{"version":3,"file":"RefreshTokenEntity.js","sources":["../../../src/cache/entities/RefreshTokenEntity.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { CredentialEntity } from \"./CredentialEntity\";\nimport { CredentialType } from \"../../utils/Constants\";\n\n/**\n * REFRESH_TOKEN Cache\n *\n * Key:Value Schema:\n *\n * Key Example: uid.utid-login.microsoftonline.com-refreshtoken-clientId--\n *\n * Value:\n * {\n * homeAccountId: home account identifier for the auth scheme,\n * environment: entity that issued the token, represented as a full host\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\n * clientId: client ID of the application\n * secret: Actual credential as a string\n * familyId: Family ID identifier, '1' represents Microsoft Family\n * realm: Full tenant or organizational identifier that the account belongs to\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\n * }\n */\nexport class RefreshTokenEntity extends CredentialEntity {\n familyId?: string;\n\n /**\n * Create RefreshTokenEntity\n * @param homeAccountId\n * @param authenticationResult\n * @param clientId\n * @param authority\n */\n static createRefreshTokenEntity(\n homeAccountId: string,\n environment: string,\n refreshToken: string,\n clientId: string,\n familyId?: string,\n userAssertionHash?: string\n ): RefreshTokenEntity {\n const rtEntity = new RefreshTokenEntity();\n\n rtEntity.clientId = clientId;\n rtEntity.credentialType = CredentialType.REFRESH_TOKEN;\n rtEntity.environment = environment;\n rtEntity.homeAccountId = homeAccountId;\n rtEntity.secret = refreshToken;\n rtEntity.userAssertionHash = userAssertionHash;\n\n if (familyId)\n rtEntity.familyId = familyId;\n\n return rtEntity;\n }\n\n /**\n * Validates an entity: checks for all expected params\n * @param entity\n */\n static isRefreshTokenEntity(entity: object): boolean {\n\n if (!entity) {\n return false;\n }\n\n return (\n entity.hasOwnProperty(\"homeAccountId\") &&\n entity.hasOwnProperty(\"environment\") &&\n entity.hasOwnProperty(\"credentialType\") &&\n entity.hasOwnProperty(\"clientId\") &&\n entity.hasOwnProperty(\"secret\") &&\n entity[\"credentialType\"] === CredentialType.REFRESH_TOKEN\n );\n }\n}\n"],"names":[],"mappings":";;;;;;AAAA;;;AAGG;AAKH;;;;;;;;;;;;;;;;;;AAkBG;AACH,IAAA,kBAAA,kBAAA,UAAA,MAAA,EAAA;IAAwC,SAAgB,CAAA,kBAAA,EAAA,MAAA,CAAA,CAAA;AAAxD,IAAA,SAAA,kBAAA,GAAA;;KAoDC;AAjDG;;;;;;AAMG;AACI,IAAA,kBAAA,CAAA,wBAAwB,GAA/B,UACI,aAAqB,EACrB,WAAmB,EACnB,YAAoB,EACpB,QAAgB,EAChB,QAAiB,EACjB,iBAA0B,EAAA;AAE1B,QAAA,IAAM,QAAQ,GAAG,IAAI,kBAAkB,EAAE,CAAC;AAE1C,QAAA,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAC7B,QAAA,QAAQ,CAAC,cAAc,GAAG,cAAc,CAAC,aAAa,CAAC;AACvD,QAAA,QAAQ,CAAC,WAAW,GAAG,WAAW,CAAC;AACnC,QAAA,QAAQ,CAAC,aAAa,GAAG,aAAa,CAAC;AACvC,QAAA,QAAQ,CAAC,MAAM,GAAG,YAAY,CAAC;AAC/B,QAAA,QAAQ,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;AAE/C,QAAA,IAAI,QAAQ;AACR,YAAA,QAAQ,CAAC,QAAQ,GAAG,QAAQ,CAAC;AAEjC,QAAA,OAAO,QAAQ,CAAC;KACnB,CAAA;AAED;;;AAGG;IACI,kBAAoB,CAAA,oBAAA,GAA3B,UAA4B,MAAc,EAAA;QAEtC,IAAI,CAAC,MAAM,EAAE;AACT,YAAA,OAAO,KAAK,CAAC;AAChB,SAAA;AAED,QAAA,QACI,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC;AACtC,YAAA,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC;AACpC,YAAA,MAAM,CAAC,cAAc,CAAC,gBAAgB,CAAC;AACvC,YAAA,MAAM,CAAC,cAAc,CAAC,UAAU,CAAC;AACjC,YAAA,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC;YAC/B,MAAM,CAAC,gBAAgB,CAAC,KAAK,cAAc,CAAC,aAAa,EAC3D;KACL,CAAA;IACL,OAAC,kBAAA,CAAA;AAAD,CApDA,CAAwC,gBAAgB,CAoDvD;;;;"}
