69 lines
309 KiB
JavaScript
69 lines
309 KiB
JavaScript
|
/*! @azure/msal-browser v4.24.1 2025-09-30 */
|
||
|
|
"use strict";!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).msal={})}(this,(function(e){
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
const t={LIBRARY_NAME:"MSAL.JS",SKU:"msal.js.common",DEFAULT_AUTHORITY:"https://login.microsoftonline.com/common/",DEFAULT_AUTHORITY_HOST:"login.microsoftonline.com",DEFAULT_COMMON_TENANT:"common",ADFS:"adfs",DSTS:"dstsv2",AAD_INSTANCE_DISCOVERY_ENDPT:"https://login.microsoftonline.com/common/discovery/instance?api-version=1.1&authorization_endpoint=",CIAM_AUTH_URL:".ciamlogin.com",AAD_TENANT_DOMAIN_SUFFIX:".onmicrosoft.com",RESOURCE_DELIM:"|",NO_ACCOUNT:"NO_ACCOUNT",CLAIMS:"claims",CONSUMER_UTID:"9188040d-6c67-4c5b-b112-36a304b66dad",OPENID_SCOPE:"openid",PROFILE_SCOPE:"profile",OFFLINE_ACCESS_SCOPE:"offline_access",EMAIL_SCOPE:"email",CODE_GRANT_TYPE:"authorization_code",RT_GRANT_TYPE:"refresh_token",S256_CODE_CHALLENGE_METHOD:"S256",URL_FORM_CONTENT_TYPE:"application/x-www-form-urlencoded;charset=utf-8",AUTHORIZATION_PENDING:"authorization_pending",NOT_DEFINED:"not_defined",EMPTY_STRING:"",NOT_APPLICABLE:"N/A",NOT_AVAILABLE:"Not Available",FORWARD_SLASH:"/",IMDS_ENDPOINT:"http://169.254.169.254/metadata/instance/compute/location",IMDS_VERSION:"2020-06-01",IMDS_TIMEOUT:2e3,AZURE_REGION_AUTO_DISCOVER_FLAG:"TryAutoDetect",REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX:"login.microsoft.com",KNOWN_PUBLIC_CLOUDS:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"],SHR_NONCE_VALIDITY:240,INVALID_INSTANCE:"invalid_instance"},r=200,n=400,o=400,i=499,s=500,a=599,c="GET",l="POST",h=[t.OPENID_SCOPE,t.PROFILE_SCOPE,t.OFFLINE_ACCESS_SCOPE],d=[...h,t.EMAIL_SCOPE],u="Content-Type",g="Content-Length",p="Retry-After",m="X-AnchorMailbox",f="WWW-Authenticate",y="Authentication-Info",C="x-ms-request-id",v="x-ms-httpver",w="active-account-filters",I="common",T="organizations",A="consumers",k="access_token",S="xms_cc",b={LOGIN:"login",SELECT_ACCOUNT:"select_account",CONSENT:"consent",NONE:"none",CREATE:"create",NO_SESSION:"no_session"},E="code",R="id_token token refresh_token",_={QUERY:"query",FRAGMENT:"fragment"},P="query",M="authorization_code",O="refresh_token",q="MSSTS",N="ADFS",U="Generic",L="-",H=".",x={ID_TOKEN:"IdToken",ACCESS_TOKEN:"AccessToken",ACCESS_TOKEN_WITH_AUTH_SCHEME:"AccessToken_With_AuthScheme",REFRESH_TOKEN:"RefreshToken"},D="appmetadata",B="1",F="authority-metadata",z=86400,K="config",G="cache",$="network",Q="hardcoded_values",j={SCHEMA_VERSION:5,MAX_LAST_HEADER_BYTES:330,MAX_CACHED_ERRORS:50,CACHE_KEY:"server-telemetry",CATEGORY_SEPARATOR:"|",VALUE_SEPARATOR:",",OVERFLOW_TRUE:"1",OVERFLOW_FALSE:"0",UNKNOWN_ERROR:"unknown_error"},W={BEARER:"Bearer",POP:"pop",SSH:"ssh-cert"},V=60,J=3600,Y="throttling",X="retry-after, h429",Z="invalid_grant",ee="client_mismatch",te="1",re="3",ne="4",oe="2",ie="4",se="5",ae="0",ce="1",le="2",he="3",de="4",ue={Jwt:"JWT",Jwk:"JWK",Pop:"pop"},ge="unexpected_error",pe="post_request_failed";var me=Object.freeze({__proto__:null,postRequestFailed:pe,unexpectedError:ge});
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const fe={[ge]:"Unexpected error in authentication.",[pe]:"Post request failed from the network, could be a 4xx/5xx or a network unavailability. Please check the exact error code for details."},ye={unexpectedError:{code:ge,desc:fe[ge]},postRequestFailed:{code:pe,desc:fe[pe]}};class Ce extends Error{constructor(e,r,n){super(r?`${e}: ${r}`:e),Object.setPrototypeOf(this,Ce.prototype),this.errorCode=e||t.EMPTY_STRING,this.errorMessage=r||t.EMPTY_STRING,this.subError=n||t.EMPTY_STRING,this.name="AuthError"}setCorrelationId(e){this.correlationId=e}}function ve(e,t){return new Ce(e,t?`${fe[e]} ${t}`:fe[e])}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const we="client_info_decoding_error",Ie="client_info_empty_error",Te="token_parsing_error",Ae="null_or_empty_token",ke="endpoints_resolution_error",Se="network_error",be="openid_config_error",Ee="hash_not_deserialized",Re="invalid_state",_e="state_mismatch",Pe="state_not_found",Me="nonce_mismatch",Oe="auth_time_not_found",qe="max_age_transpired",Ne="multiple_matching_tokens",Ue="multiple_matching_accounts",Le="multiple_matching_appMetadata",He="request_cannot_be_made",xe="cannot_remove_empty_scope",De="cannot_append_scopeset",Be="empty_input_scopeset",Fe="device_code_polling_cancelled",ze="device_code_expired",Ke="device_code_unknown_error",Ge="no_account_in_silent_request",$e="invalid_cache_record",Qe="invalid_cache_environment",je="no_account_found",We="no_crypto_object",Ve="unexpected_credential_type",Je="invalid_assertion",Ye="invalid_client_credential",Xe="token_refresh_required",Ze="user_timeout_reached",et="token_claims_cnf_required_for_signedjwt",tt="authorization_code_missing_from_server_response",rt="binding_key_not_removed",nt="end_session_endpoint_not_supported",ot="key_id_missing",it="no_network_connectivity",st="user_canceled",at="missing_tenant_id_error",ct="method_not_implemented",lt="nested_app_auth_bridge_disabled";var ht=Object.freeze({__proto__:null,authTimeNotFound:Oe,authorizationCodeMissingFromServerResponse:tt,bindingKeyNotRemoved:rt,cannotAppendScopeSet:De,cannotRemoveEmptyScope:xe,clientInfoDecodingError:we,clientInfoEmptyError:Ie,deviceCodeExpired:ze,deviceCodePollingCancelled:Fe,deviceCodeUnknownError:Ke,emptyInputScopeSet:Be,endSessionEndpointNotSupported:nt,endpointResolutionError:ke,hashNotDeserialized:Ee,invalidAssertion:Je,invalidCacheEnvironment:Qe,invalidCacheRecord:$e,invalidClientCredential:Ye,invalidState:Re,keyIdMissing:ot,maxAgeTranspired:qe,methodNotImplemented:ct,missingTenantIdError:at,multipleMatchingAccounts:Ue,multipleMatchingAppMetadata:Le,multipleMatchingTokens:Ne,nestedAppAuthBridgeDisabled:lt,networkError:Se,noAccountFound:je,noAccountInSilentRequest:Ge,noCryptoObject:We,noNetworkConnectivity:it,nonceMismatch:Me,nullOrEmptyToken:Ae,openIdConfigError:be,requestCannotBeMade:He,stateMismatch:_e,stateNotFound:Pe,tokenClaimsCnfRequiredForSignedJwt:et,tokenParsingError:Te,tokenRefreshRequired:Xe,unexpectedCredentialType:Ve,userCanceled:st,userTimeoutReached:Ze});
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const dt={[we]:"The client info could not be parsed/decoded correctly",[Ie]:"The client info was empty",[Te]:"Token cannot be parsed",[Ae]:"The token is null or empty",[ke]:"Endpoints cannot be resolved",[Se]:"Network request failed",[be]:"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.",[Ee]:"The hash parameters could not be deserialized",[Re]:"State was not the expected format",[_e]:"State mismatch error",[Pe]:"State not found",[Me]:"Nonce mismatch error",[Oe]:"Max Age was requested and the ID token is missing the auth_time variable. auth_time is an optional claim and is not enabled by default - it must be enabled. See https://aka.ms/msaljs/optional-claims for more information.",[qe]:"Max Age is set to 0, or too much time has elapsed since the last end-user authentication.",[Ne]:"The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.",[Ue]:"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account",[Le]:"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata",[He]:"Token request cannot be made without authorization code or refresh token.",[xe]:"Cannot remove null or empty scope from ScopeSet",[De]:"Cannot append ScopeSet",[Be]:"Empty input ScopeSet cannot be processed",[Fe]:"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.",[ze]:"Device code is expired.",[Ke]:"Device code stopped polling for unknown reasons.",[Ge]:"Please pass an account object, silent flow is not supported without account information",[$e]:"Cache record object was null or undefined.",[Qe]:"Invalid environment when attempting to create cache entry",[je]:"No account found in cache for given key.",[We]:"No crypto object detected.",[Ve]:"Unexpected credential type.",[Je]:"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515",[Ye]:"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential",[Xe]:"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.",[Ze]:"User defined timeout for device code polling reached",[et]:"Cannot generate a POP jwt if the token_claims are not populated",[tt]:"Server response does not contain an authorization code to proceed",[rt]:"Could not remove the credential's binding key from storage.",[nt]:"The provided authority does not support logout",[ot]:"A keyId value is missing from the requested bound token's cache record and is required to match the token to it's stored binding key.",[it]:"No network connectivity. Check your internet connection.",[st]:"User cancelled the flow.",[at]:"A tenant id - not common, organizations, or consumers - must be specified when using the client_credentials flow.",[ct]:"This method has not been implemented",[lt]:"The nested app auth bridge is disabled"},ut={clientInfoDecodingError:{code:we,desc:dt[we]},clientInfoEmptyError:{code:Ie,desc:dt[Ie]},tokenParsingError:{code:Te,desc:dt[Te]},nullOrEmptyToken:{code:Ae,desc:dt[Ae]},endpointResolutionError:{code:ke,desc:dt[ke]},networkError:{code:Se,desc:dt[Se]},unableToGetOpenidConfigError:{code:be,desc:dt[be]},hashNotDeserialized:{code:Ee,desc:dt[Ee]},invalidStateError:{code:Re,desc:dt[Re]},stateMismatchError:{code:_e,desc:dt[_e]},stateNotFoundError:{code:Pe,desc:dt[Pe]},nonceMismatchError:{code:Me,desc:dt[Me]},authTimeNotFoundError:{code:Oe,desc:dt[Oe]},maxAgeTranspired:{code:qe,desc:dt[qe]},multipleMatchingTokens:{code:Ne,desc:dt[Ne]},multipleMatchingAccounts:{code:Ue,desc:dt[Ue]},multipleMatchingAppMetadata:{code:Le,desc:dt[Le]},to
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const mt={createNewGuid:()=>{throw pt(ct)},base64Decode:()=>{throw pt(ct)},base64Encode:()=>{throw pt(ct)},base64UrlEncode:()=>{throw pt(ct)},encodeKid:()=>{throw pt(ct)},async getPublicKeyThumbprint(){throw pt(ct)},async removeTokenBindingKey(){throw pt(ct)},async clearKeystore(){throw pt(ct)},async signJwt(){throw pt(ct)},async hashString(){throw pt(ct)}};
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */var ft;e.LogLevel=void 0,(ft=e.LogLevel||(e.LogLevel={}))[ft.Error=0]="Error",ft[ft.Warning=1]="Warning",ft[ft.Info=2]="Info",ft[ft.Verbose=3]="Verbose",ft[ft.Trace=4]="Trace";class yt{constructor(r,n,o){this.level=e.LogLevel.Info;const i=r||yt.createDefaultLoggerOptions();this.localCallback=i.loggerCallback||(()=>{}),this.piiLoggingEnabled=i.piiLoggingEnabled||!1,this.level="number"==typeof i.logLevel?i.logLevel:e.LogLevel.Info,this.correlationId=i.correlationId||t.EMPTY_STRING,this.packageName=n||t.EMPTY_STRING,this.packageVersion=o||t.EMPTY_STRING}static createDefaultLoggerOptions(){return{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info}}clone(e,t,r){return new yt({loggerCallback:this.localCallback,piiLoggingEnabled:this.piiLoggingEnabled,logLevel:this.level,correlationId:r||this.correlationId},e,t)}logMessage(t,r){if(r.logLevel>this.level||!this.piiLoggingEnabled&&r.containsPii)return;const n=`${`[${(new Date).toUTCString()}] : [${r.correlationId||this.correlationId||""}]`} : ${this.packageName}@${this.packageVersion} : ${e.LogLevel[r.logLevel]} - ${t}`;this.executeCallback(r.logLevel,n,r.containsPii||!1)}executeCallback(e,t,r){this.localCallback&&this.localCallback(e,t,r)}error(r,n){this.logMessage(r,{logLevel:e.LogLevel.Error,containsPii:!1,correlationId:n||t.EMPTY_STRING})}errorPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Error,containsPii:!0,correlationId:n||t.EMPTY_STRING})}warning(r,n){this.logMessage(r,{logLevel:e.LogLevel.Warning,containsPii:!1,correlationId:n||t.EMPTY_STRING})}warningPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Warning,containsPii:!0,correlationId:n||t.EMPTY_STRING})}info(r,n){this.logMessage(r,{logLevel:e.LogLevel.Info,containsPii:!1,correlationId:n||t.EMPTY_STRING})}infoPii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Info,containsPii:!0,correlationId:n||t.EMPTY_STRING})}verbose(r,n){this.logMessage(r,{logLevel:e.LogLevel.Verbose,containsPii:!1,correlationId:n||t.EMPTY_STRING})}verbosePii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Verbose,containsPii:!0,correlationId:n||t.EMPTY_STRING})}trace(r,n){this.logMessage(r,{logLevel:e.LogLevel.Trace,containsPii:!1,correlationId:n||t.EMPTY_STRING})}tracePii(r,n){this.logMessage(r,{logLevel:e.LogLevel.Trace,containsPii:!0,correlationId:n||t.EMPTY_STRING})}isPiiLoggingEnabled(){return this.piiLoggingEnabled||!1}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const Ct="@azure/msal-common",vt="15.13.0",wt={None:"none",AzurePublic:"https://login.microsoftonline.com",AzurePpe:"https://login.windows-ppe.net",AzureChina:"https://login.chinacloudapi.cn",AzureGermany:"https://login.microsoftonline.de",AzureUsGovernment:"https://login.microsoftonline.us"},It="redirect_uri_empty",Tt="claims_request_parsing_error",At="authority_uri_insecure",kt="url_parse_error",St="empty_url_error",bt="empty_input_scopes_error",Et="invalid_claims",Rt="token_request_empty",_t="logout_request_empty",Pt="invalid_code_challenge_method",Mt="pkce_params_missing",Ot="invalid_cloud_discovery_metadata",qt="invalid_authority_metadata",Nt="untrusted_authority",Ut="missing_ssh_jwk",Lt="missing_ssh_kid",Ht="missing_nonce_authentication_header",xt="invalid_authentication_header",Dt="cannot_set_OIDCOptions",Bt="cannot_allow_platform_broker",Ft="authority_mismatch",zt="invalid_request_method_for_EAR",Kt="invalid_authorize_post_body_parameters";var Gt=Object.freeze({__proto__:null,authorityMismatch:Ft,authorityUriInsecure:At,cannotAllowPlatformBroker:Bt,cannotSetOIDCOptions:Dt,claimsRequestParsingError:Tt,emptyInputScopesError:bt,invalidAuthenticationHeader:xt,invalidAuthorityMetadata:qt,invalidAuthorizePostBodyParameters:Kt,invalidClaims:Et,invalidCloudDiscoveryMetadata:Ot,invalidCodeChallengeMethod:Pt,invalidRequestMethodForEAR:zt,logoutRequestEmpty:_t,missingNonceAuthenticationHeader:Ht,missingSshJwk:Ut,missingSshKid:Lt,pkceParamsMissing:Mt,redirectUriEmpty:It,tokenRequestEmpty:Rt,untrustedAuthority:Nt,urlEmptyError:St,urlParseError:kt});
