPoP)!==void 0&&(Vl(b.DPoP),await b.DPoP.addProof(k,O,"POST"));const S=await pa(f,g,y,k,_,O,b);return b==null||(C=b.DPoP)===null||C===void 0||C.cacheNonce(S,k),S})(i,s,a,n.searchParams,{[at]:c,[We]:!l,DPoP:t==null?void 0:t.DPoP,headers:new Headers(wt),signal:_n(h)}).catch(ke),p=(async function(f,g,y){if(nt(f),rt(g),!rr(y,Response))throw Y('"response" must be an instance of Response',Ue);await ua(y,201,"Pushed Authorization Request Endpoint"),Qr(y);const m=await yi(y);ae(m.request_uri,'"response" body "request_uri" property',K,{body:m});let b=typeof m.expires_in!="number"?parseFloat(m.expires_in):m.expires_in;return $t(b,!0,'"response" body "expires_in" property',K,{body:m}),m.expires_in=b,m})(i,s,d);let u;try{u=await p}catch(f){if(or(f,t))return gd(r,e,E(E({},t),{},{flag:St}));ke(f)}return Os(r,{request_uri:u.request_uri})}function xt(r){if(!(r instanceof Qn))throw vt('"config" must be an instance of Configuration',to);if(Object.getPrototypeOf(r)!==Qn.prototype)throw vt("subclassing Configuration is not allowed",eo)}function _n(r){return r?AbortSignal.timeout(1e3*r):void 0}function or(r,e){return!(e==null||!e.DPoP||e.flag===St)&&(function(t){if(t instanceof da){const n=t.cause,o=n[0];return n.length===1&&o.scheme==="dpop"&&o.parameters.error==="use_dpop_nonce"}return t instanceof mi&&t.error==="use_dpop_nonce"})(r)}Object.freeze(Qn.prototype);const St=Symbol();async function gn(r,e,t,n){xt(r);const o=fe(r),i=o.as,s=o.c,a=o.auth,c=o.fetch,l=o.tlsOnly,h=o.timeout,d=o.decrypt,p=o.nonRepudiation,u=await(async function(m,b,C,k,_,O){return nt(m),rt(b),ae(k,'"grantType"'),Yr(m,b,C,k,new URLSearchParams(_),O)})(i,s,a,e,new URLSearchParams(t),{[at]:c,[We]:!l,DPoP:n==null?void 0:n.DPoP,headers:new Headers(wt),signal:_n(h)}).catch(ke);let f;e==="urn:ietf:params:oauth:grant-type:token-exchange"&&(f={n_a:()=>{}});const g=(async function(m,b,C,k){return Xn(m,b,C,void 0,k==null?void 0:k[Rt],k==null?void 0:k.recognizedTokenTypes)})(i,s,u,{[Rt]:d,recognizedTokenTypes:f});let y;try{y=await g}catch(m){if(or(m,n))return gn(r,e,t,E(E({},n),{},{flag:St}));ke(m)}return y.id_token&&await(p==null?void 0:p(u)),no(y),y}async function Mf(r,e,t){if(!Pt(r))throw new ce("Flattened JWS must be an object");if(r.protected===void 0&&r.header===void 0)throw new ce('Flattened JWS must have either of the "protected" or "header" members');if(r.protected!==void 0&&typeof r.protected!="string")throw new ce("JWS Protected Header incorrect type");if(r.payload===void 0)throw new ce("JWS Payload missing");if(typeof r.signature!="string")throw new ce("JWS Signature missing or incorrect type");if(r.header!==void 0&&!Pt(r.header))throw new ce("JWS Unprotected Header incorrect type");let n={};if(r.protected)try{const g=qr(r.protected);n=JSON.parse(Yn.decode(g))}catch{throw new ce("JWS Protected Header is invalid")}if(!(function(){for(var g=arguments.length,y=new Array(g),m=0;m<g;m++)y[m]=arguments[m];const b=y.filter(Boolean);if(b.length===0||b.length===1)return!0;let C;for(const k of b){const _=Object.keys(k);if(C&&C.size!==0)for(const O of _){if(C.has(O))return!1;C.add(O)}else C=new Set(_)}return!0})(n,r.header))throw new ce("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const o=E(E({},n),r.header),i=(function(g,y,m,b,C){if(C.crit!==void 0&&(b==null?void 0:b.crit)===void 0)throw new g('"crit" (Critical) Header Parameter MUST be integrity protected');if(!b||b.crit===void 0)return new Set;if(!Array.isArray(b.crit)||b.crit.length===0||b.crit.some(_=>typeof _!="string"||_.length===0))throw new g('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let k;k=m!==void 0?new Map([...Object.entries(m),...y.entries()]):y;for(const _ of b.crit){if(!k.has(_))throw new Le('Extension Header Parameter "'.concat(_,'" is not recognized'));if(C[_]===void 0)throw new g('Extension Header Parameter "'.concat(_,'" is missing'));if(k.get(_)&&b[_]===void 0)throw new g('Extension Header Parameter "'.concat(_,'" MUST be integrity protected'))}return new Set(b.crit)})(ce,new Map([["b64",!0]]),t==null?void 0:t.crit,n,o);let s=!0;if(i.has("b64")&&(s=n.b64,typeof s!="boolean"))throw new ce('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const a=o.alg;if(typeof a!="string"||!a)throw new ce('JWS "alg" (Algorithm) Header Parameter missing or invalid');const c=t&&(function(g,y){if(y!==void 0&&(!Array.isArray(y)||y.some(m=>typeof m!="string")))throw new TypeError('"'.concat(g,'" option must be an array of strings'));if(y)return new Set(y)})("algorithms",t.algorithms);if(c&&!c.has(a))throw new nd('"alg" (Algorithm) Header Parameter value not allowed');if(s){if(typeof r.payload!="string")throw new ce("JWS Payload must be a string")}else if(typeof r.payload!="string"&&!(r.payload instanceof Uint8Array))throw new ce("JWS Payload must be a string or an Uint8Array instance");let l=!1;typeof e=="function"&&(e=await e(n,r),l=!0),Pf(a,e,"verify");const h=(function(){for(var g=arguments.length,y=new Array(g),m=0;m<g;m++)y[m]=arguments[m];const b=y.reduce((_,O)=>_+O.length,0),C=new Uint8Array(b);let k=0;for(const _ of y)C.set(_,k),k+=_.length;return C})(r.protected!==void 0?Wi(r.protected):new Uint8Array,Wi("."),typeof r.payload=="string"?s?Wi(r.payload):eh.encode(r.payload):r.payload),d=rh(r.signature,"signature",ce),p=await Sf(e,a);if(!await If(a,p,d,h))throw new id;let u;u=s?rh(r.payload,"payload",ce):typeof r.payload=="string"?eh.encode(r.payload):r.payload;const f={payload:u};return r.protected!==void 0&&(f.protectedHeader=n),r.header!==void 0&&(f.unprotectedHeader=r.header),l?E(E({},f),{},{key:p}):f}const Uf=86400,Df=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function lh(r){const e=Df.exec(r);if(!e||e[4]&&e[1])throw new TypeError("Invalid time period format");const t=parseFloat(e[2]);let n;switch(e[3].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":n=Math.round(t);break;case"minute":case"minutes":case"min":case"mins":case"m":n=Math.round(60*t);break;case"hour":case"hours":case"hr":case"hrs":case"h":n=Math.round(3600*t);break;case"day":case"days":case"d":n=Math.round(t*Uf);break;case"week":case"weeks":case"w":n=Math.round(604800*t);break;default:n=Math.round(31557600*t)}return e[1]==="-"||e[4]==="ago"?-n:n}const dh=r=>r.includes("/")?r.toLowerCase():"application/".concat(r.toLowerCase());function Lf(r,e){let t,n=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};try{t=JSON.parse(Yn.decode(e))}catch{}if(!Pt(t))throw new dt("JWT Claims Set must be a top-level JSON object");const o=n.typ;if(o&&(typeof r.typ!="string"||dh(r.typ)!==dh(o)))throw new Je('unexpected "typ" JWT header value',t,"typ","check_failed");const i=n.requiredClaims,s=i===void 0?[]:i,a=n.issuer,c=n.subject,l=n.audience,h=n.maxTokenAge,d=[...s];h!==void 0&&d.push("iat"),l!==void 0&&d.push("aud"),c!==void 0&&d.push("sub"),a!==void 0&&d.push("iss");for(const b of new Set(d.reverse()))if(!(b in t))throw new Je('missing required "'.concat(b,'" claim'),t,b,"missing");if(a&&!(Array.isArray(a)?a:[a]).includes(t.iss))throw new Je('unexpected "iss" claim value',t,"iss","check_failed");if(c&&t.sub!==c)throw new Je('unexpected "sub" claim value',t,"sub","check_failed");if(l&&(p=t.aud,u=typeof l=="string"?[l]:l,!(typeof p=="string"?u.includes(p):Array.isArray(p)&&u.some(Set.prototype.has.bind(new Set(p))))))throw new Je('unexpected "aud" claim value',t,"aud","check_failed");var p,u;let f;switch(typeof n.clockTolerance){case"string":f=lh(n.clockTolerance);break;case"number":f=n.clockTolerance;break;case"undefined":f=0;break;default:throw new TypeError("Invalid clockTolerance option type")}const g=n.currentDate,y=(m=g||new Date,Math.floor(m.getTime()/1e3));var m;if((t.iat!==void 0||h)&&typeof t.iat!="number")throw new Je('"iat" claim must be a number',t,"iat","invalid");if(t.nbf!==void 0){if(typeof t.nbf!="number")throw new Je('"nbf" claim must be a number',t,"nbf","invalid");if(t.nbf>y+f)throw new Je('"nbf" claim timestamp check failed',t,"nbf","check_failed")}if(t.exp!==void 0){if(typeof t.exp!="number")throw new Je('"exp" claim must be a number',t,"exp","invalid");if(t.exp<=y-f)throw new Rs('"exp" claim timestamp check failed',t,"exp","check_failed")}if(h){const b=y-t.iat;if(b-f>(typeof h=="number"?h:lh(h)))throw new Rs('"iat" claim timestamp check failed (too far in the past)',t,"iat","check_failed");if(b<0-f)throw new Je('"iat" claim timestamp check failed (it should be in the past)',t,"iat","check_failed")}return t}async function Hf(r,e,t){var n;const o=await(async function(s,a,c){if(s instanceof Uint8Array&&(s=Yn.decode(s)),typeof s!="string")throw new ce("Compact JWS must be a string or Uint8Array");const l=s.split("."),h=l[0],d=l[1],p=l[2];if(l.length!==3)throw new ce("Invalid Compact JWS");const u=await Mf({payload:d,protected:h,signature:p},a,c),f={payload:u.payload,protectedHeader:u.protectedHeader};return typeof a=="function"?E(E({},f),{},{key:u.key}):f})(r,e,t);if((n=o.protectedHeader.crit)!==null&&n!==void 0&&n.includes("b64")&&o.protectedHeader.b64===!1)throw new dt("JWTs MUST NOT use unencoded payload");const i={payload:Lf(o.protectedHeader,o.payload,t),protectedHeader:o.protectedHeader};return typeof e=="function"?E(E({},i),{},{key:o.key}):i}function Kf(r){return Pt(r)}var mo,Zi,yo=new WeakMap,$i=new WeakMap;class Ff{constructor(e){if(j(this,yo,void 0),j(this,$i,new WeakMap),!(function(t){return t&&typeof t=="object"&&Array.isArray(t.keys)&&t.keys.every(Kf)})(e))throw new ma("JSON Web Key Set malformed");U(yo,this,structuredClone(e))}jwks(){return v(yo,this)}async getKey(e,t){const n=E(E({},e),t==null?void 0:t.header),o=n.alg,i=n.kid,s=(function(h){switch(typeof h=="string"&&h.slice(0,2)){case"RS":case"PS":return"RSA";case"ES":return"EC";case"Ed":return"OKP";case"ML":return"AKP";default:throw new Le('Unsupported "alg" value for a JSON Web Key Set')}})(o),a=v(yo,this).keys.filter(h=>{let d=s===h.kty;if(d&&typeof i=="string"&&(d=i===h.kid),!d||typeof h.alg!="string"&&s!=="AKP"||(d=o===h.alg),d&&typeof h.use=="string"&&(d=h.use==="sig"),d&&Array.isArray(h.key_ops)&&(d=h.key_ops.includes("verify")),d)switch(o){case"ES256":d=h.crv==="P-256";break;case"ES384":d=h.crv==="P-384";break;case"ES512":d=h.crv==="P-521";break;case"Ed25519":case"EdDSA":d=h.crv==="Ed25519"}return d}),c=a[0],l=a.length;if(l===0)throw new ya;if(l!==1){const h=new rd,d=v($i,this);throw h[Symbol.asyncIterator]=op(function*(){for(const p of a)try{yield yield rp(uh(d,p,o))}catch{}}),h}return uh(v($i,this),c,o)}}async function uh(r,e,t){const n=r.get(e)||r.set(e,{}).get(e);if(n[t]===void 0){const o=await(async function(i,s,a){var c;if(!Pt(i))throw new TypeError("JWK must be an object");let l;switch(s!=null||(s=i.alg),l!=null||(l=(c=void 0)!==null&&c!==void 0?c:i.ext),i.kty){case"oct":if(typeof i.k!="string"||!i.k)throw new TypeError('missing "k" (Key Value) Parameter value');return qr(i.k);case"RSA":if("oth"in i&&i.oth!==void 0)throw new Le('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');return Oo(E(E({},i),{},{alg:s,ext:l}));case"AKP":if(typeof i.alg!="string"||!i.alg)throw new TypeError('missing "alg" (Algorithm) Parameter value');if(s!==void 0&&s!==i.alg)throw new TypeError("JWK alg and alg option value mismatch");return Oo(E(E({},i),{},{ext:l}));case"EC":case"OKP":return Oo(E(E({},i),{},{alg:s,ext:l}));default:throw new Le('Unsupported "kty" (Key Type) Parameter value')}})(E(E({},e),{},{ext:!0}),t);if(o instanceof Uint8Array||o.type!=="public")throw new ma("JSON Web Key Set members must be public keys");n[t]=o}return n[t]}function ph(r){const e=new Ff(r),t=async(n,o)=>e.getKey(n,o);return Object.defineProperties(t,{jwks:{value:()=>structuredClone(e.jwks()),enumerable:!1,configurable:!1,writable:!1}}),t}let Ns;(typeof navigator>"u"||(mo=navigator.userAgent)===null||mo===void 0||(Zi=mo.startsWith)===null||Zi===void 0||!Zi.call(mo,"Mozilla/5.0 "))&&(Ns="".concat("jose","/").concat("v6.2.3"));const md=Symbol(),xo=Symbol();var Xi=new WeakMap,Yi=new WeakMap,Qi=new WeakMap,wo=new WeakMap,rn=new WeakMap,Ct=new WeakMap,Lt=new WeakMap,qi=new WeakMap,on=new WeakMap,sn=new WeakMap;class jf{constructor(e,t){if(j(this,Xi,void 0),j(this,Yi,void 0),j(this,Qi,void 0),j(this,wo,void 0),j(this,rn,void 0),j(this,Ct,void 0),j(this,Lt,void 0),j(this,qi,void 0),j(this,on,void 0),j(this,sn,void 0),!(e instanceof URL))throw new TypeError("url must be an instance of URL");var n,o;U(Xi,this,new URL(e.href)),U(Yi,this,typeof(t==null?void 0:t.timeoutDuration)=="number"?t==null?void 0:t.timeoutDuration:5e3),U(Qi,this,typeof(t==null?void 0:t.cooldownDuration)=="number"?t==null?void 0:t.cooldownDuration:3e4),U(wo,this,typeof(t==null?void 0:t.cacheMaxAge)=="number"?t==null?void 0:t.cacheMaxAge:6e5),U(Lt,this,new Headers(t==null?void 0:t.headers)),Ns&&!v(Lt,this).has("User-Agent")&&v(Lt,this).set("User-Agent",Ns),v(Lt,this).has("accept")||(v(Lt,this).set("accept","application/json"),v(Lt,this).append("accept","application/jwk-set+json")),U(qi,this,t==null?void 0:t[md]),(t==null?void 0:t[xo])!==void 0&&(U(sn,this,t==null?void 0:t[xo]),n=t==null?void 0:t[xo],o=v(wo,this),typeof n=="object"&&n!==null&&"uat"in n&&typeof n.uat=="number"&&!(Date.now()-n.uat>=o)&&"jwks"in n&&Pt(n.jwks)&&Array.isArray(n.jwks.keys)&&Array.prototype.every.call(n.jwks.keys,Pt)&&(U(rn,this,v(sn,this).uat),U(on,this,ph(v(sn,this).jwks))))}pendingFetch(){return!!v(Ct,this)}coolingDown(){return typeof v(rn,this)=="number"&&Date.now()<v(rn,this)+v(Qi,this)}fresh(){return typeof v(rn,this)=="number"&&Date.now()<v(rn,this)+v(wo,this)}jwks(){var e;return(e=v(on,this))===null||e===void 0?void 0:e.jwks()}async getKey(e,t){v(on,this)&&this.fresh()||await this.reload();try{return await v(on,this).call(this,e,t)}catch(n){if(n instanceof ya&&this.coolingDown()===!1)return await this.reload(),v(on,this).call(this,e,t);throw n}}async reload(){v(Ct,this)&&(typeof WebSocketPair<"u"||typeof navigator<"u"&&navigator.userAgent==="Cloudflare-Workers"||typeof EdgeRuntime<"u"&&EdgeRuntime==="vercel")&&U(Ct,this,void 0),v(Ct,this)||U(Ct,this,(async function(e,t,n){const i=await(arguments.length>3&&arguments[3]!==void 0?arguments[3]:fetch)(e,{method:"GET",signal:n,redirect:"manual",headers:t}).catch(s=>{throw s.name==="TimeoutError"?new od:s});if(i.status!==200)throw new ge("Expected 200 OK from the JSON Web Key Set HTTP response");try{return await i.json()}catch{throw new ge("Failed to parse the JSON Web Key Set HTTP response as JSON")}})(v(Xi,this).href,v(Lt,this),AbortSignal.timeout(v(Yi,this)),v(qi,this)).then(e=>{U(on,this,ph(e)),v(sn,this)&&(v(sn,this).uat=Date.now(),v(sn,this).jwks=e),U(rn,this,Date.now()),U(Ct,this,void 0)}).catch(e=>{throw U(Ct,this,void 0),e})),await v(Ct,this)}}const zf=["mfaToken"],Wf=["mfaToken"];var an,vo,mr,cn,yr,wr,vr,br,bo,Co,Fe,To,ko,Be,lt,Ln,F,Ve,Cr,Dr,zn,_o,X;function pn(r){var e,t;if(typeof r!="object"||r===null)return{error:"unknown_error",error_description:String(r)};const n=r,o={error:(e=n.error)!==null&&e!==void 0?e:"",error_description:(t=n.error_description)!==null&&t!==void 0?t:"",message:n.message};if(n.error==="mfa_required"&&n.cause){o.mfa_token=typeof n.cause.mfa_token=="string"?n.cause.mfa_token:void 0;const i=n.cause.mfa_requirements;typeof i=="object"&&i!==null&&(o.mfa_requirements=i)}return o}var fh=class extends Error{constructor(r,e){super(e),I(this,"code",void 0),this.name="NotSupportedError",this.code=r}},bt=class extends Error{constructor(r,e,t){super(e),I(this,"cause",void 0),I(this,"code",void 0),this.code=r,this.cause=t&&{error:t.error,error_description:t.error_description,message:t.message,mfa_token:t.mfa_token,mfa_requirements:t.mfa_requirements}}},Jf=class extends bt{constructor(r,e){super("token_by_code_error",r,e),this.name="TokenByCodeError"}},Bf=class extends bt{constructor(r,e){super("token_by_client_credentials_error",r,e),this.name="TokenByClientCredentialsError"}},Gf=class extends bt{constructor(r,e){super("token_by_refresh_token_error",r,e),this.name="TokenByRefreshTokenError"}},Vf=class extends bt{constructor(r,e){super("token_by_password_error",r,e),this.name="TokenByPasswordError"}},es=class extends bt{constructor(r,e){super("token_for_connection_error",r,e),this.name="TokenForConnectionErrorCode"}},Qe=class extends bt{constructor(r,e){super("token_exchange_error",r,e),this.name="TokenExchangeError"}},Ht=class extends Error{constructor(r){super(r),I(this,"code","verify_logout_token_error"),this.name="VerifyLogoutTokenError"}},ts=class extends bt{constructor(r){super("backchannel_authentication_error","There was an error when trying to use Client-Initiated Backchannel Authentication.",r),I(this,"code","backchannel_authentication_error"),this.name="BackchannelAuthenticationError"}},Zf=class extends bt{constructor(r){super("build_authorization_url_error","There was an error when trying to build the authorization URL.",r),this.name="BuildAuthorizationUrlError"}},$f=class extends bt{constructor(r){super("build_link_user_url_error","There was an error when trying to build the Link User URL.",r),this.name="BuildLinkUserUrlError"}},Xf=class extends bt{constructor(r){super("build_unlink_user_url_error","There was an error when trying to build the Unlink User URL.",r),this.name="BuildUnlinkUserUrlError"}},Yf=class extends Error{constructor(){super("The client secret or client assertion signing key must be provided."),I(this,"code","missing_client_auth_error"),this.name="MissingClientAuthError"}};function xs(r){return Object.entries(r).filter(e=>Ke(e,2)[1]!==void 0).reduce((e,t)=>E(E({},e),{},{[t[0]]:t[1]}),{})}var ro=class extends Error{constructor(r,e,t){super(e),I(this,"cause",void 0),I(this,"code",void 0),this.code=r,this.cause=t&&{error:t.error,error_description:t.error_description,message:t.message}}},Ms=class extends ro{constructor(r,e){super("mfa_list_authenticators_error",r,e),this.name="MfaListAuthenticatorsError"}},Us=class extends ro{constructor(r,e){super("mfa_enrollment_error",r,e),this.name="MfaEnrollmentError"}},gh=class extends ro{constructor(r,e){super("mfa_delete_authenticator_error",r,e),this.name="MfaDeleteAuthenticatorError"}},Ds=class extends ro{constructor(r,e){super("mfa_challenge_error",r,e),this.name="MfaChallengeError"}},mh=class extends ro{constructor(r,e){super("mfa_verify_error",r,e),this.name="MfaVerifyError"}};function Qf(r){return{id:r.id,authenticatorType:r.authenticator_type,active:r.active,name:r.name,oobChannels:r.oob_channels,type:r.type}}var ut=class yd{constructor(e,t,n,o,i,s,a){I(this,"accessToken",void 0),I(this,"idToken",void 0),I(this,"refreshToken",void 0),I(this,"expiresAt",void 0),I(this,"scope",void 0),I(this,"claims",void 0),I(this,"authorizationDetails",void 0),I(this,"tokenType",void 0),I(this,"issuedTokenType",void 0),I(this,"recoveryCode",void 0),I(this,"act",void 0),this.accessToken=e,this.idToken=n,this.refreshToken=o,this.expiresAt=t,this.scope=i,this.claims=s,this.authorizationDetails=a}static fromTokenEndpointResponse(e){const t=e.id_token?e.claims():void 0,n=new yd(e.access_token,Math.floor(Date.now()/1e3)+Number(e.expires_in),e.id_token,e.refresh_token,e.scope,t,e.authorization_details);return n.tokenType=e.token_type,n.issuedTokenType=e.issued_token_type,n}},qf={otp:"http://auth0.com/oauth/grant-type/mfa-otp",oob:"http://auth0.com/oauth/grant-type/mfa-oob","recovery-code":"http://auth0.com/oauth/grant-type/mfa-recovery-code"},eg=(an=new WeakMap,vo=new WeakMap,mr=new WeakMap,cn=new WeakMap,yr=new WeakMap,class{constructor(r){var e;j(this,an,void 0),j(this,vo,void 0),j(this,mr,void 0),j(this,cn,void 0),j(this,yr,void 0),U(an,this,"https://".concat(r.domain)),U(vo,this,r.clientId),U(mr,this,r.clientSecret),U(cn,this,(e=r.customFetch)!==null&&e!==void 0?e:function(){return fetch(...arguments)}),U(yr,this,r.getConfiguration)}async listAuthenticators(r){const e="".concat(v(an,this),"/mfa/authenticators"),t=r.mfaToken,n=await v(cn,this).call(this,e,{method:"GET",headers:{Authorization:"Bearer ".concat(t),"Content-Type":"application/json"}});if(!n.ok){let o;try{o=await n.json()}catch{throw new Ms("Failed to list authenticators")}throw new Ms(o.error_description||"Failed to list authenticators",o)}return(await n.json()).map(Qf)}async enrollAuthenticator(r){const e="".concat(v(an,this),"/mfa/associate"),t=r.mfaToken,n=Uc(r,zf),o={authenticator_types:n.authenticatorTypes};"oobChannels"in n&&(o.oob_channels=n.oobChannels),"phoneNumber"in n&&n.phoneNumber&&(o.phone_number=n.phoneNumber),"email"in n&&n.email&&(o.email=n.email);const i=await v(cn,this).call(this,e,{method:"POST",headers:{Authorization:"Bearer ".concat(t),"Content-Type":"application/json"},body:JSON.stringify(o)});if(!i.ok){let s;try{s=await i.json()}catch{throw new Us("Failed to enroll authenticator")}throw new Us(s.error_description||"Failed to enroll authenticator",s)}return(function(s){if(s.authenticator_type==="otp")return{authenticatorType:"otp",secret:s.secret,barcodeUri:s.barcode_uri,recoveryCodes:s.recovery_codes,id:s.id};if(s.authenticator_type==="oob")return{authenticatorType:"oob",oobChannel:s.oob_channel,oobCode:s.oob_code,bindingMethod:s.binding_method,id:s.id,barcodeUri:s.barcode_uri,recoveryCodes:s.recovery_codes};throw new Error("Unexpected authenticator type: ".concat(s.authenticator_type))})(await i.json())}async deleteAuthenticator(r){const e=r.authenticatorId,t=r.mfaToken,n="".concat(v(an,this),"/mfa/authenticators/").concat(encodeURIComponent(e)),o=await v(cn,this).call(this,n,{method:"DELETE",headers:{Authorization:"Bearer ".concat(t),"Content-Type":"application/json"}});if(!o.ok){let i;try{i=await o.json()}catch{throw new gh("Failed to delete authenticator")}throw new gh(i.error_description||"Failed to delete authenticator",i)}}async challengeAuthenticator(r){const e="".concat(v(an,this),"/mfa/challenge"),t=r.mfaToken,n=Uc(r,Wf),o={mfa_token:t,client_id:v(vo,this),challenge_type:n.challengeType};v(mr,this)&&(o.client_secret=v(mr,this)),n.authenticatorId&&(o.authenticator_id=n.authenticatorId);const i=await v(cn,this).call(this,e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(o)});if(!i.ok){let s;try{s=await i.json()}catch{throw new Ds("Failed to challenge authenticator")}throw new Ds(s.error_description||"Failed to challenge authenticator",s)}return(function(s){const a={challengeType:s.challenge_type};return s.oob_code!==void 0&&(a.oobCode=s.oob_code),s.binding_method!==void 0&&(a.bindingMethod=s.binding_method),a})(await i.json())}async verify(r){if(!v(yr,this))throw new Error("MFA verify requires a configuration provider (getConfiguration was not set)");const e=await v(yr,this).call(this),t={mfa_token:r.mfaToken};r.audience&&(t.audience=r.audience),r.factorType==="otp"?t.otp=r.otp:r.factorType==="oob"?(t.oob_code=r.oobCode,r.bindingCode&&(t.binding_code=r.bindingCode)):r.factorType==="recovery-code"&&(t.recovery_code=r.recoveryCode);try{const s=await gn(e,qf[r.factorType],t),a=ut.fromTokenEndpointResponse(s);return s.recovery_code&&(a.recoveryCode=s.recovery_code),a}catch(s){var n,o,i;if(s instanceof mh)throw s;const a=s;throw new mh(a.error_description||a.message||"Failed to verify MFA challenge",{error:(n=a.error)!==null&&n!==void 0?n:"mfa_verify_error",error_description:(o=(i=a.error_description)!==null&&i!==void 0?i:a.message)!==null&&o!==void 0?o:"Failed to verify MFA challenge"})}}}),wa=class extends Error{constructor(r,e,t){super(e),I(this,"cause",void 0),I(this,"code",void 0),this.code=r,this.cause=t&&{error:t.error,error_description:t.error_description,message:t.message}}},tg=class extends wa{constructor(r,e){super("passkey_register_error",r,e),this.name="PasskeyRegisterError"}},ng=class extends wa{constructor(r,e){super("passkey_challenge_error",r,e),this.name="PasskeyChallengeError"}},rg=class extends wa{constructor(r,e){super("passkey_get_token_error",r,e),this.name="PasskeyGetTokenError",this.cause=e&&{error:e.error,error_description:e.error_description,message:e.message,mfa_token:e.mfa_token,mfa_requirements:e.mfa_requirements}}},wd="urn:okta:params:oauth:grant-type:webauthn",og=(wr=new WeakMap,vr=new WeakMap,br=new WeakMap,bo=new WeakMap,Co=new WeakSet,class{constructor(r){var e;Rl(this,Co),j(this,wr,void 0),j(this,vr,void 0),j(this,br,void 0),j(this,bo,void 0),U(wr,this,"https://".concat(r.domain)),U(vr,this,r.clientId),U(br,this,(e=r.customFetch)!==null&&e!==void 0?e:function(){return fetch(...arguments)}),U(bo,this,r.grantRequest)}async register(r){const e="".concat(v(wr,this),"/passkey/register"),t=E(E(E(E(E(E(E(E({},r.email&&{email:r.email}),r.name&&{name:r.name}),r.phoneNumber&&{phone_number:r.phoneNumber}),r.username&&{username:r.username}),r.givenName&&{given_name:r.givenName}),r.familyName&&{family_name:r.familyName}),r.nickname&&{nickname:r.nickname}),r.picture&&{picture:r.picture}),n={client_id:v(vr,this),user_profile:t};r.realm&&(n.realm=r.realm),r.organization&&(n.organization=r.organization),r.userMetadata&&(n.user_metadata=r.userMetadata);const o=await v(br,this).call(this,e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(n)});if(!o.ok){const a=await J(Co,this,yh).call(this,o);throw new tg(a.error_description||"Failed to request signup challenge",a)}return{authSession:(s=await o.json()).auth_session,authnParamsPublicKey:E({},s.authn_params_public_key)};var s}async challenge(r){const e="".concat(v(wr,this),"/passkey/challenge"),t={client_id:v(vr,this)};r!=null&&r.realm&&(t.realm=r.realm),r!=null&&r.organization&&(t.organization=r.organization);const n=await v(br,this).call(this,e,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t)});if(!n.ok){const s=await J(Co,this,yh).call(this,n);throw new ng(s.error_description||"Failed to request login challenge",s)}return{authSession:(i=await n.json()).auth_session,authnParamsPublicKey:E({},i.authn_params_public_key)};var i}async getTokenByPasskey(r){const e=new URLSearchParams({auth_session:r.authSession,authn_response:JSON.stringify(r.credential)});r.realm&&e.append("realm",r.realm),r.scope&&e.append("scope",r.scope),r.audience&&e.append("audience",r.audience),r.organization&&e.append("organization",r.organization);try{return await v(bo,this).call(this,wd,e)}catch(t){const n=pn(t);throw new rg(n.error_description||"Failed to exchange passkey credential for tokens.",n)}}});async function yh(r){try{return await r.json()}catch{return{error:"unknown_error",error_description:"HTTP ".concat(r.status," ").concat(r.statusText)}}}var ig=(Fe=new WeakMap,To=new WeakMap,ko=new WeakMap,class{constructor(r,e){j(this,Fe,new Map),j(this,To,void 0),j(this,ko,void 0),U(ko,this,Math.max(1,Math.floor(r))),U(To,this,Math.max(0,Math.floor(e)))}get(r){const e=v(Fe,this).get(r);if(e){if(!(Date.now()>=e.expiresAt))return v(Fe,this).delete(r),v(Fe,this).set(r,e),e.value;v(Fe,this).delete(r)}}set(r,e){for(v(Fe,this).has(r)&&v(Fe,this).delete(r),v(Fe,this).set(r,{value:e,expiresAt:Date.now()+v(To,this)});v(Fe,this).size>v(ko,this);){const t=v(Fe,this).keys().next().value;if(t===void 0)break;v(Fe,this).delete(t)}}}),wh=new Map;function vh(r){return{ttlMs:1e3*(typeof(r==null?void 0:r.ttl)=="number"?r.ttl:600),maxEntries:typeof(r==null?void 0:r.maxEntries)=="number"&&r.maxEntries>0?r.maxEntries:100}}var bh=class{static createDiscoveryCache(r){const e=(t=r.maxEntries,n=r.ttlMs,"".concat(t,":").concat(n));var t,n;let o=(i=e,wh.get(i));var i;return o||(o=new ig(r.maxEntries,r.ttlMs),wh.set(e,o)),o}static createJwksCache(){return{}}},Ls="openid profile email offline_access",sg=Object.freeze(new Set(["grant_type","client_id","client_secret","client_assertion","client_assertion_type","subject_token","subject_token_type","requested_token_type","actor_token","actor_token_type","audience","aud","resource","resources","resource_indicator","scope","connection","login_hint","organization","assertion"]));function vd(r){if(r==null)throw new Qe("subject_token is required");if(typeof r!="string")throw new Qe("subject_token must be a string");if(r.trim().length===0)throw new Qe("subject_token cannot be blank or whitespace");if(r!==r.trim())throw new Qe("subject_token must not include leading or trailing whitespace");if(/^bearer\s+/i.test(r))throw new Qe("subject_token must not include the 'Bearer ' prefix")}function bd(r,e){if(e)for(const n of Object.entries(e)){var t=Ke(n,2);const o=t[0],i=t[1];if(!sg.has(o))if(Array.isArray(i)){if(i.length>20)throw new Qe("Parameter '".concat(o,"' exceeds maximum array size of ").concat(20));i.forEach(s=>{r.append(o,s)})}else r.append(o,i)}}var Cd="urn:ietf:params:oauth:token-type:access_token",ag=(Be=new WeakMap,lt=new WeakMap,Ln=new WeakMap,F=new WeakMap,Ve=new WeakMap,Cr=new WeakMap,Dr=new WeakMap,zn=new WeakMap,_o=new WeakMap,X=new WeakSet,class{constructor(r){var e,t,n,o;if(Rl(this,X),j(this,Be,void 0),j(this,lt,void 0),j(this,Ln,void 0),j(this,F,void 0),j(this,Ve,void 0),j(this,Cr,void 0),j(this,Dr,void 0),j(this,zn,void 0),j(this,_o,void 0),I(this,"mfa",void 0),I(this,"passkey",void 0),U(F,this,r),r.useMtls&&!r.customFetch)throw new fh("mtls_without_custom_fetch_not_supported","Using mTLS without a custom fetch implementation is not supported");U(Ve,this,(function(s,a){if(a.enabled===!1)return s;const c={name:a.name,version:a.version},l=btoa(JSON.stringify(c));return async(h,d)=>{const p=h instanceof Request?new Headers(h.headers):new Headers;return d!=null&&d.headers&&new Headers(d.headers).forEach((u,f)=>{p.set(f,u)}),p.set("Auth0-Client",l),s(h,E(E({},d),{},{headers:p}))}})((e=r.customFetch)!==null&&e!==void 0?e:function(){return fetch(...arguments)},((t=r.telemetry)==null?void 0:t.enabled)===!1?t:{enabled:!0,name:(n=t==null?void 0:t.name)!==null&&n!==void 0?n:"@auth0/auth0-auth-js",version:(o=t==null?void 0:t.version)!==null&&o!==void 0?o:"1.9.1"}));const i=vh(r.discoveryCache);U(Dr,this,bh.createDiscoveryCache(i)),U(zn,this,new Map),U(_o,this,bh.createJwksCache()),this.mfa=new eg({domain:v(F,this).domain,clientId:v(F,this).clientId,clientSecret:v(F,this).clientSecret,customFetch:v(Ve,this),getConfiguration:async()=>(await J(X,this,we).call(this)).configuration}),this.passkey=new og({domain:v(F,this).domain,clientId:v(F,this).clientId,customFetch:v(Ve,this),grantRequest:async(s,a)=>{const c=(await J(X,this,we).call(this)).serverMetadata,l=await J(X,this,Hs).call(this,c);l[et]=(function(d,p){return(u,f)=>{const g=f==null?void 0:f.body;if(p!==wd||!(g instanceof URLSearchParams))return d(u,f);const y={};for(const C of g){var m=Ke(C,2);const k=m[0],_=m[1];y[k]=k==="authn_response"?JSON.parse(_):_}const b=new Headers(f==null?void 0:f.headers);return b.set("Content-Type","application/json"),d(u,E(E({},f),{},{headers:b,body:JSON.stringify(y)}))}})(v(Ve,this),s);const h=await gn(l,s,a);return ut.fromTokenEndpointResponse(h)}})}async getServerMetadata(){return(await J(X,this,we).call(this)).serverMetadata}async buildAuthorizationUrl(r){const e=(await J(X,this,we).call(this)).serverMetadata;if(r!=null&&r.pushedAuthorizationRequests&&!e.pushed_authorization_request_endpoint)throw new fh("par_not_supported_error","The Auth0 tenant does not have pushed authorization requests enabled. Learn how to enable it here: https://auth0.com/docs/get-started/applications/configure-par");try{return await J(X,this,ns).call(this,r)}catch(t){throw new Zf(t)}}async buildLinkUserUrl(r){try{const e=await J(X,this,ns).call(this,{authorizationParams:E(E({},r.authorizationParams),{},{requested_connection:r.connection,requested_connection_scope:r.connectionScope,scope:"openid link_account offline_access",id_token_hint:r.idToken})});return{linkUserUrl:e.authorizationUrl,codeVerifier:e.codeVerifier}}catch(e){throw new $f(e)}}async buildUnlinkUserUrl(r){try{const e=await J(X,this,ns).call(this,{authorizationParams:E(E({},r.authorizationParams),{},{requested_connection:r.connection,scope:"openid unlink_account",id_token_hint:r.idToken})});return{unlinkUserUrl:e.authorizationUrl,codeVerifier:e.codeVerifier}}catch(e){throw new Xf(e)}}async backchannelAuthentication(r){const e=await J(X,this,we).call(this),t=e.configuration,n=e.serverMetadata,o=xs(E(E({},v(F,this).authorizationParams),r==null?void 0:r.authorizationParams)),i=new URLSearchParams(E(E({scope:Ls},o),{},{client_id:v(F,this).clientId,binding_message:r.bindingMessage,login_hint:JSON.stringify({format:"iss_sub",iss:n.issuer,sub:r.loginHint.sub})}));r.requestedExpiry&&i.append("requested_expiry",r.requestedExpiry.toString()),r.authorizationDetails&&i.append("authorization_details",JSON.stringify(r.authorizationDetails));try{const s=await ch(t,i),a=await dd(t,s);return ut.fromTokenEndpointResponse(a)}catch(s){throw new ts(s)}}async initiateBackchannelAuthentication(r){const e=await J(X,this,we).call(this),t=e.configuration,n=e.serverMetadata,o=xs(E(E({},v(F,this).authorizationParams),r==null?void 0:r.authorizationParams)),i=new URLSearchParams(E(E({scope:Ls},o),{},{client_id:v(F,this).clientId,binding_message:r.bindingMessage,login_hint:JSON.stringify({format:"iss_sub",iss:n.issuer,sub:r.loginHint.sub})}));r.requestedExpiry&&i.append("requested_expiry",r.requestedExpiry.toString()),r.authorizationDetails&&i.append("authorization_details",JSON.stringify(r.authorizationDetails));try{const s=await ch(t,i);return{authReqId:s.auth_req_id,expiresIn:s.expires_in,interval:s.interval}}catch(s){throw new ts(s)}}async backchannelAuthenticationGrant(r){let e=r.authReqId;const t=(await J(X,this,we).call(this)).configuration,n=new URLSearchParams({auth_req_id:e});try{const o=await gn(t,"urn:openid:params:grant-type:ciba",n);return ut.fromTokenEndpointResponse(o)}catch(o){throw new ts(o)}}async getTokenForConnection(r){var e;if(r.refreshToken&&r.accessToken)throw new es("Either a refresh or access token should be specified, but not both.");const t=(e=r.accessToken)!==null&&e!==void 0?e:r.refreshToken;if(!t)throw new es("Either a refresh or access token must be specified.");try{return await this.exchangeToken({connection:r.connection,subjectToken:t,subjectTokenType:r.accessToken?Cd:"urn:ietf:params:oauth:token-type:refresh_token",loginHint:r.loginHint})}catch(n){throw n instanceof Qe?new es(n.message,n.cause):n}}async exchangeToken(r){return"connection"in r?J(X,this,hg).call(this,r):J(X,this,lg).call(this,r)}async getTokenByCode(r,e){const t=(await J(X,this,we).call(this)).configuration;try{const n=await ud(t,r,{pkceCodeVerifier:e.codeVerifier});return ut.fromTokenEndpointResponse(n)}catch(n){throw new Jf("There was an error while trying to request a token.",pn(n))}}async getTokenByRefreshToken(r){const e=(await J(X,this,we).call(this)).configuration,t=new URLSearchParams;r.audience&&t.append("audience",r.audience),r.scope&&t.append("scope",r.scope);try{const n=await pd(e,r.refreshToken,t);return ut.fromTokenEndpointResponse(n)}catch(n){throw new Gf("The access token has expired and there was an error while trying to refresh it.",pn(n))}}async getTokenByPassword(r){const e=(await J(X,this,we).call(this)).configuration,t=new URLSearchParams({username:r.username,password:r.password});r.audience&&t.append("audience",r.audience),r.scope&&t.append("scope",r.scope),r.realm&&t.append("realm",r.realm);let n=e;if(r.auth0ForwardedFor){const o=await J(X,this,va).call(this);n=new Qn(e.serverMetadata(),v(F,this).clientId,v(F,this).clientSecret,o),n[et]=(i,s)=>v(Ve,this).call(this,i,E(E({},s),{},{headers:E(E({},s.headers),{},{"auth0-forwarded-for":r.auth0ForwardedFor})}))}try{const o=await gn(n,"password",t);return ut.fromTokenEndpointResponse(o)}catch(o){throw new Vf("There was an error while trying to request a token.",pn(o))}}async getTokenByClientCredentials(r){const e=(await J(X,this,we).call(this)).configuration;try{const t=new URLSearchParams({audience:r.audience});r.organization&&t.append("organization",r.organization);const n=await fd(e,t);return ut.fromTokenEndpointResponse(n)}catch(t){throw new Bf("There was an error while trying to request a token.",pn(t))}}async buildLogoutUrl(r){const e=await J(X,this,we).call(this),t=e.configuration;if(!e.serverMetadata.end_session_endpoint){const n=new URL("https://".concat(v(F,this).domain,"/v2/logout"));return n.searchParams.set("returnTo",r.returnTo),n.searchParams.set("client_id",v(F,this).clientId),n}return(function(n,o){xt(n);const i=fe(n),s=i.as,a=i.c,c=Xr(s,"end_session_endpoint",!1,i.tlsOnly);(o=new URLSearchParams(o)).has("client_id")||o.set("client_id",a.client_id);for(const h of o.entries()){var l=Ke(h,2);const d=l[0],p=l[1];c.searchParams.append(d,p)}return c})(t,{post_logout_redirect_uri:r.returnTo})}async verifyLogoutToken(r){const e=(await J(X,this,we).call(this)).serverMetadata,t=vh(v(F,this).discoveryCache),n=e.jwks_uri;v(Cr,this)||U(Cr,this,(function(i,s){const a=new jf(i,s),c=async(l,h)=>a.getKey(l,h);return Object.defineProperties(c,{coolingDown:{get:()=>a.coolingDown(),enumerable:!0,configurable:!1},fresh:{get:()=>a.fresh(),enumerable:!0,configurable:!1},reload:{value:()=>a.reload(),enumerable:!0,configurable:!1,writable:!1},reloading:{get:()=>a.pendingFetch(),enumerable:!0,configurable:!1},jwks:{value:()=>a.jwks(),enumerable:!0,configurable:!1,writable:!1}}),c})(new URL(n),{cacheMaxAge:t.ttlMs,[md]:v(Ve,this),[xo]:v(_o,this)}));const o=(await Hf(r.logoutToken,v(Cr,this),{issuer:e.issuer,audience:v(F,this).clientId,algorithms:["RS256"],requiredClaims:["iat"]})).payload;if(!("sid"in o)&&!("sub"in o))throw new Ht('either "sid" or "sub" (or both) claims must be present');if("sid"in o&&typeof o.sid!="string")throw new Ht('"sid" claim must be a string');if("sub"in o&&typeof o.sub!="string")throw new Ht('"sub" claim must be a string');if("nonce"in o)throw new Ht('"nonce" claim is prohibited');if(!("events"in o))throw new Ht('"events" claim is missing');if(typeof o.events!="object"||o.events===null)throw new Ht('"events" claim must be an object');if(!("http://schemas.openid.net/event/backchannel-logout"in o.events))throw new Ht('"http://schemas.openid.net/event/backchannel-logout" member is missing in the "events" claim');if(typeof o.events["http://schemas.openid.net/event/backchannel-logout"]!="object")throw new Ht('"http://schemas.openid.net/event/backchannel-logout" member in the "events" claim must be an object');return{sid:o.sid,sub:o.sub}}});function cg(){const r=v(F,this).domain.toLowerCase();return"".concat(r,"|mtls:").concat(v(F,this).useMtls?"1":"0")}async function Hs(r){const e=await J(X,this,va).call(this),t=new Qn(r,v(F,this).clientId,v(F,this).clientSecret,e);return t[et]=v(Ve,this),t}async function we(){if(v(Be,this)&&v(lt,this))return{configuration:v(Be,this),serverMetadata:v(lt,this)};const r=J(X,this,cg).call(this),e=v(Dr,this).get(r);if(e)return U(lt,this,e.serverMetadata),U(Be,this,await J(X,this,Hs).call(this,e.serverMetadata)),{configuration:v(Be,this),serverMetadata:v(lt,this)};const t=v(zn,this).get(r);if(t){const i=await t;return U(lt,this,i.serverMetadata),U(Be,this,await J(X,this,Hs).call(this,i.serverMetadata)),{configuration:v(Be,this),serverMetadata:v(lt,this)}}const n=(async()=>{const i=await J(X,this,va).call(this),s=await xf(new URL("https://".concat(v(F,this).domain)),v(F,this).clientId,{use_mtls_endpoint_aliases:v(F,this).useMtls},i,{[et]:v(Ve,this)}),a=s.serverMetadata();return v(Dr,this).set(r,{serverMetadata:a}),{configuration:s,serverMetadata:a}})(),o=n.then(i=>({serverMetadata:i.serverMetadata}));o.catch(()=>{}),v(zn,this).set(r,o);try{const i=await n,s=i.configuration,a=i.serverMetadata;U(Be,this,s),U(lt,this,a),v(Be,this)[et]=v(Ve,this)}finally{v(zn,this).delete(r)}return{configuration:v(Be,this),serverMetadata:v(lt,this)}}async function hg(r){var e,t;const n=(await J(X,this,we).call(this)).configuration;if("audience"in r||"resource"in r)throw new Qe("audience and resource parameters are not supported for Token Vault exchanges");vd(r.subjectToken);const o=new URLSearchParams({connection:r.connection,subject_token:r.subjectToken,subject_token_type:(e=r.subjectTokenType)!==null&&e!==void 0?e:Cd,requested_token_type:(t=r.requestedTokenType)!==null&&t!==void 0?t:"http://auth0.com/oauth/token-type/federated-connection-access-token"});r.loginHint&&o.append("login_hint",r.loginHint),r.scope&&o.append("scope",r.scope),bd(o,r.extra);try{const i=await gn(n,"urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token",o);return ut.fromTokenEndpointResponse(i)}catch(i){throw new Qe("Failed to exchange token for connection '".concat(r.connection,"'."),pn(i))}}async function lg(r){const e=(await J(X,this,we).call(this)).configuration;if(vd(r.subjectToken),r.actorToken!==void 0&&r.actorTokenType===void 0)throw new Qe("actorTokenType is required when actorToken is provided");const t=new URLSearchParams({subject_token_type:r.subjectTokenType,subject_token:r.subjectToken});r.audience&&t.append("audience",r.audience),r.scope&&t.append("scope",r.scope),r.requestedTokenType&&t.append("requested_token_type",r.requestedTokenType),r.organization&&t.append("organization",r.organization),r.actorToken&&t.append("actor_token",r.actorToken),r.actorTokenType&&t.append("actor_token_type",r.actorTokenType),bd(t,r.extra);try{const o=await gn(e,"urn:ietf:params:oauth:grant-type:token-exchange",t),i=ut.fromTokenEndpointResponse(o);var n;if(r.actorToken)if((n=i.claims)!==null&&n!==void 0&&n.act)i.act=i.claims.act;else try{i.act=(function(s){if(typeof s!="string")throw new dt("JWTs must use Compact JWS serialization, JWT must be a string");const a=s.split("."),c=a[1],l=a.length;if(l===5)throw new dt("Only JWTs using Compact JWS serialization can be decoded");if(l!==3)throw new dt("Invalid JWT");if(!c)throw new dt("JWTs must contain a payload");let h,d;try{h=qr(c)}catch{throw new dt("Failed to base64url decode the payload")}try{d=JSON.parse(Yn.decode(h))}catch{throw new dt("Failed to parse the decoded payload as JSON")}if(!Pt(d))throw new dt("Invalid JWT Claims Set");return d})(o.access_token).act}catch{}return i}catch(o){throw new Qe("Failed to exchange token of type '".concat(r.subjectTokenType,"'").concat(r.audience?" for audience '".concat(r.audience,"'"):"","."),pn(o))}}async function va(){return v(Ln,this)||U(Ln,this,(async()=>{if(!v(F,this).clientSecret&&!v(F,this).clientAssertionSigningKey&&!v(F,this).useMtls)throw new Yf;if(v(F,this).useMtls)return(e,t,n,o)=>{n.set("client_id",t.client_id)};let r=v(F,this).clientAssertionSigningKey;return!r||r instanceof CryptoKey||(r=await(async function(e,t,n){if(typeof e!="string"||e.indexOf("-----BEGIN PRIVATE KEY-----")!==0)throw new TypeError('"pkcs8" must be PKCS#8 formatted string');return Rf(e,t,n)})(r,v(F,this).clientAssertionSigningAlg||"RS256")),r?(function(e,t){return Yp(e)})(r):cd(v(F,this).clientSecret)})().catch(r=>{throw U(Ln,this,void 0),r})),v(Ln,this)}async function ns(r){const e=(await J(X,this,we).call(this)).configuration,t=Nf(),n=await Of(t),o=xs(E(E({},v(F,this).authorizationParams),r==null?void 0:r.authorizationParams)),i=new URLSearchParams(E(E({scope:Ls},o),{},{client_id:v(F,this).clientId,code_challenge:n,code_challenge_method:"S256"}));return{authorizationUrl:r!=null&&r.pushedAuthorizationRequests?await gd(e,i):await Os(e,i),codeVerifier:t}}class Qt extends ne{constructor(e,t){super(e,t),Object.setPrototypeOf(this,Qt.prototype)}static fromPayload(e){let t=e.error,n=e.error_description;return new Qt(t,n)}}class Vo extends Qt{constructor(e,t){super(e,t),Object.setPrototypeOf(this,Vo.prototype)}}class ba extends Qt{constructor(e,t){super(e,t),Object.setPrototypeOf(this,ba.prototype)}}class Ca extends Qt{constructor(e,t){super(e,t),Object.setPrototypeOf(this,Ca.prototype)}}class Hn extends Qt{constructor(e,t){super(e,t),Object.setPrototypeOf(this,Hn.prototype)}}class Ta extends Qt{constructor(e,t){super(e,t),Object.setPrototypeOf(this,Ta.prototype)}}class dg{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:6e5;this.contexts=new Map,this.ttlMs=e}set(e,t){this.cleanup(),this.contexts.set(e,Object.assign(Object.assign({},t),{createdAt:Date.now()}))}get(e){const t=this.contexts.get(e);if(t){if(!(Date.now()-t.createdAt>this.ttlMs))return t;this.contexts.delete(e)}}remove(e){this.contexts.delete(e)}cleanup(){const e=Date.now();for(const n of this.contexts){var t=Ke(n,2);const o=t[0];e-t[1].createdAt>this.ttlMs&&this.contexts.delete(o)}}get size(){return this.contexts.size}}class ug{constructor(e,t){this.authJsMfaClient=e,this.auth0Client=t,this.contextManager=new dg}setMFAAuthDetails(e,t,n,o){this.contextManager.set(e,{scope:t,audience:n,mfaRequirements:o})}async getAuthenticators(e){var t,n,o;const i=this.contextManager.get(e);if(!i)throw new Vo("invalid_request","MFA context not found for this MFA token");const s=(n=(t=i.mfaRequirements)===null||t===void 0?void 0:t.challenge)===null||n===void 0?void 0:n.map(a=>a.type);try{const a=await this.authJsMfaClient.listAuthenticators({mfaToken:e});return s&&s.length!==0?a.filter(c=>!!c.type&&s.includes(c.type)):a}catch(a){throw a instanceof Ms?new Vo((o=a.cause)===null||o===void 0?void 0:o.error,a.message):a}}async enroll(e){var t;const n=(function(o){const i=zp[o.factorType];return Object.assign(Object.assign(Object.assign({mfaToken:o.mfaToken,authenticatorTypes:i.authenticatorTypes},i.oobChannels&&{oobChannels:i.oobChannels}),"phoneNumber"in o&&{phoneNumber:o.phoneNumber}),"email"in o&&{email:o.email})})(e);try{return await this.authJsMfaClient.enrollAuthenticator(n)}catch(o){throw o instanceof Us?new ba((t=o.cause)===null||t===void 0?void 0:t.error,o.message):o}}async challenge(e){var t;try{const n={challengeType:e.challengeType,mfaToken:e.mfaToken};return e.authenticatorId&&(n.authenticatorId=e.authenticatorId),await this.authJsMfaClient.challengeAuthenticator(n)}catch(n){throw n instanceof Ds?new Ca((t=n.cause)===null||t===void 0?void 0:t.error,n.message):n}}async getEnrollmentFactors(e){const t=this.contextManager.get(e);if(!t||!t.mfaRequirements)throw new Ta("mfa_context_not_found","MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");return t.mfaRequirements.enroll&&t.mfaRequirements.enroll.length!==0?t.mfaRequirements.enroll:[]}async verify(e){const t=this.contextManager.get(e.mfaToken);if(!t)throw new Hn("mfa_context_not_found","MFA context not found for this MFA token. Please retry the original request to get a new MFA token.");const n=(function(s){return"otp"in s&&s.otp?Wp:"oobCode"in s&&s.oobCode?Jp:"recoveryCode"in s&&s.recoveryCode?Bp:void 0})(e);if(!n)throw new Hn("invalid_request","Unable to determine grant type. Provide one of: otp, oobCode, or recoveryCode.");const o=t.scope,i=t.audience;try{const s=await this.auth0Client._requestTokenForMfa({grant_type:n,mfaToken:e.mfaToken,scope:o,audience:i,otp:e.otp,oob_code:e.oobCode,binding_code:e.bindingCode,recovery_code:e.recoveryCode});return this.contextManager.remove(e.mfaToken),s}catch(s){throw s instanceof Hn?new Hn(s.error,s.error_description):s}}}class Kn extends Error{constructor(e,t,n){super(t),this.name="PasskeyError",this.code=e,this.cause=n,Object.setPrototypeOf(this,Kn.prototype)}}var Ar,Rr;class pg{constructor(e,t){Ar.set(this,void 0),Rr.set(this,void 0),Nc(this,Ar,e),Nc(this,Rr,t)}async signup(e){if(!window.PublicKeyCredential)throw new Kn("passkey_not_supported","WebAuthn is not supported in this browser.");const t=e.scope,n=e.audience,o=Ne(e,["scope","audience"]),i=await ho(this,Ar,"f").register(o),s=(a=i.authnParamsPublicKey,Object.assign(Object.assign({},a),{challenge:rs(a.challenge),user:Object.assign(Object.assign({},a.user),{id:rs(a.user.id)}),pubKeyCredParams:a.pubKeyCredParams,authenticatorSelection:a.authenticatorSelection}));var a;const c=await navigator.credentials.create({publicKey:s});if(!c)throw new Kn("passkey_cancelled","Passkey creation was cancelled or no credential was returned.");const l=(function(h){var d;const p=h.response;return{id:h.id,rawId:Kt(h.rawId),type:h.type,authenticatorAttachment:(d=h.authenticatorAttachment)!==null&&d!==void 0?d:void 0,response:{clientDataJSON:Kt(p.clientDataJSON),attestationObject:Kt(p.attestationObject)},clientExtensionResults:h.getClientExtensionResults()}})(c);return ho(this,Rr,"f")._requestTokenForPasskey({authSession:i.authSession,credential:l,realm:o.realm,organization:o.organization,scope:t,audience:n})}async login(e){if(!window.PublicKeyCredential)throw new Kn("passkey_not_supported","WebAuthn is not supported in this browser.");const t=e||{},n=t.scope,o=t.audience,i=Ne(t,["scope","audience"]),s=await ho(this,Ar,"f").challenge(Object.keys(i).length>0?i:void 0),a=(c=s.authnParamsPublicKey,Object.assign(Object.assign({},c),{challenge:rs(c.challenge)}));var c;const l=await navigator.credentials.get({publicKey:a});if(!l)throw new Kn("passkey_cancelled","Passkey authentication was cancelled or no credential was returned.");const h=(function(d){var p;const u=d.response;return{id:d.id,rawId:Kt(d.rawId),type:d.type,authenticatorAttachment:(p=d.authenticatorAttachment)!==null&&p!==void 0?p:void 0,response:{clientDataJSON:Kt(u.clientDataJSON),authenticatorData:Kt(u.authenticatorData),signature:Kt(u.signature),userHandle:u.userHandle?Kt(u.userHandle):void 0},clientExtensionResults:d.getClientExtensionResults()}})(l);return ho(this,Rr,"f")._requestTokenForPasskey({authSession:s.authSession,credential:h,realm:i.realm,organization:i.organization,scope:n,audience:o})}}function Kt(r){const e=new Uint8Array(r),t=Array.from(e,n=>String.fromCharCode(n)).join("");return btoa(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}function rs(r){const e=r.replace(/-/g,"+").replace(/_/g,"/"),t=e+"=".repeat((4-e.length%4)%4),n=atob(t),o=new Uint8Array(n.length);for(let i=0;i<n.length;i++)o[i]=n.charCodeAt(i);return o.buffer}Ar=new WeakMap,Rr=new WeakMap;class fg{constructor(e){let t,n;if(this.userCache=new Hl().enclosedCache,this.defaultOptions={authorizationParams:{scope:"openid profile email"},useRefreshTokensFallback:!1,useFormData:!0},this.options=Object.assign(Object.assign(Object.assign({},this.defaultOptions),e),{authorizationParams:Object.assign(Object.assign({},this.defaultOptions.authorizationParams),e.authorizationParams)}),typeof window<"u"&&(()=>{if(!Ko())throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");if(Ko().subtle===void 0)throw new Error(`
4
4
  auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
5
- `)})(),this.lockManager=(Ui||(Ui=up()),Ui),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)n=e.cache;else{if(t=e.cacheLocation||Dc,!Gc(t))throw new Error('Invalid cache location "'.concat(t,'"'));n=Gc(t)()}var o;this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:ms,this.cookieStorage=e.legacySameSiteCookie===!1?Mn:Np,this.orgHintCookieName=(o=this.options.clientId,"auth0.".concat(o,".organization_hint")),this.isAuthenticatedCookieName=(l=>"auth0.".concat(l,".is.authenticated"))(this.options.clientId),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;const i=e.useCookiesForTransactions?this.cookieStorage:xp;var s;this.scope=(function(l,h){for(var d=arguments.length,p=new Array(d>2?d-2:0),u=2;u<d;u++)p[u-2]=arguments[u];if(typeof l!="object")return{[ye]:Po(h,l,...p)};let f={[ye]:Po(h,...p)};return Object.keys(l).forEach(g=>{const y=l[g];f[g]=Po(h,y,...p)}),f})(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new Sp(i,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||Pl,this.cacheManager=new Ip(n,n.allKeys?void 0:new Dp(n,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new Kp(this.options.clientId):void 0,this.domainUrl=(s=this.options.domain,/^https?:\/\//.test(s)?s:"https://".concat(s)),this.tokenIssuer=((l,h)=>l?l.startsWith("https://")?l:"https://".concat(l,"/"):"".concat(h,"/"))(this.options.issuer,this.domainUrl);const a="".concat(this.domainUrl,"/me/"),c=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:l=>{var h;return this.getTokenSilently({authorizationParams:{scope:(h=l==null?void 0:l.scope)===null||h===void 0?void 0:h.join(" "),audience:a},detailedResponse:!0})}}));this.myAccount=new jp(c,a),this.authJsClient=new ag({domain:this.options.domain,clientId:this.options.clientId}),this.mfa=new ug(this.authJsClient.mfa,this),this.passkey=new pg(this.authJsClient.passkey,this),typeof window<"u"&&window.Worker&&this.options.useRefreshTokens&&t===Dc&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new Up,this.worker.postMessage({type:"init",allowedBaseUrl:this.domainUrl}))}getConfiguration(){return Object.freeze({domain:this.options.domain,clientId:this.options.clientId})}_url(e){const t=this.options.auth0Client||ys,n=ws(t,!0),o=encodeURIComponent(btoa(JSON.stringify(n)));return"".concat(this.domainUrl).concat(e,"&auth0Client=").concat(o)}_authorizeUrl(e){return this._url("/authorize?".concat(Er(e)))}async _verifyIdToken(e,t,n){const o=await this.nowProvider();return Ap({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:t,organization:n,leeway:this.options.leeway,max_age:(i=this.options.authorizationParams.max_age,typeof i!="string"?i:parseInt(i,10)||void 0),now:o});var i}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}_extractSessionTransferToken(e){return new URLSearchParams(window.location.search).get(e)||void 0}_clearSessionTransferTokenFromUrl(e){try{const t=new URL(window.location.href);t.searchParams.has(e)&&(t.searchParams.delete(e),window.history.replaceState({},"",t.toString()))}catch{}}_applySessionTransferToken(e){const t=this.options.sessionTransferTokenQueryParamName;if(!t||e.session_transfer_token)return e;const n=this._extractSessionTransferToken(t);return n?(this._clearSessionTransferTokenFromUrl(t),Object.assign(Object.assign({},e),{session_transfer_token:n})):e}async _prepareAuthorizeUrl(e,t,n){var o;const i=Oi(dr()),s=Oi(dr()),a=dr(),c=await Lc(a),l=Kc(c),h=await((o=this.dpop)===null||o===void 0?void 0:o.calculateThumbprint()),d=((u,f,g,y,m,b,C,k,_)=>Object.assign(Object.assign(Object.assign({client_id:u.clientId},u.authorizationParams),g),{scope:pr(f,g.scope,g.audience),response_type:"code",response_mode:k||"query",state:y,nonce:m,redirect_uri:C||u.authorizationParams.redirect_uri,code_challenge:b,code_challenge_method:"S256",dpop_jkt:_}))(this.options,this.scope,e,i,s,l,e.redirect_uri||this.options.authorizationParams.redirect_uri||n,t==null?void 0:t.response_mode,h),p=this._authorizeUrl(d);return{nonce:s,code_verifier:a,scope:d.scope,audience:d.audience||ye,redirect_uri:d.redirect_uri,state:i,url:p}}async loginWithPopup(e,t){var n;if(e=e||{},!(t=t||{}).popup&&(t.popup=(c=>{const l=window.screenX+(window.innerWidth-400)/2,h=window.screenY+(window.innerHeight-600)/2;return window.open(c,"auth0:authorize:popup","left=".concat(l,",top=").concat(h,",width=").concat(400,",height=").concat(600,",resizable,scrollbars=yes,status=1"))})(""),!t.popup))throw new sa;const o=this._applySessionTransferToken(e.authorizationParams||{}),i=await this._prepareAuthorizeUrl(o,{response_mode:"web_message"},window.location.origin);t.popup.location.href=i.url;const s=await((c,l)=>new Promise((h,d)=>{let p;const u=setInterval(()=>{c.popup&&c.popup.closed&&(clearInterval(u),clearTimeout(f),window.removeEventListener("message",p,!1),d(new ia(c.popup)))},1e3),f=setTimeout(()=>{clearInterval(u),d(new oa(c.popup)),window.removeEventListener("message",p,!1)},1e3*(c.timeoutInSeconds||60));p=function(g){if(g.origin===l&&g.data&&g.data.type==="authorization_response"){if(clearTimeout(f),clearInterval(u),window.removeEventListener("message",p,!1),c.closePopup!==!1&&c.popup.close(),g.data.response.error)return d(ne.fromPayload(g.data.response));h(g.data.response)}},window.addEventListener("message",p)}))(Object.assign(Object.assign({},t),{timeoutInSeconds:t.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}),new URL(i.url).origin);if(i.state!==s.state)throw new ne("state_mismatch","Invalid state");const a=((n=e.authorizationParams)===null||n===void 0?void 0:n.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:i.audience,scope:i.scope,code_verifier:i.code_verifier,grant_type:"authorization_code",code:s.code,redirect_uri:i.redirect_uri},{nonceIn:i.nonce,organization:a})}async getUser(){var e;const t=await this._getIdTokenFromCache();return(e=t==null?void 0:t.decodedToken)===null||e===void 0?void 0:e.user}async getIdTokenClaims(){var e;const t=await this._getIdTokenFromCache();return(e=t==null?void 0:t.decodedToken)===null||e===void 0?void 0:e.claims}async loginWithRedirect(){var e;const t=Vc(arguments.length>0&&arguments[0]!==void 0?arguments[0]:{}),n=t.openUrl,o=t.fragment,i=t.appState,s=Ne(t,["openUrl","fragment","appState"]),a=((e=s.authorizationParams)===null||e===void 0?void 0:e.organization)||this.options.authorizationParams.organization,c=this._applySessionTransferToken(s.authorizationParams||{}),l=await this._prepareAuthorizeUrl(c),h=l.url,d=Ne(l,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},d),{appState:i,response_type:Jt.Code}),a&&{organization:a}));const p=o?"".concat(h,"#").concat(o):h;n?await n(p):window.location.assign(p)}async handleRedirectCallback(){const e=(arguments.length>0&&arguments[0]!==void 0?arguments[0]:window.location.href).split("?").slice(1);if(e.length===0)throw new Error("There are no query params available for parsing.");const t=this.transactionManager.get();if(!t)throw new ne("missing_transaction","Invalid state");this.transactionManager.remove();const n=(o=>{o.indexOf("#")>-1&&(o=o.substring(0,o.indexOf("#")));const i=new URLSearchParams(o);return{state:i.get("state"),code:i.get("code")||void 0,connect_code:i.get("connect_code")||void 0,error:i.get("error")||void 0,error_description:i.get("error_description")||void 0}})(e.join(""));return t.response_type===Jt.ConnectCode?this._handleConnectAccountRedirectCallback(n,t):this._handleLoginRedirectCallback(n,t)}async _handleLoginRedirectCallback(e,t){const n=e.code,o=e.state,i=e.error,s=e.error_description;if(i)throw new na(i,s||i,o,t.appState);if(!t.code_verifier||t.state&&t.state!==o)throw new ne("state_mismatch","Invalid state");const a=t.organization,c=t.nonce,l=t.redirect_uri;return await this._requestToken(Object.assign({audience:t.audience,scope:t.scope,code_verifier:t.code_verifier,grant_type:"authorization_code",code:n},l?{redirect_uri:l}:{}),{nonceIn:c,organization:a}),{appState:t.appState,response_type:Jt.Code}}async _handleConnectAccountRedirectCallback(e,t){const n=e.connect_code,o=e.state,i=e.error,s=e.error_description;if(i)throw new ra(i,s||i,t.connection,o,t.appState);if(!n)throw new ne("missing_connect_code","Missing connect code");if(!(t.code_verifier&&t.state&&t.auth_session&&t.redirect_uri&&t.state===o))throw new ne("state_mismatch","Invalid state");const a=await this.myAccount.completeAccount({auth_session:t.auth_session,connect_code:n,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier});return Object.assign(Object.assign({},a),{appState:t.appState,response_type:Jt.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get(Bc))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(Bc)}try{await this.getTokenSilently(e)}catch{}}async getTokenSilently(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};var t,n;const o=Object.assign(Object.assign({cacheMode:"on"},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:pr(this.scope,(t=e.authorizationParams)===null||t===void 0?void 0:t.scope,((n=e.authorizationParams)===null||n===void 0?void 0:n.audience)||this.options.authorizationParams.audience)})}),i=await((s,a)=>{let c=Hi[a];return c||(c=s().finally(()=>{delete Hi[a],c=null}),Hi[a]=c),c})(()=>this._getTokenSilently(o),"".concat(this.options.clientId,"::").concat(o.authorizationParams.audience,"::").concat(o.authorizationParams.scope));return e.detailedResponse?i:i==null?void 0:i.access_token}async _getTokenSilently(e){const t=e.cacheMode,n=Ne(e,["cacheMode"]);if(t!=="off"){const a=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||ye,clientId:this.options.clientId,cacheMode:t});if(a)return a}if(t==="cache-only")return;const o=(i=this.options.clientId,s=n.authorizationParams.audience||"default","".concat("auth0.lock.getTokenSilently",".").concat(i,".").concat(s));var i,s;try{return await this.lockManager.runWithLock(o,5e3,async()=>{if(t!=="off"){const u=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||ye,clientId:this.options.clientId});if(u)return u}const a=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(n):await this._getTokenFromIFrame(n),c=a.id_token,l=a.token_type,h=a.access_token,d=a.oauthTokenScope,p=a.expires_in;return Object.assign(Object.assign({id_token:c,token_type:l,access_token:h},d?{scope:d}:null),{expires_in:p})})}catch(a){if(this._isInteractiveError(a)&&this.options.interactiveErrorHandler==="popup")return await this._handleInteractiveErrorWithPopup(n);throw a}}_isInteractiveError(e){return e instanceof Fr||e instanceof ne&&this._isIframeMfaError(e)}_isIframeMfaError(e){return e.error==="login_required"&&e.error_description==="Multifactor authentication required"}async _handleInteractiveErrorWithPopup(e){try{await this.loginWithPopup({authorizationParams:e.authorizationParams});const t=await this._getEntryFromCache({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||ye,clientId:this.options.clientId});if(!t)throw new ne("interactive_handler_cache_miss","Token not found in cache after interactive authentication");return t}catch(t){throw t}}async getTokenWithPopup(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};var n,o;const i=Object.assign(Object.assign({},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:pr(this.scope,(n=e.authorizationParams)===null||n===void 0?void 0:n.scope,((o=e.authorizationParams)===null||o===void 0?void 0:o.audience)||this.options.authorizationParams.audience)})});return t=Object.assign(Object.assign({},ip),t),await this.loginWithPopup(i,t),(await this.cacheManager.get(new xe({scope:i.authorizationParams.scope,audience:i.authorizationParams.audience||ye,clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){e.clientId!==null?e.clientId=e.clientId||this.options.clientId:delete e.clientId;const t=e.logoutParams||{},n=t.federated,o=Ne(t,["federated"]),i=n?"&federated":"";return this._url("/v2/logout?".concat(Er(Object.assign({clientId:e.clientId},o))))+i}async revokeRefreshToken(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};if(!this.options.useRefreshTokens)return;const t=e.audience||this.options.authorizationParams.audience||ye,n=await this.cacheManager.getRefreshTokensByAudience(t,this.options.clientId);await(async function(o,i){let s=o.baseUrl,a=o.timeout,c=o.auth0Client,l=o.useFormData,h=o.refreshTokens,d=o.audience,p=o.client_id,u=o.onRefreshTokenRevoked;const f=a||ms,g="refresh_token",y="".concat(s,"/oauth/revoke"),m={"Content-Type":l?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify(ws(c||ys)))};if(i){const C={client_id:p,token_type_hint:g},k=l?Er(C):JSON.stringify(C);try{return await bs({type:"revoke",timeout:f,fetchUrl:y,fetchOptions:{method:"POST",body:k,headers:m},useFormData:l,auth:{audience:d??ye}},i)}catch(_){throw new ne("revoke_error",_.message)}}for(const C of h){const k={client_id:p,token_type_hint:g,token:C},_=l?Er(k):JSON.stringify(k),O=await Dl(y,{method:"POST",body:_,headers:m},f);if(!O.ok){let S,x;try{var b=JSON.parse(await O.text());S=b.error,x=b.error_description}catch{}throw new ne(S||"revoke_error",x||"HTTP error ".concat(O.status))}await(u==null?void 0:u(C))}})({baseUrl:this.domainUrl,timeout:this.httpTimeoutMs,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,client_id:this.options.clientId,refreshTokens:n,audience:t,onRefreshTokenRevoked:o=>this.cacheManager.stripRefreshToken(o)},this.worker)}async logout(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};var t;const n=Vc(e),o=n.openUrl,i=Ne(n,["openUrl"]);e.clientId===null?await this.cacheManager.clear():await this.cacheManager.clear(e.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove(xn);try{await((t=this.dpop)===null||t===void 0?void 0:t.clear())}catch{}if(this.worker)try{await bs({type:"clear"},this.worker)}catch{}const s=this._buildLogoutUrl(i);o?await o(s):o!==!1&&window.location.assign(s)}async _getTokenFromIFrame(e){const t=(n=this.options.clientId,"".concat("auth0.lock.getTokenFromIFrame",".").concat(n));var n;try{return await this.lockManager.runWithLock(t,5e3,async()=>{const o=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),i=this.cookieStorage.get(this.orgHintCookieName);i&&!o.organization&&(o.organization=i);const s=await this._prepareAuthorizeUrl(o,{response_mode:"web_message"},window.location.origin),a=s.url,c=s.state,l=s.nonce,h=s.code_verifier,d=s.redirect_uri,p=s.scope,u=s.audience;if(window.crossOriginIsolated)throw new ne("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");const f=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;let g;try{g=new URL(this.domainUrl).origin}catch{g=this.domainUrl}const y=await(function(b,C){let k=arguments.length>2&&arguments[2]!==void 0?arguments[2]:60;return new Promise((_,O)=>{const S=window.document.createElement("iframe");S.setAttribute("width","0"),S.setAttribute("height","0"),S.style.display="none";const x=()=>{window.document.body.contains(S)&&(window.document.body.removeChild(S),window.removeEventListener("message",te,!1))};let te;const re=setTimeout(()=>{O(new nr),x()},1e3*k);te=function(Q){if(Q.origin!=C||!Q.data||Q.data.type!=="authorization_response")return;const Pe=Q.source;Pe&&Pe.close(),Q.data.response.error?O(ne.fromPayload(Q.data.response)):_(Q.data.response),clearTimeout(re),window.removeEventListener("message",te,!1),setTimeout(x,2e3)},window.addEventListener("message",te,!1),window.document.body.appendChild(S),S.setAttribute("src",b)})})(a,g,f);if(c!==y.state)throw new ne("state_mismatch","Invalid state");const m=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:h,code:y.code,grant_type:"authorization_code",redirect_uri:d,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:l,organization:o.organization});return Object.assign(Object.assign({},m),{scope:p,oauthTokenScope:m.scope,audience:u})})}catch(o){throw o.error==="login_required"&&(o instanceof ne&&this._isIframeMfaError(o)&&this.options.interactiveErrorHandler==="popup"||this.logout({openUrl:!1})),o}}async _getTokenUsingRefreshToken(e){const t=await this.cacheManager.get(new xe({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||ye,clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(t&&t.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new pi(e.authorizationParams.audience||ye,e.authorizationParams.scope)}const n=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,o=typeof e.timeoutInSeconds=="number"?1e3*e.timeoutInSeconds:null,i=((h,d,p,u)=>{var f;if(h&&p&&u){if(d.audience!==p)return d.scope;const g=u.split(" "),y=((f=d.scope)===null||f===void 0?void 0:f.split(" "))||[],m=y.every(b=>g.includes(b));return g.length>=y.length&&m?u:d.scope}return d.scope})(this.options.useMrrt,e.authorizationParams,t==null?void 0:t.audience,t==null?void 0:t.scope);try{const h=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:t&&t.refresh_token,redirect_uri:n}),o&&{timeout:o}),{scopesToRequest:i});if(h.refresh_token&&(t!=null&&t.refresh_token)&&await this.cacheManager.updateEntry(t.refresh_token,h.refresh_token),this.options.useMrrt&&(s=t==null?void 0:t.audience,a=t==null?void 0:t.scope,c=e.authorizationParams.audience,l=e.authorizationParams.scope,(s!==c||!Zc(l,a))&&!Zc(i,h.scope))){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);const d=((p,u)=>{const f=(p==null?void 0:p.split(" "))||[],g=(u==null?void 0:u.split(" "))||[];return f.filter(y=>g.indexOf(y)==-1).join(",")})(i,h.scope);throw new aa(e.authorizationParams.audience||"default",d)}return Object.assign(Object.assign({},h),{scope:e.authorizationParams.scope,oauthTokenScope:h.scope,audience:e.authorizationParams.audience||ye})}catch(h){if(h.message){if(h.message.includes("user is blocked"))throw await this.logout({openUrl:!1}),h;if((h.message.includes("Missing Refresh Token")||h.message.includes("invalid refresh token"))&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e)}throw h}var s,a,c,l}async _saveEntryInCache(e){const t=e.id_token,n=e.decodedToken,o=Ne(e,["id_token","decodedToken"]);this.userCache.set(xn,{id_token:t,decodedToken:n}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(o)}async _getIdTokenFromCache(){const e=this.options.authorizationParams.audience||ye,t=this.scope[e],n=await this.cacheManager.getIdToken(new xe({clientId:this.options.clientId,audience:e,scope:t})),o=this.userCache.get(xn);return n&&n.id_token===(o==null?void 0:o.id_token)?o:(this.userCache.set(xn,n),n)}async _getEntryFromCache(e){let t=e.scope,n=e.audience,o=e.clientId,i=e.cacheMode;const s=await this.cacheManager.get(new xe({scope:t,audience:n,clientId:o}),60,this.options.useMrrt,i);if(s&&s.access_token){const a=s.token_type,c=s.access_token,l=s.oauthTokenScope,h=s.expires_in,d=await this._getIdTokenFromCache();return d&&Object.assign(Object.assign({id_token:d.id_token,token_type:a||"Bearer",access_token:c},l?{scope:l}:null),{expires_in:h})}}_storeMfaContext(e,t,n){e instanceof Fr&&this.mfa.setMFAAuthDetails(e.mfa_token,t,n,e.mfa_requirements)}async _requestToken(e,t){var n,o;const i=t||{},s=i.nonceIn,a=i.organization,c=i.scopesToRequest;try{const l=await jc(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:c||e.scope}),this.worker),h=await this._verifyIdToken(l.id_token,s,a);if(e.grant_type==="authorization_code"){const d=await this._getIdTokenFromCache();!((o=(n=d==null?void 0:d.decodedToken)===null||n===void 0?void 0:n.claims)===null||o===void 0)&&o.sub&&d.decodedToken.claims.sub!==h.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove(xn))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},l),{decodedToken:h,scope:e.scope,audience:e.audience||ye}),l.scope?{oauthTokenScope:l.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(a||h.claims.org_id),Object.assign(Object.assign({},l),{decodedToken:h})}catch(l){throw e.grant_type!=="authorization_code"&&this._storeMfaContext(l,c||e.scope,e.audience),l}}_buildTokenExchangeParams(e){return Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({},e),{grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type}),e.actor_token&&{actor_token:e.actor_token}),e.actor_token_type&&{actor_token_type:e.actor_token_type}),{scope:pr(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}async loginWithCustomTokenExchange(e){return this._requestToken(this._buildTokenExchangeParams(e))}async customTokenExchange(e){const t=this._buildTokenExchangeParams(e);try{const n=await jc(Object.assign(Object.assign({},t),{baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,dpop:this.dpop}),this.worker,!0);return n.id_token&&await this._verifyIdToken(n.id_token,void 0,e.organization),n}catch(n){throw this._storeMfaContext(n,t.scope,t.audience),n}}async exchangeToken(e){return this.loginWithCustomTokenExchange(e)}_assertDpop(e){if(!e)throw new Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,t){return this._assertDpop(this.dpop),this.dpop.setNonce(e,t)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return new Fp(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:t=>{var n;return this.getTokenSilently({authorizationParams:{scope:(n=t==null?void 0:t.scope)===null||n===void 0?void 0:n.join(" "),audience:t==null?void 0:t.