{"version":3,"file":"ThrottlingEntity.js","sources":["../../../src/cache/entities/ThrottlingEntity.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ThrottlingConstants } from \"../../utils/Constants\";\n\nexport class ThrottlingEntity {\n // Unix-time value representing the expiration of the throttle\n throttleTime: number;\n // Information provided by the server\n error?: string;\n errorCodes?: Array<string>;\n errorMessage?: string;\n subError?: string;\n\n /**\n * validates if a given cache entry is \"Throttling\", parses <key,value>\n * @param key\n * @param entity\n */\n static isThrottlingEntity(key: string, entity?: object): boolean {\n \n let validateKey: boolean = false;\n if (key) {\n validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;\n }\n \n let validateEntity: boolean = true;\n if (entity) {\n validateEntity = entity.hasOwnProperty(\"throttleTime\");\n }\n\n return validateKey && validateEntity;\n }\n}\n"],"names":[],"mappings":";;;;AAAA;;;AAGG;AAIH,IAAA,gBAAA,kBAAA,YAAA;AAAA,IAAA,SAAA,gBAAA,GAAA;KA4BC;AAnBG;;;;AAIG;AACI,IAAA,gBAAA,CAAA,kBAAkB,GAAzB,UAA0B,GAAW,EAAE,MAAe,EAAA;QAElD,IAAI,WAAW,GAAY,KAAK,CAAC;AACjC,QAAA,IAAI,GAAG,EAAE;YACL,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;AAC1E,SAAA;QAED,IAAI,cAAc,GAAY,IAAI,CAAC;AACnC,QAAA,IAAI,MAAM,EAAE;AACR,YAAA,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;AAC1D,SAAA;QAED,OAAO,WAAW,IAAI,cAAc,CAAC;KACxC,CAAA;IACL,OAAC,gBAAA,CAAA;AAAD,CAAC,EAAA;;;;"}
{"version":3,"file":"TokenCacheContext.js","sources":["../../../src/cache/persistence/TokenCacheContext.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ISerializableTokenCache } from \"../interface/ISerializableTokenCache\";\n\n/**\n * This class instance helps track the memory changes facilitating\n * decisions to read from and write to the persistent cache\n */export class TokenCacheContext {\n /**\n * boolean indicating cache change\n */\n hasChanged: boolean;\n /**\n * serializable token cache interface\n */\n cache: ISerializableTokenCache;\n\n constructor(tokenCache: ISerializableTokenCache, hasChanged: boolean) {\n this.cache = tokenCache;\n this.hasChanged = hasChanged;\n }\n\n /**\n * boolean which indicates the changes in cache\n */\n get cacheHasChanged(): boolean {\n return this.hasChanged;\n }\n\n /**\n * function to retrieve the token cache\n */\n get tokenCache(): ISerializableTokenCache {\n return this.cache;\n }\n}\n"],"names":[],"mappings":";;AAAA;;;AAGG;AAIH;;;IAGG,IAAA,iBAAA,kBAAA,YAAA;IAUC,SAAY,iBAAA,CAAA,UAAmC,EAAE,UAAmB,EAAA;AAChE,QAAA,IAAI,CAAC,KAAK,GAAG,UAAU,CAAC;AACxB,QAAA,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;KAChC;AAKD,IAAA,MAAA,CAAA,cAAA,CAAI,iBAAe,CAAA,SAAA,EAAA,iBAAA,EAAA;AAHnB;;AAEG;AACH,QAAA,GAAA,EAAA,YAAA;YACI,OAAO,IAAI,CAAC,UAAU,CAAC;SAC1B;;;AAAA,KAAA,CAAA,CAAA;AAKD,IAAA,MAAA,CAAA,cAAA,CAAI,iBAAU,CAAA,SAAA,EAAA,YAAA,EAAA;AAHd;;AAEG;AACH,QAAA,GAAA,EAAA,YAAA;YACI,OAAO,IAAI,CAAC,KAAK,CAAC;SACrB;;;AAAA,KAAA,CAAA,CAAA;IACL,OAAC,iBAAA,CAAA;AAAD,CAAC,EAAA;;;;"}
{"version":3,"file":"AuthorizationCodeClient.js","sources":["../../src/client/AuthorizationCodeClient.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { BaseClient } from \"./BaseClient\";\nimport { CommonAuthorizationUrlRequest } from \"../request/CommonAuthorizationUrlRequest\";\nimport { CommonAuthorizationCodeRequest } from \"../request/CommonAuthorizationCodeRequest\";\nimport { Authority } from \"../authority/Authority\";\nimport { RequestParameterBuilder } from \"../request/RequestParameterBuilder\";\nimport { GrantType, AuthenticationScheme, PromptValue, Separators, AADServerParamKeys, HeaderNames } from \"../utils/Constants\";\nimport { ClientConfiguration } from \"../config/ClientConfiguration\";\nimport { ServerAuthorizationTokenResponse } from \"../response/ServerAuthorizationTokenResponse\";\nimport { NetworkResponse } from \"../network/NetworkManager\";\nimport { ResponseHandler } from \"../response/ResponseHandler\";\nimport { AuthenticationResult } from \"../response/AuthenticationResult\";\nimport { StringUtils } from \"../utils/StringUtils\";\nimport { ClientAuthError } from \"../error/ClientAuthError\";\nimport { UrlString } from \"../url/UrlString\";\nimport { ServerAuthorizationCodeResponse } from \"../response/ServerAuthorizationCodeResponse\";\nimport { CommonEndSessionRequest } from \"../request/CommonEndSessionRequest\";\nimport { PopTokenGenerator } from \"../crypto/PopTokenGenerator\";\nimport { RequestThumbprint } from \"../network/RequestThumbprint\";\nimport { AuthorizationCodePayload } from \"../response/AuthorizationCodePayload\";\nimport { TimeUtils } from \"../utils/TimeUtils\";\nimport { AccountInfo } from \"../account/AccountInfo\";\nimport { buildClientInfoFromHomeAccountId, buildClientInfo } from \"../account/ClientInfo\";\nimport { CcsCredentialType, CcsCredential } from \"../account/CcsCredential\";\nimport { ClientConfigurationError } from \"../error/ClientConfigurationError\";\nimport { RequestValidator } from \"../request/RequestValidator\";\n\n/**\n * Oauth2.0 Authorization Code client\n */\nexport class AuthorizationCodeClient extends BaseClient {\n // Flag to indicate if client is for hybrid spa auth code redemption\n protected includeRedirectUri: boolean = true;\n\n constructor(configuration: ClientConfiguration) {\n super(configuration);\n }\n\n /**\n * Creates the URL of the authorization request letting the user input credentials and consent to the\n * application. The URL target the /authorize endpoint of the authority configured in the\n * application object.\n *\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\n * acquireToken(AuthorizationCodeRequest)\n * @param request\n */\n async getAuthCodeUrl(request: CommonAuthorizationUrlRequest): Promise<string> {\n const queryString = await this.createAuthCodeUrlQueryString(request);\n\n return UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString);\n }\n\n /**\n * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the\n * authorization_code_grant\n * @param request\n */\n async acquireToken(request: CommonAuthorizationCodeRequest, authCodePayload?: AuthorizationCodePayload): Promise<AuthenticationResult> {\n this.logger.info(\"in acquireToken call\");\n if (!request || StringUtils.isEmpty(request.code)) {\n throw ClientAuthError.createTokenRequestCannotBeMadeError();\n }\n\n const reqTimestamp = TimeUtils.nowSeconds();\n const response = await this.executeTokenRequest(this.authority, request);\n\n // Retrieve requestId from response headers\n const requestId = response.headers?.[HeaderNames.X_MS_REQUEST_ID];\n\n const responseHandler = new ResponseHandler(\n this.config.authOptions.clientId,\n this.cacheManager,\n this.cryptoUtils,\n this.logger,\n this.config.serializableCache,\n this.config.persistencePlugin\n );\n\n // Validate response. This function throws a server error if an error is returned by the server.\n responseHandler.validateTokenResponse(response.body);\n return await responseHandler.handleServerTokenResponse(\n response.body, \n this.authority, \n reqTimestamp, \n request, \n authCodePayload,\n undefined,\n undefined,\n undefined,\n requestId\n );\n }\n\n /**\n * Handles the hash fragment response from public client code request. Returns a code response used by\n * the client to exchange for a token in acquireToken.\n * @param hashFragment\n */\n handleFragmentResponse(hashFragment: string, cachedState: string): AuthorizationCodePayload {\n // Handle responses.\n const responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);\n\n // Deserialize hash fragment response parameters.