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const $t={[It]:"A redirect URI is required for all calls, and none has been set.",[Tt]:"Could not parse the given claims request object.",[At]:"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options",[kt]:"URL could not be parsed into appropriate segments.",[St]:"URL was empty or null.",[bt]:"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.",[Et]:"Given claims parameter must be a stringified JSON object.",[Rt]:"Token request was empty and not found in cache.",[_t]:"The logout request was null or undefined.",[Pt]:'code_challenge_method passed is invalid. Valid values are "plain" and "S256".',[Mt]:"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request",[Ot]:"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields",[qt]:"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.",[Nt]:"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.",[Ut]:"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.",[Lt]:"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.",[Ht]:"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.",[xt]:"Invalid authentication header provided",[Dt]:"Cannot set OIDCOptions parameter. Please change the protocol mode to OIDC or use a non-Microsoft authority.",[Bt]:"Cannot set allowPlatformBroker parameter to true when not in AAD protocol mode.",[Ft]:"Authority mismatch error. Authority provided in login request or PublicClientApplication config does not match the environment of the provided account. Please use a matching account or make an interactive request to login to this authority.",[Kt]:"Invalid authorize post body parameters provided. If you are using authorizePostBodyParameters, the request method must be POST. Please check the request method and parameters.",[zt]:"Invalid request method for EAR protocol mode. The request method cannot be GET when using EAR protocol mode. Please change the request method to POST."},Qt={redirectUriNotSet:{code:It,desc:$t[It]},claimsRequestParsingError:{code:Tt,desc:$t[Tt]},authorityUriInsecure:{code:At,desc:$t[At]},urlParseError:{code:kt,desc:$t[kt]},urlEmptyError:{code:St,desc:$t[St]},emptyScopesError:{code:bt,desc:$t[bt]},invalidClaimsRequest:{code:Et,desc:$t[Et]},tokenRequestEmptyError:{code:Rt,desc:$t[Rt]},logoutRequestEmptyError:{code:_t,desc:$t[_t]},invalidCodeChallengeMethod:{code:Pt,desc:$t[Pt]},invalidCodeChallengeParams:{code:Mt,desc:$t[Mt]},invalidCloudDiscoveryMetadata:{code:Ot,desc:$t[Ot]},invalidAuthorityMetadata:{code:qt,desc:$t[qt]},untrustedAuthority:{code:Nt,desc:$t[Nt]},missingSshJwk:{code:Ut,desc:$t[Ut]},missingSshKid:{code:Lt,desc:$t[Lt]},missingNonceAuthenticationHeader:{code:Ht,desc:$t[Ht]},invalidAuthenticationHeader:{code:xt,desc:$t[xt]},cannotSetOIDCOptions:{code:Dt,desc:$t[Dt]},cannotAllowPlatformBroker:{code:Bt,desc:$t[Bt]},authorityMismatch:{code:Ft,desc:$t[Ft]},invalidAuthorizePostBodyParameters:{code:Kt,desc:$t[Kt]},invalidRequestMethodForEAR:{code:zt,desc:$t[zt]}};class jt extends Ce{constructor(e){super(e,$t[e]),this.name="ClientConfigurationError",Object.setPrototypeOf(this,jt.prototype)}}function Wt(e){return new jt(e)}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Vt{static isEmptyObj(e){if(e)try{const t=JSON.parse(e);return 0===Object.keys(t).length}catch(e){}return!0}static startsWith(e,t){return 0===e.indexOf(t)}static endsWith(e,t){return e.length>=t.length&&e.lastIndexOf(t)===e.length-t.length}static queryStringToObject(e){const t={},r=e.split("&"),n=e=>decodeURIComponent(e.replace(/\+/g," "));return r.forEach((e=>{if(e.trim()){const[r,o]=e.split(/=(.+)/g,2);r&&o&&(t[n(r)]=n(o))}})),t}static trimArrayEntries(e){return e.map((e=>e.trim()))}static removeEmptyStringsFromArray(e){return e.filter((e=>!!e))}static jsonParseHelper(e){try{return JSON.parse(e)}catch(e){return null}}static matchPattern(e,t){return new RegExp(e.replace(/\\/g,"\\\\").replace(/\*/g,"[^ ]*").replace(/\?/g,"\\?")).test(t)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Jt{constructor(e){const t=e?Vt.trimArrayEntries([...e]):[],r=t?Vt.removeEmptyStringsFromArray(t):[];if(!r||!r.length)throw Wt(bt);this.scopes=new Set,r.forEach((e=>this.scopes.add(e)))}static fromString(e){const r=(e||t.EMPTY_STRING).split(" ");return new Jt(r)}static createSearchScopes(e){const r=e&&e.length>0?e:[...h],n=new Jt(r);return n.containsOnlyOIDCScopes()?n.removeScope(t.OFFLINE_ACCESS_SCOPE):n.removeOIDCScopes(),n}containsScope(e){const t=this.printScopesLowerCase().split(" "),r=new Jt(t);return!!e&&r.scopes.has(e.toLowerCase())}containsScopeSet(e){return!(!e||e.scopes.size<=0)&&(this.scopes.size>=e.scopes.size&&e.asArray().every((e=>this.containsScope(e))))}containsOnlyOIDCScopes(){let e=0;return d.forEach((t=>{this.containsScope(t)&&(e+=1)})),this.scopes.size===e}appendScope(e){e&&this.scopes.add(e.trim())}appendScopes(e){try{e.forEach((e=>this.appendScope(e)))}catch(e){throw pt(De)}}removeScope(e){if(!e)throw pt(xe);this.scopes.delete(e.trim())}removeOIDCScopes(){d.forEach((e=>{this.scopes.delete(e)}))}unionScopeSets(e){if(!e)throw pt(Be);const t=new Set;return e.scopes.forEach((e=>t.add(e.toLowerCase()))),this.scopes.forEach((e=>t.add(e.toLowerCase()))),t}intersectingScopeSets(e){if(!e)throw pt(Be);e.containsOnlyOIDCScopes()||e.removeOIDCScopes();const t=this.unionScopeSets(e),r=e.getScopeCount(),n=this.getScopeCount();return t.size<n+r}getScopeCount(){return this.scopes.size}asArray(){const e=[];return this.scopes.forEach((t=>e.push(t))),e}printScopes(){if(this.scopes){return this.asArray().join(" ")}return t.EMPTY_STRING}printScopesLowerCase(){return this.printScopes().toLowerCase()}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function Yt(e,t){return!!e&&!!t&&e===t.split(".")[1]}function Xt(e,t,r,n){if(n){const{oid:t,sub:r,tid:o,name:i,tfp:s,acr:a,preferred_username:c,upn:l,login_hint:h}=n,d=o||s||a||"";return{tenantId:d,localAccountId:t||r||"",name:i,username:c||l||"",loginHint:h,isHomeTenant:Yt(d,e)}}return{tenantId:r,localAccountId:t,username:"",isHomeTenant:Yt(r,e)}}function Zt(e,t,r,n){let o=e;if(t){const{isHomeTenant:r,...n}=t;o={...e,...n}}if(r){const{isHomeTenant:t,...i}=Xt(e.homeAccountId,e.localAccountId,e.tenantId,r);return o={...o,...i,idTokenClaims:r,idToken:n},o}return o}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function er(e,t){const r=function(e){if(!e)throw pt(Ae);const t=/^([^\.\s]*)\.([^\.\s]+)\.([^\.\s]*)$/.exec(e);if(!t||t.length<4)throw pt(Te);return t[2]}(e);try{const e=t(r);return JSON.parse(e)}catch(e){throw pt(Te)}}function tr(e,t){if(0===t||Date.now()-3e5>e+t)throw pt(qe)}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function rr(e){if(!e)return e;let t=e.toLowerCase();return Vt.endsWith(t,"?")?t=t.slice(0,-1):Vt.endsWith(t,"?/")&&(t=t.slice(0,-2)),Vt.endsWith(t,"/")||(t+="/"),t}function nr(e){return e.startsWith("#/")?e.substring(2):e.startsWith("#")||e.startsWith("?")?e.substring(1):e}function or(e){if(!e||e.indexOf("=")<0)return null;try{const t=nr(e),r=Object.fromEntries(new URLSearchParams(t));if(r.code||r.ear_jwe||r.error||r.error_description||r.state)return r}catch(e){throw pt(Ee)}return null}function ir(e,t=!0,r){const n=new Array;return e.forEach(((e,o)=>{!t&&r&&o in r?n.push(`${o}=${e}`):n.push(`${o}=${encodeURIComponent(e)}`)})),n.join("&")}function sr(e){if(!e)return e;const t=e.split("#")[0];try{const e=new URL(t);return rr(e.origin+e.pathname+e.search)}catch(e){return rr(t)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class ar{get urlString(){return this._urlString}constructor(e){if(this._urlString=e,!this._urlString)throw Wt(St);e.includes("#")||(this._urlString=ar.canonicalizeUri(e))}static canonicalizeUri(e){if(e){let t=e.toLowerCase();return Vt.endsWith(t,"?")?t=t.slice(0,-1):Vt.endsWith(t,"?/")&&(t=t.slice(0,-2)),Vt.endsWith(t,"/")||(t+="/"),t}return e}validateAsUri(){let e;try{e=this.getUrlComponents()}catch(e){throw Wt(kt)}if(!e.HostNameAndPort||!e.PathSegments)throw Wt(kt);if(!e.Protocol||"https:"!==e.Protocol.toLowerCase())throw Wt(At)}static appendQueryString(e,t){return t?e.indexOf("?")<0?`${e}?${t}`:`${e}&${t}`:e}static removeHashFromUrl(e){return ar.canonicalizeUri(e.split("#")[0])}replaceTenantPath(e){const t=this.getUrlComponents(),r=t.PathSegments;return!e||0===r.length||r[0]!==I&&r[0]!==T||(r[0]=e),ar.constructAuthorityUriFromObject(t)}getUrlComponents(){const e=RegExp("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"),t=this.urlString.match(e);if(!t)throw Wt(kt);const r={Protocol:t[1],HostNameAndPort:t[4],AbsolutePath:t[5],QueryString:t[7]};let n=r.AbsolutePath.split("/");return n=n.filter((e=>e&&e.length>0)),r.PathSegments=n,r.QueryString&&r.QueryString.endsWith("/")&&(r.QueryString=r.QueryString.substring(0,r.QueryString.length-1)),r}static getDomainFromUrl(e){const t=RegExp("^([^:/?#]+://)?([^/?#]*)"),r=e.match(t);if(!r)throw Wt(kt);return r[2]}static getAbsoluteUrl(e,r){if(e[0]===t.FORWARD_SLASH){const t=new ar(r).getUrlComponents();return t.Protocol+"//"+t.HostNameAndPort+e}return e}static constructAuthorityUriFromObject(e){return new ar(e.Protocol+"//"+e.HostNameAndPort+"/"+e.PathSegments.join("/"))}static hashContainsKnownProperties(e){return!!or(e)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const cr={"login.microsoftonline.com":{token_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.com/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.com/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/logout"},"login.chinacloudapi.cn":{token_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.chinacloudapi.cn/{tenantid}/discovery/v2.0/keys",issuer:"https://login.partner.microsoftonline.cn/{tenantid}/v2.0",authorization_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.chinacloudapi.cn/{tenantid}/oauth2/v2.0/logout"},"login.microsoftonline.us":{token_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/token",jwks_uri:"https://login.microsoftonline.us/{tenantid}/discovery/v2.0/keys",issuer:"https://login.microsoftonline.us/{tenantid}/v2.0",authorization_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/authorize",end_session_endpoint:"https://login.microsoftonline.us/{tenantid}/oauth2/v2.0/logout"}},lr={metadata:[{preferred_network:"login.microsoftonline.com",preferred_cache:"login.windows.net",aliases:["login.microsoftonline.com","login.windows.net","login.microsoft.com","sts.windows.net"]},{preferred_network:"login.partner.microsoftonline.cn",preferred_cache:"login.partner.microsoftonline.cn",aliases:["login.partner.microsoftonline.cn","login.chinacloudapi.cn"]},{preferred_network:"login.microsoftonline.de",preferred_cache:"login.microsoftonline.de",aliases:["login.microsoftonline.de"]},{preferred_network:"login.microsoftonline.us",preferred_cache:"login.microsoftonline.us",aliases:["login.microsoftonline.us","login.usgovcloudapi.net"]},{preferred_network:"login-us.microsoftonline.com",preferred_cache:"login-us.microsoftonline.com",aliases:["login-us.microsoftonline.com"]}]},hr=new Set;function dr(e,t,r,n){if(n?.trace(`getAliasesFromMetadata called with source: ${r}`),e&&t){const o=ur(t,e);if(o)return n?.trace(`getAliasesFromMetadata: found cloud discovery metadata in ${r}, returning aliases`),o.aliases;n?.trace(`getAliasesFromMetadata: did not find cloud discovery metadata in ${r}`)}return null}function ur(e,t){for(let r=0;r<e.length;r++){const n=e[r];if(n.aliases.includes(t))return n}return null}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */lr.metadata.forEach((e=>{e.aliases.forEach((e=>{hr.add(e)}))}));const gr="cache_quota_exceeded",pr="cache_error_unknown",mr={[gr]:"Exceeded cache storage capacity.",[pr]:"Unexpected error occurred when using cache storage."