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:t=>this.setDpopNonce(t,e.dpopNonceId),generateDpopProof:t=>this.generateDpopProof(t)})}async connectAccountWithRedirect(e){const t=e.openUrl,n=e.appState,o=e.connection,i=e.scopes,s=e.authorization_params,a=e.redirectUri,c=a===void 0?this.options.authorizationParams.redirect_uri||window.location.origin:a;if(!o)throw new Error("connection is required");const l=Oi(dr()),h=dr(),d=await Lc(h),p=Kc(d),u=await this.myAccount.connectAccount({connection:o,scopes:i,redirect_uri:c,state:l,code_challenge:p,code_challenge_method:"S256",authorization_params:s}),f=u.connect_uri,g=u.connect_params,y=u.auth_session;this.transactionManager.create({state:l,code_verifier:h,auth_session:y,redirect_uri:c,appState:n,connection:o,response_type:Jt.ConnectCode});const m=new URL(f);m.searchParams.set("ticket",g.ticket),t?await t(m.toString()):window.location.assign(m)}async _requestTokenForPasskey(e){const t=e.audience||this.options.authorizationParams.audience,n=e.organization||this.options.authorizationParams.organization;return this._requestToken(Object.assign(Object.assign(Object.assign({grant_type:"urn:okta:params:oauth:grant-type:webauthn",auth_session:e.authSession,authn_response:e.credential},e.realm&&{realm:e.realm}),n&&{organization:n}),{scope:pr(this.scope,e.scope,t),audience:t}))}async _requestTokenForMfa(e,t){const n=e.mfaToken,o=Ne(e,["mfaToken"]);return this._requestToken(Object.assign(Object.assign({},o),{mfa_token:n}),t)}}var Td={isAuthenticated:!1,isLoading:!0,error:void 0,user:void 0},W=function(){throw new Error("You forgot to wrap your component in <Auth0Provider>.")},gg=le(le({},Td),{buildAuthorizeUrl:W,buildLogoutUrl:W,getAccessTokenSilently:W,getAccessTokenWithPopup:W,getIdTokenClaims:W,loginWithCustomTokenExchange:W,customTokenExchange:W,exchangeToken:W,loginWithRedirect:W,loginWithPopup:W,connectAccountWithRedirect:W,logout:W,handleRedirectCallback:W,getDpopNonce:W,setDpopNonce:W,generateDpopProof:W,createFetcher:W,getConfiguration:W,mfa:{getAuthenticators:W,enroll:W,challenge:W,verify:W,getEnrollmentFactors:W},passkey:{signup:W,login:W},myAccount:{getFactors:W,getAuthenticationMethods:W,getAuthenticationMethod:W,updateAuthenticationMethod:W,deleteAuthenticationMethod:W,enrollmentChallenge:W,enrollmentVerify:W}}),kd=L.createContext(gg),Ch=(function(r){tp(e,r);function e(t,n){var o=r.call(this,n??t)||this;return o.error=t,o.error_description=n,Object.setPrototypeOf(o,e.prototype),o}return e})(Error),mg=/[?&](?:connect_)?code=[^&]+/,yg=/[?&]state=[^&]+/,wg=/[?&]error=[^&]+/,vg=function(r){return r===void 0&&(r=window.location.search),(mg.test(r)||wg.test(r))&&yg.test(r)},_d=function(r){return function(e){if(e instanceof Error)return e;if(e!==null&&typeof e=="object"&&"error"in e&&typeof e.error=="string"){if("error_description"in e&&typeof e.error_description=="string"){var t=e;return new Ch(t.error,t.error_description)}var n=e;return new Ch(n.error)}return new Error(r)}},Th=_d("Login failed"),Pn=_d("Get access token failed"),Id=function(r){var e,t;r!=null&&r.redirectUri&&(console.warn("Using `redirectUri` has been deprecated, please use `authorizationParams.redirect_uri` instead as `redirectUri` will be no longer supported in a future version"),r.authorizationParams=(e=r.authorizationParams)!==null&&e!==void 0?e:{},r.authorizationParams.redirect_uri=r.redirectUri,delete r.redirectUri),!((t=r==null?void 0:r.authorizationParams)===null||t===void 0)&&t.redirectUri&&(console.warn("Using `authorizationParams.redirectUri` has been deprecated, please use `authorizationParams.redirect_uri` instead as `authorizationParams.redirectUri` will be removed in a future version"),r.authorizationParams.redirect_uri=r.authorizationParams.redirectUri,delete r.authorizationParams.redirectUri)},bg=function(r,e){switch(e.type){case"LOGIN_POPUP_STARTED":return le(le({},r),{isLoading:!0});case"LOGIN_POPUP_COMPLETE":case"INITIALISED":return le(le({},r),{isAuthenticated:!!e.user,user:e.user,isLoading:!1,error:void 0});case"HANDLE_REDIRECT_COMPLETE":case"GET_ACCESS_TOKEN_COMPLETE":return r.user===e.user?r:le(le({},r),{isAuthenticated:!!e.user,user:e.user});case"LOGOUT":return le(le({},r),{isAuthenticated:!1,user:void 0});case"ERROR":return le(le({},r),{isLoading:!1,error:e.error})}},Cg=function(r){return Id(r),le(le({},r),{auth0Client:{name:"auth0-react",version:"2.19.0"}})},Tg=function(r){var e;window.history.replaceState({},document.title,(e=r.returnTo)!==null&&e!==void 0?e:window.location.pathname)},tT=function(r){var e=r,t=e.children,n=e.skipRedirectCallback,o=e.onRedirectCallback,i=o===void 0?Tg:o,s=e.context,a=s===void 0?kd:s,c=e.client,l=Oc(e,["children","skipRedirectCallback","onRedirectCallback","context","client"]);c&&(l.domain||l.clientId)&&console.warn("Auth0Provider: the `client` prop takes precedence over `domain`/`clientId` and other configuration options. Remove `domain`, `clientId`, and any other Auth0Client configuration props when using the `client` prop.");var h=L.useState(function(){return c??new fg(Cg(l))})[0],d=L.useReducer(bg,Td),p=d[0],u=d[1],f=L.useRef(!1),g=L.useCallback(function(M){return u({type:"ERROR",error:M}),M},[]);L.useEffect(function(){f.current||(f.current=!0,(function(){return ct(void 0,void 0,void 0,function(){var M,G,Z,q,H,$,Ut;return ht(this,function(Dt){switch(Dt.label){case 0:return Dt.trys.push([0,7,,8]),M=void 0,vg()&&!n?[4,h.handleRedirectCallback()]:[3,3];case 1:return G=Dt.sent(),Z=G.appState,q=Z===void 0?{}:Z,H=G.response_type,$=Oc(G,["appState","response_type"]),[4,h.getUser()];case 2:return M=Dt.sent(),q.response_type=H,H===Jt.ConnectCode&&(q.connectedAccount=$),i(q,M),[3,6];case 3:return[4,h.checkSession()];case 4:return Dt.sent(),[4,h.getUser()];case 5:M=Dt.sent(),Dt.label=6;case 6:return u({type:"INITIALISED",user:M}),[3,8];case 7:return Ut=Dt.sent(),g(Th(Ut)),[3,8];case 8:return[2]}})})})())},[h,i,n,g]);var y=L.useCallback(function(M){return Id(M),h.loginWithRedirect(M)},[h]),m=L.useCallback(function(M,G){return ct(void 0,void 0,void 0,function(){var Z,q;return ht(this,function(H){switch(H.label){case 0:u({type:"LOGIN_POPUP_STARTED"}),H.label=1;case 1:return H.trys.push([1,3,,4]),[4,h.loginWithPopup(M,G)];case 2:return H.sent(),[3,4];case 3:return Z=H.sent(),g(Th(Z)),[2];case 4:return[4,h.getUser()];case 5:return q=H.sent(),u({type:"LOGIN_POPUP_COMPLETE",user:q}),[2]}})})},[h,g]),b=L.useCallback(function(){for(var M=[],G=0;G<arguments.length;G++)M[G]=arguments[G];return ct(void 0,np([],M),void 0,function(Z){return Z===void 0&&(Z={}),ht(this,function(q){switch(q.label){case 0:return[4,h.logout(Z)];case 1:return q.sent(),(Z.openUrl||Z.openUrl===!1)&&u({type:"LOGOUT"}),[2]}})})},[h]),C=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.getTokenSilently(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),k=L.useCallback(function(M,G){return ct(void 0,void 0,void 0,function(){var Z,q,H,$;return ht(this,function(Ut){switch(Ut.label){case 0:return Ut.trys.push([0,2,3,5]),[4,h.getTokenWithPopup(M,G)];case 1:return Z=Ut.sent(),[3,5];case 2:throw q=Ut.sent(),Pn(q);case 3:return H=u,$={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return H.apply(void 0,[($.user=Ut.sent(),$)]),[7];case 5:return[2,Z]}})})},[h]),_=L.useCallback(function(M){return h.connectAccountWithRedirect(M)},[h]),O=L.useCallback(function(){return h.getIdTokenClaims()},[h]),S=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.loginWithCustomTokenExchange(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),x=L.useCallback(function(M){return h.customTokenExchange(M)},[h]),te=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){return ht(this,function(G){return[2,S(M)]})})},[S]),re=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q;return ht(this,function(H){switch(H.label){case 0:return H.trys.push([0,2,3,5]),[4,h.handleRedirectCallback(M)];case 1:return[2,H.sent()];case 2:throw G=H.sent(),Pn(G);case 3:return Z=u,q={type:"HANDLE_REDIRECT_COMPLETE"},[4,h.getUser()];case 4:return Z.apply(void 0,[(q.user=H.sent(),q)]),[7];case 5:return[2]}})})},[h]),Q=L.useCallback(function(M){return h.getDpopNonce(M)},[h]),Pe=L.useCallback(function(M,G){return h.setDpopNonce(M,G)},[h]),Mt=L.useCallback(function(M){return h.generateDpopProof(M)},[h]),lr=L.useCallback(function(M){return h.createFetcher(M)},[h]),tn=L.useCallback(function(){return h.getConfiguration()},[h]),Sc=L.useMemo(function(){return h.mfa},[h]),Ec=L.useMemo(function(){return h.myAccount},[h]),Ac=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.passkey.signup(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),Rc=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.passkey.login(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),Pc=L.useMemo(function(){return{signup:Ac,login:Rc}},[Ac,Rc]),ep=L.useMemo(function(){return le(le({},p),{getAccessTokenSilently:C,getAccessTokenWithPopup:k,getIdTokenClaims:O,loginWithCustomTokenExchange:S,customTokenExchange:x,exchangeToken:te,loginWithRedirect:y,loginWithPopup:m,connectAccountWithRedirect:_,logout:b,handleRedirectCallback:re,getDpopNonce:Q,setDpopNonce:Pe,generateDpopProof:Mt,createFetcher:lr,getConfiguration:tn,mfa:Sc,passkey:Pc,myAccount:Ec})},[p,C,k,O,S,x,te,y,m,_,b,re,Q,Pe,Mt,lr,tn,Sc,Pc,Ec]);return Sl.createElement(a.Provider,{value:ep},t)},nT=function(r){return r===void 0&&(r=kd),L.useContext(r)};/*! @azure/msal-common v16.10.0 2026-06-23 */const kg="msal.js.common",Sd="https://login.microsoftonline.com/common/",_g="login.microsoftonline.com",Ed="common",Ig="adfs",Sg="dstsv2",Eg=`${Sd}discovery/instance?api-version=1.1&authorization_endpoint=`,os=".ciamlogin.com",Tr=".onmicrosoft.com",Ks="|",Ad="openid",Rd="profile",ka="offline_access",Ag="email",_a="S256",Rg="application/x-www-form-urlencoded;charset=utf-8",is="N/A",kr="Not Available",Fs="/",kh="http://169.254.169.254/metadata/instance/compute",Pg="2021-02-01",Og=2e3,Ng="TryAutoDetect",xg="login.microsoft.com",Mg=["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],_h=240,Ug="invalid_instance",Ih=200,Dg=400,Sh=400,Lg=499,Hg=500,Kg=599,Wn={GET:"GET",POST:"POST"},ir=[Ad,Rd,ka],Eh=[...ir,Ag],Ae={CONTENT_TYPE:"Content-Type",CONTENT_LENGTH:"Content-Length",RETRY_AFTER:"Retry-After",CCS_HEADER:"X-AnchorMailbox",WWWAuthenticate:"WWW-Authenticate",AuthenticationInfo:"Authentication-Info",X_MS_REQUEST_ID:"x-ms-request-id",X_MS_HTTP_VERSION:"x-ms-httpver"},Ah={ACTIVE_ACCOUNT_FILTERS:"active-account-filters"},Xt={COMMON:"common",ORGANIZATIONS:"organizations",CONSUMERS:"consumers"},kt={ACCESS_TOKEN:"access_token",XMS_CC:"xms_cc",ID_TOKEN:"id_token",SIGNIN_STATE:"signin_state",LOGIN_HINT:"login_hint"},be={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",NO_SESSION:"no_session"},Ia={CODE:"code",IDTOKEN_TOKEN_REFRESHTOKEN:"id_token token refresh_token"},Sa={QUERY:"query",FRAGMENT:"fragment"},Pd={AUTHORIZATION_CODE_GRANT:"authorization_code",REFRESH_TOKEN_GRANT:"refresh_token"},Fg="MSSTS",jg="ADFS",Od="Generic",Nd="-",js=".",ue={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},Ea="appmetadata",zg="client_info",Zo="1",zs="authority-metadata",Wg=3600*24,De={CONFIG:"config",CACHE:"cache",NETWORK:"network",HARDCODED_VALUES:"hardcoded_values"},Rh=5,Jg=330,Bg=50,xd="server-telemetry",Ph="|",On=",",Gg="1",Vg="0",Zg="unknown_error",ee={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},$g=60,Xg=3600,Md="throttling",Yg="retry-after, h429",Qg="invalid_grant",qg="client_mismatch",Nn={FAILED_AUTO_DETECTION:"1",INTERNAL_CACHE:"2",ENVIRONMENT_VARIABLE:"3",IMDS:"4"},ss={CONFIGURED_NO_AUTO_DETECTION:"2",AUTO_DETECTION_REQUESTED_SUCCESSFUL:"4",AUTO_DETECTION_REQUESTED_FAILED:"5"},jt={NOT_APPLICABLE:"0",FORCE_REFRESH_OR_CLAIMS:"1",NO_CACHED_ACCESS_TOKEN:"2",CACHED_ACCESS_TOKEN_EXPIRED:"3",PROACTIVELY_REFRESHED:"4"},em={Pop:"pop"},Ud=300;/*! @azure/msal-common v16.10.0 2026-06-23 */const vn="client_id",Dd="redirect_uri",tm="response_type",nm="response_mode",rm="grant_type",om="claims",im="scope",sm="refresh_token",am="state",cm="nonce",hm="prompt",lm="code",dm="code_challenge",um="code_challenge_method",pm="code_verifier",fm="client-request-id",gm="x-client-SKU",mm="x-client-VER",ym="x-client-OS",wm="x-client-CPU",vm="x-client-current-telemetry",bm="x-client-last-telemetry",Cm="x-ms-lib-capability",Tm="x-app-name",km="x-app-ver",_m="post_logout_redirect_uri",Im="id_token_hint",Sm="client_secret",Em="client_assertion",Am="client_assertion_type",Ld="token_type",Hd="req_cnf",Oh="return_spa_code",Rm="nativebroker",Pm="logout_hint",Om="sid",Nm="login_hint",xm="domain_hint",Mm="x-client-xtra-sku",Wr="brk_client_id",$o="brk_redirect_uri",Ws="instance_aware",Um="ear_jwk",Dm="ear_jwe_crypto",Lm="resource",Hm="clidata";/*! @azure/msal-common v16.10.0 2026-06-23 */function Aa(r){return`See https://aka.ms/msal.js.errors#${r} for details`}class oe extends Error{constructor(e,t,n,o){const i=n||(e?Aa(e):""),s=i?`${e}: ${i}`:e;super(s),Object.setPrototypeOf(this,oe.prototype),this.errorCode=e||"",this.errorMessage=i||"",this.subError=o||"",this.correlationId=t,this.name="AuthError"}}function Js(r,e,t){return new oe(r,e,t||Aa(r))}/*! @azure/msal-common v16.10.0 2026-06-23 */class Ra extends oe{constructor(e,t){super(e,t),this.name="ClientConfigurationError",Object.setPrototypeOf(this,Ra.prototype)}}function V(r,e){return new Ra(r,e)}/*! @azure/msal-common v16.10.0 2026-06-23 */class mn{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},n=e.split("&"),o=i=>decodeURIComponent(i.replace(/\+/g," "));return n.forEach(i=>{if(i.trim()){const[s,a]=i.split(/=(.+)/g,2);s&&a&&(t[o(s)]=o(a))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromArray(e){return e.filter(t=>!!t)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}}/*! @azure/msal-common v16.10.0 2026-06-23 */class Pa extends oe{constructor(e,t,n){super(e,t,n),this.name="ClientAuthError",Object.setPrototypeOf(this,Pa.prototype)}}function T(r,e,t){return new Pa(r,e,t)}/*! @azure/msal-common v16.10.0 2026-06-23 */const Km="redirect_uri_empty",Fm="authority_uri_insecure",Fn="url_parse_error",jm="empty_url_error",zm="empty_input_scopes_error",Wm="invalid_claims",Jm="token_request_empty",Bm="logout_request_empty",Kd="pkce_params_missing",Fd="invalid_cloud_discovery_metadata",Gm="invalid_authority_metadata",Vm="untrusted_authority",Oa="missing_ssh_jwk",Zm="missing_ssh_kid",$m="cannot_set_OIDCOptions",Xm="cannot_allow_platform_broker",Ym="authority_mismatch",Qm="invalid_request_method_for_EAR",qm="invalid_platform_broker_configuration",as="issuer_validation_failed";/*! @azure/msal-common v16.10.0 2026-06-23 */const jd="client_info_decoding_error",ey="client_info_empty_error",zd="token_parsing_error",ty="null_or_empty_token",zt="endpoints_resolution_error",ny="network_error",ry="openid_config_error",oy="hash_not_deserialized",Jr="invalid_state",iy="state_mismatch",Nh="state_not_found",sy="nonce_mismatch",ay="multiple_matching_appMetadata",cy="request_cannot_be_made",hy="cannot_remove_empty_scope",ly="cannot_append_scopeset",xh="empty_input_scopeset",Wd="no_account_in_silent_request",dy="invalid_cache_record",Jd="invalid_cache_environment",Mh="no_account_found",Bd="no_crypto_object",Zt="token_refresh_required",uy="token_claims_cnf_required_for_signedjwt",py="authorization_code_missing_from_server_response",fy="binding_key_not_removed",gy="end_session_endpoint_not_supported",Gd="key_id_missing",D="method_not_implemented",my="resource_parameter_required",yy="misplaced_resource_parameter";/*! @azure/msal-common v16.10.0 2026-06-23 */class Ce{constructor(e,t){this.correlationId=t;const n=e?mn.trimArrayEntries([...e]):[],o=n?mn.removeEmptyStringsFromArray(n):[];if(!o||!o.length)throw V(zm,t);this.scopes=new Set,o.forEach(i=>this.scopes.add(i))}static fromString(e,t){const o=(e||"").split(" ");return new Ce(o,t)}static createSearchScopes(e,t){const n=e&&e.length>0?e:[...ir],o=new Ce(n,t);return o.containsOnlyOIDCScopes()?o.removeScope(ka):o.removeOIDCScopes(),o}containsScope(e){const t=this.printScopesLowerCase().split(" "),n=new Ce(t,this.correlationId);return e?n.scopes.has(e.toLowerCase()):!1}containsScopeSet(e){return!e||e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(t=>this.containsScope(t))}containsOnlyOIDCScopes(){let e=0;return Eh.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(t=>this.appendScope(t))}catch{throw T(ly,this.correlationId)}}removeScope(e){if(!e)throw T(hy,this.correlationId);this.scopes.delete(e.trim())}removeOIDCScopes(){Eh.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw T(xh,this.correlationId);const t=new Set;return e.scopes.forEach(n=>t.add(n.toLowerCase())),this.scopes.forEach(n=>t.add(n.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw T(xh,this.correlationId);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),n=e.getScopeCount(),o=this.getScopeCount();return t.size<o+n}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(" "):""}printScopesLowerCase(){return this.printScopes().toLowerCase()}}/*! @azure/msal-common v16.10.0 2026-06-23 */function wi(r,e,t){if(!e)return;const n=r.get(vn);n&&r.has(Wr)&&(t==null||t.addFields({embeddedClientId:n,embeddedRedirectUri:r.get(Dd)},e))}function Na(r,e){r.set(tm,e)}function wy(r,e){r.set(nm,e||Sa.QUERY)}function vy(r){r.set(Rm,"1")}function xa(r,e,t,n=!0,o=ir){n&&!o.includes("openid")&&!e.includes("openid")&&o.push("openid");const i=n?[...e||[],...o]:e||[],s=new Ce(i,t);r.set(im,s.printScopes())}function Ma(r,e){r.set(vn,e)}function Ua(r,e){r.set(Dd,e)}function by(r,e){r.set(_m,e)}function Cy(r,e){r.set(Im,e)}function Ty(r,e){r.set(xm,e)}function Io(r,e){r.set(Nm,e)}function Xo(r,e){r.set(Ae.CCS_HEADER,`UPN:${e}`)}function Lr(r,e){r.set(Ae.CCS_HEADER,`Oid:${e.uid}@${e.utid}`)}function Uh(r,e){r.set(Om,e)}function Da(r,e,t,n,o){const i=o&&r.has(Wr)?void 0:n,s=qd(t,i,e);r.set(om,s)}function oo(r,e){r.set(fm,e)}function La(r,e){r.set(gm,e.sku),r.set(mm,e.version),e.os&&r.set(ym,e.os),e.cpu&&r.set(wm,e.cpu)}function Ha(r,e){e!=null&&e.appName&&r.set(Tm,e.appName),e!=null&&e.appVersion&&r.set(km,e.appVersion)}function ky(r,e){r.set(hm,e)}function Vd(r,e){e&&r.set(am,e)}function _y(r,e){r.set(cm,e)}function Ka(r,e,t){if(e&&t)r.set(dm,e),r.set(um,t);else throw V(Kd,"")}function Iy(r,e){r.set(lm,e)}function Sy(r,e){r.set(sm,e)}function Ey(r,e){r.set(pm,e)}function Zd(r,e){r.set(Sm,e)}function $d(r,e){e&&r.set(Em,e)}function Xd(r,e){e&&r.set(Am,e)}function Yd(r,e){r.set(rm,e)}function Fa(r){r.set(zg,"1")}function Ay(r){r.set(Hm,"1")}function Qd(r){r.has(Ws)||r.set(Ws,"true")}function gt(r,e){Object.entries(e).forEach(([t,n])=>{!r.has(t)&&n&&r.set(t,n)})}const Ry={[kt.SIGNIN_STATE]:{essential:!1},[kt.LOGIN_HINT]:{essential:!1}};function qd(r,e,t=""){let n;if(!r)n={};else try{const i=JSON.parse(r);if(typeof i!="object"||i===null||Array.isArray(i))throw new Error("Claims must be a JSON object");n=i}catch{throw V(Wm,t)}Object.prototype.hasOwnProperty.call(n,kt.ID_TOKEN)||(n[kt.ID_TOKEN]={});const o=n[kt.ID_TOKEN];for(const[i,s]of Object.entries(Ry))i in o||(o[i]=s);return e&&e.length>0&&(Object.prototype.hasOwnProperty.call(n,kt.ACCESS_TOKEN)||(n[kt.ACCESS_TOKEN]={}),n[kt.ACCESS_TOKEN][kt.XMS_CC]={values:e}),JSON.stringify(n)}function ja(r,e){e&&(r.set(Ld,ee.POP),r.set(Hd,e))}function eu(r,e){e&&(r.set(Ld,ee.SSH),r.set(Hd,e))}function tu(r,e){r.set(vm,e.generateCurrentRequestHeaderValue()),r.set(bm,e.generateLastRequestHeaderValue())}function nu(r){r.set(Cm,Yg)}function Py(r,e){r.set(Pm,e)}function vi(r,e,t){r.has(Wr)||r.set(Wr,e),r.has($o)||r.set($o,t)}function Oy(r,e){r.set(Um,encodeURIComponent(e)),r.set(Dm,"eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0")}function ru(r,e){e&&r.set(Lm,e)}/*! @azure/msal-common v16.10.0 2026-06-23 */function ou(r){return r.startsWith("#/")?r.substring(2):r.startsWith("#")||r.startsWith("?")?r.substring(1):r}function Yo(r){if(!r||r.indexOf("=")<0)return null;try{const e=ou(r),t=Object.fromEntries(new URLSearchParams(e));if(t.code||t.ear_jwe||t.error||t.error_description||t.state)return t}catch{throw T(oy,"")}return null}function Br(r){const e=new Array;return r.forEach((t,n)=>{e.push(`${n}=${encodeURIComponent(t)}`)}),e.join("&")}function Dh(r,e,t){if(!r)return r;const n=r.split("#")[0];if(!n)return n;try{const o=new URL(n);o.search||(o.search="");let i;try{i=decodeURIComponent(o.pathname)}catch{i=o.pathname}return i.endsWith("/")||(i+="/"),o.pathname=i,o.href}catch(o){throw e==null||e.error(`15apdm ${o}`,t||""),V(Fn,t||"")}}function Ny(r,e,t){try{new URL(r)}catch(n){throw e==null||e.error(`1lrjz7 ${n}`,t||""),V(Fn,t||"")}}/*! @azure/msal-common v16.10.0 2026-06-23 */const Qo={createNewGuid:()=>{throw T(D,"")},base64Decode:()=>{throw T(D,"")},base64Encode:()=>{throw T(D,"")},base64UrlEncode:()=>{throw T(D,"")},encodeKid:()=>{throw T(D,"")},async getPublicKeyThumbprint(){throw T(D,"")},async removeTokenBindingKey(){throw T(D,"")},async clearKeystore(){throw T(D,"")},async signJwt(){throw T(D,"")},async hashString(){throw T(D,"")}};/*! @azure/msal-common v16.10.0 2026-06-23 */var ie;(function(r){r[r.Error=0]="Error",r[r.Warning=1]="Warning",r[r.Info=2]="Info",r[r.Verbose=3]="Verbose",r[r.Trace=4]="Trace"})(ie||(ie={}));const xy=50,My=500,ln=new Map;function Uy(r,e){ln.delete(r),ln.set(r,e)}function Dy(r,e){const t=Date.now();let n=ln.get(r);if(n)Uy(r,n);else if(n={logs:[],firstEventTime:t},ln.set(r,n),ln.size>xy){const o=ln.keys().next().value;o!==void 0&&ln.delete(o)}n.logs.push({...e,milliseconds:t-n.firstEventTime}),n.logs.length>My&&n.logs.shift()}function Ly(r){if(r.length<6||r.length>6&&r[6]!==" ")return null;for(let e=0;e<6;e++){const t=r[e];if(!(t>="a"&&t<="z"||t>="A"&&t<="Z"||t>="0"&&t<="9"))return null}return r.substring(0,6)}class ot{constructor(e,t,n){this.level=ie.Info;const o=()=>{},i=e||ot.createDefaultLoggerOptions();this.localCallback=i.loggerCallback||o,this.piiLoggingEnabled=i.piiLoggingEnabled||!1,this.level=typeof i.logLevel=="number"?i.logLevel:ie.Info,this.packageName=t||"",this.packageVersion=n||""}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:ie.Info}}clone(e,t){return new ot({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level},e,t)}logMessage(e,t){const n=t.correlationId,o=Ly(e);if(o){const c={hash:o,level:t.logLevel,containsPii:t.containsPii||!1,milliseconds:0};Dy(n,c)}if(t.logLevel>this.level||!this.piiLoggingEnabled&&t.containsPii)return;const a=`${`[${new Date().toUTCString()}] : [${n}]`} : ${this.packageName}@${this.packageVersion} : ${ie[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,a,t.containsPii||!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:ie.Error,containsPii:!1,correlationId:t})}errorPii(e,t){this.logMessage(e,{logLevel:ie.Error,containsPii:!0,correlationId:t})}warning(e,t){this.logMessage(e,{logLevel:ie.Warning,containsPii:!1,correlationId:t})}warningPii(e,t){this.logMessage(e,{logLevel:ie.Warning,containsPii:!0,correlationId:t})}info(e,t){this.logMessage(e,{logLevel:ie.Info,containsPii:!1,correlationId:t})}infoPii(e,t){this.logMessage(e,{logLevel:ie.Info,containsPii:!0,correlationId:t})}verbose(e,t){this.logMessage(e,{logLevel:ie.Verbose,containsPii:!1,correlationId:t})}verbosePii(e,t){this.logMessage(e,{logLevel:ie.Verbose,containsPii:!0,correlationId:t})}trace(e,t){this.logMessage(e,{logLevel:ie.Trace,containsPii:!1,correlationId:t})}tracePii(e,t){this.logMessage(e,{logLevel:ie.Trace,containsPii:!0,correlationId:t})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}/*! @azure/msal-common v16.10.0 2026-06-23 */const io="@azure/msal-common",sr="16.10.0";/*! @azure/msal-common v16.10.0 2026-06-23 */const za={None:"none"};/*! @azure/msal-common v16.10.0 2026-06-23 */function ft(r,e,t){const n=Hy(r,t);try{const o=e(n);return JSON.parse(o)}catch{throw T(zd,t)}}function mt(r){if(!r.signin_state)return!1;const e=["kmsi","dvc_dmjd"];return r.signin_state.some(t=>e.includes(t.trim().toLowerCase()))}function Hy(r,e){if(!r)throw T(ty,e);const n=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(r);if(!n||n.length<4)throw T(zd,e);return n[2]}/*! @azure/msal-common v16.10.0 2026-06-23 */function Lh(r,e){return!!r&&!!e&&r===e.split(".")[1]}function ar(r,e,t,n,o){if(o){const{oid:i,sub:s,tid:a,name:c,tfp:l,acr:h,preferred_username:d,upn:p,login_hint:u}=o,f=a||l||h||"";return{tenantId:f,localAccountId:i||s||"",name:c,username:d||p||"",loginHint:u,isHomeTenant:Lh(f,r),upn:p,...n&&{nativeAccountId:n}}}else return{tenantId:t,localAccountId:e,username:"",isHomeTenant:Lh(t,r),...n&&{nativeAccountId:n}}}function qo(r,e,t,n){let o=r;if(e){const{isHomeTenant:i,...s}=e;o={...r,...s}}if(t){const{isHomeTenant:i,...s}=ar(r.homeAccountId,r.localAccountId,r.tenantId,o.nativeAccountId,t);return o={...o,...s,idTokenClaims:t,idToken:n,kmsi:mt(t)},o}return o}/*! @azure/msal-common v16.10.0 2026-06-23 */class B{get urlString(){return this._urlString}constructor(e,t){if(this._urlString=e,this.correlationId=t,!this._urlString)throw V(jm,t);e.includes("#")||(this._urlString=B.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return mn.endsWith(t,"?")?t=t.slice(0,-1):mn.endsWith(t,"?/")&&(t=t.slice(0,-2)),mn.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw V(Fn,this.correlationId)}if(!e.HostNameAndPort||!e.PathSegments)throw V(Fn,this.correlationId);if(!e.Protocol||e.Protocol.toLowerCase()!=="https:")throw V(Fm,this.correlationId)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return B.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),n=t.PathSegments;return e&&n.length!==0&&(n[0]===Xt.COMMON||n[0]===Xt.ORGANIZATIONS)&&(n[0]=e),B.constructAuthorityUriFromObject(t,this.correlationId)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw V(Fn,this.correlationId);const n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=n.AbsolutePath.split("/");return o=o.filter(i=>i&&i.length>0),n.PathSegments=o,n.QueryString&&n.QueryString.endsWith("/")&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e,t){const n=RegExp("^([^:/?#]+://)?([^/?#]*)"),o=e.match(n);if(!o)throw V(Fn,t);return o[2]}static getAbsoluteUrl(e,t,n){if(e[0]===Fs){const i=new B(t,n).getUrlComponents();return i.Protocol+"//"+i.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e,t){return new B(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"),t)}}/*! @azure/msal-common v16.10.0 2026-06-23 */const Ky=[{host:"login.microsoftonline.com"},{host:"login.chinacloudapi.cn",issuerHost:"login.partner.microsoftonline.cn"},{host:"login.microsoftonline.us"},{host:"login.sovcloud-identity.fr"},{host:"login.sovcloud-identity.de"},{host:"login.sovcloud-identity.sg"}];function Fy(r,e){return{token_endpoint:`https://${r}/{tenantid}/oauth2/v2.0/token`,jwks_uri:`https://${r}/{tenantid}/discovery/v2.0/keys`,issuer:`https://${e}/{tenantid}/v2.0`,authorization_endpoint:`https://${r}/{tenantid}/oauth2/v2.0/authorize`,end_session_endpoint:`https://${r}/{tenantid}/oauth2/v2.0/logout`}}const jy=Ky.reduce((r,{host:e,issuerHost:t})=>(r[e]=Fy(e,t||e),r),{}),iu={endpointMetadata:jy,instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]},{preferred_network:"login.sovcloud-identity.fr",preferred_cache:"login.sovcloud-identity.fr",aliases:["login.sovcloud-identity.fr"]},{preferred_network:"login.sovcloud-identity.de",preferred_cache:"login.sovcloud-identity.de",aliases:["login.sovcloud-identity.de"]},{preferred_network:"login.sovcloud-identity.sg",preferred_cache:"login.sovcloud-identity.sg",aliases:["login.sovcloud-identity.sg"]},{preferred_network:"login.windows-ppe.net",preferred_cache:"login.windows-ppe.net",aliases:["login.windows-ppe.net","sts.windows-ppe.net","login.microsoft-ppe.com"]}]}},Hh=iu.endpointMetadata,Wa=iu.instanceDiscoveryMetadata,su=new Set;Wa.metadata.forEach(r=>{r.aliases.forEach(e=>{su.add(e)})});function zy(r,e,t){var i;let n;const o=r.canonicalAuthority;if(o){const s=new B(o,t).getUrlComponents().HostNameAndPort;n=Kh(e,t,s,(i=r.cloudDiscoveryMetadata)==null?void 0:i.metadata,De.CONFIG)||Kh(e,t,s,Wa.metadata,De.HARDCODED_VALUES)||r.knownAuthorities}return n||[]}function Kh(r,e,t,n,o){if(r.trace(`1bmquz ${o}`,e),t&&n){const i=ei(n,t);if(i)return r.trace(`1fotbt ${o}`,e),i.aliases;r.trace(`14avvj ${o}`,e)}return null}function Wy(r){return ei(Wa.metadata,r)}function ei(r,e){for(let t=0;t<r.length;t++){const n=r[t];if(n.aliases.includes(e))return n}return null}/*! @azure/msal-common v16.10.0 2026-06-23 */const Bs="cache_quota_exceeded",Jy="cache_error_unknown";/*! @azure/msal-common v16.10.0 2026-06-23 */class Jn extends Error{constructor(e,t){const n=t||Aa(e);super(n),Object.setPrototypeOf(this,Jn.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}function Gs(r){return r instanceof Error?r.name==="QuotaExceededError"||r.name==="NS_ERROR_DOM_QUOTA_REACHED"||r.message.includes("exceeded the quota")?new Jn(Bs):new Jn(r.name,r.message):new Jn(Jy)}/*! @azure/msal-common v16.10.0 2026-06-23 */function ti(r,e){if(!r)throw T(ey,"");try{const t=e(r);return JSON.parse(t)}catch{throw T(jd,"")}}function Bn(r){if(!r)throw T(jd,"");const e=r.split(js,2);return{uid:e[0],utid:e.length<2?"":e[1]}}/*! @azure/msal-common v16.10.0 2026-06-23 */const Ze={Default:0,Adfs:1,Dsts:2,Ciam:3};/*! @azure/msal-common v16.10.0 2026-06-23 */function Ja(r){return r&&(r.tid||r.tfp||r.acr)||null}/*! @azure/msal-common v16.10.0 2026-06-23 */const Me={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};/*! @azure/msal-common v16.10.0 2026-06-23 */function bn(r){const e=r.tenantProfiles||[];e.length===0&&r.realm&&r.localAccountId&&e.push(ar(r.homeAccountId,r.localAccountId,r.realm,r.nativeAccountId));const t=e.find(o=>o.tenantId===r.realm),n=(t==null?void 0:t.nativeAccountId)||r.nativeAccountId;return{homeAccountId:r.homeAccountId,environment:r.environment,tenantId:r.realm,username:r.username,localAccountId:r.localAccountId,loginHint:r.loginHint,name:r.name,nativeAccountId:n,authorityType:r.authorityType,tenantProfiles:new Map(e.map(o=>[o.tenantId,o])),dataBoundary:r.dataBoundary}}function By(r,e,t,n){var g,y,m,b,C,k,_;let o;e.authorityType===Ze.Adfs?o=jg:e.protocolMode===Me.OIDC?o=Od:o=Fg;let i,s;r.clientInfo&&n&&(i=ti(r.clientInfo,n),i.xms_tdbr&&(s=i.xms_tdbr==="EU"?"EU":"None"));const a=r.environment||e&&e.getPreferredCache();if(!a)throw T(Jd,t);const c=((g=r.idTokenClaims)==null?void 0:g.preferred_username)||((y=r.idTokenClaims)==null?void 0:y.upn),l=(m=r.idTokenClaims)!=null&&m.emails?r.idTokenClaims.emails[0]:null,h=c||l||"",d=(b=r.idTokenClaims)==null?void 0:b.login_hint,p=(i==null?void 0:i.utid)||Ja(r.idTokenClaims)||"",u=(i==null?void 0:i.uid)||((C=r.idTokenClaims)==null?void 0:C.oid)||((k=r.idTokenClaims)==null?void 0:k.sub)||"";let f;return r.tenantProfiles?f=r.tenantProfiles:f=[ar(r.homeAccountId,u,p,r.nativeAccountId,r.idTokenClaims)],{homeAccountId:r.homeAccountId,environment:a,realm:p,localAccountId:u,username:h,authorityType:o,loginHint:d,clientInfo:r.clientInfo,name:((_=r.idTokenClaims)==null?void 0:_.name)||"",lastModificationTime:void 0,lastModificationApp:void 0,cloudGraphHostName:r.cloudGraphHostName,msGraphHost:r.msGraphHost,nativeAccountId:r.nativeAccountId,tenantProfiles:f,dataBoundary:s}}function Gy(r,e,t){var o;const n=Array.from(((o=r.tenantProfiles)==null?void 0:o.values())||[]);if(n.length===0&&r.tenantId&&r.localAccountId)n.push(ar(r.homeAccountId,r.localAccountId,r.tenantId,r.nativeAccountId,r.idTokenClaims));else if(r.nativeAccountId){const i=n.find(s=>s.tenantId===r.tenantId);i&&!i.nativeAccountId&&(i.nativeAccountId=r.nativeAccountId)}return{authorityType:r.authorityType||Od,homeAccountId:r.homeAccountId,localAccountId:r.localAccountId,nativeAccountId:r.nativeAccountId,realm:r.tenantId,environment:r.environment,username:r.username,loginHint:r.loginHint,name:r.name,cloudGraphHostName:e,msGraphHost:t,tenantProfiles:n,dataBoundary:r.dataBoundary}}function au(r,e,t,n,o,i){if(!(e===Ze.Adfs||e===Ze.Dsts)){if(r)try{const s=ti(r,n.base64Decode);if(s.uid&&s.utid)return`${s.uid}.${s.utid}`}catch{}t.warning("1ub6wv",o)}return(i==null?void 0:i.sub)||""}function Vy(r){return r?r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("realm")&&r.hasOwnProperty("localAccountId")&&r.hasOwnProperty("username")&&r.hasOwnProperty("authorityType"):!1}/*! @azure/msal-common v16.10.0 2026-06-23 */class Vs{constructor(e,t,n,o,i){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(io,sr),this.staticAuthorityOptions=i,this.performanceClient=o}getAllAccounts(e={},t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){if(Object.keys(e).length===0||Object.values(e).every(o=>o==null||o===""))return this.commonLogger.warning("1skb02",t),null;const n=this.getAllAccounts(e,t);return n.length>1?n.sort((i,s)=>{const a=i.idTokenClaims?1:0;return(s.idTokenClaims?1:0)-a})[0]:n.length===1?n[0]:null}getBaseAccountInfo(e,t){const n=this.getAccountsFilteredBy(e,t);return n.length>0?bn(n[0]):null}buildTenantProfiles(e,t,n){return e.flatMap(o=>this.getTenantProfilesFromAccountEntity(o,t,n==null?void 0:n.tenantId,n))}getTenantedAccountInfoByFilter(e,t,n,o,i){let s=null,a;if(i&&!this.tenantProfileMatchesFilter(n,i))return null;const c=this.getIdToken(e,o,t,n.tenantId);return c&&(a=ft(c.secret,this.cryptoImpl.base64Decode,o),!this.idTokenClaimsMatchTenantProfileFilter(a,i))?null:(s=qo(e,n,a,c==null?void 0:c.secret),s)}getTenantProfilesFromAccountEntity(e,t,n,o){const i=bn(e);let s=i.tenantProfiles||new Map;const a=this.getTokenKeys();if(n){const l=s.get(n);if(l)s=new Map([[n,l]]);else return[]}const c=[];return s.forEach(l=>{const h=this.getTenantedAccountInfoByFilter(i,a,l,t,o);h&&c.push(h)}),c}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)||t.name&&e.name!==t.name||t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant||t.username&&!this.matchUsername(e.username,t.username)&&!this.matchUsername(e.upn,t.username)||t.loginHint&&!this.matchLoginHintWithTenantProfile(e,t.loginHint)||t.upn&&e.upn!==t.upn||t.nativeAccountId&&e.nativeAccountId!==t.nativeAccountId)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)||t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)||t.username&&!this.matchUsername(e.preferred_username,t.username)&&!this.matchUsername(e.upn,t.username)||t.name&&!this.matchName(e,t.name)||t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n,o,i){var s;if(!e)throw T(dy,t);try{e.account&&await this.setAccount(e.account,t,n,o),e.idToken&&(i==null?void 0:i.idToken)!==!1&&await this.setIdTokenCredential(e.idToken,t,n),e.accessToken&&(i==null?void 0:i.accessToken)!==!1&&await this.saveAccessToken(e.accessToken,t,n),e.refreshToken&&(i==null?void 0:i.refreshToken)!==!1&&await this.setRefreshTokenCredential(e.refreshToken,t,n),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(a){throw(s=this.commonLogger)==null||s.error("0j476p",t),a instanceof oe?a:Gs(a)}}async saveAccessToken(e,t,n){const o={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType},i=this.getTokenKeys(),s=Ce.fromString(e.target,t);i.accessToken.forEach(a=>{if(!this.accessTokenKeyMatchesFilter(a,o,!1))return;const c=this.getAccessTokenCredential(a,t);c&&this.credentialMatchesFilter(c,o,t)&&Ce.fromString(c.target,t).intersectingScopeSets(s)&&this.removeAccessToken(a,t)}),await this.setAccessTokenCredential(e,t,n)}getAccountsFilteredBy(e,t){const n=this.getAccountKeys(),o=[];return n.forEach(i=>{var l;const s=this.getAccount(i,t);if(!s||e.homeAccountId&&!this.matchHomeAccountId(s,e.homeAccountId)||e.environment&&!this.matchEnvironment(s,e.environment,t)||e.realm&&!this.matchRealm(s,e.realm)||e.authorityType&&!this.matchAuthorityType(s,e.authorityType))return;const a={localAccountId:e==null?void 0:e.localAccountId,name:e==null?void 0:e.name,username:e==null?void 0:e.username,loginHint:e==null?void 0:e.loginHint,upn:e==null?void 0:e.upn,nativeAccountId:e==null?void 0:e.nativeAccountId},c=(l=s.tenantProfiles)==null?void 0:l.filter(h=>this.tenantProfileMatchesFilter(h,a));c&&c.length===0||o.push(s)}),o}credentialMatchesFilter(e,t,n){if(t.clientId&&!this.matchClientId(e,t.clientId)||t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)||typeof t.homeAccountId=="string"&&!this.matchHomeAccountId(e,t.homeAccountId)||t.environment&&!this.matchEnvironment(e,t.environment,n)||t.realm&&!this.matchRealm(e,t.realm)||t.credentialType&&!this.matchCredentialType(e,t.credentialType)||t.familyId&&!this.matchFamilyId(e,t.familyId)||t.target&&!this.matchTarget(e,t.target,n)||e.credentialType===ue.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)||t.tokenType===ee.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))return!1;const o=e.additionalCacheKeyComponents,i=t.additionalCacheKeyComponents,s=!!o&&Object.keys(o).length>0,a=!!i&&Object.keys(i).length>0;if(s!==a)return!1;if(s&&a){const c=Object.keys(o).sort(),l=Object.keys(i).sort();if(c.length!==l.length)return!1;for(let h=0;h<c.length;h++)if(c[h]!==l[h]||o[c[h]]!==i[l[h]])return!1}return!0}getAppMetadataFilteredBy(e,t){const n=this.getKeys(),o={};return n.forEach(i=>{if(!this.isAppMetadata(i))return;const s=this.getAppMetadata(i,t);s&&(e.environment&&!this.matchEnvironment(s,e.environment,t)||e.clientId&&!this.matchClientId(s,e.clientId)||(o[i]=s))}),o}getAuthorityMetadataByAlias(e,t){const n=this.getAuthorityMetadataKeys();let o=null;return n.forEach(i=>{if(!this.isAuthorityMetadata(i)||i.indexOf(this.clientId)===-1)return;const s=this.getAuthorityMetadata(i,t);s&&s.aliases.indexOf(e)!==-1&&(o=s)}),o}removeAllAccounts(e){this.getAllAccounts({},e).forEach(n=>{this.removeAccount(n,e)})}removeAccount(e,t){this.removeAccountContext(e,t);const n=this.getAccountKeys(),o=i=>i.includes(e.homeAccountId)&&i.includes(e.environment);n.filter(o).forEach(i=>{this.removeItem(i,t),this.performanceClient.incrementFields({accountsRemoved:1},t)})}removeAccountContext(e,t){const n=this.getTokenKeys(),o=i=>i.includes(e.homeAccountId)&&i.includes(e.environment);n.idToken.filter(o).forEach(i=>{this.removeIdToken(i,t)}),n.accessToken.filter(o).forEach(i=>{this.removeAccessToken(i,t)}),n.refreshToken.filter(o).forEach(i=>{this.removeRefreshToken(i,t)})}removeAccessToken(e,t){const n=this.getAccessTokenCredential(e,t);if(n&&(this.removeItem(e,t),this.performanceClient.incrementFields({accessTokensRemoved:1},t),n.credentialType.toLowerCase()===ue.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&n.tokenType===ee.POP)){const i=n.keyId;i&&this.cryptoImpl.removeTokenBindingKey(i,t).catch(()=>{var s;this.commonLogger.error(`0cx291 ${i}`,t),(s=this.performanceClient)==null||s.incrementFields({removeTokenBindingKeyFailure:1},t)})}}removeAppMetadata(e){return this.getKeys().forEach(n=>{this.isAppMetadata(n)&&this.removeItem(n,e)}),!0}getIdToken(e,t,n,o){this.commonLogger.trace("1drz22",t);const i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:ue.ID_TOKEN,clientId:this.clientId,realm:o},s=this.getIdTokensByFilter(i,t,n),a=s.size;if(a<1)return this.commonLogger.info("1atvtd",t),null;if(a>1){let c=s;if(!o){const l=new Map;s.forEach((d,p)=>{d.realm===e.tenantId&&l.set(p,d)});const h=l.size;if(h<1)return this.commonLogger.info("0ooalx",t),s.values().next().value??null;if(h===1)return this.commonLogger.info("1eq2vc",t),l.values().next().value??null;c=l}return this.commonLogger.info("1ws328",t),c.forEach((l,h)=>{this.removeIdToken(h,t)}),this.performanceClient.addFields({multiMatchedID:s.size},t),null}return this.commonLogger.info("1sm769",t),s.values().next().value??null}getIdTokensByFilter(e,t,n){const o=n&&n.idToken||this.getTokenKeys().idToken,i=new Map;return o.forEach(s=>{if(!this.idTokenKeyMatchesFilter(s,{clientId:this.clientId,...e}))return;const a=this.getIdTokenCredential(s,t);a&&this.credentialMatchesFilter(a,e,t)&&i.set(s,a)}),i}idTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,n,o){const i=t.correlationId;this.commonLogger.trace("1t7hz1",i);const s=Ce.createSearchScopes(t.scopes,i),a=t.authenticationScheme||ee.BEARER,c=a.toLowerCase()!==ee.BEARER.toLowerCase()?ue.ACCESS_TOKEN_WITH_AUTH_SCHEME:ue.ACCESS_TOKEN,l={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:c,clientId:this.clientId,realm:o||e.tenantId,target:s,tokenType:a,keyId:t.sshKid},h=n&&n.accessToken||this.getTokenKeys().accessToken,d=[];h.forEach(u=>{if(this.accessTokenKeyMatchesFilter(u,l,!0)){const f=this.getAccessTokenCredential(u,i);f&&this.credentialMatchesFilter(f,l,i)&&d.push(f)}});const p=d.length;return p<1?(this.commonLogger.info("1nckna",i),null):p>1?(this.commonLogger.info("1wkfwp",i),d.forEach(u=>{this.removeAccessToken(this.generateCredentialKey(u),i)}),this.performanceClient.addFields({multiMatchedAT:d.length},i),null):(this.commonLogger.info("06yt98",i),d[0])}accessTokenKeyMatchesFilter(e,t,n){const o=e.toLowerCase();if(t.clientId&&o.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&o.indexOf(t.homeAccountId.toLowerCase())===-1||t.realm&&o.indexOf(t.realm.toLowerCase())===-1)return!1;if(t.target){const i=t.target.asArray();for(let s=0;s<i.length;s++){if(n&&!o.includes(i[s].toLowerCase()))return!1;if(!n&&o.includes(i[s].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e,t){const n=this.getTokenKeys(),o=[];return n.accessToken.forEach(i=>{if(!this.accessTokenKeyMatchesFilter(i,e,!0))return;const s=this.getAccessTokenCredential(i,t);s&&this.credentialMatchesFilter(s,e,t)&&o.push(s)}),o}getRefreshToken(e,t,n,o){this.commonLogger.trace("0x53vi",n);const i=t?Zo:void 0,s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:ue.REFRESH_TOKEN,clientId:this.clientId,familyId:i},a=o&&o.refreshToken||this.getTokenKeys().refreshToken,c=[];a.forEach(h=>{if(this.refreshTokenKeyMatchesFilter(h,s)){const d=this.getRefreshTokenCredential(h,n);d&&this.credentialMatchesFilter(d,s,n)&&c.push(d)}});const l=c.length;return l<1?(this.commonLogger.info("0dlw11",n),null):(l>1&&this.performanceClient.addFields({multiMatchedRT:l},n),this.commonLogger.info("0wcnep",n),c[0])}refreshTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1||!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e,t){const n={environment:e,clientId:this.clientId},o=this.getAppMetadataFilteredBy(n,t),i=Object.keys(o).map(a=>o[a]),s=i.length;if(s<1)return null;if(s>1)throw T(ay,t);return i[0]}isAppMetadataFOCI(e,t){const n=this.readAppMetadataFromCache(e,t);return!!(n&&n.familyId===Zo)}matchHomeAccountId(e,t){return typeof e.homeAccountId=="string"&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){const n=e.oid||e.sub;return t===n}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){var n;return t.toLowerCase()===((n=e.name)==null?void 0:n.toLowerCase())}matchUsername(e,t){return!!(e&&typeof e=="string"&&(t==null?void 0:t.toLowerCase())===e.toLowerCase())}matchLoginHintWithTenantProfile(e,t){return e.loginHint===t||e.username===t||e.upn===t}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t,n){if(this.staticAuthorityOptions){const i=zy(this.staticAuthorityOptions,this.commonLogger,n);if(i.includes(t)&&i.includes(e.environment))return!0}const o=this.getAuthorityMetadataByAlias(t,n);return!!(o&&o.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){var n;return((n=e.realm)==null?void 0:n.toLowerCase())===t.toLowerCase()}matchLoginHintFromTokenClaims(e,t){return!!(e.login_hint===t||e.preferred_username===t||e.upn===t||e.emails&&e.emails.includes(t))}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t,n){return e.credentialType!==ue.ACCESS_TOKEN&&e.credentialType!==ue.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target?!1:Ce.fromString(e.target,n).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(Ea)!==-1}isAuthorityMetadata(e){return e.indexOf(zs)!==-1}generateAuthorityMetadataCacheKey(e){return`${zs}-${this.clientId}-${e}`}static toObject(e,t){for(const n in t)e[n]=t[n];return e}}class Zy extends Vs{async setAccount(){throw T(D,"")}getAccount(){throw T(D,"")}async setIdTokenCredential(){throw T(D,"")}getIdTokenCredential(){throw T(D,"")}async setAccessTokenCredential(){throw T(D,"")}getAccessTokenCredential(){throw T(D,"")}async setRefreshTokenCredential(){throw T(D,"")}getRefreshTokenCredential(){throw T(D,"")}setAppMetadata(){throw T(D,"")}getAppMetadata(){throw T(D,"")}setServerTelemetry(){throw T(D,"")}getServerTelemetry(){throw T(D,"")}setAuthorityMetadata(){throw T(D,"")}getAuthorityMetadata(){throw T(D,"")}getAuthorityMetadataKeys(){throw T(D,"")}setThrottlingCache(){throw T(D,"")}getThrottlingCache(){throw T(D,"")}removeItem(){throw T(D,"")}getKeys(){throw T(D,"")}getAccountKeys(){throw T(D,"")}getTokenKeys(){throw T(D,"")}generateCredentialKey(){throw T(D,"")}generateAccountKey(){throw T(D,"")}}/*! @azure/msal-common v16.10.0 2026-06-23 */const $y={InProgress:1};/*! @azure/msal-common v16.10.0 2026-06-23 */class cu{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:$y.InProgress,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""}}}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}/*! @azure/msal-common v16.10.0 2026-06-23 */const hu={tokenRenewalOffsetSeconds:Ud,preventCorsPreflight:!1},Xy={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:ie.Info,correlationId:""},Yy={async sendGetRequestAsync(){throw T(D,"")},async sendPostRequestAsync(){throw T(D,"")}},Qy={sku:kg,version:sr,cpu:"",os:""},qy={clientSecret:"",clientAssertion:void 0},ew={azureCloudInstance:za.None,tenant:`${Ed}`},tw={application:{appName:"",appVersion:""}};function Ba({authOptions:r,systemOptions:e,loggerOptions:t,storageInterface:n,networkInterface:o,cryptoInterface:i,clientCredentials:s,libraryInfo:a,telemetry:c,serverTelemetryManager:l,persistencePlugin:h,serializableCache:d}){const p={...Xy,...t};return{authOptions:nw(r),systemOptions:{...hu,...e},loggerOptions:p,storageInterface:n||new Zy(r.clientId,Qo,new ot(p,io,sr),new cu),networkInterface:o||Yy,cryptoInterface:i||Qo,clientCredentials:s||qy,libraryInfo:{...Qy,...a},telemetry:{...tw,...c},serverTelemetryManager:l||null,persistencePlugin:h||null,serializableCache:d||null}}function nw(r){return{clientCapabilities:[],azureCloudOptions:ew,instanceAware:!1,isMcp:!1,...r}}function lu(r){return r.authOptions.authority.options.protocolMode===Me.OIDC}/*! @azure/msal-common v16.10.0 2026-06-23 */class rw{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}/*! @azure/msal-common v16.10.0 2026-06-23 */function it(){return Math.round(new Date().getTime()/1e3)}function ni(r){return r.getTime()/1e3}function Mo(r){return r?new Date(Number(r)*1e3):new Date}function ri(r,e){const t=Number(r)||0;return it()+e>t}function Fh(r,e){const t=Number(r)+e*24*60*60*1e3;return Date.now()>t}function ow(r){return Number(r)>it()}/*! @azure/msal-common v16.10.0 2026-06-23 */function bi(r,e,t,n,o){return{credentialType:ue.ID_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,realm:o,lastUpdatedAt:Date.now().toString()}}function Ci(r,e,t,n,o,i,s,a,c,l,h,d,p,u,f){var y,m;const g={homeAccountId:r,credentialType:ue.ACCESS_TOKEN,secret:t,cachedAt:it().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:e,clientId:n,realm:o,target:i,tokenType:d||ee.BEARER,lastUpdatedAt:Date.now().toString()};if(p&&(g.userAssertionHash=p),h&&(g.refreshOn=h.toString()),((y=g.tokenType)==null?void 0:y.toLowerCase())!==ee.BEARER.toLowerCase())switch(g.credentialType=ue.ACCESS_TOKEN_WITH_AUTH_SCHEME,g.tokenType){case ee.POP:const b=ft(t,c,l);if(!((m=b==null?void 0:b.cnf)!=null&&m.kid))throw T(uy,l);g.keyId=b.cnf.kid;break;case ee.SSH:g.keyId=u}return f&&Object.keys(f).length>0&&(g.additionalCacheKeyComponents=f),g}function iw(r,e,t,n,o,i,s){const a={credentialType:ue.REFRESH_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,lastUpdatedAt:Date.now().toString()};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function Ti(r){return r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("credentialType")&&r.hasOwnProperty("clientId")&&r.hasOwnProperty("secret")}function jh(r){return r?Ti(r)&&r.hasOwnProperty("realm")&&r.hasOwnProperty("target")&&(r.credentialType===ue.ACCESS_TOKEN||r.credentialType===ue.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function sw(r){return r?Ti(r)&&r.hasOwnProperty("realm")&&r.credentialType===ue.ID_TOKEN:!1}function zh(r){return r?Ti(r)&&r.credentialType===ue.REFRESH_TOKEN:!1}function aw(r,e){const t=r.indexOf(xd)===0;let n=!0;return e&&(n=e.hasOwnProperty("failedRequests")&&e.hasOwnProperty("errors")&&e.hasOwnProperty("cacheHits")),t&&n}function cw(r,e){let t=!1;r&&(t=r.indexOf(Md)===0);let n=!0;return e&&(n=e.hasOwnProperty("throttleTime")),t&&n}function hw({environment:r,clientId:e}){return[Ea,r,e].join(Nd).toLowerCase()}function lw(r,e){return e?r.indexOf(Ea)===0&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("environment"):!1}function dw(r,e){return e?r.indexOf(zs)===0&&e.hasOwnProperty("aliases")&&e.hasOwnProperty("preferred_cache")&&e.hasOwnProperty("preferred_network")&&e.hasOwnProperty("canonical_authority")&&e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("aliasesFromNetwork")&&e.hasOwnProperty("endpointsFromNetwork")&&e.hasOwnProperty("expiresAt")&&e.hasOwnProperty("jwks_uri"):!1}function Wh(){return it()+Wg}function So(r,e,t){r.authorization_endpoint=e.authorization_endpoint,r.token_endpoint=e.token_endpoint,r.end_session_endpoint=e.end_session_endpoint,r.issuer=e.issuer,r.endpointsFromNetwork=t,r.jwks_uri=e.jwks_uri}function cs(r,e,t){r.aliases=e.aliases,r.preferred_cache=e.preferred_cache,r.preferred_network=e.preferred_network,r.aliasesFromNetwork=t}function Jh(r){return r.expiresAt<=it()}/*! @azure/msal-common v16.10.0 2026-06-23 */const uw="networkClientSendPostRequestAsync",pw="refreshTokenClientExecutePostToTokenEndpoint",fw="authorizationCodeClientExecutePostToTokenEndpoint",gw="refreshTokenClientExecuteTokenRequest",mw="refreshTokenClientAcquireToken",hs="refreshTokenClientAcquireTokenWithCachedRefreshToken",yw="refreshTokenClientCreateTokenRequestBody",ww="silentFlowClientGenerateResultFromCacheRecord",Ga="getAuthCodeUrl",du="handleCodeResponseFromServer",vw="authClientExecuteTokenRequest",bw="authClientCreateTokenRequestBody",Cw="updateTokenEndpointAuthority",so="popTokenGenerateCnf",Va="handleServerTokenResponse",Tw="authorityResolveEndpointsAsync",kw="authorityGetCloudDiscoveryMetadataFromNetwork",_w="authorityUpdateCloudDiscoveryMetadata",Iw="authorityGetEndpointMetadataFromNetwork",Sw="authorityUpdateEndpointMetadata",Bh="authorityUpdateMetadataWithRegionalInformation",Ew="regionDiscoveryDetectRegion",Gh="regionDiscoveryGetRegionFromIMDS",Aw="regionDiscoveryGetCurrentVersion",Rw="cacheManagerGetRefreshToken",Pw="setUserData";/*! @azure/msal-common v16.10.0 2026-06-23 */const ze=(r,e,t,n,o)=>(...i)=>{t.trace(`1plfzx ${e}`,o);const s=n.startMeasurement(e,o);o&&n.incrementFields({[`ext.${e}CallCount`]:1},o);try{const a=r(...i);return s.end({success:!0}),t.trace(`1g8n6a ${e}`,o),a}catch(a){t.trace(`0cfd8i ${e}`,o);try{t.trace(JSON.stringify(a),o)}catch{t.trace("00dty7",o)}throw s.end({success:!1},a),a}},w=(r,e,t,n,o)=>(...i)=>{t.trace(`1plfzx ${e}`,o);const s=n.startMeasurement(e,o);return o&&n.incrementFields({[`ext.${e}CallCount`]:1},o),r(...i).then(a=>(t.trace(`1g8n6a ${e}`,o),s.end({success:!0}),a)).catch(a=>{t.trace(`0cfd8i ${e}`,o);try{t.trace(JSON.stringify(a),o)}catch{t.trace("00dty7",o)}throw s.end({success:!1},a),a})};/*! @azure/msal-common v16.10.0 2026-06-23 */const Ow={SW:"sw"};class qn{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){const n=await w(this.generateKid.bind(this),so,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:o}}async generateKid(e){return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Ow.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,o){const{resourceRequestMethod:i,resourceRequestUri:s,shrClaims:a,shrNonce:c,shrOptions:l}=n,h=s?new B(s,n.correlationId):void 0,d=h==null?void 0:h.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:it(),m:i==null?void 0:i.toUpperCase(),u:d==null?void 0:d.HostNameAndPort,nonce:c||this.cryptoUtils.createNewGuid(),p:d==null?void 0:d.AbsolutePath,q:d!=null&&d.QueryString?[[],d.QueryString]:void 0,client_claims:a||void 0,...o},t,l,n.correlationId)}}/*! @azure/msal-common v16.10.0 2026-06-23 */const Zs="no_tokens_found",Nw="native_account_unavailable",uu="refresh_token_expired",pu="ui_not_allowed",xw="interaction_required",Mw="consent_required",Uw="login_required",Za="bad_token",Dw="interrupted_user";/*! @azure/msal-common v16.10.0 2026-06-23 */const Vh=[xw,Mw,Uw,Za,pu,Dw],Lw=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token","ui_not_allowed","interrupted_user"];class st extends oe{constructor(e,t,n,o,i,s,a,c){super(e,t,n,o),Object.setPrototypeOf(this,st.prototype),this.timestamp=i||"",this.traceId=s||"",this.claims=a||"",this.name="InteractionRequiredAuthError",this.errorNo=c}}function fu(r,e,t){const n=!!r&&Vh.indexOf(r)>-1,o=!!t&&Lw.indexOf(t)>-1,i=!!e&&Vh.some(s=>e.indexOf(s)>-1);return n||i||o}function oi(r,e,t){return new st(r,e,t)}/*! @azure/msal-common v16.10.0 2026-06-23 */class In extends oe{constructor(e,t,n,o,i,s){super(e,t,n,o),this.name="ServerError",this.errorNo=i,this.status=s,Object.setPrototypeOf(this,In.prototype)}}/*! @azure/msal-common v16.10.0 2026-06-23 */function $a(r,e,t,n){const o=Hw(r,n,t);return e?`${o}${Ks}${e}`:o}function Hw(r,e,t){if(!r)throw T(Bd,e);const n={id:r.createNewGuid()};t&&(n.meta=t);const o=JSON.stringify(n);return r.base64Encode(o)}function ao(r,e,t){if(!r)throw T(Bd,t);if(!e)throw T(Jr,t);try{const n=e.split(Ks),o=n[0],i=n.length>1?n.slice(1).join(Ks):"",s=r(o),a=JSON.parse(s);return{userRequestState:i||"",libraryState:a}}catch{throw T(Jr,t)}}/*! @azure/msal-common v16.10.0 2026-06-23 */class Cn{constructor(e,t,n,o,i,s,a){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=o,this.performanceClient=i,this.serializableCache=s,this.persistencePlugin=a}validateTokenResponse(e,t,n){var o;if(e.error||e.error_description||e.suberror){const i=`Error(s): ${e.error_codes||kr} - Timestamp: ${e.timestamp||kr} - Description: ${e.error_description||kr} - Correlation ID: ${e.correlation_id||kr} - Trace ID: ${e.trace_id||kr}`,s=(o=e.error_codes)!=null&&o.length?e.error_codes[0]:void 0,a=new In(e.error||"",e.correlation_id||"",i,e.suberror,s,e.status);if(n&&e.status&&e.status>=Hg&&e.status<=Kg){this.logger.warning(`16ks7j ${a}`,t);return}else if(n&&e.status&&e.status>=Dg&&e.status<=Lg){this.logger.warning(`0g61x3 ${a}`,t);return}throw fu(e.error,e.error_description,e.suberror)?new st(e.error||"",e.correlation_id||"",e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.claims||"",s):a}}async handleServerTokenResponse(e,t,n,o,i,s,a,c,l,h,d){var y;let p;if(e.id_token&&(p=ft(e.id_token||"",this.cryptoObj.base64Decode,o.correlationId),s&&s.nonce&&p.nonce!==s.nonce))throw T(sy,o.correlationId);this.homeAccountIdentifier=au(e.client_info||"",t.authorityType,this.logger,this.cryptoObj,o.correlationId,p);let u;s&&s.state&&(u=ao(this.cryptoObj.base64Decode,s.state,o.correlationId)),e.key_id=e.key_id||o.sshKid||void 0;const f=this.generateCacheRecord(e,t,n,o,p,a,s,d);let g;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("0jbz5k",o.correlationId),g=new rw(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(g)),c&&!l&&f.account&&this.cacheStorage.getAllAccounts({homeAccountId:f.account.homeAccountId,environment:f.account.environment},o.correlationId).length<1)return this.logger.warning("1gmt66",o.correlationId),(y=this.performanceClient)==null||y.addFields({acntLoggedOut:!0},o.correlationId),await Cn.generateAuthenticationResult(this.cryptoObj,t,f,!1,o,this.performanceClient,p,u,void 0,h);await this.cacheStorage.saveCacheRecord(f,o.correlationId,mt(p||{}),i,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&g&&(this.logger.verbose("1bh17u",o.correlationId),await this.persistencePlugin.afterCacheAccess(g))}return Cn.generateAuthenticationResult(this.cryptoObj,t,f,!1,o,this.performanceClient,p,u,e,h)}generateCacheRecord(e,t,n,o,i,s,a,c){var y;const l=t.getPreferredCache();if(!l)throw T(Jd,o.correlationId);const h=Ja(i);let d,p;e.id_token&&i&&(d=bi(this.homeAccountIdentifier,l,e.id_token,this.clientId,h||""),p=gu(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,o.correlationId,i,e.client_info,l,h,a,void 0,this.logger,this.performanceClient));let u=null;if(e.access_token){const m=e.scope?Ce.fromString(e.scope,o.correlationId):new Ce(o.scopes||[],o.correlationId),b=(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,C=(typeof e.ext_expires_in=="string"?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,k=(typeof e.refresh_in=="string"?parseInt(e.refresh_in,10):e.refresh_in)||void 0,_=n+b,O=_+C,S=k&&k>0?n+k:void 0;u=Ci(this.homeAccountIdentifier,l,e.access_token,this.clientId,h||t.tenant||"",m.printScopes(),_,O,this.cryptoObj.base64Decode,o.correlationId,S,e.token_type,s,e.key_id,c);const x=o.resource||null;x&&(u.resource=x)}let f=null;if(e.refresh_token){let m;if(e.refresh_token_expires_in){const b=typeof e.refresh_token_expires_in=="string"?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in;m=n+b,(y=this.performanceClient)==null||y.addFields({ntwkRtExpiresOnSeconds:m},o.correlationId)}f=iw(this.homeAccountIdentifier,l,e.refresh_token,this.clientId,e.foci,s,m)}let g=null;return e.foci&&(g={clientId:this.clientId,environment:l,familyId:e.foci}),{account:p,idToken:d,accessToken:u,refreshToken:f,appMetadata:g}}static async generateAuthenticationResult(e,t,n,o,i,s,a,c,l,h){var k,_,O,S,x;let d="",p=[],u=null,f,g,y="";if(n.accessToken){if(n.accessToken.tokenType===ee.POP&&!i.popKid){const te=new qn(e,s),{secret:re,keyId:Q}=n.accessToken;if(!Q)throw T(Gd,i.correlationId);d=await te.signPopToken(re,Q,i)}else d=n.accessToken.secret;p=Ce.fromString(n.accessToken.target,i.correlationId).asArray(),u=Mo(n.accessToken.expiresOn),f=Mo(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(g=Mo(n.accessToken.refreshOn))}n.appMetadata&&(y=n.appMetadata.familyId===Zo?Zo:"");const m=(a==null?void 0:a.oid)||(a==null?void 0:a.sub)||"",b=(a==null?void 0:a.tid)||"";if(l!=null&&l.spa_accountid&&n.account){n.account.nativeAccountId=l==null?void 0:l.spa_accountid;const te=b||n.account.realm;if(n.account.tenantProfiles){const re=n.account.tenantProfiles.find(Q=>Q.tenantId===te);re&&(re.nativeAccountId=l.spa_accountid)}}const C=n.account?qo(bn(n.account),void 0,a,(k=n.idToken)==null?void 0:k.secret):null;return{authority:t.canonicalAuthority,uniqueId:m,tenantId:b,scopes:p,account:C,idToken:((_=n==null?void 0:n.idToken)==null?void 0:_.secret)||"",idTokenClaims:a||{},accessToken:d,fromCache:o,expiresOn:u,extExpiresOn:f,refreshOn:g,correlationId:i.correlationId,requestId:h||"",familyId:y,tokenType:((O=n.accessToken)==null?void 0:O.tokenType)||"",state:c?c.userRequestState:"",cloudGraphHostName:((S=n.account)==null?void 0:S.cloudGraphHostName)||"",msGraphHost:((x=n.account)==null?void 0:x.msGraphHost)||"",code:l==null?void 0:l.spa_code,fromPlatformBroker:!1}}}function gu(r,e,t,n,o,i,s,a,c,l,h,d,p){d==null||d.verbose("09jz0t",o);const u=a||e.getPreferredCache(),f=r.getAccountsFilteredBy({homeAccountId:t,environment:u},o);p==null||p.addFields({cacheMatchedAccounts:f.length},o),f.length>1&&(d==null||d.warning("0x7ad1",o));const y=(f.length===1?f[0]:null)||By({homeAccountId:t,idTokenClaims:i,clientInfo:s,environment:a,cloudGraphHostName:l==null?void 0:l.cloud_graph_host_name,msGraphHost:l==null?void 0:l.msgraph_host,nativeAccountId:h},e,o,n),m=y.tenantProfiles||[],b=c||y.realm;if(b&&!m.find(C=>C.tenantId===b)){const C=ar(t,y.localAccountId,b,h,i);m.push(C)}return y.tenantProfiles=m,y}/*! @azure/msal-common v16.10.0 2026-06-23 */const tt={HOME_ACCOUNT_ID:"home_account_id",UPN:"UPN"};/*! @azure/msal-common v16.10.0 2026-06-23 */async function mu(r,e,t,n){return typeof r=="string"?r:r({clientId:e,tokenEndpoint:t,fmiPath:n})}/*! @azure/msal-common v16.10.0 2026-06-23 */function ki(r,e,t){var n;return{clientId:r,authority:e.authority,scopes:e.scopes,homeAccountIdentifier:t,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid,embeddedClientId:e.embeddedClientId||((n=e.extraParameters)==null?void 0:n.clientId)}}/*! @azure/msal-common v16.10.0 2026-06-23 */class pt{static generateThrottlingStorageKey(e){return`${Md}.${JSON.stringify(e)}`}static preProcess(e,t,n){var s;const o=pt.generateThrottlingStorageKey(t),i=e.getThrottlingCache(o,n);if(i){if(i.throttleTime<Date.now()){e.removeItem(o,n);return}throw new In(((s=i.errorCodes)==null?void 0:s.join(" "))||"",n,i.errorMessage,i.subError)}}static postProcess(e,t,n,o){if(pt.checkResponseStatus(n)||pt.checkResponseForRetryAfter(n)){const i={throttleTime:pt.calculateThrottleTime(parseInt(n.headers[Ae.RETRY_AFTER])),error:n.body.error,errorCodes:n.body.error_codes,errorMessage:n.body.error_description,subError:n.body.suberror};e.setThrottlingCache(pt.generateThrottlingStorageKey(t),i,o)}}static checkResponseStatus(e){return e.status===429||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(Ae.RETRY_AFTER)&&(e.status<200||e.status>=300):!1}static calculateThrottleTime(e){const t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t||$g),n+Xg)*1e3)}static removeThrottle(e,t,n,o){const i=ki(t,n,o),s=this.generateThrottlingStorageKey(i);e.removeItem(s,n.correlationId)}}/*! @azure/msal-common v16.10.0 2026-06-23 */class _i extends oe{constructor(e,t,n){super(e.errorCode,e.correlationId,e.errorMessage,e.subError),Object.setPrototypeOf(this,_i.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=n}}function Pr(r,e,t,n){return r.errorMessage=`${r.errorMessage}, additionalErrorInfo: error.name:${n==null?void 0:n.name}, error.message:${n==null?void 0:n.message}`,new _i(r,e,t)}/*! @azure/msal-common v16.10.0 2026-06-23 */function yu(r,e,t){const n={};if(n[Ae.CONTENT_TYPE]=Rg,!e&&t)switch(t.type){case tt.HOME_ACCOUNT_ID:try{const o=Bn(t.credential);n[Ae.CCS_HEADER]=`Oid:${o.uid}@${o.utid}`}catch(o){r.verbose(`1qhtee ${o}`,"")}break;case tt.UPN:n[Ae.CCS_HEADER]=`UPN: ${t.credential}`;break}return n}function wu(r,e,t,n){const o=new Map;return r.embeddedClientId&&vi(o,e,t),r.extraQueryParameters&&gt(o,r.extraQueryParameters),oo(o,r.correlationId),wi(o,r.correlationId,n),Br(o)}async function vu(r,e,t,n,o,i,s,a,c,l){const h=await Kw(n,r,{body:e,headers:t},o,i,s,a,c);return l&&h.status<500&&h.status!==429&&l.clearTelemetryCache(),h}async function Kw(r,e,t,n,o,i,s,a){var l;pt.preProcess(o,r,n);let c;try{c=await w(i.sendPostRequestAsync.bind(i),uw,s,a,n)(e,t);const h=c.headers||{};a==null||a.addFields({refreshTokenSize:((l=c.body.refresh_token)==null?void 0:l.length)||0,httpVerToken:h[Ae.X_MS_HTTP_VERSION]||"",requestId:h[Ae.X_MS_REQUEST_ID]||""},n)}catch(h){if(h instanceof _i){const d=h.responseHeaders;throw d&&(a==null||a.addFields({httpVerToken:d[Ae.X_MS_HTTP_VERSION]||"",requestId:d[Ae.X_MS_REQUEST_ID]||"",contentTypeHeader:d[Ae.CONTENT_TYPE]||void 0,contentLengthHeader:d[Ae.CONTENT_LENGTH]||void 0,httpStatus:h.httpStatus},n)),h.error}throw h instanceof oe?h:T(ny,n)}return pt.postProcess(o,r,c,n),c}/*! @azure/msal-common v16.10.0 2026-06-23 */function Fw(r){return r.hasOwnProperty("authorization_endpoint")&&r.hasOwnProperty("token_endpoint")&&r.hasOwnProperty("issuer")&&r.hasOwnProperty("jwks_uri")}/*! @azure/msal-common v16.10.0 2026-06-23 */function jw(r){return r.hasOwnProperty("tenant_discovery_endpoint")&&r.hasOwnProperty("metadata")}/*! @azure/msal-common v16.10.0 2026-06-23 */function zw(r){return r.hasOwnProperty("error")&&r.hasOwnProperty("error_description")}/*! @azure/msal-common v16.10.0 2026-06-23 */class Ii{constructor(e,t,n,o){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=o}async detectRegion(e,t){var o,i;let n=e;if(n)t.region_source=Nn.ENVIRONMENT_VARIABLE;else{const s=Ii.IMDS_OPTIONS;try{const a=await w(this.getRegionFromIMDS.bind(this),Gh,this.logger,this.performanceClient,this.correlationId)(Pg,s);if(a.status===Ih&&(n=(o=a.body)==null?void 0:o.location,n&&(t.region_source=Nn.IMDS)),a.status===Sh){const c=await w(this.getCurrentVersion.bind(this),Aw,this.logger,this.performanceClient,this.correlationId)(s);if(!c)return t.region_source=Nn.FAILED_AUTO_DETECTION,null;const l=await w(this.getRegionFromIMDS.bind(this),Gh,this.logger,this.performanceClient,this.correlationId)(c,s);l.status===Ih&&(n=(i=l.body)==null?void 0:i.location,n&&(t.region_source=Nn.IMDS))}}catch{return t.region_source=Nn.FAILED_AUTO_DETECTION,null}}return n||(t.region_source=Nn.FAILED_AUTO_DETECTION),n||null}async getRegionFromIMDS(e,t){return this.networkInterface.sendGetRequestAsync(`${kh}?api-version=${e}`,t,Og)}async getCurrentVersion(e){try{const t=await this.networkInterface.sendGetRequestAsync(`${kh}?format=json`,e);return t.status===Sh&&t.body&&t.body["newest-versions"]&&t.body["newest-versions"].length>0?t.body["newest-versions"][0]:null}catch{return null}}}Ii.IMDS_OPTIONS={headers:{Metadata:"true"}};/*! @azure/msal-common v16.10.0 2026-06-23 */class Oe{constructor(e,t,n,o,i,s,a,c){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=o,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=i,this.performanceClient=a,this.correlationId=s,this.managedIdentity=c||!1,this.regionDiscovery=new Ii(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(os))return Ze.Ciam;const t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case Ig:return Ze.Adfs;case Sg:return Ze.Dsts}return Ze.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new B(e,this.correlationId),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw T(zt,this.correlationId)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw T(zt,this.correlationId)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw T(zt,this.correlationId)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw T(gy,this.correlationId);return this.replacePath(this.metadata.end_session_endpoint)}else throw T(zt,this.correlationId)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw T(zt,this.correlationId)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw T(zt,this.correlationId)}canReplaceTenant(e){return e.PathSegments.length===1&&!Oe.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===Ze.Default&&this.protocolMode!==Me.OIDC}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const o=new B(this.metadata.canonical_authority,this.correlationId).getUrlComponents(),i=o.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((a,c)=>{let l=i[c];if(c===0&&this.canReplaceTenant(o)){const h=new B(this.metadata.authorization_endpoint,this.correlationId).getUrlComponents().PathSegments[0];l!==h&&(this.logger.verbose(`1q3g2x ${l} ${h}`,this.correlationId),l=h)}a!==l&&(t=t.replace(`/${l}/`,`/${a}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===Ze.Adfs||this.protocolMode===Me.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){var o;const e=this.getCurrentMetadataEntity(),t=await w(this.updateCloudDiscoveryMetadata.bind(this),_w,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const n=await w(this.updateEndpointMetadata.bind(this),Sw,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),(o=this.performanceClient)==null||o.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort,this.correlationId);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:Wh(),jwks_uri:""}),e}updateCachedMetadata(e,t,n){t!==De.CACHE&&(n==null?void 0:n.source)!==De.CACHE&&(e.expiresAt=Wh(),e.canonical_authority=this.canonicalAuthority);const o=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache,this.correlationId);this.cacheManager.setAuthorityMetadata(o,e,this.correlationId),this.metadata=e}async updateEndpointMetadata(e){var o,i;const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===De.HARDCODED_VALUES&&(o=this.authorityOptions.azureRegionConfiguration)!=null&&o.azureRegion&&t.metadata){const s=await w(this.updateMetadataWithRegionalInformation.bind(this),Bh,this.logger,this.performanceClient,this.correlationId)(t.metadata);So(e,s,!1),e.canonical_authority=this.canonicalAuthority}return t.source}let n=await w(this.getEndpointMetadataFromNetwork.bind(this),Iw,this.logger,this.performanceClient,this.correlationId)();if(n)return this.validateIssuer(n.issuer),(i=this.authorityOptions.azureRegionConfiguration)!=null&&i.azureRegion&&(n=await w(this.updateMetadataWithRegionalInformation.bind(this),Bh,this.logger,this.performanceClient,this.correlationId)(n)),So(e,n,!0),De.NETWORK;throw T(ry,this.defaultOpenIdConfigurationEndpoint,this.correlationId)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("1fi0kc",this.correlationId);const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("06t0uj",this.correlationId),So(e,t,!1),{source:De.CONFIG};this.logger.verbose("151k0p",this.correlationId);const n=this.getEndpointMetadataFromHardcodedValues();if(n)return So(e,n,!1),{source:De.HARDCODED_VALUES,metadata:n};this.logger.verbose("1imop5",this.correlationId);const o=Jh(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!o?(this.logger.verbose("16uq31",""),{source:De.CACHE}):(o&&this.logger.verbose("0uoibc",""),null)}isAuthoritySameType(e){return new B(e.canonical_authority,this.correlationId).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw V(Gm,this.correlationId)}return null}async getEndpointMetadataFromNetwork(){const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`1y65x6 ${t}`,this.correlationId);try{const n=await this.networkInterface.sendGetRequestAsync(t,e);return Fw(n.body)?n.body:(this.logger.verbose("1koyv8",this.correlationId),null)}catch(n){return this.logger.verbose(`0a9wik ${n}`,this.correlationId),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in Hh?Hh[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){var n,o;const t=(n=this.authorityOptions.azureRegionConfiguration)==null?void 0:n.azureRegion;if(t){if(t!==Ng)return this.regionDiscoveryMetadata.region_outcome=ss.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=t,Oe.replaceWithRegionalInformation(e,t,this.correlationId);const i=await w(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),Ew,this.logger,this.performanceClient,this.correlationId)((o=this.authorityOptions.azureRegionConfiguration)==null?void 0:o.environmentRegion,this.regionDiscoveryMetadata);if(i)return this.regionDiscoveryMetadata.region_outcome=ss.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=i,Oe.replaceWithRegionalInformation(e,i,this.correlationId);this.regionDiscoveryMetadata.region_outcome=ss.AUTO_DETECTION_REQUESTED_FAILED}return e}async updateCloudDiscoveryMetadata(e){const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const n=await w(this.getCloudDiscoveryMetadataFromNetwork.bind(this),kw,this.logger,this.performanceClient,this.correlationId)();if(n)return cs(e,n,!0),De.NETWORK;throw V(Vm,this.correlationId)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("1tpqlr",this.correlationId),this.logger.verbosePii(`1fy7uz ${this.authorityOptions.knownAuthorities||is}`,this.correlationId),this.logger.verbosePii(`08zabj ${this.authorityOptions.authorityMetadata||is}`,this.correlationId),this.logger.verbosePii(`1o1kv3 ${e.canonical_authority||is}`,this.correlationId);const t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose("1nakio",this.correlationId),cs(e,t,!1),De.CONFIG;this.logger.verbose("1x74aj",this.correlationId);const n=Wy(this.hostnameAndPort);if(n)return this.logger.verbose("0by47c",this.correlationId),cs(e,n,!1),De.HARDCODED_VALUES;this.logger.verbose("0r2fzy",this.correlationId);const o=Jh(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!o?(this.logger.verbose("1uffgh",""),De.CACHE):(o&&this.logger.verbose("0uoibc",""),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===Ze.Ciam)return this.logger.verbose("04y84h",this.correlationId),Oe.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("0gszr3",this.correlationId);try{this.logger.verbose("1iifkx",this.correlationId);const e=JSON.parse(this.authorityOptions.cloudDiscoveryMetadata),t=ei(e.metadata,this.hostnameAndPort);if(this.logger.verbose("0q67e3",""),t)return this.logger.verbose("0hzfao",this.correlationId),t;this.logger.verbose("1ajz3u",this.correlationId)}catch{throw this.logger.verbose("1wq5tu",this.correlationId),V(Fd,this.correlationId)}}return this.isInKnownAuthorities(this.hostnameAndPort)?