\n const hashUrlString = new UrlString(hashFragment);\n // Deserialize hash fragment response parameters.\n const serverParams: ServerAuthorizationCodeResponse = UrlString.getDeserializedHash(hashUrlString.getHash());\n\n // Get code response\n responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState, this.cryptoUtils);\n\n // throw when there is no auth code in the response\n if (!serverParams.code) {\n throw ClientAuthError.createNoAuthCodeInServerResponseError();\n }\n return {\n ...serverParams,\n // Code param is optional in ServerAuthorizationCodeResponse but required in AuthorizationCodePaylod\n code: serverParams.code\n };\n }\n\n /**\n * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.\n * Default behaviour is to redirect the user to `window.location.href`.\n * @param authorityUri\n */\n getLogoutUri(logoutRequest: CommonEndSessionRequest): string {\n // Throw error if logoutRequest is null/undefined\n if (!logoutRequest) {\n throw ClientConfigurationError.createEmptyLogoutRequestError();\n }\n const queryString = this.createLogoutUrlQueryString(logoutRequest);\n\n // Construct logout URI\n return UrlString.appendQueryString(this.authority.endSessionEndpoint, queryString);\n }\n\n /**\n * Executes POST request to token endpoint\n * @param authority\n * @param request\n */\n private async executeTokenRequest(authority: Authority, request: CommonAuthorizationCodeRequest): Promise<NetworkResponse<ServerAuthorizationTokenResponse>> {\n const thumbprint: RequestThumbprint = {\n clientId: this.config.authOptions.clientId,\n authority: authority.canonicalAuthority,\n scopes: request.scopes,\n claims: request.claims,\n authenticationScheme: request.authenticationScheme,\n resourceRequestMethod: request.resourceRequestMethod,\n resourceRequestUri: request.resourceRequestUri,\n shrClaims: request.shrClaims,\n sshKid: request.sshKid\n };\n\n const requestBody = await this.createTokenRequestBody(request);\n const queryParameters = this.createTokenQueryParameters(request);\n let ccsCredential: CcsCredential | undefined = undefined;\n if (request.clientInfo) {\n try {\n const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils);\n ccsCredential = {\n credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`,\n type: CcsCredentialType.HOME_ACCOUNT_ID\n };\n } catch (e) {\n this.logger.verbose(\"Could not parse client info for CCS Header: \" + e);\n }\n }\n const headers: Record<string, string> = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential);\n const endpoint = StringUtils.isEmpty(queryParameters) ? authority.tokenEndpoint : `${authority.tokenEndpoint}?${queryParameters}`;\n\n return this.executePostToTokenEndpoint(endpoint, requestBody, headers, thumbprint);\n }\n\n /**\n * Creates query string for the /token request\n * @param request\n */\n private createTokenQueryParameters(request: CommonAuthorizationCodeRequest): string {\n const parameterBuilder = new RequestParameterBuilder();\n\n if (request.tokenQueryParameters) {\n parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);\n }\n\n return parameterBuilder.createQueryString();\n }\n\n /**\n * Generates a map for all the params to be sent to the service\n * @param request\n */\n private async createTokenRequestBody(request: CommonAuthorizationCodeRequest): Promise<string> {\n const parameterBuilder = new RequestParameterBuilder();\n\n parameterBuilder.addClientId(this.config.authOptions.clientId);\n\n /*\n * For hybrid spa flow, there will be a code but no verifier\n * In this scenario, don't include redirect uri as auth code will not be bound to redirect URI\n */\n if (!this.includeRedirectUri) {\n // Just validate\n RequestValidator.validateRedirectUri(request.redirectUri);\n } else {\n // Validate and include redirect uri\n parameterBuilder.addRedirectUri(request.redirectUri);\n }\n\n // Add scope array, parameter builder will add default scopes and dedupe\n parameterBuilder.addScopes(request.scopes);\n\n // add code: user set, not validated\n parameterBuilder.addAuthorizationCode(request.code);\n\n // Add library metadata\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\n parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);\n parameterBuilder.addThrottling();\n\n if (this.serverTelemetryManager) {\n parameterBuilder.addServerTelemetry(this.serverTelemetryManager);\n }\n\n // add code_verifier if passed\n if (request.codeVerifier) {\n parameterBuilder.addCodeVerifier(request.codeVerifier);\n }\n\n if (this.config.clientCredentials.clientSecret) {\n parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);\n }\n\n if (this.config.clientCredentials.clientAssertion) {\n const clientAssertion = this.config.clientCredentials.clientAssertion;\n parameterBuilder.addClientAssertion(clientAssertion.assertion);\n parameterBuilder.addClientAssertionType(clientAssertion.assertionType);\n }\n\n parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);\n parameterBuilder.addClientInfo();\n\n if (request.authenticationScheme === AuthenticationScheme.POP) {\n const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);\n const reqCnfData = await popTokenGenerator.generateCnf(request);\n // SPA PoP requires full Base64Url encoded req_cnf string (unhashed)\n parameterBuilder.addPopToken(reqCnfData.reqCnfString);\n } else if (request.authenticationScheme === AuthenticationScheme.SSH) {\n if(request.sshJwk) {\n parameterBuilder.addSshJwk(request.sshJwk);\n } else {\n throw ClientConfigurationError.createMissingSshJwkError();\n }\n }\n\n const correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();\n parameterBuilder.addCorrelationId(correlationId);\n\n if (!StringUtils.isEmptyObj(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) {\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\n }\n\n let ccsCred: CcsCredential | undefined = undefined;\n if (request.clientInfo) {\n try {\n const clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils);\n ccsCred = {\n credential: `${clientInfo.uid}${Separators.CLIENT_INFO_SEPARATOR}${clientInfo.utid}`,\n type: CcsCredentialType.HOME_ACCOUNT_ID\n };\n } catch (e) {\n this.logger.verbose(\"Could not parse client info for CCS Header: \" + e);\n }\n } else {\n ccsCred = request.ccsCredential;\n }\n\n // Adds these as parameters in the request instead of headers to prevent CORS preflight request\n if (this.config.systemOptions.preventCorsPreflight && ccsCred) {\n switch (ccsCred.type) {\n case CcsCredentialType.HOME_ACCOUNT_ID:\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);\n parameterBuilder.addCcsOid(clientInfo);\n } catch (e) {\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" + e);\n }\n break;\n case CcsCredentialType.UPN:\n parameterBuilder.addCcsUpn(ccsCred.credential);\n break;\n }\n }\n\n if (request.tokenBodyParameters) {\n parameterBuilder.addExtraQueryParameters(request.tokenBodyParameters);\n }\n\n // Add hybrid spa parameters if not already provided\n if (request.enableSpaAuthorizationCode && (!request.tokenBodyParameters || !request.tokenBodyParameters[AADServerParamKeys.RETURN_SPA_CODE])) {\n parameterBuilder.addExtraQueryParameters({\n [AADServerParamKeys.RETURN_SPA_CODE]: \"1\"\n });\n }\n\n return parameterBuilder.createQueryString();\n }\n\n /**\n * This API validates the `AuthorizationCodeUrlRequest` and