};class fr extends Ce{constructor(e,t){const r=t||(mr[e]?mr[e]:mr[pr]);super(`${e}: ${r}`),Object.setPrototypeOf(this,fr.prototype),this.name="CacheError",this.errorCode=e,this.errorMessage=r}}function yr(e){return e instanceof Error?"QuotaExceededError"===e.name||"NS_ERROR_DOM_QUOTA_REACHED"===e.name||e.message.includes("exceeded the quota")?new fr(gr):new fr(e.name,e.message):new fr(pr)}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Cr{constructor(e,t,r,n,o){this.clientId=e,this.cryptoImpl=t,this.commonLogger=r.clone(Ct,vt),this.staticAuthorityOptions=o,this.performanceClient=n}getAllAccounts(e,t){return this.buildTenantProfiles(this.getAccountsFilteredBy(e,t),t,e)}getAccountInfoFilteredBy(e,t){if(0===Object.keys(e).length||Object.values(e).every((e=>!e)))return this.commonLogger.warning("getAccountInfoFilteredBy: Account filter is empty or invalid, returning null"),null;const r=this.getAllAccounts(e,t);if(r.length>1){return r.sort((e=>e.idTokenClaims?-1:1))[0]}return 1===r.length?r[0]:null}getBaseAccountInfo(e,t){const r=this.getAccountsFilteredBy(e,t);return r.length>0?r[0].getAccountInfo():null}buildTenantProfiles(e,t,r){return e.flatMap((e=>this.getTenantProfilesFromAccountEntity(e,t,r?.tenantId,r)))}getTenantedAccountInfoByFilter(e,t,r,n,o){let i,s=null;if(o&&!this.tenantProfileMatchesFilter(r,o))return null;const a=this.getIdToken(e,n,t,r.tenantId);return a&&(i=er(a.secret,this.cryptoImpl.base64Decode),!this.idTokenClaimsMatchTenantProfileFilter(i,o))?null:(s=Zt(e,r,i,a?.secret),s)}getTenantProfilesFromAccountEntity(e,t,r,n){const o=e.getAccountInfo();let i=o.tenantProfiles||new Map;const s=this.getTokenKeys();if(r){const e=i.get(r);if(!e)return[];i=new Map([[r,e]])}const a=[];return i.forEach((e=>{const r=this.getTenantedAccountInfoByFilter(o,s,e,t,n);r&&a.push(r)})),a}tenantProfileMatchesFilter(e,t){return!(t.localAccountId&&!this.matchLocalAccountIdFromTenantProfile(e,t.localAccountId))&&((!t.name||e.name===t.name)&&(void 0===t.isHomeTenant||e.isHomeTenant===t.isHomeTenant))}idTokenClaimsMatchTenantProfileFilter(e,t){if(t){if(t.localAccountId&&!this.matchLocalAccountIdFromTokenClaims(e,t.localAccountId))return!1;if(t.loginHint&&!this.matchLoginHintFromTokenClaims(e,t.loginHint))return!1;if(t.username&&!this.matchUsername(e.preferred_username,t.username))return!1;if(t.name&&!this.matchName(e,t.name))return!1;if(t.sid&&!this.matchSid(e,t.sid))return!1}return!0}async saveCacheRecord(e,t,r){if(!e)throw pt($e);try{e.account&&await this.setAccount(e.account,t),e.idToken&&!1!==r?.idToken&&await this.setIdTokenCredential(e.idToken,t),e.accessToken&&!1!==r?.accessToken&&await this.saveAccessToken(e.accessToken,t),e.refreshToken&&!1!==r?.refreshToken&&await this.setRefreshTokenCredential(e.refreshToken,t),e.appMetadata&&this.setAppMetadata(e.appMetadata,t)}catch(e){throw this.commonLogger?.error("CacheManager.saveCacheRecord: failed"),e instanceof Ce?e:yr(e)}}async saveAccessToken(e,t){const r={clientId:e.clientId,credentialType:e.credentialType,environment:e.environment,homeAccountId:e.homeAccountId,realm:e.realm,tokenType:e.tokenType,requestedClaimsHash:e.requestedClaimsHash},n=this.getTokenKeys(),o=Jt.fromString(e.target);n.accessToken.forEach((e=>{if(!this.accessTokenKeyMatchesFilter(e,r,!1))return;const n=this.getAccessTokenCredential(e,t);if(n&&this.credentialMatchesFilter(n,r)){Jt.fromString(n.target).intersectingScopeSets(o)&&this.removeAccessToken(e,t)}})),await this.setAccessTokenCredential(e,t)}getAccountsFilteredBy(e,t){const r=this.getAccountKeys(),n=[];return r.forEach((r=>{const o=this.getAccount(r,t);if(!o)return;if(e.homeAccountId&&!this.matchHomeAccountId(o,e.homeAccountId))return;if(e.username&&!this.matchUsername(o.username,e.username))return;if(e.environment&&!this.matchEnvironment(o,e.environment))return;if(e.realm&&!this.matchRealm(o,e.realm))return;if(e.nativeAccountId&&!this.matchNativeAccountId(o,e.nativeAccountId))return;if(e.authorityType&&!this.matchAuthorityType(o,e.authorityType))return;const i={localAccountId:e?.localAccountId,name:e?.name},s=o.tenantProfiles?.filter((e=>this.tenantProfileMatchesFilter(e,i)));s&&0===s.length||n.push(o)})),n}credentialMatchesFilter(e,t){if(t.clientId&&!this.matchClientId(e,t.clientId))return!1;if(t.userAssertionHash&&!this.matchUserAssertionHash(e,t.userAssertionHash))return!1;if("string"==typeof t.homeAccountId&&!this.matchHomeAccountId(e,t.homeAccountId))return!1;if(t.environment&&!this.matchEnvironment(e,t.environment))return!1;if(t
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const wr={AAD:"AAD",OIDC:"OIDC",EAR:"EAR"},Ir={AcquireTokenByCode:"acquireTokenByCode",AcquireTokenByRefreshToken:"acquireTokenByRefreshToken",AcquireTokenSilent:"acquireTokenSilent",AcquireTokenSilentAsync:"acquireTokenSilentAsync",AcquireTokenPopup:"acquireTokenPopup",AcquireTokenPreRedirect:"acquireTokenPreRedirect",AcquireTokenRedirect:"acquireTokenRedirect",CryptoOptsGetPublicKeyThumbprint:"cryptoOptsGetPublicKeyThumbprint",CryptoOptsSignJwt:"cryptoOptsSignJwt",SilentCacheClientAcquireToken:"silentCacheClientAcquireToken",SilentIframeClientAcquireToken:"silentIframeClientAcquireToken",AwaitConcurrentIframe:"awaitConcurrentIframe",SilentRefreshClientAcquireToken:"silentRefreshClientAcquireToken",SsoSilent:"ssoSilent",StandardInteractionClientGetDiscoveredAuthority:"standardInteractionClientGetDiscoveredAuthority",FetchAccountIdWithNativeBroker:"fetchAccountIdWithNativeBroker",NativeInteractionClientAcquireToken:"nativeInteractionClientAcquireToken",BaseClientCreateTokenRequestHeaders:"baseClientCreateTokenRequestHeaders",NetworkClientSendPostRequestAsync:"networkClientSendPostRequestAsync",RefreshTokenClientExecutePostToTokenEndpoint:"refreshTokenClientExecutePostToTokenEndpoint",AuthorizationCodeClientExecutePostToTokenEndpoint:"authorizationCodeClientExecutePostToTokenEndpoint",BrokerHandhshake:"brokerHandshake",AcquireTokenByRefreshTokenInBroker:"acquireTokenByRefreshTokenInBroker",AcquireTokenByBroker:"acquireTokenByBroker",RefreshTokenClientExecuteTokenRequest:"refreshTokenClientExecuteTokenRequest",RefreshTokenClientAcquireToken:"refreshTokenClientAcquireToken",RefreshTokenClientAcquireTokenWithCachedRefreshToken:"refreshTokenClientAcquireTokenWithCachedRefreshToken",RefreshTokenClientAcquireTokenByRefreshToken:"refreshTokenClientAcquireTokenByRefreshToken",RefreshTokenClientCreateTokenRequestBody:"refreshTokenClientCreateTokenRequestBody",AcquireTokenFromCache:"acquireTokenFromCache",SilentFlowClientAcquireCachedToken:"silentFlowClientAcquireCachedToken",SilentFlowClientGenerateResultFromCacheRecord:"silentFlowClientGenerateResultFromCacheRecord",AcquireTokenBySilentIframe:"acquireTokenBySilentIframe",InitializeBaseRequest:"initializeBaseRequest",InitializeSilentRequest:"initializeSilentRequest",InitializeClientApplication:"initializeClientApplication",InitializeCache:"initializeCache",SilentIframeClientTokenHelper:"silentIframeClientTokenHelper",SilentHandlerInitiateAuthRequest:"silentHandlerInitiateAuthRequest",SilentHandlerMonitorIframeForHash:"silentHandlerMonitorIframeForHash",SilentHandlerLoadFrame:"silentHandlerLoadFrame",SilentHandlerLoadFrameSync:"silentHandlerLoadFrameSync",StandardInteractionClientCreateAuthCodeClient:"standardInteractionClientCreateAuthCodeClient",StandardInteractionClientGetClientConfiguration:"standardInteractionClientGetClientConfiguration",StandardInteractionClientInitializeAuthorizationRequest:"standardInteractionClientInitializeAuthorizationRequest",GetAuthCodeUrl:"getAuthCodeUrl",GetStandardParams:"getStandardParams",HandleCodeResponseFromServer:"handleCodeResponseFromServer",HandleCodeResponse:"handleCodeResponse",HandleResponseEar:"handleResponseEar",HandleResponsePlatformBroker:"handleResponsePlatformBroker",HandleResponseCode:"handleResponseCode",UpdateTokenEndpointAuthority:"updateTokenEndpointAuthority",AuthClientAcquireToken:"authClientAcquireToken",AuthClientExecuteTokenRequest:"authClientExecuteTokenRequest",AuthClientCreateTokenRequestBody:"authClientCreateTokenRequestBody",PopTokenGenerateCnf:"popTokenGenerateCnf",PopTokenGenerateKid:"popTokenGenerateKid",HandleServerTokenResponse:"handleServerTokenResponse",DeserializeResponse:"deserializeResponse",AuthorityFactoryCreateDiscoveredInstance:"authorityFactoryCreateDiscoveredInstance",AuthorityResolveEndpointsAsync:"authorityResolveEndpointsAsync",AuthorityResolveEndpointsFromLocalSources:"authorityResolveEndpointsFromLocalSources",AuthorityGetCloudDiscoveryMetadataFromNetwork:"authorityGetCloudDiscoveryMetadataFromNetwork",AuthorityUpdateCloudDiscoveryMetadata:"authority
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
class br{startMeasurement(){}endMeasurement(){}flushMeasurement(){return null}}class Er{generateId(){return"callback-id"}startMeasurement(e,t){return{end:()=>null,discard:()=>{},add:()=>{},increment:()=>{},event:{eventId:this.generateId(),status:Ar,authority:"",libraryName:"",libraryVersion:"",clientId:"",name:e,startTimeMs:Date.now(),correlationId:t||""},measurement:new br}}startPerformanceMeasurement(){return new br}calculateQueuedTime(){return 0}addQueueMeasurement(){}setPreQueueTime(){}endMeasurement(){return null}discardMeasurements(){}removePerformanceCallback(){return!0}addPerformanceCallback(){return""}emitEvents(){}addFields(){}incrementFields(){}cacheEventByCorrelationId(){}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const Rr={tokenRenewalOffsetSeconds:300,preventCorsPreflight:!1},_r={loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:e.LogLevel.Info,correlationId:t.EMPTY_STRING},Pr={claimsBasedCachingEnabled:!1},Mr={async sendGetRequestAsync(){throw pt(ct)},async sendPostRequestAsync(){throw pt(ct)}},Or={sku:t.SKU,version:vt,cpu:t.EMPTY_STRING,os:t.EMPTY_STRING},qr={clientSecret:t.EMPTY_STRING,clientAssertion:void 0},Nr={azureCloudInstance:wt.None,tenant:`${t.DEFAULT_COMMON_TENANT}`},Ur={application:{appName:"",appVersion:""}};function Lr(e){return e.authOptions.authority.options.protocolMode===wr.OIDC}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const Hr="home_account_id",xr="UPN";
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function Dr(e,t){if(!e)throw pt(Ie);try{const r=t(e);return JSON.parse(r)}catch(e){throw pt(we)}}function Br(e){if(!e)throw pt(we);const r=e.split(H,2);return{uid:r[0],utid:r.length<2?t.EMPTY_STRING:r[1]}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const Fr="client_id",zr="redirect_uri",Kr="token_type",Gr="req_cnf",$r="return_spa_code",Qr="x-client-xtra-sku",jr="brk_client_id",Wr="brk_redirect_uri",Vr="instance_aware";
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
function Jr(e,t,r){if(!t)return;const n=e.get(Fr);n&&e.has(jr)&&r?.addFields({embeddedClientId:n,embeddedRedirectUri:e.get(zr)},t)}function Yr(e,t){e.set("response_type",t)}function Xr(e,t,r=!0,n=h){!r||n.includes("openid")||t.includes("openid")||n.push("openid");const o=r?[...t||[],...n]:t||[],i=new Jt(o);e.set("scope",i.printScopes())}function Zr(e,t){e.set(Fr,t)}function en(e,t){e.set(zr,t)}function tn(e,t){e.set("login_hint",t)}function rn(e,t){e.set(m,`UPN:${t}`)}function nn(e,t){e.set(m,`Oid:${t.uid}@${t.utid}`)}function on(e,t){e.set("sid",t)}function sn(e,t,r){const n=vn(t,r);try{JSON.parse(n)}catch(e){throw Wt(Et)}e.set("claims",n)}function an(e,t){e.set("client-request-id",t)}function cn(e,t){e.set("x-client-SKU",t.sku),e.set("x-client-VER",t.version),t.os&&e.set("x-client-OS",t.os),t.cpu&&e.set("x-client-CPU",t.cpu)}function ln(e,t){t?.appName&&e.set("x-app-name",t.appName),t?.appVersion&&e.set("x-app-ver",t.appVersion)}function hn(e,t){t&&e.set("state",t)}function dn(e,t,r){if(!t||!r)throw Wt(Mt);e.set("code_challenge",t),e.set("code_challenge_method",r)}function un(e,t){e.set("client_secret",t)}function gn(e,t){t&&e.set("client_assertion",t)}function pn(e,t){t&&e.set("client_assertion_type",t)}function mn(e,t){e.set("grant_type",t)}function fn(e){e.set("client_info","1")}function yn(e){e.has(Vr)||e.set(Vr,"true")}function Cn(e,t){Object.entries(t).forEach((([t,r])=>{!e.has(t)&&r&&e.set(t,r)}))}function vn(e,t){let r;if(e)try{r=JSON.parse(e)}catch(e){throw Wt(Et)}else r={};return t&&t.length>0&&(r.hasOwnProperty(k)||(r[k]={}),r[k][S]={values:t}),JSON.stringify(r)}function wn(e,t){t&&(e.set(Kr,W.POP),e.set(Gr,t))}function In(e,t){t&&(e.set(Kr,W.SSH),e.set(Gr,t))}function Tn(e,t){e.set("x-client-current-telemetry",t.generateCurrentRequestHeaderValue()),e.set("x-client-last-telemetry",t.generateLastRequestHeaderValue())}function An(e){e.set("x-ms-lib-capability",X)}function kn(e,t,r){e.has(jr)||e.set(jr,t),e.has(Wr)||e.set(Wr,r)}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
const Sn=0,bn=1,En=2,Rn=3;