(this.logger.verbose("0mt9al",this.correlationId),Oe.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){const e=`${Eg}${this.canonicalAuthority}oauth2/v2.0/authorize`,t={};let n=null;try{const o=await this.networkInterface.sendGetRequestAsync(e,t);let i,s;if(jw(o.body))i=o.body,s=i.metadata,this.logger.verbosePii(`1vglyt ${i.tenant_discovery_endpoint}`,this.correlationId);else if(zw(o.body)){if(this.logger.warning(`062uto ${o.status}`,this.correlationId),i=o.body,i.error===Ug)return this.logger.error("1x90tm",this.correlationId),null;this.logger.warning(`0wchdm ${i.error}`,this.correlationId),this.logger.warning(`1s5mpv ${i.error_description}`,this.correlationId),this.logger.warning("1yhqpw",this.correlationId),s=[]}else return this.logger.error("0768g0",this.correlationId),null;this.logger.verbose("1lrobr",this.correlationId),n=ei(s,this.hostnameAndPort)}catch(o){if(o instanceof oe)this.logger.error(`0vwhc7 ${o.errorCode} ${o.errorMessage}`,this.correlationId);else{const i=o;this.logger.error(`0s2z41 ${i.name} ${i.message}`,this.correlationId)}return null}return n||(this.logger.warning("0jp28q",this.correlationId),this.logger.verbose("130sd8",this.correlationId),n=Oe.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(e){const t=e.toLowerCase();return this.authorityOptions.knownAuthorities.filter(o=>o&&B.getDomainFromUrl(o,this.correlationId).toLowerCase()===t).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==za.None){const o=t.tenant?t.tenant:Ed;n=`${t.azureCloudInstance}/${o}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return _g;if(this.discoveryComplete())return this.metadata.preferred_cache;throw T(zt,this.correlationId)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return su.has(e)}validateIssuer(e){if(!e)throw V(as,this.correlationId);let t;try{t=new URL(e)}catch{throw V(as,this.correlationId)}const n=t.protocol,o=t.host,i=(this.canonicalAuthorityUrlComponents.Protocol||"").toLowerCase(),s=(this.canonicalAuthorityUrlComponents.HostNameAndPort||"").toLowerCase(),a=this.matchesAuthorityOrigin(n,o,i,s),c=n==="https:"&&this.isAliasOfKnownMicrosoftAuthority(o),l=n==="https:"&&this.matchesRegionalMicrosoftHost(o),h=this.matchesCiamTenantPattern(t,s,this.canonicalAuthorityUrlComponents.PathSegments),d=n==="https:"&&this.isInKnownAuthorities(o);if(!(a||c||l||h||d))throw V(as,this.correlationId)}matchesAuthorityOrigin(e,t,n,o){return e===n&&t===o}matchesRegionalMicrosoftHost(e){const t=e.indexOf(".");if(t>0&&t<e.length-1){const n=e.substring(t+1);return this.isAliasOfKnownMicrosoftAuthority(n)}return!1}matchesCiamTenantPattern(e,t,n){const o=n[0],i=o?o.endsWith(Tr)?o.slice(0,-Tr.length):o:t.split(".")[0];if(!i)return!1;const s=`https://${i}${os}`,a=[s,`${s}/${i}`,`${s}/${i}/v2.0`,`${s}/${i}${Tr}`,`${s}/${i}${Tr}/v2.0`],c=e.pathname.replace(/\/+$/,""),l=`${e.protocol}//${e.host}${c}`;return a.some(h=>h===l)}static isPublicCloudAuthority(e){return Mg.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n,o){const i=new B(e,n);i.validateAsUri();const s=i.getUrlComponents();let a=`${t}.${s.HostNameAndPort}`;this.isPublicCloudAuthority(s.HostNameAndPort)&&(a=`${t}.${xg}`);const c=B.constructAuthorityUriFromObject({...i.getUrlComponents(),HostNameAndPort:a},n).urlString;return o?`${c}?${o}`:c}static replaceWithRegionalInformation(e,t,n){const o={...e};return o.authorization_endpoint=Oe.buildRegionalAuthorityString(o.authorization_endpoint,t,n),o.token_endpoint=Oe.buildRegionalAuthorityString(o.token_endpoint,t,n),o.end_session_endpoint&&(o.end_session_endpoint=Oe.buildRegionalAuthorityString(o.end_session_endpoint,t,n)),o}static transformCIAMAuthority(e,t){let n=e;const i=new B(e,t).getUrlComponents();if(i.PathSegments.length===0&&i.HostNameAndPort.endsWith(os)){const s=i.HostNameAndPort.split(".")[0];n=`${n}${s}${Tr}`}return n}}Oe.reservedTenantDomains=new Set(["{tenant}","{tenantid}",Xt.COMMON,Xt.CONSUMERS,Xt.ORGANIZATIONS]);function Ww(r,e){var i;const o=(i=new B(r,e).getUrlComponents().PathSegments.slice(-1)[0])==null?void 0:i.toLowerCase();switch(o){case Xt.COMMON:case Xt.ORGANIZATIONS:case Xt.CONSUMERS:return;default:return o}}function bu(r){return r.endsWith(Fs)?r:`${r}${Fs}`}function Jw(r){const e=r.cloudDiscoveryMetadata;let t;if(e)try{t=JSON.parse(e)}catch{throw V(Fd,"")}return{canonicalAuthority:r.authority?bu(r.authority):void 0,knownAuthorities:r.knownAuthorities,cloudDiscoveryMetadata:t}}/*! @azure/msal-common v16.10.0 2026-06-23 */async function Cu(r,e,t,n,o,i,s){const a=Oe.transformCIAMAuthority(bu(r),i),c=new Oe(a,e,t,n,o,i,s);try{return await w(c.resolveEndpointsAsync.bind(c),Tw,o,s,i)(),c}catch{throw T(zt,i)}}/*! @azure/msal-common v16.10.0 2026-06-23 */class Tu{constructor(e,t){var n;this.includeRedirectUri=!0,this.config=Ba(e),this.logger=new ot(this.config.loggerOptions,io,sr),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t,this.oidcDefaultScopes=(n=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:n.defaultScopes}async acquireToken(e,t,n){var c;if(!e.code)throw T(cy,e.correlationId);n&&n.cloud_instance_host_name&&await w(this.updateTokenEndpointAuthority.bind(this),Cw,this.logger,this.performanceClient,e.correlationId)(n.cloud_instance_host_name,e.correlationId);const o=it(),i=await w(this.executeTokenRequest.bind(this),vw,this.logger,this.performanceClient,e.correlationId)(this.authority,e,this.serverTelemetryManager),s=(c=i.headers)==null?void 0:c[Ae.X_MS_REQUEST_ID],a=new Cn(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return a.validateTokenResponse(i.body,e.correlationId),w(a.handleServerTokenResponse.bind(a),Va,this.logger,this.performanceClient,e.correlationId)(i.body,this.authority,o,e,t,n,void 0,void 0,void 0,s)}getLogoutUri(e){if(!e)throw V(Bm,"");const t=this.createLogoutUrlQueryString(e);return B.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t,n){const o=wu(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient),i=B.appendQueryString(e.tokenEndpoint,o),s=await w(this.createTokenRequestBody.bind(this),bw,this.logger,this.performanceClient,t.correlationId)(t);let a;if(t.clientInfo)try{const h=ti(t.clientInfo,this.cryptoUtils.base64Decode);a={credential:`${h.uid}${js}${h.utid}`,type:tt.HOME_ACCOUNT_ID}}catch(h){this.logger.verbose(`0wznt3 ${h}`,t.correlationId)}const c=yu(this.logger,this.config.systemOptions.preventCorsPreflight,a||t.ccsCredential),l=ki(this.config.authOptions.clientId,t);return w(vu,fw,this.logger,this.performanceClient,t.correlationId)(i,s,c,l,t.correlationId,this.cacheManager,this.networkClient,this.logger,this.performanceClient,n)}async createTokenRequestBody(e){var o;const t=new Map;if(Ma(t,e.embeddedClientId||((o=e.extraParameters)==null?void 0:o[vn])||this.config.authOptions.clientId),this.includeRedirectUri)Ua(t,e.redirectUri);else if(!e.redirectUri)throw V(Km,e.correlationId);if(xa(t,e.scopes,e.correlationId,!0,this.oidcDefaultScopes),ru(t,e.resource),Iy(t,e.code),La(t,this.config.libraryInfo),Ha(t,this.config.telemetry.application),nu(t),this.serverTelemetryManager&&!lu(this.config)&&tu(t,this.serverTelemetryManager),e.codeVerifier&&Ey(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&Zd(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const i=this.config.clientCredentials.clientAssertion;$d(t,await mu(i.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),Xd(t,i.assertionType)}if(Yd(t,Pd.AUTHORIZATION_CODE_GRANT),Fa(t),e.authenticationScheme===ee.POP){const i=new qn(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await w(i.generateCnf.bind(i),so,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,ja(t,s)}else if(e.authenticationScheme===ee.SSH)if(e.sshJwk)eu(t,e.sshJwk);else throw V(Oa,e.correlationId);let n;if(e.clientInfo)try{const i=ti(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${i.uid}${js}${i.utid}`,type:tt.HOME_ACCOUNT_ID}}catch(i){this.logger.verbose(`0wznt3 ${i}`,e.correlationId)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case tt.HOME_ACCOUNT_ID:try{const i=Bn(n.credential);Lr(t,i)}catch(i){this.logger.verbose(`1qhtee ${i}`,e.correlationId)}break;case tt.UPN:Xo(t,n.credential);break}return e.embeddedClientId&&vi(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.extraParameters&&gt(t,e.extraParameters),e.enableSpaAuthorizationCode&&(!e.extraParameters||!e.extraParameters[Oh])&&gt(t,{[Oh]:"1"}),wi(t,e.correlationId,this.performanceClient),Da(t,e.correlationId,e.claims,this.config.authOptions.clientCapabilities,e.skipBrokerClaims),Br(t)}createLogoutUrlQueryString(e){const t=new Map;return e.postLogoutRedirectUri&&by(t,e.postLogoutRedirectUri),e.correlationId&&oo(t,e.correlationId),e.idTokenHint&&Cy(t,e.idTokenHint),e.state&&Vd(t,e.state),e.logoutHint&&Py(t,e.logoutHint),e.extraQueryParameters&&gt(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&Qd(t),Br(t)}async updateTokenEndpointAuthority(e,t){const n=`https://${e}/${this.authority.tenant}/`,o=await Cu(n,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=o}}/*! @azure/msal-common v16.10.0 2026-06-23 */const Bw=300;class Gw{constructor(e,t){this.config=Ba(e),this.logger=new ot(this.config.loggerOptions,io,sr),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}async acquireToken(e,t){var a;const n=it(),o=await w(this.executeTokenRequest.bind(this),gw,this.logger,this.performanceClient,e.correlationId)(e,this.authority),i=(a=o.headers)==null?void 0:a[Ae.X_MS_REQUEST_ID],s=new Cn(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return s.validateTokenResponse(o.body,e.correlationId),w(s.handleServerTokenResponse.bind(s),Va,this.logger,this.performanceClient,e.correlationId)(o.body,this.authority,n,e,t,void 0,void 0,!0,e.forceCache,i)}async acquireTokenByRefreshToken(e,t){if(!e)throw V(Jm,"");if(!e.account)throw T(Wd,e.correlationId);if(this.cacheManager.isAppMetadataFOCI(e.account.environment,e.correlationId))try{return await w(this.acquireTokenWithCachedRefreshToken.bind(this),hs,this.logger,this.performanceClient,e.correlationId)(e,!0,t)}catch(o){const i=o instanceof st&&o.errorCode===Zs,s=o instanceof In&&o.errorCode===Qg&&o.subError===qg;if(i||s)return w(this.acquireTokenWithCachedRefreshToken.bind(this),hs,this.logger,this.performanceClient,e.correlationId)(e,!1,t);throw o}return w(this.acquireTokenWithCachedRefreshToken.bind(this),hs,this.logger,this.performanceClient,e.correlationId)(e,!1,t)}async acquireTokenWithCachedRefreshToken(e,t,n){var s;const o=ze(this.cacheManager.getRefreshToken.bind(this.cacheManager),Rw,this.logger,this.performanceClient,e.correlationId)(e.account,t,e.correlationId,void 0);if(!o)throw oi(Zs,e.correlationId);if(o.expiresOn){const a=e.refreshTokenExpirationOffsetSeconds||Bw;if((s=this.performanceClient)==null||s.addFields({cacheRtExpiresOnSeconds:Number(o.expiresOn),rtOffsetSeconds:a},e.correlationId),ri(o.expiresOn,a))throw oi(uu,e.correlationId)}const i={...e,refreshToken:o.secret,authenticationScheme:e.authenticationScheme||ee.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:tt.HOME_ACCOUNT_ID}};try{return await w(this.acquireToken.bind(this),mw,this.logger,this.performanceClient,e.correlationId)(i,n)}catch(a){if(a instanceof st&&a.subError===Za){this.logger.verbose("1pg3ap",e.correlationId);const c=this.cacheManager.generateCredentialKey(o);this.cacheManager.removeRefreshToken(c,e.correlationId)}throw a}}async executeTokenRequest(e,t){const n=wu(e,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient),o=B.appendQueryString(t.tokenEndpoint,n),i=await w(this.createTokenRequestBody.bind(this),yw,this.logger,this.performanceClient,e.correlationId)(e),s=yu(this.logger,this.config.systemOptions.preventCorsPreflight,e.ccsCredential),a=ki(this.config.authOptions.clientId,e);return w(vu,pw,this.logger,this.performanceClient,e.correlationId)(o,i,s,a,e.correlationId,this.cacheManager,this.networkClient,this.logger,this.performanceClient,this.serverTelemetryManager)}async createTokenRequestBody(e){var n,o;const t=new Map;if(Ma(t,e.embeddedClientId||((n=e.extraParameters)==null?void 0:n[vn])||this.config.authOptions.clientId),e.redirectUri&&Ua(t,e.redirectUri),xa(t,e.scopes,e.correlationId,!0,(o=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:o.defaultScopes),Yd(t,Pd.REFRESH_TOKEN_GRANT),Fa(t),La(t,this.config.libraryInfo),Ha(t,this.config.telemetry.application),nu(t),this.serverTelemetryManager&&!lu(this.config)&&tu(t,this.serverTelemetryManager),Sy(t,e.refreshToken),this.config.clientCredentials.clientSecret&&Zd(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const i=this.config.clientCredentials.clientAssertion;$d(t,await mu(i.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),Xd(t,i.assertionType)}if(e.authenticationScheme===ee.POP){const i=new qn(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await w(i.generateCnf.bind(i),so,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,ja(t,s)}else if(e.authenticationScheme===ee.SSH)if(e.sshJwk)eu(t,e.sshJwk);else throw V(Oa,e.correlationId);if(this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case tt.HOME_ACCOUNT_ID:try{const i=Bn(e.ccsCredential.credential);Lr(t,i)}catch(i){this.logger.verbose(`1qhtee ${i}`,e.correlationId)}break;case tt.UPN:Xo(t,e.ccsCredential.credential);break}return e.embeddedClientId&&vi(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.extraParameters&&gt(t,{...e.extraParameters}),wi(t,e.correlationId,this.performanceClient),Da(t,e.correlationId,e.claims,this.config.authOptions.clientCapabilities,e.skipBrokerClaims),Br(t)}}/*! @azure/msal-common v16.10.0 2026-06-23 */class Vw{constructor(e,t){this.config=Ba(e),this.logger=new ot(this.config.loggerOptions,io,sr),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}async acquireCachedToken(e){let t=jt.NOT_APPLICABLE;if(e.forceRefresh||!mn.isEmptyObj(e.claims))throw this.setCacheOutcome(jt.FORCE_REFRESH_OR_CLAIMS,e.correlationId),T(Zt,e.correlationId);if(!e.account)throw T(Wd,e.correlationId);const n=e.account.tenantId||Ww(e.authority,e.correlationId),o=this.cacheManager.getTokenKeys(),i=this.cacheManager.getAccessToken(e.account,e,o,n);if(i){if(ow(i.cachedAt)||ri(i.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(jt.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),T(Zt,e.correlationId);if(e.resource){if(i.resource!==e.resource)throw this.setCacheOutcome(jt.NO_CACHED_ACCESS_TOKEN,e.correlationId),T(Zt,e.correlationId)}else i.refreshOn&&ri(i.refreshOn,0)&&(t=jt.PROACTIVELY_REFRESHED)}else throw this.setCacheOutcome(jt.NO_CACHED_ACCESS_TOKEN,e.correlationId),T(Zt,e.correlationId);const s=e.authority||this.authority.getPreferredCache(),a={account:this.cacheManager.getAccount(this.cacheManager.generateAccountKey(e.account),e.correlationId),accessToken:i,idToken:this.cacheManager.getIdToken(e.account,e.correlationId,o,n),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(s,e.correlationId)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await w(this.generateResultFromCacheRecord.bind(this),ww,this.logger,this.performanceClient,e.correlationId)(a,e),t]}setCacheOutcome(e,t){var n,o;(n=this.serverTelemetryManager)==null||n.setCacheOutcome(e),(o=this.performanceClient)==null||o.addFields({cacheOutcome:e},t),e!==jt.NOT_APPLICABLE&&this.logger.info(`09ingz ${e}`,t)}async generateResultFromCacheRecord(e,t){let n;return e.idToken&&(n=ft(e.idToken.secret,this.config.cryptoInterface.base64Decode,t.correlationId)),Cn.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,this.performanceClient,n)}}/*! @azure/msal-common v16.10.0 2026-06-23 */const Zw={sendGetRequestAsync:()=>Promise.reject(T(D,"")),sendPostRequestAsync:()=>Promise.reject(T(D,""))};/*! @azure/msal-common v16.10.0 2026-06-23 */function $w(r,e,t,n){var a,c;const o=e.correlationId,i=new Map;Ma(i,e.embeddedClientId||((a=e.extraQueryParameters)==null?void 0:a[vn])||r.clientId);const s=[...e.scopes||[],...e.extraScopesToConsent||[]];if(xa(i,s,e.correlationId,!0,(c=r.authority.options.OIDCOptions)==null?void 0:c.defaultScopes),ru(i,e.resource),Ua(i,e.redirectUri),oo(i,o),wy(i,e.responseMode),Fa(i),Ay(i),e.prompt&&(ky(i,e.prompt),n==null||n.addFields({prompt:e.prompt},o)),e.domainHint&&(Ty(i,e.domainHint),n==null||n.addFields({domainHintFromRequest:!0},o)),e.prompt!==be.SELECT_ACCOUNT)if(e.sid&&e.prompt===be.NONE)t.verbose("1tvqyx",e.correlationId),Uh(i,e.sid),n==null||n.addFields({sidFromRequest:!0},o);else if(e.account){const l=Qw(e.account);let h=qw(e.account);if(h&&e.domainHint&&(t.warning("0wkg3v",e.correlationId),h=null),h){t.verbose("1eyfsw",e.correlationId),Io(i,h),n==null||n.addFields({loginHintFromClaim:!0},o);try{const d=Bn(e.account.homeAccountId);Lr(i,d)}catch{t.verbose("12ugck",e.correlationId)}}else if(l&&e.prompt===be.NONE){t.verbose("1rmd8s",e.correlationId),Uh(i,l),n==null||n.addFields({sidFromClaim:!0},o);try{const d=Bn(e.account.homeAccountId);Lr(i,d)}catch{t.verbose("12ugck",e.correlationId)}}else if(e.loginHint)t.verbose("0y3007",e.correlationId),Io(i,e.loginHint),Xo(i,e.loginHint),n==null||n.addFields({loginHintFromRequest:!0},o);else if(e.account.username){t.verbose("02f507",e.correlationId),Io(i,e.account.username),n==null||n.addFields({loginHintFromUpn:!0},o);try{const d=Bn(e.account.homeAccountId);Lr(i,d)}catch{t.verbose("12ugck",e.correlationId)}}}else e.loginHint&&(t.verbose("0g01ey",e.correlationId),Io(i,e.loginHint),Xo(i,e.loginHint),n==null||n.addFields({loginHintFromRequest:!0},o));else t.verbose("169k9v",e.correlationId);return e.nonce&&_y(i,e.nonce),e.state&&Vd(i,e.state),e.embeddedClientId&&vi(i,r.clientId,r.redirectUri),Da(i,e.correlationId,e.claims,r.clientCapabilities,e.skipBrokerClaims),r.instanceAware&&(!e.extraQueryParameters||!Object.keys(e.extraQueryParameters).includes(Ws))&&Qd(i),i}function Xa(r,e){const t=Br(e);return B.appendQueryString(r.authorizationEndpoint,t)}function Xw(r,e,t){if(Ya(r,e,t),!r.code)throw T(py,t);return r}function Ya(r,e,t){if(!r.state||!e)throw r.state?T(Nh,t,"Cached State"):T(Nh,t,"Server State");let n,o;try{n=decodeURIComponent(r.state)}catch{throw T(Jr,t,r.state)}try{o=decodeURIComponent(e)}catch{throw T(Jr,t,r.state)}if(n!==o)throw T(iy,t);if(r.error||r.error_description||r.suberror){const i=Yw(r);throw fu(r.error,r.error_description,r.suberror)?new st(r.error||"",r.correlation_id||t,r.error_description,r.suberror,r.timestamp||"",r.trace_id||"",r.claims||"",i):new In(r.error||"",r.correlation_id||t,r.error_description,r.suberror,i)}}function Yw(r){var n,o;const e="code=",t=(n=r.error_uri)==null?void 0:n.lastIndexOf(e);return t&&t>=0?(o=r.error_uri)==null?void 0:o.substring(t+e.length):void 0}function Qw(r){var e;return((e=r.idTokenClaims)==null?void 0:e.sid)||null}function qw(r){var e;return r.loginHint||((e=r.idTokenClaims)==null?void 0:e.login_hint)||null}/*! @azure/msal-common v16.10.0 2026-06-23 */function ku(r,e){if(r){if(e.resource&&(Zh(e.extraParameters)||Zh(e.extraQueryParameters)))throw T(yy,e.correlationId||"");if(!e.resource)throw T(my,e.correlationId||"")}}function Zh(r){return r?Object.prototype.hasOwnProperty.call(r,"resource"):!1}/*! @azure/msal-common v16.10.0 2026-06-23 */const $s="unexpected_error";/*! @azure/msal-common v16.10.0 2026-06-23 */const $h=",",_u="|";function ev(r){const{skus:e,libraryName:t,libraryVersion:n,extensionName:o,extensionVersion:i}=r,s=new Map([[0,[t,n]],[2,[o,i]]]);let a=[];if(e!=null&&e.length){if(a=e.split($h),a.length<4)return e}else a=Array.from({length:4},()=>_u);return s.forEach((c,l)=>{var h,d;c.length===2&&((h=c[0])!=null&&h.length)&&((d=c[1])!=null&&d.length)&&tv({skuArr:a,index:l,skuName:c[0],skuVersion:c[1]})}),a.join($h)}function tv(r){const{skuArr:e,index:t,skuName:n,skuVersion:o}=r;t>=e.length||(e[t]=[n,o].join(_u))}class er{constructor(e,t){this.cacheOutcome=jt.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||"",this.wrapperVer=e.wrapperVer||"",this.telemetryCacheKey=xd+Nd+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${On}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n!=null&&n.length&&t.push(`broker_error=${n}`);const o=t.join(On),i=this.getRegionDiscoveryFields(),s=[e,i].join(On);return[Rh,s,o].join(Ph)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=er.maxErrorsToSend(e),n=e.failedRequests.slice(0,2*t).join(On),o=e.errors.slice(0,t).join(On),i=e.errors.length,s=t<i?Gg:Vg,a=[i,s].join(On);return[Rh,e.cacheHits,n,o,a].join(Ph)}cacheFailedRequest(e){try{const t=this.getLastRequests();t.errors.length>=Bg&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof oe?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(Zg),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}catch{}}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId),e.cacheHits}getLastRequests(){const e={failedRequests:[],errors:[],cacheHits:0};return this.cacheManager.getServerTelemetry(this.telemetryCacheKey,this.correlationId)||e}clearTelemetryCache(){const e=this.getLastRequests(),t=er.maxErrorsToSend(e),n=e.errors.length;if(t===n)this.cacheManager.removeItem(this.telemetryCacheKey,this.correlationId);else{const o={failedRequests:e.failedRequests.slice(t*2),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,o,this.correlationId)}}static maxErrorsToSend(e){let t,n=0,o=0;const i=e.errors.length;for(t=0;t<i;t++){const s=e.failedRequests[2*t]||"",a=e.failedRequests[2*t+1]||"",c=e.errors[t]||"";if(o+=s.toString().length+a.toString().length+c.length+3,o<Jg)n+=1;else break}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed||""),e.push(this.regionSource||""),e.push(this.regionOutcome||""),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId)}static makeExtraSkuString(e){return ev(e)}}class nv extends er{constructor(){super({clientId:"",apiId:0,correlationId:"",forceRefresh:!1},{})}generateCurrentRequestHeaderValue(){return""}generateLastRequestHeaderValue(){return""}cacheFailedRequest(){}incrementCacheHits(){return 0}clearTelemetryCache(){}getRegionDiscoveryFields(){return""}updateRegionDiscoveryMetadata(){}setCacheOutcome(){}setNativeBrokerErrorCode(){}getNativeBrokerErrorCode(){}clearNativeBrokerErrorCode(){}}/*! @azure/msal-common v16.10.0 2026-06-23 */class Qa extends oe{constructor(e,t,n){super(e,t,n),this.name="JoseHeaderError",Object.setPrototypeOf(this,Qa.prototype)}}function Xh(r,e){return new Qa(r,e)}/*! @azure/msal-common v16.10.0 2026-06-23 */const rv="missing_kid_error",ov="missing_alg_error";/*! @azure/msal-common v16.10.0 2026-06-23 */class qa{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw Xh(rv,"");if(!e.alg)throw Xh(ov,"");const t=new qa({typ:e.typ||em.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */const iv="acquireTokenFromCache",sv="acquireTokenByRefreshToken",av="acquireTokenSilentAsync",cv="cryptoOptsGetPublicKeyThumbprint",hv="cryptoOptsSignJwt",lv="silentCacheClientAcquireToken",dv="silentIframeClientAcquireToken",uv="awaitConcurrentIframe",pv="silentRefreshClientAcquireToken",yn="standardInteractionClientGetDiscoveredAuthority",ec="nativeInteractionClientAcquireToken",fv="nativeInteractionClientAcquireToken",gv="refreshTokenClientAcquireTokenByRefreshToken",Yh="acquireTokenBySilentIframe",tc="initializeBaseRequest",mv="initializeSilentRequest",yv="initializeCache",Qh="silentIframeClientTokenHelper",ls="silentHandlerInitiateAuthRequest",ii="silentHandlerMonitorIframeForHash",Et="standardInteractionClientCreateAuthCodeClient",Si="standardInteractionClientGetClientConfiguration",Gr="standardInteractionClientInitializeAuthorizationRequest",wv="silentFlowClientAcquireCachedToken",vv="getStandardParams",bv="handleCodeResponse",nc="handleResponseEar",Iu="handleResponsePlatformBroker",Gn="handleResponseCode",Cv="authClientAcquireToken",Hr="deserializeResponse",Tv="authorityFactoryCreateDiscoveredInstance",kv="acquireTokenByCodeAsync",_v="handleRedirectPromise",Iv="handleNativeRedirectPromise",Sv="nativeMessageHandlerHandshake",qh="removeHiddenIframe",Ev="importExistingCache",Tn="generatePkceCodes",Av="generateCodeVerifier",Rv="generateCodeChallengeFromVerifier",Pv="sha256Digest",Ov="getRandomValues",el="generateHKDF",Nv="generateBaseKey",xv="base64Decode",Mv="urlEncodeArr",Uv="encrypt",tl="decrypt",rc="generateEarKey",Dv="decryptEarResponse",Lv="waitForBridgeLateResponse";/*! @azure/msal-browser v5.15.0 2026-06-23 */function Ei(r){return`See https://aka.ms/msal.js.errors#${r} for details`}class co extends oe{constructor(e,t,n){super(e,t,Ei(e),n),Object.setPrototypeOf(this,co.prototype),this.name="BrowserAuthError"}}function A(r,e,t){return new co(r,e,t)}/*! @azure/msal-browser v5.15.0 2026-06-23 */const Su="pkce_not_created",Eu="ear_jwk_empty",Hv="ear_jwe_empty",nl="crypto_nonexistent",oc="empty_navigate_uri",Kv="hash_empty_error",ic="no_state_in_hash",Fv="hash_does_not_contain_known_properties",Au="unable_to_parse_state",jv="state_interaction_type_mismatch",zv="interaction_in_progress",Wv="interaction_in_progress_cancelled",Jv="popup_window_error",Bv="empty_window_error",Xs="user_cancelled",Gv="redirect_bridge_empty_response",Vv="redirect_in_iframe",Zv="block_iframe_reload",$v="block_nested_popups",sc="silent_logout_unsupported",Xv="no_account_error",Yv="no_token_request_cache_error",Qv="unable_to_parse_token_request_cache_error",Ru="non_browser_environment",_r="database_not_open",Ys="no_network_connectivity",qv="post_request_failed",eb="get_request_failed",rl="failed_to_parse_response",Pu="crypto_key_not_found",tb="auth_code_required",nb="auth_code_or_nativeAccountId_required",rb="spa_code_and_nativeAccountId_present",Ou="database_unavailable",ob="unable_to_acquire_token_from_native_platform",ib="native_handshake_timeout",sb="native_extension_not_installed",Nu="native_connection_not_established",Uo="uninitialized_public_client_application",ab="native_prompt_not_supported",cb="invalid_base64_string",hb="invalid_pop_token_request",lb="failed_to_build_headers",db="failed_to_parse_headers",ds="failed_to_decrypt_ear_response",si="timed_out",ub="empty_response";/*! @azure/msal-browser v5.15.0 2026-06-23 */function ve(r){return new TextDecoder().decode(Yt(r))}function Yt(r){let e=r.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw A(cb,"")}const t=atob(e);return Uint8Array.from(t,n=>n.codePointAt(0)||0)}/*! @azure/msal-browser v5.15.0 2026-06-23 */const Ye={INVALID_GRANT_ERROR:"invalid_grant",POPUP_WIDTH:483,POPUP_HEIGHT:600,POPUP_NAME_PREFIX:"msal",MSAL_SKU:"msal.js.browser"},je={CHANNEL_ID:"53ee284d-920a-4b59-9d30-a60315b26836",PREFERRED_EXTENSION_ID:"ppnbnpeolgkicgegkbkbjmhlideopiji",MATS_TELEMETRY:"MATS",MICROSOFT_ENTRA_BROKERID:"MicrosoftEntra",DOM_API_NAME:"DOM API",PLATFORM_DOM_APIS:"get-token-and-sign-out",PLATFORM_DOM_PROVIDER:"PlatformAuthDOMHandler",PLATFORM_EXTENSION_PROVIDER:"PlatformAuthExtensionHandler"},Ir={HandshakeRequest:"Handshake",HandshakeResponse:"HandshakeResponse",GetToken:"GetToken",Response:"Response"},yt={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},ol={GET:"GET",POST:"POST"},Bt={SIGNIN:"signin",SIGNOUT:"signout"},se={ORIGIN_URI:"request.origin",URL_HASH:"urlHash",REQUEST_PARAMS:"request.params",VERIFIER:"code.verifier",INTERACTION_STATUS_KEY:"interaction.status",NATIVE_REQUEST:"request.native"},Eo={WRAPPER_SKU:"wrapper.sku",WRAPPER_VER:"wrapper.version"},z={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962,hydrateCache:963,loadExternalTokens:964},il={861:"acquireTokenRedirect",862:"acquireTokenPopup",863:"ssoSilent",864:"acquireTokenSilent_authCode",865:"handleRedirectPromise",866:"acquireTokenByCode",61:"acquireTokenSilent_silentFlow",961:"logout",962:"logoutPopup",963:"hydrateCache",964:"loadExternalTokens"},pb=r=>typeof r=="number"&&r in il?il[r]:"unknown";var R;(function(r){r.Redirect="redirect",r.Popup="popup",r.Silent="silent",r.None="none"})(R||(R={}));const Ee={Startup:"startup",Logout:"logout",AcquireToken:"acquireToken",HandleRedirect:"handleRedirect",None:"none"},sl={scopes:ir},xu="jwk",fb={React:"@azure/msal-react"},Qs="msal.db",gb=1,mb=`${Qs}.keys`,Se={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},yb=[Se.Default,Se.Skip,Se.RefreshTokenAndNetwork];/*! @azure/msal-browser v5.15.0 2026-06-23 */function Ao(r){return encodeURIComponent(Vr(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function qt(r){return Mu(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function Vr(r){return Mu(new TextEncoder().encode(r))}function Mu(r){const e=Array.from(r,t=>String.fromCodePoint(t)).join("");return btoa(e)}/*! @azure/msal-browser v5.15.0 2026-06-23 */const wb="RSASSA-PKCS1-v1_5",cr="AES-GCM",Uu="HKDF",ac="SHA-256",vb=2048,bb=new Uint8Array([1,0,1]),al="0123456789abcdef",cl=new Uint32Array(1),cc="raw",Du="encrypt",hc="decrypt",Cb="deriveKey",Tb="crypto_subtle_undefined",lc={name:wb,hash:ac,modulusLength:vb,publicExponent:bb};function kb(r){if(!window)throw A(Ru,"");if(!window.crypto)throw A(nl,"");if(!r&&!window.crypto.subtle)throw A(nl,"",Tb)}async function Lu(r){const t=new TextEncoder().encode(r);return window.crypto.subtle.digest(ac,t)}function _b(r){return window.crypto.getRandomValues(r)}function us(){return window.crypto.getRandomValues(cl),cl[0]}function en(){const r=Date.now(),e=us()*1024+(us()&1023),t=new Uint8Array(16),n=Math.trunc(e/2**30),o=e&2**30-1,i=us();t[0]=r/2**40,t[1]=r/2**32,t[2]=r/2**24,t[3]=r/2**16,t[4]=r/2**8,t[5]=r,t[6]=112|n>>>8,t[7]=n,t[8]=128|o>>>24,t[9]=o>>>16,t[10]=o>>>8,t[11]=o,t[12]=i>>>24,t[13]=i>>>16,t[14]=i>>>8,t[15]=i;let s="";for(let a=0;a<t.length;a++)s+=al.charAt(t[a]>>>4),s+=al.charAt(t[a]&15),(a===3||a===5||a===7||a===9)&&(s+="-");return s}async function Ib(r,e){return window.crypto.subtle.generateKey(lc,r,e)}async function ps(r){return window.crypto.subtle.exportKey(xu,r)}async function Sb(r,e,t){return window.crypto.subtle.importKey(xu,r,lc,e,t)}async function Eb(r,e){return window.crypto.subtle.sign(lc,r,e)}async function dc(){const r=await Hu(),t={alg:"dir",kty:"oct",k:qt(new Uint8Array(r))};return Vr(JSON.stringify(t))}async function Ab(r){const e=ve(r),n=JSON.parse(e).k,o=Yt(n);return window.crypto.subtle.importKey(cc,o,cr,!1,[hc])}async function Rb(r,e){const t=e.split(".");if(t.length!==5)throw A(ds,"","jwe_length");const n=await Ab(r).catch(()=>{throw A(ds,"","import_key")});try{const o=new TextEncoder().encode(t[0]),i=Yt(t[2]),s=Yt(t[3]),a=Yt(t[4]),c=a.byteLength*8,l=new Uint8Array(s.length+a.length);l.set(s),l.set(a,s.length);const h=await window.crypto.subtle.decrypt({name:cr,iv:i,tagLength:c,additionalData:o},n,l);return new TextDecoder().decode(h)}catch{throw A(ds,"","decrypt")}}async function Hu(){const r=await window.crypto.subtle.generateKey({name:cr,length:256},!0,[Du,hc]);return window.crypto.subtle.exportKey(cc,r)}async function hl(r){return window.crypto.subtle.importKey(cc,r,Uu,!1,[Cb])}async function Ku(r,e,t){return window.crypto.subtle.deriveKey({name:Uu,salt:e,hash:ac,info:new TextEncoder().encode(t)},r,{name:cr,length:256},!1,[Du,hc])}async function Pb(r,e,t){const n=new TextEncoder().encode(e),o=window.crypto.getRandomValues(new Uint8Array(16)),i=await Ku(r,o,t),s=await window.crypto.subtle.encrypt({name:cr,iv:new Uint8Array(12)},i,n);return{data:qt(new Uint8Array(s)),nonce:qt(o)}}async function ll(r,e,t,n){const o=Yt(n),i=await Ku(r,Yt(e),t),s=await window.crypto.subtle.decrypt({name:cr,iv:new Uint8Array(12)},i,o);return new TextDecoder().decode(s)}async function Ob(r){const e=await Lu(r),t=new Uint8Array(e);return qt(t)}/*! @azure/msal-browser v5.15.0 2026-06-23 */class uc extends oe{constructor(e,t,n){super(e,t,n),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,uc.prototype)}}function he(r,e){return new uc(r,e,Ei(r))}/*! @azure/msal-browser v5.15.0 2026-06-23 */const Fu="storage_not_supported",Ie="stubbed_public_client_application_called",Nb="in_mem_redirect_unavailable";/*! @azure/msal-browser v5.15.0 2026-06-23 */function xb(){const r=window.location.hash,e=window.location.search;let t=!1,n=!1,o="",i;if(r&&r.length>1){const h=r.charAt(0)==="#"?r.substring(1):r,d=new URLSearchParams(h);d.has("state")&&(t=!0,o=h,i=d)}if(e&&e.length>1){const h=e.charAt(0)==="?"?e.substring(1):e,d=new URLSearchParams(h);d.has("state")&&(n=!0,o=h,i=d)}if(t&&n){const h=e.charAt(0)==="?"?e.substring(1):e,d=r.charAt(0)==="#"?r.substring(1):r;o=`${h}${d}`,i=new URLSearchParams(o)}if(!o||!i)throw A(ub,"");const s=i.get("state");if(!s)throw A(ic,"");const{libraryState:a}=ao(ve,s,""),{id:c,meta:l}=a;if(!c||!l)throw A(Au,"","missing_library_state");return{params:i,payload:o,urlHash:r,urlQuery:e,hasResponseInHash:t,hasResponseInQuery:n,libraryState:{id:c,meta:l}}}function ju(r){r.location.hash="",typeof r.history.replaceState=="function"&&r.history.replaceState(null,"",`${r.location.origin}${r.location.pathname}${r.location.search}`)}function Mb(r){const e=r.split("#");e.shift(),window.location.hash=e.length>0?e.join("#"):""}function Ai(){return window.parent!==window}function Ub(){if(Ai())return!1;try{const{libraryState:r}=xb(),{meta:e}=r;return e.interactionType===R.Popup}catch{return!1}}let Gt=null;function Db(r,e){Gt&&(r.verbose("18y01k",e),clearTimeout(Gt.timeoutId),Gt.channel.close(),Gt.reject(A(Wv,"")),Gt=null)}async function ai(r,e,t,n,o){return new Promise((i,s)=>{e.verbose("1rf6em",t.correlationId);const a=t.correlationId;n.addFields({redirectBridgeTimeoutMs:r,lateResponseExperimentEnabled:(o==null?void 0:o.iframeTimeoutTelemetry)||!1},a);const{libraryState:c}=ao(ve,t.state||"",t.correlationId),l=new BroadcastChannel(c.id);let h,d=!1,p,u;const f=window.setTimeout(()=>{Gt=null,o!=null&&o.iframeTimeoutTelemetry?(u=n.startMeasurement(Lv,a),d=!0,p=window.setTimeout(()=>{u==null||u.end({success:!1}),clearTimeout(p),l.close()},6e4)):l.close(),s(A(si,"","redirect_bridge_timeout"))},r);Gt={timeoutId:f,channel:l,reject:s},l.onmessage=g=>{h=g.data.payload;const y=g!=null&&g.data&&typeof g.data.v=="number"?g.data.v:void 0;if(d){u==null||u.end({success:!!h}),clearTimeout(p),l.close();return}n.addFields({redirectBridgeMessageVersion:y},a),Gt=null,clearTimeout(f),l.close(),h?i(h):s(A(Gv,a))}})}function _t(){return typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function Lb(r){const t=new B(window.location.href,r||"").getUrlComponents();return`${t.Protocol}//${t.HostNameAndPort}/`}function Hb(){if(Yo(window.location.hash)&&Ai())throw A(Zv,"")}function Kb(r){if(Ai()&&!r)throw A(Vv,"")}function Fb(){if(Ub())throw A($v,"")}function zu(){if(typeof window>"u")throw A(Ru,"")}function Wu(r){if(!r)throw A(Uo,"")}function pc(r){zu(),Hb(),Fb(),Wu(r)}function dl(r,e){if(pc(r),Kb(e.system.allowRedirectInIframe),e.cache.cacheLocation===yt.MemoryStorage)throw he(Nb,"")}function Ju(r){const e=document.createElement("link");e.rel="preconnect",e.href=new URL(r).origin,e.crossOrigin="anonymous",document.head.appendChild(e),window.setTimeout(()=>{try{document.head.removeChild(e)}catch{}},1e4)}function qs(){return en()}/*! @azure/msal-browser v5.15.0 2026-06-23 */class jb{constructor(){this.dbName=Qs,this.version=gb,this.tableName=mb,this.dbOpen=!1}async open(){return new Promise((e,t)=>{const n=window.indexedDB.open(this.dbName,this.version);n.addEventListener("upgradeneeded",o=>{o.target.result.createObjectStore(this.tableName)}),n.addEventListener("success",o=>{const i=o;this.db=i.target.result,this.dbOpen=!0,e()}),n.addEventListener("error",()=>t(A(Ou,"")))})}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(A(_r,""));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async setItem(e,t){return await this.validateDbIsOpen(),new Promise((n,o)=>{if(!this.db)return o(A(_r,""));const a=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);a.addEventListener("success",()=>{this.closeConnection(),n()}),a.addEventListener("error",c=>{this.closeConnection(),o(c)})})}async removeItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(A(_r,""));const s=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);s.addEventListener("success",()=>{this.closeConnection(),t()}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async getKeys(){return await this.validateDbIsOpen(),new Promise((e,t)=>{if(!this.db)return t(A(_r,""));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();i.addEventListener("success",s=>{const a=s;this.closeConnection(),e(a.target.result)}),i.addEventListener("error",s=>{this.closeConnection(),t(s)})})}async containsKey(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(A(_r,""));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result===1)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise((e,t)=>{const n=window.indexedDB.deleteDatabase(Qs),o=setTimeout(()=>t(!1),200);n.addEventListener("success",()=>(clearTimeout(o),e(!0))),n.addEventListener("blocked",()=>(clearTimeout(o),e(!0))),n.addEventListener("error",()=>(clearTimeout(o),t(!1)))})}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class Ri{constructor(){this.cache=new Map}async initialize(){}getItem(e){return this.cache.get(e)||null}getUserData(e){return this.getItem(e)}setItem(e,t){this.cache.set(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach((t,n)=>{e.push(n)}),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}decryptData(){return Promise.resolve(null)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class zb{constructor(e){this.inMemoryCache=new Ri,this.indexedDBCache=new jb,this.logger=e}handleDatabaseAccessError(e,t){if(e instanceof co&&e.errorCode===Ou)this.logger.error("1wx7zz",t);else throw e}async getItem(e,t){const n=this.inMemoryCache.getItem(e);if(!n)try{return this.logger.verbose("0naxpl",t),await this.indexedDBCache.getItem(e)}catch(o){this.handleDatabaseAccessError(o,t)}return n}async setItem(e,t,n){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(o){this.handleDatabaseAccessError(o,n)}}async removeItem(e,t){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(n){this.handleDatabaseAccessError(n,t)}}async getKeys(e){const t=this.inMemoryCache.getKeys();if(t.length===0)try{return this.logger.verbose("1iqrbq",e),await this.indexedDBCache.getKeys()}catch(n){this.handleDatabaseAccessError(n,e)}return t}async containsKey(e,t){const n=this.inMemoryCache.containsKey(e);if(!n)try{return this.logger.verbose("03zl2j",t),await this.indexedDBCache.containsKey(e)}catch(o){this.handleDatabaseAccessError(o,t)}return n}clearInMemory(e){this.logger.verbose("03r21p",e),this.inMemoryCache.clear(),this.logger.verbose("0uksk1",e)}async clearPersistent(e){try{this.logger.verbose("0rdqut",e);const t=await this.indexedDBCache.deleteDatabase();return t&&this.logger.verbose("149ouc",e),t}catch(t){return this.handleDatabaseAccessError(t,e),!1}}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class Ot{constructor(e,t,n){this.logger=e,kb(n??!1),this.cache=new zb(this.logger),this.performanceClient=t}createNewGuid(){return en()}base64Encode(e){return Vr(e)}base64Decode(e){return ve(e)}base64UrlEncode(e){return Ao(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){var h;const t=(h=this.performanceClient)==null?void 0:h.startMeasurement(cv,e.correlationId),n=await Ib(Ot.EXTRACTABLE,Ot.POP_KEY_USAGES),o=await ps(n.publicKey),i={e:o.e,kty:o.kty,n:o.n},s=ul(i),a=await this.hashString(s),c=await ps(n.privateKey),l=await Sb(c,!1,["sign"]);return await this.cache.setItem(a,{privateKey:l,publicKey:n.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri},e.correlationId),t&&t.end({success:!0}),a}async removeTokenBindingKey(e,t){if(await this.cache.removeItem(e,t),await this.cache.containsKey(e,t))throw T(fy,t)}async clearKeystore(e){this.cache.clearInMemory(e);try{return await this.cache.clearPersistent(e),!0}catch(t){return t instanceof Error?this.logger.error(`1owpn8 ${t.message}`,e):this.logger.error("0yrmwo",e),!1}}async signJwt(e,t,n,o){var C;const i=(C=this.performanceClient)==null?void 0:C.startMeasurement(hv,o),s=await this.cache.getItem(t,o||"");if(!s)throw A(Pu,o||"");const a=await ps(s.publicKey),c=ul(a),l=Ao(JSON.stringify({kid:t})),h=qa.getShrHeaderString({...n==null?void 0:n.header,alg:a.alg,kid:l}),d=Ao(h);e.cnf={jwk:JSON.parse(c)};const p=Ao(JSON.stringify(e)),u=`${d}.${p}`,g=new TextEncoder().encode(u),y=await Eb(s.privateKey,g),m=qt(new Uint8Array(y)),b=`${u}.${m}`;return i&&i.end({success:!0}),b}async hashString(e){return Ob(e)}}Ot.POP_KEY_USAGES=["sign","verify"];Ot.EXTRACTABLE=!0;function ul(r){return JSON.stringify(r,Object.keys(r).sort())}/*! @azure/msal-browser v5.15.0 2026-06-23 */const Wb="acquireTokenSilent",Jb="acquireTokenByCode",Bb="acquireTokenPopup",Gb="acquireTokenPreRedirect",fs="acquireTokenRedirect",Vb="ssoSilent",Zb="initializeClientApplication",$b="localStorageUpdated",Xb="ssoCapable";/*! @azure/msal-browser v5.15.0 2026-06-23 */const pe="msal",fc="browser",pl="|",me=3,Do=3,Yb=`${pe}.${fc}.log.level`,Qb=`${pe}.${fc}.log.pii`,fl=`${pe}.version`,gl="account.keys",ml="token.keys",yl=`${pe}.${fc}.sso.capable`;function Vn(r=Do){return r<1?`${pe}.${gl}`:`${pe}.${r}.${gl}`}function Zn(r,e=me){return e<1?`${pe}.${ml}.${r}`:`${pe}.${e}.${ml}.${r}`}/*! @azure/msal-browser v5.15.0 2026-06-23 */const qb=1440*60*1e3,ea={Lax:"Lax",None:"None"};class Bu{initialize(){return Promise.resolve()}getItem(e){const t=encodeURIComponent(e),n=document.cookie.split(";");for(let o=0;o<n.length;o++){const i=n[o].trim(),s=i.indexOf("=");if((s===-1?i:i.substring(0,s))===t){const c=s===-1?"":i.substring(s+1);try{return decodeURIComponent(c)}catch{return c}}}return""}getUserData(){throw T(D,"")}setItem(e,t,n,o=!0,i=ea.Lax){let s=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=${i};`;if(n){const a=eC(n);s+=`expires=${a};`}(o||i===ea.None)&&(s+="Secure;"),document.cookie=s}async setUserData(e,t,n){return Promise.reject(T(D,n))}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach(n=>{const o=n.trim(),i=o.indexOf("="),s=i===-1?o:o.substring(0,i);try{t.push(decodeURIComponent(s))}catch{}}),t}containsKey(e){return this.getKeys().includes(e)}decryptData(){return Promise.resolve(null)}}function eC(r){const e=new Date;return new Date(e.getTime()+r*qb).toUTCString()}/*! @azure/msal-browser v5.15.0 2026-06-23 */function Wt(r,e){const t=r.getItem(Vn(e));return t?JSON.parse(t):[]}function Ge(r,e,t){const n=e.getItem(Zn(r,t));if(n){const o=JSON.parse(n);if(o&&o.hasOwnProperty("idToken")&&o.hasOwnProperty("accessToken")&&o.hasOwnProperty("refreshToken"))return o}return{idToken:[],accessToken:[],refreshToken:[]}}/*! @azure/msal-browser v5.15.0 2026-06-23 */function Or(r){return r.hasOwnProperty("id")&&r.hasOwnProperty("nonce")&&r.hasOwnProperty("data")}/*! @azure/msal-browser v5.15.0 2026-06-23 */const wl="msal.cache.encryption",tC="msal.broadcast.cache";class nC{constructor(e,t,n){if(!window.localStorage)throw he(Fu,"");this.memoryStorage=new Ri,this.initialized=!1,this.clientId=e,this.logger=t,this.performanceClient=n,this.broadcast=new BroadcastChannel(tC)}async initialize(e){const t=new Bu,n=t.getItem(wl);let o={key:"",id:""};if(n)try{o=JSON.parse(n)}catch{}if(o.key&&o.id){const i=ze(Yt,xv,this.logger,this.performanceClient,e)(o.key);this.encryptionCookie={id:o.id,key:await w(hl,el,this.logger,this.performanceClient,e)(i)}}else{const i=en(),s=await w(Hu,Nv,this.logger,this.performanceClient,e)(),a=ze(qt,Mv,this.logger,this.performanceClient,e)(new Uint8Array(s));this.encryptionCookie={id:i,key:await w(hl,el,this.logger,this.performanceClient,e)(s)};const c={id:i,key:a};t.setItem(wl,JSON.stringify(c),0,!0,ea.None)}await w(this.importExistingCache.bind(this),Ev,this.logger,this.performanceClient,e)(e),this.broadcast.addEventListener("message",i=>{this.updateCache(i,e)}),this.initialized=!0}getItem(e){return window.localStorage.getItem(e)}getUserData(e){if(!this.initialized)throw A(Uo,"");return this.memoryStorage.getItem(e)}async decryptData(e,t,n){if(!this.initialized||!this.encryptionCookie)throw A(Uo,"");if(t.id!==this.encryptionCookie.id)return this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},n),null;const o=await w(ll,tl,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t.nonce,this.getContext(e),t.data);if(!o)return null;try{return{...JSON.parse(o),lastUpdatedAt:t.lastUpdatedAt}}catch{return this.performanceClient.incrementFields({encryptedCacheCorruptionCount:1},n),null}}setItem(e,t){window.localStorage.setItem(e,t)}async setUserData(e,t,n,o,i){if(!this.initialized||!this.encryptionCookie)throw A(Uo,"");if(i)this.setItem(e,t);else{const{data:s,nonce:a}=await w(Pb,Uv,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t,this.getContext(e)),c={id:this.encryptionCookie.id,nonce:a,data:s,lastUpdatedAt:o};this.setItem(e,JSON.stringify(c))}this.memoryStorage.setItem(e,t),this.broadcast.postMessage({key:e,value:t,context:this.getContext(e)})}removeItem(e){this.memoryStorage.containsKey(e)&&(this.memoryStorage.removeItem(e),this.broadcast.postMessage({key:e,value:null,context:this.getContext(e)})),window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}clear(){this.memoryStorage.clear(),Wt(this).forEach(n=>this.removeItem(n));const t=Ge(this.clientId,this);t.idToken.forEach(n=>this.removeItem(n)),t.accessToken.forEach(n=>this.removeItem(n)),t.refreshToken.forEach(n=>this.removeItem(n)),this.getKeys().forEach(n=>{(n.startsWith(pe)||n.indexOf(this.clientId)!==-1)&&this.removeItem(n)})}async importExistingCache(e){if(!this.encryptionCookie)return;let t=Wt(this);t=await this.importArray(t,e),t.length?this.setItem(Vn(),JSON.stringify(t)):this.removeItem(Vn());const n=Ge(this.clientId,this);n.idToken=await this.importArray(n.idToken,e),n.accessToken=await this.importArray(n.accessToken,e),n.refreshToken=await this.importArray(n.refreshToken,e),n.idToken.length||n.accessToken.length||n.refreshToken.length?this.setItem(Zn(this.clientId),JSON.stringify(n)):this.removeItem(Zn(this.clientId))}async getItemFromEncryptedCache(e,t){if(!this.encryptionCookie)return null;const n=this.getItem(e);if(!n)return null;let o;try{o=JSON.parse(n)}catch{return null}return Or(o)?o.id!==this.encryptionCookie.id?(this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},t),null):(this.performanceClient.incrementFields({encryptedCacheCount:1},t),w(ll,tl,this.logger,this.performanceClient,t)(this.encryptionCookie.key,o.nonce,this.getContext(e),o.data)):(this.performanceClient.incrementFields({unencryptedCacheCount:1},t),n)}async importArray(e,t){const n=[],o=[];return e.forEach(i=>{const s=this.getItemFromEncryptedCache(i,t).then(a=>{a?(this.memoryStorage.setItem(i,a),n.push(i)):this.removeItem(i)});o.push(s)}),await Promise.all(o),n}getContext(e){let t="";return e.includes(this.clientId)&&(t=this.clientId),t}updateCache(e,t){this.logger.trace("17cxcm",t);const n=this.performanceClient.startMeasurement($b);n.add({isBackground:!0});const{key:o,value:i,context:s}=e.data;if(!o){this.logger.error("0e10qr",t),n.end({success:!1,errorCode:"noKey"});return}if(s&&s!==this.clientId){this.logger.trace(`04rtdy ${s}`,t),n.end({success:!1,errorCode:"contextMismatch"});return}i?(this.memoryStorage.setItem(o,i),this.logger.verbose("1vzsgt",t)):(this.memoryStorage.removeItem(o),this.logger.verbose("04ypih",t)),n.end({success:!0})}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class rC{constructor(){if(!window.sessionStorage)throw he(Fu,"")}async initialize(){}getItem(e){return window.sessionStorage.getItem(e)}getUserData(e){return this.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}decryptData(){return Promise.resolve(null)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */const P={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_SUCCESS:"msal:loginSuccess",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",BROKERED_REQUEST_START:"msal:brokeredRequestStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",BROKERED_REQUEST_SUCCESS:"msal:brokeredRequestSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",BROKERED_REQUEST_FAILURE:"msal:brokeredRequestFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache",BROKER_CONNECTION_ESTABLISHED:"msal:brokerConnectionEstablished"};/*! @azure/msal-browser v5.15.0 2026-06-23 */const Pi="@azure/msal-browser",Nt="5.15.0";/*! @azure/msal-browser v5.15.0 2026-06-23 */function Tt(r,e){const t=r.indexOf(e);t>-1&&r.splice(t,1)}/*! @azure/msal-browser v5.15.0 2026-06-23 */const de={Invalid:"invalid",TtlExpired:"ttlExpired",DecryptFailed:"decryptFailed",Expired:"expired"};class ta extends Vs{constructor(e,t,n,o,i,s,a){super(e,n,o,i,a),this.cacheConfig=t,this.logger=o,this.internalStorage=new Ri,this.browserStorage=vl(e,t.cacheLocation,o,i),this.temporaryCacheStorage=vl(e,yt.SessionStorage,o,i),this.cookieStorage=new Bu,this.eventHandler=s}async initialize(e){this.performanceClient.addFields({cacheLocation:this.cacheConfig.cacheLocation,cacheRetentionDays:this.cacheConfig.cacheRetentionDays},e),await this.browserStorage.initialize(e),await this.migrateExistingCache(e),this.trackVersionChanges(e)}async migrateExistingCache(e){let t=Wt(this.browserStorage),n=Ge(this.clientId,this.browserStorage);this.performanceClient.addFields({preMigrateAcntCount:t.length,preMigrateATCount:n.accessToken.length,preMigrateITCount:n.idToken.length,preMigrateRTCount:n.refreshToken.length},e);for(let i=0;i<Do;i++){const s=i;await this.removeStaleAccounts(i,s,e)}for(let i=0;i<me;i++){const s=i;await this.migrateIdTokens(i,s,e)}const o=this.getKMSIValues();for(let i=0;i<me;i++)await this.migrateAccessTokens(i,o,e),await this.migrateRefreshTokens(i,o,e);t=Wt(this.browserStorage),n=Ge(this.clientId,this.browserStorage),this.performanceClient.addFields({postMigrateAcntCount:t.length,postMigrateATCount:n.accessToken.length,postMigrateITCount:n.idToken.length,postMigrateRTCount:n.refreshToken.length},e)}async updateOldEntry(e,t){const n=this.browserStorage.getItem(e),o=this.validateAndParseJson(n||"");if(!o)return this.browserStorage.removeItem(e),{entry:null,removalReason:de.Invalid};if(!o.lastUpdatedAt)o.lastUpdatedAt=Date.now().toString(),this.setItem(e,JSON.stringify(o),t);else if(Fh(o.lastUpdatedAt,this.cacheConfig.cacheRetentionDays))return this.browserStorage.removeItem(e),{entry:null,removalReason:de.TtlExpired};const i=Or(o),s=i?await this.browserStorage.decryptData(e,o,t):o;return s?Ti(s)?(jh(s)||zh(s))&&s.expiresOn&&ri(s.expiresOn,Ud)?(this.browserStorage.removeItem(e),{entry:null,removalReason:de.Expired}):{entry:s}:(this.browserStorage.removeItem(e),{entry:null,removalReason:de.Invalid}):(this.browserStorage.removeItem(e),{entry:null,removalReason:i?de.DecryptFailed:de.Invalid})}async removeStaleAccounts(e,t,n){const o=Wt(this.browserStorage,e);if(o.length!==0){for(const i of[...o]){this.performanceClient.incrementFields({oldAcntCount:1},n);const s=this.browserStorage.getItem(i),a=this.validateAndParseJson(s||"");if(!a){this.browserStorage.removeItem(i),this.performanceClient.incrementFields({invalidAcntCount:1},n),Tt(o,i);continue}if(a.lastUpdatedAt)Fh(a.lastUpdatedAt,this.cacheConfig.cacheRetentionDays)?(await this.removeAccountOldSchema(i,a,t,n),this.performanceClient.incrementFields({ttlExpiredAcntCount:1},n),Tt(o,i)):Or(a)&&(await this.browserStorage.decryptData(i,a,n)||(this.browserStorage.removeItem(i),this.performanceClient.incrementFields({decryptFailedAcntCount:1},n),Tt(o,i)));else{a.lastUpdatedAt=Date.now().toString(),this.setItem(i,JSON.stringify(a),n);continue}}this.setAccountKeys(o,n,e)}}async removeAccountOldSchema(e,t,n,o){const i=Or(t)?await this.browserStorage.decryptData(e,t,o):t,s=i==null?void 0:i.homeAccountId;if(s){const a=this.getTokenKeys(n);[...a.idToken].filter(c=>c.includes(s)).forEach(c=>{this.browserStorage.removeItem(c),Tt(a.idToken,c)}),[...a.accessToken].filter(c=>c.includes(s)).forEach(c=>{this.browserStorage.removeItem(c),Tt(a.accessToken,c)}),[...a.refreshToken].filter(c=>c.includes(s)).forEach(c=>{this.browserStorage.removeItem(c),Tt(a.refreshToken,c)}),this.setTokenKeys(a,o,n)}this.browserStorage.removeItem(e)}getKMSIValues(){const e={},t=this.getTokenKeys().idToken;for(const n of t){const o=this.browserStorage.getUserData(n);if(o){const i=JSON.parse(o),s=ft(i.secret,ve,"");s&&(e[i.homeAccountId]=mt(s))}}return e}async migrateIdTokens(e,t,n){const o=Ge(this.clientId,this.browserStorage,e);if(o.idToken.length===0)return;const i=Ge(this.clientId,this.browserStorage,me),s=Wt(this.browserStorage),a=Wt(this.browserStorage,t);for(const c of[...o.idToken]){this.performanceClient.incrementFields({oldITCount:1},n);const l=await this.updateOldEntry(c,n),h=l.entry;if(!h){switch(l.removalReason){case de.TtlExpired:this.performanceClient.incrementFields({ttlExpiredITCount:1},n);break;case de.DecryptFailed:this.performanceClient.incrementFields({decryptFailedITCount:1},n);break;case de.Invalid:this.performanceClient.incrementFields({invalidITCount:1},n);break}Tt(o.idToken,c);continue}const d=s.find(C=>C.includes(h.homeAccountId)),p=a.find(C=>C.includes(h.homeAccountId));let u=null;if(d)u=this.getAccount(d,n);else if(p){const C=this.browserStorage.getItem(p),k=this.validateAndParseJson(C||"");u=k&&Or(k)?await this.browserStorage.decryptData(p,k,n):k}if(!u){this.performanceClient.incrementFields({skipITMigrateCount:1},n);continue}const f=ft(h.secret,ve,n),g=this.generateCredentialKey(h),y=this.getIdTokenCredential(g,n),m=Object.keys(f).includes("signin_state"),b=y&&Object.keys(ft(y.secret,ve,n)||{}).includes("signin_state");if(!y||h.lastUpdatedAt>y.lastUpdatedAt&&(m||!b)){const C=u.tenantProfiles||[],k=Ja(f)||u.realm;if(k&&!C.find(S=>S.tenantId===k)){const S=ar(u.homeAccountId,u.localAccountId,k,u.nativeAccountId,f);C.push(S)}u.tenantProfiles=C;const _=this.generateAccountKey(bn(u)),O=mt(f);await this.setUserData(_,JSON.stringify(u),n,u.lastUpdatedAt,O),s.includes(_)||s.push(_),await this.setUserData(g,JSON.stringify(h),n,h.lastUpdatedAt,O),this.performanceClient.incrementFields({migratedITCount:1},n),i.idToken.includes(g)||i.idToken.push(g)}}this.setTokenKeys(o,n,e),this.setTokenKeys(i,n),this.setAccountKeys(s,n)}async migrateAccessTokens(e,t,n){const o=Ge(this.clientId,this.browserStorage,e);if(o.accessToken.length===0)return;const i=Ge(this.clientId,this.browserStorage,me);for(const s of[...o.accessToken]){this.performanceClient.incrementFields({oldATCount:1},n);const a=await this.updateOldEntry(s,n),c=a.entry;if(!c){switch(a.removalReason){case de.TtlExpired:this.performanceClient.incrementFields({ttlExpiredATCount:1},n);break;case de.DecryptFailed:this.performanceClient.incrementFields({decryptFailedATCount:1},n);break;case de.Expired:this.performanceClient.incrementFields({expiredATCount:1},n);break;case de.Invalid:this.performanceClient.incrementFields({invalidATCount:1},n);break}Tt(o.accessToken,s);continue}if(!(c.homeAccountId in t)){this.performanceClient.incrementFields({skipATMigrateCount:1},n);continue}const l=this.generateCredentialKey(c),h=t[c.homeAccountId];if(!i.accessToken.includes(l))await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedATCount:1},n),i.accessToken.push(l);else{const d=this.getAccessTokenCredential(l,n);(!d||c.lastUpdatedAt>d.lastUpdatedAt)&&(await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedATCount:1},n))}}this.setTokenKeys(o,n,e),this.setTokenKeys(i,n)}async migrateRefreshTokens(e,t,n){const o=Ge(this.clientId,this.browserStorage,e);if(o.refreshToken.length===0)return;const i=Ge(this.clientId,this.browserStorage,me);for(const s of[...o.refreshToken]){this.performanceClient.incrementFields({oldRTCount:1},n);const a=await this.updateOldEntry(s,n),c=a.entry;if(!c){switch(a.removalReason){case de.TtlExpired:this.performanceClient.incrementFields({ttlExpiredRTCount:1},n);break;case de.DecryptFailed:this.performanceClient.incrementFields({decryptFailedRTCount:1},n);break;case de.Expired:this.performanceClient.incrementFields({expiredRTCount:1},n);break;case de.Invalid:this.performanceClient.incrementFields({invalidRTCount:1},n);break}Tt(o.refreshToken,s);continue}if(!(c.homeAccountId in t)){this.performanceClient.incrementFields({skipRTMigrateCount:1},n);continue}const l=this.generateCredentialKey(c),h=t[c.homeAccountId];if(!i.refreshToken.includes(l))await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedRTCount:1},n),i.refreshToken.push(l);else{const d=this.getRefreshTokenCredential(l,n);(!d||c.lastUpdatedAt>d.lastUpdatedAt)&&(await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedRTCount:1},n))}}this.setTokenKeys(o,n,e),this.setTokenKeys(i,n)}trackVersionChanges(e){const t=this.browserStorage.getItem(fl);t&&(this.logger.info(`1wuc87 ${t}`,e),this.performanceClient.addFields({previousLibraryVersion:t},e)),t!==Nt&&this.setItem(fl,Nt,e)}validateAndParseJson(e){if(!e)return null;try{const t=JSON.parse(e);return t&&typeof t=="object"?t:null}catch{return null}}setItem(e,t,n){const o=new Array(me+1).fill(0),i=[],s=20;for(let a=0;a<=s;a++)try{if(this.browserStorage.setItem(e,t),a>0)for(let c=0;c<=me;c++){const l=o.slice(0,c).reduce((d,p)=>d+p,0);if(l>=a)break;const h=a>l+o[c]?l+o[c]:a;a>l&&o[c]>0&&this.removeAccessTokenKeys(i.slice(l,h),n,c)}break}catch(c){const l=Gs(c);if(l.errorCode===Bs&&a<s){if(!i.length)for(let h=0;h<=me;h++)if(e===Zn(this.clientId,h)){const d=JSON.parse(t).accessToken;i.push(...d),o[h]=d.length}else{const d=this.getTokenKeys(h).accessToken;i.push(...d),o[h]=d.length}if(i.length<=a)throw l;this.removeAccessToken(i[a],n,!1)}else throw l}}async setUserData(e,t,n,o,i){const s=new Array(me+1).fill(0),a=[],c=20;for(let l=0;l<=c;l++)try{if(await w(this.browserStorage.setUserData.bind(this.browserStorage),Pw,this.logger,this.performanceClient,n)(e,t,n,o,i),l>0)for(let h=0;h<=me;h++){const d=s.slice(0,h).reduce((u,f)=>u+f,0);if(d>=l)break;const p=l>d+s[h]?d+s[h]:l;l>d&&s[h]>0&&this.removeAccessTokenKeys(a.slice(d,p),n,h)}break}catch(h){const d=Gs(h);if(d.errorCode===Bs&&l<c){if(!a.length)for(let p=0;p<=me;p++){const u=this.getTokenKeys(p).accessToken;a.push(...u),s[p]=u.length}if(a.length<=l)throw d;this.removeAccessToken(a[l],n,!1)}else throw d}}getAccount(e,t){this.logger.trace("1lfvm6",t);const n=this.browserStorage.getUserData(e);if(!n)return this.removeAccountKeyFromMap(e,t),null;const o=this.validateAndParseJson(n);if(!o||!Vy(o))return null;const i=Vs.toObject({},o);return this.performanceClient.addFields({accountCachedBy:pb(i.cachedByApiId)},t),i}async setAccount(e,t,n,o){this.logger.trace("1bz3wr",t);const i=this.generateAccountKey(bn(e)),s=Date.now().toString();e.lastUpdatedAt=s,e.cachedByApiId=o,await this.setUserData(i,JSON.stringify(e),t,s,n),this.addAccountKeyToMap(i,t),this.performanceClient.addFields({kmsi:n},t)}setAccountKeys(e,t,n=Do){e.length===0?this.removeItem(Vn(n)):this.setItem(Vn(n),JSON.stringify(e),t)}getAccountKeys(){return Wt(this.browserStorage)}addAccountKeyToMap(e,t){this.logger.trace("0rb85k",t),this.logger.tracePii(`1l9bdo ${e}`,t);const n=this.getAccountKeys();return n.indexOf(e)===-1?(n.push(e),this.setItem(Vn(),JSON.stringify(n),t),this.logger.verbose("0xia39",t),!0):(this.logger.verbose("0161kk",t),!1)}removeAccountKeyFromMap(e,t){this.logger.trace("1jpigu",t),this.logger.tracePii(`1xzspl ${e}`,t);const n=this.getAccountKeys(),o=n.indexOf(e);o>-1?(n.splice(o,1),this.setAccountKeys(n,t)):this.logger.trace("1dytu2",t)}removeAccount(e,t){const n=this.getActiveAccount(t);(n==null?void 0:n.homeAccountId)===e.homeAccountId&&(n==null?void 0:n.environment)===e.environment&&this.setActiveAccount(null,t),super.removeAccount(e,t),this.removeAccountKeyFromMap(this.generateAccountKey(e),t),this.browserStorage.getKeys().forEach(o=>{o.includes(e.homeAccountId)&&o.includes(e.environment)&&this.browserStorage.removeItem(o)})}removeIdToken(e,t){super.removeIdToken(e,t);const n=this.getTokenKeys(),o=n.idToken.indexOf(e);o>-1&&(this.logger.info("05udv9",t),n.idToken.splice(o,1),this.setTokenKeys(n,t))}removeAccessToken(e,t,n=!0){super.removeAccessToken(e,t),n&&this.removeAccessTokenKeys([e],t)}removeAccessTokenKeys(e,t,n=me){this.logger.trace("17o18n",t);const o=this.getTokenKeys(n);let i=0;if(e.forEach(s=>{const a=o.accessToken.indexOf(s);a>-1&&(o.accessToken.splice(a,1),i++)}),i>0){this.logger.info(`15i5d5 ${i}`,t),this.setTokenKeys(o,t,n);return}}removeRefreshToken(e,t){super.removeRefreshToken(e,t);const n=this.getTokenKeys(),o=n.refreshToken.indexOf(e);o>-1&&(this.logger.info("1f4fq3",t),n.refreshToken.splice(o,1),this.setTokenKeys(n,t))}getTokenKeys(e=me){return Ge(this.clientId,this.browserStorage,e)}setTokenKeys(e,t,n=me){if(e.idToken.length===0&&e.accessToken.length===0&&e.refreshToken.length===0){this.removeItem(Zn(this.clientId,n));return}else this.setItem(Zn(this.clientId,n),JSON.stringify(e),t)}getIdTokenCredential(e,t){const n=this.browserStorage.getUserData(e);if(!n)return this.logger.trace("1jukz6",t),this.removeIdToken(e,t),null;const o=this.validateAndParseJson(n);return!o||!sw(o)?(this.logger.trace("1jukz6",t),null):(this.logger.trace("01ju66",t),o)}async setIdTokenCredential(e,t,n){this.logger.trace("13hjll",t);const o=this.generateCredentialKey(e),i=Date.now().toString();e.lastUpdatedAt=i,await this.setUserData(o,JSON.stringify(e),t,i,n);const s=this.getTokenKeys();s.idToken.indexOf(o)===-1&&(this.logger.info("07jy92",t),s.idToken.push(o),this.setTokenKeys(s,t))}getAccessTokenCredential(e,t){const n=this.browserStorage.getUserData(e);if(!n)return this.logger.trace("0bqvx8",t),this.removeAccessTokenKeys([e],t),null;const o=this.validateAndParseJson(n);return!o||!jh(o)?(this.logger.trace("0bqvx8",t),null):(this.logger.trace("1o81rl",t),o)}async setAccessTokenCredential(e,t,n){this.logger.trace("1pondb",t);const o=this.generateCredentialKey(e),i=Date.now().toString();e.lastUpdatedAt=i,await this.setUserData(o,JSON.stringify(e),t,i,n);const s=this.getTokenKeys(),a=s.accessToken.indexOf(o);a!==-1&&s.accessToken.splice(a,1),this.logger.trace(`1onhey ${a===-1?"added to":"updated in"}`,t),s.accessToken.push(o),this.setTokenKeys(s,t)}getRefreshTokenCredential(e,t){const n=this.browserStorage.getUserData(e);if(!n)return this.logger.trace("0jlizt",t),this.removeRefreshToken(e,t),null;const o=this.validateAndParseJson(n);return!o||!zh(o)?(this.logger.trace("0jlizt",t),null):(this.logger.trace("0nokxi",t),o)}async setRefreshTokenCredential(e,t,n){this.logger.trace("0tcg8d",t);const o=this.generateCredentialKey(e),i=Date.now().toString();e.lastUpdatedAt=i,await this.setUserData(o,JSON.stringify(e),t,i,n);const s=this.getTokenKeys();s.refreshToken.indexOf(o)===-1&&(this.logger.info("0eckjs",t),s.refreshToken.push(o),this.setTokenKeys(s,t))}getAppMetadata(e,t){const n=this.browserStorage.getItem(e);if(!n)return this.logger.trace("1q101h",t),null;const o=this.validateAndParseJson(n);return!o||!lw(e,o)?(this.logger.trace("1q101h",t),null):(this.logger.trace("19pvg2",t),o)}setAppMetadata(e,t){this.logger.trace("0cyma6",t);const n=hw(e);this.setItem(n,JSON.stringify(e),t)}getServerTelemetry(e,t){const n=this.browserStorage.getItem(e);if(!n)return this.logger.trace("0jk19c",t),null;const o=this.validateAndParseJson(n);return!o||!aw(e,o)?(this.logger.trace("0jk19c",t),null):(this.logger.trace("12jguk",t),o)}setServerTelemetry(e,t,n){this.logger.trace("1poh61",n),this.setItem(e,JSON.stringify(t),n)}getAuthorityMetadata(e,t){const n=this.internalStorage.getItem(e);if(!n)return this.logger.trace("1r39oe",t),null;const o=this.validateAndParseJson(n);return o&&dw(e,o)?(this.logger.trace("1ohvk3",t),o):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter(t=>this.isAuthorityMetadata(t))}setWrapperMetadata(e,t){this.internalStorage.setItem(Eo.WRAPPER_SKU,e),this.internalStorage.setItem(Eo.WRAPPER_VER,t)}getWrapperMetadata(){const e=this.internalStorage.getItem(Eo.WRAPPER_SKU)||"",t=this.internalStorage.getItem(Eo.WRAPPER_VER)||"";return[e,t]}setAuthorityMetadata(e,t,n){this.logger.trace("07w8n2",n),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(e){const t=this.generateCacheKey(Ah.ACTIVE_ACCOUNT_FILTERS),n=this.browserStorage.getItem(t);if(!n)return this.logger.trace("08gw0e",e),null;const o=this.validateAndParseJson(n);return o?(this.logger.trace("1t3ch7",e),this.getAccountInfoFilteredBy({homeAccountId:o.homeAccountId,localAccountId:o.localAccountId,tenantId:o.tenantId},e)):(this.logger.trace("0me1up",e),null)}setActiveAccount(e,t){const n=this.generateCacheKey(Ah.ACTIVE_ACCOUNT_FILTERS);if(e){this.logger.verbose("0rsj80",t);const o={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId};this.setItem(n,JSON.stringify(o),t)}else this.logger.verbose("1bp5z5",t),this.browserStorage.removeItem(n);this.eventHandler.emitEvent(P.ACTIVE_ACCOUNT_CHANGED,t)}getThrottlingCache(e,t){const n=this.browserStorage.getItem(e);if(!n)return this.logger.trace("1h4wa6",t),null;const o=this.validateAndParseJson(n);return!o||!cw(e,o)?(this.logger.trace("1h4wa6",t),null):(this.logger.trace("0of6n8",t),o)}setThrottlingCache(e,t,n){this.logger.trace("0wfgh6",n),this.setItem(e,JSON.stringify(t),n)}getTemporaryCache(e,t,n){this.logger.trace("1ordf8",t);const o=n?this.generateCacheKey(e):e;return this.temporaryCacheStorage.getItem(o)}setTemporaryCache(e,t,n){const o=n?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(o,t)}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e)}getKeys(){return this.browserStorage.getKeys()}clear(e){this.removeAllAccounts(e),this.removeAppMetadata(e),this.temporaryCacheStorage.getKeys().forEach(t=>{(t.indexOf(pe)!==-1||t.indexOf(this.clientId)!==-1)&&this.removeTemporaryItem(t)}),this.browserStorage.getKeys().forEach(t=>{(t.indexOf(pe)!==-1||t.indexOf(this.clientId)!==-1)&&this.browserStorage.removeItem(t)}),this.internalStorage.clear()}generateCacheKey(e){return mn.startsWith(e,pe)?e:`${pe}.${this.clientId}.${e}`}generateCredentialKey(e){const t=e.credentialType===ue.REFRESH_TOKEN&&e.familyId||e.clientId,n=e.tokenType&&e.tokenType.toLowerCase()!==ee.BEARER.toLowerCase()?e.tokenType.toLowerCase():"";return[`${pe}.${me}`,e.homeAccountId,e.environment,e.credentialType,t,e.realm||"",e.target||"",n].join(pl).toLowerCase()}generateAccountKey(e){const t=e.homeAccountId.split(".")[1];return[`${pe}.${Do}`,e.homeAccountId,e.environment,t||e.tenantId||""].join(pl).toLowerCase()}resetRequestCache(e){this.logger.trace("0h0ynu",e),this.removeTemporaryItem(this.generateCacheKey(se.REQUEST_PARAMS)),this.removeTemporaryItem(this.generateCacheKey(se.VERIFIER)),this.removeTemporaryItem(this.generateCacheKey(se.ORIGIN_URI)),this.removeTemporaryItem(this.generateCacheKey(se.URL_HASH)),this.removeTemporaryItem(this.generateCacheKey(se.NATIVE_REQUEST)),this.setInteractionInProgress(!1,void 0)}cacheAuthorizeRequest(e,t,n){this.logger.trace("1tzef5",t);const o=Vr(JSON.stringify(e));if(this.setTemporaryCache(se.REQUEST_PARAMS,o,!0),n){const i=Vr(n);this.setTemporaryCache(se.VERIFIER,i,!0)}}getCachedRequest(e){this.logger.trace("0uen20",e);const t=this.getTemporaryCache(se.REQUEST_PARAMS,e,!0);if(!t)throw A(Yv,"");const n=this.getTemporaryCache(se.VERIFIER,e,!0);let o,i="";try{o=JSON.parse(ve(t)),n&&(i=ve(n))}catch(s){throw this.logger.errorPii(`0ewsey ${t}`,e),this.logger.error(`0tvdic ${s}`,e),A(Qv,"")}return[o,i]}getCachedNativeRequest(){this.logger.trace("1yxcdm","");const e=this.getTemporaryCache(se.NATIVE_REQUEST,"",!0);if(!e)return this.logger.trace("0mnxd4",""),null;const t=this.validateAndParseJson(e);return t||(this.logger.error("0rrkip",""),null)}isInteractionInProgress(e){var n;const t=(n=this.getInteractionInProgress())==null?void 0:n.clientId;return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${pe}.${se.INTERACTION_STATUS_KEY}`,t=this.getTemporaryCache(e,"",!1);try{return t?JSON.parse(t):null}catch{return this.logger.error("0jjyys",""),this.removeTemporaryItem(e),this.resetRequestCache(""),ju(window),null}}setInteractionInProgress(e,t=Bt.SIGNIN,n=!1,o=""){var s;const i=`${pe}.${se.INTERACTION_STATUS_KEY}`;if(e){const a=this.getInteractionInProgress();if(a)if(n)this.logger.warning(`1pmscr ${a.clientId} ${a.type}`,o),Db(this.logger,o),this.removeTemporaryItem(i);else throw A(zv,"");this.setTemporaryCache(i,JSON.stringify({clientId:this.clientId,type:t}),!1)}else!e&&((s=this.getInteractionInProgress())==null?void 0:s.clientId)===this.clientId&&this.removeTemporaryItem(i)}async hydrateCache(e,t){const n=bi(e.account.homeAccountId,e.account.environment,e.idToken,this.clientId,e.tenantId),o=Ci(e.account.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?ni(e.expiresOn):0,e.extExpiresOn?ni(e.extExpiresOn):0,ve,t.correlationId||"",void 0,e.tokenType,void 0,t.sshKid);t.resource&&(o.resource=t.resource);const i={idToken:n,accessToken:o};return this.saveCacheRecord(i,e.correlationId,mt(ft(e.idToken,ve,e.correlationId)),z.hydrateCache)}async saveCacheRecord(e,t,n,o,i){try{await super.saveCacheRecord(e,t,n,o,i)}catch(s){if(s instanceof Jn&&this.performanceClient&&t)try{const a=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:a.refreshToken.length,cacheIdCount:a.idToken.length,cacheAtCount:a.accessToken.length},t)}catch{}throw s}}}function vl(r,e,t,n){try{switch(e){case yt.LocalStorage:return new nC(r,t,n);case yt.SessionStorage:return new rC;case yt.MemoryStorage:default:break}}catch(o){t.error(o,"")}return new Ri}const oC=(r,e,t,n)=>{const o={cacheLocation:yt.MemoryStorage,cacheRetentionDays:5};return new ta(r,o,Qo,e,t,n)};/*! @azure/msal-browser v5.15.0 2026-06-23 */function iC(r,e,t,n,o){return r.verbose("1yd030",n),t?e.getAllAccounts(o,n):[]}function sC(r,e,t,n){e.trace("0u7b90",n);const o=t.getAccountInfoFilteredBy(r,n);return o?(e.verbose("0btgll",n),o):(e.verbose("0ltaj5",n),null)}function aC(r,e,t){e.setActiveAccount(r,t)}function cC(r,e){return r.getActiveAccount(e)}/*! @azure/msal-browser v5.15.0 2026-06-23 */const hC="msal.broadcast.event";class lC{constructor(e){this.eventCallbacks=new Map,this.logger=e||new ot({},Pi,Nt),typeof BroadcastChannel<"u"&&(this.broadcastChannel=new BroadcastChannel(hC)),this.invokeCrossTabCallbacks=this.invokeCrossTabCallbacks.bind(this)}addEventCallback(e,t,n){if(typeof window<"u"){const o=n||qs();return this.eventCallbacks.has(o)?(this.logger.error(`1578i0 ${o}`,""),null):(this.eventCallbacks.set(o,[e,t||[]]),this.logger.verbose(`1cnec4 ${o}`,""),o)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`12zotd ${e}`,"")}emitEvent(e,t,n,o,i){var a;const s={eventType:e,interactionType:n||null,payload:o||null,error:i||null,correlationId:t,timestamp:Date.now()};switch(e){case P.LOGIN_SUCCESS:case P.LOGOUT_SUCCESS:case P.ACTIVE_ACCOUNT_CHANGED:(a=this.broadcastChannel)==null||a.postMessage(s)}this.invokeCallbacks(s)}invokeCallbacks(e){this.eventCallbacks.forEach(([t,n],o)=>{(n.length===0||n.includes(e.eventType))&&(this.logger.verbose(`15jpwk ${o} ${e.eventType}`,""),t.apply(null,[e]))})}invokeCrossTabCallbacks(e){const t=e.data;this.invokeCallbacks(t)}subscribeCrossTab(){var e;(e=this.broadcastChannel)==null||e.addEventListener("message",this.invokeCrossTabCallbacks)}unsubscribeCrossTab(){var e;(e=this.broadcastChannel)==null||e.removeEventListener("message",this.invokeCrossTabCallbacks)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class Gu{constructor(e,t,n,o,i,s,a,c,l){this.config=e,this.browserStorage=t,this.browserCrypto=n,this.networkClient=this.config.system.networkClient,this.eventHandler=i,this.navigationClient=s,this.platformAuthProvider=l,this.correlationId=c,this.logger=o.clone(Pi,Nt),this.performanceClient=a}}function ci(r,e,t,n){t.verbose("0bd1la",n);const o=r||e||"";return B.getAbsoluteUrl(o,_t(),n)}function Re(r,e,t,n,o,i,s=!0){if(o.verbose("1p12tq",t),!s)return o.verbose("0tajnr",t),new nv;const a={clientId:e,correlationId:t,apiId:r,forceRefresh:!1,wrapperSKU:n.getWrapperMetadata()[0],wrapperVer:n.getWrapperMetadata()[1]};return new er(a,n)}async function At(r,e,t,n,o,i,s,a,c){const l=a&&a.hasOwnProperty("instance_aware")?a.instance_aware:void 0,h={protocolMode:r.system.protocolMode,OIDCOptions:r.auth.OIDCOptions,knownAuthorities:r.auth.knownAuthorities,cloudDiscoveryMetadata:r.auth.cloudDiscoveryMetadata,authorityMetadata:r.auth.authorityMetadata},d=i||r.auth.authority,p=l!=null&&l.length?l==="true":r.auth.instanceAware,u=c&&p?r.auth.authority.replace(B.getDomainFromUrl(d,e),c.environment):d,f=Oe.generateAuthority(u,s||r.auth.azureCloudOptions),g=await w(Cu,Tv,o,t,e)(f,r.system.networkClient,n,h,o,e,t);if(c&&!g.isAlias(c.environment))throw V(Ym,e);return g}async function gc(r,e,t,n,o){if(o)try{r.removeAccount(o,n),t.verbose("0s4z6h",n)}catch{t.error("0mgg1d",n)}else try{t.verbose("0zj631",n),r.clear(n),await e.clearKeystore(n)}catch{t.error("12ih0c",n)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */async function mc(r,e,t,n,o){const i=r.authority||e.auth.authority,s=[...r&&r.scopes||[]],a={...r,correlationId:r.correlationId,authority:i,scopes:s};if(!a.authenticationScheme)a.authenticationScheme=ee.BEARER,n.verbose("1l4fwv",o);else{if(a.authenticationScheme===ee.SSH){if(!r.sshJwk)throw V(Oa,"");if(!r.sshKid)throw V(Zm,"")}n.verbose(`1ecmns ${a.authenticationScheme}`,o)}return a}async function dC(r,e,t,n,o){const i=await w(mc,tc,o,n,r.correlationId)(r,t,n,o,r.correlationId);return{...r,...i,account:e,forceRefresh:r.forceRefresh||!1}}function Vu(r,e){let t;const n=r.httpMethod;if(e===Me.EAR){if(n&&n!==Wn.POST)throw V(Qm,"");t=Wn.POST}else t=n||Wn.GET;return t}/*! @azure/msal-browser v5.15.0 2026-06-23 */class hr extends Gu{initializeLogoutRequest(e){this.logger.verbose("0546u4",this.correlationId);const t={correlationId:this.correlationId,...e};if(e)if(e.logoutHint)this.logger.verbose("12k4l4",this.correlationId);else if(e.account){const n=e.account.loginHint||this.getLogoutHintFromIdTokenClaims(e.account);n&&(this.logger.verbose("0d7s8p",this.correlationId),t.logoutHint=n)}else this.logger.verbose("0pdtc3",this.correlationId);else this.logger.verbose("07ndze",this.correlationId);return!e||e.postLogoutRedirectUri!==null?e&&e.postLogoutRedirectUri?(this.logger.verbose("1vamm6",t.correlationId),t.postLogoutRedirectUri=B.getAbsoluteUrl(e.postLogoutRedirectUri,_t(),t.correlationId)):this.config.auth.postLogoutRedirectUri===null?this.logger.verbose("15m5g7",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("1f4xlz",t.correlationId),t.postLogoutRedirectUri=B.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,_t(),t.correlationId)):(this.logger.verbose("17s5rf",t.correlationId),t.postLogoutRedirectUri=B.getAbsoluteUrl(_t(),_t(),t.correlationId)):this.logger.verbose("0ljv63",t.correlationId),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return this.logger.verbose("0u5bmc",this.correlationId),t.login_hint;this.logger.verbose("0mvp54",this.correlationId)}else this.logger.verbose("1e7bdp",this.correlationId);return null}async createAuthCodeClient(e){const t=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)(e);return new Tu(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:t,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}=e,a=e.authority||await w(At,yn,this.logger,this.performanceClient,this.correlationId)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,n,o,i,s),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:a,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri,isMcp:this.config.auth.isMcp},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:t,libraryInfo:{sku:Ye.MSAL_SKU,version:Nt,cpu:"",os:""},telemetry:this.config.telemetry}}}async function Zr(r,e,t,n,o,i,s,a){const c=ci(r.redirectUri,t.auth.redirectUri,i,a);new URL(c).origin!==new URL(window.location.href).origin&&(i.warning("08qbvw",a),s.addFields({isRedirectUriCrossOrigin:!0},a));const l={interactionType:e},h=$a(n,r&&r.state||"",l,a),p={...await w(mc,tc,i,s,a)({...r,correlationId:a},t,s,i,a),redirectUri:c,state:h,nonce:r.nonce||en(),responseMode:t.auth.OIDCOptions.responseMode},u={...p,httpMethod:Vu(p,t.system.protocolMode)};if(r.loginHint||r.sid)return u;const f=r.account||o.getActiveAccount(a);return f&&(i.verbose("1eqlb3",a),i.verbosePii(`0tf99t ${f.homeAccountId}`,a),u.account=f),u}/*! @azure/msal-browser v5.15.0 2026-06-23 */function uC(r,e,t){if(!e)return null;try{return ao(r.base64Decode,e,t).libraryState.meta}catch{throw T(Jr,t)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */function Kr(r,e,t,n){const o=Yo(r);if(!o)throw ou(r)?(t.error(`13pl0s ${e} ${e}`,n),t.errorPii(`1097vx ${e} ${r}`,n),A(Fv,n)):(t.error(`18h0l1 ${e} ${e}`,n),A(Kv,n));return o}function pC(r,e,t,n){if(!r.state)throw A(ic,n);const o=uC(e,r.state,n);if(!o)throw A(Au,n);if(o.interactionType!==t)throw A(jv,n)}/*! @azure/msal-browser v5.15.0 2026-06-23 */class Zu{constructor(e,t,n,o,i){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=i}async handleCodeResponse(e,t,n){let o;try{o=Xw(e,t.state,t.correlationId)}catch(i){throw i instanceof In&&i.subError===Xs?A(Xs,t.correlationId):i}return w(this.handleCodeResponseFromServer.bind(this),du,this.logger,this.performanceClient,t.correlationId)(o,t,n)}async handleCodeResponseFromServer(e,t,n,o=!0){if(this.logger.trace("0mf2hb",t.correlationId),this.authCodeRequest.code=e.code,o&&(e.nonce=t.nonce||void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const s=this.createCcsCredentials(t);s&&(this.authCodeRequest.ccsCredential=s)}return await w(this.authModule.acquireToken.bind(this.authModule),Cv,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,n,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:tt.HOME_ACCOUNT_ID}:e.loginHint?{credential:e.loginHint,type:tt.UPN}:null}}/*! @azure/msal-browser v5.15.0 2026-06-23 */const fC="ContentError",gC="PageException",mC="user_switch";/*! @azure/msal-browser v5.15.0 2026-06-23 */const yC="USER_INTERACTION_REQUIRED",wC="USER_CANCEL",vC="NO_NETWORK",bC="DISABLED",CC="ACCOUNT_UNAVAILABLE",TC="UI_NOT_ALLOWED";/*! @azure/msal-browser v5.15.0 2026-06-23 */const kC=-2147186943;class qe extends oe{constructor(e,t,n,o){super(e,t,n||Ei(e)),Object.setPrototypeOf(this,qe.prototype),this.name="NativeAuthError",this.ext=o}}function Un(r){if(r.ext&&r.ext.status&&r.ext.status===bC||r.ext&&r.ext.error&&r.ext.error===kC)return!0;switch(r.errorCode){case fC:case gC:return!0;default:return!1}}function hi(r,e,t,n){let o;if(n&&n.status){switch(n.status){case CC:o=oi(Nw,e,Ei(r));break;case yC:o=new st(r,e,t);break;case wC:o=A(Xs,e);break;case vC:o=A(Ys,e);break;case TC:o=oi(pu,e);break;default:o=new qe(r,e,t,n)}return o}return o=new qe(r,e,t,n),o}/*! @azure/msal-browser v5.15.0 2026-06-23 */class $u extends hr{async acquireToken(e){const t=Re(z.acquireTokenSilent_silentFlow,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),n=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),o=new Vw(n,this.performanceClient);this.logger.verbose("0wa871",this.correlationId);try{const s=(await w(o.acquireCachedToken.bind(o),wv,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),s}catch(i){throw i instanceof co&&i.errorCode===Pu&&this.logger.verbose("06wena",this.correlationId),i}}logout(e){this.logger.verbose("1rkurh",this.correlationId);const t=this.initializeLogoutRequest(e);return gc(this.browserStorage,this.browserCrypto,this.logger,this.correlationId,t.account)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class Lo extends Gu{constructor(e,t,n,o,i,s,a,c,l,h,d,p){super(e,t,n,o,i,s,c,p,l),this.apiId=a,this.accountId=h,this.platformAuthProvider=l,this.nativeStorageManager=d,this.silentCacheClient=new $u(e,this.nativeStorageManager,n,o,i,s,c,p,l);const u=this.platformAuthProvider.getExtensionName();this.skus=er.makeExtraSkuString({libraryName:Ye.MSAL_SKU,libraryVersion:Nt,extensionName:u,extensionVersion:this.platformAuthProvider.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[Mm]:this.skus}}async acquireToken(e,t){this.logger.trace("03qeos",this.correlationId);const n=this.performanceClient.startMeasurement(ec,this.correlationId),o=it(),i=Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{const s=await this.initializePlatformRequest(e);try{const c=await this.acquireTokensFromCache(this.accountId,s);return n.end({success:!0,isNativeBroker:!1,fromCache:!0}),c}catch(c){if(t===Se.AccessToken)throw this.logger.info("0eitbc",this.correlationId),n.end({success:!1,brokerErrorCode:"cache_request_failed"}),c;this.logger.info("0957j1",this.correlationId)}const a=await this.platformAuthProvider.sendMessage(s);return await this.handleNativeResponse(a,s,o).then(c=>(n.end({success:!0,isNativeBroker:!0,requestId:c.requestId}),i.clearNativeBrokerErrorCode(),c)).catch(c=>{throw n.end({success:!1,errorCode:c.errorCode,subErrorCode:c.subError}),c})}catch(s){throw s instanceof qe&&i.setNativeBrokerErrorCode(s.errorCode),n.end({success:!1}),s}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:Ce.fromString(e.scope,this.correlationId).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("1ndf3e",this.correlationId),T(Mh,this.correlationId);const n=this.browserStorage.getBaseAccountInfo({nativeAccountId:e},this.correlationId);if(!n)throw T(Mh,this.correlationId);try{const o=this.createSilentCacheRequest(t,n),i=await this.silentCacheClient.acquireToken(o),s=this.browserStorage.getIdToken(n,this.correlationId,this.browserStorage.getTokenKeys(),n.tenantId),a=ft((s==null?void 0:s.secret)||"",ve,this.correlationId),c=qo(n,void 0,a,s==null?void 0:s.secret);return{...i,idToken:(s==null?void 0:s.secret)||"",idTokenClaims:a,account:c}}catch(o){throw o}}async acquireTokenRedirect(e,t,n){this.logger.trace("0luikq",this.correlationId);const o=await this.initializePlatformRequest(e),i=(n==null?void 0:n.navigateToLoginRequestUrl)??!0;try{await this.platformAuthProvider.sendMessage(o)}catch(c){if(c instanceof qe&&(Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled).setNativeBrokerErrorCode(c.errorCode),Un(c)))throw c}this.browserStorage.setTemporaryCache(se.NATIVE_REQUEST,JSON.stringify(o),!0);const s={apiId:z.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=i?B.getAbsoluteUrl(e.redirectStartPage||window.location.href,_t(),this.correlationId):ci(e.redirectUri,this.config.auth.redirectUri,this.logger,this.correlationId);t.end({success:!0}),await this.navigationClient.navigateExternal(a,s)}async handleRedirectPromise(){var i,s;if(this.logger.trace("1c5lhw",this.correlationId),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("0le6uv",this.correlationId),null;const e=this.browserStorage.getCachedNativeRequest();if(!e)return this.logger.verbose("0a6zjb",this.correlationId),(i=this.performanceClient)==null||i.addFields({errorCode:"no_cached_request"},this.correlationId),null;const{prompt:t,...n}=e;t&&this.logger.verbose("0ac34v",this.correlationId),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(se.NATIVE_REQUEST));const o=it();try{this.logger.verbose("003x5a",this.correlationId);const a=await this.platformAuthProvider.sendMessage(n),c=await this.handleNativeResponse(a,n,o);return Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled).clearNativeBrokerErrorCode(),(s=this.performanceClient)==null||s.addFields({isNativeBroker:!0},this.correlationId),c}catch(a){throw a}}logout(){return this.logger.trace("0u2sjm",this.correlationId),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,n){var h,d;this.logger.trace("1bojln",this.correlationId);const o=ft(e.id_token,ve,this.correlationId),i=this.createHomeAccountIdentifier(e,o),s=(h=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId},this.correlationId))==null?void 0:h.homeAccountId;if((d=t.extraParameters)!=null&&d.child_client_id&&e.account.id!==t.accountId)this.logger.info("1ub1in",this.correlationId);else if(i!==s&&e.account.id!==t.accountId)throw hi(mC,this.correlationId);const a=await At(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,t.authority),c=gu(this.browserStorage,a,i,ve,this.correlationId,o,e.client_info,a.getPreferredCache(),o.tid,void 0,e.account.id,this.logger,this.performanceClient);e.expires_in=Number(e.expires_in);const l=await this.generateAuthenticationResult(e,t,o,c,a.canonicalAuthority,n);return await this.cacheAccount(c,mt(o)),await this.cacheNativeTokens(e,t,i,o,l.tenantId,n,a.getPreferredCache()),l}createHomeAccountIdentifier(e,t){return au(e.client_info||"",Ze.Default,this.logger,this.browserCrypto,this.correlationId,t)}generateScopes(e,t){return t?Ce.fromString(t,this.correlationId):Ce.fromString(e,this.correlationId)}async generatePopAccessToken(e,t){if(t.tokenType===ee.POP&&t.signPopToken){if(e.shr)return this.logger.trace("0coqhu",this.correlationId),e.shr;const n=new qn(this.browserCrypto,this.performanceClient),o={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce,correlationId:this.correlationId};if(!t.keyId)throw T(Gd,this.correlationId);return n.signPopToken(e.access_token,t.keyId,o)}else return e.access_token}async generateAuthenticationResult(e,t,n,o,i,s){var y;const a=this.addTelemetryFromNativeResponse(e.properties.MATS),c=this.generateScopes(t.scope,e.scope),l=e.account.properties||{},h=l.UID||n.oid||n.sub||"",d=l.TenantId||n.tid||"",p=qo(bn(o),void 0,n,e.id_token);if(p.nativeAccountId!==e.account.id){p.nativeAccountId=e.account.id;const m=d||p.tenantId,b=(y=p.tenantProfiles)==null?void 0:y.get(m);b&&(b.nativeAccountId=e.account.id)}const u=await this.generatePopAccessToken(e,t),f=t.tokenType===ee.POP?ee.POP:ee.BEARER;return{authority:i,uniqueId:h,tenantId:d,scopes:c.asArray(),account:p,idToken:e.id_token,idTokenClaims:n,accessToken:u,fromCache:a?this.isResponseFromCache(a):!1,expiresOn:Mo(s+e.expires_in),tokenType:f,correlationId:this.correlationId,state:e.state,fromPlatformBroker:!0,...t.resource&&{resource:t.resource}}}async cacheAccount(e,t){await this.browserStorage.setAccount(e,this.correlationId,t,this.apiId),this.browserStorage.removeAccountContext(bn(e),this.correlationId)}async cacheNativeTokens(e,t,n,o,i,s,a){var f;const c=bi(n,a,e.id_token||"",t.clientId,o.tid||""),l=t.tokenType===ee.POP?_h:(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,h=s+l,d=this.generateScopes(e.scope,t.scope),p=Ci(n,a,e.access_token,t.clientId,o.tid||i,d.printScopes(),h,0,ve,t.correlationId,void 0,t.tokenType,void 0,t.keyId);c&&((f=t.storeInCache)==null?void 0:f.idToken)!==!1&&await this.browserStorage.setIdTokenCredential(c,this.correlationId,mt(o));const u={accessToken:p};return this.nativeStorageManager.saveCacheRecord(u,this.correlationId,mt(o),this.apiId,t.storeInCache)}getExpiresInValue(e,t){return e===ee.POP?_h:(typeof t=="string"?parseInt(t,10):t)||0}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.platformAuthProvider.getExtensionId(),extensionVersion:this.platformAuthProvider.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}getMATSFromResponse(e){if(e)try{return JSON.parse(e)}catch{this.logger.error("0b3l57",this.correlationId)}return null}isResponseFromCache(e){return typeof e.is_cached>"u"?(this.logger.verbose("1okqev",this.correlationId),!1):!!e.is_cached}async initializePlatformRequest(e){this.logger.trace("1xdm2a",this.correlationId);const t=await this.getCanonicalAuthority(e),n=e.skipBrokerClaims&&e.embeddedClientId?void 0:this.config.auth.clientCapabilities,{scopes:o,claims:i,...s}=e,a=new Ce(o||[],this.correlationId);a.appendScopes(ir);const c=qd(i,n!=null&&n.length?n:void 0),l={...s,claims:c,accountId:this.accountId,clientId:this.config.auth.clientId,authority:t.urlString,scope:a.printScopes(),redirectUri:ci(e.redirectUri,this.config.auth.redirectUri,this.logger,this.correlationId),prompt:this.getPrompt(e.prompt),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraParameters},extendedExpiryToken:!1,keyId:e.popKid};if(l.signPopToken&&e.popKid)throw A(hb,this.correlationId);if(this.handleExtraBrokerParams(l),l.extraParameters=l.extraParameters||{},l.extraParameters.telemetry=je.MATS_TELEMETRY,e.authenticationScheme===ee.POP){const h={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce,correlationId:this.correlationId},d=new qn(this.browserCrypto,this.performanceClient);let p;if(l.keyId)p=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:l.keyId})),l.signPopToken=!1;else{const u=await w(d.generateCnf.bind(d),so,this.logger,this.performanceClient,this.correlationId)(h,this.logger);p=u.reqCnfString,l.keyId=u.kid,l.signPopToken=!0}l.reqCnf=p}return this.addRequestSKUs(l),l}async getCanonicalAuthority(e){const t=e.authority||this.config.auth.authority,{azureCloudOptions:n,account:o}=e;o&&await At(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,t,n,void 0,o);const i=new B(t,this.correlationId);return i.validateAsUri(),i}getPrompt(e){switch(this.apiId){case z.ssoSilent:case z.acquireTokenSilent_silentFlow:return this.logger.trace("12n1y2",this.correlationId),be.NONE}if(!e){this.logger.trace("0uid1p",this.correlationId);return}switch(e){case be.NONE:case be.CONSENT:case be.LOGIN:return this.logger.trace("0i0hco",this.correlationId),e;default:throw this.logger.trace(`0w3tpw ${e}`,this.correlationId),A(ab,this.correlationId)}}handleExtraBrokerParams(e){var i;const t=e.extraParameters&&e.extraParameters.hasOwnProperty(Wr)&&e.extraParameters.hasOwnProperty($o)&&e.extraParameters.hasOwnProperty(vn);if(!e.embeddedClientId&&!t)return;let n="";const o=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,n=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[$o],n=e.extraParameters[vn]),e.extraParameters={child_client_id:n,child_redirect_uri:o},(i=this.performanceClient)==null||i.addFields({embeddedClientId:n,embeddedRedirectUri:o},this.correlationId)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */const _C=new Map([["e","AAD"],["m","MSA"]]);function IC(r){var e,t,n,o,i;if(!r)return null;try{const c=(/%(?:[0-9A-Fa-f]{2})/.test(r)?decodeURIComponent(r):r).split("|");return c.length<5?null:{accountType:_C.get(((e=c[0])==null?void 0:e.trim())||"")||"",error:((t=c[1])==null?void 0:t.trim())||"",subError:((n=c[2])==null?void 0:n.trim())||"",cloudInstance:((o=c[3])==null?void 0:o.trim())||"",callerDataBoundary:((i=c[4])==null?void 0:i.trim())||""}}catch{return null}}function Xu(r,e,t){const n=IC(r.clientdata);n!=null&&n.accountType&&t.addFields({accountType:n.accountType},e),n!=null&&n.error&&t.addFields({serverErrorNo:n.error},e),n!=null&&n.subError&&t.addFields({serverSubErrorNo:n.subError},e)}async function yc(r,e,t,n,o){const i=$w({...r.auth,authority:e},t,n,o);if(La(i,{sku:Ye.MSAL_SKU,version:Nt,os:"",cpu:""}),r.system.protocolMode!==Me.OIDC&&Ha(i,r.telemetry.application),t.platformBroker&&(vy(i),o.addFields({isPlatformAuthorizeRequest:!0},t.correlationId),t.authenticationScheme===ee.POP)){const s=new Ot(n,o),a=new qn(s,o);let c;t.popKid?c=s.encodeKid(t.popKid):c=(await w(a.generateCnf.bind(a),so,n,o,t.correlationId)(t,n)).reqCnfString,ja(i,c)}return wi(i,t.correlationId,o),i}async function wc(r,e,t,n,o){if(!t.codeChallenge)throw V(Kd,t.correlationId);const i=await w(yc,vv,n,o,t.correlationId)(r,e,t,n,o);return Na(i,Ia.CODE),Ka(i,t.codeChallenge,_a),gt(i,{...t.extraQueryParameters,...t.extraParameters}),Xa(e,i)}async function vc(r,e,t,n,o,i){if(!n.earJwk)throw A(Eu,n.correlationId);const s=await yc(e,t,n,o,i);Na(s,Ia.IDTOKEN_TOKEN_REFRESHTOKEN),Oy(s,n.earJwk),Ka(s,n.codeChallenge,_a),gt(s,{...n.extraParameters});const a=new Map;gt(a,n.extraQueryParameters||{}),oo(a,n.correlationId);const c=Xa(t,a);return Yu(r,c,s)}async function bc(r,e,t,n,o,i){const s=await yc(e,t,n,o,i);Na(s,Ia.CODE),Ka(s,n.codeChallenge,n.codeChallengeMethod||_a),gt(s,{...n.extraParameters});const a=new Map;gt(a,n.extraQueryParameters||{}),oo(a,n.correlationId);const c=Xa(t,a);return Yu(r,c,s)}function Yu(r,e,t){const n=r.createElement("form");return n.method="post",n.action=e,t.forEach((o,i)=>{const s=r.createElement("input");s.hidden=!0,s.name=i,s.value=o,n.appendChild(s)}),r.body.appendChild(n),n}async function Qu(r,e,t,n,o,i,s,a,c,l){if(a.verbose("11qcow",r.correlationId),!l)throw A(Nu,r.correlationId);const h=new Ot(a,c),d=new Lo(n,o,h,a,s,n.system.navigationClient,t,c,l,e,i,r.correlationId),{userRequestState:p}=ao(h.base64Decode,r.state,r.correlationId);return w(d.acquireToken.bind(d),ec,a,c,r.correlationId)({...r,state:p,prompt:void 0})}async function $n(r,e,t,n,o,i,s,a,c,l,h,d){if(pt.removeThrottle(s,o.auth.clientId,r),Xu(e,r.correlationId,h),e.accountId)return w(Qu,Iu,l,h,r.correlationId)(r,e.accountId,n,o,s,a,c,l,h,d);const p={...r,code:e.code||"",codeVerifier:t},u=new Zu(i,s,p,l,h);return await w(u.handleCodeResponse.bind(u),bv,l,h,r.correlationId)(e,r,n)}async function Cc(r,e,t,n,o,i,s,a,c,l,h){if(pt.removeThrottle(i,n.auth.clientId,r),Xu(e,r.correlationId,l),Ya(e,r.state,r.correlationId),!e.ear_jwe)throw A(Hv,r.correlationId);if(!r.earJwk)throw A(Eu,r.correlationId);const d=JSON.parse(await w(Rb,Dv,c,l,r.correlationId)(r.earJwk,e.ear_jwe));if(d.accountId)return w(Qu,Iu,c,l,r.correlationId)(r,d.accountId,t,n,i,s,a,c,l,h);const p=new Cn(n.auth.clientId,i,new Ot(c,l),c,l,null,null);p.validateTokenResponse(d,r.correlationId);const u={code:"",state:r.state,nonce:r.nonce,client_info:d.client_info,cloud_graph_host_name:d.cloud_graph_host_name,cloud_instance_host_name:d.cloud_instance_host_name,cloud_instance_name:d.cloud_instance_name,msgraph_host:d.msgraph_host};return await w(p.handleServerTokenResponse.bind(p),Va,c,l,r.correlationId)(d,o,it(),r,t,u,void 0,void 0,void 0,void 0)}/*! @azure/msal-browser v5.15.0 2026-06-23 */const SC=32;async function kn(r,e,t){const n=ze(EC,Av,e,r,t)(r,e,t),o=await w(AC,Rv,e,r,t)(n,r,e,t);return{verifier:n,challenge:o}}function EC(r,e,t){try{const n=new Uint8Array(SC);return ze(_b,Ov,e,r,t)(n),qt(n)}catch{throw A(Su,t)}}async function AC(r,e,t,n){try{const o=await w(Lu,Pv,t,e,n)(r);return qt(new Uint8Array(o))}catch{throw A(Su,n)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class li{navigateInternal(e,t){return li.defaultNavigateWindow(e,t)}navigateExternal(e,t){return li.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise((n,o)=>{setTimeout(()=>{o(A(si,"","failed_to_redirect"))},t.timeout)})}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class RC{async sendGetRequestAsync(e,t){let n,o={},i=0;const s=bl(t);try{n=await fetch(e,{method:ol.GET,headers:s})}catch(a){throw Pr(A(window.navigator.onLine?eb:Ys,""),void 0,void 0,a)}o=Cl(n.headers);try{return i=n.status,{headers:o,body:await n.json(),status:i}}catch(a){throw Pr(A(rl,""),i,o,a)}}async sendPostRequestAsync(e,t){const n=t&&t.body||"",o=bl(t);let i,s=0,a={};try{i=await fetch(e,{method:ol.POST,headers:o,body:n})}catch(c){throw Pr(A(window.navigator.onLine?qv:Ys,""),void 0,void 0,c)}a=Cl(i.headers);try{return s=i.status,{headers:a,body:await i.json(),status:s}}catch(c){throw Pr(A(rl,""),s,a,c)}}}function bl(r){try{const e=new Headers;if(!(r&&r.headers))return e;const t=r.headers;return Object.entries(t).forEach(([n,o])=>{e.append(n,o)}),e}catch(e){throw Pr(A(lb,""),void 0,void 0,e)}}function Cl(r){try{const e={};return r.forEach((t,n)=>{e[n]=t}),e}catch{throw A(db,"")}}/*! @azure/msal-browser v5.15.0 2026-06-23 */const PC=6e4,OC=1e4,NC=3e4,qu=2e3;function xC({auth:r,cache:e,system:t,experimental:n,telemetry:o},i){const s={clientId:"",authority:`${Sd}`,knownAuthorities:[],cloudDiscoveryMetadata:"",authorityMetadata:"",redirectUri:typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:"",postLogoutRedirectUri:"",clientCapabilities:[],OIDCOptions:{responseMode:Sa.FRAGMENT,defaultScopes:[Ad,Rd,ka]},azureCloudOptions:{azureCloudInstance:za.None,tenant:""},instanceAware:!1,isMcp:!1,verifySSO:!1},a={cacheLocation:yt.SessionStorage,cacheRetentionDays:5},c={loggerCallback:()=>{},logLevel:ie.Info,piiLoggingEnabled:!1},h={...{...hu,loggerOptions:c,networkClient:i?new RC:Zw,navigationClient:new li,popupBridgeTimeout:(t==null?void 0:t.popupBridgeTimeout)||PC,iframeBridgeTimeout:(t==null?void 0:t.iframeBridgeTimeout)||OC,redirectNavigationTimeout:NC,allowRedirectInIframe:!1,navigatePopups:!0,allowPlatformBroker:!1,nativeBrokerHandshakeTimeout:(t==null?void 0:t.nativeBrokerHandshakeTimeout)||qu,protocolMode:Me.AAD,serverTelemetryEnabled:!1},...t,loggerOptions:(t==null?void 0:t.loggerOptions)||c},d={application:{appName:"",appVersion:""},client:new cu},p={iframeTimeoutTelemetry:!1,allowPlatformBrokerWithDOM:!1};if((t==null?void 0:t.protocolMode)!==Me.OIDC&&(r!=null&&r.OIDCOptions)&&new ot(h.loggerOptions,Pi,Nt).warning(JSON.stringify(V($m,"")),""),t!=null&&t.protocolMode&&t.protocolMode===Me.OIDC&&(h!=null&&h.allowPlatformBroker))throw V(Xm,"");return{auth:{...s,...r,OIDCOptions:{...s.OIDCOptions,...r==null?void 0:r.OIDCOptions}},cache:{...a,...e},system:h,experimental:{...p,...n},telemetry:{...d,...o}}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class di{constructor(e,t,n,o){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=o,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=n,this.handshakeEvent=this.performanceClient.startMeasurement(Sv),this.platformAuthType=je.PLATFORM_EXTENSION_PROVIDER}async sendMessage(e){this.logger.trace(`0on4p2 ${this.platformAuthType}`,e.correlationId);const t={method:Ir.GetToken,request:e},n={channel:je.CHANNEL_ID,extensionId:this.extensionId,responseId:en(),body:t};this.logger.trace(`1qadfi ${this.platformAuthType}`,e.correlationId),this.logger.tracePii(`1xm533 ${this.platformAuthType} ${JSON.stringify(n)}`,e.correlationId),this.messageChannel.port1.postMessage(n);const o=await new Promise((s,a)=>{this.resolvers.set(n.responseId,{resolve:s,reject:a})});return this.validatePlatformBrokerResponse(o)}static async createProvider(e,t,n,o){e.trace("15zfnw",o);try{const i=new di(e,t,n,je.PREFERRED_EXTENSION_ID);return await i.sendHandshakeRequest(o),i}catch{const s=new di(e,t,n);return await s.sendHandshakeRequest(o),s}}async sendHandshakeRequest(e){this.logger.trace(`1dpg9o ${this.platformAuthType}`,e),window.addEventListener("message",this.windowListener,!1);const t={channel:je.CHANNEL_ID,extensionId:this.extensionId,responseId:en(),body:{method:Ir.HandshakeRequest}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=n=>{this.onChannelMessage(n)},window.postMessage(t,window.origin,[this.messageChannel.port2]),new Promise((n,o)=>{this.handshakeResolvers.set(t.responseId,{resolve:n,reject:o}),this.timeoutId=window.setTimeout(()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),o(A(ib,"")),this.handshakeResolvers.delete(t.responseId)},this.handshakeTimeoutMs)})}onWindowMessage(e){const t=qs();if(this.logger.trace(`0jpn5u ${this.platformAuthType}`,t),e.source!==window)return;const n=e.data;if(!(!n.channel||n.channel!==je.CHANNEL_ID)&&!(n.extensionId&&n.extensionId!==this.extensionId)&&n.body.method===Ir.HandshakeRequest){const o=this.handshakeResolvers.get(n.responseId);if(!o){this.logger.trace(`07buhm ${this.platformAuthType} ${n.responseId}`,t);return}this.logger.verbose(n.extensionId?`0xrkug ${n.extensionId}`:"No extension installed",t),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),o.reject(A(sb,""))}}onChannelMessage(e){const t=qs();this.logger.trace(`1py8yf ${this.platformAuthType}`,t);const n=e.data,o=this.resolvers.get(n.responseId),i=this.handshakeResolvers.get(n.responseId);try{const s=n.body.method;if(s===Ir.Response){if(!o)return;const a=n.body.response;if(this.logger.trace(`19hpgm ${this.platformAuthType}`,t),this.logger.tracePii(`179a24 ${this.platformAuthType} ${JSON.stringify(a)}`,t),a.status!=="Success")o.reject(hi(a.code,t,a.description,a.ext));else if(a.result)a.result.code&&a.result.description?o.reject(hi(a.result.code,t,a.result.description,a.result.ext)):o.resolve(a.result);else throw Js($s,t,"Event does not contain result.");this.resolvers.delete(n.responseId)}else if(s===Ir.HandshakeResponse){if(!i){this.logger.trace(`082qnt ${this.platformAuthType} ${n.responseId}`,t);return}clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=n.extensionId,this.extensionVersion=n.body.version,this.logger.verbose(`0yf5ib ${this.platformAuthType} ${this.extensionId}`,t),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),i.resolve(),this.handshakeResolvers.delete(n.responseId)}}catch(s){this.logger.error("0xf978",t),this.logger.errorPii(`04i99o ${s}`,t),this.logger.errorPii(`0xdvsy ${e}`,t),o?o.reject(s):i&&i.reject(s)}}validatePlatformBrokerResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw Js($s,"","Response missing expected properties.")}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}getExtensionName(){var e;return this.getExtensionId()===je.PREFERRED_EXTENSION_ID?"chrome":(e=this.getExtensionId())!=null&&e.length?"unknown":void 0}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class Tc{constructor(e,t,n){this.logger=e,this.performanceClient=t,this.correlationId=n,this.platformAuthType=je.PLATFORM_DOM_PROVIDER}static async createProvider(e,t,n){var o;if(e.trace("12mj4a",n),(o=window.navigator)!=null&&o.platformAuthentication){const i=await window.navigator.platformAuthentication.getSupportedContracts(je.MICROSOFT_ENTRA_BROKERID);if(i!=null&&i.includes(je.PLATFORM_DOM_APIS))return e.trace("1h5q1r",n),new Tc(e,t,n)}}getExtensionId(){return je.MICROSOFT_ENTRA_BROKERID}getExtensionVersion(){return""}getExtensionName(){return je.DOM_API_NAME}async sendMessage(e){this.logger.trace(`02bcil ${this.platformAuthType}`,e.correlationId);try{const t=this.initializePlatformDOMRequest(e),n=await window.navigator.platformAuthentication.executeGetToken(t);return this.validatePlatformBrokerResponse(n,e.correlationId)}catch(t){throw this.logger.error(`11im7g ${this.platformAuthType}`,e.correlationId),t}}initializePlatformDOMRequest(e){this.logger.trace(`15d6yv ${this.platformAuthType}`,e.correlationId);const{accountId:t,clientId:n,authority:o,scope:i,redirectUri:s,correlationId:a,state:c,storeInCache:l,embeddedClientId:h,extraParameters:d,...p}=e,u=this.getDOMExtraParams(p,a);return{accountId:t,brokerId:this.getExtensionId(),authority:o,clientId:n,correlationId:a||this.correlationId,extraParameters:{...d,...u},isSecurityTokenService:!1,redirectUri:s,scope:i,state:c,storeInCache:l,embeddedClientId:h}}validatePlatformBrokerResponse(e,t){if(e.hasOwnProperty("isSuccess")){if(e.hasOwnProperty("accessToken")&&e.hasOwnProperty("idToken")&&e.hasOwnProperty("clientInfo")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scopes")&&e.hasOwnProperty("expiresIn"))return this.logger.trace(`0h4vei ${this.platformAuthType}`,t),this.convertToPlatformBrokerResponse(e,t);if(e.hasOwnProperty("error")){const n=e;if(n.isSuccess===!1&&n.error&&n.error.code)throw this.logger.trace(`0g92vm ${this.platformAuthType}`,t),hi(n.error.code,t,n.error.description,{error:parseInt(n.error.errorCode),protocol_error:n.error.protocolError,status:n.error.status,properties:n.error.properties})}}throw Js($s,t,"Response missing expected properties.")}convertToPlatformBrokerResponse(e,t){return this.logger.trace(`14913t ${this.platformAuthType}`,t),{access_token:e.accessToken,id_token:e.idToken,client_info:e.clientInfo,account:e.account,expires_in:e.expiresIn,scope:e.scopes,state:e.state||"",properties:e.properties||{},extendedLifetimeToken:e.extendedLifetimeToken??!1,shr:e.proofOfPossessionPayload}}getDOMExtraParams(e,t){try{const n={};for(const[o,i]of Object.entries(e))i&&(typeof i=="object"?n[o]=JSON.stringify(i):n[o]=String(i));return n}catch(n){return this.logger.error(`0eu9o3 ${this.platformAuthType}`,t),this.logger.errorPii(`17rpl5 ${this.platformAuthType} ${n}`,t),{}}}}/*! @azure/msal-browser v5.15.0 2026-06-23 */async function MC(r,e,t,n,o){r.trace("134j0v",t),r.trace(`04c81g ${o}`,t);let i;try{o&&(i=await Tc.createProvider(r,e,t)),i||(r.trace("0l3na8",t),i=await di.createProvider(r,n||qu,e,t))}catch(s){r.trace("0icbd7",s)}return i}function $r(r,e,t,n,o){if(e.trace("0uko3r",t),!r.system.allowPlatformBroker&&r.experimental.allowPlatformBrokerWithDOM)throw V(qm,"");if(!r.system.allowPlatformBroker)return e.trace("04hozs",t),!1;if(!n)return e.trace("0kvv1r",t),!1;if(o)switch(o){case ee.BEARER:case ee.POP:return e.trace("18tev1",t),!0;default:return e.trace("1dd2nh",t),!1}return!0}/*! @azure/msal-browser v5.15.0 2026-06-23 */class UC extends hr{constructor(e,t,n,o,i,s,a,c,l,h,d){super(e,t,n,o,i,s,a,l,h),this.nativeStorage=c,this.eventHandler=i,this.waitForPopupResponseHook=d}acquireToken(e,t){let n;try{if(n={popupName:this.generatePopupName(e.scopes||ir,e.authority||this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes||{},popupWindowParent:e.popupWindowParent??window},this.performanceClient.addFields({isAsyncPopup:!this.config.system.navigatePopups},this.correlationId),this.config.system.navigatePopups){const i={...e,httpMethod:Vu(e,this.config.system.protocolMode)};return this.logger.verbose("1f9ok3",this.correlationId),n.popup=this.openSizedPopup("about:blank",n),this.acquireTokenPopupAsync(i,n,t)}else return this.logger.verbose("162h4u",this.correlationId),this.acquireTokenPopupAsync(e,n,t)}catch(o){return Promise.reject(o)}}logout(e){try{this.logger.verbose("068rup",this.correlationId);const t=this.initializeLogoutRequest(e),n={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:(e==null?void 0:e.popupWindowAttributes)||{},popupWindowParent:(e==null?void 0:e.popupWindowParent)??window},o=e&&e.authority,i=e&&e.mainWindowRedirectUri;return this.config.system.navigatePopups?(this.logger.verbose("1a28da",this.correlationId),n.popup=this.openSizedPopup("about:blank",n),this.logoutPopupAsync(t,n,o,i)):(this.logger.verbose("1phd8u",this.correlationId),this.logoutPopupAsync(t,n,o,i))}catch(t){return Promise.reject(t)}}async acquireTokenPopupAsync(e,t,n){this.logger.verbose("1g77pg",this.correlationId);const o=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(e,R.Popup,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId);t.popup&&Ju(o.authority);const i=$r(this.config,this.logger,this.correlationId,this.platformAuthProvider,e.authenticationScheme);return o.platformBroker=i,this.config.system.protocolMode===Me.EAR?this.executeEarFlow(o,t,n):this.executeCodeFlow(o,t,n)}async executeCodeFlow(e,t,n){var c;const o=e.correlationId,i=Re(z.acquireTokenPopup,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),s=n||await w(kn,Tn,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),a={...e,codeChallenge:s.challenge};try{const l=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,o)({serverTelemetryManager:i,requestAuthority:a.authority,requestAzureCloudOptions:a.azureCloudOptions,requestExtraQueryParameters:a.extraQueryParameters,account:a.account});if(a.httpMethod===Wn.POST)return await this.executeCodeFlowWithPost(a,t,l,s.verifier);{const h=await w(wc,Ga,this.logger,this.performanceClient,o)(this.config,l.authority,a,this.logger,this.performanceClient),d=this.initiateAuthRequest(h,t);this.eventHandler.emitEvent(P.POPUP_OPENED,o,R.Popup,{popupWindow:d},null);const p=await this.waitForPopupResponse(e,d,t.popupWindowParent),u=ze(Kr,Hr,this.logger,this.performanceClient,this.correlationId)(p,this.config.auth.OIDCOptions.responseMode,this.logger,this.correlationId);return await w($n,Gn,this.logger,this.performanceClient,o)(e,u,s.verifier,z.acquireTokenPopup,this.config,l,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}}catch(l){throw(c=t.popup)==null||c.close(),l instanceof oe&&(l.correlationId=this.correlationId,i.cacheFailedRequest(l)),l}}async executeEarFlow(e,t,n){const{correlationId:o,authority:i,azureCloudOptions:s,extraQueryParameters:a,account:c}=e,l=await w(At,yn,this.logger,this.performanceClient,o)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,i,s,a,c),h=await w(dc,rc,this.logger,this.performanceClient,o)(),d=n||await w(kn,Tn,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),p={...e,earJwk:h,codeChallenge:d.challenge},u=t.popup||this.openPopup("about:blank",t);(await vc(u.document,this.config,l,p,this.logger,this.performanceClient)).submit();const g=await w(this.waitForPopupResponse.bind(this),ii,this.logger,this.performanceClient,o)(p,u,t.popupWindowParent),y=ze(Kr,Hr,this.logger,this.performanceClient,this.correlationId)(g,this.config.auth.OIDCOptions.responseMode,this.logger,this.correlationId);if(!y.ear_jwe&&y.code){const m=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,o)({serverTelemetryManager:Re(z.acquireTokenPopup,this.config.auth.clientId,o,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account,authority:l});return w($n,Gn,this.logger,this.performanceClient,o)(p,y,d.verifier,z.acquireTokenPopup,this.config,m,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}else return w(Cc,nc,this.logger,this.performanceClient,o)(p,y,z.acquireTokenPopup,this.config,l,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async executeCodeFlowWithPost(e,t,n,o){const i=e.correlationId,s=await w(At,yn,this.logger,this.performanceClient,i)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger),a=t.popup||this.openPopup("about:blank",t);(await bc(a.document,this.config,s,e,this.logger,this.performanceClient)).submit();const l=await w(this.waitForPopupResponse.bind(this),ii,this.logger,this.performanceClient,i)(e,a,t.popupWindowParent),h=ze(Kr,Hr,this.logger,this.performanceClient,this.correlationId)(l,this.config.auth.OIDCOptions.responseMode,this.logger,this.correlationId);return w($n,Gn,this.logger,this.performanceClient,i)(e,h,o,z.acquireTokenPopup,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async logoutPopupAsync(e,t,n,o){var s,a,c;this.logger.verbose("0b7yrk",this.correlationId),this.eventHandler.emitEvent(P.LOGOUT_START,this.correlationId,R.Popup,e);const i=Re(z.logoutPopup,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{await gc(this.browserStorage,this.browserCrypto,this.logger,this.correlationId,e.account);const l=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:i,requestAuthority:n,account:e.account||void 0});try{l.authority.endSessionEndpoint}catch{if((s=e.account)!=null&&s.homeAccountId&&e.postLogoutRedirectUri&&l.authority.protocolMode===Me.OIDC){if(this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,e.correlationId,R.Popup,e),o){const p={apiId:z.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},u=B.getAbsoluteUrl(o,_t(),this.correlationId);await this.navigationClient.navigateInternal(u,p)}(a=t.popup)==null||a.close();return}}e.state=$a(this.browserCrypto,e.state||"",{interactionType:R.Popup},e.correlationId);const h=l.getLogoutUri(e);this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,e.correlationId,R.Popup,e);const d=this.openPopup(h,t);if(this.eventHandler.emitEvent(P.POPUP_OPENED,e.correlationId,R.Popup,{popupWindow:d},null),await this.waitForPopupResponse(e,d,t.popupWindowParent).catch(()=>{}),o){const p={apiId:z.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},u=B.getAbsoluteUrl(o,_t(),this.correlationId);this.logger.verbose("0qcur2",this.correlationId),this.logger.verbosePii(`0oj7lk ${u}`,this.correlationId),await this.navigationClient.navigateInternal(u,p)}else this.logger.verbose("03zgcf",this.correlationId)}catch(l){throw(c=t.popup)==null||c.close(),l instanceof oe&&(l.correlationId=this.correlationId,i.cacheFailedRequest(l)),this.eventHandler.emitEvent(P.LOGOUT_FAILURE,this.correlationId,R.Popup,null,l),this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Popup),l}this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`1kcr9k ${e}`,this.correlationId),this.openPopup(e,t);throw this.logger.error("1l7hyp",this.correlationId),A(oc,this.correlationId)}openPopup(e,t){try{let n;if(t.popup?(n=t.popup,this.logger.verbosePii(`0cgeo7 ${e}`,this.correlationId),n.location.assign(e)):typeof t.popup>"u"&&(this.logger.verbosePii(`0c2awd ${e}`,this.correlationId),n=this.openSizedPopup(e,t)),!n)throw A(Bv,this.correlationId);try{n.document.title="Microsoft Authentication"}catch(o){typeof DOMException<"u"&&o instanceof DOMException&&o.name==="SecurityError"||this.logger.verbose("1s1yfs",this.correlationId)}return n.focus&&n.focus(),this.currentWindow=n,n}catch(n){throw this.logger.error(`0dxfb9 ${n.message}`,this.correlationId),A(Jv,this.correlationId)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:n,popupWindowParent:o}){var u,f,g,y;const i=o.screenLeft?o.screenLeft:o.screenX,s=o.screenTop?o.screenTop:o.screenY,a=o.innerWidth||document.documentElement.clientWidth||document.body.clientWidth,c=o.innerHeight||document.documentElement.clientHeight||document.body.clientHeight;let l=(u=n.popupSize)==null?void 0:u.width,h=(f=n.popupSize)==null?void 0:f.height,d=(g=n.popupPosition)==null?void 0:g.top,p=(y=n.popupPosition)==null?void 0:y.left;return(!l||l<0||l>a)&&(this.logger.verbose("08vfmo",this.correlationId),l=Ye.POPUP_WIDTH),(!h||h<0||h>c)&&(this.logger.verbose("09cxa0",this.correlationId),h=Ye.POPUP_HEIGHT),(!d||d<0||d>c)&&(this.logger.verbose("1qh4wo",this.correlationId),d=Math.max(0,c/2-Ye.POPUP_HEIGHT/2+s)),(!p||p<0||p>a)&&(this.logger.verbose("1sz3en",this.correlationId),p=Math.max(0,a/2-Ye.POPUP_WIDTH/2+i)),o.open(e,t,`width=${l}, height=${h}, top=${d}, left=${p}, scrollbars=yes`)}generatePopupName(e,t){return`${Ye.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${Ye.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${t}.${this.correlationId}`}async waitForPopupResponse(e,t,n){return this.waitForPopupResponseHook?this.waitForPopupResponseHook(e,t,n):ai(this.config.system.popupBridgeTimeout,this.logger,e,this.performanceClient)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */function DC(){if(typeof window>"u"||typeof window.performance>"u"||typeof window.performance.getEntriesByType!="function")return;const r=window.performance.getEntriesByType("navigation"),e=r.length?r[0]:void 0;return e==null?void 0:e.type}class LC extends hr{constructor(e,t,n,o,i,s,a,c,l,h){super(e,t,n,o,i,s,a,l,h),this.nativeStorage=c}async acquireToken(e){const t=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(e,R.Redirect,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId);t.platformBroker=$r(this.config,this.logger,this.correlationId,this.platformAuthProvider,e.authenticationScheme);const n=i=>{i.persisted&&(this.logger.verbose("0udvtt",this.correlationId),this.browserStorage.resetRequestCache(this.correlationId),this.eventHandler.emitEvent(P.RESTORE_FROM_BFCACHE,this.correlationId,R.Redirect))},o=this.getRedirectStartPage(e.redirectStartPage);this.logger.verbosePii(`0zao0a ${o}`,this.correlationId),this.browserStorage.setTemporaryCache(se.ORIGIN_URI,o,!0),window.addEventListener("pageshow",n);try{this.config.system.protocolMode===Me.EAR?await this.executeEarFlow(t):await this.executeCodeFlow(t)}catch(i){throw i instanceof oe&&(i.correlationId=this.correlationId),window.removeEventListener("pageshow",n),i}}async executeCodeFlow(e){const t=e.correlationId,n=Re(z.acquireTokenRedirect,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),o=await w(kn,Tn,this.logger,this.performanceClient,t)(this.performanceClient,this.logger,t),i={...e,codeChallenge:o.challenge};this.browserStorage.cacheAuthorizeRequest(i,this.correlationId,o.verifier);try{if(i.httpMethod===Wn.POST)return await this.executeCodeFlowWithPost(i);{const s=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:i.authority,requestAzureCloudOptions:i.azureCloudOptions,requestExtraQueryParameters:i.extraQueryParameters,account:i.account}),a=await w(wc,Ga,this.logger,this.performanceClient,e.correlationId)(this.config,s.authority,i,this.logger,this.performanceClient);return await this.initiateAuthRequest(a)}}catch(s){throw s instanceof oe&&(s.correlationId=this.correlationId,n.cacheFailedRequest(s)),s}}async executeEarFlow(e){const{correlationId:t,authority:n,azureCloudOptions:o,extraQueryParameters:i,account:s}=e,a=await w(At,yn,this.logger,this.performanceClient,t)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,n,o,i,s),c=await w(dc,rc,this.logger,this.performanceClient,t)(),l=await w(kn,Tn,this.logger,this.performanceClient,t)(this.performanceClient,this.logger,t),h={...e,earJwk:c,codeChallenge:l.challenge};return this.browserStorage.cacheAuthorizeRequest(h,this.correlationId,l.verifier),(await vc(document,this.config,a,h,this.logger,this.performanceClient)).submit(),new Promise((p,u)=>{setTimeout(()=>{u(A(si,"","failed_to_redirect"))},this.config.system.redirectNavigationTimeout)})}async executeCodeFlowWithPost(e){const t=e.correlationId,n=await w(At,yn,this.logger,this.performanceClient,t)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger);return this.browserStorage.cacheAuthorizeRequest(e,this.correlationId),(await bc(document,this.config,n,e,this.logger,this.performanceClient)).submit(),new Promise((i,s)=>{setTimeout(()=>{s(A(si,"","failed_to_redirect"))},this.config.system.redirectNavigationTimeout)})}async handleRedirectPromise(e,t,n,o){const i=document.title;document.title="Microsoft Authentication";const s=Re(z.handleRedirectPromise,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),a=(o==null?void 0:o.navigateToLoginRequestUrl)??!0;try{const[c,l]=this.getRedirectResponse((o==null?void 0:o.hash)||"");if(!c)return this.logger.info("1qmv0q",this.correlationId),this.browserStorage.resetRequestCache(this.correlationId),DC()!=="back_forward"?n.event.errorCode="no_server_response":this.logger.verbose("1eqegq",this.correlationId),null;const h=this.browserStorage.getTemporaryCache(se.ORIGIN_URI,this.correlationId,!0)||"",d=Dh(h,this.logger,this.correlationId),p=Dh(window.location.href,this.logger,this.correlationId);if(d===p&&a)return this.logger.verbose("11yred",this.correlationId),h.indexOf("#")>-1&&Mb(h),await this.handleResponse(c,e,t,s);if(a){if(!Ai()||this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(se.URL_HASH,l,!0);const u={apiId:z.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let f=!0;if(h)this.logger.verbose(`08jpy1 ${h}`,this.correlationId),f=await this.navigationClient.navigateInternal(h,u);else{const g=Lb(this.correlationId);this.browserStorage.setTemporaryCache(se.ORIGIN_URI,g,!0),this.logger.warning("1dutq1",this.correlationId),f=await this.navigationClient.navigateInternal(g,u)}if(!f)return await this.handleResponse(c,e,t,s)}}else return this.logger.verbose("0v4sdv",this.correlationId),await this.handleResponse(c,e,t,s);return null}catch(c){throw c instanceof oe&&(c.correlationId=this.correlationId,s.cacheFailedRequest(c)),c}finally{document.title=i}}getRedirectResponse(e){this.logger.verbose("1c5i8m",this.correlationId);let t=e;t||(this.config.auth.OIDCOptions.responseMode===Sa.QUERY?t=window.location.search:t=window.location.hash);let n=Yo(t);if(n){try{pC(n,this.browserCrypto,R.Redirect,this.correlationId)}catch(i){return i instanceof oe&&this.logger.error(`0bkq6p ${i.errorCode} ${i.errorMessage}`,this.correlationId),[null,""]}return ju(window),this.logger.verbose("00uvho",this.correlationId),[n,t]}const o=this.browserStorage.getTemporaryCache(se.URL_HASH,this.correlationId,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(se.URL_HASH)),o&&(n=Yo(o),n)?(this.logger.verbose("001671",this.correlationId),[n,o]):[null,""]}async handleResponse(e,t,n,o){if(!e.state)throw A(ic,t.correlationId);const{authority:s,azureCloudOptions:a,extraQueryParameters:c,account:l}=t;if(e.ear_jwe){const d=await w(At,yn,this.logger,this.performanceClient,t.correlationId)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,s,a,c,l);return w(Cc,nc,this.logger,this.performanceClient,t.correlationId)(t,e,z.acquireTokenRedirect,this.config,d,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}const h=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:t.authority});return w($n,Gn,this.logger,this.performanceClient,t.correlationId)(t,e,n,z.acquireTokenRedirect,this.config,h,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async initiateAuthRequest(e){if(this.logger.verbose("0yaw2e",this.correlationId),e){this.logger.infoPii(`1luf83 ${e}`,this.correlationId);const t={apiId:z.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},n=this.config.auth.onRedirectNavigate;if(typeof n=="function")if(this.logger.verbose("1nehvl",this.correlationId),n(e)!==!1){this.logger.verbose("1a0jxh",this.correlationId),await this.navigationClient.navigateExternal(e,t);return}else{this.logger.verbose("09k5h5",this.correlationId);return}else{this.logger.verbose("0klwf7",this.correlationId),await this.navigationClient.navigateExternal(e,t);return}}else throw this.logger.info("0rlh4e",this.correlationId),A(oc,this.correlationId)}async logout(e){var o,i;this.logger.verbose("1rkurh",this.correlationId);const t=this.initializeLogoutRequest(e),n=Re(z.logout,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{this.eventHandler.emitEvent(P.LOGOUT_START,this.correlationId,R.Redirect,e),await gc(this.browserStorage,this.browserCrypto,this.logger,this.correlationId,t.account);const s={apiId:z.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:e&&e.authority,requestExtraQueryParameters:e==null?void 0:e.extraQueryParameters,account:e&&e.account||void 0});if(a.authority.protocolMode===Me.OIDC)try{a.authority.endSessionEndpoint}catch{if((o=t.account)!=null&&o.homeAccountId){this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,this.correlationId,R.Redirect,t);return}}t.state=$a(this.browserCrypto,t.state||"",{interactionType:R.Redirect},t.correlationId);const c=a.getLogoutUri(t);(i=t.account)!=null&&i.homeAccountId&&this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,this.correlationId,R.Redirect,t);const l=this.config.auth.onRedirectNavigate;if(typeof l=="function")if(l(c)!==!1){this.logger.verbose("06v57e",this.correlationId),this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),await this.navigationClient.navigateExternal(c,s);return}else this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("0xqes1",this.correlationId);else{this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),await this.navigationClient.navigateExternal(c,s);return}}catch(s){throw s instanceof oe&&(s.correlationId=this.correlationId,n.cacheFailedRequest(s)),this.eventHandler.emitEvent(P.LOGOUT_FAILURE,this.correlationId,R.Redirect,null,s),this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Redirect),s}this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Redirect)}getRedirectStartPage(e){const t=e||window.location.href,n=B.getAbsoluteUrl(t,_t(),this.correlationId);return Ny(n,this.logger,this.correlationId),n}}/*! @azure/msal-browser v5.15.0 2026-06-23 */async function HC(r,e,t,n){if(!e)throw t.info("1l7hyp",n),A(oc,n);return r.src=e,r}async function KC(r,e,t,n,o,i){if(!r.contentDocument)throw"No document associated with iframe!";return(await bc(r.contentDocument,e,t,n,o,i)).submit(),r}async function FC(r,e,t,n,o,i){if(!r.contentDocument)throw"No document associated with iframe!";return(await vc(r.contentDocument,e,t,n,o,i)).submit(),r}function Tl(){const r=document.createElement("iframe");return r.className="msalSilentIframe",r.title="Microsoft Authentication",r.style.visibility="hidden",r.style.position="absolute",r.style.width=r.style.height="0",r.style.border="0",r.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),r.setAttribute("allow","local-network-access *"),document.body.appendChild(r),r}function kl(r){document.body===r.parentNode&&document.body.removeChild(r)}/*! @azure/msal-browser v5.15.0 2026-06-23 */class jC extends hr{constructor(e,t,n,o,i,s,a,c,l,h,d,p){super(e,t,n,o,i,s,c,h,d),this.apiId=a,this.nativeStorage=l,this.waitForIframeResponseHook=p}async acquireToken(e){!e.loginHint&&!e.sid&&(!e.account||!e.account.username)&&this.logger.warning("1kl318",this.correlationId);const t={...e};t.prompt?t.prompt!==be.NONE&&t.prompt!==be.NO_SESSION&&(this.logger.warning(`0bmctg ${t.prompt} ${be.NONE}`,this.correlationId),t.prompt=be.NONE):t.prompt=be.NONE;const n=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(t,R.Silent,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId);return n.platformBroker=$r(this.config,this.logger,this.correlationId,this.platformAuthProvider,n.authenticationScheme),Ju(n.authority),this.config.system.protocolMode===Me.EAR?this.executeEarFlow(n):this.executeCodeFlow(n)}async executeCodeFlow(e){let t;const n=Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{return t=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),await w(this.silentTokenHelper.bind(this),Qh,this.logger,this.performanceClient,e.correlationId)(t,e)}catch(o){if(o instanceof oe&&(o.correlationId=this.correlationId,n.cacheFailedRequest(o)),!t||!(o instanceof oe)||o.errorCode!==Ye.INVALID_GRANT_ERROR)throw o;return this.performanceClient.addFields({retryError:o.errorCode},this.correlationId),await w(this.silentTokenHelper.bind(this),Qh,this.logger,this.performanceClient,this.correlationId)(t,e)}}async executeEarFlow(e){const{correlationId:t,authority:n,azureCloudOptions:o,extraQueryParameters:i,account:s}=e,a=await w(At,yn,this.logger,this.performanceClient,t)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,n,o,i,s),c=await w(dc,rc,this.logger,this.performanceClient,t)(),l=await w(kn,Tn,this.logger,this.performanceClient,t)(this.performanceClient,this.logger,t),h={...e,earJwk:c,codeChallenge:l.challenge},d=Tl(),p=this.config.auth.OIDCOptions.responseMode;let u;try{const g=w(this.waitForIframeResponse.bind(this),ii,this.logger,this.performanceClient,t)(d,e);g.catch(()=>{}),await w(FC,ls,this.logger,this.performanceClient,t)(d,this.config,a,h,this.logger,this.performanceClient),u=await g}finally{ze(kl,qh,this.logger,this.performanceClient,t)(d)}const f=ze(Kr,Hr,this.logger,this.performanceClient,t)(u,p,this.logger,this.correlationId);if(!f.ear_jwe&&f.code){const g=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,t)({serverTelemetryManager:Re(this.apiId,this.config.auth.clientId,t,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account,authority:a});return w($n,Gn,this.logger,this.performanceClient,t)(h,f,l.verifier,this.apiId,this.config,g,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}else return w(Cc,nc,this.logger,this.performanceClient,t)(h,f,this.apiId,this.config,a,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async verifySso(e){const t={...e};t.prompt||(t.prompt=be.NONE);const n=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(t,R.Silent,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId),o=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),requestAuthority:n.authority,requestAzureCloudOptions:n.azureCloudOptions,requestExtraQueryParameters:n.extraQueryParameters,account:n.account}),{serverParams:i}=await this.silentAuthorizeHelper(o,n),s=n.correlationId;return Ya(i,n.state,s),i.code?(this.logger.verbose("0kkkcj",s),!0):(this.logger.warning("0y34ti",s),!1)}logout(){return Promise.reject(A(sc,""))}async silentTokenHelper(e,t){const{serverParams:n,pkceCodes:o}=await this.silentAuthorizeHelper(e,t);return w($n,Gn,this.logger,this.performanceClient,t.correlationId)(t,n,o.verifier,this.apiId,this.config,e,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async silentAuthorizeHelper(e,t){const n=t.correlationId,o=await w(kn,Tn,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),i={...t,codeChallenge:o.challenge},s=Tl(),a=this.config.auth.OIDCOptions.responseMode;let c;try{const h=w(this.waitForIframeResponse.bind(this),ii,this.logger,this.performanceClient,n)(s,t);if(h.catch(()=>{}),t.httpMethod===Wn.POST)await w(KC,ls,this.logger,this.performanceClient,n)(s,this.config,e.authority,i,this.logger,this.performanceClient);else{const d=await w(wc,Ga,this.logger,this.performanceClient,n)(this.config,e.authority,i,this.logger,this.performanceClient);await w(HC,ls,this.logger,this.performanceClient,n)(s,d,this.logger,n)}c=await h}finally{ze(kl,qh,this.logger,this.performanceClient,n)(s)}return{serverParams:ze(Kr,Hr,this.logger,this.performanceClient,n)(c,a,this.logger,this.correlationId),pkceCodes:o,silentRequest:i}}async waitForIframeResponse(e,t){return this.waitForIframeResponseHook?this.waitForIframeResponseHook(e,t):ai(this.config.system.iframeBridgeTimeout,this.logger,t,this.performanceClient,this.config.experimental)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class zC extends hr{async acquireToken(e){const t=await w(mc,tc,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger,this.correlationId),n={...e,...t};e.redirectUri&&(n.redirectUri=ci(e.redirectUri,this.config.auth.redirectUri,this.logger,this.correlationId));const o=Re(z.acquireTokenSilent_silentFlow,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),i=await this.createRefreshTokenClient({serverTelemetryManager:o,authorityUrl:n.authority,azureCloudOptions:n.azureCloudOptions,account:n.account});return w(i.acquireTokenByRefreshToken.bind(i),gv,this.logger,this.performanceClient,e.correlationId)(n,z.acquireTokenSilent_silentFlow).catch(s=>{throw s.correlationId=this.correlationId,o.cacheFailedRequest(s),s})}logout(){return Promise.reject(A(sc,""))}async createRefreshTokenClient(e){const t=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new Gw(t,this.performanceClient)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class WC extends Tu{constructor(e,t){super(e,t),this.includeRedirectUri=!1}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class JC extends hr{constructor(e,t,n,o,i,s,a,c,l,h){super(e,t,n,o,i,s,c,l,h),this.apiId=a}async acquireToken(e){if(!e.code)throw A(tb,this.correlationId);const t=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(e,R.Silent,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId),n=Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{const o={...t,code:e.code},i=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),s=new WC(i,this.performanceClient);this.logger.verbose("1uic5e",this.correlationId);const a=new Zu(s,this.browserStorage,o,this.logger,this.performanceClient);return await w(a.handleCodeResponseFromServer.bind(a),du,this.logger,this.performanceClient,this.correlationId)({code:e.code,msgraph_host:e.msGraphHost,cloud_graph_host_name:e.cloudGraphHostName,cloud_instance_host_name:e.cloudInstanceHostName},t,this.apiId,!1)}catch(o){throw o instanceof oe&&(o.correlationId=this.correlationId,n.cacheFailedRequest(o)),o}}logout(){return Promise.reject(A(sc,""))}}/*! @azure/msal-browser v5.15.0 2026-06-23 */function BC(r,e,t,n){var a;const o=((a=window.msal)==null?void 0:a.clientIds)||[],i=o.length,s=o.filter(c=>c===r).length;s>1&&t.warning("1e88vg",n),e.add({msalInstanceCount:i,sameClientIdInstanceCount:s})}/*! @azure/msal-browser v5.15.0 2026-06-23 */function Ro(r,e,t,n){try{pc(r),ku(t.auth.isMcp,n)}catch(o){throw e.end({success:!1},o,n.account),o}}class kc{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new Ot(this.logger,this.performanceClient):Qo,this.eventHandler=new lC(this.logger),this.browserStorage=this.isBrowserEnvironment?new ta(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Jw(this.config.auth)):oC(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler);const t={cacheLocation:yt.MemoryStorage,cacheRetentionDays:5};this.nativeInternalStorage=new ta(this.config.auth.clientId,t,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler),this.activeSilentTokenRequests=new Map,this.trackStateChange=this.trackStateChange.bind(this),this.trackStateChangeWithMeasurement=this.trackStateChangeWithMeasurement.bind(this)}static async createController(e,t){const n=new kc(e);return await n.initialize(t),n}trackStateChange(e,t){e&&(t.type==="visibilitychange"?(this.logger.info("16v6hv",e),this.performanceClient.incrementFields({visibilityChangeCount:1},e)):t.type==="online"?(this.logger.info("0zirfd",e),this.performanceClient.incrementFields({onlineStatusChangeCount:1},e)):t.type==="offline"&&(this.logger.info("1xk9ef",e),this.performanceClient.incrementFields({onlineStatusChangeCount:1},e)))}async initialize(e){const t=this.getRequestCorrelationId(e);if(this.logger.trace("1f7joy",t),this.initialized){this.logger.info("061m5x",t);return}if(!this.isBrowserEnvironment){this.logger.info("19fvpi",t),this.initialized=!0,this.eventHandler.emitEvent(P.INITIALIZE_END,t);return}const n=this.config.system.allowPlatformBroker,o=this.performanceClient.startMeasurement(Zb,t);if(this.eventHandler.emitEvent(P.INITIALIZE_START,t),this.logMultipleInstances(o,t),o.add({isMcp:this.config.auth.isMcp}),await w(this.browserStorage.initialize.bind(this.browserStorage),yv,this.logger,this.performanceClient,t)(t),n)try{this.platformAuthProvider=await MC(this.logger,this.performanceClient,t,this.config.system.nativeBrokerHandshakeTimeout,this.config.experimental.allowPlatformBrokerWithDOM)}catch(i){this.logger.verbose(i,t)}this.config.cache.cacheLocation===yt.LocalStorage&&this.eventHandler.subscribeCrossTab(),!this.config.system.navigatePopups&&await this.preGeneratePkceCodes(t),this.initialized=!0,this.eventHandler.emitEvent(P.INITIALIZE_END,t),o.end({allowPlatformBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("02l8bm",""),Wu(this.initialized),this.isBrowserEnvironment){const t=(e==null?void 0:e.hash)||"";let n=this.redirectResponse.get(t);return typeof n>"u"?(n=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,n),this.logger.verbose("1wn9kp","")):this.logger.verbose("0w0gm3",""),n}return this.logger.verbose("12xi63",""),null}async handleRedirectPromiseInternal(e){var l;if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("0le6uv",""),null;if(((l=this.browserStorage.getInteractionInProgress())==null?void 0:l.type)===Bt.SIGNOUT)return this.logger.verbose("1ywcv2",""),this.browserStorage.setInteractionInProgress(!1),Promise.resolve(null);const n=this.getAllAccounts(),o=this.browserStorage.getCachedNativeRequest(),i=o&&!(e!=null&&e.hash);let s,a,c;try{if(i&&this.platformAuthProvider){const h=(o==null?void 0:o.correlationId)||"";this.eventHandler.emitEvent(P.HANDLE_REDIRECT_START,h,R.Redirect),s=this.performanceClient.startMeasurement(fs,h),this.logger.trace("12v7is",h),s.add({isPlatformBrokerRequest:!0});const d=new Lo(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.handleRedirectPromise,this.performanceClient,this.platformAuthProvider,o.accountId,this.nativeInternalStorage,o.correlationId);a=w(d.handleRedirectPromise.bind(d),Iv,this.logger,this.performanceClient,s.event.correlationId)()}else{const[h,d]=this.browserStorage.getCachedRequest("");c=h;const p=h.correlationId;this.eventHandler.emitEvent(P.HANDLE_REDIRECT_START,p,R.Redirect),s=this.performanceClient.startMeasurement(fs,p),this.logger.trace("0znzs5",p);const u=this.createRedirectClient(p);a=w(u.handleRedirectPromise.bind(u),_v,this.logger,this.performanceClient,s.event.correlationId)(h,d,s,e)}}catch(h){throw this.browserStorage.resetRequestCache(""),h}return a.then(h=>(h?(this.browserStorage.resetRequestCache(h.correlationId),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,h.correlationId,R.Redirect,h),this.logger.verbose("0ui8f5",h.correlationId),n.length<this.getAllAccounts().length&&(this.eventHandler.emitEvent(P.LOGIN_SUCCESS,h.correlationId,R.Redirect,h.account),this.logger.verbose("16im3l",h.correlationId)),s.end({success:!0},void 0,h.account),this.verifySsoCapability(c,R.Redirect)):s.event.errorCode?s.end({success:!1},void 0):s.discard(),this.eventHandler.emitEvent(P.HANDLE_REDIRECT_END,s.event.correlationId,R.Redirect),h)).catch(h=>{this.browserStorage.resetRequestCache(s.event.correlationId);const d=h;throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,s.event.correlationId,R.Redirect,null,d),this.eventHandler.emitEvent(P.HANDLE_REDIRECT_END,s.event.correlationId,R.Redirect),s.end({success:!1},d),h})}async acquireTokenRedirect(e){const t=this.getRequestCorrelationId(e);this.logger.verbose("0os66p",t),dl(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNIN);const n=this.performanceClient.startMeasurement(Gb,t);n.add({scenarioId:e.scenarioId});const o=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=i=>{const s=typeof o=="function"?o(i):void 0;return n.add({navigateCallbackResult:s!==!1}),n.event=n.end({success:!0},void 0,e.account)||n.event,s};try{ku(this.config.auth.isMcp,e),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Redirect,e);let i;if(this.platformAuthProvider&&this.canUsePlatformBroker(e)){const s=new Lo(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.acquireTokenRedirect,this.performanceClient,this.platformAuthProvider,this.getNativeAccountId(e),this.nativeInternalStorage,t);i=w(s.acquireTokenRedirect.bind(s),fv,this.logger,this.performanceClient,t)(e,n).catch(a=>{if(n.add({brokerErrorName:a.name,brokerErrorCode:a.errorCode}),a instanceof qe&&Un(a))return this.platformAuthProvider=void 0,this.createRedirectClient(t).acquireToken(e);if(a instanceof st)return this.logger.verbose("1ipyz4",t),this.createRedirectClient(t).acquireToken(e);throw a})}else i=this.createRedirectClient(t).acquireToken(e);return await i}catch(i){throw this.browserStorage.resetRequestCache(t),n.event.status===2?this.performanceClient.startMeasurement(fs,t).end({success:!1},i,e.account):n.end({success:!1},i,e.account),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Redirect,null,i),i}}acquireTokenPopup(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(Bb,t);n.add({scenarioId:e.scenarioId});try{this.logger.verbose("0ch87b",t),Ro(this.initialized,n,this.config,e),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNIN,e.overrideInteractionInProgress,t)}catch(a){return Promise.reject(a)}const o=this.getAllAccounts();this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Popup,e);let i;const s=this.getPreGeneratedPkceCodes(t);return this.canUsePlatformBroker(e)?(n.add({isPlatformBrokerRequest:!0}),i=this.acquireTokenNative({...e,correlationId:t},z.acquireTokenPopup).then(a=>(n.end({success:!0,isNativeBroker:!0},void 0,a.account),a)).catch(a=>{if(n.add({brokerErrorName:a.name,brokerErrorCode:a.errorCode}),a instanceof qe&&Un(a))return this.platformAuthProvider=void 0,this.createPopupClient(t).acquireToken(e,s);if(a instanceof st)return this.logger.verbose("0yy5fw",t),this.createPopupClient(t).acquireToken(e,s);throw a})):i=this.createPopupClient(t).acquireToken(e,s),i.then(a=>{const c=o.length<this.getAllAccounts().length;return this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,t,R.Popup,a),c&&this.eventHandler.emitEvent(P.LOGIN_SUCCESS,t,R.Popup,a.account),n.end({success:!0,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length},void 0,a.account),this.verifySsoCapability(e,R.Popup),a}).catch(a=>(this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Popup,null,a),n.end({success:!1},a,e.account),Promise.reject(a))).finally(async()=>{this.browserStorage.setInteractionInProgress(!1),this.config.system.navigatePopups||await this.preGeneratePkceCodes(t)})}trackStateChangeWithMeasurement(e){const t=this.ssoSilentMeasurement||this.acquireTokenByCodeAsyncMeasurement;t&&(e.type==="visibilitychange"?(this.logger.info(`0yzimq ${t.event.name}`,t.event.correlationId),t.increment({visibilityChangeCount:1})):e.type==="online"?(this.logger.info(`1caf53 ${t.event.name}`,t.event.correlationId),t.increment({onlineStatusChangeCount:1})):e.type==="offline"&&(this.logger.info(`0fdyk7 ${t.event.name}`,t.event.correlationId),t.increment({onlineStatusChangeCount:1})))}addStateChangeListeners(e){document.addEventListener("visibilitychange",e),window.addEventListener("online",e),window.addEventListener("offline",e)}removeStateChangeListeners(e){document.removeEventListener("visibilitychange",e),window.removeEventListener("online",e),window.removeEventListener("offline",e)}getCachedSsoCapable(){try{const e=window.localStorage.getItem(yl);if(e){const t=JSON.parse(e);if(t&&typeof t.ssoCapable=="boolean"&&t.expiresOn&&Date.now()<t.expiresOn)return t.ssoCapable}}catch{}}verifySsoCapability(e,t){if(!this.config.auth.verifySSO)return;const n=yl,o=1440*60*1e3;if(this.getCachedSsoCapable()!==void 0){this.logger.verbose(`13poou ${t}`,"");return}const s=en(),a=this.performanceClient.startMeasurement(Xb,s);a.add({"ext.interactionType":t}),this.logger.verbose(`0pbr0i ${t}`,s),setTimeout(()=>{const c={...e,correlationId:s};this.createSilentIframeClient(s).verifySso(c).then(h=>{this.logger.verbose(`1gd1iv ${t} ${h}`,s);try{const d=JSON.stringify({ssoCapable:h,expiresOn:Date.now()+o});window.localStorage.setItem(n,d)}catch{this.logger.warning(`18lmoj ${t}`,s)}a.end({fromCache:!1,success:h},void 0)}).catch(h=>{this.logger.warning(`05g83w ${t} ${h.message}`,s);try{window.localStorage.removeItem(n)}catch{this.logger.warning(`0nlf9q ${t}`,s)}a.end({fromCache:!1,success:!1},h)})},0)}async ssoSilent(e){var s,a,c;const t=this.getRequestCorrelationId(e),n={...e,correlationId:t};this.ssoSilentMeasurement=this.performanceClient.startMeasurement(Vb,t),(s=this.ssoSilentMeasurement)==null||s.add({scenarioId:e.scenarioId,ssoCapable:this.getCachedSsoCapable()}),Ro(this.initialized,this.ssoSilentMeasurement,this.config,n),(a=this.ssoSilentMeasurement)==null||a.increment({visibilityChangeCount:0,onlineStatusChangeCount:0}),this.addStateChangeListeners(this.trackStateChangeWithMeasurement);const o=this.getAllAccounts();this.logger.verbose("0w1b45",t),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Silent,n);let i;return this.canUsePlatformBroker(n)?((c=this.ssoSilentMeasurement)==null||c.add({isPlatformBrokerRequest:!0}),i=this.acquireTokenNative(n,z.ssoSilent).catch(l=>{var h;if((h=this.ssoSilentMeasurement)==null||h.add({brokerErrorName:l.name,brokerErrorCode:l.errorCode}),l instanceof qe&&Un(l))return this.platformAuthProvider=void 0,this.createSilentIframeClient(n.correlationId).acquireToken(n);throw l})):i=this.createSilentIframeClient(n.correlationId).acquireToken(n),i.then(l=>{var d;const h=o.length<this.getAllAccounts().length;return this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,t,R.Silent,l),h&&this.eventHandler.emitEvent(P.LOGIN_SUCCESS,t,R.Silent,l.account),(d=this.ssoSilentMeasurement)==null||d.end({success:!0,isNativeBroker:l.fromPlatformBroker,accessTokenSize:l.accessToken.length,idTokenSize:l.idToken.length},void 0,l.account),l}).catch(l=>{var h;throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Silent,null,l),(h=this.ssoSilentMeasurement)==null||h.end({success:!1},l,e.account),l}).finally(()=>{this.removeStateChangeListeners(this.trackStateChangeWithMeasurement)})}async acquireTokenByCode(e){const t=this.getRequestCorrelationId(e);this.logger.trace("0ch6ga",t);const n=this.performanceClient.startMeasurement(Jb,t);Ro(this.initialized,n,this.config,e),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Silent,e),n.add({scenarioId:e.scenarioId});try{if(e.code&&e.nativeAccountId)throw A(rb,t);if(e.code){const o=e.code;let i=this.hybridAuthCodeResponses.get(o);return i?