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
const _n=(e,t,r,n,o)=>(...i)=>{r.trace(`Executing function ${t}`);const s=n?.startMeasurement(t,o);if(o){const e=t+"CallCount";n?.incrementFields({[e]:1},o)}try{const n=e(...i);return s?.end({success:!0}),r.trace(`Returning result from ${t}`),n}catch(e){r.trace(`Error occurred in ${t}`);try{r.trace(JSON.stringify(e))}catch(e){r.trace("Unable to print error message.")}throw s?.end({success:!1},e),e}},Pn=(e,t,r,n,o)=>(...i)=>{r.trace(`Executing function ${t}`);const s=n?.startMeasurement(t,o);if(o){const e=t+"CallCount";n?.incrementFields({[e]:1},o)}return n?.setPreQueueTime(t,o),e(...i).then((e=>(r.trace(`Returning result from ${t}`),s?.end({success:!0}),e))).catch((e=>{r.trace(`Error occurred in ${t}`);try{r.trace(JSON.stringify(e))}catch(e){r.trace("Unable to print error message.")}throw s?.end({success:!1},e),e}))};
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
class Mn{constructor(e,t,r,n){this.networkInterface=e,this.logger=t,this.performanceClient=r,this.correlationId=n}async detectRegion(e,n){this.performanceClient?.addQueueMeasurement(Ir.RegionDiscoveryDetectRegion,this.correlationId);let i=e;if(i)n.region_source=re;else{const e=Mn.IMDS_OPTIONS;try{const s=await Pn(this.getRegionFromIMDS.bind(this),Ir.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(t.IMDS_VERSION,e);if(s.status===r&&(i=s.body,n.region_source=ne),s.status===o){const t=await Pn(this.getCurrentVersion.bind(this),Ir.RegionDiscoveryGetCurrentVersion,this.logger,this.performanceClient,this.correlationId)(e);if(!t)return n.region_source=te,null;const o=await Pn(this.getRegionFromIMDS.bind(this),Ir.RegionDiscoveryGetRegionFromIMDS,this.logger,this.performanceClient,this.correlationId)(t,e);o.status===r&&(i=o.body,n.region_source=ne)}}catch(e){return n.region_source=te,null}}return i||(n.region_source=te),i||null}async getRegionFromIMDS(e,r){return this.performanceClient?.addQueueMeasurement(Ir.RegionDiscoveryGetRegionFromIMDS,this.correlationId),this.networkInterface.sendGetRequestAsync(`${t.IMDS_ENDPOINT}?api-version=${e}&format=text`,r,t.IMDS_TIMEOUT)}async getCurrentVersion(e){this.performanceClient?.addQueueMeasurement(Ir.RegionDiscoveryGetCurrentVersion,this.correlationId);try{const r=await this.networkInterface.sendGetRequestAsync(`${t.IMDS_ENDPOINT}?format=json`,e);return r.status===o&&r.body&&r.body["newest-versions"]&&r.body["newest-versions"].length>0?r.body["newest-versions"][0]:null}catch(e){return null}}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */
|
||
|
|
function On(){return Math.round((new Date).getTime()/1e3)}function qn(e){return e.getTime()/1e3}function Nn(e){return e?new Date(1e3*Number(e)):new Date}function Un(e,t){const r=Number(e)||0;return On()+t>r}function Ln(e,t){const r=Number(e)+24*t*60*60*1e3;return Date.now()>r}function Hn(e){return Number(e)>On()}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function xn(e,t,r,n,o){return{credentialType:x.ID_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,realm:o,lastUpdatedAt:Date.now().toString()}}function Dn(e,t,r,n,o,i,s,a,c,l,h,d,u,g,p){const m={homeAccountId:e,credentialType:x.ACCESS_TOKEN,secret:r,cachedAt:On().toString(),expiresOn:s.toString(),extendedExpiresOn:a.toString(),environment:t,clientId:n,realm:o,target:i,tokenType:h||W.BEARER,lastUpdatedAt:Date.now().toString()};if(d&&(m.userAssertionHash=d),l&&(m.refreshOn=l.toString()),g&&(m.requestedClaims=g,m.requestedClaimsHash=p),m.tokenType?.toLowerCase()!==W.BEARER.toLowerCase())switch(m.credentialType=x.ACCESS_TOKEN_WITH_AUTH_SCHEME,m.tokenType){case W.POP:const e=er(r,c);if(!e?.cnf?.kid)throw pt(et);m.keyId=e.cnf.kid;break;case W.SSH:m.keyId=u}return m}function Bn(e,t,r,n,o,i,s){const a={credentialType:x.REFRESH_TOKEN,homeAccountId:e,environment:t,clientId:n,secret:r,lastUpdatedAt:Date.now().toString()};return i&&(a.userAssertionHash=i),o&&(a.familyId=o),s&&(a.expiresOn=s.toString()),a}function Fn(e){return e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("credentialType")&&e.hasOwnProperty("clientId")&&e.hasOwnProperty("secret")}function zn(e){return!!e&&(Fn(e)&&e.hasOwnProperty("realm")&&e.hasOwnProperty("target")&&(e.credentialType===x.ACCESS_TOKEN||e.credentialType===x.ACCESS_TOKEN_WITH_AUTH_SCHEME))}function Kn(e){return!!e&&(Fn(e)&&e.credentialType===x.REFRESH_TOKEN)}function Gn(){return On()+z}function $n(e,t,r){e.authorization_endpoint=t.authorization_endpoint,e.token_endpoint=t.token_endpoint,e.end_session_endpoint=t.end_session_endpoint,e.issuer=t.issuer,e.endpointsFromNetwork=r,e.jwks_uri=t.jwks_uri}function Qn(e,t,r){e.aliases=t.aliases,e.preferred_cache=t.preferred_cache,e.preferred_network=t.preferred_network,e.aliasesFromNetwork=r}function jn(e){return e.expiresAt<=On()}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */Mn.IMDS_OPTIONS={headers:{Metadata:"true"}};class Wn{constructor(e,t,r,n,o,i,s,a){this.canonicalAuthority=e,this._canonicalAuthority.validateAsUri(),this.networkInterface=t,this.cacheManager=r,this.authorityOptions=n,this.regionDiscoveryMetadata={region_used:void 0,region_source:void 0,region_outcome:void 0},this.logger=o,this.performanceClient=s,this.correlationId=i,this.managedIdentity=a||!1,this.regionDiscovery=new Mn(t,this.logger,this.performanceClient,this.correlationId)}getAuthorityType(e){if(e.HostNameAndPort.endsWith(t.CIAM_AUTH_URL))return Rn;const r=e.PathSegments;if(r.length)switch(r[0].toLowerCase()){case t.ADFS:return bn;case t.DSTS:return En}return Sn}get authorityType(){return this.getAuthorityType(this.canonicalAuthorityUrlComponents)}get protocolMode(){return this.authorityOptions.protocolMode}get options(){return this.authorityOptions}get canonicalAuthority(){return this._canonicalAuthority.urlString}set canonicalAuthority(e){this._canonicalAuthority=new ar(e),this._canonicalAuthority.validateAsUri(),this._canonicalAuthorityUrlComponents=null}get canonicalAuthorityUrlComponents(){return this._canonicalAuthorityUrlComponents||(this._canonicalAuthorityUrlComponents=this._canonicalAuthority.getUrlComponents()),this._canonicalAuthorityUrlComponents}get hostnameAndPort(){return this.canonicalAuthorityUrlComponents.HostNameAndPort.toLowerCase()}get tenant(){return this.canonicalAuthorityUrlComponents.PathSegments[0]}get authorizationEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.authorization_endpoint);throw pt(ke)}get tokenEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint);throw pt(ke)}get deviceCodeEndpoint(){if(this.discoveryComplete())return this.replacePath(this.metadata.token_endpoint.replace("/token","/devicecode"));throw pt(ke)}get endSessionEndpoint(){if(this.discoveryComplete()){if(!this.metadata.end_session_endpoint)throw pt(nt);return this.replacePath(this.metadata.end_session_endpoint)}throw pt(ke)}get selfSignedJwtAudience(){if(this.discoveryComplete())return this.replacePath(this.metadata.issuer);throw pt(ke)}get jwksUri(){if(this.discoveryComplete())return this.replacePath(this.metadata.jwks_uri);throw pt(ke)}canReplaceTenant(e){return 1===e.PathSegments.length&&!Wn.reservedTenantDomains.has(e.PathSegments[0])&&this.getAuthorityType(e)===Sn&&this.protocolMode!==wr.OIDC}replaceTenant(e){return e.replace(/{tenant}|{tenantid}/g,this.tenant)}replacePath(e){let t=e;const r=new ar(this.metadata.canonical_authority).getUrlComponents(),n=r.PathSegments;return this.canonicalAuthorityUrlComponents.PathSegments.forEach(((e,o)=>{let i=n[o];if(0===o&&this.canReplaceTenant(r)){const e=new ar(this.metadata.authorization_endpoint).getUrlComponents().PathSegments[0];i!==e&&(this.logger.verbose(`Replacing tenant domain name ${i} with id ${e}`),i=e)}e!==i&&(t=t.replace(`/${i}/`,`/${e}/`))})),this.replaceTenant(t)}get defaultOpenIdConfigurationEndpoint(){const e=this.hostnameAndPort;return this.canonicalAuthority.endsWith("v2.0/")||this.authorityType===bn||this.protocolMode===wr.OIDC&&!this.isAliasOfKnownMicrosoftAuthority(e)?`${this.canonicalAuthority}.well-known/openid-configuration`:`${this.canonicalAuthority}v2.0/.well-known/openid-configuration`}discoveryComplete(){return!!this.metadata}async resolveEndpointsAsync(){this.performanceClient?.addQueueMeasurement(Ir.AuthorityResolveEndpointsAsync,this.correlationId);const e=this.getCurrentMetadataEntity(),t=await Pn(this.updateCloudDiscoveryMetadata.bind(this),Ir.AuthorityUpdateCloudDiscoveryMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.canonicalAuthority=this.canonicalAuthority.replace(this.hostnameAndPort,e.preferred_network);const r=await Pn(this.updateEndpointMetadata.bind(this),Ir.AuthorityUpdateEndpointMetadata,this.logger,this.performanceClient,this.correlationId)(e);this.updateCachedMetadata(e,t,{source:r}),this.performanceClient?.addFields({cloudDiscoverySource:t,authorityEndpointSource:r},this.correlationId)}g
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */(r.body);return n?r.body:(this.logger.verbose("Authority.getEndpointMetadataFromNetwork: could not parse response as OpenID configuration"),null)}catch(e){return this.logger.verbose(`Authority.getEndpointMetadataFromNetwork: ${e}`),null}}getEndpointMetadataFromHardcodedValues(){return this.hostnameAndPort in cr?cr[this.hostnameAndPort]:null}async updateMetadataWithRegionalInformation(e){this.performanceClient?.addQueueMeasurement(Ir.AuthorityUpdateMetadataWithRegionalInformation,this.correlationId);const r=this.authorityOptions.azureRegionConfiguration?.azureRegion;if(r){if(r!==t.AZURE_REGION_AUTO_DISCOVER_FLAG)return this.regionDiscoveryMetadata.region_outcome=oe,this.regionDiscoveryMetadata.region_used=r,Wn.replaceWithRegionalInformation(e,r);const n=await Pn(this.regionDiscovery.detectRegion.bind(this.regionDiscovery),Ir.RegionDiscoveryDetectRegion,this.logger,this.performanceClient,this.correlationId)(this.authorityOptions.azureRegionConfiguration?.environmentRegion,this.regionDiscoveryMetadata);if(n)return this.regionDiscoveryMetadata.region_outcome=ie,this.regionDiscoveryMetadata.region_used=n,Wn.replaceWithRegionalInformation(e,n);this.regionDiscoveryMetadata.region_outcome=se}return e}async updateCloudDiscoveryMetadata(e){this.performanceClient?.addQueueMeasurement(Ir.AuthorityUpdateCloudDiscoveryMetadata,this.correlationId);const t=this.updateCloudDiscoveryMetadataFromLocalSources(e);if(t)return t;const r=await Pn(this.getCloudDiscoveryMetadataFromNetwork.bind(this),Ir.AuthorityGetCloudDiscoveryMetadataFromNetwork,this.logger,this.performanceClient,this.correlationId)();if(r)return Qn(e,r,!0),$;throw Wt(Nt)}updateCloudDiscoveryMetadataFromLocalSources(e){this.logger.verbose("Attempting to get cloud discovery metadata from authority configuration"),this.logger.verbosePii(`Known Authorities: ${this.authorityOptions.knownAuthorities||t.NOT_APPLICABLE}`),this.logger.verbosePii(`Authority Metadata: ${this.authorityOptions.authorityMetadata||t.NOT_APPLICABLE}`),this.logger.verbosePii(`Canonical Authority: ${e.canonical_authority||t.NOT_APPLICABLE}`);const r=this.getCloudDiscoveryMetadataFromConfig();if(r)return this.logger.verbose("Found cloud discovery metadata in authority configuration"),Qn(e,r,!1),K;if(this.logger.verbose("Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values."),this.options.skipAuthorityMetadataCache)this.logger.verbose("Skipping hardcoded cloud discovery metadata cache since skipAuthorityMetadataCache is set to true. Attempting to get cloud discovery metadata from the network metadata cache.");else{const t=(n=this.hostnameAndPort,ur(lr.metadata,n));if(t)return this.logger.verbose("Found cloud discovery metadata from hardcoded values."),Qn(e,t,!1),Q;this.logger.verbose("Did not find cloud discovery metadata in hardcoded values... Attempting to get cloud discovery metadata from the network metadata cache.")}var n;const o=jn(e);return this.isAuthoritySameType(e)&&e.aliasesFromNetwork&&!o?(this.logger.verbose("Found cloud discovery metadata in the cache."),G):(o&&this.logger.verbose("The metadata entity is expired."),null)}getCloudDiscoveryMetadataFromConfig(){if(this.authorityType===Rn)return this.logger.verbose("CIAM authorities do not support cloud discovery metadata, generate the aliases from authority host."),Wn.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort);if(this.authorityOptions.cloudDiscoveryMetadata){this.logger.verbose("The cloud discovery metadata has been provided as a network response, in the config.");try{this.logger.verbose("Attempting to parse the cloud discovery metadata.");const e=ur(JSON.parse(this.authorityOptions.cloudDiscoveryMetadata).metadata,this.hostnameAndPort);if(this.logger.verbose("Parsed the cloud discovery metadata."),e)return this.logger.verbose("There is returnable metadata attached to the parsed cloud discovery metadata."),e;this.logger.verbose("There is no metadata attached to the parsed cloud discovery metadata.")}catch(e){throw this.