(this.logger.verbose("0qgp28",t),n.discard()):(this.logger.verbose("06eh73",t),i=this.acquireTokenByCodeAsync({...e,correlationId:t}).then(s=>(this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,t,R.Silent,s),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length},void 0,s.account),s)).catch(s=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Silent,null,s),n.end({success:!1},s),s}),this.hybridAuthCodeResponses.set(o,i)),await i}else if(e.nativeAccountId)if(this.canUsePlatformBroker(e,e.nativeAccountId)){n.add({isPlatformBrokerRequest:!0});const o=await this.acquireTokenNative({...e,correlationId:t},z.acquireTokenByCode,e.nativeAccountId).catch(i=>{throw n.add({brokerErrorName:i.name,brokerErrorCode:i.errorCode}),i instanceof qe&&Un(i)&&(this.platformAuthProvider=void 0),i});return n.end({success:!0},void 0,o.account),o}else throw A(ob,t);else throw A(nb,t)}catch(o){throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Silent,null,o),n.end({success:!1},o),o}}async acquireTokenByCodeAsync(e){var i;const t=this.getRequestCorrelationId(e);return this.logger.trace("10d9hy",t),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(kv,t),(i=this.acquireTokenByCodeAsyncMeasurement)==null||i.increment({visibilityChangeCount:0,onlineStatusChangeCount:0}),this.addStateChangeListeners(this.trackStateChangeWithMeasurement),await this.createSilentAuthCodeClient(t).acquireToken(e).then(s=>{var a;return(a=this.acquireTokenByCodeAsyncMeasurement)==null||a.end({success:!0,fromCache:s.fromCache}),s}).catch(s=>{var a;throw(a=this.acquireTokenByCodeAsyncMeasurement)==null||a.end({success:!1},s),s}).finally(()=>{this.removeStateChangeListeners(this.trackStateChangeWithMeasurement)})}async acquireTokenFromCache(e,t){switch(t){case Se.Default:case Se.AccessToken:case Se.AccessTokenAndRefreshToken:const n=this.createSilentCacheClient(e.correlationId);return w(n.acquireToken.bind(n),lv,this.logger,this.performanceClient,e.correlationId)(e);default:throw T(Zt,e.correlationId)}}async acquireTokenByRefreshToken(e,t){switch(t){case Se.Default:case Se.AccessTokenAndRefreshToken:case Se.RefreshToken:case Se.RefreshTokenAndNetwork:const n=this.createSilentRefreshClient(e.correlationId);return w(n.acquireToken.bind(n),pv,this.logger,this.performanceClient,e.correlationId)(e);default:throw T(Zt,e.correlationId)}}async acquireTokenBySilentIframe(e){const t=this.createSilentIframeClient(e.correlationId);return w(t.acquireToken.bind(t),dv,this.logger,this.performanceClient,e.correlationId)(e)}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);return dl(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);return pc(this.initialized),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),this.createPopupClient(t).logout(e).finally(()=>{this.browserStorage.setInteractionInProgress(!1)})}catch(t){return Promise.reject(t)}}async clearCache(e){if(!this.isBrowserEnvironment)return;const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){return iC(this.logger,this.browserStorage,this.isBrowserEnvironment,this.getRequestCorrelationId(),e)}getAccount(e){return sC(e,this.logger,this.browserStorage,this.getRequestCorrelationId())}setActiveAccount(e){aC(e,this.browserStorage,this.getRequestCorrelationId())}getActiveAccount(){return cC(this.browserStorage,this.getRequestCorrelationId())}async hydrateCache(e,t){this.logger.verbose("16jycr",e.correlationId);const n=Gy(e.account,e.cloudGraphHostName,e.msGraphHost);if(await this.browserStorage.setAccount(n,e.correlationId,mt(e.idTokenClaims),z.hydrateCache),e.fromPlatformBroker){this.logger.verbose("1i5atf",e.correlationId);const o=bi(e.account.homeAccountId,e.account.environment,e.idToken,this.config.auth.clientId,e.tenantId),i=Ci(e.account.homeAccountId,e.account.environment,e.accessToken,this.config.auth.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?ni(e.expiresOn):0,e.extExpiresOn?ni(e.extExpiresOn):0,ve,t.correlationId||"",void 0,e.tokenType,void 0,t.sshKid);t.resource&&(i.resource=t.resource);const s=mt(e.idTokenClaims);await this.browserStorage.setIdTokenCredential(o,e.correlationId,s),await this.nativeInternalStorage.setAccessTokenCredential(i,e.correlationId,s)}else return this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,n,o){const i=this.getRequestCorrelationId(e);if(this.logger.trace("0b9y3p",i),!this.platformAuthProvider)throw A(Nu,i);const s=new Lo(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.platformAuthProvider,n||this.getNativeAccountId(e),this.nativeInternalStorage,i);return w(s.acquireToken.bind(s),ec,this.logger,this.performanceClient,i)(e,o)}canUsePlatformBroker(e,t){const n=this.getRequestCorrelationId(e);if(this.logger.trace("1n9lbl",n),!this.platformAuthProvider)return this.logger.trace("0vnu11",n),!1;if(!$r(this.config,this.logger,n,this.platformAuthProvider,e.authenticationScheme))return this.logger.trace("0yoy1g",n),!1;if(e.prompt)switch(e.prompt){case be.NONE:case be.CONSENT:case be.LOGIN:this.logger.trace("0vdv8e",n);break;default:return this.logger.trace(`0pdzw6 ${e.prompt}`,n),!1}return!t&&!this.getNativeAccountId(e)?(this.logger.trace("16lbtk",n),!1):!0}getNativeAccountId(e){const t=e.account||this.getAccount({loginHint:e.loginHint,sid:e.sid})||(!e.loginHint&&!e.sid?this.getActiveAccount():null);return t&&t.nativeAccountId||""}createPopupClient(e){var t;return new UC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,e,this.platformAuthProvider,(t=this.operatingContext.getResponseHandlers())==null?void 0:t.waitForPopupResponse)}createRedirectClient(e){return new LC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,e,this.platformAuthProvider)}createSilentIframeClient(e){var t;return new jC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.ssoSilent,this.performanceClient,this.nativeInternalStorage,e,this.platformAuthProvider,(t=this.operatingContext.getResponseHandlers())==null?void 0:t.waitForIframeResponse)}createSilentCacheClient(e){return new $u(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,e,this.platformAuthProvider)}createSilentRefreshClient(e){return new zC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,e,this.platformAuthProvider)}createSilentAuthCodeClient(e){return new JC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.acquireTokenByCode,this.performanceClient,e,this.platformAuthProvider)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return zu(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e!=null&&e.correlationId?e.correlationId:this.isBrowserEnvironment?en():""}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("0lz9hf",t),this.acquireTokenRedirect({correlationId:t,...e||sl})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("0qw7v5",t),this.acquireTokenPopup({correlationId:t,...e||sl})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(Wb,t);n.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId,ssoCapable:this.getCachedSsoCapable()}),Ro(this.initialized,n,this.config,e),this.logger.verbose("0x1c4s",t);const o=e.account||this.getActiveAccount();if(!o)throw A(Xv,t);return this.acquireTokenSilentDeduped(e,o,t).then(i=>(n.end({success:!0,fromCache:i.fromCache,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length},void 0,i.account),{...i,state:e.state,correlationId:t})).catch(i=>{throw i instanceof oe&&(i.correlationId=t),n.end({success:!1},i,o),i})}async acquireTokenSilentDeduped(e,t,n){const o=ki(this.config.auth.clientId,{...e,authority:e.authority||this.config.auth.authority},t.homeAccountId),i=JSON.stringify(o),s=this.activeSilentTokenRequests.get(i);if(typeof s>"u"){this.logger.verbose("0fcjbk",n),this.performanceClient.addFields({deduped:!1},n);const a=w(this.acquireTokenSilentAsync.bind(this),av,this.logger,this.performanceClient,n)({...e,correlationId:n},t);return this.activeSilentTokenRequests.set(i,a),a.finally(()=>{this.activeSilentTokenRequests.delete(i)})}else return this.logger.verbose("1yq7nb",n),this.performanceClient.addFields({deduped:!0},n),s}async acquireTokenSilentAsync(e,t){const n=a=>this.trackStateChange(e.correlationId,a);this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,e.correlationId,R.Silent,e),e.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0,onlineStatusChangeCount:0},e.correlationId),this.addStateChangeListeners(n);const o=await w(dC,mv,this.logger,this.performanceClient,e.correlationId)(e,t,this.config,this.performanceClient,this.logger),i=e.cacheLookupPolicy||Se.Default;return this.acquireTokenSilentNoIframe(o,i).catch(async a=>{if(GC(a,i)){const l=`${a.errorCode}${a.subError?`|${a.subError}`:""}`;if(this.performanceClient.addFields({silentRefreshReason:l},e.correlationId),this.activeIframeRequest)if(i!==Se.Skip){const[h,d]=this.activeIframeRequest;this.logger.verbose(`1w8fso ${d}`,o.correlationId);const p=this.performanceClient.startMeasurement(uv,o.correlationId);p.add({awaitIframeCorrelationId:d});const u=await h;if(p.end({success:u}),u)return this.logger.verbose(`0ywzzi ${d}`,o.correlationId),this.acquireTokenSilentNoIframe(o,i);throw this.logger.info(`17y14q ${d}`,o.correlationId),a}else return this.logger.warning("1bd4p8",o.correlationId),w(this.acquireTokenBySilentIframe.bind(this),Yh,this.logger,this.performanceClient,o.correlationId)(o);else{let h;return this.activeIframeRequest=[new Promise(d=>{h=d}),o.correlationId],this.logger.verbose("0rh08z",o.correlationId),w(this.acquireTokenBySilentIframe.bind(this),Yh,this.logger,this.performanceClient,o.correlationId)(o).then(d=>(h(!0),d)).catch(d=>{throw h(!1),d}).finally(()=>{this.activeIframeRequest=void 0})}}else throw a}).then(a=>(this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,e.correlationId,R.Silent,a),e.correlationId&&this.performanceClient.addFields({fromCache:a.fromCache,isNativeBroker:a.fromPlatformBroker},e.correlationId),a)).catch(a=>{throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,e.correlationId,R.Silent,null,a),a}).finally(()=>{this.removeStateChangeListeners(n)})}async acquireTokenSilentNoIframe(e,t){return $r(this.config,this.logger,e.correlationId,this.platformAuthProvider,e.authenticationScheme)&&e.account.nativeAccountId?(this.logger.verbose("0sczo4",e.correlationId),this.performanceClient.addFields({isPlatformBrokerRequest:!0},e.correlationId),this.acquireTokenNative(e,z.acquireTokenSilent_silentFlow,e.account.nativeAccountId,t).catch(async n=>{throw this.performanceClient.addFields({brokerErrorName:n.name,brokerErrorCode:n.errorCode},e.correlationId),n instanceof qe&&Un(n)?(this.logger.verbose("07rkmb",e.correlationId),this.platformAuthProvider=void 0,T(Zt,e.correlationId)):n})):(this.logger.verbose("0ox81t",e.correlationId),t===Se.AccessToken&&this.logger.verbose("0fvwxe",e.correlationId),w(this.acquireTokenFromCache.bind(this),iv,this.logger,this.performanceClient,e.correlationId)(e,t).catch(n=>{if(t===Se.AccessToken)throw n;return this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_NETWORK_START,e.correlationId,R.Silent,e),w(this.acquireTokenByRefreshToken.bind(this),sv,this.logger,this.performanceClient,e.correlationId)(e,t)}))}async preGeneratePkceCodes(e){return this.logger.verbose("1x6uj6",e),this.pkceCode=await w(kn,Tn,this.logger,this.performanceClient,e)(this.performanceClient,this.logger,e),Promise.resolve()}getPreGeneratedPkceCodes(e){const t=this.pkceCode?{...this.pkceCode}:void 0;return this.pkceCode=void 0,t?this.logger.verbose("12js1o",e):this.logger.verbose("1oe9ci",e),this.performanceClient.addFields({usePreGeneratedPkce:!!t},e),t}logMultipleInstances(e,t){const n=this.config.auth.clientId;if(!window)return;window.msal=window.msal||{},window.msal.clientIds=window.msal.clientIds||[],window.msal.clientIds.length>0&&this.logger.verbose("1qtz3l",t),window.msal.clientIds.push(n),BC(n,e,this.logger,t)}}function GC(r,e){const t=!(r instanceof st&&r.subError!==Za),n=r.errorCode===Ye.INVALID_GRANT_ERROR||r.errorCode===Zt,o=t&&n||r.errorCode===Zs||r.errorCode===uu,i=yb.includes(e);return o&&i}/*! @azure/msal-browser v5.15.0 2026-06-23 */class _c{static loggerCallback(e,t){switch(e){case ie.Error:console.error(t);return;case ie.Info:console.info(t);return;case ie.Verbose:console.debug(t);return;case ie.Warning:console.warn(t);return;default:console.log(t);return}}constructor(e,t){var l;this.browserEnvironment=typeof window<"u",this.config=xC(e,this.browserEnvironment),this.responseHandlers=t;let n;try{n=window[yt.SessionStorage]}catch{}const o=n==null?void 0:n.getItem(Yb),i=(l=n==null?void 0:n.getItem(Qb))==null?void 0:l.toLowerCase(),s=i==="true"?!0:i==="false"?!1:void 0,a={...this.config.system.loggerOptions},c=o&&Object.keys(ie).includes(o)?ie[o]:void 0;c&&(a.loggerCallback=_c.loggerCallback,a.logLevel=c),s!==void 0&&(a.piiLoggingEnabled=s),this.logger=new ot(a,Pi,Nt),this.available=!1}getConfig(){return this.config}getResponseHandlers(){return this.responseHandlers}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}/*! @azure/msal-browser v5.15.0 2026-06-23 */class tr extends _c{getModuleName(){return tr.MODULE_NAME}getId(){return tr.ID}async initialize(e){return this.available=typeof window<"u",this.available}}tr.MODULE_NAME="";tr.ID="StandardOperatingContext";/*! @azure/msal-browser v5.15.0 2026-06-23 */class rT{constructor(e,t){this.controller=t||new kc(new tr(e,{waitForPopupResponse:this.waitForPopupResponse.bind(this),waitForIframeResponse:this.waitForIframeResponse.bind(this)}))}async waitForPopupResponse(e,t,n){const o=this.controller;return ai(o.getConfiguration().system.popupBridgeTimeout,o.getLogger(),e,o.getPerformanceClient())}async waitForIframeResponse(e,t){const n=this.controller,o=n.getConfiguration();return ai(o.system.iframeBridgeTimeout,n.getLogger(),t,n.getPerformanceClient(),o.experimental)}async initialize(e){return this.controller.initialize(e)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}getAccount(e){return this.controller.getAccount(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}/*! @azure/msal-browser v5.15.0 2026-06-23 */const VC={initialize:()=>Promise.reject(he(Ie,"")),acquireTokenPopup:()=>Promise.reject(he(Ie,"")),acquireTokenRedirect:()=>Promise.reject(he(Ie,"")),acquireTokenSilent:()=>Promise.reject(he(Ie,"")),acquireTokenByCode:()=>Promise.reject(he(Ie,"")),getAllAccounts:()=>[],getAccount:()=>null,handleRedirectPromise:()=>Promise.reject(he(Ie,"")),loginPopup:()=>Promise.reject(he(Ie,"")),loginRedirect:()=>Promise.reject(he(Ie,"")),logoutRedirect:()=>Promise.reject(he(Ie,"")),logoutPopup:()=>Promise.reject(he(Ie,"")),ssoSilent:()=>Promise.reject(he(Ie,"")),addEventCallback:()=>null,removeEventCallback:()=>{},addPerformanceCallback:()=>"",removePerformanceCallback:()=>!1,getLogger:()=>{throw he(Ie,"")},setLogger:()=>{},setActiveAccount:()=>{},getActiveAccount:()=>null,initializeWrapperLibrary:()=>{},setNavigationClient:()=>{},getConfiguration:()=>{throw he(Ie,"")},hydrateCache:()=>Promise.reject(he(Ie,"")),clearCache:()=>Promise.reject(he(Ie,""))};/*! @azure/msal-browser v5.15.0 2026-06-23 */class ZC{static getInteractionStatusFromEvent(e,t){switch(e.eventType){case P.ACQUIRE_TOKEN_START:if(e.interactionType===R.Redirect||e.interactionType===R.Popup)return Ee.AcquireToken;break;case P.HANDLE_REDIRECT_START:return Ee.HandleRedirect;case P.LOGOUT_START:return Ee.Logout;case P.LOGOUT_END:if(t&&t!==Ee.Logout)break;return Ee.None;case P.HANDLE_REDIRECT_END:if(t&&t!==Ee.HandleRedirect)break;return Ee.None;case P.ACQUIRE_TOKEN_SUCCESS:case P.ACQUIRE_TOKEN_FAILURE:case P.RESTORE_FROM_BFCACHE:if(e.interactionType===R.Redirect||e.interactionType===R.Popup){if(t&&t!==Ee.AcquireToken)break;return Ee.None}break}return null}}/*! @azure/msal-react v5.5.0 2026-06-23 */const $C={instance:VC,inProgress:Ee.None,accounts:[],logger:new ot({})},Ic=L.createContext($C);Ic.Consumer;/*! @azure/msal-react v5.5.0 2026-06-23 */function _l(r,e){if(r.length!==e.length)return!1;const t=[...e];return r.every(n=>{const o=t.shift();return!n||!o?!1:n.homeAccountId===o.homeAccountId&&n.localAccountId===o.localAccountId&&n.username===o.username})}/*! @azure/msal-react v5.5.0 2026-06-23 */const XC="@azure/msal-react",Il="5.5.0";/*! @azure/msal-react v5.5.0 2026-06-23 */const ui={UNBLOCK_INPROGRESS:"UNBLOCK_INPROGRESS",EVENT:"EVENT"},YC=(r,e)=>{const{type:t,payload:n}=e;let o=r.inProgress;switch(t){case ui.UNBLOCK_INPROGRESS:r.inProgress===Ee.Startup&&(o=Ee.None,n.logger.info("MsalProvider - handleRedirectPromise resolved, setting inProgress to 'none'",""));break;case ui.EVENT:const s=n.message,a=ZC.getInteractionStatusFromEvent(s,r.inProgress);a&&(n.logger.info(`MsalProvider - '${s.eventType}' results in setting inProgress from '${r.inProgress}' to '${a}'`,""),o=a);break;default:throw new Error(`Unknown action type: ${t}`)}if(o===Ee.Startup)return r;const i=n.instance.getAllAccounts();return o!==r.inProgress&&!_l(i,r.accounts)?{...r,inProgress:o,accounts:i}:o!==r.inProgress?{...r,inProgress:o}:_l(i,r.accounts)?r:{...r,accounts:i}};function oT({instance:r,children:e}){L.useEffect(()=>{r.initializeWrapperLibrary(fb.React,Il)},[r]);const t=L.useMemo(()=>r.getLogger().clone(XC,Il),[r]),[n,o]=L.useReducer(YC,void 0,()=>({inProgress:Ee.Startup,accounts:[]}));L.useEffect(()=>{const s=r.addEventCallback(a=>{o({payload:{instance:r,logger:t,message:a},type:ui.EVENT})});return t.verbose(`MsalProvider - Registered event callback with id: '${s}'`,""),r.initialize().then(()=>{r.handleRedirectPromise().catch(()=>{}).finally(()=>{o({payload:{instance:r,logger:t},type:ui.UNBLOCK_INPROGRESS})})}).catch(()=>{}),()=>{s&&(t.verbose(`MsalProvider - Removing event callback '${s}'`,""),r.removeEventCallback(s))}},[r,t]);const i={instance:r,inProgress:n.inProgress,accounts:n.accounts,logger:t};return Sl.createElement(Ic.Provider,{value:i},e)}/*! @azure/msal-react v5.5.0 2026-06-23 */const QC=()=>L.useContext(Ic);/*! @azure/msal-react v5.5.0 2026-06-23 */function qC(r,e){return r.length>0}function iT(r){const{accounts:e,inProgress:t}=QC();return L.useMemo(()=>t===Ee.Startup?!1:qC(e),[e,t,r])}export{tT as A,oT as M,rT as P,nT as a,iT as b,QC as u};
5
+ `)})(),this.lockManager=(Ui||(Ui=up()),Ui),e.cache&&e.cacheLocation&&console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."),e.cache)n=e.cache;else{if(t=e.cacheLocation||Dc,!Gc(t))throw new Error('Invalid cache location "'.concat(t,'"'));n=Gc(t)()}var o;this.httpTimeoutMs=e.httpTimeoutInSeconds?1e3*e.httpTimeoutInSeconds:ms,this.cookieStorage=e.legacySameSiteCookie===!1?Mn:Np,this.orgHintCookieName=(o=this.options.clientId,"auth0.".concat(o,".organization_hint")),this.isAuthenticatedCookieName=(l=>"auth0.".concat(l,".is.authenticated"))(this.options.clientId),this.sessionCheckExpiryDays=e.sessionCheckExpiryDays||1;const i=e.useCookiesForTransactions?this.cookieStorage:xp;var s;this.scope=(function(l,h){for(var d=arguments.length,p=new Array(d>2?d-2:0),u=2;u<d;u++)p[u-2]=arguments[u];if(typeof l!="object")return{[ye]:Po(h,l,...p)};let f={[ye]:Po(h,...p)};return Object.keys(l).forEach(g=>{const y=l[g];f[g]=Po(h,y,...p)}),f})(this.options.authorizationParams.scope,"openid",this.options.useRefreshTokens?"offline_access":""),this.transactionManager=new Sp(i,this.options.clientId,this.options.cookieDomain),this.nowProvider=this.options.nowProvider||Pl,this.cacheManager=new Ip(n,n.allKeys?void 0:new Dp(n,this.options.clientId),this.nowProvider),this.dpop=this.options.useDpop?new Kp(this.options.clientId):void 0,this.domainUrl=(s=this.options.domain,/^https?:\/\//.test(s)?s:"https://".concat(s)),this.tokenIssuer=((l,h)=>l?l.startsWith("https://")?l:"https://".concat(l,"/"):"".concat(h,"/"))(this.options.issuer,this.domainUrl);const a="".concat(this.domainUrl,"/me/"),c=this.createFetcher(Object.assign(Object.assign({},this.options.useDpop&&{dpopNonceId:"__auth0_my_account_api__"}),{getAccessToken:l=>{var h;return this.getTokenSilently({authorizationParams:{scope:(h=l==null?void 0:l.scope)===null||h===void 0?void 0:h.join(" "),audience:a},detailedResponse:!0})}}));this.myAccount=new jp(c,a),this.authJsClient=new ag({domain:this.options.domain,clientId:this.options.clientId}),this.mfa=new ug(this.authJsClient.mfa,this),this.passkey=new pg(this.authJsClient.passkey,this),typeof window<"u"&&window.Worker&&this.options.useRefreshTokens&&t===Dc&&(this.options.workerUrl?this.worker=new Worker(this.options.workerUrl):this.worker=new Up,this.worker.postMessage({type:"init",allowedBaseUrl:this.domainUrl}))}getConfiguration(){return Object.freeze({domain:this.options.domain,clientId:this.options.clientId})}_url(e){const t=this.options.auth0Client||ys,n=ws(t,!0),o=encodeURIComponent(btoa(JSON.stringify(n)));return"".concat(this.domainUrl).concat(e,"&auth0Client=").concat(o)}_authorizeUrl(e){return this._url("/authorize?".concat(Er(e)))}async _verifyIdToken(e,t,n){const o=await this.nowProvider();return Ap({iss:this.tokenIssuer,aud:this.options.clientId,id_token:e,nonce:t,organization:n,leeway:this.options.leeway,max_age:(i=this.options.authorizationParams.max_age,typeof i!="string"?i:parseInt(i,10)||void 0),now:o});var i}_processOrgHint(e){e?this.cookieStorage.save(this.orgHintCookieName,e,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}):this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain})}_extractSessionTransferToken(e){return new URLSearchParams(window.location.search).get(e)||void 0}_clearSessionTransferTokenFromUrl(e){try{const t=new URL(window.location.href);t.searchParams.has(e)&&(t.searchParams.delete(e),window.history.replaceState({},"",t.toString()))}catch{}}_applySessionTransferToken(e){const t=this.options.sessionTransferTokenQueryParamName;if(!t||e.session_transfer_token)return e;const n=this._extractSessionTransferToken(t);return n?(this._clearSessionTransferTokenFromUrl(t),Object.assign(Object.assign({},e),{session_transfer_token:n})):e}async _prepareAuthorizeUrl(e,t,n){var o;const i=Oi(dr()),s=Oi(dr()),a=dr(),c=await Lc(a),l=Kc(c),h=await((o=this.dpop)===null||o===void 0?void 0:o.calculateThumbprint()),d=((u,f,g,y,m,b,C,k,_)=>Object.assign(Object.assign(Object.assign({client_id:u.clientId},u.authorizationParams),g),{scope:pr(f,g.scope,g.audience),response_type:"code",response_mode:k||"query",state:y,nonce:m,redirect_uri:C||u.authorizationParams.redirect_uri,code_challenge:b,code_challenge_method:"S256",dpop_jkt:_}))(this.options,this.scope,e,i,s,l,e.redirect_uri||this.options.authorizationParams.redirect_uri||n,t==null?void 0:t.response_mode,h),p=this._authorizeUrl(d);return{nonce:s,code_verifier:a,scope:d.scope,audience:d.audience||ye,redirect_uri:d.redirect_uri,state:i,url:p}}async loginWithPopup(e,t){var n;if(e=e||{},!(t=t||{}).popup&&(t.popup=(c=>{const l=window.screenX+(window.innerWidth-400)/2,h=window.screenY+(window.innerHeight-600)/2;return window.open(c,"auth0:authorize:popup","left=".concat(l,",top=").concat(h,",width=").concat(400,",height=").concat(600,",resizable,scrollbars=yes,status=1"))})(""),!t.popup))throw new sa;const o=this._applySessionTransferToken(e.authorizationParams||{}),i=await this._prepareAuthorizeUrl(o,{response_mode:"web_message"},window.location.origin);t.popup.location.href=i.url;const s=await((c,l)=>new Promise((h,d)=>{let p;const u=setInterval(()=>{c.popup&&c.popup.closed&&(clearInterval(u),clearTimeout(f),window.removeEventListener("message",p,!1),d(new ia(c.popup)))},1e3),f=setTimeout(()=>{clearInterval(u),d(new oa(c.popup)),window.removeEventListener("message",p,!1)},1e3*(c.timeoutInSeconds||60));p=function(g){if(g.origin===l&&g.data&&g.data.type==="authorization_response"){if(clearTimeout(f),clearInterval(u),window.removeEventListener("message",p,!1),c.closePopup!==!1&&c.popup.close(),g.data.response.error)return d(ne.fromPayload(g.data.response));h(g.data.response)}},window.addEventListener("message",p)}))(Object.assign(Object.assign({},t),{timeoutInSeconds:t.timeoutInSeconds||this.options.authorizeTimeoutInSeconds||60}),new URL(i.url).origin);if(i.state!==s.state)throw new ne("state_mismatch","Invalid state");const a=((n=e.authorizationParams)===null||n===void 0?void 0:n.organization)||this.options.authorizationParams.organization;await this._requestToken({audience:i.audience,scope:i.scope,code_verifier:i.code_verifier,grant_type:"authorization_code",code:s.code,redirect_uri:i.redirect_uri},{nonceIn:i.nonce,organization:a})}async getUser(){var e;const t=await this._getIdTokenFromCache();return(e=t==null?void 0:t.decodedToken)===null||e===void 0?void 0:e.user}async getIdTokenClaims(){var e;const t=await this._getIdTokenFromCache();return(e=t==null?void 0:t.decodedToken)===null||e===void 0?void 0:e.claims}async loginWithRedirect(){var e;const t=Vc(arguments.length>0&&arguments[0]!==void 0?arguments[0]:{}),n=t.openUrl,o=t.fragment,i=t.appState,s=Ne(t,["openUrl","fragment","appState"]),a=((e=s.authorizationParams)===null||e===void 0?void 0:e.organization)||this.options.authorizationParams.organization,c=this._applySessionTransferToken(s.authorizationParams||{}),l=await this._prepareAuthorizeUrl(c),h=l.url,d=Ne(l,["url"]);this.transactionManager.create(Object.assign(Object.assign(Object.assign({},d),{appState:i,response_type:Jt.Code}),a&&{organization:a}));const p=o?"".concat(h,"#").concat(o):h;n?await n(p):window.location.assign(p)}async handleRedirectCallback(){const e=(arguments.length>0&&arguments[0]!==void 0?arguments[0]:window.location.href).split("?").slice(1);if(e.length===0)throw new Error("There are no query params available for parsing.");const t=this.transactionManager.get();if(!t)throw new ne("missing_transaction","Invalid state");this.transactionManager.remove();const n=(o=>{o.indexOf("#")>-1&&(o=o.substring(0,o.indexOf("#")));const i=new URLSearchParams(o);return{state:i.get("state"),code:i.get("code")||void 0,connect_code:i.get("connect_code")||void 0,error:i.get("error")||void 0,error_description:i.get("error_description")||void 0}})(e.join(""));return t.response_type===Jt.ConnectCode?this._handleConnectAccountRedirectCallback(n,t):this._handleLoginRedirectCallback(n,t)}async _handleLoginRedirectCallback(e,t){const n=e.code,o=e.state,i=e.error,s=e.error_description;if(i)throw new na(i,s||i,o,t.appState);if(!t.code_verifier||t.state&&t.state!==o)throw new ne("state_mismatch","Invalid state");const a=t.organization,c=t.nonce,l=t.redirect_uri;return await this._requestToken(Object.assign({audience:t.audience,scope:t.scope,code_verifier:t.code_verifier,grant_type:"authorization_code",code:n},l?{redirect_uri:l}:{}),{nonceIn:c,organization:a}),{appState:t.appState,response_type:Jt.Code}}async _handleConnectAccountRedirectCallback(e,t){const n=e.connect_code,o=e.state,i=e.error,s=e.error_description;if(i)throw new ra(i,s||i,t.connection,o,t.appState);if(!n)throw new ne("missing_connect_code","Missing connect code");if(!(t.code_verifier&&t.state&&t.auth_session&&t.redirect_uri&&t.state===o))throw new ne("state_mismatch","Invalid state");const a=await this.myAccount.completeAccount({auth_session:t.auth_session,connect_code:n,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier});return Object.assign(Object.assign({},a),{appState:t.appState,response_type:Jt.ConnectCode})}async checkSession(e){if(!this.cookieStorage.get(this.isAuthenticatedCookieName)){if(!this.cookieStorage.get(Bc))return;this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(Bc)}try{await this.getTokenSilently(e)}catch{}}async getTokenSilently(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};var t,n;const o=Object.assign(Object.assign({cacheMode:"on"},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:pr(this.scope,(t=e.authorizationParams)===null||t===void 0?void 0:t.scope,((n=e.authorizationParams)===null||n===void 0?void 0:n.audience)||this.options.authorizationParams.audience)})}),i=await((s,a)=>{let c=Hi[a];return c||(c=s().finally(()=>{delete Hi[a],c=null}),Hi[a]=c),c})(()=>this._getTokenSilently(o),"".concat(this.options.clientId,"::").concat(o.authorizationParams.audience,"::").concat(o.authorizationParams.scope));return e.detailedResponse?i:i==null?void 0:i.access_token}async _getTokenSilently(e){const t=e.cacheMode,n=Ne(e,["cacheMode"]);if(t!=="off"){const a=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||ye,clientId:this.options.clientId,cacheMode:t});if(a)return a}if(t==="cache-only")return;const o=(i=this.options.clientId,s=n.authorizationParams.audience||"default","".concat("auth0.lock.getTokenSilently",".").concat(i,".").concat(s));var i,s;try{return await this.lockManager.runWithLock(o,5e3,async()=>{if(t!=="off"){const u=await this._getEntryFromCache({scope:n.authorizationParams.scope,audience:n.authorizationParams.audience||ye,clientId:this.options.clientId});if(u)return u}const a=this.options.useRefreshTokens?await this._getTokenUsingRefreshToken(n):await this._getTokenFromIFrame(n),c=a.id_token,l=a.token_type,h=a.access_token,d=a.oauthTokenScope,p=a.expires_in;return Object.assign(Object.assign({id_token:c,token_type:l,access_token:h},d?{scope:d}:null),{expires_in:p})})}catch(a){if(this._isInteractiveError(a)&&this.options.interactiveErrorHandler==="popup")return await this._handleInteractiveErrorWithPopup(n);throw a}}_isInteractiveError(e){return e instanceof Fr||e instanceof ne&&this._isIframeMfaError(e)}_isIframeMfaError(e){return e.error==="login_required"&&e.error_description==="Multifactor authentication required"}async _handleInteractiveErrorWithPopup(e){try{await this.loginWithPopup({authorizationParams:e.authorizationParams});const t=await this._getEntryFromCache({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||ye,clientId:this.options.clientId});if(!t)throw new ne("interactive_handler_cache_miss","Token not found in cache after interactive authentication");return t}catch(t){throw t}}async getTokenWithPopup(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};var n,o;const i=Object.assign(Object.assign({},e),{authorizationParams:Object.assign(Object.assign(Object.assign({},this.options.authorizationParams),e.authorizationParams),{scope:pr(this.scope,(n=e.authorizationParams)===null||n===void 0?void 0:n.scope,((o=e.authorizationParams)===null||o===void 0?void 0:o.audience)||this.options.authorizationParams.audience)})});return t=Object.assign(Object.assign({},ip),t),await this.loginWithPopup(i,t),(await this.cacheManager.get(new xe({scope:i.authorizationParams.scope,audience:i.authorizationParams.audience||ye,clientId:this.options.clientId}),void 0,this.options.useMrrt)).access_token}async isAuthenticated(){return!!await this.getUser()}_buildLogoutUrl(e){e.clientId!==null?e.clientId=e.clientId||this.options.clientId:delete e.clientId;const t=e.logoutParams||{},n=t.federated,o=Ne(t,["federated"]),i=n?"&federated":"";return this._url("/v2/logout?".concat(Er(Object.assign({clientId:e.clientId},o))))+i}async revokeRefreshToken(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};if(!this.options.useRefreshTokens)return;const t=e.audience||this.options.authorizationParams.audience||ye,n=await this.cacheManager.getRefreshTokensByAudience(t,this.options.clientId);await(async function(o,i){let s=o.baseUrl,a=o.timeout,c=o.auth0Client,l=o.useFormData,h=o.refreshTokens,d=o.audience,p=o.client_id,u=o.onRefreshTokenRevoked;const f=a||ms,g="refresh_token",y="".concat(s,"/oauth/revoke"),m={"Content-Type":l?"application/x-www-form-urlencoded":"application/json","Auth0-Client":btoa(JSON.stringify(ws(c||ys)))};if(i){const C={client_id:p,token_type_hint:g},k=l?Er(C):JSON.stringify(C);try{return await bs({type:"revoke",timeout:f,fetchUrl:y,fetchOptions:{method:"POST",body:k,headers:m},useFormData:l,auth:{audience:d??ye}},i)}catch(_){throw new ne("revoke_error",_.message)}}for(const C of h){const k={client_id:p,token_type_hint:g,token:C},_=l?Er(k):JSON.stringify(k),O=await Dl(y,{method:"POST",body:_,headers:m},f);if(!O.ok){let S,x;try{var b=JSON.parse(await O.text());S=b.error,x=b.error_description}catch{}throw new ne(S||"revoke_error",x||"HTTP error ".concat(O.status))}await(u==null?void 0:u(C))}})({baseUrl:this.domainUrl,timeout:this.httpTimeoutMs,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,client_id:this.options.clientId,refreshTokens:n,audience:t,onRefreshTokenRevoked:o=>this.cacheManager.stripRefreshToken(o)},this.worker)}async logout(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};var t;const n=Vc(e),o=n.openUrl,i=Ne(n,["openUrl"]);e.clientId===null?await this.cacheManager.clear():await this.cacheManager.clear(e.clientId||this.options.clientId),this.cookieStorage.remove(this.orgHintCookieName,{cookieDomain:this.options.cookieDomain}),this.cookieStorage.remove(this.isAuthenticatedCookieName,{cookieDomain:this.options.cookieDomain}),this.userCache.remove(xn);try{await((t=this.dpop)===null||t===void 0?void 0:t.clear())}catch{}if(this.worker)try{await bs({type:"clear"},this.worker)}catch{}const s=this._buildLogoutUrl(i);o?await o(s):o!==!1&&window.location.assign(s)}async _getTokenFromIFrame(e){const t=(n=this.options.clientId,"".concat("auth0.lock.getTokenFromIFrame",".").concat(n));var n;try{return await this.lockManager.runWithLock(t,5e3,async()=>{const o=Object.assign(Object.assign({},e.authorizationParams),{prompt:"none"}),i=this.cookieStorage.get(this.orgHintCookieName);i&&!o.organization&&(o.organization=i);const s=await this._prepareAuthorizeUrl(o,{response_mode:"web_message"},window.location.origin),a=s.url,c=s.state,l=s.nonce,h=s.code_verifier,d=s.redirect_uri,p=s.scope,u=s.audience;if(window.crossOriginIsolated)throw new ne("login_required","The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");const f=e.timeoutInSeconds||this.options.authorizeTimeoutInSeconds;let g;try{g=new URL(this.domainUrl).origin}catch{g=this.domainUrl}const y=await(function(b,C){let k=arguments.length>2&&arguments[2]!==void 0?arguments[2]:60;return new Promise((_,O)=>{const S=window.document.createElement("iframe");S.setAttribute("width","0"),S.setAttribute("height","0"),S.style.display="none";const x=()=>{window.document.body.contains(S)&&(window.document.body.removeChild(S),window.removeEventListener("message",te,!1))};let te;const re=setTimeout(()=>{O(new nr),x()},1e3*k);te=function(Q){if(Q.origin!=C||!Q.data||Q.data.type!=="authorization_response")return;const Pe=Q.source;Pe&&Pe.close(),Q.data.response.error?O(ne.fromPayload(Q.data.response)):_(Q.data.response),clearTimeout(re),window.removeEventListener("message",te,!1),setTimeout(x,2e3)},window.addEventListener("message",te,!1),window.document.body.appendChild(S),S.setAttribute("src",b)})})(a,g,f);if(c!==y.state)throw new ne("state_mismatch","Invalid state");const m=await this._requestToken(Object.assign(Object.assign({},e.authorizationParams),{code_verifier:h,code:y.code,grant_type:"authorization_code",redirect_uri:d,timeout:e.authorizationParams.timeout||this.httpTimeoutMs}),{nonceIn:l,organization:o.organization});return Object.assign(Object.assign({},m),{scope:p,oauthTokenScope:m.scope,audience:u})})}catch(o){throw o.error==="login_required"&&(o instanceof ne&&this._isIframeMfaError(o)&&this.options.interactiveErrorHandler==="popup"||this.logout({openUrl:!1})),o}}async _getTokenUsingRefreshToken(e){const t=await this.cacheManager.get(new xe({scope:e.authorizationParams.scope,audience:e.authorizationParams.audience||ye,clientId:this.options.clientId}),void 0,this.options.useMrrt);if(!(t&&t.refresh_token||this.worker)){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);throw new pi(e.authorizationParams.audience||ye,e.authorizationParams.scope)}const n=e.authorizationParams.redirect_uri||this.options.authorizationParams.redirect_uri||window.location.origin,o=typeof e.timeoutInSeconds=="number"?1e3*e.timeoutInSeconds:null,i=((h,d,p,u)=>{var f;if(h&&p&&u){if(d.audience!==p)return d.scope;const g=u.split(" "),y=((f=d.scope)===null||f===void 0?void 0:f.split(" "))||[],m=y.every(b=>g.includes(b));return g.length>=y.length&&m?u:d.scope}return d.scope})(this.options.useMrrt,e.authorizationParams,t==null?void 0:t.audience,t==null?void 0:t.scope);try{const h=await this._requestToken(Object.assign(Object.assign(Object.assign({},e.authorizationParams),{grant_type:"refresh_token",refresh_token:t&&t.refresh_token,redirect_uri:n}),o&&{timeout:o}),{scopesToRequest:i});if(h.refresh_token&&(t!=null&&t.refresh_token)&&await this.cacheManager.updateEntry(t.refresh_token,h.refresh_token),this.options.useMrrt&&(s=t==null?void 0:t.audience,a=t==null?void 0:t.scope,c=e.authorizationParams.audience,l=e.authorizationParams.scope,(s!==c||!Zc(l,a))&&!Zc(i,h.scope))){if(this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e);await this.cacheManager.remove(this.options.clientId,e.authorizationParams.audience,e.authorizationParams.scope);const d=((p,u)=>{const f=(p==null?void 0:p.split(" "))||[],g=(u==null?void 0:u.split(" "))||[];return f.filter(y=>g.indexOf(y)==-1).join(",")})(i,h.scope);throw new aa(e.authorizationParams.audience||"default",d)}return Object.assign(Object.assign({},h),{scope:e.authorizationParams.scope,oauthTokenScope:h.scope,audience:e.authorizationParams.audience||ye})}catch(h){if(h.message){if(h.message.includes("user is blocked"))throw await this.logout({openUrl:!1}),h;if((h.message.includes("Missing Refresh Token")||h.message.includes("invalid refresh token"))&&this.options.useRefreshTokensFallback)return await this._getTokenFromIFrame(e)}throw h}var s,a,c,l}async _saveEntryInCache(e){const t=e.id_token,n=e.decodedToken,o=Ne(e,["id_token","decodedToken"]);this.userCache.set(xn,{id_token:t,decodedToken:n}),await this.cacheManager.setIdToken(this.options.clientId,e.id_token,e.decodedToken),await this.cacheManager.set(o)}async _getIdTokenFromCache(){const e=this.options.authorizationParams.audience||ye,t=this.scope[e],n=await this.cacheManager.getIdToken(new xe({clientId:this.options.clientId,audience:e,scope:t})),o=this.userCache.get(xn);return n&&n.id_token===(o==null?void 0:o.id_token)?o:(this.userCache.set(xn,n),n)}async _getEntryFromCache(e){let t=e.scope,n=e.audience,o=e.clientId,i=e.cacheMode;const s=await this.cacheManager.get(new xe({scope:t,audience:n,clientId:o}),60,this.options.useMrrt,i);if(s&&s.access_token){const a=s.token_type,c=s.access_token,l=s.oauthTokenScope,h=s.expires_in,d=await this._getIdTokenFromCache();return d&&Object.assign(Object.assign({id_token:d.id_token,token_type:a||"Bearer",access_token:c},l?{scope:l}:null),{expires_in:h})}}_storeMfaContext(e,t,n){e instanceof Fr&&this.mfa.setMFAAuthDetails(e.mfa_token,t,n,e.mfa_requirements)}async _requestToken(e,t){var n,o;const i=t||{},s=i.nonceIn,a=i.organization,c=i.scopesToRequest;try{const l=await jc(Object.assign(Object.assign({baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,useMrrt:this.options.useMrrt,dpop:this.dpop},e),{scope:c||e.scope}),this.worker),h=await this._verifyIdToken(l.id_token,s,a);if(e.grant_type==="authorization_code"){const d=await this._getIdTokenFromCache();!((o=(n=d==null?void 0:d.decodedToken)===null||n===void 0?void 0:n.claims)===null||o===void 0)&&o.sub&&d.decodedToken.claims.sub!==h.claims.sub&&(await this.cacheManager.clear(this.options.clientId),this.userCache.remove(xn))}return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({},l),{decodedToken:h,scope:e.scope,audience:e.audience||ye}),l.scope?{oauthTokenScope:l.scope}:null),{client_id:this.options.clientId})),this.cookieStorage.save(this.isAuthenticatedCookieName,!0,{daysUntilExpire:this.sessionCheckExpiryDays,cookieDomain:this.options.cookieDomain}),this._processOrgHint(a||h.claims.org_id),Object.assign(Object.assign({},l),{decodedToken:h})}catch(l){throw e.grant_type!=="authorization_code"&&this._storeMfaContext(l,c||e.scope,e.audience),l}}_buildTokenExchangeParams(e){return Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({},e),{grant_type:"urn:ietf:params:oauth:grant-type:token-exchange",subject_token:e.subject_token,subject_token_type:e.subject_token_type}),e.actor_token&&{actor_token:e.actor_token}),e.actor_token_type&&{actor_token_type:e.actor_token_type}),{scope:pr(this.scope,e.scope,e.audience||this.options.authorizationParams.audience),audience:e.audience||this.options.authorizationParams.audience,organization:e.organization||this.options.authorizationParams.organization})}async loginWithCustomTokenExchange(e){return this._requestToken(this._buildTokenExchangeParams(e))}async customTokenExchange(e){const t=this._buildTokenExchangeParams(e);try{const n=await jc(Object.assign(Object.assign({},t),{baseUrl:this.domainUrl,client_id:this.options.clientId,auth0Client:this.options.auth0Client,useFormData:this.options.useFormData,timeout:this.httpTimeoutMs,dpop:this.dpop}),this.worker,!0);return n.id_token&&await this._verifyIdToken(n.id_token,void 0,e.organization),n}catch(n){throw this._storeMfaContext(n,t.scope,t.audience),n}}async exchangeToken(e){return this.loginWithCustomTokenExchange(e)}_assertDpop(e){if(!e)throw new Error("`useDpop` option must be enabled before using DPoP.")}getDpopNonce(e){return this._assertDpop(this.dpop),this.dpop.getNonce(e)}setDpopNonce(e,t){return this._assertDpop(this.dpop),this.dpop.setNonce(e,t)}generateDpopProof(e){return this._assertDpop(this.dpop),this.dpop.generateProof(e)}createFetcher(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return new Fp(e,{isDpopEnabled:()=>!!this.options.useDpop,getAccessToken:t=>{var n;return this.getTokenSilently({authorizationParams:{scope:(n=t==null?void 0:t.scope)===null||n===void 0?void 0:n.join(" "),audience:t==null?void 0:t.audience},detailedResponse:!0})},getDpopNonce:()=>this.getDpopNonce(e.dpopNonceId),setDpopNonce:t=>this.setDpopNonce(t,e.dpopNonceId),generateDpopProof:t=>this.generateDpopProof(t)})}async connectAccountWithRedirect(e){const t=e.openUrl,n=e.appState,o=e.connection,i=e.scopes,s=e.authorization_params,a=e.redirectUri,c=a===void 0?this.options.authorizationParams.redirect_uri||window.location.origin:a;if(!o)throw new Error("connection is required");const l=Oi(dr()),h=dr(),d=await Lc(h),p=Kc(d),u=await this.myAccount.connectAccount({connection:o,scopes:i,redirect_uri:c,state:l,code_challenge:p,code_challenge_method:"S256",authorization_params:s}),f=u.connect_uri,g=u.connect_params,y=u.auth_session;this.transactionManager.create({state:l,code_verifier:h,auth_session:y,redirect_uri:c,appState:n,connection:o,response_type:Jt.ConnectCode});const m=new URL(f);m.searchParams.set("ticket",g.ticket),t?await t(m.toString()):window.location.assign(m)}async _requestTokenForPasskey(e){const t=e.audience||this.options.authorizationParams.audience,n=e.organization||this.options.authorizationParams.organization;return this._requestToken(Object.assign(Object.assign(Object.assign({grant_type:"urn:okta:params:oauth:grant-type:webauthn",auth_session:e.authSession,authn_response:e.credential},e.realm&&{realm:e.realm}),n&&{organization:n}),{scope:pr(this.scope,e.scope,t),audience:t}))}async _requestTokenForMfa(e,t){const n=e.mfaToken,o=Ne(e,["mfaToken"]);return this._requestToken(Object.assign(Object.assign({},o),{mfa_token:n}),t)}}var Td={isAuthenticated:!1,isLoading:!0,error:void 0,user:void 0},W=function(){throw new Error("You forgot to wrap your component in <Auth0Provider>.")},gg=le(le({},Td),{buildAuthorizeUrl:W,buildLogoutUrl:W,getAccessTokenSilently:W,getAccessTokenWithPopup:W,getIdTokenClaims:W,loginWithCustomTokenExchange:W,customTokenExchange:W,exchangeToken:W,loginWithRedirect:W,loginWithPopup:W,connectAccountWithRedirect:W,logout:W,handleRedirectCallback:W,getDpopNonce:W,setDpopNonce:W,generateDpopProof:W,createFetcher:W,getConfiguration:W,mfa:{getAuthenticators:W,enroll:W,challenge:W,verify:W,getEnrollmentFactors:W},passkey:{signup:W,login:W},myAccount:{getFactors:W,getAuthenticationMethods:W,getAuthenticationMethod:W,updateAuthenticationMethod:W,deleteAuthenticationMethod:W,enrollmentChallenge:W,enrollmentVerify:W}}),kd=L.createContext(gg),Ch=(function(r){tp(e,r);function e(t,n){var o=r.call(this,n??t)||this;return o.error=t,o.error_description=n,Object.setPrototypeOf(o,e.prototype),o}return e})(Error),mg=/[?&](?:connect_)?code=[^&]+/,yg=/[?&]state=[^&]+/,wg=/[?&]error=[^&]+/,vg=function(r){return r===void 0&&(r=window.location.search),(mg.test(r)||wg.test(r))&&yg.test(r)},_d=function(r){return function(e){if(e instanceof Error)return e;if(e!==null&&typeof e=="object"&&"error"in e&&typeof e.error=="string"){if("error_description"in e&&typeof e.error_description=="string"){var t=e;return new Ch(t.error,t.error_description)}var n=e;return new Ch(n.error)}return new Error(r)}},Th=_d("Login failed"),Pn=_d("Get access token failed"),Id=function(r){var e,t;r!=null&&r.redirectUri&&(console.warn("Using `redirectUri` has been deprecated, please use `authorizationParams.redirect_uri` instead as `redirectUri` will be no longer supported in a future version"),r.authorizationParams=(e=r.authorizationParams)!==null&&e!==void 0?e:{},r.authorizationParams.redirect_uri=r.redirectUri,delete r.redirectUri),!((t=r==null?void 0:r.authorizationParams)===null||t===void 0)&&t.redirectUri&&(console.warn("Using `authorizationParams.redirectUri` has been deprecated, please use `authorizationParams.redirect_uri` instead as `authorizationParams.redirectUri` will be removed in a future version"),r.authorizationParams.redirect_uri=r.authorizationParams.redirectUri,delete r.authorizationParams.redirectUri)},bg=function(r,e){switch(e.type){case"LOGIN_POPUP_STARTED":return le(le({},r),{isLoading:!0});case"LOGIN_POPUP_COMPLETE":case"INITIALISED":return le(le({},r),{isAuthenticated:!!e.user,user:e.user,isLoading:!1,error:void 0});case"HANDLE_REDIRECT_COMPLETE":case"GET_ACCESS_TOKEN_COMPLETE":return r.user===e.user?r:le(le({},r),{isAuthenticated:!!e.user,user:e.user});case"LOGOUT":return le(le({},r),{isAuthenticated:!1,user:void 0});case"ERROR":return le(le({},r),{isLoading:!1,error:e.error})}},Cg=function(r){return Id(r),le(le({},r),{auth0Client:{name:"auth0-react",version:"2.19.0"}})},Tg=function(r){var e;window.history.replaceState({},document.title,(e=r.returnTo)!==null&&e!==void 0?e:window.location.pathname)},tT=function(r){var e=r,t=e.children,n=e.skipRedirectCallback,o=e.onRedirectCallback,i=o===void 0?Tg:o,s=e.context,a=s===void 0?kd:s,c=e.client,l=Oc(e,["children","skipRedirectCallback","onRedirectCallback","context","client"]);c&&(l.domain||l.clientId)&&console.warn("Auth0Provider: the `client` prop takes precedence over `domain`/`clientId` and other configuration options. Remove `domain`, `clientId`, and any other Auth0Client configuration props when using the `client` prop.");var h=L.useState(function(){return c??new fg(Cg(l))})[0],d=L.useReducer(bg,Td),p=d[0],u=d[1],f=L.useRef(!1),g=L.useCallback(function(M){return u({type:"ERROR",error:M}),M},[]);L.useEffect(function(){f.current||(f.current=!0,(function(){return ct(void 0,void 0,void 0,function(){var M,G,Z,q,H,$,Ut;return ht(this,function(Dt){switch(Dt.label){case 0:return Dt.trys.push([0,7,,8]),M=void 0,vg()&&!n?[4,h.handleRedirectCallback()]:[3,3];case 1:return G=Dt.sent(),Z=G.appState,q=Z===void 0?{}:Z,H=G.response_type,$=Oc(G,["appState","response_type"]),[4,h.getUser()];case 2:return M=Dt.sent(),q.response_type=H,H===Jt.ConnectCode&&(q.connectedAccount=$),i(q,M),[3,6];case 3:return[4,h.checkSession()];case 4:return Dt.sent(),[4,h.getUser()];case 5:M=Dt.sent(),Dt.label=6;case 6:return u({type:"INITIALISED",user:M}),[3,8];case 7:return Ut=Dt.sent(),g(Th(Ut)),[3,8];case 8:return[2]}})})})())},[h,i,n,g]);var y=L.useCallback(function(M){return Id(M),h.loginWithRedirect(M)},[h]),m=L.useCallback(function(M,G){return ct(void 0,void 0,void 0,function(){var Z,q;return ht(this,function(H){switch(H.label){case 0:u({type:"LOGIN_POPUP_STARTED"}),H.label=1;case 1:return H.trys.push([1,3,,4]),[4,h.loginWithPopup(M,G)];case 2:return H.sent(),[3,4];case 3:return Z=H.sent(),g(Th(Z)),[2];case 4:return[4,h.getUser()];case 5:return q=H.sent(),u({type:"LOGIN_POPUP_COMPLETE",user:q}),[2]}})})},[h,g]),b=L.useCallback(function(){for(var M=[],G=0;G<arguments.length;G++)M[G]=arguments[G];return ct(void 0,np([],M),void 0,function(Z){return Z===void 0&&(Z={}),ht(this,function(q){switch(q.label){case 0:return[4,h.logout(Z)];case 1:return q.sent(),(Z.openUrl||Z.openUrl===!1)&&u({type:"LOGOUT"}),[2]}})})},[h]),C=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.getTokenSilently(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),k=L.useCallback(function(M,G){return ct(void 0,void 0,void 0,function(){var Z,q,H,$;return ht(this,function(Ut){switch(Ut.label){case 0:return Ut.trys.push([0,2,3,5]),[4,h.getTokenWithPopup(M,G)];case 1:return Z=Ut.sent(),[3,5];case 2:throw q=Ut.sent(),Pn(q);case 3:return H=u,$={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return H.apply(void 0,[($.user=Ut.sent(),$)]),[7];case 5:return[2,Z]}})})},[h]),_=L.useCallback(function(M){return h.connectAccountWithRedirect(M)},[h]),O=L.useCallback(function(){return h.getIdTokenClaims()},[h]),S=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.loginWithCustomTokenExchange(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),x=L.useCallback(function(M){return h.customTokenExchange(M)},[h]),te=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){return ht(this,function(G){return[2,S(M)]})})},[S]),re=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q;return ht(this,function(H){switch(H.label){case 0:return H.trys.push([0,2,3,5]),[4,h.handleRedirectCallback(M)];case 1:return[2,H.sent()];case 2:throw G=H.sent(),Pn(G);case 3:return Z=u,q={type:"HANDLE_REDIRECT_COMPLETE"},[4,h.getUser()];case 4:return Z.apply(void 0,[(q.user=H.sent(),q)]),[7];case 5:return[2]}})})},[h]),Q=L.useCallback(function(M){return h.getDpopNonce(M)},[h]),Pe=L.useCallback(function(M,G){return h.setDpopNonce(M,G)},[h]),Mt=L.useCallback(function(M){return h.generateDpopProof(M)},[h]),lr=L.useCallback(function(M){return h.createFetcher(M)},[h]),tn=L.useCallback(function(){return h.getConfiguration()},[h]),Sc=L.useMemo(function(){return h.mfa},[h]),Ec=L.useMemo(function(){return h.myAccount},[h]),Ac=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.passkey.signup(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),Rc=L.useCallback(function(M){return ct(void 0,void 0,void 0,function(){var G,Z,q,H;return ht(this,function($){switch($.label){case 0:return $.trys.push([0,2,3,5]),[4,h.passkey.login(M)];case 1:return G=$.sent(),[3,5];case 2:throw Z=$.sent(),Pn(Z);case 3:return q=u,H={type:"GET_ACCESS_TOKEN_COMPLETE"},[4,h.getUser()];case 4:return q.apply(void 0,[(H.user=$.sent(),H)]),[7];case 5:return[2,G]}})})},[h]),Pc=L.useMemo(function(){return{signup:Ac,login:Rc}},[Ac,Rc]),ep=L.useMemo(function(){return le(le({},p),{getAccessTokenSilently:C,getAccessTokenWithPopup:k,getIdTokenClaims:O,loginWithCustomTokenExchange:S,customTokenExchange:x,exchangeToken:te,loginWithRedirect:y,loginWithPopup:m,connectAccountWithRedirect:_,logout:b,handleRedirectCallback:re,getDpopNonce:Q,setDpopNonce:Pe,generateDpopProof:Mt,createFetcher:lr,getConfiguration:tn,mfa:Sc,passkey:Pc,myAccount:Ec})},[p,C,k,O,S,x,te,y,m,_,b,re,Q,Pe,Mt,lr,tn,Sc,Pc,Ec]);return Sl.createElement(a.Provider,{value:ep},t)},nT=function(r){return r===void 0&&(r=kd),L.useContext(r)};/*! @azure/msal-common v16.11.0 2026-06-30 */const kg="msal.js.common",Sd="https://login.microsoftonline.com/common/",_g="login.microsoftonline.com",Ed="common",Ig="adfs",Sg="dstsv2",Eg=`${Sd}discovery/instance?api-version=1.1&authorization_endpoint=`,os=".ciamlogin.com",Tr=".onmicrosoft.com",Ks="|",Ad="openid",Rd="profile",ka="offline_access",Ag="email",_a="S256",Rg="application/x-www-form-urlencoded;charset=utf-8",is="N/A",kr="Not Available",Fs="/",kh="http://169.254.169.254/metadata/instance/compute",Pg="2021-02-01",Og=2e3,Ng="TryAutoDetect",xg="login.microsoft.com",Mg=["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],_h=240,Ug="invalid_instance",Ih=200,Dg=400,Sh=400,Lg=499,Hg=500,Kg=599,Wn={GET:"GET",POST:"POST"},ir=[Ad,Rd,ka],Eh=[...ir,Ag],Ae={CONTENT_TYPE:"Content-Type",CONTENT_LENGTH:"Content-Length",RETRY_AFTER:"Retry-After",CCS_HEADER:"X-AnchorMailbox",WWWAuthenticate:"WWW-Authenticate",AuthenticationInfo:"Authentication-Info",X_MS_REQUEST_ID:"x-ms-request-id",X_MS_HTTP_VERSION:"x-ms-httpver"},Ah={ACTIVE_ACCOUNT_FILTERS:"active-account-filters"},Xt={COMMON:"common",ORGANIZATIONS:"organizations",CONSUMERS:"consumers"},kt={ACCESS_TOKEN:"access_token",XMS_CC:"xms_cc",ID_TOKEN:"id_token",SIGNIN_STATE:"signin_state",LOGIN_HINT:"login_hint"},be={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",NO_SESSION:"no_session"},Ia={CODE:"code",IDTOKEN_TOKEN_REFRESHTOKEN:"id_token token refresh_token"},Sa={QUERY:"query",FRAGMENT:"fragment"},Pd={AUTHORIZATION_CODE_GRANT:"authorization_code",REFRESH_TOKEN_GRANT:"refresh_token"},Fg="MSSTS",jg="ADFS",Od="Generic",Nd="-",js=".",ue={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},Ea="appmetadata",zg="client_info",Zo="1",zs="authority-metadata",Wg=3600*24,De={CONFIG:"config",CACHE:"cache",NETWORK:"network",HARDCODED_VALUES:"hardcoded_values"},Rh=5,Jg=330,Bg=50,xd="server-telemetry",Ph="|",On=",",Gg="1",Vg="0",Zg="unknown_error",ee={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},$g=60,Xg=3600,Md="throttling",Yg="retry-after, h429",Qg="invalid_grant",qg="client_mismatch",Nn={FAILED_AUTO_DETECTION:"1",INTERNAL_CACHE:"2",ENVIRONMENT_VARIABLE:"3",IMDS:"4"},ss={CONFIGURED_NO_AUTO_DETECTION:"2",AUTO_DETECTION_REQUESTED_SUCCESSFUL:"4",AUTO_DETECTION_REQUESTED_FAILED:"5"},jt={NOT_APPLICABLE:"0",FORCE_REFRESH_OR_CLAIMS:"1",NO_CACHED_ACCESS_TOKEN:"2",CACHED_ACCESS_TOKEN_EXPIRED:"3",PROACTIVELY_REFRESHED:"4"},em={Pop:"pop"},Ud=300;/*! @azure/msal-common v16.11.0 2026-06-30 */const vn="client_id",Dd="redirect_uri",tm="response_type",nm="response_mode",rm="grant_type",om="claims",im="scope",sm="refresh_token",am="state",cm="nonce",hm="prompt",lm="code",dm="code_challenge",um="code_challenge_method",pm="code_verifier",fm="client-request-id",gm="x-client-SKU",mm="x-client-VER",ym="x-client-OS",wm="x-client-CPU",vm="x-client-current-telemetry",bm="x-client-last-telemetry",Cm="x-ms-lib-capability",Tm="x-app-name",km="x-app-ver",_m="post_logout_redirect_uri",Im="id_token_hint",Sm="client_secret",Em="client_assertion",Am="client_assertion_type",Ld="token_type",Hd="req_cnf",Oh="return_spa_code",Rm="nativebroker",Pm="logout_hint",Om="sid",Nm="login_hint",xm="domain_hint",Mm="x-client-xtra-sku",Wr="brk_client_id",$o="brk_redirect_uri",Ws="instance_aware",Um="ear_jwk",Dm="ear_jwe_crypto",Lm="resource",Hm="clidata";/*! @azure/msal-common v16.11.0 2026-06-30 */function Aa(r){return`See https://aka.ms/msal.js.errors#${r} for details`}class oe extends Error{constructor(e,t,n,o){const i=n||(e?Aa(e):""),s=i?`${e}: ${i}`:e;super(s),Object.setPrototypeOf(this,oe.prototype),this.errorCode=e||"",this.errorMessage=i||"",this.subError=o||"",this.correlationId=t,this.name="AuthError"}}function Js(r,e,t){return new oe(r,e,t||Aa(r))}/*! @azure/msal-common v16.11.0 2026-06-30 */class Ra extends oe{constructor(e,t){super(e,t),this.name="ClientConfigurationError",Object.setPrototypeOf(this,Ra.prototype)}}function V(r,e){return new Ra(r,e)}/*! @azure/msal-common v16.11.0 2026-06-30 */class mn{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return Object.keys(t).length===0}catch{}return!0}static startsWith(e,t){return e.indexOf(t)===0}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},n=e.split("&"),o=i=>decodeURIComponent(i.replace(/\+/g," "));return n.forEach(i=>{if(i.trim()){const[s,a]=i.split(/=(.+)/g,2);s&&a&&(t[o(s)]=o(a))}}),t}static trimArrayEntries(e){return e.map(t=>t.trim())}static removeEmptyStringsFromArray(e){return e.filter(t=>!!t)}static jsonParseHelper(e){try{return JSON.parse(e)}catch{return null}}}/*! @azure/msal-common v16.11.0 2026-06-30 */class Pa extends oe{constructor(e,t,n){super(e,t,n),this.name="ClientAuthError",Object.setPrototypeOf(this,Pa.prototype)}}function T(r,e,t){return new Pa(r,e,t)}/*! @azure/msal-common v16.11.0 2026-06-30 */const Km="redirect_uri_empty",Fm="authority_uri_insecure",Fn="url_parse_error",jm="empty_url_error",zm="empty_input_scopes_error",Wm="invalid_claims",Jm="token_request_empty",Bm="logout_request_empty",Kd="pkce_params_missing",Fd="invalid_cloud_discovery_metadata",Gm="invalid_authority_metadata",Vm="untrusted_authority",Oa="missing_ssh_jwk",Zm="missing_ssh_kid",$m="cannot_set_OIDCOptions",Xm="cannot_allow_platform_broker",Ym="authority_mismatch",Qm="invalid_request_method_for_EAR",qm="invalid_platform_broker_configuration",as="issuer_validation_failed";/*! @azure/msal-common v16.11.0 2026-06-30 */const jd="client_info_decoding_error",ey="client_info_empty_error",zd="token_parsing_error",ty="null_or_empty_token",zt="endpoints_resolution_error",ny="network_error",ry="openid_config_error",oy="hash_not_deserialized",Jr="invalid_state",iy="state_mismatch",Nh="state_not_found",sy="nonce_mismatch",ay="multiple_matching_appMetadata",cy="request_cannot_be_made",hy="cannot_remove_empty_scope",ly="cannot_append_scopeset",xh="empty_input_scopeset",Wd="no_account_in_silent_request",dy="invalid_cache_record",Jd="invalid_cache_environment",Mh="no_account_found",Bd="no_crypto_object",Zt="token_refresh_required",uy="token_claims_cnf_required_for_signedjwt",py="authorization_code_missing_from_server_response",fy="binding_key_not_removed",gy="end_session_endpoint_not_supported",Gd="key_id_missing",D="method_not_implemented",my="resource_parameter_required",yy="misplaced_resource_parameter";/*! @azure/msal-common v16.11.0 2026-06-30 */class Ce{constructor(e,t){this.correlationId=t;const n=e?mn.trimArrayEntries([...e]):[],o=n?mn.removeEmptyStringsFromArray(n):[];if(!o||!o.length)throw V(zm,t);this.scopes=new Set,o.forEach(i=>this.scopes.add(i))}static fromString(e,t){const o=(e||"").split(" ");return new Ce(o,t)}static createSearchScopes(e,t){const n=e&&e.length>0?e:[...ir],o=new Ce(n,t);return o.containsOnlyOIDCScopes()?o.removeScope(ka):o.removeOIDCScopes(),o}containsScope(e){const t=this.printScopesLowerCase().split(" "),n=new Ce(t,this.correlationId);return e?n.scopes.has(e.toLowerCase()):!1}containsScopeSet(e){return!e||e.scopes.size<=0?!1:this.scopes.size>=e.scopes.size&&e.asArray().every(t=>this.containsScope(t))}containsOnlyOIDCScopes(){let e=0;return Eh.forEach(t=>{this.containsScope(t)&&(e+=1)}),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach(t=>this.appendScope(t))}catch{throw T(ly,this.correlationId)}}removeScope(e){if(!e)throw T(hy,this.correlationId);this.scopes.delete(e.trim())}removeOIDCScopes(){Eh.forEach(e=>{this.scopes.delete(e)})}unionScopeSets(e){if(!e)throw T(xh,this.correlationId);const t=new Set;return e.scopes.forEach(n=>t.add(n.toLowerCase())),this.scopes.forEach(n=>t.add(n.toLowerCase())),t}intersectingScopeSets(e){if(!e)throw T(xh,this.correlationId);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),n=e.getScopeCount(),o=this.getScopeCount();return t.size<o+n}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach(t=>e.push(t)),e}printScopes(){return this.scopes?this.asArray().join(" "):""}printScopesLowerCase(){return this.printScopes().toLowerCase()}}/*! @azure/msal-common v16.11.0 2026-06-30 */function wi(r,e,t){if(!e)return;const n=r.get(vn);n&&r.has(Wr)&&(t==null||t.addFields({embeddedClientId:n,embeddedRedirectUri:r.get(Dd)},e))}function Na(r,e){r.set(tm,e)}function wy(r,e){r.set(nm,e||Sa.QUERY)}function vy(r){r.set(Rm,"1")}function xa(r,e,t,n=!0,o=ir){n&&!o.includes("openid")&&!e.includes("openid")&&o.push("openid");const i=n?[...e||[],...o]:e||[],s=new Ce(i,t);r.set(im,s.printScopes())}function Ma(r,e){r.set(vn,e)}function Ua(r,e){r.set(Dd,e)}function by(r,e){r.set(_m,e)}function Cy(r,e){r.set(Im,e)}function Ty(r,e){r.set(xm,e)}function Io(r,e){r.set(Nm,e)}function Xo(r,e){r.set(Ae.CCS_HEADER,`UPN:${e}`)}function Lr(r,e){r.set(Ae.CCS_HEADER,`Oid:${e.uid}@${e.utid}`)}function Uh(r,e){r.set(Om,e)}function Da(r,e,t,n,o){const i=o&&r.has(Wr)?void 0:n,s=qd(t,i,e);r.set(om,s)}function oo(r,e){r.set(fm,e)}function La(r,e){r.set(gm,e.sku),r.set(mm,e.version),e.os&&r.set(ym,e.os),e.cpu&&r.set(wm,e.cpu)}function Ha(r,e){e!=null&&e.appName&&r.set(Tm,e.appName),e!=null&&e.appVersion&&r.set(km,e.appVersion)}function ky(r,e){r.set(hm,e)}function Vd(r,e){e&&r.set(am,e)}function _y(r,e){r.set(cm,e)}function Ka(r,e,t){if(e&&t)r.set(dm,e),r.set(um,t);else throw V(Kd,"")}function Iy(r,e){r.set(lm,e)}function Sy(r,e){r.set(sm,e)}function Ey(r,e){r.set(pm,e)}function Zd(r,e){r.set(Sm,e)}function $d(r,e){e&&r.set(Em,e)}function Xd(r,e){e&&r.set(Am,e)}function Yd(r,e){r.set(rm,e)}function Fa(r){r.set(zg,"1")}function Ay(r){r.set(Hm,"1")}function Qd(r){r.has(Ws)||r.set(Ws,"true")}function gt(r,e){Object.entries(e).forEach(([t,n])=>{!r.has(t)&&n&&r.set(t,n)})}const Ry={[kt.SIGNIN_STATE]:{essential:!1},[kt.LOGIN_HINT]:{essential:!1}};function qd(r,e,t=""){let n;if(!r)n={};else try{const i=JSON.parse(r);if(typeof i!="object"||i===null||Array.isArray(i))throw new Error("Claims must be a JSON object");n=i}catch{throw V(Wm,t)}Object.prototype.hasOwnProperty.call(n,kt.ID_TOKEN)||(n[kt.ID_TOKEN]={});const o=n[kt.ID_TOKEN];for(const[i,s]of Object.entries(Ry))i in o||(o[i]=s);return e&&e.length>0&&(Object.prototype.hasOwnProperty.call(n,kt.ACCESS_TOKEN)||(n[kt.ACCESS_TOKEN]={}),n[kt.ACCESS_TOKEN][kt.XMS_CC]={values:e}),JSON.stringify(n)}function ja(r,e){e&&(r.set(Ld,ee.POP),r.set(Hd,e))}function eu(r,e){e&&(r.set(Ld,ee.SSH),r.set(Hd,e))}function tu(r,e){r.set(vm,e.generateCurrentRequestHeaderValue()),r.set(bm,e.generateLastRequestHeaderValue())}function nu(r){r.set(Cm,Yg)}function Py(r,e){r.set(Pm,e)}function vi(r,e,t){r.has(Wr)||r.set(Wr,e),r.has($o)||r.set($o,t)}function Oy(r,e){r.set(Um,encodeURIComponent(e)),r.set(Dm,"eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0")}function ru(r,e){e&&r.set(Lm,e)}/*! @azure/msal-common v16.11.0 2026-06-30 */function ou(r){return r.startsWith("#/")?r.substring(2):r.startsWith("#")||r.startsWith("?")?r.substring(1):r}function Yo(r){if(!r||r.indexOf("=")<0)return null;try{const e=ou(r),t=Object.fromEntries(new URLSearchParams(e));if(t.code||t.ear_jwe||t.error||t.error_description||t.state)return t}catch{throw T(oy,"")}return null}function Br(r){const e=new Array;return r.forEach((t,n)=>{e.push(`${n}=${encodeURIComponent(t)}`)}),e.join("&")}function Dh(r,e,t){if(!r)return r;const n=r.split("#")[0];if(!n)return n;try{const o=new URL(n);o.search||(o.search="");let i;try{i=decodeURIComponent(o.pathname)}catch{i=o.pathname}return i.endsWith("/")||(i+="/"),o.pathname=i,o.href}catch(o){throw e==null||e.error(`15apdm ${o}`,t||""),V(Fn,t||"")}}function Ny(r,e,t){try{new URL(r)}catch(n){throw e==null||e.error(`1lrjz7 ${n}`,t||""),V(Fn,t||"")}}/*! @azure/msal-common v16.11.0 2026-06-30 */const Qo={createNewGuid:()=>{throw T(D,"")},base64Decode:()=>{throw T(D,"")},base64Encode:()=>{throw T(D,"")},base64UrlEncode:()=>{throw T(D,"")},encodeKid:()=>{throw T(D,"")},async getPublicKeyThumbprint(){throw T(D,"")},async removeTokenBindingKey(){throw T(D,"")},async clearKeystore(){throw T(D,"")},async signJwt(){throw T(D,"")},async hashString(){throw T(D,"")}};/*! @azure/msal-common v16.11.0 2026-06-30 */var ie;(function(r){r[r.Error=0]="Error",r[r.Warning=1]="Warning",r[r.Info=2]="Info",r[r.Verbose=3]="Verbose",r[r.Trace=4]="Trace"})(ie||(ie={}));const xy=50,My=500,ln=new Map;function Uy(r,e){ln.delete(r),ln.set(r,e)}function Dy(r,e){const t=Date.now();let n=ln.get(r);if(n)Uy(r,n);else if(n={logs:[],firstEventTime:t},ln.set(r,n),ln.size>xy){const o=ln.keys().next().value;o!==void 0&&ln.delete(o)}n.logs.push({...e,milliseconds:t-n.firstEventTime}),n.logs.length>My&&n.logs.shift()}function Ly(r){if(r.length<6||r.length>6&&r[6]!==" ")return null;for(let e=0;e<6;e++){const t=r[e];if(!(t>="a"&&t<="z"||t>="A"&&t<="Z"||t>="0"&&t<="9"))return null}return r.substring(0,6)}class ot{constructor(e,t,n){this.level=ie.Info;const o=()=>{},i=e||ot.createDefaultLoggerOptions();this.localCallback=i.loggerCallback||o,this.piiLoggingEnabled=i.piiLoggingEnabled||!1,this.level=typeof i.logLevel=="number"?i.logLevel:ie.Info,this.packageName=t||"",this.packageVersion=n||""}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:ie.Info}}clone(e,t){return new ot({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level},e,t)}logMessage(e,t){const n=t.correlationId,o=Ly(e);if(o){const c={hash:o,level:t.logLevel,containsPii:t.containsPii||!1,milliseconds:0};Dy(n,c)}if(t.logLevel>this.level||!this.piiLoggingEnabled&&t.containsPii)return;const a=`${`[${new Date().toUTCString()}] : [${n}]`} : ${this.packageName}@${this.packageVersion} : ${ie[t.logLevel]} - ${e}`;this.executeCallback(t.logLevel,a,t.containsPii||!1)}executeCallback(e,t,n){this.localCallback&&this.localCallback(e,t,n)}error(e,t){this.logMessage(e,{logLevel:ie.Error,containsPii:!1,correlationId:t})}errorPii(e,t){this.logMessage(e,{logLevel:ie.Error,containsPii:!0,correlationId:t})}warning(e,t){this.logMessage(e,{logLevel:ie.Warning,containsPii:!1,correlationId:t})}warningPii(e,t){this.logMessage(e,{logLevel:ie.Warning,containsPii:!0,correlationId:t})}info(e,t){this.logMessage(e,{logLevel:ie.Info,containsPii:!1,correlationId:t})}infoPii(e,t){this.logMessage(e,{logLevel:ie.Info,containsPii:!0,correlationId:t})}verbose(e,t){this.logMessage(e,{logLevel:ie.Verbose,containsPii:!1,correlationId:t})}verbosePii(e,t){this.logMessage(e,{logLevel:ie.Verbose,containsPii:!0,correlationId:t})}trace(e,t){this.logMessage(e,{logLevel:ie.Trace,containsPii:!1,correlationId:t})}tracePii(e,t){this.logMessage(e,{logLevel:ie.Trace,containsPii:!0,correlationId:t})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}/*! @azure/msal-common v16.11.0 2026-06-30 */const io="@azure/msal-common",sr="16.11.0";/*! @azure/msal-common v16.11.0 2026-06-30 */const za={None:"none"};/*! @azure/msal-common v16.11.0 2026-06-30 */function ft(r,e,t){const n=Hy(r,t);try{const o=e(n);return JSON.parse(o)}catch{throw T(zd,t)}}function mt(r){if(!r.signin_state)return!1;const e=["kmsi","dvc_dmjd"];return r.signin_state.some(t=>e.includes(t.trim().toLowerCase()))}function Hy(r,e){if(!r)throw T(ty,e);const n=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(r);if(!n||n.length<4)throw T(zd,e);return n[2]}/*! @azure/msal-common v16.11.0 2026-06-30 */function Lh(r,e){return!!r&&!!e&&r===e.split(".")[1]}function ar(r,e,t,n,o){if(o){const{oid:i,sub:s,tid:a,name:c,tfp:l,acr:h,preferred_username:d,upn:p,login_hint:u}=o,f=a||l||h||"";return{tenantId:f,localAccountId:i||s||"",name:c,username:d||p||"",loginHint:u,isHomeTenant:Lh(f,r),upn:p,...n&&{nativeAccountId:n}}}else return{tenantId:t,localAccountId:e,username:"",isHomeTenant:Lh(t,r),...n&&{nativeAccountId:n}}}function qo(r,e,t,n){let o=r;if(e){const{isHomeTenant:i,...s}=e;o={...r,...s}}if(t){const{isHomeTenant:i,...s}=ar(r.homeAccountId,r.localAccountId,r.tenantId,o.nativeAccountId,t);return o={...o,...s,idTokenClaims:t,idToken:n,kmsi:mt(t)},o}return o}/*! @azure/msal-common v16.11.0 2026-06-30 */class B{get urlString(){return this._urlString}constructor(e,t){if(this._urlString=e,this.correlationId=t,!this._urlString)throw V(jm,t);e.includes("#")||(this._urlString=B.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return mn.endsWith(t,"?")?t=t.slice(0,-1):mn.endsWith(t,"?/")&&(t=t.slice(0,-2)),mn.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch{throw V(Fn,this.correlationId)}if(!e.HostNameAndPort||!e.PathSegments)throw V(Fn,this.correlationId);if(!e.Protocol||e.Protocol.toLowerCase()!=="https:")throw V(Fm,this.correlationId)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return B.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),n=t.PathSegments;return e&&n.length!==0&&(n[0]===Xt.COMMON||n[0]===Xt.ORGANIZATIONS)&&(n[0]=e),B.constructAuthorityUriFromObject(t,this.correlationId)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw V(Fn,this.correlationId);const n={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let o=n.AbsolutePath.split("/");return o=o.filter(i=>i&&i.length>0),n.PathSegments=o,n.QueryString&&n.QueryString.endsWith("/")&&(n.QueryString=n.QueryString.substring(0,n.QueryString.length-1)),n}static getDomainFromUrl(e,t){const n=RegExp("^([^:/?#]+://)?([^/?#]*)"),o=e.match(n);if(!o)throw V(Fn,t);return o[2]}static getAbsoluteUrl(e,t,n){if(e[0]===Fs){const i=new B(t,n).getUrlComponents();return i.Protocol+"//"+i.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e,t){return new B(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"),t)}}/*! @azure/msal-common v16.11.0 2026-06-30 */const Ky=[{host:"login.microsoftonline.com"},{host:"login.chinacloudapi.cn",issuerHost:"login.partner.microsoftonline.cn"},{host:"login.microsoftonline.us"},{host:"login.sovcloud-identity.fr"},{host:"login.sovcloud-identity.de"},{host:"login.sovcloud-identity.sg"}];function Fy(r,e){return{token_endpoint:`https://${r}/{tenantid}/oauth2/v2.0/token`,jwks_uri:`https://${r}/{tenantid}/discovery/v2.0/keys`,issuer:`https://${e}/{tenantid}/v2.0`,authorization_endpoint:`https://${r}/{tenantid}/oauth2/v2.0/authorize`,end_session_endpoint:`https://${r}/{tenantid}/oauth2/v2.0/logout`}}const jy=Ky.reduce((r,{host:e,issuerHost:t})=>(r[e]=Fy(e,t||e),r),{}),iu={endpointMetadata:jy,instanceDiscoveryMetadata:{metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]},{preferred_network:"login.sovcloud-identity.fr",preferred_cache:"login.sovcloud-identity.fr",aliases:["login.sovcloud-identity.fr"]},{preferred_network:"login.sovcloud-identity.de",preferred_cache:"login.sovcloud-identity.de",aliases:["login.sovcloud-identity.de"]},{preferred_network:"login.sovcloud-identity.sg",preferred_cache:"login.sovcloud-identity.sg",aliases:["login.sovcloud-identity.sg"]},{preferred_network:"login.windows-ppe.net",preferred_cache:"login.windows-ppe.net",aliases:["login.windows-ppe.net","sts.windows-ppe.net","login.microsoft-ppe.com"]}]}},Hh=iu.endpointMetadata,Wa=iu.instanceDiscoveryMetadata,su=new Set;Wa.metadata.forEach(r=>{r.aliases.forEach(e=>{su.add(e)})});function zy(r,e,t){var i;let n;const o=r.canonicalAuthority;if(o){const s=new B(o,t).getUrlComponents().HostNameAndPort;n=Kh(e,t,s,(i=r.cloudDiscoveryMetadata)==null?void 0:i.metadata,De.CONFIG)||Kh(e,t,s,Wa.metadata,De.HARDCODED_VALUES)||r.knownAuthorities}return n||[]}function Kh(r,e,t,n,o){if(r.trace(`1bmquz ${o}`,e),t&&n){const i=ei(n,t);if(i)return r.trace(`1fotbt ${o}`,e),i.aliases;r.trace(`14avvj ${o}`,e)}return null}function Wy(r){return ei(Wa.metadata,r)}function ei(r,e){for(let t=0;t<r.length;t++){const n=r[t];if(n.aliases.includes(e))return n}return null}/*! @azure/msal-common v16.11.0 2026-06-30 */const Bs="cache_quota_exceeded",Jy="cache_error_unknown";/*! @azure/msal-common v16.11.0 2026-06-30 */class Jn extends Error{constructor(e,t){const n=t||Aa(e);super(n),Object.setPrototypeOf(this,Jn.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=n}}function Gs(r){return r instanceof Error?r.name==="QuotaExceededError"||r.name==="NS_ERROR_DOM_QUOTA_REACHED"||r.message.includes("exceeded the quota")?new Jn(Bs):new Jn(r.name,r.message):new Jn(Jy)}/*! @azure/msal-common v16.11.0 2026-06-30 */function ti(r,e){if(!r)throw T(ey,"");try{const t=e(r);return JSON.parse(t)}catch{throw T(jd,"")}}function Bn(r){if(!r)throw T(jd,"");const e=r.split(js,2);return{uid:e[0],utid:e.length<2?"":e[1]}}/*! @azure/msal-common v16.11.0 2026-06-30 */const Ze={Default:0,Adfs:1,Dsts:2,Ciam:3};/*! @azure/msal-common v16.11.0 2026-06-30 */function Ja(r){return r&&(r.tid||r.tfp||r.acr)||null}/*! @azure/msal-common v16.11.0 2026-06-30 */const Me={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"};/*! @azure/msal-common v16.11.0 2026-06-30 */function bn(r){const e=r.tenantProfiles||[];e.length===0&&r.realm&&r.localAccountId&&e.push(ar(r.homeAccountId,r.localAccountId,r.realm,r.nativeAccountId));const t=e.find(o=>o.tenantId===r.realm),n=(t==null?void 0:t.nativeAccountId)||r.nativeAccountId;return{homeAccountId:r.homeAccountId,environment:r.environment,tenantId:r.realm,username:r.username,localAccountId:r.localAccountId,loginHint:r.loginHint,name:r.name,nativeAccountId:n,authorityType:r.authorityType,tenantProfiles:new Map(e.map(o=>[o.tenantId,o])),dataBoundary:r.dataBoundary}}function By(r,e,t,n){var g,y,m,b,C,k,_;let o;e.authorityType===Ze.Adfs?o=jg:e.protocolMode===Me.OIDC?o=Od:o=Fg;let i,s;r.clientInfo&&n&&(i=ti(r.clientInfo,n),i.xms_tdbr&&(s=i.xms_tdbr==="EU"?"EU":"None"));const a=r.environment||e&&e.getPreferredCache();if(!a)throw T(Jd,t);const c=((g=r.idTokenClaims)==null?void 0:g.preferred_username)||((y=r.idTokenClaims)==null?void 0:y.upn),l=(m=r.idTokenClaims)!