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */(o.body))i=o.body,s=i.metadata,this.logger.verbosePii(`tenant_discovery_endpoint is: ${i.tenant_discovery_endpoint}`);else{if(!function(e){return e.hasOwnProperty("error")&&e.hasOwnProperty("error_description")}(o.body))return this.logger.error("AAD did not return a CloudInstanceDiscoveryResponse or CloudInstanceDiscoveryErrorResponse"),null;if(this.logger.warning(`A CloudInstanceDiscoveryErrorResponse was returned. The cloud instance discovery network request's status code is: ${o.status}`),i=o.body,i.error===t.INVALID_INSTANCE)return this.logger.error("The CloudInstanceDiscoveryErrorResponse error is invalid_instance."),null;this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error is ${i.error}`),this.logger.warning(`The CloudInstanceDiscoveryErrorResponse error description is ${i.error_description}`),this.logger.warning("Setting the value of the CloudInstanceDiscoveryMetadata (returned from the network) to []"),s=[]}this.logger.verbose("Attempting to find a match between the developer's authority and the CloudInstanceDiscoveryMetadata returned from the network request."),n=ur(s,this.hostnameAndPort)}catch(e){if(e instanceof Ce)this.logger.error(`There was a network error while attempting to get the cloud discovery instance metadata.\nError: ${e.errorCode}\nError Description: ${e.errorMessage}`);else{const t=e;this.logger.error(`A non-MSALJS error was thrown while attempting to get the cloud instance discovery metadata.\nError: ${t.name}\nError Description: ${t.message}`)}return null}return n||(this.logger.warning("The developer's authority was not found within the CloudInstanceDiscoveryMetadata returned from the network request."),this.logger.verbose("Creating custom Authority for custom domain scenario."),n=Wn.createCloudDiscoveryMetadataFromHost(this.hostnameAndPort)),n}isInKnownAuthorities(){return this.authorityOptions.knownAuthorities.filter((e=>e&&ar.getDomainFromUrl(e).toLowerCase()===this.hostnameAndPort)).length>0}static generateAuthority(e,r){let n;if(r&&r.azureCloudInstance!==wt.None){const e=r.tenant?r.tenant:t.DEFAULT_COMMON_TENANT;n=`${r.azureCloudInstance}/${e}/`}return n||e}static createCloudDiscoveryMetadataFromHost(e){return{preferred_network:e,preferred_cache:e,aliases:[e]}}getPreferredCache(){if(this.managedIdentity)return t.DEFAULT_AUTHORITY_HOST;if(this.discoveryComplete())return this.metadata.preferred_cache;throw pt(ke)}isAlias(e){return this.metadata.aliases.indexOf(e)>-1}isAliasOfKnownMicrosoftAuthority(e){return hr.has(e)}static isPublicCloudAuthority(e){return t.KNOWN_PUBLIC_CLOUDS.indexOf(e)>=0}static buildRegionalAuthorityString(e,r,n){const o=new ar(e);o.validateAsUri();const i=o.getUrlComponents();let s=`${r}.${i.HostNameAndPort}`;this.isPublicCloudAuthority(i.HostNameAndPort)&&(s=`${r}.${t.REGIONAL_AUTH_PUBLIC_CLOUD_SUFFIX}`);const a=ar.constructAuthorityUriFromObject({...o.getUrlComponents(),HostNameAndPort:s}).urlString;return n?`${a}?${n}`:a}static replaceWithRegionalInformation(e,t){const r={...e};return r.authorization_endpoint=Wn.buildRegionalAuthorityString(r.authorization_endpoint,t),r.token_endpoint=Wn.buildRegionalAuthorityString(r.token_endpoint,t),r.end_session_endpoint&&(r.end_session_endpoint=Wn.buildRegionalAuthorityString(r.end_session_endpoint,t)),r}static transformCIAMAuthority(e){let r=e;const n=new ar(e).getUrlComponents();if(0===n.PathSegments.length&&n.HostNameAndPort.endsWith(t.CIAM_AUTH_URL)){r=`${r}${n.HostNameAndPort.split(".")[0]}${t.AAD_TENANT_DOMAIN_SUFFIX}`}return r}}function Vn(e){return e.endsWith(t.FORWARD_SLASH)?e:`${e}${t.FORWARD_SLASH}`}function Jn(e){const t=e.cloudDiscoveryMetadata;let r;if(t)try{r=JSON.parse(t)}catch(e){throw Wt(Ot)}return{canonicalAuthority:e.authority?Vn(e.authority):void 0,knownAuthorities:e.knownAuthorities,cloudDiscoveryMetadata:r}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */async function Yn(e,t,r,n,o,i,s){s?.addQueueMeasurement(Ir.AuthorityFactoryCreateDiscoveredInstance,i);const a=Wn.transformCIAMAuthority(Vn(e)),c=new Wn(a,t,r,n,o,i,s);try{return await Pn(c.resolveEndpointsAsync.bind(c),Ir.AuthorityResolveEndpointsAsync,o,s,i)(),c}catch(e){throw pt(ke)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */Wn.reservedTenantDomains=new Set(["{tenant}","{tenantid}",I,A,T]);class Xn extends Ce{constructor(e,t,r,n,o){super(e,t,r),this.name="ServerError",this.errorNo=n,this.status=o,Object.setPrototypeOf(this,Xn.prototype)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function Zn(e,t,r){return{clientId:e,authority:t.authority,scopes:t.scopes,homeAccountIdentifier:r,claims:t.claims,authenticationScheme:t.authenticationScheme,resourceRequestMethod:t.resourceRequestMethod,resourceRequestUri:t.resourceRequestUri,shrClaims:t.shrClaims,sshKid:t.sshKid,embeddedClientId:t.embeddedClientId||t.tokenBodyParameters?.clientId}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class eo{static generateThrottlingStorageKey(e){return`${Y}.${JSON.stringify(e)}`}static preProcess(e,r,n){const o=eo.generateThrottlingStorageKey(r),i=e.getThrottlingCache(o);if(i){if(i.throttleTime<Date.now())return void e.removeItem(o,n);throw new Xn(i.errorCodes?.join(" ")||t.EMPTY_STRING,i.errorMessage,i.subError)}}static postProcess(e,t,r,n){if(eo.checkResponseStatus(r)||eo.checkResponseForRetryAfter(r)){const o={throttleTime:eo.calculateThrottleTime(parseInt(r.headers[p])),error:r.body.error,errorCodes:r.body.error_codes,errorMessage:r.body.error_description,subError:r.body.suberror};e.setThrottlingCache(eo.generateThrottlingStorageKey(t),o,n)}}static checkResponseStatus(e){return 429===e.status||e.status>=500&&e.status<600}static checkResponseForRetryAfter(e){return!!e.headers&&(e.headers.hasOwnProperty(p)&&(e.status<200||e.status>=300))}static calculateThrottleTime(e){const t=e<=0?0:e,r=Date.now()/1e3;return Math.floor(1e3*Math.min(r+(t||V),r+J))}static removeThrottle(e,t,r,n){const o=Zn(t,r,n),i=this.generateThrottlingStorageKey(o);e.removeItem(i,r.correlationId)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class to extends Ce{constructor(e,t,r){super(e.errorCode,e.errorMessage,e.subError),Object.setPrototypeOf(this,to.prototype),this.name="NetworkError",this.error=e,this.httpStatus=t,this.responseHeaders=r}}function ro(e,t,r,n){return e.errorMessage=`${e.errorMessage}, additionalErrorInfo: error.name:${n?.name}, error.message:${n?.message}`,new to(e,t,r)}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class no{constructor(e,t){this.config=function({authOptions:e,systemOptions:t,loggerOptions:r,cacheOptions:n,storageInterface:o,networkInterface:i,cryptoInterface:s,clientCredentials:a,libraryInfo:c,telemetry:l,serverTelemetryManager:h,persistencePlugin:d,serializableCache:u}){const g={..._r,...r};return{authOptions:(p=e,{clientCapabilities:[],azureCloudOptions:Nr,skipAuthorityMetadataCache:!1,instanceAware:!1,encodeExtraQueryParams:!1,...p}),systemOptions:{...Rr,...t},loggerOptions:g,cacheOptions:{...Pr,...n},storageInterface:o||new vr(e.clientId,mt,new yt(g),new Er),networkInterface:i||Mr,cryptoInterface:s||mt,clientCredentials:a||qr,libraryInfo:{...Or,...c},telemetry:{...Ur,...l},serverTelemetryManager:h||null,persistencePlugin:d||null,serializableCache:u||null};var p}(e),this.logger=new yt(this.config.loggerOptions,Ct,vt),this.cryptoUtils=this.config.cryptoInterface,this.cacheManager=this.config.storageInterface,this.networkClient=this.config.networkInterface,this.serverTelemetryManager=this.config.serverTelemetryManager,this.authority=this.config.authOptions.authority,this.performanceClient=t}createTokenRequestHeaders(e){const r={};if(r[u]=t.URL_FORM_CONTENT_TYPE,!this.config.systemOptions.preventCorsPreflight&&e)switch(e.type){case Hr:try{const t=Br(e.credential);r[m]=`Oid:${t.uid}@${t.utid}`}catch(e){this.logger.verbose("Could not parse home account ID for CCS Header: "+e)}break;case xr:r[m]=`UPN: ${e.credential}`}return r}async executePostToTokenEndpoint(e,t,r,n,o,i){i&&this.performanceClient?.addQueueMeasurement(i,o);const s=await this.sendPostRequest(n,e,{body:t,headers:r},o);return this.config.serverTelemetryManager&&s.status<500&&429!==s.status&&this.config.serverTelemetryManager.clearTelemetryCache(),s}async sendPostRequest(e,t,r,n){let o;eo.preProcess(this.cacheManager,e,n);try{o=await Pn(this.networkClient.sendPostRequestAsync.bind(this.networkClient),Ir.NetworkClientSendPostRequestAsync,this.logger,this.performanceClient,n)(t,r);const e=o.headers||{};this.performanceClient?.addFields({refreshTokenSize:o.body.refresh_token?.length||0,httpVerToken:e[v]||"",requestId:e[C]||""},n)}catch(e){if(e instanceof to){const t=e.responseHeaders;throw t&&this.performanceClient?.addFields({httpVerToken:t[v]||"",requestId:t[C]||"",contentTypeHeader:t[u]||void 0,contentLengthHeader:t[g]||void 0,httpStatus:e.httpStatus},n),e.error}throw e instanceof Ce?e:pt(Se)}return eo.postProcess(this.cacheManager,e,o,n),o}async updateAuthority(e,t){this.performanceClient?.addQueueMeasurement(Ir.UpdateTokenEndpointAuthority,t);const r=`https://${e}/${this.authority.tenant}/`,n=await Yn(r,this.networkClient,this.cacheManager,this.authority.options,this.logger,t,this.performanceClient);this.authority=n}createTokenQueryParameters(e){const t=new Map;return e.embeddedClientId&&kn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenQueryParameters&&Cn(t,e.tokenQueryParameters),an(t,e.correlationId),Jr(t,e.correlationId,this.performanceClient),ir(t)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function oo(e){if(e){return e.tid||e.tfp||e.acr||null}return null}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class io{getAccountInfo(){return{homeAccountId:this.homeAccountId,environment:this.environment,tenantId:this.realm,username:this.username,localAccountId:this.localAccountId,loginHint:this.loginHint,name:this.name,nativeAccountId:this.nativeAccountId,authorityType:this.authorityType,tenantProfiles:new Map((this.tenantProfiles||[]).map((e=>[e.tenantId,e]))),dataBoundary:this.dataBoundary}}isSingleTenant(){return!this.tenantProfiles}static createAccount(e,t,r){const n=new io;let o;t.authorityType===bn?n.authorityType=N:t.protocolMode===wr.OIDC?n.authorityType=U:n.authorityType=q,e.clientInfo&&r&&(o=Dr(e.clientInfo,r),o.xms_tdbr&&(n.dataBoundary="EU"===o.xms_tdbr?"EU":"None")),n.clientInfo=e.clientInfo,n.homeAccountId=e.homeAccountId,n.nativeAccountId=e.nativeAccountId;const i=e.environment||t&&t.getPreferredCache();if(!i)throw pt(Qe);n.environment=i,n.realm=o?.utid||oo(e.idTokenClaims)||"",n.localAccountId=o?.uid||e.idTokenClaims?.oid||e.idTokenClaims?.sub||"";const s=e.idTokenClaims?.preferred_username||e.idTokenClaims?.upn,a=e.idTokenClaims?.emails?e.idTokenClaims.emails[0]:null;if(n.username=s||a||"",n.loginHint=e.idTokenClaims?.login_hint,n.name=e.idTokenClaims?.name||"",n.cloudGraphHostName=e.cloudGraphHostName,n.msGraphHost=e.msGraphHost,e.tenantProfiles)n.tenantProfiles=e.tenantProfiles;else{const t=Xt(e.homeAccountId,n.localAccountId,n.realm,e.idTokenClaims);n.tenantProfiles=[t]}return n}static createFromAccountInfo(e,t,r){const n=new io;return n.authorityType=e.authorityType||U,n.homeAccountId=e.homeAccountId,n.localAccountId=e.localAccountId,n.nativeAccountId=e.nativeAccountId,n.realm=e.tenantId,n.environment=e.environment,n.username=e.username,n.name=e.name,n.loginHint=e.loginHint,n.cloudGraphHostName=t,n.msGraphHost=r,n.tenantProfiles=Array.from(e.tenantProfiles?.values()||[]),n.dataBoundary=e.dataBoundary,n}static generateHomeAccountId(e,t,r,n,o){if(t!==bn&&t!==En){if(e)try{const t=Dr(e,n.base64Decode);if(t.uid&&t.utid)return`${t.uid}.${t.utid}`}catch(e){}r.warning("No client info in response")}return o?.sub||""}static isAccountEntity(e){return!!e&&(e.hasOwnProperty("homeAccountId")&&e.hasOwnProperty("environment")&&e.hasOwnProperty("realm")&&e.hasOwnProperty("localAccountId")&&e.hasOwnProperty("username")&&e.hasOwnProperty("authorityType"))}static accountInfoIsEqual(e,t,r){if(!e||!t)return!1;let n=!0;if(r){const r=e.idTokenClaims||{},o=t.idTokenClaims||{};n=r.iat===o.iat&&r.nonce===o.nonce}return e.homeAccountId===t.homeAccountId&&e.localAccountId===t.localAccountId&&e.username===t.username&&e.tenantId===t.tenantId&&e.loginHint===t.loginHint&&e.environment===t.environment&&e.nativeAccountId===t.nativeAccountId&&n}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const so="no_tokens_found",ao="native_account_unavailable",co="refresh_token_expired",lo="ux_not_allowed",ho="interaction_required",uo="consent_required",go="login_required",po="bad_token";var mo=Object.freeze({__proto__:null,badToken:po,consentRequired:uo,interactionRequired:ho,loginRequired:go,nativeAccountUnavailable:ao,noTokensFound:so,refreshTokenExpired:co,uxNotAllowed:lo});
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const fo=[ho,uo,go,po,lo],yo=["message_only","additional_action","basic_action","user_password_expired","consent_required","bad_token"],Co={[so]:"No refresh token found in the cache. Please sign-in.",[ao]:"The requested account is not available in the native broker. It may have been deleted or logged out. Please sign-in again using an interactive API.",[co]:"Refresh token has expired.",[po]:"Identity provider returned bad_token due to an expired or invalid refresh token. Please invoke an interactive API to resolve.",[lo]:"`canShowUI` flag in Edge was set to false. User interaction required on web page. Please invoke an interactive API to resolve."},vo={noTokensFoundError:{code:so,desc:Co[so]},native_account_unavailable:{code:ao,desc:Co[ao]},bad_token:{code:po,desc:Co[po]}};class wo extends Ce{constructor(e,r,n,o,i,s,a,c){super(e,r,n),Object.setPrototypeOf(this,wo.prototype),this.timestamp=o||t.EMPTY_STRING,this.traceId=i||t.EMPTY_STRING,this.correlationId=s||t.EMPTY_STRING,this.claims=a||t.EMPTY_STRING,this.name="InteractionRequiredAuthError",this.errorNo=c}}function Io(e,t,r){const n=!!e&&fo.indexOf(e)>-1,o=!!r&&yo.indexOf(r)>-1,i=!!t&&fo.some((e=>t.indexOf(e)>-1));return n||i||o}function To(e){return new wo(e,Co[e])}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Ao{static setRequestState(e,r,n){const o=Ao.generateLibraryState(e,n);return r?`${o}${t.RESOURCE_DELIM}${r}`:o}static generateLibraryState(e,t){if(!e)throw pt(We);const r={id:e.createNewGuid()};t&&(r.meta=t);const n=JSON.stringify(r);return e.base64Encode(n)}static parseRequestState(e,r){if(!e)throw pt(We);if(!r)throw pt(Re);try{const n=r.split(t.RESOURCE_DELIM),o=n[0],i=n.length>1?n.slice(1).join(t.RESOURCE_DELIM):t.EMPTY_STRING,s=e.base64Decode(o),a=JSON.parse(s);return{userRequestState:i||t.EMPTY_STRING,libraryState:a}}catch(e){throw pt(Re)}}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const ko="sw";class So{constructor(e,t){this.cryptoUtils=e,this.performanceClient=t}async generateCnf(e,t){this.performanceClient?.addQueueMeasurement(Ir.PopTokenGenerateCnf,e.correlationId);const r=await Pn(this.generateKid.bind(this),Ir.PopTokenGenerateCnf,t,this.performanceClient,e.correlationId)(e),n=this.cryptoUtils.base64UrlEncode(JSON.stringify(r));return{kid:r.kid,reqCnfString:n}}async generateKid(e){this.performanceClient?.addQueueMeasurement(Ir.PopTokenGenerateKid,e.correlationId);return{kid:await this.cryptoUtils.getPublicKeyThumbprint(e),xms_ksl:ko}}async signPopToken(e,t,r){return this.signPayload(e,t,r)}async signPayload(e,t,r,n){const{resourceRequestMethod:o,resourceRequestUri:i,shrClaims:s,shrNonce:a,shrOptions:c}=r,l=i?new ar(i):void 0,h=l?.getUrlComponents();return this.cryptoUtils.signJwt({at:e,ts:On(),m:o?.toUpperCase(),u:h?.HostNameAndPort,nonce:a||this.cryptoUtils.createNewGuid(),p:h?.AbsolutePath,q:h?.QueryString?[[],h.QueryString]:void 0,client_claims:s||void 0,...n},t,c,r.correlationId)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class bo{constructor(e,t){this.cache=e,this.hasChanged=t}get cacheHasChanged(){return this.hasChanged}get tokenCache(){return this.cache}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Eo{constructor(e,t,r,n,o,i,s){this.clientId=e,this.cacheStorage=t,this.cryptoObj=r,this.logger=n,this.serializableCache=o,this.persistencePlugin=i,this.performanceClient=s}validateTokenResponse(e,r){if(e.error||e.error_description||e.suberror){const o=`Error(s): ${e.error_codes||t.NOT_AVAILABLE} - Timestamp: ${e.timestamp||t.NOT_AVAILABLE} - Description: ${e.error_description||t.NOT_AVAILABLE} - Correlation ID: ${e.correlation_id||t.NOT_AVAILABLE} - Trace ID: ${e.trace_id||t.NOT_AVAILABLE}`,c=e.error_codes?.length?e.error_codes[0]:void 0,l=new Xn(e.error,o,e.suberror,c,e.status);if(r&&e.status&&e.status>=s&&e.status<=a)return void this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently unavailable and the access token is unable to be refreshed.\n${l}`);if(r&&e.status&&e.status>=n&&e.status<=i)return void this.logger.warning(`executeTokenRequest:validateTokenResponse - AAD is currently available but is unable to refresh the access token.\n${l}`);if(Io(e.error,e.error_description,e.suberror))throw new wo(e.error,e.error_description,e.suberror,e.timestamp||t.EMPTY_STRING,e.trace_id||t.EMPTY_STRING,e.correlation_id||t.EMPTY_STRING,e.claims||t.EMPTY_STRING,c);throw l}}async handleServerTokenResponse(e,r,n,o,i,s,a,c,l){let h,d;if(this.performanceClient?.addQueueMeasurement(Ir.HandleServerTokenResponse,e.correlation_id),e.id_token){if(h=er(e.id_token||t.EMPTY_STRING,this.cryptoObj.base64Decode),i&&i.nonce&&h.nonce!==i.nonce)throw pt(Me);if(o.maxAge||0===o.maxAge){const e=h.auth_time;if(!e)throw pt(Oe);tr(e,o.maxAge)}}this.homeAccountIdentifier=io.generateHomeAccountId(e.client_info||t.EMPTY_STRING,r.authorityType,this.logger,this.cryptoObj,h),i&&i.state&&(d=Ao.parseRequestState(this.cryptoObj,i.state)),e.key_id=e.key_id||o.sshKid||void 0;const u=this.generateCacheRecord(e,r,n,o,h,s,i);let g;try{if(this.persistencePlugin&&this.serializableCache&&(this.logger.verbose("Persistence enabled, calling beforeCacheAccess"),g=new bo(this.serializableCache,!0),await this.persistencePlugin.beforeCacheAccess(g)),a&&!c&&u.account){const e=this.cacheStorage.generateAccountKey(u.account.getAccountInfo());if(!this.cacheStorage.getAccount(e,o.correlationId))return this.logger.warning("Account used to refresh tokens not in persistence, refreshed tokens will not be stored in the cache"),await Eo.generateAuthenticationResult(this.cryptoObj,r,u,!1,o,h,d,void 0,l)}await this.cacheStorage.saveCacheRecord(u,o.correlationId,o.storeInCache)}finally{this.persistencePlugin&&this.serializableCache&&g&&(this.logger.verbose("Persistence enabled, calling afterCacheAccess"),await this.persistencePlugin.afterCacheAccess(g))}return Eo.generateAuthenticationResult(this.cryptoObj,r,u,!1,o,h,d,e,l)}generateCacheRecord(e,t,r,n,o,i,s){const a=t.getPreferredCache();if(!a)throw pt(Qe);const c=oo(o);let l,h;e.id_token&&o&&(l=xn(this.homeAccountIdentifier,a,e.id_token,this.clientId,c||""),h=Ro(this.cacheStorage,t,this.homeAccountIdentifier,this.cryptoObj.base64Decode,n.correlationId,o,e.client_info,a,c,s,void 0,this.logger));let d=null;if(e.access_token){const o=e.scope?Jt.fromString(e.scope):new Jt(n.scopes||[]),s=("string"==typeof e.expires_in?parseInt(e.expires_in,10):e.expires_in)||0,l=("string"==typeof e.ext_expires_in?parseInt(e.ext_expires_in,10):e.ext_expires_in)||0,h=("string"==typeof e.refresh_in?parseInt(e.refresh_in,10):e.refresh_in)||void 0,u=r+s,g=u+l,p=h&&h>0?r+h:void 0;d=Dn(this.homeAccountIdentifier,a,e.access_token,this.clientId,c||t.tenant||"",o.printScopes(),u,g,this.cryptoObj.base64Decode,p,e.token_type,i,e.key_id,n.claims,n.requestedClaimsHash)}let u=null;if(e.refresh_token){let t;if(e.refresh_token_expires_in){t=r+("string"==typeof e.refresh_token_expires_in?parseInt(e.refresh_token_expires_in,10):e.refresh_token_expires_in)}u=Bn(this.homeAccountIdentifier,a,e.refresh_token,this.clientId,e.foci,i,t)}let g=null;return e.foci&&(g={clientId:this.clientId,environment:a,familyId:e.foci}),{account:h,idToken:l,accessToken:d,refreshToken:u,appMetadata:g}}static async generateAuthe
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */async function _o(e,t,r){if("string"==typeof e)return e;return e({clientId:t,tokenEndpoint:r})}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Po extends no{constructor(e,t){super(e,t),this.includeRedirectUri=!0,this.oidcDefaultScopes=this.config.authOptions.authority.options.OIDCOptions?.defaultScopes}async acquireToken(e,t){if(this.performanceClient?.addQueueMeasurement(Ir.AuthClientAcquireToken,e.correlationId),!e.code)throw pt(He);const r=On(),n=await Pn(this.executeTokenRequest.bind(this),Ir.AuthClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(this.authority,e),o=n.headers?.[C],i=new Eo(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin,this.performanceClient);return i.validateTokenResponse(n.body),Pn(i.handleServerTokenResponse.bind(i),Ir.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(n.body,this.authority,r,e,t,void 0,void 0,void 0,o)}getLogoutUri(e){if(!e)throw Wt(_t);const t=this.createLogoutUrlQueryString(e);return ar.appendQueryString(this.authority.endSessionEndpoint,t)}async executeTokenRequest(e,t){this.performanceClient?.addQueueMeasurement(Ir.AuthClientExecuteTokenRequest,t.correlationId);const r=this.createTokenQueryParameters(t),n=ar.appendQueryString(e.tokenEndpoint,r),o=await Pn(this.createTokenRequestBody.bind(this),Ir.AuthClientCreateTokenRequestBody,this.logger,this.performanceClient,t.correlationId)(t);let i;if(t.clientInfo)try{const e=Dr(t.clientInfo,this.cryptoUtils.base64Decode);i={credential:`${e.uid}${H}${e.utid}`,type:Hr}}catch(e){this.logger.verbose("Could not parse client info for CCS Header: "+e)}const s=this.createTokenRequestHeaders(i||t.ccsCredential),a=Zn(this.config.authOptions.clientId,t);return Pn(this.executePostToTokenEndpoint.bind(this),Ir.AuthorizationCodeClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,t.correlationId)(n,o,s,a,t.correlationId,Ir.AuthorizationCodeClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){this.performanceClient?.addQueueMeasurement(Ir.AuthClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(Zr(t,e.embeddedClientId||e.tokenBodyParameters?.