=null&&m.emails?r.idTokenClaims.emails[0]:null,h=c||l||"",d=(b=r.idTokenClaims)==null?void 0:b.login_hint,p=(i==null?void 0:i.utid)||Ja(r.idTokenClaims)||"",u=(i==null?void 0:i.uid)||((C=r.idTokenClaims)==null?void 0:C.oid)||((k=r.idTokenClaims)==null?void 0:k.sub)||"";let f;return r.tenantProfiles?f=r.tenantProfiles:f=[ar(r.homeAccountId,u,p,r.nativeAccountId,r.idTokenClaims)],{homeAccountId:r.homeAccountId,environment:a,realm:p,localAccountId:u,username:h,authorityType:o,loginHint:d,clientInfo:r.clientInfo,name:((_=r.idTokenClaims)==null?void 0:_.name)||"",lastModificationTime:void 0,lastModificationApp:void 0,cloudGraphHostName:r.cloudGraphHostName,msGraphHost:r.msGraphHost,nativeAccountId:r.nativeAccountId,tenantProfiles:f,dataBoundary:s}}function Gy(r,e,t){var o;const n=Array.from(((o=r.tenantProfiles)==null?void 0:o.values())||[]);if(n.length===0&&r.tenantId&&r.localAccountId)n.push(ar(r.homeAccountId,r.localAccountId,r.tenantId,r.nativeAccountId,r.idTokenClaims));else if(r.nativeAccountId){const i=n.find(s=>s.tenantId===r.tenantId);i&&!i.nativeAccountId&&(i.nativeAccountId=r.nativeAccountId)}return{authorityType:r.authorityType||Od,homeAccountId:r.homeAccountId,localAccountId:r.localAccountId,nativeAccountId:r.nativeAccountId,realm:r.tenantId,environment:r.environment,username:r.username,loginHint:r.loginHint,name:r.name,cloudGraphHostName:e,msGraphHost:t,tenantProfiles:n,dataBoundary:r.dataBoundary}}function au(r,e,t,n,o,i){if(!(e===Ze.Adfs||e===Ze.Dsts)){if(r)try{const s=ti(r,n.base64Decode);if(s.uid&&s.utid)return`${s.uid}.${s.utid}`}catch{}t.warning("1ub6wv",o)}return(i==null?void 0:i.sub)||""}function Vy(r){return r?r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("realm")&&r.hasOwnProperty("localAccountId")&&r.hasOwnProperty("username")&&r.hasOwnProperty("authorityType"):!1}/*! @azure/msal-common v16.11.0 2026-06-30 */class Vs{constructor(e,t,n,o,i){this.clientId=e,this.cryptoImpl=t,this.commonLogger=n.clone(io,sr),this.staticAuthorityOptions=i,this.performanceClient=o}getAllAccounts(e={},t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){if(Object.keys(e).length===0||Object.values(e).every(o=>o==null||o===""))return this.commonLogger.warning("1skb02",t),null;const n=this.getAllAccounts(e,t);return n.length>1?n.sort((i,s)=>{const a=i.idTokenClaims?1:0;return(s.idTokenClaims?1:0)-a})[0]:n.length===1?n[0]:null}getBaseAccountInfo(e,t){const n=this.getAccountsFilteredBy(e,t);return n.length>0?bn(n[0]):null}buildTenantProfiles(e,t,n){return e.flatMap(o=>this.getTenantProfilesFromAccountEntity(o,t,n==null?void 0:n.tenantId,n))}getTenantedAccountInfoByFilter(e,t,n,o,i){let s=null,a;if(i&&!this.tenantProfileMatchesFilter(n,i))return null;const c=this.getIdToken(e,o,t,n.tenantId);return c&&(a=ft(c.secret,this.cryptoImpl.base64Decode,o),!this.idTokenClaimsMatchTenantProfileFilter(a,i))?null:(s=qo(e,n,a,c==null?void 0:c.secret),s)}getTenantProfilesFromAccountEntity(e,t,n,o){const i=bn(e);let s=i.tenantProfiles||new Map;const a=this.getTokenKeys();if(n){const l=s.get(n);if(l)s=new Map([[n,l]]);else return[]}const c=[];return s.forEach(l=>{const h=this.getTenantedAccountInfoByFilter(i,a,l,t,o);h&&c.push(h)}),c}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId)||t.name&&e.name!==t.name||t.isHomeTenant!==void 0&&e.isHomeTenant!==t.isHomeTenant||t.username&&!this.matchUsername(e.username,t.username)&&!this.matchUsername(e.upn,t.username)||t.loginHint&&!this.matchLoginHintWithTenantProfile(e,t.loginHint)||t.upn&&e.upn!==t.upn||t.nativeAccountId&&e.nativeAccountId!==t.nativeAccountId)}idTokenClaimsMatchTenantProfileFilter(e,t){return!(t&&(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId)||t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint)||t.username&&!this.matchUsername(e.preferred_username,t.username)&&!this.matchUsername(e.upn,t.username)||t.name&&!this.matchName(e,t.name)||t.sid&&!this.matchSid(e,t.sid)))}async saveCacheRecord(e,t,n,o,i){var s;if(!e)throw T(dy,t);try{e.account&&await this.setAccount(e.account,t,n,o),e.idToken&&(i==null?void 0:i.idToken)!==!1&&await this.setIdTokenCredential(e.idToken,t,n),e.accessToken&&(i==null?void 0:i.accessToken)!==!1&&await this.saveAccessToken(e.accessToken,t,n),e.refreshToken&&(i==null?void 0:i.refreshToken)!==!1&&await this.setRefreshTokenCredential(e.refreshToken,t,n),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(a){throw(s=this.commonLogger)==null||s.error("0j476p",t),a instanceof oe?a:Gs(a)}}async saveAccessToken(e,t,n){const o={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType},i=this.getTokenKeys(),s=Ce.fromString(e.target,t);i.accessToken.forEach(a=>{if(!this.accessTokenKeyMatchesFilter(a,o,!1))return;const c=this.getAccessTokenCredential(a,t);c&&this.credentialMatchesFilter(c,o,t)&&Ce.fromString(c.target,t).intersectingScopeSets(s)&&this.removeAccessToken(a,t)}),await this.setAccessTokenCredential(e,t,n)}getAccountsFilteredBy(e,t){const n=this.getAccountKeys(),o=[];return n.forEach(i=>{var l;const s=this.getAccount(i,t);if(!s||e.homeAccountId&&!this.matchHomeAccountId(s,e.homeAccountId)||e.environment&&!this.matchEnvironment(s,e.environment,t)||e.realm&&!this.matchRealm(s,e.realm)||e.authorityType&&!this.matchAuthorityType(s,e.authorityType))return;const a={localAccountId:e==null?void 0:e.localAccountId,name:e==null?void 0:e.name,username:e==null?void 0:e.username,loginHint:e==null?void 0:e.loginHint,upn:e==null?void 0:e.upn,nativeAccountId:e==null?void 0:e.nativeAccountId},c=(l=s.tenantProfiles)==null?void 0:l.filter(h=>this.tenantProfileMatchesFilter(h,a));c&&c.length===0||o.push(s)}),o}credentialMatchesFilter(e,t,n){if(t.clientId&&!this.matchClientId(e,t.clientId)||t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash)||typeof t.homeAccountId=="string"&&!this.matchHomeAccountId(e,t.homeAccountId)||t.environment&&!this.matchEnvironment(e,t.environment,n)||t.realm&&!this.matchRealm(e,t.realm)||t.credentialType&&!this.matchCredentialType(e,t.credentialType)||t.familyId&&!this.matchFamilyId(e,t.familyId)||t.target&&!this.matchTarget(e,t.target,n)||e.credentialType===ue.ACCESS_TOKEN_WITH_AUTH_SCHEME&&(t.tokenType&&!this.matchTokenType(e,t.tokenType)||t.tokenType===ee.SSH&&t.keyId&&!this.matchKeyId(e,t.keyId)))return!1;const o=e.additionalCacheKeyComponents,i=t.additionalCacheKeyComponents,s=!!o&&Object.keys(o).length>0,a=!!i&&Object.keys(i).length>0;if(s!==a)return!1;if(s&&a){const c=Object.keys(o).sort(),l=Object.keys(i).sort();if(c.length!==l.length)return!1;for(let h=0;h<c.length;h++)if(c[h]!==l[h]||o[c[h]]!==i[l[h]])return!1}return!0}getAppMetadataFilteredBy(e,t){const n=this.getKeys(),o={};return n.forEach(i=>{if(!this.isAppMetadata(i))return;const s=this.getAppMetadata(i,t);s&&(e.environment&&!this.matchEnvironment(s,e.environment,t)||e.clientId&&!this.matchClientId(s,e.clientId)||(o[i]=s))}),o}getAuthorityMetadataByAlias(e,t){const n=this.getAuthorityMetadataKeys();let o=null;return n.forEach(i=>{if(!this.isAuthorityMetadata(i)||i.indexOf(this.clientId)===-1)return;const s=this.getAuthorityMetadata(i,t);s&&s.aliases.indexOf(e)!==-1&&(o=s)}),o}removeAllAccounts(e){this.getAllAccounts({},e).forEach(n=>{this.removeAccount(n,e)})}removeAccount(e,t){this.removeAccountContext(e,t);const n=this.getAccountKeys(),o=i=>i.includes(e.homeAccountId)&&i.includes(e.environment);n.filter(o).forEach(i=>{this.removeItem(i,t),this.performanceClient.incrementFields({accountsRemoved:1},t)})}removeAccountContext(e,t){const n=this.getTokenKeys(),o=i=>i.includes(e.homeAccountId)&&i.includes(e.environment);n.idToken.filter(o).forEach(i=>{this.removeIdToken(i,t)}),n.accessToken.filter(o).forEach(i=>{this.removeAccessToken(i,t)}),n.refreshToken.filter(o).forEach(i=>{this.removeRefreshToken(i,t)})}removeAccessToken(e,t){const n=this.getAccessTokenCredential(e,t);if(n&&(this.removeItem(e,t),this.performanceClient.incrementFields({accessTokensRemoved:1},t),n.credentialType.toLowerCase()===ue.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()&&n.tokenType===ee.POP)){const i=n.keyId;i&&this.cryptoImpl.removeTokenBindingKey(i,t).catch(()=>{var s;this.commonLogger.error(`0cx291 ${i}`,t),(s=this.performanceClient)==null||s.incrementFields({removeTokenBindingKeyFailure:1},t)})}}removeAppMetadata(e){return this.getKeys().forEach(n=>{this.isAppMetadata(n)&&this.removeItem(n,e)}),!0}getIdToken(e,t,n,o){this.commonLogger.trace("1drz22",t);const i={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:ue.ID_TOKEN,clientId:this.clientId,realm:o},s=this.getIdTokensByFilter(i,t,n),a=s.size;if(a<1)return this.commonLogger.info("1atvtd",t),null;if(a>1){let c=s;if(!o){const l=new Map;s.forEach((d,p)=>{d.realm===e.tenantId&&l.set(p,d)});const h=l.size;if(h<1)return this.commonLogger.info("0ooalx",t),s.values().next().value??null;if(h===1)return this.commonLogger.info("1eq2vc",t),l.values().next().value??null;c=l}return this.commonLogger.info("1ws328",t),c.forEach((l,h)=>{this.removeIdToken(h,t)}),this.performanceClient.addFields({multiMatchedID:s.size},t),null}return this.commonLogger.info("1sm769",t),s.values().next().value??null}getIdTokensByFilter(e,t,n){const o=n&&n.idToken||this.getTokenKeys().idToken,i=new Map;return o.forEach(s=>{if(!this.idTokenKeyMatchesFilter(s,{clientId:this.clientId,...e}))return;const a=this.getIdTokenCredential(s,t);a&&this.credentialMatchesFilter(a,e,t)&&i.set(s,a)}),i}idTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}removeIdToken(e,t){this.removeItem(e,t)}removeRefreshToken(e,t){this.removeItem(e,t)}getAccessToken(e,t,n,o){const i=t.correlationId;this.commonLogger.trace("1t7hz1",i);const s=Ce.createSearchScopes(t.scopes,i),a=t.authenticationScheme||ee.BEARER,c=a.toLowerCase()!==ee.BEARER.toLowerCase()?ue.ACCESS_TOKEN_WITH_AUTH_SCHEME:ue.ACCESS_TOKEN,l={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:c,clientId:this.clientId,realm:o||e.tenantId,target:s,tokenType:a,keyId:t.sshKid},h=n&&n.accessToken||this.getTokenKeys().accessToken,d=[];h.forEach(u=>{if(this.accessTokenKeyMatchesFilter(u,l,!0)){const f=this.getAccessTokenCredential(u,i);f&&this.credentialMatchesFilter(f,l,i)&&d.push(f)}});const p=d.length;return p<1?(this.commonLogger.info("1nckna",i),null):p>1?(this.commonLogger.info("1wkfwp",i),d.forEach(u=>{this.removeAccessToken(this.generateCredentialKey(u),i)}),this.performanceClient.addFields({multiMatchedAT:d.length},i),null):(this.commonLogger.info("06yt98",i),d[0])}accessTokenKeyMatchesFilter(e,t,n){const o=e.toLowerCase();if(t.clientId&&o.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&o.indexOf(t.homeAccountId.toLowerCase())===-1||t.realm&&o.indexOf(t.realm.toLowerCase())===-1)return!1;if(t.target){const i=t.target.asArray();for(let s=0;s<i.length;s++){if(n&&!o.includes(i[s].toLowerCase()))return!1;if(!n&&o.includes(i[s].toLowerCase()))return!0}}return!0}getAccessTokensByFilter(e,t){const n=this.getTokenKeys(),o=[];return n.accessToken.forEach(i=>{if(!this.accessTokenKeyMatchesFilter(i,e,!0))return;const s=this.getAccessTokenCredential(i,t);s&&this.credentialMatchesFilter(s,e,t)&&o.push(s)}),o}getRefreshToken(e,t,n,o){this.commonLogger.trace("0x53vi",n);const i=t?Zo:void 0,s={homeAccountId:e.homeAccountId,environment:e.environment,credentialType:ue.REFRESH_TOKEN,clientId:this.clientId,familyId:i},a=o&&o.refreshToken||this.getTokenKeys().refreshToken,c=[];a.forEach(h=>{if(this.refreshTokenKeyMatchesFilter(h,s)){const d=this.getRefreshTokenCredential(h,n);d&&this.credentialMatchesFilter(d,s,n)&&c.push(d)}});const l=c.length;return l<1?(this.commonLogger.info("0dlw11",n),null):(l>1&&this.performanceClient.addFields({multiMatchedRT:l},n),this.commonLogger.info("0wcnep",n),c[0])}refreshTokenKeyMatchesFilter(e,t){const n=e.toLowerCase();return!(t.familyId&&n.indexOf(t.familyId.toLowerCase())===-1||!t.familyId&&t.clientId&&n.indexOf(t.clientId.toLowerCase())===-1||t.homeAccountId&&n.indexOf(t.homeAccountId.toLowerCase())===-1)}readAppMetadataFromCache(e,t){const n={environment:e,clientId:this.clientId},o=this.getAppMetadataFilteredBy(n,t),i=Object.keys(o).map(a=>o[a]),s=i.length;if(s<1)return null;if(s>1)throw T(ay,t);return i[0]}isAppMetadataFOCI(e,t){const n=this.readAppMetadataFromCache(e,t);return!!(n&&n.familyId===Zo)}matchHomeAccountId(e,t){return typeof e.homeAccountId=="string"&&t===e.homeAccountId}matchLocalAccountIdFromTokenClaims(e,t){const n=e.oid||e.sub;return t===n}matchLocalAccountIdFromTenantProfile(e,t){return e.localAccountId===t}matchName(e,t){var n;return t.toLowerCase()===((n=e.name)==null?void 0:n.toLowerCase())}matchUsername(e,t){return!!(e&&typeof e=="string"&&(t==null?void 0:t.toLowerCase())===e.toLowerCase())}matchLoginHintWithTenantProfile(e,t){return e.loginHint===t||e.username===t||e.upn===t}matchUserAssertionHash(e,t){return!!(e.userAssertionHash&&t===e.userAssertionHash)}matchEnvironment(e,t,n){if(this.staticAuthorityOptions){const i=zy(this.staticAuthorityOptions,this.commonLogger,n);if(i.includes(t)&&i.includes(e.environment))return!0}const o=this.getAuthorityMetadataByAlias(t,n);return!!(o&&o.aliases.indexOf(e.environment)>-1)}matchCredentialType(e,t){return e.credentialType&&t.toLowerCase()===e.credentialType.toLowerCase()}matchClientId(e,t){return!!(e.clientId&&t===e.clientId)}matchFamilyId(e,t){return!!(e.familyId&&t===e.familyId)}matchRealm(e,t){var n;return((n=e.realm)==null?void 0:n.toLowerCase())===t.toLowerCase()}matchLoginHintFromTokenClaims(e,t){return!!(e.login_hint===t||e.preferred_username===t||e.upn===t||e.emails&&e.emails.includes(t))}matchSid(e,t){return e.sid===t}matchAuthorityType(e,t){return!!(e.authorityType&&t.toLowerCase()===e.authorityType.toLowerCase())}matchTarget(e,t,n){return e.credentialType!==ue.ACCESS_TOKEN&&e.credentialType!==ue.ACCESS_TOKEN_WITH_AUTH_SCHEME||!e.target?!1:Ce.fromString(e.target,n).containsScopeSet(t)}matchTokenType(e,t){return!!(e.tokenType&&e.tokenType===t)}matchKeyId(e,t){return!!(e.keyId&&e.keyId===t)}isAppMetadata(e){return e.indexOf(Ea)!==-1}isAuthorityMetadata(e){return e.indexOf(zs)!==-1}generateAuthorityMetadataCacheKey(e){return`${zs}-${this.clientId}-${e}`}static toObject(e,t){for(const n in t)e[n]=t[n];return e}}class Zy extends Vs{async setAccount(){throw T(D,"")}getAccount(){throw T(D,"")}async setIdTokenCredential(){throw T(D,"")}getIdTokenCredential(){throw T(D,"")}async setAccessTokenCredential(){throw T(D,"")}getAccessTokenCredential(){throw T(D,"")}async setRefreshTokenCredential(){throw T(D,"")}getRefreshTokenCredential(){throw T(D,"")}setAppMetadata(){throw T(D,"")}getAppMetadata(){throw T(D,"")}setServerTelemetry(){throw T(D,"")}getServerTelemetry(){throw T(D,"")}setAuthorityMetadata(){throw T(D,"")}getAuthorityMetadata(){throw T(D,"")}getAuthorityMetadataKeys(){throw T(D,"")}setThrottlingCache(){throw T(D,"")}getThrottlingCache(){throw T(D,"")}removeItem(){throw T(D,"")}getKeys(){throw T(D,"")}getAccountKeys(){throw T(D,"")}getTokenKeys(){throw T(D,"")}generateCredentialKey(){throw T(D,"")}generateAccountKey(){throw T(D,"")}}/*! @azure/msal-common v16.11.0 2026-06-30 */const $y={InProgress:1};/*! @azure/msal-common v16.11.0 2026-06-30 */class cu{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:$y.InProgress,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""}}}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}addGlobalFields(){}incrementFields(){}cacheEventByCorrelationId(){}}/*! @azure/msal-common v16.11.0 2026-06-30 */const hu={tokenRenewalOffsetSeconds:Ud,preventCorsPreflight:!1},Xy={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:ie.Info,correlationId:""},Yy={async sendGetRequestAsync(){throw T(D,"")},async sendPostRequestAsync(){throw T(D,"")}},Qy={sku:kg,version:sr,cpu:"",os:""},qy={clientSecret:"",clientAssertion:void 0},ew={azureCloudInstance:za.None,tenant:`${Ed}`},tw={application:{appName:"",appVersion:""}};function Ba({authOptions:r,systemOptions:e,loggerOptions:t,storageInterface:n,networkInterface:o,cryptoInterface:i,clientCredentials:s,libraryInfo:a,telemetry:c,serverTelemetryManager:l,persistencePlugin:h,serializableCache:d}){const p={...Xy,...t};return{authOptions:nw(r),systemOptions:{...hu,...e},loggerOptions:p,storageInterface:n||new Zy(r.clientId,Qo,new ot(p,io,sr),new cu),networkInterface:o||Yy,cryptoInterface:i||Qo,clientCredentials:s||qy,libraryInfo:{...Qy,...a},telemetry:{...tw,...c},serverTelemetryManager:l||null,persistencePlugin:h||null,serializableCache:d||null}}function nw(r){return{clientCapabilities:[],azureCloudOptions:ew,instanceAware:!1,isMcp:!1,...r}}function lu(r){return r.authOptions.authority.options.protocolMode===Me.OIDC}/*! @azure/msal-common v16.11.0 2026-06-30 */class rw{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}/*! @azure/msal-common v16.11.0 2026-06-30 */function it(){return Math.round(new Date().getTime()/1e3)}function ni(r){return r.getTime()/1e3}function Mo(r){return r?new Date(Number(r)*1e3):new Date}function ri(r,e){const t=Number(r)||0;return it()+e>t}function Fh(r,e){const t=Number(r)+e*24*60*60*1e3;return Date.now()>t}function ow(r){return Number(r)>it()}/*! @azure/msal-common v16.11.0 2026-06-30 */function bi(r,e,t,n,o){return{credentialType:ue.ID_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,realm:o,lastUpdatedAt:Date.now().toString()}}function Ci(r,e,t,n,o,i,s,a,c,l,h,d,p,u,f){var y,m;const g={homeAccountId:r,credentialType:ue.ACCESS_TOKEN,secret:t,cachedAt:it().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:e,clientId:n,realm:o,target:i,tokenType:d||ee.BEARER,lastUpdatedAt:Date.now().toString()};if(p&&(g.userAssertionHash=p),h&&(g.refreshOn=h.toString()),((y=g.tokenType)==null?void 0:y.toLowerCase())!==ee.BEARER.toLowerCase())switch(g.credentialType=ue.ACCESS_TOKEN_WITH_AUTH_SCHEME,g.tokenType){case ee.POP:const b=ft(t,c,l);if(!((m=b==null?void 0:b.cnf)!=null&&m.kid))throw T(uy,l);g.keyId=b.cnf.kid;break;case ee.SSH:g.keyId=u}return f&&Object.keys(f).length>0&&(g.additionalCacheKeyComponents=f),g}function iw(r,e,t,n,o,i,s){const a={credentialType:ue.REFRESH_TOKEN,homeAccountId:r,environment:e,clientId:n,secret:t,lastUpdatedAt:Date.now().toString()};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function Ti(r){return r.hasOwnProperty("homeAccountId")&&r.hasOwnProperty("environment")&&r.hasOwnProperty("credentialType")&&r.hasOwnProperty("clientId")&&r.hasOwnProperty("secret")}function jh(r){return r?Ti(r)&&r.hasOwnProperty("realm")&&r.hasOwnProperty("target")&&(r.credentialType===ue.ACCESS_TOKEN||r.credentialType===ue.ACCESS_TOKEN_WITH_AUTH_SCHEME):!1}function sw(r){return r?Ti(r)&&r.hasOwnProperty("realm")&&r.credentialType===ue.ID_TOKEN:!1}function zh(r){return r?Ti(r)&&r.credentialType===ue.REFRESH_TOKEN:!1}function aw(r,e){const t=r.indexOf(xd)===0;let n=!0;return e&&(n=e.hasOwnProperty("failedRequests")&&e.hasOwnProperty("errors")&&e.hasOwnProperty("cacheHits")),t&&n}function cw(r,e){let t=!1;r&&(t=r.indexOf(Md)===0);let n=!0;return e&&(n=e.hasOwnProperty("throttleTime")),t&&n}function hw({environment:r,clientId:e}){return[Ea,r,e].join(Nd).toLowerCase()}function lw(r,e){return e?r.indexOf(Ea)===0&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("environment"):!1}function dw(r,e){return e?r.indexOf(zs)===0&&e.hasOwnProperty("aliases")&&e.hasOwnProperty("preferred_cache")&&e.hasOwnProperty("preferred_network")&&e.hasOwnProperty("canonical_authority")&&e.hasOwnProperty("authorization_endpoint")&&e.hasOwnProperty("token_endpoint")&&e.hasOwnProperty("issuer")&&e.hasOwnProperty("aliasesFromNetwork")&&e.hasOwnProperty("endpointsFromNetwork")&&e.hasOwnProperty("expiresAt")&&e.hasOwnProperty("jwks_uri"):!1}function Wh(){return it()+Wg}function So(r,e,t){r.authorization_endpoint=e.authorization_endpoint,r.token_endpoint=e.token_endpoint,r.end_session_endpoint=e.end_session_endpoint,r.issuer=e.issuer,r.endpointsFromNetwork=t,r.jwks_uri=e.jwks_uri}function cs(r,e,t){r.aliases=e.aliases,r.preferred_cache=e.preferred_cache,r.preferred_network=e.preferred_network,r.aliasesFromNetwork=t}function Jh(r){return r.expiresAt<=it()}/*! @azure/msal-common v16.11.0 2026-06-30 */const uw="networkClientSendPostRequestAsync",pw="refreshTokenClientExecutePostToTokenEndpoint",fw="authorizationCodeClientExecutePostToTokenEndpoint",gw="refreshTokenClientExecuteTokenRequest",mw="refreshTokenClientAcquireToken",hs="refreshTokenClientAcquireTokenWithCachedRefreshToken",yw="refreshTokenClientCreateTokenRequestBody",ww="silentFlowClientGenerateResultFromCacheRecord",Ga="getAuthCodeUrl",du="handleCodeResponseFromServer",vw="authClientExecuteTokenRequest",bw="authClientCreateTokenRequestBody",Cw="updateTokenEndpointAuthority",so="popTokenGenerateCnf",Va="handleServerTokenResponse",Tw="authorityResolveEndpointsAsync",kw="authorityGetCloudDiscoveryMetadataFromNetwork",_w="authorityUpdateCloudDiscoveryMetadata",Iw="authorityGetEndpointMetadataFromNetwork",Sw="authorityUpdateEndpointMetadata",Bh="authorityUpdateMetadataWithRegionalInformation",Ew="regionDiscoveryDetectRegion",Gh="regionDiscoveryGetRegionFromIMDS",Aw="regionDiscoveryGetCurrentVersion",Rw="cacheManagerGetRefreshToken",Pw="setUserData";/*! @azure/msal-common v16.11.0 2026-06-30 */const ze=(r,e,t,n,o)=>(...i)=>{t.trace(`1plfzx ${e}`,o);const s=n.startMeasurement(e,o);o&&n.incrementFields({[`ext.${e}CallCount`]:1},o);try{const a=r(...i);return s.end({success:!0}),t.trace(`1g8n6a ${e}`,o),a}catch(a){t.trace(`0cfd8i ${e}`,o);try{t.trace(JSON.stringify(a),o)}catch{t.trace("00dty7",o)}throw s.end({success:!1},a),a}},w=(r,e,t,n,o)=>(...i)=>{t.trace(`1plfzx ${e}`,o);const s=n.startMeasurement(e,o);return o&&n.incrementFields({[`ext.${e}CallCount`]:1},o),r(...i).then(a=>(t.trace(`1g8n6a ${e}`,o),s.end({success:!0}),a)).catch(a=>{t.trace(`0cfd8i ${e}`,o);try{t.trace(JSON.stringify(a),o)}catch{t.trace("00dty7",o)}throw s.end({success:!1},a),a})};/*! @azure/msal-common v16.11.0 2026-06-30 */const Ow={SW:"sw"};class qn{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){const n=await w(this.generateKid.bind(this),so,t,this.performanceClient,e.correlationId)(e),o=this.cryptoUtils.base64UrlEncode(JSON.stringify(n));return{kid:n.kid,reqCnfString:o}}async generateKid(e){return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:Ow.SW}}async signPopToken(e,t,n){return this.signPayload(e,t,n)}async signPayload(e,t,n,o){const{resourceRequestMethod:i,resourceRequestUri:s,shrClaims:a,shrNonce:c,shrOptions:l}=n,h=s?new B(s,n.correlationId):void 0,d=h==null?void 0:h.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:it(),m:i==null?void 0:i.toUpperCase(),u:d==null?void 0:d.HostNameAndPort,nonce:c||this.cryptoUtils.createNewGuid(),p:d==null?void 0:d.AbsolutePath,q:d!=null&&d.QueryString?[[],d.QueryString]:void 0,client_claims:a||void 0,...o},t,l,n.correlationId)}}/*! @azure/msal-common v16.11.0 2026-06-30 */const Zs="no_tokens_found",Nw="native_account_unavailable",uu="refresh_token_expired",pu="ui_not_allowed",xw="interaction_required",Mw="consent_required",Uw="login_required",Za="bad_token",Dw="interrupted_user";/*! @azure/msal-common v16.11.0 2026-06-30 */const Vh=[xw,Mw,Uw,Za,pu,Dw],Lw=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token","ui_not_allowed","interrupted_user"];class st extends oe{constructor(e,t,n,o,i,s,a,c){super(e,t,n,o),Object.setPrototypeOf(this,st.prototype),this.timestamp=i||"",this.traceId=s||"",this.claims=a||"",this.name="InteractionRequiredAuthError",this.errorNo=c}}function fu(r,e,t){const n=!!r&&Vh.indexOf(r)>-1,o=!!t&&Lw.indexOf(t)>-1,i=!!e&&Vh.some(s=>e.indexOf(s)>-1);return n||i||o}function oi(r,e,t){return new st(r,e,t)}/*! @azure/msal-common v16.11.0 2026-06-30 */class In extends oe{constructor(e,t,n,o,i,s){super(e,t,n,o),this.name="ServerError",this.errorNo=i,this.status=s,Object.setPrototypeOf(this,In.prototype)}}/*! @azure/msal-common v16.11.0 2026-06-30 */function $a(r,e,t,n){const o=Hw(r,n,t);return e?`${o}${Ks}${e}`:o}function Hw(r,e,t){if(!r)throw T(Bd,e);const n={id:r.createNewGuid()};t&&(n.meta=t);const o=JSON.stringify(n);return r.base64Encode(o)}function ao(r,e,t){if(!r)throw T(Bd,t);if(!e)throw T(Jr,t);try{const n=e.split(Ks),o=n[0],i=n.length>1?n.slice(1).join(Ks):"",s=r(o),a=JSON.parse(s);return{userRequestState:i||"",libraryState:a}}catch{throw T(Jr,t)}}/*! @azure/msal-common v16.11.0 2026-06-30 */class Cn{constructor(e,t,n,o,i,s,a){this.clientId=e,this.cacheStorage=t,this.cryptoObj=n,this.logger=o,this.performanceClient=i,this.serializableCache=s,this.persistencePlugin=a}validateTokenResponse(e,t,n){var o;if(e.error||e.error_description||e.suberror){const i=`Error(s): ${e.error_codes||kr} - Timestamp: ${e.timestamp||kr} - Description: ${e.error_description||kr} - Correlation ID: ${e.correlation_id||kr} - Trace ID: ${e.trace_id||kr}`,s=(o=e.error_codes)!=null&&o.length?e.error_codes[0]:void 0,a=new In(e.error||"",e.correlation_id||"",i,e.suberror,s,e.status);if(n&&e.status&&e.status>=Hg&&e.status<=Kg){this.logger.warning(`16ks7j ${a}`,t);return}else if(n&&e.status&&e.status>=Dg&&e.status<=Lg){this.logger.warning(`0g61x3 ${a}`,t);return}throw fu(e.error,e.error_description,e.suberror)?new st(e.error||"",e.correlation_id||"",e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.claims||"",s):a}}async handleServerTokenResponse(e,t,n,o,i,s,a,c,l,h,d){var y;let p;if(e.id_token&&(p=ft(e.id_token||"",this.cryptoObj.base64Decode,o.correlationId),s&&s.nonce&&p.nonce!==s.nonce))throw T(sy,o.correlationId);this.homeAccountIdentifier=au(e.client_info||"",t.authorityType,this.logger,this.cryptoObj,o.correlationId,p);let u;s&&s.state&&(u=ao(this.cryptoObj.base64Decode,s.state,o.correlationId)),e.key_id=e.key_id||o.sshKid||void 0;const f=this.generateCacheRecord(e,t,n,o,p,a,s,d);let g;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("0jbz5k",o.correlationId),g=new rw(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(g)),c&&!l&&f.account&&this.cacheStorage.getAllAccounts({homeAccountId:f.account.homeAccountId,environment:f.account.environment},o.correlationId).length<1)return this.logger.warning("1gmt66",o.correlationId),(y=this.performanceClient)==null||y.addFields({acntLoggedOut:!0},o.correlationId),await Cn.generateAuthenticationResult(this.cryptoObj,t,f,!1,o,this.performanceClient,p,u,void 0,h);await this.cacheStorage.saveCacheRecord(f,o.correlationId,mt(p||{}),i,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&g&&(this.logger.verbose("1bh17u",o.correlationId),await this.persistencePlugin.afterCacheAccess(g))}return Cn.generateAuthenticationResult(this.cryptoObj,t,f,!1,o,this.performanceClient,p,u,e,h)}generateCacheRecord(e,t,n,o,i,s,a,c){var y;const l=t.getPreferredCache();if(!l)throw T(Jd,o.correlationId);const h=Ja(i);let d,p;e.id_token&&i&&(d=bi(this.homeAccountIdentifier,l,e.id_token,this.clientId,h||""),p=gu(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,o.correlationId,i,e.client_info,l,h,a,void 0,this.logger,this.performanceClient));let u=null;if(e.access_token){const m=e.scope?Ce.fromString(e.scope,o.correlationId):new Ce(o.scopes||[],o.correlationId),b=(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,C=(typeof e.ext_expires_in=="string"?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,k=(typeof e.refresh_in=="string"?parseInt(e.refresh_in,10):e.refresh_in)||void 0,_=n+b,O=_+C,S=k&&k>0?n+k:void 0;u=Ci(this.homeAccountIdentifier,l,e.access_token,this.clientId,h||t.tenant||"",m.printScopes(),_,O,this.cryptoObj.base64Decode,o.correlationId,S,e.token_type,s,e.key_id,c);const x=o.resource||null;x&&(u.resource=x)}let f=null;if(e.refresh_token){let m;if(e.refresh_token_expires_in){const b=typeof e.refresh_token_expires_in=="string"?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in;m=n+b,(y=this.performanceClient)==null||y.addFields({ntwkRtExpiresOnSeconds:m},o.correlationId)}f=iw(this.homeAccountIdentifier,l,e.refresh_token,this.clientId,e.foci,s,m)}let g=null;return e.foci&&(g={clientId:this.clientId,environment:l,familyId:e.foci}),{account:p,idToken:d,accessToken:u,refreshToken:f,appMetadata:g}}static async generateAuthenticationResult(e,t,n,o,i,s,a,c,l,h){var k,_,O,S,x;let d="",p=[],u=null,f,g,y="";if(n.accessToken){if(n.accessToken.tokenType===ee.POP&&!i.popKid){const te=new qn(e,s),{secret:re,keyId:Q}=n.accessToken;if(!Q)throw T(Gd,i.correlationId);d=await te.signPopToken(re,Q,i)}else d=n.accessToken.secret;p=Ce.fromString(n.accessToken.target,i.correlationId).asArray(),u=Mo(n.accessToken.expiresOn),f=Mo(n.accessToken.extendedExpiresOn),n.accessToken.refreshOn&&(g=Mo(n.accessToken.refreshOn))}n.appMetadata&&(y=n.appMetadata.familyId===Zo?Zo:"");const m=(a==null?void 0:a.oid)||(a==null?void 0:a.sub)||"",b=(a==null?void 0:a.tid)||"";if(l!=null&&l.spa_accountid&&n.account){n.account.nativeAccountId=l==null?void 0:l.spa_accountid;const te=b||n.account.realm;if(n.account.tenantProfiles){const re=n.account.tenantProfiles.find(Q=>Q.tenantId===te);re&&(re.nativeAccountId=l.spa_accountid)}}const C=n.account?qo(bn(n.account),void 0,a,(k=n.idToken)==null?void 0:k.secret):null;return{authority:t.canonicalAuthority,uniqueId:m,tenantId:b,scopes:p,account:C,idToken:((_=n==null?void 0:n.idToken)==null?void 0:_.secret)||"",idTokenClaims:a||{},accessToken:d,fromCache:o,expiresOn:u,extExpiresOn:f,refreshOn:g,correlationId:i.correlationId,requestId:h||"",familyId:y,tokenType:((O=n.accessToken)==null?void 0:O.tokenType)||"",state:c?c.userRequestState:"",cloudGraphHostName:((S=n.account)==null?void 0:S.cloudGraphHostName)||"",msGraphHost:((x=n.account)==null?void 0:x.msGraphHost)||"",code:l==null?void 0:l.spa_code,fromPlatformBroker:!1}}}function gu(r,e,t,n,o,i,s,a,c,l,h,d,p){d==null||d.verbose("09jz0t",o);const u=a||e.getPreferredCache(),f=r.getAccountsFilteredBy({homeAccountId:t,environment:u},o);p==null||p.addFields({cacheMatchedAccounts:f.length},o),f.length>1&&(d==null||d.warning("0x7ad1",o));const y=(f.length===1?f[0]:null)||By({homeAccountId:t,idTokenClaims:i,clientInfo:s,environment:a,cloudGraphHostName:l==null?void 0:l.cloud_graph_host_name,msGraphHost:l==null?void 0:l.msgraph_host,nativeAccountId:h},e,o,n),m=y.tenantProfiles||[],b=c||y.realm;if(b&&!m.find(C=>C.tenantId===b)){const C=ar(t,y.localAccountId,b,h,i);m.push(C)}return y.tenantProfiles=m,y}/*! @azure/msal-common v16.11.0 2026-06-30 */const tt={HOME_ACCOUNT_ID:"home_account_id",UPN:"UPN"};/*! @azure/msal-common v16.11.0 2026-06-30 */async function mu(r,e,t,n){return typeof r=="string"?r:r({clientId:e,tokenEndpoint:t,fmiPath:n})}/*! @azure/msal-common v16.11.0 2026-06-30 */function ki(r,e,t){var n;return{clientId:r,authority:e.authority,scopes:e.scopes,homeAccountIdentifier:t,claims:e.claims,authenticationScheme:e.authenticationScheme,resourceRequestMethod:e.resourceRequestMethod,resourceRequestUri:e.resourceRequestUri,shrClaims:e.shrClaims,sshKid:e.sshKid,embeddedClientId:e.embeddedClientId||((n=e.extraParameters)==null?void 0:n.clientId),resource:e.resource}}/*! @azure/msal-common v16.11.0 2026-06-30 */class pt{static generateThrottlingStorageKey(e){return`${Md}.${JSON.stringify(e)}`}static preProcess(e,t,n){var s;const o=pt.generateThrottlingStorageKey(t),i=e.getThrottlingCache(o,n);if(i){if(i.throttleTime<Date.now()){e.removeItem(o,n);return}throw new In(((s=i.errorCodes)==null?void 0:s.join(" "))||"",n,i.errorMessage,i.subError)}}static postProcess(e,t,n,o){if(pt.checkResponseStatus(n)||pt.checkResponseForRetryAfter(n)){const i={throttleTime:pt.calculateThrottleTime(parseInt(n.headers[Ae.RETRY_AFTER])),error:n.body.error,errorCodes:n.body.error_codes,errorMessage:n.body.error_description,subError:n.body.suberror};e.setThrottlingCache(pt.generateThrottlingStorageKey(t),i,o)}}static checkResponseStatus(e){return e.status===429||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return e.headers?e.headers.hasOwnProperty(Ae.RETRY_AFTER)&&(e.status<200||e.status>=300):!1}static calculateThrottleTime(e){const t=e<=0?0:e,n=Date.now()/1e3;return Math.floor(Math.min(n+(t||$g),n+Xg)*1e3)}static removeThrottle(e,t,n,o){const i=ki(t,n,o),s=this.generateThrottlingStorageKey(i);e.removeItem(s,n.correlationId)}}/*! @azure/msal-common v16.11.0 2026-06-30 */class _i extends oe{constructor(e,t,n){super(e.errorCode,e.correlationId,e.errorMessage,e.subError),Object.setPrototypeOf(this,_i.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=n}}function Pr(r,e,t,n){return r.errorMessage=`${r.errorMessage}, additionalErrorInfo: error.name:${n==null?void 0:n.name}, error.message:${n==null?void 0:n.message}`,new _i(r,e,t)}/*! @azure/msal-common v16.11.0 2026-06-30 */function yu(r,e,t){const n={};if(n[Ae.CONTENT_TYPE]=Rg,!e&&t)switch(t.type){case tt.HOME_ACCOUNT_ID:try{const o=Bn(t.credential);n[Ae.CCS_HEADER]=`Oid:${o.uid}@${o.utid}`}catch(o){r.verbose(`1qhtee ${o}`,"")}break;case tt.UPN:n[Ae.CCS_HEADER]=`UPN: ${t.credential}`;break}return n}function wu(r,e,t,n){const o=new Map;return r.embeddedClientId&&vi(o,e,t),r.extraQueryParameters&&gt(o,r.extraQueryParameters),oo(o,r.correlationId),wi(o,r.correlationId,n),Br(o)}async function vu(r,e,t,n,o,i,s,a,c,l){const h=await Kw(n,r,{body:e,headers:t},o,i,s,a,c);return l&&h.status<500&&h.status!==429&&l.clearTelemetryCache(),h}async function Kw(r,e,t,n,o,i,s,a){var l;pt.preProcess(o,r,n);let c;try{c=await w(i.sendPostRequestAsync.bind(i),uw,s,a,n)(e,t);const h=c.headers||{};a==null||a.addFields({refreshTokenSize:((l=c.body.refresh_token)==null?void 0:l.length)||0,httpVerToken:h[Ae.X_MS_HTTP_VERSION]||"",requestId:h[Ae.X_MS_REQUEST_ID]||""},n)}catch(h){if(h instanceof _i){const d=h.responseHeaders;throw d&&(a==null||a.addFields({httpVerToken:d[Ae.X_MS_HTTP_VERSION]||"",requestId:d[Ae.X_MS_REQUEST_ID]||"",contentTypeHeader:d[Ae.CONTENT_TYPE]||void 0,contentLengthHeader:d[Ae.CONTENT_LENGTH]||void 0,httpStatus:h.httpStatus},n)),h.error}throw h instanceof oe?h:T(ny,n)}return pt.postProcess(o,r,c,n),c}/*! @azure/msal-common v16.11.0 2026-06-30 */function Fw(r){return r.hasOwnProperty("authorization_endpoint")&&r.hasOwnProperty("token_endpoint")&&r.hasOwnProperty("issuer")&&r.hasOwnProperty("jwks_uri")}/*! @azure/msal-common v16.11.0 2026-06-30 */function jw(r){return r.hasOwnProperty("tenant_discovery_endpoint")&&r.hasOwnProperty("metadata")}/*! @azure/msal-common v16.11.0 2026-06-30 */function zw(r){return r.hasOwnProperty("error")&&r.hasOwnProperty("error_description")}/*! @azure/msal-common v16.11.0 2026-06-30 */class Ii{constructor(e,t,n,o){this.networkInterface=e,this.logger=t,this.performanceClient=n,this.correlationId=o}async detectRegion(e,t){var o,i;let n=e;if(n)t.region_source=Nn.ENVIRONMENT_VARIABLE;else{const s=Ii.IMDS_OPTIONS;try{const a=await w(this.getRegionFromIMDS.bind(this),Gh,this.logger,this.performanceClient,this.correlationId)(Pg,s);if(a.status===Ih&&(n=(o=a.body)==null?void 0:o.location,n&&(t.region_source=Nn.IMDS)),a.status===Sh){const c=await w(this.getCurrentVersion.bind(this),Aw,this.logger,this.performanceClient,this.correlationId)(s);if(!c)return t.region_source=Nn.FAILED_AUTO_DETECTION,null;const l=await w(this.getRegionFromIMDS.bind(this),Gh,this.logger,this.performanceClient,this.correlationId)(c,s);l.status===Ih&&(n=(i=l.body)==null?void 0:i.location,n&&(t.region_source=Nn.IMDS))}}catch{return t.region_source=Nn.FAILED_AUTO_DETECTION,null}}return n||(t.region_source=Nn.FAILED_AUTO_DETECTION),n||null}async getRegionFromIMDS(e,t){return this.networkInterface.sendGetRequestAsync(`${kh}?api-version=${e}`,t,Og)}async getCurrentVersion(e){try{const t=await this.networkInterface.sendGetRequestAsync(`${kh}?format=json`,e);return t.status===Sh&&t.body&&t.body["newest-versions"]&&t.body["newest-versions"].length>0?t.body["newest-versions"][0]:null}catch{return null}}}Ii.IMDS_OPTIONS={headers:{Metadata:"true"}};/*! @azure/msal-common v16.11.0 2026-06-30 */class Oe{constructor(e,t,n,o,i,s,a,c){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=n,this.authorityOptions=o,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=i,this.performanceClient=a,this.correlationId=s,this.managedIdentity=c||!1,this.regionDiscovery=new Ii(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(os))return Ze.Ciam;const t=e.PathSegments;if(t.length)switch(t[0].toLowerCase()){case Ig:return Ze.Adfs;case Sg:return Ze.Dsts}return Ze.Default}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new B(e,this.correlationId),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw T(zt,this.correlationId)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw T(zt,this.correlationId)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw T(zt,this.correlationId)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw T(gy,this.correlationId);return this.replacePath(this.metadata.end_session_endpoint)}else throw T(zt,this.correlationId)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw T(zt,this.correlationId)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw T(zt,this.correlationId)}canReplaceTenant(e){return e.PathSegments.length===1&&!Oe.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===Ze.Default&&this.protocolMode!==Me.OIDC}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const o=new B(this.metadata.canonical_authority,this.correlationId).getUrlComponents(),i=o.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach((a,c)=>{let l=i[c];if(c===0&&this.canReplaceTenant(o)){const h=new B(this.metadata.authorization_endpoint,this.correlationId).getUrlComponents().PathSegments[0];l!==h&&(this.logger.verbose(`1q3g2x ${l} ${h}`,this.correlationId),l=h)}a!==l&&(t=t.replace(`/${l}/`,`/${a}/`))}),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===Ze.Adfs||this.protocolMode===Me.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){var o;const e=this.getCurrentMetadataEntity(),t=await w(this.updateCloudDiscoveryMetadata.bind(this),_w,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const n=await w(this.updateEndpointMetadata.bind(this),Sw,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:n}),(o=this.performanceClient)==null||o.addFields({cloudDiscoverySource:t,authorityEndpointSource:n},this.correlationId)}getCurrentMetadataEntity(){let e=this.cacheManager.getAuthorityMetadataByAlias(this.hostnameAndPort,this.correlationId);return e||(e={aliases:[],preferred_cache:this.hostnameAndPort,preferred_network:this.hostnameAndPort,canonical_authority:this.canonicalAuthority,authorization_endpoint:"",token_endpoint:"",end_session_endpoint:"",issuer:"",aliasesFromNetwork:!1,endpointsFromNetwork:!1,expiresAt:Wh(),jwks_uri:""}),e}updateCachedMetadata(e,t,n){t!==De.CACHE&&(n==null?void 0:n.source)!==De.CACHE&&(e.expiresAt=Wh(),e.canonical_authority=this.canonicalAuthority);const o=this.cacheManager.generateAuthorityMetadataCacheKey(e.preferred_cache,this.correlationId);this.cacheManager.setAuthorityMetadata(o,e,this.correlationId),this.metadata=e}async updateEndpointMetadata(e){var o,i;const t=this.updateEndpointMetadataFromLocalSources(e);if(t){if(t.source===De.HARDCODED_VALUES&&(o=this.authorityOptions.azureRegionConfiguration)!=null&&o.azureRegion&&t.metadata){const s=await w(this.updateMetadataWithRegionalInformation.bind(this),Bh,this.logger,this.performanceClient,this.correlationId)(t.metadata);So(e,s,!1),e.canonical_authority=this.canonicalAuthority}return t.source}let n=await w(this.getEndpointMetadataFromNetwork.bind(this),Iw,this.logger,this.performanceClient,this.correlationId)();if(n)return this.validateIssuer(n.issuer),(i=this.authorityOptions.azureRegionConfiguration)!=null&&i.azureRegion&&(n=await w(this.updateMetadataWithRegionalInformation.bind(this),Bh,this.logger,this.performanceClient,this.correlationId)(n)),So(e,n,!0),De.NETWORK;throw T(ry,this.defaultOpenIdConfigurationEndpoint,this.correlationId)}updateEndpointMetadataFromLocalSources(e){this.logger.verbose("1fi0kc",this.correlationId);const t=this.getEndpointMetadataFromConfig();if(t)return this.logger.verbose("06t0uj",this.correlationId),So(e,t,!1),{source:De.CONFIG};this.logger.verbose("151k0p",this.correlationId);const n=this.getEndpointMetadataFromHardcodedValues();if(n)return So(e,n,!1),{source:De.HARDCODED_VALUES,metadata:n};this.logger.verbose("1imop5",this.correlationId);const o=Jh(e);return this.isAuthoritySameType(e)&&e.endpointsFromNetwork&&!o?(this.logger.verbose("16uq31",""),{source:De.CACHE}):(o&&this.logger.verbose("0uoibc",""),null)}isAuthoritySameType(e){return new B(e.canonical_authority,this.correlationId).getUrlComponents().PathSegments.length===this.canonicalAuthorityUrlComponents.PathSegments.length}getEndpointMetadataFromConfig(){if(this.authorityOptions.authorityMetadata)try{return JSON.parse(this.authorityOptions.authorityMetadata)}catch{throw V(Gm,this.correlationId)}return null}async getEndpointMetadataFromNetwork(){const e={},t=this.defaultOpenIdConfigurationEndpoint;this.logger.verbose(`1y65x6 ${t}`,this.correlationId);try{const n=await this.networkInterface.sendGetRequestAsync(t,e);return Fw(n.body)?n.body:(this.logger.verbose("1koyv8",this.correlationId),null)}catch(n){return this.logger.verbose(`0a9wik ${n}`,this.correlationId),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in Hh?Hh[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){var n,o;const t=(n=this.authorityOptions.azureRegionConfiguration)==null?void 0:n.azureRegion;if(t){if(t!==Ng)return this.regionDiscoveryMetadata.region_outcome=ss.CONFIGURED_NO_AUTO_DETECTION,this.regionDiscoveryMetadata.region_used=t,Oe.replaceWithRegionalInformation(e,t,this.correlationId);const i=await w(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),Ew,this.logger,this.performanceClient,this.correlationId)((o=this.authorityOptions.azureRegionConfiguration)==null?void 0:o.environmentRegion,this.regionDiscoveryMetadata);if(i)return this.regionDiscoveryMetadata.region_outcome=ss.AUTO_DETECTION_REQUESTED_SUCCESSFUL,this.regionDiscoveryMetadata.region_used=i,Oe.replaceWithRegionalInformation(e,i,this.correlationId);this.regionDiscoveryMetadata.region_outcome=ss.AUTO_DETECTION_REQUESTED_FAILED}return e}async updateCloudDiscoveryMetadata(e){const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const n=await w(this.getCloudDiscoveryMetadataFromNetwork.bind(this),kw,this.logger,this.performanceClient,this.correlationId)();if(n)return cs(e,n,!0),De.NETWORK;throw V(Vm,this.correlationId)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("1tpqlr",this.correlationId),this.logger.verbosePii(`1fy7uz ${this.authorityOptions.knownAuthorities||is}`,this.correlationId),this.logger.verbosePii(`08zabj ${this.authorityOptions.authorityMetadata||is}`,this.correlationId),this.logger.verbosePii(`1o1kv3 ${e.canonical_authority||is}`,this.correlationId);const t=this.getCloudDiscoveryMetadataFromConfig();if(t)return this.logger.verbose("1nakio",this.correlationId),cs(e,t,!1),De.CONFIG;this.logger.verbose("1x74aj",this.correlationId);const n=Wy(this.hostnameAndPort);if(n)return this.logger.verbose("0by47c",this.correlationId),cs(e,n,!1),De.HARDCODED_VALUES;this.logger.verbose("0r2fzy",this.correlationId);const o=Jh(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!o?(this.logger.verbose("1uffgh",""),De.CACHE):(o&&this.logger.verbose("0uoibc",""),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===Ze.Ciam)return this.logger.verbose("04y84h",this.correlationId),Oe.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("0gszr3",this.correlationId);try{this.logger.verbose("1iifkx",this.correlationId);const e=JSON.parse(this.authorityOptions.cloudDiscoveryMetadata),t=ei(e.metadata,this.hostnameAndPort);if(this.logger.verbose("0q67e3",""),t)return this.logger.verbose("0hzfao",this.correlationId),t;this.logger.verbose("1ajz3u",this.correlationId)}catch{throw this.logger.verbose("1wq5tu",this.correlationId),V(Fd,this.correlationId)}}return this.isInKnownAuthorities(this.hostnameAndPort)?(this.logger.verbose("0mt9al",this.correlationId),Oe.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)):null}async getCloudDiscoveryMetadataFromNetwork(){const e=`${Eg}${this.canonicalAuthority}oauth2/v2.0/authorize`,t={};let n=null;try{const o=await this.networkInterface.sendGetRequestAsync(e,t);let i,s;if(jw(o.body))i=o.body,s=i.metadata,this.logger.verbosePii(`1vglyt ${i.tenant_discovery_endpoint}`,this.correlationId);else if(zw(o.body)){if(this.logger.warning(`062uto ${o.status}`,this.correlationId),i=o.body,i.error===Ug)return this.logger.error("1x90tm",this.correlationId),null;this.logger.warning(`0wchdm ${i.error}`,this.correlationId),this.logger.warning(`1s5mpv ${i.error_description}`,this.correlationId),this.logger.warning("1yhqpw",this.correlationId),s=[]}else return this.logger.error("0768g0",this.correlationId),null;this.logger.verbose("1lrobr",this.correlationId),n=ei(s,this.hostnameAndPort)}catch(o){if(o instanceof oe)this.logger.error(`0vwhc7 ${o.errorCode} ${o.errorMessage}`,this.correlationId);else{const i=o;this.logger.error(`0s2z41 ${i.name} ${i.message}`,this.correlationId)}return null}return n||(this.logger.warning("0jp28q",this.correlationId),this.logger.verbose("130sd8",this.correlationId),n=Oe.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(e){const t=e.toLowerCase();return this.authorityOptions.knownAuthorities.filter(o=>o&&B.getDomainFromUrl(o,this.correlationId).toLowerCase()===t).length>0}static generateAuthority(e,t){let n;if(t&&t.azureCloudInstance!==za.None){const o=t.tenant?t.tenant:Ed;n=`${t.azureCloudInstance}/${o}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return _g;if(this.discoveryComplete())return this.metadata.preferred_cache;throw T(zt,this.correlationId)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return su.has(e)}validateIssuer(e){if(!e)throw V(as,this.correlationId);let t;try{t=new URL(e)}catch{throw V(as,this.correlationId)}const n=t.protocol,o=t.host,i=(this.canonicalAuthorityUrlComponents.Protocol||"").toLowerCase(),s=(this.canonicalAuthorityUrlComponents.HostNameAndPort||"").toLowerCase(),a=this.matchesAuthorityOrigin(n,o,i,s),c=n==="https:"&&this.isAliasOfKnownMicrosoftAuthority(o),l=n==="https:"&&this.matchesRegionalMicrosoftHost(o),h=this.matchesCiamTenantPattern(t,s,this.canonicalAuthorityUrlComponents.PathSegments),d=n==="https:"&&this.isInKnownAuthorities(o);if(!(a||c||l||h||d))throw V(as,this.correlationId)}matchesAuthorityOrigin(e,t,n,o){return e===n&&t===o}matchesRegionalMicrosoftHost(e){const t=e.indexOf(".");if(t>0&&t<e.length-1){const n=e.substring(t+1);return this.isAliasOfKnownMicrosoftAuthority(n)}return!1}matchesCiamTenantPattern(e,t,n){const o=n[0],i=o?o.endsWith(Tr)?o.slice(0,-Tr.length):o:t.split(".")[0];if(!i)return!1;const s=`https://${i}${os}`,a=[s,`${s}/${i}`,`${s}/${i}/v2.0`,`${s}/${i}${Tr}`,`${s}/${i}${Tr}/v2.0`],c=e.pathname.replace(/\/+$/,""),l=`${e.protocol}//${e.host}${c}`;return a.some(h=>h===l)}static isPublicCloudAuthority(e){return Mg.indexOf(e)>=0}static buildRegionalAuthorityString(e,t,n,o){const i=new B(e,n);i.validateAsUri();const s=i.getUrlComponents();let a=`${t}.${s.HostNameAndPort}`;this.isPublicCloudAuthority(s.HostNameAndPort)&&(a=`${t}.${xg}`);const c=B.constructAuthorityUriFromObject({...i.getUrlComponents(),HostNameAndPort:a},n).urlString;return o?`${c}?${o}`:c}static replaceWithRegionalInformation(e,t,n){const o={...e};return o.authorization_endpoint=Oe.buildRegionalAuthorityString(o.authorization_endpoint,t,n),o.token_endpoint=Oe.buildRegionalAuthorityString(o.token_endpoint,t,n),o.end_session_endpoint&&(o.end_session_endpoint=Oe.buildRegionalAuthorityString(o.end_session_endpoint,t,n)),o}static transformCIAMAuthority(e,t){let n=e;const i=new B(e,t).getUrlComponents();if(i.PathSegments.length===0&&i.HostNameAndPort.endsWith(os)){const s=i.HostNameAndPort.split(".")[0];n=`${n}${s}${Tr}`}return n}}Oe.reservedTenantDomains=new Set(["{tenant}","{tenantid}",Xt.COMMON,Xt.CONSUMERS,Xt.ORGANIZATIONS]);function Ww(r,e){var i;const o=(i=new B(r,e).getUrlComponents().PathSegments.slice(-1)[0])==null?void 0:i.toLowerCase();switch(o){case Xt.COMMON:case Xt.ORGANIZATIONS:case Xt.CONSUMERS:return;default:return o}}function bu(r){return r.endsWith(Fs)?r:`${r}${Fs}`}function Jw(r){const e=r.cloudDiscoveryMetadata;let t;if(e)try{t=JSON.parse(e)}catch{throw V(Fd,"")}return{canonicalAuthority:r.authority?bu(r.authority):void 0,knownAuthorities:r.knownAuthorities,cloudDiscoveryMetadata:t}}/*! @azure/msal-common v16.11.0 2026-06-30 */async function Cu(r,e,t,n,o,i,s){const a=Oe.transformCIAMAuthority(bu(r),i),c=new Oe(a,e,t,n,o,i,s);try{return await w(c.resolveEndpointsAsync.bind(c),Tw,o,s,i)(),c}catch{throw T(zt,i)}}/*! @azure/msal-common v16.11.0 2026-06-30 */class Tu{constructor(e,t){var n;this.includeRedirectUri=!0,this.config=Ba(e),this.logger=new ot(this.config.loggerOptions,io,sr),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t,this.oidcDefaultScopes=(n=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:n.defaultScopes}async acquireToken(e,t,n){var c;if(!e.code)throw T(cy,e.correlationId);n&&n.cloud_instance_host_name&&await w(this.updateTokenEndpointAuthority.bind(this),Cw,this.logger,this.performanceClient,e.correlationId)(n.cloud_instance_host_name,e.correlationId);const o=it(),i=await w(this.executeTokenRequest.bind(this),vw,this.logger,this.performanceClient,e.correlationId)(this.authority,e,this.serverTelemetryManager),s=(c=i.headers)==null?void 0:c[Ae.X_MS_REQUEST_ID],a=new Cn(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return a.validateTokenResponse(i.body,e.correlationId),w(a.handleServerTokenResponse.bind(a),Va,this.logger,this.performanceClient,e.correlationId)(i.body,this.authority,o,e,t,n,void 0,void 0,void 0,s)}getLogoutUri(e){if(!e)throw V(Bm,"");const t=this.createLogoutUrlQueryString(e);return B.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t,n){const o=wu(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient),i=B.appendQueryString(e.tokenEndpoint,o),s=await w(this.createTokenRequestBody.bind(this),bw,this.logger,this.performanceClient,t.correlationId)(t);let a;if(t.clientInfo)try{const h=ti(t.clientInfo,this.cryptoUtils.base64Decode);a={credential:`${h.uid}${js}${h.utid}`,type:tt.HOME_ACCOUNT_ID}}catch(h){this.logger.verbose(`0wznt3 ${h}`,t.correlationId)}const c=yu(this.logger,this.config.systemOptions.preventCorsPreflight,a||t.ccsCredential),l=ki(this.config.authOptions.clientId,t);return w(vu,fw,this.logger,this.performanceClient,t.correlationId)(i,s,c,l,t.correlationId,this.cacheManager,this.networkClient,this.logger,this.performanceClient,n)}async createTokenRequestBody(e){var o;const t=new Map;if(Ma(t,e.embeddedClientId||((o=e.extraParameters)==null?void 0:o[vn])||this.config.authOptions.clientId),this.includeRedirectUri)Ua(t,e.redirectUri);else if(!e.redirectUri)throw V(Km,e.correlationId);if(xa(t,e.scopes,e.correlationId,!0,this.oidcDefaultScopes),ru(t,e.resource),Iy(t,e.code),La(t,this.config.libraryInfo),Ha(t,this.config.telemetry.application),nu(t),this.serverTelemetryManager&&!lu(this.config)&&tu(t,this.serverTelemetryManager),e.codeVerifier&&Ey(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&Zd(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const i=this.config.clientCredentials.clientAssertion;$d(t,await mu(i.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),Xd(t,i.assertionType)}if(Yd(t,Pd.AUTHORIZATION_CODE_GRANT),Fa(t),e.authenticationScheme===ee.POP){const i=new qn(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await w(i.generateCnf.bind(i),so,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,ja(t,s)}else if(e.authenticationScheme===ee.SSH)if(e.sshJwk)eu(t,e.sshJwk);else throw V(Oa,e.correlationId);let n;if(e.clientInfo)try{const i=ti(e.clientInfo,this.cryptoUtils.base64Decode);n={credential:`${i.uid}${js}${i.utid}`,type:tt.HOME_ACCOUNT_ID}}catch(i){this.logger.verbose(`0wznt3 ${i}`,e.correlationId)}else n=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&n)switch(n.type){case tt.HOME_ACCOUNT_ID:try{const i=Bn(n.credential);Lr(t,i)}catch(i){this.logger.verbose(`1qhtee ${i}`,e.correlationId)}break;case tt.UPN:Xo(t,n.credential);break}return e.embeddedClientId&&vi(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.extraParameters&&gt(t,e.extraParameters),e.enableSpaAuthorizationCode&&(!e.extraParameters||!e.extraParameters[Oh])&&gt(t,{[Oh]:"1"}),wi(t,e.correlationId,this.performanceClient),Da(t,e.correlationId,e.claims,this.config.authOptions.clientCapabilities,e.skipBrokerClaims),Br(t)}createLogoutUrlQueryString(e){const t=new Map;return e.postLogoutRedirectUri&&by(t,e.postLogoutRedirectUri),e.correlationId&&oo(t,e.correlationId),e.idTokenHint&&Cy(t,e.idTokenHint),e.state&&Vd(t,e.state),e.logoutHint&&Py(t,e.logoutHint),e.extraQueryParameters&&gt(t,e.extraQueryParameters),this.config.authOptions.instanceAware&&Qd(t),Br(t)}async updateTokenEndpointAuthority(e,t){const n=`https://${e}/${this.authority.tenant}/`,o=await Cu(n,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=o}}/*! @azure/msal-common v16.11.0 2026-06-30 */const Bw=300;class Gw{constructor(e,t){this.config=Ba(e),this.logger=new ot(this.config.loggerOptions,io,sr),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}async acquireToken(e,t){var a;const n=it(),o=await w(this.executeTokenRequest.bind(this),gw,this.logger,this.performanceClient,e.correlationId)(e,this.authority),i=(a=o.headers)==null?void 0:a[Ae.X_MS_REQUEST_ID],s=new Cn(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.performanceClient,this.config.serializableCache,this.config.persistencePlugin);return s.validateTokenResponse(o.body,e.correlationId),w(s.handleServerTokenResponse.bind(s),Va,this.logger,this.performanceClient,e.correlationId)(o.body,this.authority,n,e,t,void 0,void 0,!0,e.forceCache,i)}async acquireTokenByRefreshToken(e,t){if(!e)throw V(Jm,"");if(!e.account)throw T(Wd,e.correlationId);if(this.cacheManager.isAppMetadataFOCI(e.account.environment,e.correlationId))try{return await w(this.acquireTokenWithCachedRefreshToken.bind(this),hs,this.logger,this.performanceClient,e.correlationId)(e,!0,t)}catch(o){const i=o instanceof st&&o.errorCode===Zs,s=o instanceof In&&o.errorCode===Qg&&o.subError===qg;if(i||s)return w(this.acquireTokenWithCachedRefreshToken.bind(this),hs,this.logger,this.performanceClient,e.correlationId)(e,!1,t);throw o}return w(this.acquireTokenWithCachedRefreshToken.bind(this),hs,this.logger,this.performanceClient,e.correlationId)(e,!1,t)}async acquireTokenWithCachedRefreshToken(e,t,n){var s;const o=ze(this.cacheManager.getRefreshToken.bind(this.cacheManager),Rw,this.logger,this.performanceClient,e.correlationId)(e.account,t,e.correlationId,void 0);if(!o)throw oi(Zs,e.correlationId);if(o.expiresOn){const a=e.refreshTokenExpirationOffsetSeconds||Bw;if((s=this.performanceClient)==null||s.addFields({cacheRtExpiresOnSeconds:Number(o.expiresOn),rtOffsetSeconds:a},e.correlationId),ri(o.expiresOn,a))throw oi(uu,e.correlationId)}const i={...e,refreshToken:o.secret,authenticationScheme:e.authenticationScheme||ee.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:tt.HOME_ACCOUNT_ID}};try{return await w(this.acquireToken.bind(this),mw,this.logger,this.performanceClient,e.correlationId)(i,n)}catch(a){if(a instanceof st&&a.subError===Za){this.logger.verbose("1pg3ap",e.correlationId);const c=this.cacheManager.generateCredentialKey(o);this.cacheManager.removeRefreshToken(c,e.correlationId)}throw a}}async executeTokenRequest(e,t){const n=wu(e,this.config.authOptions.clientId,this.config.authOptions.redirectUri,this.performanceClient),o=B.appendQueryString(t.tokenEndpoint,n),i=await w(this.createTokenRequestBody.bind(this),yw,this.logger,this.performanceClient,e.correlationId)(e),s=yu(this.logger,this.config.systemOptions.preventCorsPreflight,e.ccsCredential),a=ki(this.config.authOptions.clientId,e);return w(vu,pw,this.logger,this.performanceClient,e.correlationId)(o,i,s,a,e.correlationId,this.cacheManager,this.networkClient,this.logger,this.performanceClient,this.serverTelemetryManager)}async createTokenRequestBody(e){var n,o;const t=new Map;if(Ma(t,e.embeddedClientId||((n=e.extraParameters)==null?void 0:n[vn])||this.config.authOptions.clientId),e.redirectUri&&Ua(t,e.redirectUri),xa(t,e.scopes,e.correlationId,!0,(o=this.config.authOptions.authority.options.OIDCOptions)==null?void 0:o.defaultScopes),Yd(t,Pd.REFRESH_TOKEN_GRANT),Fa(t),La(t,this.config.libraryInfo),Ha(t,this.config.telemetry.application),nu(t),this.serverTelemetryManager&&!lu(this.config)&&tu(t,this.serverTelemetryManager),Sy(t,e.refreshToken),this.config.clientCredentials.clientSecret&&Zd(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const i=this.config.clientCredentials.clientAssertion;$d(t,await mu(i.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),Xd(t,i.assertionType)}if(e.authenticationScheme===ee.POP){const i=new qn(this.cryptoUtils,this.performanceClient);let s;e.popKid?s=this.cryptoUtils.encodeKid(e.popKid):s=(await w(i.generateCnf.bind(i),so,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString,ja(t,s)}else if(e.authenticationScheme===ee.SSH)if(e.sshJwk)eu(t,e.sshJwk);else throw V(Oa,e.correlationId);if(this.config.systemOptions.preventCorsPreflight&&e.ccsCredential)switch(e.ccsCredential.type){case tt.HOME_ACCOUNT_ID:try{const i=Bn(e.ccsCredential.credential);Lr(t,i)}catch(i){this.logger.verbose(`1qhtee ${i}`,e.correlationId)}break;case tt.UPN:Xo(t,e.ccsCredential.credential);break}return e.embeddedClientId&&vi(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.extraParameters&&gt(t,{...e.extraParameters}),wi(t,e.correlationId,this.performanceClient),Da(t,e.correlationId,e.claims,this.config.authOptions.clientCapabilities,e.skipBrokerClaims),Br(t)}}/*! @azure/msal-common v16.11.0 2026-06-30 */class Vw{constructor(e,t){this.config=Ba(e),this.logger=new ot(this.config.loggerOptions,io,sr),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}async acquireCachedToken(e){let t=jt.NOT_APPLICABLE;if(e.forceRefresh||!mn.isEmptyObj(e.claims))throw this.setCacheOutcome(jt.FORCE_REFRESH_OR_CLAIMS,e.correlationId),T(Zt,e.correlationId);if(!e.account)throw T(Wd,e.correlationId);const n=e.account.tenantId||Ww(e.authority,e.correlationId),o=this.cacheManager.getTokenKeys(),i=this.cacheManager.getAccessToken(e.account,e,o,n);if(i){if(ow(i.cachedAt)||ri(i.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(jt.CACHED_ACCESS_TOKEN_EXPIRED,e.correlationId),T(Zt,e.correlationId);if(e.resource){if(i.resource!==e.resource)throw this.setCacheOutcome(jt.NO_CACHED_ACCESS_TOKEN,e.correlationId),T(Zt,e.correlationId)}else i.refreshOn&&ri(i.refreshOn,0)&&(t=jt.PROACTIVELY_REFRESHED)}else throw this.setCacheOutcome(jt.NO_CACHED_ACCESS_TOKEN,e.correlationId),T(Zt,e.correlationId);const s=e.authority||this.authority.getPreferredCache(),a={account:this.cacheManager.getAccount(this.cacheManager.generateAccountKey(e.account),e.correlationId),accessToken:i,idToken:this.cacheManager.getIdToken(e.account,e.correlationId,o,n),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(s,e.correlationId)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await w(this.generateResultFromCacheRecord.bind(this),ww,this.logger,this.performanceClient,e.correlationId)(a,e),t]}setCacheOutcome(e,t){var n,o;(n=this.serverTelemetryManager)==null||n.setCacheOutcome(e),(o=this.performanceClient)==null||o.addFields({cacheOutcome:e},t),e!==jt.NOT_APPLICABLE&&this.logger.info(`09ingz ${e}`,t)}async generateResultFromCacheRecord(e,t){let n;return e.idToken&&(n=ft(e.idToken.secret,this.config.cryptoInterface.base64Decode,t.correlationId)),Cn.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,this.performanceClient,n)}}/*! @azure/msal-common v16.11.0 2026-06-30 */const Zw={sendGetRequestAsync:()=>Promise.reject(T(D,"")),sendPostRequestAsync:()=>Promise.reject(T(D,""))};/*! @azure/msal-common v16.11.0 2026-06-30 */function $w(r,e,t,n){var a,c;const o=e.correlationId,i=new Map;Ma(i,e.embeddedClientId||((a=e.extraQueryParameters)==null?void 0:a[vn])||r.clientId);const s=[...e.scopes||[],...e.extraScopesToConsent||[]];if(xa(i,s,e.correlationId,!0,(c=r.authority.options.OIDCOptions)==null?void 0:c.defaultScopes),ru(i,e.resource),Ua(i,e.redirectUri),oo(i,o),wy(i,e.responseMode),Fa(i),Ay(i),e.prompt&&(ky(i,e.prompt),n==null||n.addFields({prompt:e.prompt},o)),e.domainHint&&(Ty(i,e.domainHint),n==null||n.addFields({domainHintFromRequest:!0},o)),e.prompt!==be.SELECT_ACCOUNT)if(e.sid&&e.prompt===be.NONE)t.verbose("1tvqyx",e.correlationId),Uh(i,e.sid),n==null||n.addFields({sidFromRequest:!0},o);else if(e.account){const l=Qw(e.account);let h=qw(e.account);if(h&&e.domainHint&&(t.warning("0wkg3v",e.correlationId),h=null),h){t.verbose("1eyfsw",e.correlationId),Io(i,h),n==null||n.addFields({loginHintFromClaim:!0},o);try{const d=Bn(e.account.homeAccountId);Lr(i,d)}catch{t.verbose("12ugck",e.correlationId)}}else if(l&&e.prompt===be.NONE){t.verbose("1rmd8s",e.correlationId),Uh(i,l),n==null||n.addFields({sidFromClaim:!0},o);try{const d=Bn(e.account.homeAccountId);Lr(i,d)}catch{t.verbose("12ugck",e.correlationId)}}else if(e.loginHint)t.verbose("0y3007",e.correlationId),Io(i,e.loginHint),Xo(i,e.loginHint),n==null||n.addFields({loginHintFromRequest:!0},o);else if(e.account.username){t.verbose("02f507",e.correlationId),Io(i,e.account.username),n==null||n.addFields({loginHintFromUpn:!0},o);try{const d=Bn(e.account.homeAccountId);Lr(i,d)}catch{t.verbose("12ugck",e.correlationId)}}}else e.loginHint&&(t.verbose("0g01ey",e.correlationId),Io(i,e.loginHint),Xo(i,e.loginHint),n==null||n.addFields({loginHintFromRequest:!0},o));else t.verbose("169k9v",e.correlationId);return e.nonce&&_y(i,e.nonce),e.state&&Vd(i,e.state),e.embeddedClientId&&vi(i,r.clientId,r.redirectUri),Da(i,e.correlationId,e.claims,r.clientCapabilities,e.skipBrokerClaims),r.instanceAware&&(!e.extraQueryParameters||!Object.keys(e.extraQueryParameters).includes(Ws))&&Qd(i),i}function Xa(r,e){const t=Br(e);return B.appendQueryString(r.authorizationEndpoint,t)}function Xw(r,e,t){if(Ya(r,e,t),!r.code)throw T(py,t);return r}function Ya(r,e,t){if(!r.state||!e)throw r.state?T(Nh,t,"Cached State"):T(Nh,t,"Server State");let n,o;try{n=decodeURIComponent(r.state)}catch{throw T(Jr,t,r.state)}try{o=decodeURIComponent(e)}catch{throw T(Jr,t,r.state)}if(n!==o)throw T(iy,t);if(r.error||r.error_description||r.suberror){const i=Yw(r);throw fu(r.error,r.error_description,r.suberror)?new st(r.error||"",r.correlation_id||t,r.error_description,r.suberror,r.timestamp||"",r.trace_id||"",r.claims||"",i):new In(r.error||"",r.correlation_id||t,r.error_description,r.suberror,i)}}function Yw(r){var n,o;const e="code=",t=(n=r.error_uri)==null?void 0:n.lastIndexOf(e);return t&&t>=0?(o=r.error_uri)==null?void 0:o.substring(t+e.length):void 0}function Qw(r){var e;return((e=r.idTokenClaims)==null?void 0:e.sid)||null}function qw(r){var e;return r.loginHint||((e=r.idTokenClaims)==null?void 0:e.login_hint)||null}/*! @azure/msal-common v16.11.0 2026-06-30 */function ku(r,e){if(r){if(e.resource&&(Zh(e.extraParameters)||Zh(e.extraQueryParameters)))throw T(yy,e.correlationId||"");if(!e.resource)throw T(my,e.correlationId||"")}}function Zh(r){return r?Object.prototype.hasOwnProperty.call(r,"resource"):!1}/*! @azure/msal-common v16.11.0 2026-06-30 */const $s="unexpected_error";/*! @azure/msal-common v16.11.0 2026-06-30 */const $h=",",_u="|";function ev(r){const{skus:e,libraryName:t,libraryVersion:n,extensionName:o,extensionVersion:i}=r,s=new Map([[0,[t,n]],[2,[o,i]]]);let a=[];if(e!=null&&e.length){if(a=e.split($h),a.length<4)return e}else a=Array.from({length:4},()=>_u);return s.forEach((c,l)=>{var h,d;c.length===2&&((h=c[0])!=null&&h.length)&&((d=c[1])!=null&&d.length)&&tv({skuArr:a,index:l,skuName:c[0],skuVersion:c[1]})}),a.join($h)}function tv(r){const{skuArr:e,index:t,skuName:n,skuVersion:o}=r;t>=e.length||(e[t]=[n,o].join(_u))}class er{constructor(e,t){this.cacheOutcome=jt.NOT_APPLICABLE,this.cacheManager=t,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||"",this.wrapperVer=e.wrapperVer||"",this.telemetryCacheKey=xd+Nd+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${On}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],n=this.getNativeBrokerErrorCode();n!=null&&n.length&&t.push(`broker_error=${n}`);const o=t.join(On),i=this.getRegionDiscoveryFields(),s=[e,i].join(On);return[Rh,s,o].join(Ph)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=er.maxErrorsToSend(e),n=e.failedRequests.slice(0,2*t).join(On),o=e.errors.slice(0,t).join(On),i=e.errors.length,s=t<i?Gg:Vg,a=[i,s].join(On);return[Rh,e.cacheHits,n,o,a].join(Ph)}cacheFailedRequest(e){try{const t=this.getLastRequests();t.errors.length>=Bg&&(t.failedRequests.shift(),t.failedRequests.shift(),t.errors.shift()),t.failedRequests.push(this.apiId,this.correlationId),e instanceof Error&&e&&e.toString()?e instanceof oe?e.subError?t.errors.push(e.subError):e.errorCode?t.errors.push(e.errorCode):t.errors.push(e.toString()):t.errors.push(e.toString()):t.errors.push(Zg),this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}catch{}}incrementCacheHits(){const e=this.getLastRequests();return e.cacheHits+=1,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId),e.cacheHits}getLastRequests(){const e={failedRequests:[],errors:[],cacheHits:0};return this.cacheManager.getServerTelemetry(this.telemetryCacheKey,this.correlationId)||e}clearTelemetryCache(){const e=this.getLastRequests(),t=er.maxErrorsToSend(e),n=e.errors.length;if(t===n)this.cacheManager.removeItem(this.telemetryCacheKey,this.correlationId);else{const o={failedRequests:e.failedRequests.slice(t*2),errors:e.errors.slice(t),cacheHits:0};this.cacheManager.setServerTelemetry(this.telemetryCacheKey,o,this.correlationId)}}static maxErrorsToSend(e){let t,n=0,o=0;const i=e.errors.length;for(t=0;t<i;t++){const s=e.failedRequests[2*t]||"",a=e.failedRequests[2*t+1]||"",c=e.errors[t]||"";if(o+=s.toString().length+a.toString().length+c.length+3,o<Jg)n+=1;else break}return n}getRegionDiscoveryFields(){const e=[];return e.push(this.regionUsed||""),e.push(this.regionSource||""),e.push(this.regionOutcome||""),e.join(",")}updateRegionDiscoveryMetadata(e){this.regionUsed=e.region_used,this.regionSource=e.region_source,this.regionOutcome=e.region_outcome}setCacheOutcome(e){this.cacheOutcome=e}setNativeBrokerErrorCode(e){const t=this.getLastRequests();t.nativeBrokerErrorCode=e,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,t,this.correlationId)}getNativeBrokerErrorCode(){return this.getLastRequests().nativeBrokerErrorCode}clearNativeBrokerErrorCode(){const e=this.getLastRequests();delete e.nativeBrokerErrorCode,this.cacheManager.setServerTelemetry(this.telemetryCacheKey,e,this.correlationId)}static makeExtraSkuString(e){return ev(e)}}class nv extends er{constructor(){super({clientId:"",apiId:0,correlationId:"",forceRefresh:!1},{})}generateCurrentRequestHeaderValue(){return""}generateLastRequestHeaderValue(){return""}cacheFailedRequest(){}incrementCacheHits(){return 0}clearTelemetryCache(){}getRegionDiscoveryFields(){return""}updateRegionDiscoveryMetadata(){}setCacheOutcome(){}setNativeBrokerErrorCode(){}getNativeBrokerErrorCode(){}clearNativeBrokerErrorCode(){}}/*! @azure/msal-common v16.11.0 2026-06-30 */class Qa extends oe{constructor(e,t,n){super(e,t,n),this.name="JoseHeaderError",Object.setPrototypeOf(this,Qa.prototype)}}function Xh(r,e){return new Qa(r,e)}/*! @azure/msal-common v16.11.0 2026-06-30 */const rv="missing_kid_error",ov="missing_alg_error";/*! @azure/msal-common v16.11.0 2026-06-30 */class qa{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw Xh(rv,"");if(!e.alg)throw Xh(ov,"");const t=new qa({typ:e.typ||em.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */const iv="acquireTokenFromCache",sv="acquireTokenByRefreshToken",av="acquireTokenSilentAsync",cv="cryptoOptsGetPublicKeyThumbprint",hv="cryptoOptsSignJwt",lv="silentCacheClientAcquireToken",dv="silentIframeClientAcquireToken",uv="awaitConcurrentIframe",pv="silentRefreshClientAcquireToken",yn="standardInteractionClientGetDiscoveredAuthority",ec="nativeInteractionClientAcquireToken",fv="nativeInteractionClientAcquireToken",gv="refreshTokenClientAcquireTokenByRefreshToken",Yh="acquireTokenBySilentIframe",tc="initializeBaseRequest",mv="initializeSilentRequest",yv="initializeCache",Qh="silentIframeClientTokenHelper",ls="silentHandlerInitiateAuthRequest",ii="silentHandlerMonitorIframeForHash",Et="standardInteractionClientCreateAuthCodeClient",Si="standardInteractionClientGetClientConfiguration",Gr="standardInteractionClientInitializeAuthorizationRequest",wv="silentFlowClientAcquireCachedToken",vv="getStandardParams",bv="handleCodeResponse",nc="handleResponseEar",Iu="handleResponsePlatformBroker",Gn="handleResponseCode",Cv="authClientAcquireToken",Hr="deserializeResponse",Tv="authorityFactoryCreateDiscoveredInstance",kv="acquireTokenByCodeAsync",_v="handleRedirectPromise",Iv="handleNativeRedirectPromise",Sv="nativeMessageHandlerHandshake",qh="removeHiddenIframe",Ev="importExistingCache",Tn="generatePkceCodes",Av="generateCodeVerifier",Rv="generateCodeChallengeFromVerifier",Pv="sha256Digest",Ov="getRandomValues",el="generateHKDF",Nv="generateBaseKey",xv="base64Decode",Mv="urlEncodeArr",Uv="encrypt",tl="decrypt",rc="generateEarKey",Dv="decryptEarResponse",Lv="waitForBridgeLateResponse";/*! @azure/msal-browser v5.16.0 2026-06-30 */function Ei(r){return`See https://aka.ms/msal.js.errors#${r} for details`}class co extends oe{constructor(e,t,n){super(e,t,Ei(e),n),Object.setPrototypeOf(this,co.prototype),this.name="BrowserAuthError"}}function A(r,e,t){return new co(r,e,t)}/*! @azure/msal-browser v5.16.0 2026-06-30 */const Su="pkce_not_created",Eu="ear_jwk_empty",Hv="ear_jwe_empty",nl="crypto_nonexistent",oc="empty_navigate_uri",Kv="hash_empty_error",ic="no_state_in_hash",Fv="hash_does_not_contain_known_properties",Au="unable_to_parse_state",jv="state_interaction_type_mismatch",zv="interaction_in_progress",Wv="interaction_in_progress_cancelled",Jv="popup_window_error",Bv="empty_window_error",Xs="user_cancelled",Gv="redirect_bridge_empty_response",Vv="redirect_in_iframe",Zv="block_iframe_reload",$v="block_nested_popups",sc="silent_logout_unsupported",Xv="no_account_error",Yv="no_token_request_cache_error",Qv="unable_to_parse_token_request_cache_error",Ru="non_browser_environment",_r="database_not_open",Ys="no_network_connectivity",qv="post_request_failed",eb="get_request_failed",rl="failed_to_parse_response",Pu="crypto_key_not_found",tb="auth_code_required",nb="auth_code_or_nativeAccountId_required",rb="spa_code_and_nativeAccountId_present",Ou="database_unavailable",ob="unable_to_acquire_token_from_native_platform",ib="native_handshake_timeout",sb="native_extension_not_installed",Nu="native_connection_not_established",Uo="uninitialized_public_client_application",ab="native_prompt_not_supported",cb="invalid_base64_string",hb="invalid_pop_token_request",lb="failed_to_build_headers",db="failed_to_parse_headers",ds="failed_to_decrypt_ear_response",si="timed_out",ub="empty_response";/*! @azure/msal-browser v5.16.0 2026-06-30 */function ve(r){return new TextDecoder().decode(Yt(r))}function Yt(r){let e=r.replace(/-/g,"+").replace(/_/g,"/");switch(e.length%4){case 0:break;case 2:e+="==";break;case 3:e+="=";break;default:throw A(cb,"")}const t=atob(e);return Uint8Array.from(t,n=>n.codePointAt(0)||0)}/*! @azure/msal-browser v5.16.0 2026-06-30 */const Ye={INVALID_GRANT_ERROR:"invalid_grant",POPUP_WIDTH:483,POPUP_HEIGHT:600,POPUP_NAME_PREFIX:"msal",MSAL_SKU:"msal.js.browser"},je={CHANNEL_ID:"53ee284d-920a-4b59-9d30-a60315b26836",PREFERRED_EXTENSION_ID:"ppnbnpeolgkicgegkbkbjmhlideopiji",MATS_TELEMETRY:"MATS",MICROSOFT_ENTRA_BROKERID:"MicrosoftEntra",DOM_API_NAME:"DOM API",PLATFORM_DOM_APIS:"get-token-and-sign-out",PLATFORM_DOM_PROVIDER:"PlatformAuthDOMHandler",PLATFORM_EXTENSION_PROVIDER:"PlatformAuthExtensionHandler"},Ir={HandshakeRequest:"Handshake",HandshakeResponse:"HandshakeResponse",GetToken:"GetToken",Response:"Response"},yt={LocalStorage:"localStorage",SessionStorage:"sessionStorage",MemoryStorage:"memoryStorage"},ol={GET:"GET",POST:"POST"},Bt={SIGNIN:"signin",SIGNOUT:"signout"},se={ORIGIN_URI:"request.origin",URL_HASH:"urlHash",REQUEST_PARAMS:"request.params",VERIFIER:"code.verifier",INTERACTION_STATUS_KEY:"interaction.status",NATIVE_REQUEST:"request.native"},Eo={WRAPPER_SKU:"wrapper.sku",WRAPPER_VER:"wrapper.version"},z={acquireTokenRedirect:861,acquireTokenPopup:862,ssoSilent:863,acquireTokenSilent_authCode:864,handleRedirectPromise:865,acquireTokenByCode:866,acquireTokenSilent_silentFlow:61,logout:961,logoutPopup:962,hydrateCache:963,loadExternalTokens:964},il={861:"acquireTokenRedirect",862:"acquireTokenPopup",863:"ssoSilent",864:"acquireTokenSilent_authCode",865:"handleRedirectPromise",866:"acquireTokenByCode",61:"acquireTokenSilent_silentFlow",961:"logout",962:"logoutPopup",963:"hydrateCache",964:"loadExternalTokens"},pb=r=>typeof r=="number"&&r in il?il[r]:"unknown";var R;(function(r){r.Redirect="redirect",r.Popup="popup",r.Silent="silent",r.None="none"})(R||(R={}));const Ee={Startup:"startup",Logout:"logout",AcquireToken:"acquireToken",HandleRedirect:"handleRedirect",None:"none"},sl={scopes:ir},xu="jwk",fb={React:"@azure/msal-react"},Qs="msal.db",gb=1,mb=`${Qs}.keys`,Se={Default:0,AccessToken:1,AccessTokenAndRefreshToken:2,RefreshToken:3,RefreshTokenAndNetwork:4,Skip:5},yb=[Se.Default,Se.Skip,Se.RefreshTokenAndNetwork];/*! @azure/msal-browser v5.16.0 2026-06-30 */function Ao(r){return encodeURIComponent(Vr(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"))}function qt(r){return Mu(r).