[Fr]||this.config.authOptions.clientId),this.includeRedirectUri)en(t,e.redirectUri);else if(!e.redirectUri)throw Wt(It);if(Xr(t,e.scopes,!0,this.oidcDefaultScopes),function(e,t){e.set("code",t)}(t,e.code),cn(t,this.config.libraryInfo),ln(t,this.config.telemetry.application),An(t),this.serverTelemetryManager&&!Lr(this.config)&&Tn(t,this.serverTelemetryManager),e.codeVerifier&&function(e,t){e.set("code_verifier",t)}(t,e.codeVerifier),this.config.clientCredentials.clientSecret&&un(t,this.config.clientCredentials.clientSecret),this.config.clientCredentials.clientAssertion){const r=this.config.clientCredentials.clientAssertion;gn(t,await _o(r.assertion,this.config.authOptions.clientId,e.resourceRequestUri)),pn(t,r.assertionType)}if(mn(t,M),fn(t),e.authenticationScheme===W.POP){const r=new So(this.cryptoUtils,this.performanceClient);let n;if(e.popKid)n=this.cryptoUtils.encodeKid(e.popKid);else{n=(await Pn(r.generateCnf.bind(r),Ir.PopTokenGenerateCnf,this.logger,this.performanceClient,e.correlationId)(e,this.logger)).reqCnfString}wn(t,n)}else if(e.authenticationScheme===W.SSH){if(!e.sshJwk)throw Wt(Ut);In(t,e.sshJwk)}let r;if((!Vt.isEmptyObj(e.claims)||this.config.authOptions.clientCapabilities&&this.config.authOptions.clientCapabilities.length>0)&&sn(t,e.claims,this.config.authOptions.clientCapabilities),e.clientInfo)try{const t=Dr(e.clientInfo,this.cryptoUtils.base64Decode);r={credential:`${t.uid}${H}${t.utid}`,type:Hr}}catch(e){this.logger.verbose("Could not parse client info for CCS Header: "+e)}else r=e.ccsCredential;if(this.config.systemOptions.preventCorsPreflight&&r)switch(r.type){case Hr:try{nn(t,Br(r.credential))}catch(e){this.logger.verbose("Could not parse home account ID for CCS Header: "+e)}break;case xr:rn(t,r.credential)}return e.embeddedClientId&&kn(t,this.config.authOptions.clientId,this.config.authOptions.redirectUri),e.tokenBodyParameters&&Cn(t,e.tokenBodyParameters),!e.enableSpaAuthorizationCode||e.token
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Mo extends no{constructor(e,t){super(e,t)}async acquireToken(e){this.performanceClient?.addQueueMeasurement(Ir.RefreshTokenClientAcquireToken,e.correlationId);const t=On(),r=await Pn(this.executeTokenRequest.bind(this),Ir.RefreshTokenClientExecuteTokenRequest,this.logger,this.performanceClient,e.correlationId)(e,this.authority),n=r.headers?.[C],o=new Eo(this.config.authOptions.clientId,this.cacheManager,this.cryptoUtils,this.logger,this.config.serializableCache,this.config.persistencePlugin);return o.validateTokenResponse(r.body),Pn(o.handleServerTokenResponse.bind(o),Ir.HandleServerTokenResponse,this.logger,this.performanceClient,e.correlationId)(r.body,this.authority,t,e,void 0,void 0,!0,e.forceCache,n)}async acquireTokenByRefreshToken(e){if(!e)throw Wt(Rt);if(this.performanceClient?.addQueueMeasurement(Ir.RefreshTokenClientAcquireTokenByRefreshToken,e.correlationId),!e.account)throw pt(Ge);if(this.cacheManager.isAppMetadataFOCI(e.account.environment))try{return await Pn(this.acquireTokenWithCachedRefreshToken.bind(this),Ir.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!0)}catch(t){const r=t instanceof wo&&t.errorCode===so,n=t instanceof Xn&&t.errorCode===Z&&t.subError===ee;if(r||n)return Pn(this.acquireTokenWithCachedRefreshToken.bind(this),Ir.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1);throw t}return Pn(this.acquireTokenWithCachedRefreshToken.bind(this),Ir.RefreshTokenClientAcquireTokenWithCachedRefreshToken,this.logger,this.performanceClient,e.correlationId)(e,!1)}async acquireTokenWithCachedRefreshToken(e,t){this.performanceClient?.addQueueMeasurement(Ir.RefreshTokenClientAcquireTokenWithCachedRefreshToken,e.correlationId);const r=_n(this.cacheManager.getRefreshToken.bind(this.cacheManager),Ir.CacheManagerGetRefreshToken,this.logger,this.performanceClient,e.correlationId)(e.account,t,e.correlationId,void 0,this.performanceClient);if(!r)throw To(so);if(r.expiresOn&&Un(r.expiresOn,e.refreshTokenExpirationOffsetSeconds||300))throw this.performanceClient?.addFields({rtExpiresOnMs:Number(r.expiresOn)},e.correlationId),To(co);const n={...e,refreshToken:r.secret,authenticationScheme:e.authenticationScheme||W.BEARER,ccsCredential:{credential:e.account.homeAccountId,type:Hr}};try{return await Pn(this.acquireToken.bind(this),Ir.RefreshTokenClientAcquireToken,this.logger,this.performanceClient,e.correlationId)(n)}catch(t){if(t instanceof wo&&(this.performanceClient?.addFields({rtExpiresOnMs:Number(r.expiresOn)},e.correlationId),t.subError===po)){this.logger.verbose("acquireTokenWithRefreshToken: bad refresh token, removing from cache");const t=this.cacheManager.generateCredentialKey(r);this.cacheManager.removeRefreshToken(t,e.correlationId)}throw t}}async executeTokenRequest(e,t){this.performanceClient?.addQueueMeasurement(Ir.RefreshTokenClientExecuteTokenRequest,e.correlationId);const r=this.createTokenQueryParameters(e),n=ar.appendQueryString(t.tokenEndpoint,r),o=await Pn(this.createTokenRequestBody.bind(this),Ir.RefreshTokenClientCreateTokenRequestBody,this.logger,this.performanceClient,e.correlationId)(e),i=this.createTokenRequestHeaders(e.ccsCredential),s=Zn(this.config.authOptions.clientId,e);return Pn(this.executePostToTokenEndpoint.bind(this),Ir.RefreshTokenClientExecutePostToTokenEndpoint,this.logger,this.performanceClient,e.correlationId)(n,o,i,s,e.correlationId,Ir.RefreshTokenClientExecutePostToTokenEndpoint)}async createTokenRequestBody(e){this.performanceClient?.addQueueMeasurement(Ir.RefreshTokenClientCreateTokenRequestBody,e.correlationId);const t=new Map;if(Zr(t,e.embeddedClientId||e.tokenBodyParameters?.[Fr]||this.config.authOptions.clientId),e.redirectUri&&en(t,e.redirectUri),Xr(t,e.scopes,!0,this.config.authOptions.authority.options.OIDCOptions?.defaultScopes),mn(t,O),fn(t),cn(t,this.config.libraryInfo),ln(t,this.config.telemetry.application),An(t),this.serverTelemetryManager&&!Lr(this.config)&&Tn(t,this.serverTelemetryManager),fu
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Oo extends no{constructor(e,t){super(e,t)}async acquireCachedToken(e){this.performanceClient?.addQueueMeasurement(Ir.SilentFlowClientAcquireCachedToken,e.correlationId);let t=ae;if(e.forceRefresh||!this.config.cacheOptions.claimsBasedCachingEnabled&&!Vt.isEmptyObj(e.claims))throw this.setCacheOutcome(ce,e.correlationId),pt(Xe);if(!e.account)throw pt(Ge);const r=e.account.tenantId||function(e){const t=new ar(e).getUrlComponents(),r=t.PathSegments.slice(-1)[0]?.toLowerCase();switch(r){case I:case T:case A:return;default:return r}}(e.authority),n=this.cacheManager.getTokenKeys(),o=this.cacheManager.getAccessToken(e.account,e,n,r);if(!o)throw this.setCacheOutcome(le,e.correlationId),pt(Xe);if(Hn(o.cachedAt)||Un(o.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds))throw this.setCacheOutcome(he,e.correlationId),pt(Xe);o.refreshOn&&Un(o.refreshOn,0)&&(t=de);const i=e.authority||this.authority.getPreferredCache(),s={account:this.cacheManager.getAccount(this.cacheManager.generateAccountKey(e.account),e.correlationId),accessToken:o,idToken:this.cacheManager.getIdToken(e.account,e.correlationId,n,r,this.performanceClient),refreshToken:null,appMetadata:this.cacheManager.readAppMetadataFromCache(i)};return this.setCacheOutcome(t,e.correlationId),this.config.serverTelemetryManager&&this.config.serverTelemetryManager.incrementCacheHits(),[await Pn(this.generateResultFromCacheRecord.bind(this),Ir.SilentFlowClientGenerateResultFromCacheRecord,this.logger,this.performanceClient,e.correlationId)(s,e),t]}setCacheOutcome(e,t){this.serverTelemetryManager?.setCacheOutcome(e),this.performanceClient?.addFields({cacheOutcome:e},t),e!==ae&&this.logger.info(`Token refresh is required due to cache outcome: ${e}`)}async generateResultFromCacheRecord(e,t){let r;if(this.performanceClient?.addQueueMeasurement(Ir.SilentFlowClientGenerateResultFromCacheRecord,t.correlationId),e.idToken&&(r=er(e.idToken.secret,this.config.cryptoInterface.base64Decode)),t.maxAge||0===t.maxAge){const e=r?.auth_time;if(!e)throw pt(Oe);tr(e,t.maxAge)}return Eo.generateAuthenticationResult(this.cryptoUtils,this.authority,e,!0,t,r)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const qo={sendGetRequestAsync:()=>Promise.reject(pt(ct)),sendPostRequestAsync:()=>Promise.reject(pt(ct))};
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function No(e,t,r,n){const o=t.correlationId,i=new Map;Zr(i,t.embeddedClientId||t.extraQueryParameters?.[Fr]||e.clientId);if(Xr(i,[...t.scopes||[],...t.extraScopesToConsent||[]],!0,e.authority.options.OIDCOptions?.defaultScopes),en(i,t.redirectUri),an(i,o),function(e,t){e.set("response_mode",t||P)}(i,t.responseMode),fn(i),t.prompt&&(!function(e,t){e.set("prompt",t)}(i,t.prompt),n?.addFields({prompt:t.prompt},o)),t.domainHint&&(!function(e,t){e.set("domain_hint",t)}(i,t.domainHint),n?.addFields({domainHintFromRequest:!0},o)),t.prompt!==b.SELECT_ACCOUNT)if(t.sid&&t.prompt===b.NONE)r.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from request"),on(i,t.sid),n?.addFields({sidFromRequest:!0},o);else if(t.account){const e=(s=t.account,s.idTokenClaims?.sid||null);let a=function(e){return e.loginHint||e.idTokenClaims?.login_hint||null}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */(t.account);if(a&&t.domainHint&&(r.warning('AuthorizationCodeClient.createAuthCodeUrlQueryString: "domainHint" param is set, skipping opaque "login_hint" claim. Please consider not passing domainHint'),a=null),a){r.verbose("createAuthCodeUrlQueryString: login_hint claim present on account"),tn(i,a),n?.addFields({loginHintFromClaim:!0},o);try{nn(i,Br(t.account.homeAccountId))}catch(e){r.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(e&&t.prompt===b.NONE){r.verbose("createAuthCodeUrlQueryString: Prompt is none, adding sid from account"),on(i,e),n?.addFields({sidFromClaim:!0},o);try{nn(i,Br(t.account.homeAccountId))}catch(e){r.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}else if(t.loginHint)r.verbose("createAuthCodeUrlQueryString: Adding login_hint from request"),tn(i,t.loginHint),rn(i,t.loginHint),n?.addFields({loginHintFromRequest:!0},o);else if(t.account.username){r.verbose("createAuthCodeUrlQueryString: Adding login_hint from account"),tn(i,t.account.username),n?.addFields({loginHintFromUpn:!0},o);try{nn(i,Br(t.account.homeAccountId))}catch(e){r.verbose("createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header")}}}else t.loginHint&&(r.verbose("createAuthCodeUrlQueryString: No account, adding login_hint from request"),tn(i,t.loginHint),rn(i,t.loginHint),n?.addFields({loginHintFromRequest:!0},o));else r.verbose("createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints");var s;return t.nonce&&function(e,t){e.set("nonce",t)}(i,t.nonce),t.state&&hn(i,t.state),(t.claims||e.clientCapabilities&&e.clientCapabilities.length>0)&&sn(i,t.claims,e.clientCapabilities),t.embeddedClientId&&kn(i,e.clientId,e.redirectUri),!e.instanceAware||t.extraQueryParameters&&Object.keys(t.extraQueryParameters).includes(Vr)||yn(i),i}function Uo(e,t,r,n){const o=ir(t,r,n);return ar.appendQueryString(e.authorizationEndpoint,o)}function Lo(e,t){if(!e.state||!t)throw e.state?pt(Pe,"Cached State"):pt(Pe,"Server State");let r,n;try{r=decodeURIComponent(e.state)}catch(t){throw pt(Re,e.state)}try{n=decodeURIComponent(t)}catch(t){throw pt(Re,e.state)}if(r!