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function Vr(r){return Mu(new TextEncoder().encode(r))}function Mu(r){const e=Array.from(r,t=>String.fromCodePoint(t)).join("");return btoa(e)}/*! @azure/msal-browser v5.16.0 2026-06-30 */const wb="RSASSA-PKCS1-v1_5",cr="AES-GCM",Uu="HKDF",ac="SHA-256",vb=2048,bb=new Uint8Array([1,0,1]),al="0123456789abcdef",cl=new Uint32Array(1),cc="raw",Du="encrypt",hc="decrypt",Cb="deriveKey",Tb="crypto_subtle_undefined",lc={name:wb,hash:ac,modulusLength:vb,publicExponent:bb};function kb(r){if(!window)throw A(Ru,"");if(!window.crypto)throw A(nl,"");if(!r&&!window.crypto.subtle)throw A(nl,"",Tb)}async function Lu(r){const t=new TextEncoder().encode(r);return window.crypto.subtle.digest(ac,t)}function _b(r){return window.crypto.getRandomValues(r)}function us(){return window.crypto.getRandomValues(cl),cl[0]}function en(){const r=Date.now(),e=us()*1024+(us()&1023),t=new Uint8Array(16),n=Math.trunc(e/2**30),o=e&2**30-1,i=us();t[0]=r/2**40,t[1]=r/2**32,t[2]=r/2**24,t[3]=r/2**16,t[4]=r/2**8,t[5]=r,t[6]=112|n>>>8,t[7]=n,t[8]=128|o>>>24,t[9]=o>>>16,t[10]=o>>>8,t[11]=o,t[12]=i>>>24,t[13]=i>>>16,t[14]=i>>>8,t[15]=i;let s="";for(let a=0;a<t.length;a++)s+=al.charAt(t[a]>>>4),s+=al.charAt(t[a]&15),(a===3||a===5||a===7||a===9)&&(s+="-");return s}async function Ib(r,e){return window.crypto.subtle.generateKey(lc,r,e)}async function ps(r){return window.crypto.subtle.exportKey(xu,r)}async function Sb(r,e,t){return window.crypto.subtle.importKey(xu,r,lc,e,t)}async function Eb(r,e){return window.crypto.subtle.sign(lc,r,e)}async function dc(){const r=await Hu(),t={alg:"dir",kty:"oct",k:qt(new Uint8Array(r))};return Vr(JSON.stringify(t))}async function Ab(r){const e=ve(r),n=JSON.parse(e).k,o=Yt(n);return window.crypto.subtle.importKey(cc,o,cr,!1,[hc])}async function Rb(r,e){const t=e.split(".");if(t.length!==5)throw A(ds,"","jwe_length");const n=await Ab(r).catch(()=>{throw A(ds,"","import_key")});try{const o=new TextEncoder().encode(t[0]),i=Yt(t[2]),s=Yt(t[3]),a=Yt(t[4]),c=a.byteLength*8,l=new Uint8Array(s.length+a.length);l.set(s),l.set(a,s.length);const h=await window.crypto.subtle.decrypt({name:cr,iv:i,tagLength:c,additionalData:o},n,l);return new TextDecoder().decode(h)}catch{throw A(ds,"","decrypt")}}async function Hu(){const r=await window.crypto.subtle.generateKey({name:cr,length:256},!0,[Du,hc]);return window.crypto.subtle.exportKey(cc,r)}async function hl(r){return window.crypto.subtle.importKey(cc,r,Uu,!1,[Cb])}async function Ku(r,e,t){return window.crypto.subtle.deriveKey({name:Uu,salt:e,hash:ac,info:new TextEncoder().encode(t)},r,{name:cr,length:256},!1,[Du,hc])}async function Pb(r,e,t){const n=new TextEncoder().encode(e),o=window.crypto.getRandomValues(new Uint8Array(16)),i=await Ku(r,o,t),s=await window.crypto.subtle.encrypt({name:cr,iv:new Uint8Array(12)},i,n);return{data:qt(new Uint8Array(s)),nonce:qt(o)}}async function ll(r,e,t,n){const o=Yt(n),i=await Ku(r,Yt(e),t),s=await window.crypto.subtle.decrypt({name:cr,iv:new Uint8Array(12)},i,o);return new TextDecoder().decode(s)}async function Ob(r){const e=await Lu(r),t=new Uint8Array(e);return qt(t)}/*! @azure/msal-browser v5.16.0 2026-06-30 */class uc extends oe{constructor(e,t,n){super(e,t,n),this.name="BrowserConfigurationAuthError",Object.setPrototypeOf(this,uc.prototype)}}function he(r,e){return new uc(r,e,Ei(r))}/*! @azure/msal-browser v5.16.0 2026-06-30 */const Fu="storage_not_supported",Ie="stubbed_public_client_application_called",Nb="in_mem_redirect_unavailable";/*! @azure/msal-browser v5.16.0 2026-06-30 */function xb(){const r=window.location.hash,e=window.location.search;let t=!1,n=!1,o="",i;if(r&&r.length>1){const h=r.charAt(0)==="#"?r.substring(1):r,d=new URLSearchParams(h);d.has("state")&&(t=!0,o=h,i=d)}if(e&&e.length>1){const h=e.charAt(0)==="?"?e.substring(1):e,d=new URLSearchParams(h);d.has("state")&&(n=!0,o=h,i=d)}if(t&&n){const h=e.charAt(0)==="?"?e.substring(1):e,d=r.charAt(0)==="#"?r.substring(1):r;o=`${h}${d}`,i=new URLSearchParams(o)}if(!o||!i)throw A(ub,"");const s=i.get("state");if(!s)throw A(ic,"");const{libraryState:a}=ao(ve,s,""),{id:c,meta:l}=a;if(!c||!l)throw A(Au,"","missing_library_state");return{params:i,payload:o,urlHash:r,urlQuery:e,hasResponseInHash:t,hasResponseInQuery:n,libraryState:{id:c,meta:l}}}function ju(r){r.location.hash="",typeof r.history.replaceState=="function"&&r.history.replaceState(null,"",`${r.location.origin}${r.location.pathname}${r.location.search}`)}function Mb(r){const e=r.split("#");e.shift(),window.location.hash=e.length>0?e.join("#"):""}function Ai(){return window.parent!==window}function Ub(){if(Ai())return!1;try{const{libraryState:r}=xb(),{meta:e}=r;return e.interactionType===R.Popup}catch{return!1}}let Gt=null;function Db(r,e){Gt&&(r.verbose("18y01k",e),clearTimeout(Gt.timeoutId),Gt.channel.close(),Gt.reject(A(Wv,"")),Gt=null)}async function ai(r,e,t,n,o){return new Promise((i,s)=>{e.verbose("1rf6em",t.correlationId);const a=t.correlationId;n.addFields({redirectBridgeTimeoutMs:r,lateResponseExperimentEnabled:(o==null?void 0:o.iframeTimeoutTelemetry)||!1},a);const{libraryState:c}=ao(ve,t.state||"",t.correlationId),l=new BroadcastChannel(c.id);let h,d=!1,p,u;const f=window.setTimeout(()=>{Gt=null,o!=null&&o.iframeTimeoutTelemetry?(u=n.startMeasurement(Lv,a),d=!0,p=window.setTimeout(()=>{u==null||u.end({success:!1}),clearTimeout(p),l.close()},6e4)):l.close(),s(A(si,"","redirect_bridge_timeout"))},r);Gt={timeoutId:f,channel:l,reject:s},l.onmessage=g=>{h=g.data.payload;const y=g!=null&&g.data&&typeof g.data.v=="number"?g.data.v:void 0;if(d){u==null||u.end({success:!!h}),clearTimeout(p),l.close();return}n.addFields({redirectBridgeMessageVersion:y},a),Gt=null,clearTimeout(f),l.close(),h?i(h):s(A(Gv,a))}})}function _t(){return typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:""}function Lb(r){const t=new B(window.location.href,r||"").getUrlComponents();return`${t.Protocol}//${t.HostNameAndPort}/`}function Hb(){if(Yo(window.location.hash)&&Ai())throw A(Zv,"")}function Kb(r){if(Ai()&&!r)throw A(Vv,"")}function Fb(){if(Ub())throw A($v,"")}function zu(){if(typeof window>"u")throw A(Ru,"")}function Wu(r){if(!r)throw A(Uo,"")}function pc(r){zu(),Hb(),Fb(),Wu(r)}function dl(r,e){if(pc(r),Kb(e.system.allowRedirectInIframe),e.cache.cacheLocation===yt.MemoryStorage)throw he(Nb,"")}function Ju(r){const e=document.createElement("link");e.rel="preconnect",e.href=new URL(r).origin,e.crossOrigin="anonymous",document.head.appendChild(e),window.setTimeout(()=>{try{document.head.removeChild(e)}catch{}},1e4)}function qs(){return en()}/*! @azure/msal-browser v5.16.0 2026-06-30 */class jb{constructor(){this.dbName=Qs,this.version=gb,this.tableName=mb,this.dbOpen=!1}async open(){return new Promise((e,t)=>{const n=window.indexedDB.open(this.dbName,this.version);n.addEventListener("upgradeneeded",o=>{o.target.result.createObjectStore(this.tableName)}),n.addEventListener("success",o=>{const i=o;this.db=i.target.result,this.dbOpen=!0,e()}),n.addEventListener("error",()=>t(A(Ou,"")))})}closeConnection(){const e=this.db;e&&this.dbOpen&&(e.close(),this.dbOpen=!1)}async validateDbIsOpen(){if(!this.dbOpen)return this.open()}async getItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(A(_r,""));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).get(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async setItem(e,t){return await this.validateDbIsOpen(),new Promise((n,o)=>{if(!this.db)return o(A(_r,""));const a=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).put(t,e);a.addEventListener("success",()=>{this.closeConnection(),n()}),a.addEventListener("error",c=>{this.closeConnection(),o(c)})})}async removeItem(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(A(_r,""));const s=this.db.transaction([this.tableName],"readwrite").objectStore(this.tableName).delete(e);s.addEventListener("success",()=>{this.closeConnection(),t()}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async getKeys(){return await this.validateDbIsOpen(),new Promise((e,t)=>{if(!this.db)return t(A(_r,""));const i=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).getAllKeys();i.addEventListener("success",s=>{const a=s;this.closeConnection(),e(a.target.result)}),i.addEventListener("error",s=>{this.closeConnection(),t(s)})})}async containsKey(e){return await this.validateDbIsOpen(),new Promise((t,n)=>{if(!this.db)return n(A(_r,""));const s=this.db.transaction([this.tableName],"readonly").objectStore(this.tableName).count(e);s.addEventListener("success",a=>{const c=a;this.closeConnection(),t(c.target.result===1)}),s.addEventListener("error",a=>{this.closeConnection(),n(a)})})}async deleteDatabase(){return this.db&&this.dbOpen&&this.closeConnection(),new Promise((e,t)=>{const n=window.indexedDB.deleteDatabase(Qs),o=setTimeout(()=>t(!1),200);n.addEventListener("success",()=>(clearTimeout(o),e(!0))),n.addEventListener("blocked",()=>(clearTimeout(o),e(!0))),n.addEventListener("error",()=>(clearTimeout(o),t(!1)))})}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class Ri{constructor(){this.cache=new Map}async initialize(){}getItem(e){return this.cache.get(e)||null}getUserData(e){return this.getItem(e)}setItem(e,t){this.cache.set(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){this.cache.delete(e)}getKeys(){const e=[];return this.cache.forEach((t,n)=>{e.push(n)}),e}containsKey(e){return this.cache.has(e)}clear(){this.cache.clear()}decryptData(){return Promise.resolve(null)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class zb{constructor(e){this.inMemoryCache=new Ri,this.indexedDBCache=new jb,this.logger=e}handleDatabaseAccessError(e,t){if(e instanceof co&&e.errorCode===Ou)this.logger.error("1wx7zz",t);else throw e}async getItem(e,t){const n=this.inMemoryCache.getItem(e);if(!n)try{return this.logger.verbose("0naxpl",t),await this.indexedDBCache.getItem(e)}catch(o){this.handleDatabaseAccessError(o,t)}return n}async setItem(e,t,n){this.inMemoryCache.setItem(e,t);try{await this.indexedDBCache.setItem(e,t)}catch(o){this.handleDatabaseAccessError(o,n)}}async removeItem(e,t){this.inMemoryCache.removeItem(e);try{await this.indexedDBCache.removeItem(e)}catch(n){this.handleDatabaseAccessError(n,t)}}async getKeys(e){const t=this.inMemoryCache.getKeys();if(t.length===0)try{return this.logger.verbose("1iqrbq",e),await this.indexedDBCache.getKeys()}catch(n){this.handleDatabaseAccessError(n,e)}return t}async containsKey(e,t){const n=this.inMemoryCache.containsKey(e);if(!n)try{return this.logger.verbose("03zl2j",t),await this.indexedDBCache.containsKey(e)}catch(o){this.handleDatabaseAccessError(o,t)}return n}clearInMemory(e){this.logger.verbose("03r21p",e),this.inMemoryCache.clear(),this.logger.verbose("0uksk1",e)}async clearPersistent(e){try{this.logger.verbose("0rdqut",e);const t=await this.indexedDBCache.deleteDatabase();return t&&this.logger.verbose("149ouc",e),t}catch(t){return this.handleDatabaseAccessError(t,e),!1}}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class Ot{constructor(e,t,n){this.logger=e,kb(n??!1),this.cache=new zb(this.logger),this.performanceClient=t}createNewGuid(){return en()}base64Encode(e){return Vr(e)}base64Decode(e){return ve(e)}base64UrlEncode(e){return Ao(e)}encodeKid(e){return this.base64UrlEncode(JSON.stringify({kid:e}))}async getPublicKeyThumbprint(e){var h;const t=(h=this.performanceClient)==null?void 0:h.startMeasurement(cv,e.correlationId),n=await Ib(Ot.EXTRACTABLE,Ot.POP_KEY_USAGES),o=await ps(n.publicKey),i={e:o.e,kty:o.kty,n:o.n},s=ul(i),a=await this.hashString(s),c=await ps(n.privateKey),l=await Sb(c,!1,["sign"]);return await this.cache.setItem(a,{privateKey:l,publicKey:n.publicKey,requestMethod:e.resourceRequestMethod,requestUri:e.resourceRequestUri},e.correlationId),t&&t.end({success:!0}),a}async removeTokenBindingKey(e,t){if(await this.cache.removeItem(e,t),await this.cache.containsKey(e,t))throw T(fy,t)}async clearKeystore(e){this.cache.clearInMemory(e);try{return await this.cache.clearPersistent(e),!0}catch(t){return t instanceof Error?this.logger.error(`1owpn8 ${t.message}`,e):this.logger.error("0yrmwo",e),!1}}async signJwt(e,t,n,o){var C;const i=(C=this.performanceClient)==null?void 0:C.startMeasurement(hv,o),s=await this.cache.getItem(t,o||"");if(!s)throw A(Pu,o||"");const a=await ps(s.publicKey),c=ul(a),l=Ao(JSON.stringify({kid:t})),h=qa.getShrHeaderString({...n==null?void 0:n.header,alg:a.alg,kid:l}),d=Ao(h);e.cnf={jwk:JSON.parse(c)};const p=Ao(JSON.stringify(e)),u=`${d}.${p}`,g=new TextEncoder().encode(u),y=await Eb(s.privateKey,g),m=qt(new Uint8Array(y)),b=`${u}.${m}`;return i&&i.end({success:!0}),b}async hashString(e){return Ob(e)}}Ot.POP_KEY_USAGES=["sign","verify"];Ot.EXTRACTABLE=!0;function ul(r){return JSON.stringify(r,Object.keys(r).sort())}/*! @azure/msal-browser v5.16.0 2026-06-30 */const Wb="acquireTokenSilent",Jb="acquireTokenByCode",Bb="acquireTokenPopup",Gb="acquireTokenPreRedirect",fs="acquireTokenRedirect",Vb="ssoSilent",Zb="initializeClientApplication",$b="localStorageUpdated",Xb="ssoCapable";/*! @azure/msal-browser v5.16.0 2026-06-30 */const pe="msal",fc="browser",pl="|",me=3,Do=3,Yb=`${pe}.${fc}.log.level`,Qb=`${pe}.${fc}.log.pii`,fl=`${pe}.version`,gl="account.keys",ml="token.keys",yl=`${pe}.${fc}.sso.capable`;function Vn(r=Do){return r<1?`${pe}.${gl}`:`${pe}.${r}.${gl}`}function Zn(r,e=me){return e<1?`${pe}.${ml}.${r}`:`${pe}.${e}.${ml}.${r}`}/*! @azure/msal-browser v5.16.0 2026-06-30 */const qb=1440*60*1e3,ea={Lax:"Lax",None:"None"};class Bu{initialize(){return Promise.resolve()}getItem(e){const t=encodeURIComponent(e),n=document.cookie.split(";");for(let o=0;o<n.length;o++){const i=n[o].trim(),s=i.indexOf("=");if((s===-1?i:i.substring(0,s))===t){const c=s===-1?"":i.substring(s+1);try{return decodeURIComponent(c)}catch{return c}}}return""}getUserData(){throw T(D,"")}setItem(e,t,n,o=!0,i=ea.Lax){let s=`${encodeURIComponent(e)}=${encodeURIComponent(t)};path=/;SameSite=${i};`;if(n){const a=eC(n);s+=`expires=${a};`}(o||i===ea.None)&&(s+="Secure;"),document.cookie=s}async setUserData(e,t,n){return Promise.reject(T(D,n))}removeItem(e){this.setItem(e,"",-1)}getKeys(){const e=document.cookie.split(";"),t=[];return e.forEach(n=>{const o=n.trim(),i=o.indexOf("="),s=i===-1?o:o.substring(0,i);try{t.push(decodeURIComponent(s))}catch{}}),t}containsKey(e){return this.getKeys().includes(e)}decryptData(){return Promise.resolve(null)}}function eC(r){const e=new Date;return new Date(e.getTime()+r*qb).toUTCString()}/*! @azure/msal-browser v5.16.0 2026-06-30 */function Wt(r,e){const t=r.getItem(Vn(e));return t?JSON.parse(t):[]}function Ge(r,e,t){const n=e.getItem(Zn(r,t));if(n){const o=JSON.parse(n);if(o&&o.hasOwnProperty("idToken")&&o.hasOwnProperty("accessToken")&&o.hasOwnProperty("refreshToken"))return o}return{idToken:[],accessToken:[],refreshToken:[]}}/*! @azure/msal-browser v5.16.0 2026-06-30 */function Or(r){return r.hasOwnProperty("id")&&r.hasOwnProperty("nonce")&&r.hasOwnProperty("data")}/*! @azure/msal-browser v5.16.0 2026-06-30 */const wl="msal.cache.encryption",tC="msal.broadcast.cache";class nC{constructor(e,t,n){if(!window.localStorage)throw he(Fu,"");this.memoryStorage=new Ri,this.initialized=!1,this.clientId=e,this.logger=t,this.performanceClient=n,this.broadcast=new BroadcastChannel(tC)}async initialize(e){const t=new Bu,n=t.getItem(wl);let o={key:"",id:""};if(n)try{o=JSON.parse(n)}catch{}if(o.key&&o.id){const i=ze(Yt,xv,this.logger,this.performanceClient,e)(o.key);this.encryptionCookie={id:o.id,key:await w(hl,el,this.logger,this.performanceClient,e)(i)}}else{const i=en(),s=await w(Hu,Nv,this.logger,this.performanceClient,e)(),a=ze(qt,Mv,this.logger,this.performanceClient,e)(new Uint8Array(s));this.encryptionCookie={id:i,key:await w(hl,el,this.logger,this.performanceClient,e)(s)};const c={id:i,key:a};t.setItem(wl,JSON.stringify(c),0,!0,ea.None)}await w(this.importExistingCache.bind(this),Ev,this.logger,this.performanceClient,e)(e),this.broadcast.addEventListener("message",i=>{this.updateCache(i,e)}),this.initialized=!0}getItem(e){return window.localStorage.getItem(e)}getUserData(e){if(!this.initialized)throw A(Uo,"");return this.memoryStorage.getItem(e)}async decryptData(e,t,n){if(!this.initialized||!this.encryptionCookie)throw A(Uo,"");if(t.id!==this.encryptionCookie.id)return this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},n),null;const o=await w(ll,tl,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t.nonce,this.getContext(e),t.data);if(!o)return null;try{return{...JSON.parse(o),lastUpdatedAt:t.lastUpdatedAt}}catch{return this.performanceClient.incrementFields({encryptedCacheCorruptionCount:1},n),null}}setItem(e,t){window.localStorage.setItem(e,t)}async setUserData(e,t,n,o,i){if(!this.initialized||!this.encryptionCookie)throw A(Uo,"");if(i)this.setItem(e,t);else{const{data:s,nonce:a}=await w(Pb,Uv,this.logger,this.performanceClient,n)(this.encryptionCookie.key,t,this.getContext(e)),c={id:this.encryptionCookie.id,nonce:a,data:s,lastUpdatedAt:o};this.setItem(e,JSON.stringify(c))}this.memoryStorage.setItem(e,t),this.broadcast.postMessage({key:e,value:t,context:this.getContext(e)})}removeItem(e){this.memoryStorage.containsKey(e)&&(this.memoryStorage.removeItem(e),this.broadcast.postMessage({key:e,value:null,context:this.getContext(e)})),window.localStorage.removeItem(e)}getKeys(){return Object.keys(window.localStorage)}containsKey(e){return window.localStorage.hasOwnProperty(e)}clear(){this.memoryStorage.clear(),Wt(this).forEach(n=>this.removeItem(n));const t=Ge(this.clientId,this);t.idToken.forEach(n=>this.removeItem(n)),t.accessToken.forEach(n=>this.removeItem(n)),t.refreshToken.forEach(n=>this.removeItem(n)),this.getKeys().forEach(n=>{(n.startsWith(pe)||n.indexOf(this.clientId)!==-1)&&this.removeItem(n)})}async importExistingCache(e){if(!this.encryptionCookie)return;let t=Wt(this);t=await this.importArray(t,e),t.length?this.setItem(Vn(),JSON.stringify(t)):this.removeItem(Vn());const n=Ge(this.clientId,this);n.idToken=await this.importArray(n.idToken,e),n.accessToken=await this.importArray(n.accessToken,e),n.refreshToken=await this.importArray(n.refreshToken,e),n.idToken.length||n.accessToken.length||n.refreshToken.length?this.setItem(Zn(this.clientId),JSON.stringify(n)):this.removeItem(Zn(this.clientId))}async getItemFromEncryptedCache(e,t){if(!this.encryptionCookie)return null;const n=this.getItem(e);if(!n)return null;let o;try{o=JSON.parse(n)}catch{return null}return Or(o)?o.id!==this.encryptionCookie.id?(this.performanceClient.incrementFields({encryptedCacheExpiredCount:1},t),null):(this.performanceClient.incrementFields({encryptedCacheCount:1},t),w(ll,tl,this.logger,this.performanceClient,t)(this.encryptionCookie.key,o.nonce,this.getContext(e),o.data)):(this.performanceClient.incrementFields({unencryptedCacheCount:1},t),n)}async importArray(e,t){const n=[],o=[];return e.forEach(i=>{const s=this.getItemFromEncryptedCache(i,t).then(a=>{a?(this.memoryStorage.setItem(i,a),n.push(i)):this.removeItem(i)});o.push(s)}),await Promise.all(o),n}getContext(e){let t="";return e.includes(this.clientId)&&(t=this.clientId),t}updateCache(e,t){this.logger.trace("17cxcm",t);const n=this.performanceClient.startMeasurement($b);n.add({isBackground:!0});const{key:o,value:i,context:s}=e.data;if(!o){this.logger.error("0e10qr",t),n.end({success:!1,errorCode:"noKey"});return}if(s&&s!==this.clientId){this.logger.trace(`04rtdy ${s}`,t),n.end({success:!1,errorCode:"contextMismatch"});return}i?(this.memoryStorage.setItem(o,i),this.logger.verbose("1vzsgt",t)):(this.memoryStorage.removeItem(o),this.logger.verbose("04ypih",t)),n.end({success:!0})}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class rC{constructor(){if(!window.sessionStorage)throw he(Fu,"")}async initialize(){}getItem(e){return window.sessionStorage.getItem(e)}getUserData(e){return this.getItem(e)}setItem(e,t){window.sessionStorage.setItem(e,t)}async setUserData(e,t){this.setItem(e,t)}removeItem(e){window.sessionStorage.removeItem(e)}getKeys(){return Object.keys(window.sessionStorage)}containsKey(e){return window.sessionStorage.hasOwnProperty(e)}decryptData(){return Promise.resolve(null)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */const P={INITIALIZE_START:"msal:initializeStart",INITIALIZE_END:"msal:initializeEnd",ACTIVE_ACCOUNT_CHANGED:"msal:activeAccountChanged",LOGIN_SUCCESS:"msal:loginSuccess",ACQUIRE_TOKEN_START:"msal:acquireTokenStart",BROKERED_REQUEST_START:"msal:brokeredRequestStart",ACQUIRE_TOKEN_SUCCESS:"msal:acquireTokenSuccess",BROKERED_REQUEST_SUCCESS:"msal:brokeredRequestSuccess",ACQUIRE_TOKEN_FAILURE:"msal:acquireTokenFailure",BROKERED_REQUEST_FAILURE:"msal:brokeredRequestFailure",ACQUIRE_TOKEN_NETWORK_START:"msal:acquireTokenFromNetworkStart",HANDLE_REDIRECT_START:"msal:handleRedirectStart",HANDLE_REDIRECT_END:"msal:handleRedirectEnd",POPUP_OPENED:"msal:popupOpened",LOGOUT_START:"msal:logoutStart",LOGOUT_SUCCESS:"msal:logoutSuccess",LOGOUT_FAILURE:"msal:logoutFailure",LOGOUT_END:"msal:logoutEnd",RESTORE_FROM_BFCACHE:"msal:restoreFromBFCache",BROKER_CONNECTION_ESTABLISHED:"msal:brokerConnectionEstablished"};/*! @azure/msal-browser v5.16.0 2026-06-30 */const Pi="@azure/msal-browser",Nt="5.16.0";/*! @azure/msal-browser v5.16.0 2026-06-30 */function Tt(r,e){const t=r.indexOf(e);t>-1&&r.splice(t,1)}/*! @azure/msal-browser v5.16.0 2026-06-30 */const de={Invalid:"invalid",TtlExpired:"ttlExpired",DecryptFailed:"decryptFailed",Expired:"expired"};class ta extends Vs{constructor(e,t,n,o,i,s,a){super(e,n,o,i,a),this.cacheConfig=t,this.logger=o,this.internalStorage=new Ri,this.browserStorage=vl(e,t.cacheLocation,o,i),this.temporaryCacheStorage=vl(e,yt.SessionStorage,o,i),this.cookieStorage=new Bu,this.eventHandler=s}async initialize(e){this.performanceClient.addFields({cacheLocation:this.cacheConfig.cacheLocation,cacheRetentionDays:this.cacheConfig.cacheRetentionDays},e),await this.browserStorage.initialize(e),await this.migrateExistingCache(e),this.trackVersionChanges(e)}async migrateExistingCache(e){let t=Wt(this.browserStorage),n=Ge(this.clientId,this.browserStorage);this.performanceClient.addFields({preMigrateAcntCount:t.length,preMigrateATCount:n.accessToken.length,preMigrateITCount:n.idToken.length,preMigrateRTCount:n.refreshToken.length},e);for(let i=0;i<Do;i++){const s=i;await this.removeStaleAccounts(i,s,e)}for(let i=0;i<me;i++){const s=i;await this.migrateIdTokens(i,s,e)}const o=this.getKMSIValues();for(let i=0;i<me;i++)await this.migrateAccessTokens(i,o,e),await this.migrateRefreshTokens(i,o,e);t=Wt(this.browserStorage),n=Ge(this.clientId,this.browserStorage),this.performanceClient.addFields({postMigrateAcntCount:t.length,postMigrateATCount:n.accessToken.length,postMigrateITCount:n.idToken.length,postMigrateRTCount:n.refreshToken.length},e)}async updateOldEntry(e,t){const n=this.browserStorage.getItem(e),o=this.validateAndParseJson(n||"");if(!o)return this.browserStorage.removeItem(e),{entry:null,removalReason:de.Invalid};if(!o.lastUpdatedAt)o.lastUpdatedAt=Date.now().toString(),this.setItem(e,JSON.stringify(o),t);else if(Fh(o.lastUpdatedAt,this.cacheConfig.cacheRetentionDays))return this.browserStorage.removeItem(e),{entry:null,removalReason:de.TtlExpired};const i=Or(o),s=i?await this.browserStorage.decryptData(e,o,t):o;return s?Ti(s)?(jh(s)||zh(s))&&s.expiresOn&&ri(s.expiresOn,Ud)?(this.browserStorage.removeItem(e),{entry:null,removalReason:de.Expired}):{entry:s}:(this.browserStorage.removeItem(e),{entry:null,removalReason:de.Invalid}):(this.browserStorage.removeItem(e),{entry:null,removalReason:i?de.DecryptFailed:de.Invalid})}async removeStaleAccounts(e,t,n){const o=Wt(this.browserStorage,e);if(o.length!==0){for(const i of[...o]){this.performanceClient.incrementFields({oldAcntCount:1},n);const s=this.browserStorage.getItem(i),a=this.validateAndParseJson(s||"");if(!a){this.browserStorage.removeItem(i),this.performanceClient.incrementFields({invalidAcntCount:1},n),Tt(o,i);continue}if(a.lastUpdatedAt)Fh(a.lastUpdatedAt,this.cacheConfig.cacheRetentionDays)?(await this.removeAccountOldSchema(i,a,t,n),this.performanceClient.incrementFields({ttlExpiredAcntCount:1},n),Tt(o,i)):Or(a)&&(await this.browserStorage.decryptData(i,a,n)||(this.browserStorage.removeItem(i),this.performanceClient.incrementFields({decryptFailedAcntCount:1},n),Tt(o,i)));else{a.lastUpdatedAt=Date.now().toString(),this.setItem(i,JSON.stringify(a),n);continue}}this.setAccountKeys(o,n,e)}}async removeAccountOldSchema(e,t,n,o){const i=Or(t)?await this.browserStorage.decryptData(e,t,o):t,s=i==null?void 0:i.homeAccountId;if(s){const a=this.getTokenKeys(n);[...a.idToken].filter(c=>c.includes(s)).forEach(c=>{this.browserStorage.removeItem(c),Tt(a.idToken,c)}),[...a.accessToken].filter(c=>c.includes(s)).forEach(c=>{this.browserStorage.removeItem(c),Tt(a.accessToken,c)}),[...a.refreshToken].filter(c=>c.includes(s)).forEach(c=>{this.browserStorage.removeItem(c),Tt(a.refreshToken,c)}),this.setTokenKeys(a,o,n)}this.browserStorage.removeItem(e)}getKMSIValues(){const e={},t=this.getTokenKeys().idToken;for(const n of t){const o=this.browserStorage.getUserData(n);if(o){const i=JSON.parse(o),s=ft(i.secret,ve,"");s&&(e[i.homeAccountId]=mt(s))}}return e}async migrateIdTokens(e,t,n){const o=Ge(this.clientId,this.browserStorage,e);if(o.idToken.length===0)return;const i=Ge(this.clientId,this.browserStorage,me),s=Wt(this.browserStorage),a=Wt(this.browserStorage,t);for(const c of[...o.idToken]){this.performanceClient.incrementFields({oldITCount:1},n);const l=await this.updateOldEntry(c,n),h=l.entry;if(!h){switch(l.removalReason){case de.TtlExpired:this.performanceClient.incrementFields({ttlExpiredITCount:1},n);break;case de.DecryptFailed:this.performanceClient.incrementFields({decryptFailedITCount:1},n);break;case de.Invalid:this.performanceClient.incrementFields({invalidITCount:1},n);break}Tt(o.idToken,c);continue}const d=s.find(C=>C.includes(h.homeAccountId)),p=a.find(C=>C.includes(h.homeAccountId));let u=null;if(d)u=this.getAccount(d,n);else if(p){const C=this.browserStorage.getItem(p),k=this.validateAndParseJson(C||"");u=k&&Or(k)?await this.browserStorage.decryptData(p,k,n):k}if(!u){this.performanceClient.incrementFields({skipITMigrateCount:1},n);continue}const f=ft(h.secret,ve,n),g=this.generateCredentialKey(h),y=this.getIdTokenCredential(g,n),m=Object.keys(f).includes("signin_state"),b=y&&Object.keys(ft(y.secret,ve,n)||{}).includes("signin_state");if(!y||h.lastUpdatedAt>y.lastUpdatedAt&&(m||!b)){const C=u.tenantProfiles||[],k=Ja(f)||u.realm;if(k&&!C.find(S=>S.tenantId===k)){const S=ar(u.homeAccountId,u.localAccountId,k,u.nativeAccountId,f);C.push(S)}u.tenantProfiles=C;const _=this.generateAccountKey(bn(u)),O=mt(f);await this.setUserData(_,JSON.stringify(u),n,u.lastUpdatedAt,O),s.includes(_)||s.push(_),await this.setUserData(g,JSON.stringify(h),n,h.lastUpdatedAt,O),this.performanceClient.incrementFields({migratedITCount:1},n),i.idToken.includes(g)||i.idToken.push(g)}}this.setTokenKeys(o,n,e),this.setTokenKeys(i,n),this.setAccountKeys(s,n)}async migrateAccessTokens(e,t,n){const o=Ge(this.clientId,this.browserStorage,e);if(o.accessToken.length===0)return;const i=Ge(this.clientId,this.browserStorage,me);for(const s of[...o.accessToken]){this.performanceClient.incrementFields({oldATCount:1},n);const a=await this.updateOldEntry(s,n),c=a.entry;if(!c){switch(a.removalReason){case de.TtlExpired:this.performanceClient.incrementFields({ttlExpiredATCount:1},n);break;case de.DecryptFailed:this.performanceClient.incrementFields({decryptFailedATCount:1},n);break;case de.Expired:this.performanceClient.incrementFields({expiredATCount:1},n);break;case de.Invalid:this.performanceClient.incrementFields({invalidATCount:1},n);break}Tt(o.accessToken,s);continue}if(!(c.homeAccountId in t)){this.performanceClient.incrementFields({skipATMigrateCount:1},n);continue}const l=this.generateCredentialKey(c),h=t[c.homeAccountId];if(!i.accessToken.includes(l))await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedATCount:1},n),i.accessToken.push(l);else{const d=this.getAccessTokenCredential(l,n);(!d||c.lastUpdatedAt>d.lastUpdatedAt)&&(await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedATCount:1},n))}}this.setTokenKeys(o,n,e),this.setTokenKeys(i,n)}async migrateRefreshTokens(e,t,n){const o=Ge(this.clientId,this.browserStorage,e);if(o.refreshToken.length===0)return;const i=Ge(this.clientId,this.browserStorage,me);for(const s of[...o.refreshToken]){this.performanceClient.incrementFields({oldRTCount:1},n);const a=await this.updateOldEntry(s,n),c=a.entry;if(!c){switch(a.removalReason){case de.TtlExpired:this.performanceClient.incrementFields({ttlExpiredRTCount:1},n);break;case de.DecryptFailed:this.performanceClient.incrementFields({decryptFailedRTCount:1},n);break;case de.Expired:this.performanceClient.incrementFields({expiredRTCount:1},n);break;case de.Invalid:this.performanceClient.incrementFields({invalidRTCount:1},n);break}Tt(o.refreshToken,s);continue}if(!(c.homeAccountId in t)){this.performanceClient.incrementFields({skipRTMigrateCount:1},n);continue}const l=this.generateCredentialKey(c),h=t[c.homeAccountId];if(!i.refreshToken.includes(l))await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedRTCount:1},n),i.refreshToken.push(l);else{const d=this.getRefreshTokenCredential(l,n);(!d||c.lastUpdatedAt>d.lastUpdatedAt)&&(await this.setUserData(l,JSON.stringify(c),n,c.lastUpdatedAt,h),this.performanceClient.incrementFields({migratedRTCount:1},n))}}this.setTokenKeys(o,n,e),this.setTokenKeys(i,n)}trackVersionChanges(e){const t=this.browserStorage.getItem(fl);t&&(this.logger.info(`1wuc87 ${t}`,e),this.performanceClient.addGlobalFields({previousLibraryVersion:t})),t!==Nt&&this.setItem(fl,Nt,e)}validateAndParseJson(e){if(!e)return null;try{const t=JSON.parse(e);return t&&typeof t=="object"?t:null}catch{return null}}setItem(e,t,n){const o=new Array(me+1).fill(0),i=[],s=20;for(let a=0;a<=s;a++)try{if(this.browserStorage.setItem(e,t),a>0)for(let c=0;c<=me;c++){const l=o.slice(0,c).reduce((d,p)=>d+p,0);if(l>=a)break;const h=a>l+o[c]?l+o[c]:a;a>l&&o[c]>0&&this.removeAccessTokenKeys(i.slice(l,h),n,c)}break}catch(c){const l=Gs(c);if(l.errorCode===Bs&&a<s){if(!i.length)for(let h=0;h<=me;h++)if(e===Zn(this.clientId,h)){const d=JSON.parse(t).accessToken;i.push(...d),o[h]=d.length}else{const d=this.getTokenKeys(h).accessToken;i.push(...d),o[h]=d.length}if(i.length<=a)throw l;this.removeAccessToken(i[a],n,!1)}else throw l}}async setUserData(e,t,n,o,i){const s=new Array(me+1).fill(0),a=[],c=20;for(let l=0;l<=c;l++)try{if(await w(this.browserStorage.setUserData.bind(this.browserStorage),Pw,this.logger,this.performanceClient,n)(e,t,n,o,i),l>0)for(let h=0;h<=me;h++){const d=s.slice(0,h).reduce((u,f)=>u+f,0);if(d>=l)break;const p=l>d+s[h]?d+s[h]:l;l>d&&s[h]>0&&this.removeAccessTokenKeys(a.slice(d,p),n,h)}break}catch(h){const d=Gs(h);if(d.errorCode===Bs&&l<c){if(!a.length)for(let p=0;p<=me;p++){const u=this.getTokenKeys(p).accessToken;a.push(...u),s[p]=u.length}if(a.length<=l)throw d;this.removeAccessToken(a[l],n,!1)}else throw d}}getAccount(e,t){this.logger.trace("1lfvm6",t);const n=this.browserStorage.getUserData(e);if(!n)return this.removeAccountKeyFromMap(e,t),null;const o=this.validateAndParseJson(n);if(!o||!Vy(o))return null;const i=Vs.toObject({},o);return this.performanceClient.addFields({accountCachedBy:pb(i.cachedByApiId)},t),i}async setAccount(e,t,n,o){this.logger.trace("1bz3wr",t);const i=this.generateAccountKey(bn(e)),s=Date.now().toString();e.lastUpdatedAt=s,e.cachedByApiId=o,await this.setUserData(i,JSON.stringify(e),t,s,n),this.addAccountKeyToMap(i,t),this.performanceClient.addFields({kmsi:n},t)}setAccountKeys(e,t,n=Do){e.length===0?this.removeItem(Vn(n)):this.setItem(Vn(n),JSON.stringify(e),t)}getAccountKeys(){return Wt(this.browserStorage)}addAccountKeyToMap(e,t){this.logger.trace("0rb85k",t),this.logger.tracePii(`1l9bdo ${e}`,t);const n=this.getAccountKeys();return n.indexOf(e)===-1?(n.push(e),this.setItem(Vn(),JSON.stringify(n),t),this.logger.verbose("0xia39",t),!0):(this.logger.verbose("0161kk",t),!1)}removeAccountKeyFromMap(e,t){this.logger.trace("1jpigu",t),this.logger.tracePii(`1xzspl ${e}`,t);const n=this.getAccountKeys(),o=n.indexOf(e);o>-1?(n.splice(o,1),this.setAccountKeys(n,t)):this.logger.trace("1dytu2",t)}removeAccount(e,t){const n=this.getActiveAccount(t);(n==null?void 0:n.homeAccountId)===e.homeAccountId&&(n==null?void 0:n.environment)===e.environment&&this.setActiveAccount(null,t),super.removeAccount(e,t),this.removeAccountKeyFromMap(this.generateAccountKey(e),t),this.browserStorage.getKeys().forEach(o=>{o.includes(e.homeAccountId)&&o.includes(e.environment)&&this.browserStorage.removeItem(o)})}removeIdToken(e,t){super.removeIdToken(e,t);const n=this.getTokenKeys(),o=n.idToken.indexOf(e);o>-1&&(this.logger.info("05udv9",t),n.idToken.splice(o,1),this.setTokenKeys(n,t))}removeAccessToken(e,t,n=!0){super.removeAccessToken(e,t),n&&this.removeAccessTokenKeys([e],t)}removeAccessTokenKeys(e,t,n=me){this.logger.trace("17o18n",t);const o=this.getTokenKeys(n);let i=0;if(e.forEach(s=>{const a=o.accessToken.indexOf(s);a>-1&&(o.accessToken.splice(a,1),i++)}),i>0){this.logger.info(`15i5d5 ${i}`,t),this.setTokenKeys(o,t,n);return}}removeRefreshToken(e,t){super.removeRefreshToken(e,t);const n=this.getTokenKeys(),o=n.refreshToken.indexOf(e);o>-1&&(this.logger.info("1f4fq3",t),n.refreshToken.splice(o,1),this.setTokenKeys(n,t))}getTokenKeys(e=me){return Ge(this.clientId,this.browserStorage,e)}setTokenKeys(e,t,n=me){if(e.idToken.length===0&&e.accessToken.length===0&&e.refreshToken.length===0){this.removeItem(Zn(this.clientId,n));return}else this.setItem(Zn(this.clientId,n),JSON.stringify(e),t)}getIdTokenCredential(e,t){const n=this.browserStorage.getUserData(e);if(!n)return this.logger.trace("1jukz6",t),this.removeIdToken(e,t),null;const o=this.validateAndParseJson(n);return!o||!sw(o)?(this.logger.trace("1jukz6",t),null):(this.logger.trace("01ju66",t),o)}async setIdTokenCredential(e,t,n){this.logger.trace("13hjll",t);const o=this.generateCredentialKey(e),i=Date.now().toString();e.lastUpdatedAt=i,await this.setUserData(o,JSON.stringify(e),t,i,n);const s=this.getTokenKeys();s.idToken.indexOf(o)===-1&&(this.logger.info("07jy92",t),s.idToken.push(o),this.setTokenKeys(s,t))}getAccessTokenCredential(e,t){const n=this.browserStorage.getUserData(e);if(!n)return this.logger.trace("0bqvx8",t),this.removeAccessTokenKeys([e],t),null;const o=this.validateAndParseJson(n);return!o||!jh(o)?(this.logger.trace("0bqvx8",t),null):(this.logger.trace("1o81rl",t),o)}async setAccessTokenCredential(e,t,n){this.logger.trace("1pondb",t);const o=this.generateCredentialKey(e),i=Date.now().toString();e.lastUpdatedAt=i,await this.setUserData(o,JSON.stringify(e),t,i,n);const s=this.getTokenKeys(),a=s.accessToken.indexOf(o);a!==-1&&s.accessToken.splice(a,1),this.logger.trace(`1onhey ${a===-1?"added to":"updated in"}`,t),s.accessToken.push(o),this.setTokenKeys(s,t)}getRefreshTokenCredential(e,t){const n=this.browserStorage.getUserData(e);if(!n)return this.logger.trace("0jlizt",t),this.removeRefreshToken(e,t),null;const o=this.validateAndParseJson(n);return!o||!zh(o)?(this.logger.trace("0jlizt",t),null):(this.logger.trace("0nokxi",t),o)}async setRefreshTokenCredential(e,t,n){this.logger.trace("0tcg8d",t);const o=this.generateCredentialKey(e),i=Date.now().toString();e.lastUpdatedAt=i,await this.setUserData(o,JSON.stringify(e),t,i,n);const s=this.getTokenKeys();s.refreshToken.indexOf(o)===-1&&(this.logger.info("0eckjs",t),s.refreshToken.push(o),this.setTokenKeys(s,t))}getAppMetadata(e,t){const n=this.browserStorage.getItem(e);if(!n)return this.logger.trace("1q101h",t),null;const o=this.validateAndParseJson(n);return!o||!lw(e,o)?(this.logger.trace("1q101h",t),null):(this.logger.trace("19pvg2",t),o)}setAppMetadata(e,t){this.logger.trace("0cyma6",t);const n=hw(e);this.setItem(n,JSON.stringify(e),t)}getServerTelemetry(e,t){const n=this.browserStorage.getItem(e);if(!n)return this.logger.trace("0jk19c",t),null;const o=this.validateAndParseJson(n);return!o||!aw(e,o)?(this.logger.trace("0jk19c",t),null):(this.logger.trace("12jguk",t),o)}setServerTelemetry(e,t,n){this.logger.trace("1poh61",n),this.setItem(e,JSON.stringify(t),n)}getAuthorityMetadata(e,t){const n=this.internalStorage.getItem(e);if(!n)return this.logger.trace("1r39oe",t),null;const o=this.validateAndParseJson(n);return o&&dw(e,o)?(this.logger.trace("1ohvk3",t),o):null}getAuthorityMetadataKeys(){return this.internalStorage.getKeys().filter(t=>this.isAuthorityMetadata(t))}setWrapperMetadata(e,t){this.internalStorage.setItem(Eo.WRAPPER_SKU,e),this.internalStorage.setItem(Eo.WRAPPER_VER,t)}getWrapperMetadata(){const e=this.internalStorage.getItem(Eo.WRAPPER_SKU)||"",t=this.internalStorage.getItem(Eo.WRAPPER_VER)||"";return[e,t]}setAuthorityMetadata(e,t,n){this.logger.trace("07w8n2",n),this.internalStorage.setItem(e,JSON.stringify(t))}getActiveAccount(e){const t=this.generateCacheKey(Ah.ACTIVE_ACCOUNT_FILTERS),n=this.browserStorage.getItem(t);if(!n)return this.logger.trace("08gw0e",e),null;const o=this.validateAndParseJson(n);return o?(this.logger.trace("1t3ch7",e),this.getAccountInfoFilteredBy({homeAccountId:o.homeAccountId,localAccountId:o.localAccountId,tenantId:o.tenantId},e)):(this.logger.trace("0me1up",e),null)}setActiveAccount(e,t){const n=this.generateCacheKey(Ah.ACTIVE_ACCOUNT_FILTERS);if(e){this.logger.verbose("0rsj80",t);const o={homeAccountId:e.homeAccountId,localAccountId:e.localAccountId,tenantId:e.tenantId};this.setItem(n,JSON.stringify(o),t)}else this.logger.verbose("1bp5z5",t),this.browserStorage.removeItem(n);this.eventHandler.emitEvent(P.ACTIVE_ACCOUNT_CHANGED,t)}getThrottlingCache(e,t){const n=this.browserStorage.getItem(e);if(!n)return this.logger.trace("1h4wa6",t),null;const o=this.validateAndParseJson(n);return!o||!cw(e,o)?(this.logger.trace("1h4wa6",t),null):(this.logger.trace("0of6n8",t),o)}setThrottlingCache(e,t,n){this.logger.trace("0wfgh6",n),this.setItem(e,JSON.stringify(t),n)}getTemporaryCache(e,t,n){this.logger.trace("1ordf8",t);const o=n?this.generateCacheKey(e):e;return this.temporaryCacheStorage.getItem(o)}setTemporaryCache(e,t,n){const o=n?this.generateCacheKey(e):e;this.temporaryCacheStorage.setItem(o,t)}removeItem(e){this.browserStorage.removeItem(e)}removeTemporaryItem(e){this.temporaryCacheStorage.removeItem(e)}getKeys(){return this.browserStorage.getKeys()}clear(e){this.removeAllAccounts(e),this.removeAppMetadata(e),this.temporaryCacheStorage.getKeys().forEach(t=>{(t.indexOf(pe)!==-1||t.indexOf(this.clientId)!==-1)&&this.removeTemporaryItem(t)}),this.browserStorage.getKeys().forEach(t=>{(t.indexOf(pe)!==-1||t.indexOf(this.clientId)!==-1)&&this.browserStorage.removeItem(t)}),this.internalStorage.clear()}generateCacheKey(e){return mn.startsWith(e,pe)?e:`${pe}.${this.clientId}.${e}`}generateCredentialKey(e){const t=e.credentialType===ue.REFRESH_TOKEN&&e.familyId||e.clientId,n=e.tokenType&&e.tokenType.toLowerCase()!==ee.BEARER.toLowerCase()?e.tokenType.toLowerCase():"";return[`${pe}.${me}`,e.homeAccountId,e.environment,e.credentialType,t,e.realm||"",e.target||"",n].join(pl).toLowerCase()}generateAccountKey(e){const t=e.homeAccountId.split(".")[1];return[`${pe}.${Do}`,e.homeAccountId,e.environment,t||e.tenantId||""].join(pl).toLowerCase()}resetRequestCache(e){this.logger.trace("0h0ynu",e),this.removeTemporaryItem(this.generateCacheKey(se.REQUEST_PARAMS)),this.removeTemporaryItem(this.generateCacheKey(se.VERIFIER)),this.removeTemporaryItem(this.generateCacheKey(se.ORIGIN_URI)),this.removeTemporaryItem(this.generateCacheKey(se.URL_HASH)),this.removeTemporaryItem(this.generateCacheKey(se.NATIVE_REQUEST)),this.setInteractionInProgress(!1,void 0)}cacheAuthorizeRequest(e,t,n){this.logger.trace("1tzef5",t);const o=Vr(JSON.stringify(e));if(this.setTemporaryCache(se.REQUEST_PARAMS,o,!0),n){const i=Vr(n);this.setTemporaryCache(se.VERIFIER,i,!0)}}getCachedRequest(e){this.logger.trace("0uen20",e);const t=this.getTemporaryCache(se.REQUEST_PARAMS,e,!0);if(!t)throw A(Yv,"");const n=this.getTemporaryCache(se.VERIFIER,e,!0);let o,i="";try{o=JSON.parse(ve(t)),n&&(i=ve(n))}catch(s){throw this.logger.errorPii(`0ewsey ${t}`,e),this.logger.error(`0tvdic ${s}`,e),A(Qv,"")}return[o,i]}getCachedNativeRequest(){this.logger.trace("1yxcdm","");const e=this.getTemporaryCache(se.NATIVE_REQUEST,"",!0);if(!e)return this.logger.trace("0mnxd4",""),null;const t=this.validateAndParseJson(e);return t||(this.logger.error("0rrkip",""),null)}isInteractionInProgress(e){var n;const t=(n=this.getInteractionInProgress())==null?void 0:n.clientId;return e?t===this.clientId:!!t}getInteractionInProgress(){const e=`${pe}.${se.INTERACTION_STATUS_KEY}`,t=this.getTemporaryCache(e,"",!1);try{return t?JSON.parse(t):null}catch{return this.logger.error("0jjyys",""),this.removeTemporaryItem(e),this.resetRequestCache(""),ju(window),null}}setInteractionInProgress(e,t=Bt.SIGNIN,n=!1,o=""){var s;const i=`${pe}.${se.INTERACTION_STATUS_KEY}`;if(e){const a=this.getInteractionInProgress();if(a)if(n)this.logger.warning(`1pmscr ${a.clientId} ${a.type}`,o),Db(this.logger,o),this.removeTemporaryItem(i);else throw A(zv,"");this.setTemporaryCache(i,JSON.stringify({clientId:this.clientId,type:t}),!1)}else!e&&((s=this.getInteractionInProgress())==null?void 0:s.clientId)===this.clientId&&this.removeTemporaryItem(i)}async hydrateCache(e,t){const n=bi(e.account.homeAccountId,e.account.environment,e.idToken,this.clientId,e.tenantId),o=Ci(e.account.homeAccountId,e.account.environment,e.accessToken,this.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?ni(e.expiresOn):0,e.extExpiresOn?ni(e.extExpiresOn):0,ve,t.correlationId||"",void 0,e.tokenType,void 0,t.sshKid);t.resource&&(o.resource=t.resource);const i={idToken:n,accessToken:o};return this.saveCacheRecord(i,e.correlationId,mt(ft(e.idToken,ve,e.correlationId)),z.hydrateCache)}async saveCacheRecord(e,t,n,o,i){try{await super.saveCacheRecord(e,t,n,o,i)}catch(s){if(s instanceof Jn&&this.performanceClient&&t)try{const a=this.getTokenKeys();this.performanceClient.addFields({cacheRtCount:a.refreshToken.length,cacheIdCount:a.idToken.length,cacheAtCount:a.accessToken.length},t)}catch{}throw s}}}function vl(r,e,t,n){try{switch(e){case yt.LocalStorage:return new nC(r,t,n);case yt.SessionStorage:return new rC;case yt.MemoryStorage:default:break}}catch(o){t.error(o,"")}return new Ri}const oC=(r,e,t,n)=>{const o={cacheLocation:yt.MemoryStorage,cacheRetentionDays:5};return new ta(r,o,Qo,e,t,n)};/*! @azure/msal-browser v5.16.0 2026-06-30 */function iC(r,e,t,n,o){return r.verbose("1yd030",n),t?e.getAllAccounts(o,n):[]}function sC(r,e,t,n){e.trace("0u7b90",n);const o=t.getAccountInfoFilteredBy(r,n);return o?(e.verbose("0btgll",n),o):(e.verbose("0ltaj5",n),null)}function aC(r,e,t){e.setActiveAccount(r,t)}function cC(r,e){return r.getActiveAccount(e)}/*! @azure/msal-browser v5.16.0 2026-06-30 */const hC="msal.broadcast.event";class lC{constructor(e){this.eventCallbacks=new Map,this.logger=e||new ot({},Pi,Nt),typeof BroadcastChannel<"u"&&(this.broadcastChannel=new BroadcastChannel(hC)),this.invokeCrossTabCallbacks=this.invokeCrossTabCallbacks.bind(this)}addEventCallback(e,t,n){if(typeof window<"u"){const o=n||qs();return this.eventCallbacks.has(o)?(this.logger.error(`1578i0 ${o}`,""),null):(this.eventCallbacks.set(o,[e,t||[]]),this.logger.verbose(`1cnec4 ${o}`,""),o)}return null}removeEventCallback(e){this.eventCallbacks.delete(e),this.logger.verbose(`12zotd ${e}`,"")}emitEvent(e,t,n,o,i){var a;const s={eventType:e,interactionType:n||null,payload:o||null,error:i||null,correlationId:t,timestamp:Date.now()};switch(e){case P.LOGIN_SUCCESS:case P.LOGOUT_SUCCESS:case P.ACTIVE_ACCOUNT_CHANGED:(a=this.broadcastChannel)==null||a.postMessage(s)}this.invokeCallbacks(s)}invokeCallbacks(e){this.eventCallbacks.forEach(([t,n],o)=>{(n.length===0||n.includes(e.eventType))&&(this.logger.verbose(`15jpwk ${o} ${e.eventType}`,""),t.apply(null,[e]))})}invokeCrossTabCallbacks(e){const t=e.data;this.invokeCallbacks(t)}subscribeCrossTab(){var e;(e=this.broadcastChannel)==null||e.addEventListener("message",this.invokeCrossTabCallbacks)}unsubscribeCrossTab(){var e;(e=this.broadcastChannel)==null||e.removeEventListener("message",this.invokeCrossTabCallbacks)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class Gu{constructor(e,t,n,o,i,s,a,c,l){this.config=e,this.browserStorage=t,this.browserCrypto=n,this.networkClient=this.config.system.networkClient,this.eventHandler=i,this.navigationClient=s,this.platformAuthProvider=l,this.correlationId=c,this.logger=o.clone(Pi,Nt),this.performanceClient=a}}function ci(r,e,t,n){t.verbose("0bd1la",n);const o=r||e||"";return B.getAbsoluteUrl(o,_t(),n)}function Re(r,e,t,n,o,i,s=!0){if(o.verbose("1p12tq",t),!s)return o.verbose("0tajnr",t),new nv;const a={clientId:e,correlationId:t,apiId:r,forceRefresh:!1,wrapperSKU:n.getWrapperMetadata()[0],wrapperVer:n.getWrapperMetadata()[1]};return new er(a,n)}async function At(r,e,t,n,o,i,s,a,c){const l=a&&a.hasOwnProperty("instance_aware")?a.instance_aware:void 0,h={protocolMode:r.system.protocolMode,OIDCOptions:r.auth.OIDCOptions,knownAuthorities:r.auth.knownAuthorities,cloudDiscoveryMetadata:r.auth.cloudDiscoveryMetadata,authorityMetadata:r.auth.authorityMetadata},d=i||r.auth.authority,p=l!=null&&l.length?l==="true":r.auth.instanceAware,u=c&&p?r.auth.authority.replace(B.getDomainFromUrl(d,e),c.environment):d,f=Oe.generateAuthority(u,s||r.auth.azureCloudOptions),g=await w(Cu,Tv,o,t,e)(f,r.system.networkClient,n,h,o,e,t);if(c&&!g.isAlias(c.environment))throw V(Ym,e);return g}async function gc(r,e,t,n,o){if(o)try{r.removeAccount(o,n),t.verbose("0s4z6h",n)}catch{t.error("0mgg1d",n)}else try{t.verbose("0zj631",n),r.clear(n),await e.clearKeystore(n)}catch{t.error("12ih0c",n)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */async function mc(r,e,t,n,o){const i=r.authority||e.auth.authority,s=[...r&&r.scopes||[]],a={...r,correlationId:r.correlationId,authority:i,scopes:s};if(!a.authenticationScheme)a.authenticationScheme=ee.BEARER,n.verbose("1l4fwv",o);else{if(a.authenticationScheme===ee.SSH){if(!r.sshJwk)throw V(Oa,"");if(!r.sshKid)throw V(Zm,"")}n.verbose(`1ecmns ${a.authenticationScheme}`,o)}return a}async function dC(r,e,t,n,o){const i=await w(mc,tc,o,n,r.correlationId)(r,t,n,o,r.correlationId);return{...r,...i,account:e,forceRefresh:r.forceRefresh||!1}}function Vu(r,e){let t;const n=r.httpMethod;if(e===Me.EAR){if(n&&n!==Wn.POST)throw V(Qm,"");t=Wn.POST}else t=n||Wn.GET;return t}/*! @azure/msal-browser v5.16.0 2026-06-30 */class hr extends Gu{initializeLogoutRequest(e){this.logger.verbose("0546u4",this.correlationId);const t={correlationId:this.correlationId,...e};if(e)if(e.logoutHint)this.logger.verbose("12k4l4",this.correlationId);else if(e.account){const n=e.account.loginHint||this.getLogoutHintFromIdTokenClaims(e.account);n&&(this.logger.verbose("0d7s8p",this.correlationId),t.logoutHint=n)}else this.logger.verbose("0pdtc3",this.correlationId);else this.logger.verbose("07ndze",this.correlationId);return!e||e.postLogoutRedirectUri!==null?e&&e.postLogoutRedirectUri?(this.logger.verbose("1vamm6",t.correlationId),t.postLogoutRedirectUri=B.getAbsoluteUrl(e.postLogoutRedirectUri,_t(),t.correlationId)):this.config.auth.postLogoutRedirectUri===null?this.logger.verbose("15m5g7",t.correlationId):this.config.auth.postLogoutRedirectUri?(this.logger.verbose("1f4xlz",t.correlationId),t.postLogoutRedirectUri=B.getAbsoluteUrl(this.config.auth.postLogoutRedirectUri,_t(),t.correlationId)):(this.logger.verbose("17s5rf",t.correlationId),t.postLogoutRedirectUri=B.getAbsoluteUrl(_t(),_t(),t.correlationId)):this.logger.verbose("0ljv63",t.correlationId),t}getLogoutHintFromIdTokenClaims(e){const t=e.idTokenClaims;if(t){if(t.login_hint)return this.logger.verbose("0u5bmc",this.correlationId),t.login_hint;this.logger.verbose("0mvp54",this.correlationId)}else this.logger.verbose("1e7bdp",this.correlationId);return null}async createAuthCodeClient(e){const t=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)(e);return new Tu(t,this.performanceClient)}async getClientConfiguration(e){const{serverTelemetryManager:t,requestAuthority:n,requestAzureCloudOptions:o,requestExtraQueryParameters:i,account:s}=e,a=e.authority||await w(At,yn,this.logger,this.performanceClient,this.correlationId)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,n,o,i,s),c=this.config.system.loggerOptions;return{authOptions:{clientId:this.config.auth.clientId,authority:a,clientCapabilities:this.config.auth.clientCapabilities,redirectUri:this.config.auth.redirectUri,isMcp:this.config.auth.isMcp},systemOptions:{tokenRenewalOffsetSeconds:this.config.system.tokenRenewalOffsetSeconds,preventCorsPreflight:!0},loggerOptions:{loggerCallback:c.loggerCallback,piiLoggingEnabled:c.piiLoggingEnabled,logLevel:c.logLevel,correlationId:this.correlationId},cryptoInterface:this.browserCrypto,networkInterface:this.networkClient,storageInterface:this.browserStorage,serverTelemetryManager:t,libraryInfo:{sku:Ye.MSAL_SKU,version:Nt,cpu:"",os:""},telemetry:this.config.telemetry}}}async function Zr(r,e,t,n,o,i,s,a){const c=ci(r.redirectUri,t.auth.redirectUri,i,a);new URL(c).origin!==new URL(window.location.href).origin&&(i.warning("08qbvw",a),s.addFields({isRedirectUriCrossOrigin:!0},a));const l={interactionType:e},h=$a(n,r&&r.state||"",l,a),p={...await w(mc,tc,i,s,a)({...r,correlationId:a},t,s,i,a),redirectUri:c,state:h,nonce:r.nonce||en(),responseMode:t.auth.OIDCOptions.responseMode},u={...p,httpMethod:Vu(p,t.system.protocolMode)};if(r.loginHint||r.sid)return u;const f=r.account||o.getActiveAccount(a);return f&&(i.verbose("1eqlb3",a),i.verbosePii(`0tf99t ${f.homeAccountId}`,a),u.account=f),u}/*! @azure/msal-browser v5.16.0 2026-06-30 */function uC(r,e,t){if(!e)return null;try{return ao(r.base64Decode,e,t).libraryState.meta}catch{throw T(Jr,t)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */function Kr(r,e,t,n){const o=Yo(r);if(!o)throw ou(r)?(t.error(`13pl0s ${e} ${e}`,n),t.errorPii(`1097vx ${e} ${r}`,n),A(Fv,n)):(t.error(`18h0l1 ${e} ${e}`,n),A(Kv,n));return o}function pC(r,e,t,n){if(!r.state)throw A(ic,n);const o=uC(e,r.state,n);if(!o)throw A(Au,n);if(o.interactionType!==t)throw A(jv,n)}/*! @azure/msal-browser v5.16.0 2026-06-30 */class Zu{constructor(e,t,n,o,i){this.authModule=e,this.browserStorage=t,this.authCodeRequest=n,this.logger=o,this.performanceClient=i}async handleCodeResponse(e,t,n){let o;try{o=Xw(e,t.state,t.correlationId)}catch(i){throw i instanceof In&&i.subError===Xs?A(Xs,t.correlationId):i}return w(this.handleCodeResponseFromServer.bind(this),du,this.logger,this.performanceClient,t.correlationId)(o,t,n)}async handleCodeResponseFromServer(e,t,n,o=!0){if(this.logger.trace("0mf2hb",t.correlationId),this.authCodeRequest.code=e.code,o&&(e.nonce=t.nonce||void 0),e.state=t.state,e.client_info)this.authCodeRequest.clientInfo=e.client_info;else{const s=this.createCcsCredentials(t);s&&(this.authCodeRequest.ccsCredential=s)}return await w(this.authModule.acquireToken.bind(this.authModule),Cv,this.logger,this.performanceClient,t.correlationId)(this.authCodeRequest,n,e)}createCcsCredentials(e){return e.account?{credential:e.account.homeAccountId,type:tt.HOME_ACCOUNT_ID}:e.loginHint?{credential:e.loginHint,type:tt.UPN}:null}}/*! @azure/msal-browser v5.16.0 2026-06-30 */const fC="ContentError",gC="PageException",mC="user_switch";/*! @azure/msal-browser v5.16.0 2026-06-30 */const yC="USER_INTERACTION_REQUIRED",wC="USER_CANCEL",vC="NO_NETWORK",bC="DISABLED",CC="ACCOUNT_UNAVAILABLE",TC="UI_NOT_ALLOWED";/*! @azure/msal-browser v5.16.0 2026-06-30 */const kC=-2147186943;class qe extends oe{constructor(e,t,n,o){super(e,t,n||Ei(e)),Object.setPrototypeOf(this,qe.prototype),this.name="NativeAuthError",this.ext=o}}function Un(r){if(r.ext&&r.ext.status&&r.ext.status===bC||r.ext&&r.ext.error&&r.ext.error===kC)return!0;switch(r.errorCode){case fC:case gC:return!0;default:return!1}}function hi(r,e,t,n){let o;if(n&&n.status){switch(n.status){case CC:o=oi(Nw,e,Ei(r));break;case yC:o=new st(r,e,t);break;case wC:o=A(Xs,e);break;case vC:o=A(Ys,e);break;case TC:o=oi(pu,e);break;default:o=new qe(r,e,t,n)}return o}return o=new qe(r,e,t,n),o}/*! @azure/msal-browser v5.16.0 2026-06-30 */class $u extends hr{async acquireToken(e){const t=Re(z.acquireTokenSilent_silentFlow,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),n=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:t,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,account:e.account}),o=new Vw(n,this.performanceClient);this.logger.verbose("0wa871",this.correlationId);try{const s=(await w(o.acquireCachedToken.bind(o),wv,this.logger,this.performanceClient,e.correlationId)(e))[0];return this.performanceClient.addFields({fromCache:!0},e.correlationId),s}catch(i){throw i instanceof co&&i.errorCode===Pu&&this.logger.verbose("06wena",this.correlationId),i}}logout(e){this.logger.verbose("1rkurh",this.correlationId);const t=this.initializeLogoutRequest(e);return gc(this.browserStorage,this.browserCrypto,this.logger,this.correlationId,t.account)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class Lo extends Gu{constructor(e,t,n,o,i,s,a,c,l,h,d,p){super(e,t,n,o,i,s,c,p,l),this.apiId=a,this.accountId=h,this.platformAuthProvider=l,this.nativeStorageManager=d,this.silentCacheClient=new $u(e,this.nativeStorageManager,n,o,i,s,c,p,l);const u=this.platformAuthProvider.getExtensionName();this.skus=er.makeExtraSkuString({libraryName:Ye.MSAL_SKU,libraryVersion:Nt,extensionName:u,extensionVersion:this.platformAuthProvider.getExtensionVersion()})}addRequestSKUs(e){e.extraParameters={...e.extraParameters,[Mm]:this.skus}}async acquireToken(e,t){this.logger.trace("03qeos",this.correlationId);const n=this.performanceClient.startMeasurement(ec,this.correlationId),o=it(),i=Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{const s=await this.initializePlatformRequest(e);try{const c=await this.acquireTokensFromCache(this.accountId,s);return n.end({success:!0,isNativeBroker:!1,fromCache:!0}),c}catch(c){if(t===Se.AccessToken)throw this.logger.info("0eitbc",this.correlationId),n.end({success:!1,brokerErrorCode:"cache_request_failed"}),c;this.logger.info("0957j1",this.correlationId)}const a=await this.platformAuthProvider.sendMessage(s);return await this.handleNativeResponse(a,s,o).then(c=>(n.end({success:!0,isNativeBroker:!0,requestId:c.requestId}),i.clearNativeBrokerErrorCode(),c)).catch(c=>{throw n.end({success:!1,errorCode:c.errorCode,subErrorCode:c.subError}),c})}catch(s){throw s instanceof qe&&i.setNativeBrokerErrorCode(s.errorCode),n.end({success:!1}),s}}createSilentCacheRequest(e,t){return{authority:e.authority,correlationId:this.correlationId,scopes:Ce.fromString(e.scope,this.correlationId).asArray(),account:t,forceRefresh:!1}}async acquireTokensFromCache(e,t){if(!e)throw this.logger.warning("1ndf3e",this.correlationId),T(Mh,this.correlationId);const n=this.browserStorage.getBaseAccountInfo({nativeAccountId:e},this.correlationId);if(!n)throw T(Mh,this.correlationId);try{const o=this.createSilentCacheRequest(t,n),i=await this.silentCacheClient.acquireToken(o),s=this.browserStorage.getIdToken(n,this.correlationId,this.browserStorage.getTokenKeys(),n.tenantId),a=ft((s==null?void 0:s.secret)||"",ve,this.correlationId),c=qo(n,void 0,a,s==null?void 0:s.secret);return{...i,idToken:(s==null?void 0:s.secret)||"",idTokenClaims:a,account:c}}catch(o){throw o}}async acquireTokenRedirect(e,t,n){this.logger.trace("0luikq",this.correlationId);const o=await this.initializePlatformRequest(e),i=(n==null?void 0:n.navigateToLoginRequestUrl)??!0;try{await this.platformAuthProvider.sendMessage(o)}catch(c){if(c instanceof qe&&(Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled).setNativeBrokerErrorCode(c.errorCode),Un(c)))throw c}this.browserStorage.setTemporaryCache(se.NATIVE_REQUEST,JSON.stringify(o),!0);const s={apiId:z.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=i?B.getAbsoluteUrl(e.redirectStartPage||window.location.href,_t(),this.correlationId):ci(e.redirectUri,this.config.auth.redirectUri,this.logger,this.correlationId);t.end({success:!0}),await this.navigationClient.navigateExternal(a,s)}async handleRedirectPromise(){var i,s;if(this.logger.trace("1c5lhw",this.correlationId),!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("0le6uv",this.correlationId),null;const e=this.browserStorage.getCachedNativeRequest();if(!e)return this.logger.verbose("0a6zjb",this.correlationId),(i=this.performanceClient)==null||i.addFields({errorCode:"no_cached_request"},this.correlationId),null;const{prompt:t,...n}=e;t&&this.logger.verbose("0ac34v",this.correlationId),this.browserStorage.removeItem(this.browserStorage.generateCacheKey(se.NATIVE_REQUEST));const o=it();try{this.logger.verbose("003x5a",this.correlationId);const a=await this.platformAuthProvider.sendMessage(n),c=await this.handleNativeResponse(a,n,o);return Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled).clearNativeBrokerErrorCode(),(s=this.performanceClient)==null||s.addFields({isNativeBroker:!0},this.correlationId),c}catch(a){throw a}}logout(){return this.logger.trace("0u2sjm",this.correlationId),Promise.reject("Logout not implemented yet")}async handleNativeResponse(e,t,n){var h,d;this.logger.trace("1bojln",this.correlationId);const o=ft(e.id_token,ve,this.correlationId),i=this.createHomeAccountIdentifier(e,o),s=(h=this.browserStorage.getAccountInfoFilteredBy({nativeAccountId:t.accountId},this.correlationId))==null?void 0:h.homeAccountId;if((d=t.extraParameters)!=null&&d.child_client_id&&e.account.id!==t.accountId)this.logger.info("1ub1in",this.correlationId);else if(i!==s&&e.account.id!==t.accountId)throw hi(mC,this.correlationId);const a=await At(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,t.authority),c=gu(this.browserStorage,a,i,ve,this.correlationId,o,e.client_info,a.getPreferredCache(),o.tid,void 0,e.account.id,this.logger,this.performanceClient);e.expires_in=Number(e.expires_in);const l=await this.generateAuthenticationResult(e,t,o,c,a.canonicalAuthority,n);return await this.cacheAccount(c,mt(o)),await this.cacheNativeTokens(e,t,i,o,l.tenantId,n,a.getPreferredCache()),l}createHomeAccountIdentifier(e,t){return au(e.client_info||"",Ze.Default,this.logger,this.browserCrypto,this.correlationId,t)}generateScopes(e,t){return t?Ce.fromString(t,this.correlationId):Ce.fromString(e,this.correlationId)}async generatePopAccessToken(e,t){if(t.tokenType===ee.POP&&t.signPopToken){if(e.shr)return this.logger.trace("0coqhu",this.correlationId),e.shr;const n=new qn(this.browserCrypto,this.performanceClient),o={resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,shrNonce:t.shrNonce,correlationId:this.correlationId};if(!t.keyId)throw T(Gd,this.correlationId);return n.signPopToken(e.access_token,t.keyId,o)}else return e.access_token}async generateAuthenticationResult(e,t,n,o,i,s){var y;const a=this.addTelemetryFromNativeResponse(e.properties.MATS),c=this.generateScopes(t.scope,e.scope),l=e.account.properties||{},h=l.UID||n.oid||n.sub||"",d=l.TenantId||n.tid||"",p=qo(bn(o),void 0,n,e.id_token);if(p.nativeAccountId!==e.account.id){p.nativeAccountId=e.account.id;const m=d||p.tenantId,b=(y=p.tenantProfiles)==null?void 0:y.get(m);b&&(b.nativeAccountId=e.account.id)}const u=await this.generatePopAccessToken(e,t),f=t.tokenType===ee.POP?ee.POP:ee.BEARER;return{authority:i,uniqueId:h,tenantId:d,scopes:c.asArray(),account:p,idToken:e.id_token,idTokenClaims:n,accessToken:u,fromCache:a?this.isResponseFromCache(a):!1,expiresOn:Mo(s+e.expires_in),tokenType:f,correlationId:this.correlationId,state:e.state,fromPlatformBroker:!0,...t.resource&&{resource:t.resource}}}async cacheAccount(e,t){await this.browserStorage.setAccount(e,this.correlationId,t,this.apiId),this.browserStorage.removeAccountContext(bn(e),this.correlationId)}async cacheNativeTokens(e,t,n,o,i,s,a){var f;const c=bi(n,a,e.id_token||"",t.clientId,o.tid||""),l=t.tokenType===ee.POP?_h:(typeof e.expires_in=="string"?parseInt(e.expires_in,10):e.expires_in)||0,h=s+l,d=this.generateScopes(e.scope,t.scope),p=Ci(n,a,e.access_token,t.clientId,o.tid||i,d.printScopes(),h,0,ve,t.correlationId,void 0,t.tokenType,void 0,t.keyId);c&&((f=t.storeInCache)==null?void 0:f.idToken)!==!1&&await this.browserStorage.setIdTokenCredential(c,this.correlationId,mt(o));const u={accessToken:p};return this.nativeStorageManager.saveCacheRecord(u,this.correlationId,mt(o),this.apiId,t.storeInCache)}getExpiresInValue(e,t){return e===ee.POP?_h:(typeof t=="string"?parseInt(t,10):t)||0}addTelemetryFromNativeResponse(e){const t=this.getMATSFromResponse(e);return t?(this.performanceClient.addFields({extensionId:this.platformAuthProvider.getExtensionId(),extensionVersion:this.platformAuthProvider.getExtensionVersion(),matsBrokerVersion:t.broker_version,matsAccountJoinOnStart:t.account_join_on_start,matsAccountJoinOnEnd:t.account_join_on_end,matsDeviceJoin:t.device_join,matsPromptBehavior:t.prompt_behavior,matsApiErrorCode:t.api_error_code,matsUiVisible:t.ui_visible,matsSilentCode:t.silent_code,matsSilentBiSubCode:t.silent_bi_sub_code,matsSilentMessage:t.silent_message,matsSilentStatus:t.silent_status,matsHttpStatus:t.http_status,matsHttpEventCount:t.http_event_count},this.correlationId),t):null}getMATSFromResponse(e){if(e)try{return JSON.parse(e)}catch{this.logger.error("0b3l57",this.correlationId)}return null}isResponseFromCache(e){return typeof e.is_cached>"u"?(this.logger.verbose("1okqev",this.correlationId),!1):!!e.is_cached}async initializePlatformRequest(e){this.logger.trace("1xdm2a",this.correlationId);const t=await this.getCanonicalAuthority(e),n=e.skipBrokerClaims&&e.embeddedClientId?void 0:this.config.auth.clientCapabilities,{scopes:o,claims:i,...s}=e,a=new Ce(o||[],this.correlationId);a.appendScopes(ir);const c=qd(i,n!=null&&n.length?n:void 0),l={...s,claims:c,accountId:this.accountId,clientId:this.config.auth.clientId,authority:t.urlString,scope:a.printScopes(),redirectUri:ci(e.redirectUri,this.config.auth.redirectUri,this.logger,this.correlationId),prompt:this.getPrompt(e.prompt),correlationId:this.correlationId,tokenType:e.authenticationScheme,windowTitleSubstring:document.title,extraParameters:{...e.extraParameters},extendedExpiryToken:!1,keyId:e.popKid};if(l.signPopToken&&e.popKid)throw A(hb,this.correlationId);if(this.handleExtraBrokerParams(l),l.extraParameters=l.extraParameters||{},l.extraParameters.telemetry=je.MATS_TELEMETRY,e.authenticationScheme===ee.POP){const h={resourceRequestUri:e.resourceRequestUri,resourceRequestMethod:e.resourceRequestMethod,shrClaims:e.shrClaims,shrNonce:e.shrNonce,correlationId:this.correlationId},d=new qn(this.browserCrypto,this.performanceClient);let p;if(l.keyId)p=this.browserCrypto.base64UrlEncode(JSON.stringify({kid:l.keyId})),l.signPopToken=!1;else{const u=await w(d.generateCnf.bind(d),so,this.logger,this.performanceClient,this.correlationId)(h,this.logger);p=u.reqCnfString,l.keyId=u.kid,l.signPopToken=!0}l.reqCnf=p}return this.addRequestSKUs(l),l}async getCanonicalAuthority(e){const t=e.authority||this.config.auth.authority,{azureCloudOptions:n,account:o}=e;o&&await At(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,t,n,void 0,o);const i=new B(t,this.correlationId);return i.validateAsUri(),i}getPrompt(e){switch(this.apiId){case z.ssoSilent:case z.acquireTokenSilent_silentFlow:return this.logger.trace("12n1y2",this.correlationId),be.NONE}if(!e){this.logger.trace("0uid1p",this.correlationId);return}switch(e){case be.NONE:case be.CONSENT:case be.LOGIN:return this.logger.trace("0i0hco",this.correlationId),e;default:throw this.logger.trace(`0w3tpw ${e}`,this.correlationId),A(ab,this.correlationId)}}handleExtraBrokerParams(e){var i;const t=e.extraParameters&&e.extraParameters.hasOwnProperty(Wr)&&e.extraParameters.hasOwnProperty($o)&&e.extraParameters.hasOwnProperty(vn);if(!e.embeddedClientId&&!t)return;let n="";const o=e.redirectUri;e.embeddedClientId?(e.redirectUri=this.config.auth.redirectUri,n=e.embeddedClientId):e.extraParameters&&(e.redirectUri=e.extraParameters[$o],n=e.extraParameters[vn]),e.extraParameters={child_client_id:n,child_redirect_uri:o},(i=this.performanceClient)==null||i.addFields({embeddedClientId:n,embeddedRedirectUri:o},this.correlationId)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */const _C=new Map([["e","AAD"],["m","MSA"]]);function IC(r){var e,t,n,o,i;if(!r)return null;try{const c=(/%(?:[0-9A-Fa-f]{2})/.test(r)?decodeURIComponent(r):r).split("|");return c.length<5?null:{accountType:_C.get(((e=c[0])==null?void 0:e.trim())||"")||"",error:((t=c[1])==null?void 0:t.trim())||"",subError:((n=c[2])==null?void 0:n.trim())||"",cloudInstance:((o=c[3])==null?void 0:o.trim())||"",callerDataBoundary:((i=c[4])==null?void 0:i.trim())||""}}catch{return null}}function Xu(r,e,t){const n=IC(r.clientdata);n!=null&&n.accountType&&t.addFields({accountType:n.accountType},e),n!=null&&n.error&&t.addFields({serverErrorNo:n.error},e),n!=null&&n.subError&&t.addFields({serverSubErrorNo:n.subError},e)}async function yc(r,e,t,n,o){const i=$w({...r.auth,authority:e},t,n,o);if(La(i,{sku:Ye.MSAL_SKU,version:Nt,os:"",cpu:""}),r.system.protocolMode!==Me.OIDC&&Ha(i,r.telemetry.application),t.platformBroker&&(vy(i),o.addFields({isPlatformAuthorizeRequest:!0},t.correlationId),t.authenticationScheme===ee.POP)){const s=new Ot(n,o),a=new qn(s,o);let c;t.popKid?c=s.encodeKid(t.popKid):c=(await w(a.generateCnf.bind(a),so,n,o,t.correlationId)(t,n)).reqCnfString,ja(i,c)}return wi(i,t.correlationId,o),i}async function wc(r,e,t,n,o){if(!t.codeChallenge)throw V(Kd,t.correlationId);const i=await w(yc,vv,n,o,t.correlationId)(r,e,t,n,o);return Na(i,Ia.CODE),Ka(i,t.codeChallenge,_a),gt(i,{...t.extraQueryParameters,...t.extraParameters}),Xa(e,i)}async function vc(r,e,t,n,o,i){if(!n.earJwk)throw A(Eu,n.correlationId);const s=await yc(e,t,n,o,i);Na(s,Ia.IDTOKEN_TOKEN_REFRESHTOKEN),Oy(s,n.earJwk),Ka(s,n.codeChallenge,_a),gt(s,{...n.extraParameters});const a=new Map;gt(a,n.extraQueryParameters||{}),oo(a,n.correlationId);const c=Xa(t,a);return Yu(r,c,s)}async function bc(r,e,t,n,o,i){const s=await yc(e,t,n,o,i);Na(s,Ia.CODE),Ka(s,n.codeChallenge,n.codeChallengeMethod||_a),gt(s,{...n.extraParameters});const a=new Map;gt(a,n.extraQueryParameters||{}),oo(a,n.correlationId);const c=Xa(t,a);return Yu(r,c,s)}function Yu(r,e,t){const n=r.createElement("form");return n.method="post",n.action=e,t.forEach((o,i)=>{const s=r.createElement("input");s.hidden=!0,s.name=i,s.value=o,n.appendChild(s)}),r.body.appendChild(n),n}async function Qu(r,e,t,n,o,i,s,a,c,l){if(a.verbose("11qcow",r.correlationId),!l)throw A(Nu,r.correlationId);const h=new Ot(a,c),d=new Lo(n,o,h,a,s,n.system.navigationClient,t,c,l,e,i,r.correlationId),{userRequestState:p}=ao(h.base64Decode,r.state,r.correlationId);return w(d.acquireToken.bind(d),ec,a,c,r.correlationId)({...r,state:p,prompt:void 0})}async function $n(r,e,t,n,o,i,s,a,c,l,h,d){if(pt.removeThrottle(s,o.auth.clientId,r),Xu(e,r.correlationId,h),e.accountId)return w(Qu,Iu,l,h,r.correlationId)(r,e.accountId,n,o,s,a,c,l,h,d);const p={...r,code:e.code||"",codeVerifier:t},u=new Zu(i,s,p,l,h);return await w(u.handleCodeResponse.bind(u),bv,l,h,r.correlationId)(e,r,n)}async function Cc(r,e,t,n,o,i,s,a,c,l,h){if(pt.removeThrottle(i,n.auth.clientId,r),Xu(e,r.correlationId,l),Ya(e,r.state,r.correlationId),!e.ear_jwe)throw A(Hv,r.correlationId);if(!r.earJwk)throw A(Eu,r.correlationId);const d=JSON.parse(await w(Rb,Dv,c,l,r.correlationId)(r.earJwk,e.ear_jwe));if(d.accountId)return w(Qu,Iu,c,l,r.correlationId)(r,d.accountId,t,n,i,s,a,c,l,h);const p=new Cn(n.auth.clientId,i,new Ot(c,l),c,l,null,null);p.validateTokenResponse(d,r.correlationId);const u={code:"",state:r.state,nonce:r.nonce,client_info:d.client_info,cloud_graph_host_name:d.cloud_graph_host_name,cloud_instance_host_name:d.cloud_instance_host_name,cloud_instance_name:d.cloud_instance_name,msgraph_host:d.msgraph_host};return await w(p.handleServerTokenResponse.bind(p),Va,c,l,r.correlationId)(d,o,it(),r,t,u,void 0,void 0,void 0,void 0)}/*! @azure/msal-browser v5.16.0 2026-06-30 */const SC=32;async function kn(r,e,t){const n=ze(EC,Av,e,r,t)(r,e,t),o=await w(AC,Rv,e,r,t)(n,r,e,t);return{verifier:n,challenge:o}}function EC(r,e,t){try{const n=new Uint8Array(SC);return ze(_b,Ov,e,r,t)(n),qt(n)}catch{throw A(Su,t)}}async function AC(r,e,t,n){try{const o=await w(Lu,Pv,t,e,n)(r);return qt(new Uint8Array(o))}catch{throw A(Su,n)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class li{navigateInternal(e,t){return li.defaultNavigateWindow(e,t)}navigateExternal(e,t){return li.defaultNavigateWindow(e,t)}static defaultNavigateWindow(e,t){return t.noHistory?window.location.replace(e):window.location.assign(e),new Promise((n,o)=>{setTimeout(()=>{o(A(si,"","failed_to_redirect"))},t.timeout)})}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class RC{async sendGetRequestAsync(e,t){let n,o={},i=0;const s=bl(t);try{n=await fetch(e,{method:ol.GET,headers:s})}catch(a){throw Pr(A(window.navigator.onLine?eb:Ys,""),void 0,void 0,a)}o=Cl(n.headers);try{return i=n.status,{headers:o,body:await n.json(),status:i}}catch(a){throw Pr(A(rl,""),i,o,a)}}async sendPostRequestAsync(e,t){const n=t&&t.body||"",o=bl(t);let i,s=0,a={};try{i=await fetch(e,{method:ol.POST,headers:o,body:n})}catch(c){throw Pr(A(window.navigator.onLine?qv:Ys,""),void 0,void 0,c)}a=Cl(i.headers);try{return s=i.status,{headers:a,body:await i.json(),status:s}}catch(c){throw Pr(A(rl,""),s,a,c)}}}function bl(r){try{const e=new Headers;if(!