==n)throw pt(_e);if(e.error||e.error_description||e.suberror){const t=function(e){const t="code=",r=e.error_uri?.lastIndexOf(t);return r&&r>=0?e.error_uri?.substring(r+t.length):void 0}(e);if(Io(e.error,e.error_description,e.suberror))throw new wo(e.error||"",e.error_description,e.suberror,e.timestamp||"",e.trace_id||"",e.correlation_id||"",e.claims||"",t);throw new Xn(e.error||"",e.error_description,e.suberror,t)}}function Ho(e){const{skus:t,libraryName:r,libraryVersion:n,extensionName:o,extensionVersion:i}=e,s=new Map([[0,[r,n]],[2,[o,i]]]);let a=[];if(t?.length){if(a=t.split(","),a.length<4)return t}else a=Array.from({length:4},(()=>"|"));return s.forEach(((e,t)=>{2===e.length&&e[0]?.length&&e[1]?.length&&function(e){const{skuArr:t,index:r,skuName:n,skuVersion:o}=e;if(r>=t.length)return;t[r]=[n,o].join("|")}({skuArr:a,index:t,skuName:e[0],skuVersion:e[1]})})),a.join(",")}class xo{constructor(e,r){this.cacheOutcome=ae,this.cacheManager=r,this.apiId=e.apiId,this.correlationId=e.correlationId,this.wrapperSKU=e.wrapperSKU||t.EMPTY_STRING,this.wrapperVer=e.wrapperVer||t.EMPTY_STRING,this.telemetryCacheKey=j.CACHE_KEY+L+e.clientId}generateCurrentRequestHeaderValue(){const e=`${this.apiId}${j.VALUE_SEPARATOR}${this.cacheOutcome}`,t=[this.wrapperSKU,this.wrapperVer],r=this.getNativeBrokerErrorCode();r?.length&&t.push(`broker_error=${r}`);const n=t.join(j.VALUE_SEPARATOR),o=[e,this.getRegionDiscoveryFields()].join(j.VALUE_SEPARATOR);return[j.SCHEMA_VERSION,o,n].join(j.CATEGORY_SEPARATOR)}generateLastRequestHeaderValue(){const e=this.getLastRequests(),t=xo.maxErrorsToSend(e),r=e.failedRequests.slice(0,2*t).join(j.VALUE_SEPARATOR),n=e.errors.slice(0,t).join(j.VALUE_SEPARATOR),o=e.errors.length,i=[o,t<o?j.OVERFLOW_TRUE:j.OVERFLOW_FALSE].join(j.VALUE_SEPARATOR);return[j.SCHEMA_VERSION,e.cacheHits,r,n,i].join(j.CATEGORY_SEPARATOR)}cacheFaile
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */const Do="missing_kid_error",Bo="missing_alg_error",Fo={[Do]:"The JOSE Header for the requested JWT, JWS or JWK object requires a keyId to be configured as the 'kid' header claim. No 'kid' value was provided.",[Bo]:"The JOSE Header for the requested JWT, JWS or JWK object requires an algorithm to be specified as the 'alg' header claim. No 'alg' value was provided."};class zo extends Ce{constructor(e,t){super(e,t),this.name="JoseHeaderError",Object.setPrototypeOf(this,zo.prototype)}}function Ko(e){return new zo(e,Fo[e])}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */class Go{constructor(e){this.typ=e.typ,this.alg=e.alg,this.kid=e.kid}static getShrHeaderString(e){if(!e.kid)throw Ko(Do);if(!e.alg)throw Ko(Bo);const t=new Go({typ:e.typ||ue.Pop,kid:e.kid,alg:e.alg});return JSON.stringify(t)}}
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */function $o(e,t,r,n=5){if(e instanceof Error)return e instanceof Ce?(r.errorCode=e.errorCode,r.subErrorCode=e.subError,void((e instanceof Xn||e instanceof wo)&&(r.serverErrorNo=e.errorNo))):void(e instanceof fr?r.errorCode=e.errorCode:r.errorStack?.length?t.trace("PerformanceClient.addErrorStack: Stack already exist",r.correlationId):e.stack?.length?(e.stack&&(r.errorStack=function(e,t){if(t<0)return[];const r=e.split("\n")||[],n=[],o=r[0];o.startsWith("TypeError: Cannot read property")||o.startsWith("TypeError: Cannot read properties of")||o.startsWith("TypeError: Cannot set property")||o.startsWith("TypeError: Cannot set properties of")||o.endsWith("is not a function")?n.push(Qo(o)):(o.startsWith("SyntaxError")||o.startsWith("TypeError"))&&n.push(Qo(o.replace(/['].*[']|["].*["]/g,"<redacted>")));for(let e=1;e<r.length&&!(n.length>=t);e++){const t=r[e];n.push(Qo(t))}return n}(e.stack,n)),r.errorName=e.name):t.trace("PerformanceClient.addErrorStack: Input stack is empty",r.correlationId));t.trace("PerformanceClient.addErrorStack: Input error is not instance of Error",r.correlationId)}function Qo(e){const t=e.lastIndexOf(" ")+1;if(t<1)return e;const r=e.substring(t);let n=r.lastIndexOf("/");return n=n<0?r.lastIndexOf("\\"):n,n>=0?(e.substring(0,t)+"("+r.substring(n+1)+(")"===r.charAt(r.length-1)?"":")")).trimStart():e.trimStart()}class jo{constructor(e,t,r,n,o,i,s,a){this.authority=t,this.libraryName=n,this.libraryVersion=o,this.applicationTelemetry=i,this.clientId=e,this.logger=r,this.callbacks=new Map,this.eventsByCorrelationId=new Map,this.eventStack=new Map,this.queueMeasurements=new Map,this.preQueueTimeByCorrelationId=new Map,this.intFields=s||new Set;for(const e of Sr)this.intFields.add(e);this.abbreviations=a||new Map;for(const[e,t]of Tr)this.abbreviations.set(e,t)}startPerformanceMeasurement(e,t){return{}}getPreQueueTime(e,t){const r=this.preQueueTimeByCorrelationId.get(t);if(r){if(r.name===e)return r.time;this.logger.trace(`PerformanceClient.getPreQueueTime: no pre-queue time found for ${e}, unable to add queue measurement`)}else this.logger.trace(`PerformanceClient.getPreQueueTime: no pre-queue times found for correlationId: ${t}, unable to add queue measurement`)}calculateQueuedTime(e,t){return e<1?(this.logger.trace(`PerformanceClient: preQueueTime should be a positive integer and not ${e}`),0):t<1?(this.logger.trace(`PerformanceClient: currentTime should be a positive integer and not ${t}`),0):t<e?(this.logger.trace("PerformanceClient: currentTime is less than preQueueTime, check how time is being retrieved"),0):t-e}addQueueMeasurement(e,t,r,n){if(!t)return void this.logger.trace(`PerformanceClient.addQueueMeasurement: correlationId not provided for ${e}, cannot add queue measurement`);if(0===r)this.logger.trace(`PerformanceClient.addQueueMeasurement: queue time provided for ${e} is ${r}`);else if(!r)return void this.logger.trace(`PerformanceClient.addQueueMeasurement: no queue time provided for ${e}`);const o={eventName:e,queueTime:n?0:r,manuallyCompleted:n},i=this.queueMeasurements.get(t);if(i)i.push(o),this.queueMeasurements.set(t,i);else{this.logger.trace(`PerformanceClient.addQueueMeasurement: adding correlationId ${t} to queue measurements`);const e=[o];this.queueMeasurements.set(t,e)}this.preQueueTimeByCorrelationId.delete(t)}startMeasurement(e,t){const r=t||this.generateId();t||this.logger.info(`PerformanceClient: No correlation id provided for ${e}, generating`,r),this.logger.trace(`PerformanceClient: Performance measurement started for ${e}`,r);const n={eventId:this.generateId(),status:Ar,authority:this.authority,libraryName:this.libraryName,libraryVersion:this.libraryVersion,clientId:this.clientId,name:e,startTimeMs:Date.now(),correlationId:r,appName:this.applicationTelemetry?.appName,appVersion:this.applicationTelemetry?.appVersion};var o,i,s;return this.cacheEventByCorrelationId(n),o=n,i=this.abbreviations,(s=this.eventStack.get(r))&&s.push({name:i.get(o.name)||o.name}),{end:(e,t,r)=>this.endMeasurement({...n,...e},t,r),discard:()=>this.discardMeasur
|
||
|
|
/*! @azure/msal-common v15.13.0 2025-09-30 */,e.AuthenticationScheme=W,e.AzureCloudInstance=wt,e.BrowserAuthError=Vi,e.BrowserAuthErrorCodes=$i,e.BrowserAuthErrorMessage=Wi,e.BrowserCacheLocation=ms,e.BrowserConfigurationAuthError=ya,e.BrowserConfigurationAuthErrorCodes=pa,e.BrowserConfigurationAuthErrorMessage=fa,e.BrowserPerformanceClient=class extends jo{constructor(e,r,n){super(e.auth.clientId,e.auth.authority||`${t.DEFAULT_AUTHORITY}`,new yt(e.system?.loggerOptions||{},Fa,za),Fa,za,e.telemetry?.application||{appName:"",appVersion:""},r,n)}generateId(){return ta()}getPageVisibility(){return document.visibilityState?.toString()||null}deleteIncompleteSubMeasurements(e){Gl()?.then((t=>{const r=this.eventsByCorrelationId.get(e.event.correlationId),n=r&&r.eventId===e.event.eventId,o=[];n&&r?.incompleteSubMeasurements&&r.incompleteSubMeasurements.forEach((e=>{o.push({...e})})),t.BrowserPerformanceMeasurement.flushMeasurements(e.event.correlationId,o)}))}startMeasurement(e,t){const r=this.getPageVisibility(),n=super.startMeasurement(e,t),o=$l()?window.performance.now():void 0,i=Gl()?.then((t=>new t.BrowserPerformanceMeasurement(e,n.event.correlationId)));return i?.then((e=>e.startMeasurement())),{...n,end:(e,t,s)=>{const a=n.end({...e,startPageVisibility:r,endPageVisibility:this.getPageVisibility(),durationMs:Ql(o)},t,s);return i?.then((e=>e.endMeasurement())),this.deleteIncompleteSubMeasurements(n),a},discard:()=>{n.discard(),i?.then((e=>e.flushMeasurement())),this.deleteIncompleteSubMeasurements(n)}}}setPreQueueTime(e,t){if(!$l())return void this.logger.trace(`BrowserPerformanceClient: window performance API not available, unable to set telemetry queue time for ${e}`);if(!t)return void this.logger.trace(`BrowserPerformanceClient: correlationId for ${e} not provided, unable to set telemetry queue time`);const r=this.preQueueTimeByCorrelationId.get(t);r&&(this.logger.trace(`BrowserPerformanceClient: Incomplete pre-queue ${r.name} found`,t),this.addQueueMeasurement(r.name,t,void 0,!0)),this.preQueueTimeByCorrelationId.set(t,{name:e,time:window.performance.now()})}addQueueMeasurement(e,t,r,n){if(!$l())return void this.logger.trace(`BrowserPerformanceClient: window performance API not available, unable to add queue measurement for ${e}`);if(!t)return void this.logger.trace(`BrowserPerformanceClient: correlationId for ${e} not provided, unable to add queue measurement`);const o=super.getPreQueueTime(e,t);if(!o)return;const i=window.performance.now(),s=r||super.calculateQueuedTime(o,i);return super.addQueueMeasurement(e,t,s,n)}},e.BrowserPerformanceMeasurement=jl,e.BrowserUtils=Ua,e.CacheLookupPolicy=Ns,e.ClientAuthError=gt,e.ClientAuthErrorCodes=ht,e.ClientAuthErrorMessage=ut,e.ClientConfigurationError=jt,e.ClientConfigurationErrorCodes=Gt,e.ClientConfigurationErrorMessage=Qt,e.DEFAULT_IFRAME_TIMEOUT_MS=Ba,e.EventHandler=Dc,e.EventMessageUtils=class{static getInteractionStatusFromEvent(t,r){switch(t.eventType){case Ec.LOGIN_START:return Ps.Login;case Ec.SSO_SILENT_START:return Ps.SsoSilent;case Ec.ACQUIRE_TOKEN_START:if(t.interactionType===e.InteractionType.Redirect||t.interactionType===e.InteractionType.Popup)return Ps.AcquireToken;break;case Ec.HANDLE_REDIRECT_START:return Ps.HandleRedirect;case Ec.LOGOUT_START:return Ps.Logout;case Ec.SSO_SILENT_SUCCESS:case Ec.SSO_SILENT_FAILURE:if(r&&r!==Ps.SsoSilent)break;return Ps.None;case Ec.LOGOUT_END:if(r&&r!==Ps.Logout)break;return Ps.None;case Ec.HANDLE_REDIRECT_END:if(r&&r!==Ps.HandleRedirect)break;return Ps.None;case Ec.LOGIN_SUCCESS:case Ec.LOGIN_FAILURE:case Ec.ACQUIRE_TOKEN_SUCCESS:case Ec.ACQUIRE_TOKEN_FAILURE:case Ec.RESTORE_FROM_BFCACHE:if(t.interactionType===e.InteractionType.Redirect||t.interactionType===e.InteractionType.Popup){if(r&&r!==Ps.Login&&r!==Ps.AcquireToken)break;return Ps.None}}return null}},e.EventType=Ec,e.InteractionRequiredAuthError=wo,e.InteractionRequiredAuthErrorCodes=mo,e.InteractionRequiredAuthErrorMessage=vo,e.InteractionStatus=Ps,e.JsonWebTokenTypes=ue,e.LocalStorage=Sc,e.Logger=yt,e.MemoryStorage=gc,e.NavigationClient=La,e.OIDC_DEFAULT_SCOPES=h,e.
|