(r&&r.headers))return e;const t=r.headers;return Object.entries(t).forEach(([n,o])=>{e.append(n,o)}),e}catch(e){throw Pr(A(lb,""),void 0,void 0,e)}}function Cl(r){try{const e={};return r.forEach((t,n)=>{e[n]=t}),e}catch{throw A(db,"")}}/*! @azure/msal-browser v5.16.0 2026-06-30 */const PC=6e4,OC=1e4,NC=3e4,qu=2e3;function xC({auth:r,cache:e,system:t,experimental:n,telemetry:o},i){const s={clientId:"",authority:`${Sd}`,knownAuthorities:[],cloudDiscoveryMetadata:"",authorityMetadata:"",redirectUri:typeof window<"u"&&window.location?window.location.href.split("?")[0].split("#")[0]:"",postLogoutRedirectUri:"",clientCapabilities:[],OIDCOptions:{responseMode:Sa.FRAGMENT,defaultScopes:[Ad,Rd,ka]},azureCloudOptions:{azureCloudInstance:za.None,tenant:""},instanceAware:!1,isMcp:!1,verifySSO:!1},a={cacheLocation:yt.SessionStorage,cacheRetentionDays:5},c={loggerCallback:()=>{},logLevel:ie.Info,piiLoggingEnabled:!1},h={...{...hu,loggerOptions:c,networkClient:i?new RC:Zw,navigationClient:new li,popupBridgeTimeout:(t==null?void 0:t.popupBridgeTimeout)||PC,iframeBridgeTimeout:(t==null?void 0:t.iframeBridgeTimeout)||OC,redirectNavigationTimeout:NC,allowRedirectInIframe:!1,navigatePopups:!0,allowPlatformBroker:!1,nativeBrokerHandshakeTimeout:(t==null?void 0:t.nativeBrokerHandshakeTimeout)||qu,protocolMode:Me.AAD,serverTelemetryEnabled:!1},...t,loggerOptions:(t==null?void 0:t.loggerOptions)||c},d={application:{appName:"",appVersion:""},client:new cu},p={iframeTimeoutTelemetry:!1,allowPlatformBrokerWithDOM:!1};if((t==null?void 0:t.protocolMode)!==Me.OIDC&&(r!=null&&r.OIDCOptions)&&new ot(h.loggerOptions,Pi,Nt).warning(JSON.stringify(V($m,"")),""),t!=null&&t.protocolMode&&t.protocolMode===Me.OIDC&&(h!=null&&h.allowPlatformBroker))throw V(Xm,"");return{auth:{...s,...r,OIDCOptions:{...s.OIDCOptions,...r==null?void 0:r.OIDCOptions}},cache:{...a,...e},system:h,experimental:{...p,...n},telemetry:{...d,...o}}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class di{constructor(e,t,n,o){this.logger=e,this.handshakeTimeoutMs=t,this.extensionId=o,this.resolvers=new Map,this.handshakeResolvers=new Map,this.messageChannel=new MessageChannel,this.windowListener=this.onWindowMessage.bind(this),this.performanceClient=n,this.handshakeEvent=this.performanceClient.startMeasurement(Sv),this.platformAuthType=je.PLATFORM_EXTENSION_PROVIDER}async sendMessage(e){this.logger.trace(`0on4p2 ${this.platformAuthType}`,e.correlationId);const t={method:Ir.GetToken,request:e},n={channel:je.CHANNEL_ID,extensionId:this.extensionId,responseId:en(),body:t};this.logger.trace(`1qadfi ${this.platformAuthType}`,e.correlationId),this.logger.tracePii(`1xm533 ${this.platformAuthType} ${JSON.stringify(n)}`,e.correlationId),this.messageChannel.port1.postMessage(n);const o=await new Promise((s,a)=>{this.resolvers.set(n.responseId,{resolve:s,reject:a})});return this.validatePlatformBrokerResponse(o)}static async createProvider(e,t,n,o){e.trace("15zfnw",o);try{const i=new di(e,t,n,je.PREFERRED_EXTENSION_ID);return await i.sendHandshakeRequest(o),i}catch{const s=new di(e,t,n);return await s.sendHandshakeRequest(o),s}}async sendHandshakeRequest(e){this.logger.trace(`1dpg9o ${this.platformAuthType}`,e),window.addEventListener("message",this.windowListener,!1);const t={channel:je.CHANNEL_ID,extensionId:this.extensionId,responseId:en(),body:{method:Ir.HandshakeRequest}};return this.handshakeEvent.add({extensionId:this.extensionId,extensionHandshakeTimeoutMs:this.handshakeTimeoutMs}),this.messageChannel.port1.onmessage=n=>{this.onChannelMessage(n)},window.postMessage(t,window.origin,[this.messageChannel.port2]),new Promise((n,o)=>{this.handshakeResolvers.set(t.responseId,{resolve:n,reject:o}),this.timeoutId=window.setTimeout(()=>{window.removeEventListener("message",this.windowListener,!1),this.messageChannel.port1.close(),this.messageChannel.port2.close(),this.handshakeEvent.end({extensionHandshakeTimedOut:!0,success:!1}),o(A(ib,"")),this.handshakeResolvers.delete(t.responseId)},this.handshakeTimeoutMs)})}onWindowMessage(e){const t=qs();if(this.logger.trace(`0jpn5u ${this.platformAuthType}`,t),e.source!==window)return;const n=e.data;if(!(!n.channel||n.channel!==je.CHANNEL_ID)&&!(n.extensionId&&n.extensionId!==this.extensionId)&&n.body.method===Ir.HandshakeRequest){const o=this.handshakeResolvers.get(n.responseId);if(!o){this.logger.trace(`07buhm ${this.platformAuthType} ${n.responseId}`,t);return}this.logger.verbose(n.extensionId?`0xrkug ${n.extensionId}`:"No extension installed",t),clearTimeout(this.timeoutId),this.messageChannel.port1.close(),this.messageChannel.port2.close(),window.removeEventListener("message",this.windowListener,!1),this.handshakeEvent.end({success:!1,extensionInstalled:!1}),o.reject(A(sb,""))}}onChannelMessage(e){const t=qs();this.logger.trace(`1py8yf ${this.platformAuthType}`,t);const n=e.data,o=this.resolvers.get(n.responseId),i=this.handshakeResolvers.get(n.responseId);try{const s=n.body.method;if(s===Ir.Response){if(!o)return;const a=n.body.response;if(this.logger.trace(`19hpgm ${this.platformAuthType}`,t),this.logger.tracePii(`179a24 ${this.platformAuthType} ${JSON.stringify(a)}`,t),a.status!=="Success")o.reject(hi(a.code,t,a.description,a.ext));else if(a.result)a.result.code&&a.result.description?o.reject(hi(a.result.code,t,a.result.description,a.result.ext)):o.resolve(a.result);else throw Js($s,t,"Event does not contain result.");this.resolvers.delete(n.responseId)}else if(s===Ir.HandshakeResponse){if(!i){this.logger.trace(`082qnt ${this.platformAuthType} ${n.responseId}`,t);return}clearTimeout(this.timeoutId),window.removeEventListener("message",this.windowListener,!1),this.extensionId=n.extensionId,this.extensionVersion=n.body.version,this.logger.verbose(`0yf5ib ${this.platformAuthType} ${this.extensionId}`,t),this.handshakeEvent.end({extensionInstalled:!0,success:!0}),i.resolve(),this.handshakeResolvers.delete(n.responseId)}}catch(s){this.logger.error("0xf978",t),this.logger.errorPii(`04i99o ${s}`,t),this.logger.errorPii(`0xdvsy ${e}`,t),o?o.reject(s):i&&i.reject(s)}}validatePlatformBrokerResponse(e){if(e.hasOwnProperty("access_token")&&e.hasOwnProperty("id_token")&&e.hasOwnProperty("client_info")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scope")&&e.hasOwnProperty("expires_in"))return e;throw Js($s,"","Response missing expected properties.")}getExtensionId(){return this.extensionId}getExtensionVersion(){return this.extensionVersion}getExtensionName(){var e;return this.getExtensionId()===je.PREFERRED_EXTENSION_ID?"chrome":(e=this.getExtensionId())!=null&&e.length?"unknown":void 0}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class Tc{constructor(e,t,n){this.logger=e,this.performanceClient=t,this.correlationId=n,this.platformAuthType=je.PLATFORM_DOM_PROVIDER}static async createProvider(e,t,n){var o;if(e.trace("12mj4a",n),(o=window.navigator)!=null&&o.platformAuthentication){const i=await window.navigator.platformAuthentication.getSupportedContracts(je.MICROSOFT_ENTRA_BROKERID);if(i!=null&&i.includes(je.PLATFORM_DOM_APIS))return e.trace("1h5q1r",n),new Tc(e,t,n)}}getExtensionId(){return je.MICROSOFT_ENTRA_BROKERID}getExtensionVersion(){return""}getExtensionName(){return je.DOM_API_NAME}async sendMessage(e){this.logger.trace(`02bcil ${this.platformAuthType}`,e.correlationId);try{const t=this.initializePlatformDOMRequest(e),n=await window.navigator.platformAuthentication.executeGetToken(t);return this.validatePlatformBrokerResponse(n,e.correlationId)}catch(t){throw this.logger.error(`11im7g ${this.platformAuthType}`,e.correlationId),t}}initializePlatformDOMRequest(e){this.logger.trace(`15d6yv ${this.platformAuthType}`,e.correlationId);const{accountId:t,clientId:n,authority:o,scope:i,redirectUri:s,correlationId:a,state:c,storeInCache:l,embeddedClientId:h,extraParameters:d,...p}=e,u=this.getDOMExtraParams(p,a);return{accountId:t,brokerId:this.getExtensionId(),authority:o,clientId:n,correlationId:a||this.correlationId,extraParameters:{...d,...u},isSecurityTokenService:!1,redirectUri:s,scope:i,state:c,storeInCache:l,embeddedClientId:h}}validatePlatformBrokerResponse(e,t){if(e.hasOwnProperty("isSuccess")){if(e.hasOwnProperty("accessToken")&&e.hasOwnProperty("idToken")&&e.hasOwnProperty("clientInfo")&&e.hasOwnProperty("account")&&e.hasOwnProperty("scopes")&&e.hasOwnProperty("expiresIn"))return this.logger.trace(`0h4vei ${this.platformAuthType}`,t),this.convertToPlatformBrokerResponse(e,t);if(e.hasOwnProperty("error")){const n=e;if(n.isSuccess===!1&&n.error&&n.error.code)throw this.logger.trace(`0g92vm ${this.platformAuthType}`,t),hi(n.error.code,t,n.error.description,{error:parseInt(n.error.errorCode),protocol_error:n.error.protocolError,status:n.error.status,properties:n.error.properties})}}throw Js($s,t,"Response missing expected properties.")}convertToPlatformBrokerResponse(e,t){return this.logger.trace(`14913t ${this.platformAuthType}`,t),{access_token:e.accessToken,id_token:e.idToken,client_info:e.clientInfo,account:e.account,expires_in:e.expiresIn,scope:e.scopes,state:e.state||"",properties:e.properties||{},extendedLifetimeToken:e.extendedLifetimeToken??!1,shr:e.proofOfPossessionPayload}}getDOMExtraParams(e,t){try{const n={};for(const[o,i]of Object.entries(e))i&&(typeof i=="object"?n[o]=JSON.stringify(i):n[o]=String(i));return n}catch(n){return this.logger.error(`0eu9o3 ${this.platformAuthType}`,t),this.logger.errorPii(`17rpl5 ${this.platformAuthType} ${n}`,t),{}}}}/*! @azure/msal-browser v5.16.0 2026-06-30 */async function MC(r,e,t,n,o){r.trace("134j0v",t),r.trace(`04c81g ${o}`,t);let i;try{o&&(i=await Tc.createProvider(r,e,t)),i||(r.trace("0l3na8",t),i=await di.createProvider(r,n||qu,e,t))}catch(s){r.trace("0icbd7",s)}return i}function $r(r,e,t,n,o){if(e.trace("0uko3r",t),!r.system.allowPlatformBroker&&r.experimental.allowPlatformBrokerWithDOM)throw V(qm,"");if(!r.system.allowPlatformBroker)return e.trace("04hozs",t),!1;if(!n)return e.trace("0kvv1r",t),!1;if(o)switch(o){case ee.BEARER:case ee.POP:return e.trace("18tev1",t),!0;default:return e.trace("1dd2nh",t),!1}return!0}/*! @azure/msal-browser v5.16.0 2026-06-30 */class UC extends hr{constructor(e,t,n,o,i,s,a,c,l,h,d){super(e,t,n,o,i,s,a,l,h),this.nativeStorage=c,this.eventHandler=i,this.waitForPopupResponseHook=d}acquireToken(e,t){let n;try{if(n={popupName:this.generatePopupName(e.scopes||ir,e.authority||this.config.auth.authority),popupWindowAttributes:e.popupWindowAttributes||{},popupWindowParent:e.popupWindowParent??window},this.performanceClient.addFields({isAsyncPopup:!this.config.system.navigatePopups},this.correlationId),this.config.system.navigatePopups){const i={...e,httpMethod:Vu(e,this.config.system.protocolMode)};return this.logger.verbose("1f9ok3",this.correlationId),n.popup=this.openSizedPopup("about:blank",n),this.acquireTokenPopupAsync(i,n,t)}else return this.logger.verbose("162h4u",this.correlationId),this.acquireTokenPopupAsync(e,n,t)}catch(o){return Promise.reject(o)}}logout(e){try{this.logger.verbose("068rup",this.correlationId);const t=this.initializeLogoutRequest(e),n={popupName:this.generateLogoutPopupName(t),popupWindowAttributes:(e==null?void 0:e.popupWindowAttributes)||{},popupWindowParent:(e==null?void 0:e.popupWindowParent)??window},o=e&&e.authority,i=e&&e.mainWindowRedirectUri;return this.config.system.navigatePopups?(this.logger.verbose("1a28da",this.correlationId),n.popup=this.openSizedPopup("about:blank",n),this.logoutPopupAsync(t,n,o,i)):(this.logger.verbose("1phd8u",this.correlationId),this.logoutPopupAsync(t,n,o,i))}catch(t){return Promise.reject(t)}}async acquireTokenPopupAsync(e,t,n){this.logger.verbose("1g77pg",this.correlationId);const o=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(e,R.Popup,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId);t.popup&&Ju(o.authority);const i=$r(this.config,this.logger,this.correlationId,this.platformAuthProvider,e.authenticationScheme);return o.platformBroker=i,this.config.system.protocolMode===Me.EAR?this.executeEarFlow(o,t,n):this.executeCodeFlow(o,t,n)}async executeCodeFlow(e,t,n){var c;const o=e.correlationId,i=Re(z.acquireTokenPopup,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),s=n||await w(kn,Tn,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),a={...e,codeChallenge:s.challenge};try{const l=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,o)({serverTelemetryManager:i,requestAuthority:a.authority,requestAzureCloudOptions:a.azureCloudOptions,requestExtraQueryParameters:a.extraQueryParameters,account:a.account});if(a.httpMethod===Wn.POST)return await this.executeCodeFlowWithPost(a,t,l,s.verifier);{const h=await w(wc,Ga,this.logger,this.performanceClient,o)(this.config,l.authority,a,this.logger,this.performanceClient),d=this.initiateAuthRequest(h,t);this.eventHandler.emitEvent(P.POPUP_OPENED,o,R.Popup,{popupWindow:d},null);const p=await this.waitForPopupResponse(e,d,t.popupWindowParent),u=ze(Kr,Hr,this.logger,this.performanceClient,this.correlationId)(p,this.config.auth.OIDCOptions.responseMode,this.logger,this.correlationId);return await w($n,Gn,this.logger,this.performanceClient,o)(e,u,s.verifier,z.acquireTokenPopup,this.config,l,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}}catch(l){throw(c=t.popup)==null||c.close(),l instanceof oe&&(l.correlationId=this.correlationId,i.cacheFailedRequest(l)),l}}async executeEarFlow(e,t,n){const{correlationId:o,authority:i,azureCloudOptions:s,extraQueryParameters:a,account:c}=e,l=await w(At,yn,this.logger,this.performanceClient,o)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,i,s,a,c),h=await w(dc,rc,this.logger,this.performanceClient,o)(),d=n||await w(kn,Tn,this.logger,this.performanceClient,o)(this.performanceClient,this.logger,o),p={...e,earJwk:h,codeChallenge:d.challenge},u=t.popup||this.openPopup("about:blank",t);(await vc(u.document,this.config,l,p,this.logger,this.performanceClient)).submit();const g=await w(this.waitForPopupResponse.bind(this),ii,this.logger,this.performanceClient,o)(p,u,t.popupWindowParent),y=ze(Kr,Hr,this.logger,this.performanceClient,this.correlationId)(g,this.config.auth.OIDCOptions.responseMode,this.logger,this.correlationId);if(!y.ear_jwe&&y.code){const m=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,o)({serverTelemetryManager:Re(z.acquireTokenPopup,this.config.auth.clientId,o,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account,authority:l});return w($n,Gn,this.logger,this.performanceClient,o)(p,y,d.verifier,z.acquireTokenPopup,this.config,m,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}else return w(Cc,nc,this.logger,this.performanceClient,o)(p,y,z.acquireTokenPopup,this.config,l,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async executeCodeFlowWithPost(e,t,n,o){const i=e.correlationId,s=await w(At,yn,this.logger,this.performanceClient,i)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger),a=t.popup||this.openPopup("about:blank",t);(await bc(a.document,this.config,s,e,this.logger,this.performanceClient)).submit();const l=await w(this.waitForPopupResponse.bind(this),ii,this.logger,this.performanceClient,i)(e,a,t.popupWindowParent),h=ze(Kr,Hr,this.logger,this.performanceClient,this.correlationId)(l,this.config.auth.OIDCOptions.responseMode,this.logger,this.correlationId);return w($n,Gn,this.logger,this.performanceClient,i)(e,h,o,z.acquireTokenPopup,this.config,n,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async logoutPopupAsync(e,t,n,o){var s,a,c;this.logger.verbose("0b7yrk",this.correlationId),this.eventHandler.emitEvent(P.LOGOUT_START,this.correlationId,R.Popup,e);const i=Re(z.logoutPopup,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{await gc(this.browserStorage,this.browserCrypto,this.logger,this.correlationId,e.account);const l=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:i,requestAuthority:n,account:e.account||void 0});try{l.authority.endSessionEndpoint}catch{if((s=e.account)!=null&&s.homeAccountId&&e.postLogoutRedirectUri&&l.authority.protocolMode===Me.OIDC){if(this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,e.correlationId,R.Popup,e),o){const p={apiId:z.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},u=B.getAbsoluteUrl(o,_t(),this.correlationId);await this.navigationClient.navigateInternal(u,p)}(a=t.popup)==null||a.close();return}}e.state=$a(this.browserCrypto,e.state||"",{interactionType:R.Popup},e.correlationId);const h=l.getLogoutUri(e);this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,e.correlationId,R.Popup,e);const d=this.openPopup(h,t);if(this.eventHandler.emitEvent(P.POPUP_OPENED,e.correlationId,R.Popup,{popupWindow:d},null),await this.waitForPopupResponse(e,d,t.popupWindowParent).catch(()=>{}),o){const p={apiId:z.logoutPopup,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},u=B.getAbsoluteUrl(o,_t(),this.correlationId);this.logger.verbose("0qcur2",this.correlationId),this.logger.verbosePii(`0oj7lk ${u}`,this.correlationId),await this.navigationClient.navigateInternal(u,p)}else this.logger.verbose("03zgcf",this.correlationId)}catch(l){throw(c=t.popup)==null||c.close(),l instanceof oe&&(l.correlationId=this.correlationId,i.cacheFailedRequest(l)),this.eventHandler.emitEvent(P.LOGOUT_FAILURE,this.correlationId,R.Popup,null,l),this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Popup),l}this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Popup)}initiateAuthRequest(e,t){if(e)return this.logger.infoPii(`1kcr9k ${e}`,this.correlationId),this.openPopup(e,t);throw this.logger.error("1l7hyp",this.correlationId),A(oc,this.correlationId)}openPopup(e,t){try{let n;if(t.popup?(n=t.popup,this.logger.verbosePii(`0cgeo7 ${e}`,this.correlationId),n.location.assign(e)):typeof t.popup>"u"&&(this.logger.verbosePii(`0c2awd ${e}`,this.correlationId),n=this.openSizedPopup(e,t)),!n)throw A(Bv,this.correlationId);try{n.document.title="Microsoft Authentication"}catch(o){typeof DOMException<"u"&&o instanceof DOMException&&o.name==="SecurityError"||this.logger.verbose("1s1yfs",this.correlationId)}return n.focus&&n.focus(),this.currentWindow=n,n}catch(n){throw this.logger.error(`0dxfb9 ${n.message}`,this.correlationId),A(Jv,this.correlationId)}}openSizedPopup(e,{popupName:t,popupWindowAttributes:n,popupWindowParent:o}){var u,f,g,y;const i=o.screenLeft?o.screenLeft:o.screenX,s=o.screenTop?o.screenTop:o.screenY,a=o.innerWidth||document.documentElement.clientWidth||document.body.clientWidth,c=o.innerHeight||document.documentElement.clientHeight||document.body.clientHeight;let l=(u=n.popupSize)==null?void 0:u.width,h=(f=n.popupSize)==null?void 0:f.height,d=(g=n.popupPosition)==null?void 0:g.top,p=(y=n.popupPosition)==null?void 0:y.left;return(!l||l<0||l>a)&&(this.logger.verbose("08vfmo",this.correlationId),l=Ye.POPUP_WIDTH),(!h||h<0||h>c)&&(this.logger.verbose("09cxa0",this.correlationId),h=Ye.POPUP_HEIGHT),(!d||d<0||d>c)&&(this.logger.verbose("1qh4wo",this.correlationId),d=Math.max(0,c/2-Ye.POPUP_HEIGHT/2+s)),(!p||p<0||p>a)&&(this.logger.verbose("1sz3en",this.correlationId),p=Math.max(0,a/2-Ye.POPUP_WIDTH/2+i)),o.open(e,t,`width=${l}, height=${h}, top=${d}, left=${p}, scrollbars=yes`)}generatePopupName(e,t){return`${Ye.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${e.join("-")}.${t}.${this.correlationId}`}generateLogoutPopupName(e){const t=e.account&&e.account.homeAccountId;return`${Ye.POPUP_NAME_PREFIX}.${this.config.auth.clientId}.${t}.${this.correlationId}`}async waitForPopupResponse(e,t,n){return this.waitForPopupResponseHook?this.waitForPopupResponseHook(e,t,n):ai(this.config.system.popupBridgeTimeout,this.logger,e,this.performanceClient)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */function DC(){if(typeof window>"u"||typeof window.performance>"u"||typeof window.performance.getEntriesByType!="function")return;const r=window.performance.getEntriesByType("navigation"),e=r.length?r[0]:void 0;return e==null?void 0:e.type}class LC extends hr{constructor(e,t,n,o,i,s,a,c,l,h){super(e,t,n,o,i,s,a,l,h),this.nativeStorage=c}async acquireToken(e){const t=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(e,R.Redirect,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId);t.platformBroker=$r(this.config,this.logger,this.correlationId,this.platformAuthProvider,e.authenticationScheme);const n=i=>{i.persisted&&(this.logger.verbose("0udvtt",this.correlationId),this.browserStorage.resetRequestCache(this.correlationId),this.eventHandler.emitEvent(P.RESTORE_FROM_BFCACHE,this.correlationId,R.Redirect))},o=this.getRedirectStartPage(e.redirectStartPage);this.logger.verbosePii(`0zao0a ${o}`,this.correlationId),this.browserStorage.setTemporaryCache(se.ORIGIN_URI,o,!0),window.addEventListener("pageshow",n);try{this.config.system.protocolMode===Me.EAR?await this.executeEarFlow(t):await this.executeCodeFlow(t)}catch(i){throw i instanceof oe&&(i.correlationId=this.correlationId),window.removeEventListener("pageshow",n),i}}async executeCodeFlow(e){const t=e.correlationId,n=Re(z.acquireTokenRedirect,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),o=await w(kn,Tn,this.logger,this.performanceClient,t)(this.performanceClient,this.logger,t),i={...e,codeChallenge:o.challenge};this.browserStorage.cacheAuthorizeRequest(i,this.correlationId,o.verifier);try{if(i.httpMethod===Wn.POST)return await this.executeCodeFlowWithPost(i);{const s=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:i.authority,requestAzureCloudOptions:i.azureCloudOptions,requestExtraQueryParameters:i.extraQueryParameters,account:i.account}),a=await w(wc,Ga,this.logger,this.performanceClient,e.correlationId)(this.config,s.authority,i,this.logger,this.performanceClient);return await this.initiateAuthRequest(a)}}catch(s){throw s instanceof oe&&(s.correlationId=this.correlationId,n.cacheFailedRequest(s)),s}}async executeEarFlow(e){const{correlationId:t,authority:n,azureCloudOptions:o,extraQueryParameters:i,account:s}=e,a=await w(At,yn,this.logger,this.performanceClient,t)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,n,o,i,s),c=await w(dc,rc,this.logger,this.performanceClient,t)(),l=await w(kn,Tn,this.logger,this.performanceClient,t)(this.performanceClient,this.logger,t),h={...e,earJwk:c,codeChallenge:l.challenge};return this.browserStorage.cacheAuthorizeRequest(h,this.correlationId,l.verifier),(await vc(document,this.config,a,h,this.logger,this.performanceClient)).submit(),new Promise((p,u)=>{setTimeout(()=>{u(A(si,"","failed_to_redirect"))},this.config.system.redirectNavigationTimeout)})}async executeCodeFlowWithPost(e){const t=e.correlationId,n=await w(At,yn,this.logger,this.performanceClient,t)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger);return this.browserStorage.cacheAuthorizeRequest(e,this.correlationId),(await bc(document,this.config,n,e,this.logger,this.performanceClient)).submit(),new Promise((i,s)=>{setTimeout(()=>{s(A(si,"","failed_to_redirect"))},this.config.system.redirectNavigationTimeout)})}async handleRedirectPromise(e,t,n,o){const i=document.title;document.title="Microsoft Authentication";const s=Re(z.handleRedirectPromise,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),a=(o==null?void 0:o.navigateToLoginRequestUrl)??!0;try{const[c,l]=this.getRedirectResponse((o==null?void 0:o.hash)||"");if(!c)return this.logger.info("1qmv0q",this.correlationId),this.browserStorage.resetRequestCache(this.correlationId),DC()!=="back_forward"?n.event.errorCode="no_server_response":this.logger.verbose("1eqegq",this.correlationId),null;const h=this.browserStorage.getTemporaryCache(se.ORIGIN_URI,this.correlationId,!0)||"",d=Dh(h,this.logger,this.correlationId),p=Dh(window.location.href,this.logger,this.correlationId);if(d===p&&a)return this.logger.verbose("11yred",this.correlationId),h.indexOf("#")>-1&&Mb(h),await this.handleResponse(c,e,t,s);if(a){if(!Ai()||this.config.system.allowRedirectInIframe){this.browserStorage.setTemporaryCache(se.URL_HASH,l,!0);const u={apiId:z.handleRedirectPromise,timeout:this.config.system.redirectNavigationTimeout,noHistory:!0};let f=!0;if(h)this.logger.verbose(`08jpy1 ${h}`,this.correlationId),f=await this.navigationClient.navigateInternal(h,u);else{const g=Lb(this.correlationId);this.browserStorage.setTemporaryCache(se.ORIGIN_URI,g,!0),this.logger.warning("1dutq1",this.correlationId),f=await this.navigationClient.navigateInternal(g,u)}if(!f)return await this.handleResponse(c,e,t,s)}}else return this.logger.verbose("0v4sdv",this.correlationId),await this.handleResponse(c,e,t,s);return null}catch(c){throw c instanceof oe&&(c.correlationId=this.correlationId,s.cacheFailedRequest(c)),c}finally{document.title=i}}getRedirectResponse(e){this.logger.verbose("1c5i8m",this.correlationId);let t=e;t||(this.config.auth.OIDCOptions.responseMode===Sa.QUERY?t=window.location.search:t=window.location.hash);let n=Yo(t);if(n){try{pC(n,this.browserCrypto,R.Redirect,this.correlationId)}catch(i){return i instanceof oe&&this.logger.error(`0bkq6p ${i.errorCode} ${i.errorMessage}`,this.correlationId),[null,""]}return ju(window),this.logger.verbose("00uvho",this.correlationId),[n,t]}const o=this.browserStorage.getTemporaryCache(se.URL_HASH,this.correlationId,!0);return this.browserStorage.removeItem(this.browserStorage.generateCacheKey(se.URL_HASH)),o&&(n=Yo(o),n)?(this.logger.verbose("001671",this.correlationId),[n,o]):[null,""]}async handleResponse(e,t,n,o){if(!e.state)throw A(ic,t.correlationId);const{authority:s,azureCloudOptions:a,extraQueryParameters:c,account:l}=t;if(e.ear_jwe){const d=await w(At,yn,this.logger,this.performanceClient,t.correlationId)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,s,a,c,l);return w(Cc,nc,this.logger,this.performanceClient,t.correlationId)(t,e,z.acquireTokenRedirect,this.config,d,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}const h=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:o,requestAuthority:t.authority});return w($n,Gn,this.logger,this.performanceClient,t.correlationId)(t,e,n,z.acquireTokenRedirect,this.config,h,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async initiateAuthRequest(e){if(this.logger.verbose("0yaw2e",this.correlationId),e){this.logger.infoPii(`1luf83 ${e}`,this.correlationId);const t={apiId:z.acquireTokenRedirect,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},n=this.config.auth.onRedirectNavigate;if(typeof n=="function")if(this.logger.verbose("1nehvl",this.correlationId),n(e)!==!1){this.logger.verbose("1a0jxh",this.correlationId),await this.navigationClient.navigateExternal(e,t);return}else{this.logger.verbose("09k5h5",this.correlationId);return}else{this.logger.verbose("0klwf7",this.correlationId),await this.navigationClient.navigateExternal(e,t);return}}else throw this.logger.info("0rlh4e",this.correlationId),A(oc,this.correlationId)}async logout(e){var o,i;this.logger.verbose("1rkurh",this.correlationId);const t=this.initializeLogoutRequest(e),n=Re(z.logout,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{this.eventHandler.emitEvent(P.LOGOUT_START,this.correlationId,R.Redirect,e),await gc(this.browserStorage,this.browserCrypto,this.logger,this.correlationId,t.account);const s={apiId:z.logout,timeout:this.config.system.redirectNavigationTimeout,noHistory:!1},a=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:e&&e.authority,requestExtraQueryParameters:e==null?void 0:e.extraQueryParameters,account:e&&e.account||void 0});if(a.authority.protocolMode===Me.OIDC)try{a.authority.endSessionEndpoint}catch{if((o=t.account)!=null&&o.homeAccountId){this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,this.correlationId,R.Redirect,t);return}}t.state=$a(this.browserCrypto,t.state||"",{interactionType:R.Redirect},t.correlationId);const c=a.getLogoutUri(t);(i=t.account)!=null&&i.homeAccountId&&this.eventHandler.emitEvent(P.LOGOUT_SUCCESS,this.correlationId,R.Redirect,t);const l=this.config.auth.onRedirectNavigate;if(typeof l=="function")if(l(c)!==!1){this.logger.verbose("06v57e",this.correlationId),this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),await this.navigationClient.navigateExternal(c,s);return}else this.browserStorage.setInteractionInProgress(!1),this.logger.verbose("0xqes1",this.correlationId);else{this.browserStorage.getInteractionInProgress()||this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),await this.navigationClient.navigateExternal(c,s);return}}catch(s){throw s instanceof oe&&(s.correlationId=this.correlationId,n.cacheFailedRequest(s)),this.eventHandler.emitEvent(P.LOGOUT_FAILURE,this.correlationId,R.Redirect,null,s),this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Redirect),s}this.eventHandler.emitEvent(P.LOGOUT_END,this.correlationId,R.Redirect)}getRedirectStartPage(e){const t=e||window.location.href,n=B.getAbsoluteUrl(t,_t(),this.correlationId);return Ny(n,this.logger,this.correlationId),n}}/*! @azure/msal-browser v5.16.0 2026-06-30 */async function HC(r,e,t,n){if(!e)throw t.info("1l7hyp",n),A(oc,n);return r.src=e,r}async function KC(r,e,t,n,o,i){if(!r.contentDocument)throw"No document associated with iframe!";return(await bc(r.contentDocument,e,t,n,o,i)).submit(),r}async function FC(r,e,t,n,o,i){if(!r.contentDocument)throw"No document associated with iframe!";return(await vc(r.contentDocument,e,t,n,o,i)).submit(),r}function Tl(){const r=document.createElement("iframe");return r.className="msalSilentIframe",r.title="Microsoft Authentication",r.style.visibility="hidden",r.style.position="absolute",r.style.width=r.style.height="0",r.style.border="0",r.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms"),r.setAttribute("allow","local-network-access *"),document.body.appendChild(r),r}function kl(r){document.body===r.parentNode&&document.body.removeChild(r)}/*! @azure/msal-browser v5.16.0 2026-06-30 */class jC extends hr{constructor(e,t,n,o,i,s,a,c,l,h,d,p){super(e,t,n,o,i,s,c,h,d),this.apiId=a,this.nativeStorage=l,this.waitForIframeResponseHook=p}async acquireToken(e){!e.loginHint&&!e.sid&&(!e.account||!e.account.username)&&this.logger.warning("1kl318",this.correlationId);const t={...e};t.prompt?t.prompt!==be.NONE&&t.prompt!==be.NO_SESSION&&(this.logger.warning(`0bmctg ${t.prompt} ${be.NONE}`,this.correlationId),t.prompt=be.NONE):t.prompt=be.NONE;const n=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(t,R.Silent,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId);return n.platformBroker=$r(this.config,this.logger,this.correlationId,this.platformAuthProvider,n.authenticationScheme),Ju(n.authority),this.config.system.protocolMode===Me.EAR?this.executeEarFlow(n):this.executeCodeFlow(n)}async executeCodeFlow(e){let t;const n=Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{return t=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,e.correlationId)({serverTelemetryManager:n,requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account}),await w(this.silentTokenHelper.bind(this),Qh,this.logger,this.performanceClient,e.correlationId)(t,e)}catch(o){if(o instanceof oe&&(o.correlationId=this.correlationId,n.cacheFailedRequest(o)),!t||!(o instanceof oe)||o.errorCode!==Ye.INVALID_GRANT_ERROR)throw o;return this.performanceClient.addFields({retryError:o.errorCode},this.correlationId),await w(this.silentTokenHelper.bind(this),Qh,this.logger,this.performanceClient,this.correlationId)(t,e)}}async executeEarFlow(e){const{correlationId:t,authority:n,azureCloudOptions:o,extraQueryParameters:i,account:s}=e,a=await w(At,yn,this.logger,this.performanceClient,t)(this.config,this.correlationId,this.performanceClient,this.browserStorage,this.logger,n,o,i,s),c=await w(dc,rc,this.logger,this.performanceClient,t)(),l=await w(kn,Tn,this.logger,this.performanceClient,t)(this.performanceClient,this.logger,t),h={...e,earJwk:c,codeChallenge:l.challenge},d=Tl(),p=this.config.auth.OIDCOptions.responseMode;let u;try{const g=w(this.waitForIframeResponse.bind(this),ii,this.logger,this.performanceClient,t)(d,e);g.catch(()=>{}),await w(FC,ls,this.logger,this.performanceClient,t)(d,this.config,a,h,this.logger,this.performanceClient),u=await g}finally{ze(kl,qh,this.logger,this.performanceClient,t)(d)}const f=ze(Kr,Hr,this.logger,this.performanceClient,t)(u,p,this.logger,this.correlationId);if(!f.ear_jwe&&f.code){const g=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,t)({serverTelemetryManager:Re(this.apiId,this.config.auth.clientId,t,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),requestAuthority:e.authority,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account,authority:a});return w($n,Gn,this.logger,this.performanceClient,t)(h,f,l.verifier,this.apiId,this.config,g,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}else return w(Cc,nc,this.logger,this.performanceClient,t)(h,f,this.apiId,this.config,a,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async verifySso(e){const t={...e};t.prompt||(t.prompt=be.NONE);const n=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(t,R.Silent,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId),o=await w(this.createAuthCodeClient.bind(this),Et,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),requestAuthority:n.authority,requestAzureCloudOptions:n.azureCloudOptions,requestExtraQueryParameters:n.extraQueryParameters,account:n.account}),{serverParams:i}=await this.silentAuthorizeHelper(o,n),s=n.correlationId;return Ya(i,n.state,s),i.code?(this.logger.verbose("0kkkcj",s),!0):(this.logger.warning("0y34ti",s),!1)}logout(){return Promise.reject(A(sc,""))}async silentTokenHelper(e,t){const{serverParams:n,pkceCodes:o}=await this.silentAuthorizeHelper(e,t);return w($n,Gn,this.logger,this.performanceClient,t.correlationId)(t,n,o.verifier,this.apiId,this.config,e,this.browserStorage,this.nativeStorage,this.eventHandler,this.logger,this.performanceClient,this.platformAuthProvider)}async silentAuthorizeHelper(e,t){const n=t.correlationId,o=await w(kn,Tn,this.logger,this.performanceClient,n)(this.performanceClient,this.logger,n),i={...t,codeChallenge:o.challenge},s=Tl(),a=this.config.auth.OIDCOptions.responseMode;let c;try{const h=w(this.waitForIframeResponse.bind(this),ii,this.logger,this.performanceClient,n)(s,t);if(h.catch(()=>{}),t.httpMethod===Wn.POST)await w(KC,ls,this.logger,this.performanceClient,n)(s,this.config,e.authority,i,this.logger,this.performanceClient);else{const d=await w(wc,Ga,this.logger,this.performanceClient,n)(this.config,e.authority,i,this.logger,this.performanceClient);await w(HC,ls,this.logger,this.performanceClient,n)(s,d,this.logger,n)}c=await h}finally{ze(kl,qh,this.logger,this.performanceClient,n)(s)}return{serverParams:ze(Kr,Hr,this.logger,this.performanceClient,n)(c,a,this.logger,this.correlationId),pkceCodes:o,silentRequest:i}}async waitForIframeResponse(e,t){return this.waitForIframeResponseHook?this.waitForIframeResponseHook(e,t):ai(this.config.system.iframeBridgeTimeout,this.logger,t,this.performanceClient,this.config.experimental)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class zC extends hr{async acquireToken(e){const t=await w(mc,tc,this.logger,this.performanceClient,e.correlationId)(e,this.config,this.performanceClient,this.logger,this.correlationId),n={...e,...t};e.redirectUri&&(n.redirectUri=ci(e.redirectUri,this.config.auth.redirectUri,this.logger,this.correlationId));const o=Re(z.acquireTokenSilent_silentFlow,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled),i=await this.createRefreshTokenClient({serverTelemetryManager:o,authorityUrl:n.authority,azureCloudOptions:n.azureCloudOptions,account:n.account});return w(i.acquireTokenByRefreshToken.bind(i),gv,this.logger,this.performanceClient,e.correlationId)(n,z.acquireTokenSilent_silentFlow).catch(s=>{throw s.correlationId=this.correlationId,o.cacheFailedRequest(s),s})}logout(){return Promise.reject(A(sc,""))}async createRefreshTokenClient(e){const t=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:e.serverTelemetryManager,requestAuthority:e.authorityUrl,requestAzureCloudOptions:e.azureCloudOptions,requestExtraQueryParameters:e.extraQueryParameters,account:e.account});return new Gw(t,this.performanceClient)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class WC extends Tu{constructor(e,t){super(e,t),this.includeRedirectUri=!1}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class JC extends hr{constructor(e,t,n,o,i,s,a,c,l,h){super(e,t,n,o,i,s,c,l,h),this.apiId=a}async acquireToken(e){if(!e.code)throw A(tb,this.correlationId);const t=await w(Zr,Gr,this.logger,this.performanceClient,this.correlationId)(e,R.Silent,this.config,this.browserCrypto,this.browserStorage,this.logger,this.performanceClient,this.correlationId),n=Re(this.apiId,this.config.auth.clientId,this.correlationId,this.browserStorage,this.logger,void 0,this.config.system.serverTelemetryEnabled);try{const o={...t,code:e.code},i=await w(this.getClientConfiguration.bind(this),Si,this.logger,this.performanceClient,this.correlationId)({serverTelemetryManager:n,requestAuthority:t.authority,requestAzureCloudOptions:t.azureCloudOptions,requestExtraQueryParameters:t.extraQueryParameters,account:t.account}),s=new WC(i,this.performanceClient);this.logger.verbose("1uic5e",this.correlationId);const a=new Zu(s,this.browserStorage,o,this.logger,this.performanceClient);return await w(a.handleCodeResponseFromServer.bind(a),du,this.logger,this.performanceClient,this.correlationId)({code:e.code,msgraph_host:e.msGraphHost,cloud_graph_host_name:e.cloudGraphHostName,cloud_instance_host_name:e.cloudInstanceHostName},t,this.apiId,!1)}catch(o){throw o instanceof oe&&(o.correlationId=this.correlationId,n.cacheFailedRequest(o)),o}}logout(){return Promise.reject(A(sc,""))}}/*! @azure/msal-browser v5.16.0 2026-06-30 */function BC(r,e,t,n){var a;const o=((a=window.msal)==null?void 0:a.clientIds)||[],i=o.length,s=o.filter(c=>c===r).length;s>1&&t.warning("1e88vg",n),e.add({msalInstanceCount:i,sameClientIdInstanceCount:s})}/*! @azure/msal-browser v5.16.0 2026-06-30 */function Ro(r,e,t,n){try{pc(r),ku(t.auth.isMcp,n)}catch(o){throw e.end({success:!1},o,n.account),o}}class kc{constructor(e){this.operatingContext=e,this.isBrowserEnvironment=this.operatingContext.isBrowserEnvironment(),this.config=e.getConfig(),this.initialized=!1,this.logger=this.operatingContext.getLogger(),this.networkClient=this.config.system.networkClient,this.navigationClient=this.config.system.navigationClient,this.redirectResponse=new Map,this.hybridAuthCodeResponses=new Map,this.performanceClient=this.config.telemetry.client,this.browserCrypto=this.isBrowserEnvironment?new Ot(this.logger,this.performanceClient):Qo,this.eventHandler=new lC(this.logger),this.browserStorage=this.isBrowserEnvironment?new ta(this.config.auth.clientId,this.config.cache,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler,Jw(this.config.auth)):oC(this.config.auth.clientId,this.logger,this.performanceClient,this.eventHandler);const t={cacheLocation:yt.MemoryStorage,cacheRetentionDays:5};this.nativeInternalStorage=new ta(this.config.auth.clientId,t,this.browserCrypto,this.logger,this.performanceClient,this.eventHandler),this.activeSilentTokenRequests=new Map,this.trackStateChange=this.trackStateChange.bind(this),this.trackStateChangeWithMeasurement=this.trackStateChangeWithMeasurement.bind(this)}static async createController(e,t){const n=new kc(e);return await n.initialize(t),n}trackStateChange(e,t){e&&(t.type==="visibilitychange"?(this.logger.info("16v6hv",e),this.performanceClient.incrementFields({visibilityChangeCount:1},e)):t.type==="online"?(this.logger.info("0zirfd",e),this.performanceClient.incrementFields({onlineStatusChangeCount:1},e)):t.type==="offline"&&(this.logger.info("1xk9ef",e),this.performanceClient.incrementFields({onlineStatusChangeCount:1},e)))}async initialize(e){const t=this.getRequestCorrelationId(e);if(this.logger.trace("1f7joy",t),this.initialized){this.logger.info("061m5x",t);return}if(!this.isBrowserEnvironment){this.logger.info("19fvpi",t),this.initialized=!0,this.eventHandler.emitEvent(P.INITIALIZE_END,t);return}const n=this.config.system.allowPlatformBroker,o=this.performanceClient.startMeasurement(Zb,t);if(this.eventHandler.emitEvent(P.INITIALIZE_START,t),this.logMultipleInstances(o,t),o.add({isMcp:this.config.auth.isMcp}),await w(this.browserStorage.initialize.bind(this.browserStorage),yv,this.logger,this.performanceClient,t)(t),n)try{this.platformAuthProvider=await MC(this.logger,this.performanceClient,t,this.config.system.nativeBrokerHandshakeTimeout,this.config.experimental.allowPlatformBrokerWithDOM)}catch(i){this.logger.verbose(i,t)}this.config.cache.cacheLocation===yt.LocalStorage&&this.eventHandler.subscribeCrossTab(),!this.config.system.navigatePopups&&await this.preGeneratePkceCodes(t),this.initialized=!0,this.eventHandler.emitEvent(P.INITIALIZE_END,t),o.end({allowPlatformBroker:n,success:!0})}async handleRedirectPromise(e){if(this.logger.verbose("02l8bm",""),Wu(this.initialized),this.isBrowserEnvironment){const t=(e==null?void 0:e.hash)||"";let n=this.redirectResponse.get(t);return typeof n>"u"?(n=this.handleRedirectPromiseInternal(e),this.redirectResponse.set(t,n),this.logger.verbose("1wn9kp","")):this.logger.verbose("0w0gm3",""),n}return this.logger.verbose("12xi63",""),null}async handleRedirectPromiseInternal(e){var l;if(!this.browserStorage.isInteractionInProgress(!0))return this.logger.info("0le6uv",""),null;if(((l=this.browserStorage.getInteractionInProgress())==null?void 0:l.type)===Bt.SIGNOUT)return this.logger.verbose("1ywcv2",""),this.browserStorage.setInteractionInProgress(!1),Promise.resolve(null);const n=this.getAllAccounts(),o=this.browserStorage.getCachedNativeRequest(),i=o&&!(e!=null&&e.hash);let s,a,c;try{if(i&&this.platformAuthProvider){const h=(o==null?void 0:o.correlationId)||"";this.eventHandler.emitEvent(P.HANDLE_REDIRECT_START,h,R.Redirect),s=this.performanceClient.startMeasurement(fs,h),this.logger.trace("12v7is",h),s.add({isPlatformBrokerRequest:!0});const d=new Lo(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.handleRedirectPromise,this.performanceClient,this.platformAuthProvider,o.accountId,this.nativeInternalStorage,o.correlationId);a=w(d.handleRedirectPromise.bind(d),Iv,this.logger,this.performanceClient,s.event.correlationId)()}else{const[h,d]=this.browserStorage.getCachedRequest("");c=h;const p=h.correlationId;this.eventHandler.emitEvent(P.HANDLE_REDIRECT_START,p,R.Redirect),s=this.performanceClient.startMeasurement(fs,p),this.logger.trace("0znzs5",p);const u=this.createRedirectClient(p);a=w(u.handleRedirectPromise.bind(u),_v,this.logger,this.performanceClient,s.event.correlationId)(h,d,s,e)}}catch(h){throw this.browserStorage.resetRequestCache(""),h}return a.then(h=>(h?(this.browserStorage.resetRequestCache(h.correlationId),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,h.correlationId,R.Redirect,h),this.logger.verbose("0ui8f5",h.correlationId),n.length<this.getAllAccounts().length&&(this.eventHandler.emitEvent(P.LOGIN_SUCCESS,h.correlationId,R.Redirect,h.account),this.logger.verbose("16im3l",h.correlationId)),s.end({success:!0},void 0,h.account),this.verifySsoCapability(c,R.Redirect)):s.event.errorCode?s.end({success:!1},void 0):s.discard(),this.eventHandler.emitEvent(P.HANDLE_REDIRECT_END,s.event.correlationId,R.Redirect),h)).catch(h=>{this.browserStorage.resetRequestCache(s.event.correlationId);const d=h;throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,s.event.correlationId,R.Redirect,null,d),this.eventHandler.emitEvent(P.HANDLE_REDIRECT_END,s.event.correlationId,R.Redirect),s.end({success:!1},d),h})}async acquireTokenRedirect(e){const t=this.getRequestCorrelationId(e);this.logger.verbose("0os66p",t),dl(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNIN);const n=this.performanceClient.startMeasurement(Gb,t);n.add({scenarioId:e.scenarioId});const o=this.config.auth.onRedirectNavigate;this.config.auth.onRedirectNavigate=i=>{const s=typeof o=="function"?o(i):void 0;return n.add({navigateCallbackResult:s!==!1}),n.event=n.end({success:!0},void 0,e.account)||n.event,s};try{ku(this.config.auth.isMcp,e),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Redirect,e);let i;if(this.platformAuthProvider&&this.canUsePlatformBroker(e)){const s=new Lo(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.acquireTokenRedirect,this.performanceClient,this.platformAuthProvider,this.getNativeAccountId(e),this.nativeInternalStorage,t);i=w(s.acquireTokenRedirect.bind(s),fv,this.logger,this.performanceClient,t)(e,n).catch(a=>{if(n.add({brokerErrorName:a.name,brokerErrorCode:a.errorCode}),a instanceof qe&&Un(a))return this.platformAuthProvider=void 0,this.createRedirectClient(t).acquireToken(e);if(a instanceof st)return this.logger.verbose("1ipyz4",t),this.createRedirectClient(t).acquireToken(e);throw a})}else i=this.createRedirectClient(t).acquireToken(e);return await i}catch(i){throw this.browserStorage.resetRequestCache(t),n.event.status===2?this.performanceClient.startMeasurement(fs,t).end({success:!1},i,e.account):n.end({success:!1},i,e.account),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Redirect,null,i),i}}acquireTokenPopup(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(Bb,t);n.add({scenarioId:e.scenarioId});try{this.logger.verbose("0ch87b",t),Ro(this.initialized,n,this.config,e),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNIN,e.overrideInteractionInProgress,t)}catch(a){return Promise.reject(a)}const o=this.getAllAccounts();this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Popup,e);let i;const s=this.getPreGeneratedPkceCodes(t);return this.canUsePlatformBroker(e)?(n.add({isPlatformBrokerRequest:!0}),i=this.acquireTokenNative({...e,correlationId:t},z.acquireTokenPopup).then(a=>(n.end({success:!0,isNativeBroker:!0},void 0,a.account),a)).catch(a=>{if(n.add({brokerErrorName:a.name,brokerErrorCode:a.errorCode}),a instanceof qe&&Un(a))return this.platformAuthProvider=void 0,this.createPopupClient(t).acquireToken(e,s);if(a instanceof st)return this.logger.verbose("0yy5fw",t),this.createPopupClient(t).acquireToken(e,s);throw a})):i=this.createPopupClient(t).acquireToken(e,s),i.then(a=>{const c=o.length<this.getAllAccounts().length;return this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,t,R.Popup,a),c&&this.eventHandler.emitEvent(P.LOGIN_SUCCESS,t,R.Popup,a.account),n.end({success:!0,accessTokenSize:a.accessToken.length,idTokenSize:a.idToken.length},void 0,a.account),this.verifySsoCapability(e,R.Popup),a}).catch(a=>(this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Popup,null,a),n.end({success:!1},a,e.account),Promise.reject(a))).finally(async()=>{this.browserStorage.setInteractionInProgress(!1),this.config.system.navigatePopups||await this.preGeneratePkceCodes(t)})}trackStateChangeWithMeasurement(e){const t=this.ssoSilentMeasurement||this.acquireTokenByCodeAsyncMeasurement;t&&(e.type==="visibilitychange"?(this.logger.info(`0yzimq ${t.event.name}`,t.event.correlationId),t.increment({visibilityChangeCount:1})):e.type==="online"?(this.logger.info(`1caf53 ${t.event.name}`,t.event.correlationId),t.increment({onlineStatusChangeCount:1})):e.type==="offline"&&(this.logger.info(`0fdyk7 ${t.event.name}`,t.event.correlationId),t.increment({onlineStatusChangeCount:1})))}addStateChangeListeners(e){document.addEventListener("visibilitychange",e),window.addEventListener("online",e),window.addEventListener("offline",e)}removeStateChangeListeners(e){document.removeEventListener("visibilitychange",e),window.removeEventListener("online",e),window.removeEventListener("offline",e)}getCachedSsoCapable(){try{const e=window.localStorage.getItem(yl);if(e){const t=JSON.parse(e);if(t&&typeof t.ssoCapable=="boolean"&&t.expiresOn&&Date.now()<t.expiresOn)return t.ssoCapable}}catch{}}verifySsoCapability(e,t){if(!this.config.auth.verifySSO)return;const n=yl,o=1440*60*1e3;if(this.getCachedSsoCapable()!==void 0){this.logger.verbose(`13poou ${t}`,"");return}const s=en(),a=this.performanceClient.startMeasurement(Xb,s);a.add({"ext.interactionType":t}),this.logger.verbose(`0pbr0i ${t}`,s),setTimeout(()=>{const c={...e,correlationId:s};this.createSilentIframeClient(s).verifySso(c).then(h=>{this.logger.verbose(`1gd1iv ${t} ${h}`,s);try{const d=JSON.stringify({ssoCapable:h,expiresOn:Date.now()+o});window.localStorage.setItem(n,d)}catch{this.logger.warning(`18lmoj ${t}`,s)}a.end({fromCache:!1,success:h},void 0)}).catch(h=>{this.logger.warning(`05g83w ${t} ${h.message}`,s);try{window.localStorage.removeItem(n)}catch{this.logger.warning(`0nlf9q ${t}`,s)}a.end({fromCache:!1,success:!1},h)})},0)}async ssoSilent(e){var s,a,c;const t=this.getRequestCorrelationId(e),n={...e,correlationId:t};this.ssoSilentMeasurement=this.performanceClient.startMeasurement(Vb,t),(s=this.ssoSilentMeasurement)==null||s.add({scenarioId:e.scenarioId,ssoCapable:this.getCachedSsoCapable()}),Ro(this.initialized,this.ssoSilentMeasurement,this.config,n),(a=this.ssoSilentMeasurement)==null||a.increment({visibilityChangeCount:0,onlineStatusChangeCount:0}),this.addStateChangeListeners(this.trackStateChangeWithMeasurement);const o=this.getAllAccounts();this.logger.verbose("0w1b45",t),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Silent,n);let i;return this.canUsePlatformBroker(n)?((c=this.ssoSilentMeasurement)==null||c.add({isPlatformBrokerRequest:!0}),i=this.acquireTokenNative(n,z.ssoSilent).catch(l=>{var h;if((h=this.ssoSilentMeasurement)==null||h.add({brokerErrorName:l.name,brokerErrorCode:l.errorCode}),l instanceof qe&&Un(l))return this.platformAuthProvider=void 0,this.createSilentIframeClient(n.correlationId).acquireToken(n);throw l})):i=this.createSilentIframeClient(n.correlationId).acquireToken(n),i.then(l=>{var d;const h=o.length<this.getAllAccounts().length;return this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,t,R.Silent,l),h&&this.eventHandler.emitEvent(P.LOGIN_SUCCESS,t,R.Silent,l.account),(d=this.ssoSilentMeasurement)==null||d.end({success:!0,isNativeBroker:l.fromPlatformBroker,accessTokenSize:l.accessToken.length,idTokenSize:l.idToken.length},void 0,l.account),l}).catch(l=>{var h;throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Silent,null,l),(h=this.ssoSilentMeasurement)==null||h.end({success:!1},l,e.account),l}).finally(()=>{this.removeStateChangeListeners(this.trackStateChangeWithMeasurement)})}async acquireTokenByCode(e){const t=this.getRequestCorrelationId(e);this.logger.trace("0ch6ga",t);const n=this.performanceClient.startMeasurement(Jb,t);Ro(this.initialized,n,this.config,e),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,t,R.Silent,e),n.add({scenarioId:e.scenarioId});try{if(e.code&&e.nativeAccountId)throw A(rb,t);if(e.code){const o=e.code;let i=this.hybridAuthCodeResponses.get(o);return i?(this.logger.verbose("0qgp28",t),n.discard()):(this.logger.verbose("06eh73",t),i=this.acquireTokenByCodeAsync({...e,correlationId:t}).then(s=>(this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,t,R.Silent,s),this.hybridAuthCodeResponses.delete(o),n.end({success:!0,accessTokenSize:s.accessToken.length,idTokenSize:s.idToken.length},void 0,s.account),s)).catch(s=>{throw this.hybridAuthCodeResponses.delete(o),this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Silent,null,s),n.end({success:!1},s),s}),this.hybridAuthCodeResponses.set(o,i)),await i}else if(e.nativeAccountId)if(this.canUsePlatformBroker(e,e.nativeAccountId)){n.add({isPlatformBrokerRequest:!0});const o=await this.acquireTokenNative({...e,correlationId:t},z.acquireTokenByCode,e.nativeAccountId).catch(i=>{throw n.add({brokerErrorName:i.name,brokerErrorCode:i.errorCode}),i instanceof qe&&Un(i)&&(this.platformAuthProvider=void 0),i});return n.end({success:!0},void 0,o.account),o}else throw A(ob,t);else throw A(nb,t)}catch(o){throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,t,R.Silent,null,o),n.end({success:!1},o),o}}async acquireTokenByCodeAsync(e){var i;const t=this.getRequestCorrelationId(e);return this.logger.trace("10d9hy",t),this.acquireTokenByCodeAsyncMeasurement=this.performanceClient.startMeasurement(kv,t),(i=this.acquireTokenByCodeAsyncMeasurement)==null||i.increment({visibilityChangeCount:0,onlineStatusChangeCount:0}),this.addStateChangeListeners(this.trackStateChangeWithMeasurement),await this.createSilentAuthCodeClient(t).acquireToken(e).then(s=>{var a;return(a=this.acquireTokenByCodeAsyncMeasurement)==null||a.end({success:!0,fromCache:s.fromCache}),s}).catch(s=>{var a;throw(a=this.acquireTokenByCodeAsyncMeasurement)==null||a.end({success:!1},s),s}).finally(()=>{this.removeStateChangeListeners(this.trackStateChangeWithMeasurement)})}async acquireTokenFromCache(e,t){switch(t){case Se.Default:case Se.AccessToken:case Se.AccessTokenAndRefreshToken:const n=this.createSilentCacheClient(e.correlationId);return w(n.acquireToken.bind(n),lv,this.logger,this.performanceClient,e.correlationId)(e);default:throw T(Zt,e.correlationId)}}async acquireTokenByRefreshToken(e,t){switch(t){case Se.Default:case Se.AccessTokenAndRefreshToken:case Se.RefreshToken:case Se.RefreshTokenAndNetwork:const n=this.createSilentRefreshClient(e.correlationId);return w(n.acquireToken.bind(n),pv,this.logger,this.performanceClient,e.correlationId)(e);default:throw T(Zt,e.correlationId)}}async acquireTokenBySilentIframe(e){const t=this.createSilentIframeClient(e.correlationId);return w(t.acquireToken.bind(t),dv,this.logger,this.performanceClient,e.correlationId)(e)}async logoutRedirect(e){const t=this.getRequestCorrelationId(e);return dl(this.initialized,this.config),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),this.createRedirectClient(t).logout(e)}logoutPopup(e){try{const t=this.getRequestCorrelationId(e);return pc(this.initialized),this.browserStorage.setInteractionInProgress(!0,Bt.SIGNOUT),this.createPopupClient(t).logout(e).finally(()=>{this.browserStorage.setInteractionInProgress(!1)})}catch(t){return Promise.reject(t)}}async clearCache(e){if(!this.isBrowserEnvironment)return;const t=this.getRequestCorrelationId(e);return this.createSilentCacheClient(t).logout(e)}getAllAccounts(e){return iC(this.logger,this.browserStorage,this.isBrowserEnvironment,this.getRequestCorrelationId(),e)}getAccount(e){return sC(e,this.logger,this.browserStorage,this.getRequestCorrelationId())}setActiveAccount(e){aC(e,this.browserStorage,this.getRequestCorrelationId())}getActiveAccount(){return cC(this.browserStorage,this.getRequestCorrelationId())}async hydrateCache(e,t){this.logger.verbose("16jycr",e.correlationId);const n=Gy(e.account,e.cloudGraphHostName,e.msGraphHost);if(await this.browserStorage.setAccount(n,e.correlationId,mt(e.idTokenClaims),z.hydrateCache),e.fromPlatformBroker){this.logger.verbose("1i5atf",e.correlationId);const o=bi(e.account.homeAccountId,e.account.environment,e.idToken,this.config.auth.clientId,e.tenantId),i=Ci(e.account.homeAccountId,e.account.environment,e.accessToken,this.config.auth.clientId,e.tenantId,e.scopes.join(" "),e.expiresOn?ni(e.expiresOn):0,e.extExpiresOn?ni(e.extExpiresOn):0,ve,t.correlationId||"",void 0,e.tokenType,void 0,t.sshKid);t.resource&&(i.resource=t.resource);const s=mt(e.idTokenClaims);await this.browserStorage.setIdTokenCredential(o,e.correlationId,s),await this.nativeInternalStorage.setAccessTokenCredential(i,e.correlationId,s)}else return this.browserStorage.hydrateCache(e,t)}async acquireTokenNative(e,t,n,o){const i=this.getRequestCorrelationId(e);if(this.logger.trace("0b9y3p",i),!this.platformAuthProvider)throw A(Nu,i);const s=new Lo(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,t,this.performanceClient,this.platformAuthProvider,n||this.getNativeAccountId(e),this.nativeInternalStorage,i);return w(s.acquireToken.bind(s),ec,this.logger,this.performanceClient,i)(e,o)}canUsePlatformBroker(e,t){const n=this.getRequestCorrelationId(e);if(this.logger.trace("1n9lbl",n),!this.platformAuthProvider)return this.logger.trace("0vnu11",n),!1;if(!$r(this.config,this.logger,n,this.platformAuthProvider,e.authenticationScheme))return this.logger.trace("0yoy1g",n),!1;if(e.prompt)switch(e.prompt){case be.NONE:case be.CONSENT:case be.LOGIN:this.logger.trace("0vdv8e",n);break;default:return this.logger.trace(`0pdzw6 ${e.prompt}`,n),!1}return!t&&!this.getNativeAccountId(e)?(this.logger.trace("16lbtk",n),!1):!0}getNativeAccountId(e){const t=e.account||this.getAccount({loginHint:e.loginHint,sid:e.sid})||(!e.loginHint&&!e.sid?this.getActiveAccount():null);return t&&t.nativeAccountId||""}createPopupClient(e){var t;return new UC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,e,this.platformAuthProvider,(t=this.operatingContext.getResponseHandlers())==null?void 0:t.waitForPopupResponse)}createRedirectClient(e){return new LC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,this.nativeInternalStorage,e,this.platformAuthProvider)}createSilentIframeClient(e){var t;return new jC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.ssoSilent,this.performanceClient,this.nativeInternalStorage,e,this.platformAuthProvider,(t=this.operatingContext.getResponseHandlers())==null?void 0:t.waitForIframeResponse)}createSilentCacheClient(e){return new $u(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,e,this.platformAuthProvider)}createSilentRefreshClient(e){return new zC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,this.performanceClient,e,this.platformAuthProvider)}createSilentAuthCodeClient(e){return new JC(this.config,this.browserStorage,this.browserCrypto,this.logger,this.eventHandler,this.navigationClient,z.acquireTokenByCode,this.performanceClient,e,this.platformAuthProvider)}addEventCallback(e,t){return this.eventHandler.addEventCallback(e,t)}removeEventCallback(e){this.eventHandler.removeEventCallback(e)}addPerformanceCallback(e){return zu(),this.performanceClient.addPerformanceCallback(e)}removePerformanceCallback(e){return this.performanceClient.removePerformanceCallback(e)}getLogger(){return this.logger}setLogger(e){this.logger=e}initializeWrapperLibrary(e,t){this.browserStorage.setWrapperMetadata(e,t)}setNavigationClient(e){this.navigationClient=e}getConfiguration(){return this.config}getPerformanceClient(){return this.performanceClient}isBrowserEnv(){return this.isBrowserEnvironment}getRequestCorrelationId(e){return e!=null&&e.correlationId?e.correlationId:this.isBrowserEnvironment?en():""}async loginRedirect(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("0lz9hf",t),this.acquireTokenRedirect({correlationId:t,...e||sl})}loginPopup(e){const t=this.getRequestCorrelationId(e);return this.logger.verbose("0qw7v5",t),this.acquireTokenPopup({correlationId:t,...e||sl})}async acquireTokenSilent(e){const t=this.getRequestCorrelationId(e),n=this.performanceClient.startMeasurement(Wb,t);n.add({cacheLookupPolicy:e.cacheLookupPolicy,scenarioId:e.scenarioId,ssoCapable:this.getCachedSsoCapable()}),Ro(this.initialized,n,this.config,e),this.logger.verbose("0x1c4s",t);const o=e.account||this.getActiveAccount();if(!o)throw A(Xv,t);return this.acquireTokenSilentDeduped(e,o,t).then(i=>(n.end({success:!0,fromCache:i.fromCache,accessTokenSize:i.accessToken.length,idTokenSize:i.idToken.length},void 0,i.account),{...i,state:e.state,correlationId:t})).catch(i=>{throw i instanceof oe&&(i.correlationId=t),n.end({success:!1},i,o),i})}async acquireTokenSilentDeduped(e,t,n){const o=ki(this.config.auth.clientId,{...e,authority:e.authority||this.config.auth.authority},t.homeAccountId),i=JSON.stringify(o),s=this.activeSilentTokenRequests.get(i);if(typeof s>"u"){this.logger.verbose("0fcjbk",n),this.performanceClient.addFields({deduped:!1},n);const a=w(this.acquireTokenSilentAsync.bind(this),av,this.logger,this.performanceClient,n)({...e,correlationId:n},t);return this.activeSilentTokenRequests.set(i,a),a.finally(()=>{this.activeSilentTokenRequests.delete(i)})}else return this.logger.verbose("1yq7nb",n),this.performanceClient.addFields({deduped:!0},n),s}async acquireTokenSilentAsync(e,t){const n=a=>this.trackStateChange(e.correlationId,a);this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_START,e.correlationId,R.Silent,e),e.correlationId&&this.performanceClient.incrementFields({visibilityChangeCount:0,onlineStatusChangeCount:0},e.correlationId),this.addStateChangeListeners(n);const o=await w(dC,mv,this.logger,this.performanceClient,e.correlationId)(e,t,this.config,this.performanceClient,this.logger),i=e.cacheLookupPolicy||Se.Default;return this.acquireTokenSilentNoIframe(o,i).catch(async a=>{if(GC(a,i)){const l=`${a.errorCode}${a.subError?`|${a.subError}`:""}`;if(this.performanceClient.addFields({silentRefreshReason:l},e.correlationId),this.activeIframeRequest)if(i!==Se.Skip){const[h,d]=this.activeIframeRequest;this.logger.verbose(`1w8fso ${d}`,o.correlationId);const p=this.performanceClient.startMeasurement(uv,o.correlationId);p.add({awaitIframeCorrelationId:d});const u=await h;if(p.end({success:u}),u)return this.logger.verbose(`0ywzzi ${d}`,o.correlationId),this.acquireTokenSilentNoIframe(o,i);throw this.logger.info(`17y14q ${d}`,o.correlationId),a}else return this.logger.warning("1bd4p8",o.correlationId),w(this.acquireTokenBySilentIframe.bind(this),Yh,this.logger,this.performanceClient,o.correlationId)(o);else{let h;return this.activeIframeRequest=[new Promise(d=>{h=d}),o.correlationId],this.logger.verbose("0rh08z",o.correlationId),w(this.acquireTokenBySilentIframe.bind(this),Yh,this.logger,this.performanceClient,o.correlationId)(o).then(d=>(h(!0),d)).catch(d=>{throw h(!1),d}).finally(()=>{this.activeIframeRequest=void 0})}}else throw a}).then(a=>(this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_SUCCESS,e.correlationId,R.Silent,a),e.correlationId&&this.performanceClient.addFields({fromCache:a.fromCache,isNativeBroker:a.fromPlatformBroker},e.correlationId),a)).catch(a=>{throw this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_FAILURE,e.correlationId,R.Silent,null,a),a}).finally(()=>{this.removeStateChangeListeners(n)})}async acquireTokenSilentNoIframe(e,t){return $r(this.config,this.logger,e.correlationId,this.platformAuthProvider,e.authenticationScheme)&&e.account.nativeAccountId?(this.logger.verbose("0sczo4",e.correlationId),this.performanceClient.addFields({isPlatformBrokerRequest:!0},e.correlationId),this.acquireTokenNative(e,z.acquireTokenSilent_silentFlow,e.account.nativeAccountId,t).catch(async n=>{throw this.performanceClient.addFields({brokerErrorName:n.name,brokerErrorCode:n.errorCode},e.correlationId),n instanceof qe&&Un(n)?(this.logger.verbose("07rkmb",e.correlationId),this.platformAuthProvider=void 0,T(Zt,e.correlationId)):n})):(this.logger.verbose("0ox81t",e.correlationId),t===Se.AccessToken&&this.logger.verbose("0fvwxe",e.correlationId),w(this.acquireTokenFromCache.bind(this),iv,this.logger,this.performanceClient,e.correlationId)(e,t).catch(n=>{if(t===Se.AccessToken)throw n;return this.eventHandler.emitEvent(P.ACQUIRE_TOKEN_NETWORK_START,e.correlationId,R.Silent,e),w(this.acquireTokenByRefreshToken.bind(this),sv,this.logger,this.performanceClient,e.correlationId)(e,t)}))}async preGeneratePkceCodes(e){return this.logger.verbose("1x6uj6",e),this.pkceCode=await w(kn,Tn,this.logger,this.performanceClient,e)(this.performanceClient,this.logger,e),Promise.resolve()}getPreGeneratedPkceCodes(e){const t=this.pkceCode?{...this.pkceCode}:void 0;return this.pkceCode=void 0,t?this.logger.verbose("12js1o",e):this.logger.verbose("1oe9ci",e),this.performanceClient.addFields({usePreGeneratedPkce:!!t},e),t}logMultipleInstances(e,t){const n=this.config.auth.clientId;if(!window)return;window.msal=window.msal||{},window.msal.clientIds=window.msal.clientIds||[],window.msal.clientIds.length>0&&this.logger.verbose("1qtz3l",t),window.msal.clientIds.push(n),BC(n,e,this.logger,t)}}function GC(r,e){const t=!(r instanceof st&&r.subError!==Za),n=r.errorCode===Ye.INVALID_GRANT_ERROR||r.errorCode===Zt,o=t&&n||r.errorCode===Zs||r.errorCode===uu,i=yb.includes(e);return o&&i}/*! @azure/msal-browser v5.16.0 2026-06-30 */class _c{static loggerCallback(e,t){switch(e){case ie.Error:console.error(t);return;case ie.Info:console.info(t);return;case ie.Verbose:console.debug(t);return;case ie.Warning:console.warn(t);return;default:console.log(t);return}}constructor(e,t){var l;this.browserEnvironment=typeof window<"u",this.config=xC(e,this.browserEnvironment),this.responseHandlers=t;let n;try{n=window[yt.SessionStorage]}catch{}const o=n==null?void 0:n.getItem(Yb),i=(l=n==null?void 0:n.getItem(Qb))==null?void 0:l.toLowerCase(),s=i==="true"?!0:i==="false"?!1:void 0,a={...this.config.system.loggerOptions},c=o&&Object.keys(ie).includes(o)?ie[o]:void 0;c&&(a.loggerCallback=_c.loggerCallback,a.logLevel=c),s!==void 0&&(a.piiLoggingEnabled=s),this.logger=new ot(a,Pi,Nt),this.available=!1}getConfig(){return this.config}getResponseHandlers(){return this.responseHandlers}getLogger(){return this.logger}isAvailable(){return this.available}isBrowserEnvironment(){return this.browserEnvironment}}/*! @azure/msal-browser v5.16.0 2026-06-30 */class tr extends _c{getModuleName(){return tr.MODULE_NAME}getId(){return tr.ID}async initialize(e){return this.available=typeof window<"u",this.available}}tr.MODULE_NAME="";tr.ID="StandardOperatingContext";/*! @azure/msal-browser v5.16.0 2026-06-30 */class rT{constructor(e,t){this.controller=t||new kc(new tr(e,{waitForPopupResponse:this.waitForPopupResponse.bind(this),waitForIframeResponse:this.waitForIframeResponse.bind(this)}))}async waitForPopupResponse(e,t,n){const o=this.controller;return ai(o.getConfiguration().system.popupBridgeTimeout,o.getLogger(),e,o.getPerformanceClient())}async waitForIframeResponse(e,t){const n=this.controller,o=n.getConfiguration();return ai(o.system.iframeBridgeTimeout,n.getLogger(),t,n.getPerformanceClient(),o.experimental)}async initialize(e){return this.controller.initialize(e)}async acquireTokenPopup(e){return this.controller.acquireTokenPopup(e)}acquireTokenRedirect(e){return this.controller.acquireTokenRedirect(e)}acquireTokenSilent(e){return this.controller.acquireTokenSilent(e)}acquireTokenByCode(e){return this.controller.acquireTokenByCode(e)}addEventCallback(e,t){return this.controller.addEventCallback(e,t)}removeEventCallback(e){return this.controller.removeEventCallback(e)}addPerformanceCallback(e){return this.controller.addPerformanceCallback(e)}removePerformanceCallback(e){return this.controller.removePerformanceCallback(e)}getAccount(e){return this.controller.getAccount(e)}getAllAccounts(e){return this.controller.getAllAccounts(e)}handleRedirectPromise(e){return this.controller.handleRedirectPromise(e)}loginPopup(e){return this.controller.loginPopup(e)}loginRedirect(e){return this.controller.loginRedirect(e)}logoutRedirect(e){return this.controller.logoutRedirect(e)}logoutPopup(e){return this.controller.logoutPopup(e)}ssoSilent(e){return this.controller.ssoSilent(e)}getLogger(){return this.controller.getLogger()}setLogger(e){this.controller.setLogger(e)}setActiveAccount(e){this.controller.setActiveAccount(e)}getActiveAccount(){return this.controller.getActiveAccount()}initializeWrapperLibrary(e,t){return this.controller.initializeWrapperLibrary(e,t)}setNavigationClient(e){this.controller.setNavigationClient(e)}getConfiguration(){return this.controller.getConfiguration()}async hydrateCache(e,t){return this.controller.hydrateCache(e,t)}clearCache(e){return this.controller.clearCache(e)}}/*! @azure/msal-browser v5.16.0 2026-06-30 */const VC={initialize:()=>Promise.reject(he(Ie,"")),acquireTokenPopup:()=>Promise.reject(he(Ie,"")),acquireTokenRedirect:()=>Promise.reject(he(Ie,"")),acquireTokenSilent:()=>Promise.reject(he(Ie,"")),acquireTokenByCode:()=>Promise.reject(he(Ie,"")),getAllAccounts:()=>[],getAccount:()=>null,handleRedirectPromise:()=>Promise.reject(he(Ie,"")),loginPopup:()=>Promise.reject(he(Ie,"")),loginRedirect:()=>Promise.reject(he(Ie,"")),logoutRedirect:()=>Promise.reject(he(Ie,"")),logoutPopup:()=>Promise.reject(he(Ie,"")),ssoSilent:()=>Promise.reject(he(Ie,"")),addEventCallback:()=>null,removeEventCallback:()=>{},addPerformanceCallback:()=>"",removePerformanceCallback:()=>!1,getLogger:()=>{throw he(Ie,"")},setLogger:()=>{},setActiveAccount:()=>{},getActiveAccount:()=>null,initializeWrapperLibrary:()=>{},setNavigationClient:()=>{},getConfiguration:()=>{throw he(Ie,"")},hydrateCache:()=>Promise.reject(he(Ie,"")),clearCache:()=>Promise.reject(he(Ie,""))};/*! @azure/msal-browser v5.16.0 2026-06-30 */class ZC{static getInteractionStatusFromEvent(e,t){switch(e.eventType){case P.ACQUIRE_TOKEN_START:if(e.interactionType===R.Redirect||e.interactionType===R.Popup)return Ee.AcquireToken;break;case P.HANDLE_REDIRECT_START:return Ee.HandleRedirect;case P.LOGOUT_START:return Ee.Logout;case P.LOGOUT_END:if(t&&t!==Ee.Logout)break;return Ee.None;case P.HANDLE_REDIRECT_END:if(t&&t!==Ee.HandleRedirect)break;return Ee.None;case P.ACQUIRE_TOKEN_SUCCESS:case P.ACQUIRE_TOKEN_FAILURE:case P.RESTORE_FROM_BFCACHE:if(e.interactionType===R.Redirect||e.interactionType===R.Popup){if(t&&t!==Ee.AcquireToken)break;return Ee.None}break}return null}}/*! @azure/msal-react v5.5.1 2026-06-30 */const $C={instance:VC,inProgress:Ee.None,accounts:[],logger:new ot({})},Ic=L.createContext($C);Ic.Consumer;/*! @azure/msal-react v5.5.1 2026-06-30 */function _l(r,e){if(r.length!==e.length)return!1;const t=[...e];return r.every(n=>{const o=t.shift();return!n||!o?!1:n.homeAccountId===o.homeAccountId&&n.localAccountId===o.localAccountId&&n.username===o.username})}/*! @azure/msal-react v5.5.1 2026-06-30 */const XC="@azure/msal-react",Il="5.5.1";/*! @azure/msal-react v5.5.1 2026-06-30 */const ui={UNBLOCK_INPROGRESS:"UNBLOCK_INPROGRESS",EVENT:"EVENT"},YC=(r,e)=>{const{type:t,payload:n}=e;let o=r.inProgress;switch(t){case ui.UNBLOCK_INPROGRESS:r.inProgress===Ee.Startup&&(o=Ee.None,n.logger.info("MsalProvider - handleRedirectPromise resolved, setting inProgress to 'none'",""));break;case ui.EVENT:const s=n.message,a=ZC.getInteractionStatusFromEvent(s,r.inProgress);a&&(n.logger.info(`MsalProvider - '${s.eventType}' results in setting inProgress from '${r.inProgress}' to '${a}'`,""),o=a);break;default:throw new Error(`Unknown action type: ${t}`)}if(o===Ee.Startup)return r;const i=n.instance.getAllAccounts();return o!==r.inProgress&&!_l(i,r.accounts)?{...r,inProgress:o,accounts:i}:o!==r.inProgress?{...r,inProgress:o}:_l(i,r.accounts)?r:{...r,accounts:i}};function oT({instance:r,children:e}){L.useEffect(()=>{r.initializeWrapperLibrary(fb.React,Il)},[r]);const t=L.useMemo(()=>r.getLogger().clone(XC,Il),[r]),[n,o]=L.useReducer(YC,void 0,()=>({inProgress:Ee.Startup,accounts:[]}));L.useEffect(()=>{const s=r.addEventCallback(a=>{o({payload:{instance:r,logger:t,message:a},type:ui.EVENT})});return t.verbose(`MsalProvider - Registered event callback with id: '${s}'`,""),r.initialize().then(()=>{r.handleRedirectPromise().catch(()=>{}).finally(()=>{o({payload:{instance:r,logger:t},type:ui.UNBLOCK_INPROGRESS})})}).catch(()=>{}),()=>{s&&(t.verbose(`MsalProvider - Removing event callback '${s}'`,""),r.removeEventCallback(s))}},[r,t]);const i={instance:r,inProgress:n.inProgress,accounts:n.accounts,logger:t};return Sl.createElement(Ic.Provider,{value:i},e)}/*! @azure/msal-react v5.5.1 2026-06-30 */const QC=()=>L.useContext(Ic);/*! @azure/msal-react v5.5.1 2026-06-30 */function qC(r,e){return r.length>0}function iT(r){const{accounts:e,inProgress:t}=QC();return L.useMemo(()=>t===Ee.Startup?!1:qC(e),[e,t,r])}export{tT as A,oT as M,rT as P,nT as a,iT as b,QC as u};