creates a URL\n * @param request\n */\n private async createAuthCodeUrlQueryString(request: CommonAuthorizationUrlRequest): Promise<string> {\n const parameterBuilder = new RequestParameterBuilder();\n\n parameterBuilder.addClientId(this.config.authOptions.clientId);\n\n const requestScopes = [...request.scopes || [], ...request.extraScopesToConsent || []];\n parameterBuilder.addScopes(requestScopes);\n\n // validate the redirectUri (to be a non null value)\n parameterBuilder.addRedirectUri(request.redirectUri);\n\n // generate the correlationId if not set by the user and add\n const correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();\n parameterBuilder.addCorrelationId(correlationId);\n\n // add response_mode. If not passed in it defaults to query.\n parameterBuilder.addResponseMode(request.responseMode);\n\n // add response_type = code\n parameterBuilder.addResponseTypeCode();\n\n // add library info parameters\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\n parameterBuilder.addApplicationTelemetry(this.config.telemetry.application);\n\n // add client_info=1\n parameterBuilder.addClientInfo();\n\n if (request.codeChallenge && request.codeChallengeMethod) {\n parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);\n }\n\n if (request.prompt) {\n parameterBuilder.addPrompt(request.prompt);\n }\n\n if (request.domainHint) {\n parameterBuilder.addDomainHint(request.domainHint);\n }\n\n // Add sid or loginHint with preference for login_hint claim (in request) -> sid -> loginHint (upn/email) -> username of AccountInfo object\n if (request.prompt !== PromptValue.SELECT_ACCOUNT) {\n // AAD will throw if prompt=select_account is passed with an account hint\n if (request.sid && request.prompt === PromptValue.NONE) {\n // SessionID is only used in silent calls\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is none, adding sid from request\");\n parameterBuilder.addSid(request.sid);\n } else if (request.account) {\n const accountSid = this.extractAccountSid(request.account);\n const accountLoginHintClaim = this.extractLoginHint(request.account);\n // If login_hint claim is present, use it over sid/username\n if (accountLoginHintClaim) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: login_hint claim present on account\");\n parameterBuilder.addLoginHint(accountLoginHintClaim);\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\n parameterBuilder.addCcsOid(clientInfo);\n } catch (e) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header\");\n }\n } else if (accountSid && request.prompt === PromptValue.NONE) {\n /*\n * If account and loginHint are provided, we will check account first for sid before adding loginHint\n * SessionId is only used in silent calls\n */\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is none, adding sid from account\");\n parameterBuilder.addSid(accountSid);\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\n parameterBuilder.addCcsOid(clientInfo);\n } catch (e) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header\");\n }\n } else if (request.loginHint) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Adding login_hint from request\");\n parameterBuilder.addLoginHint(request.loginHint);\n parameterBuilder.addCcsUpn(request.loginHint);\n } else if (request.account.username) {\n // Fallback to account username if provided\n this.logger.verbose(\"createAuthCodeUrlQueryString: Adding login_hint from account\");\n parameterBuilder.addLoginHint(request.account.username);\n try {\n const clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\n parameterBuilder.addCcsOid(clientInfo);\n } catch (e) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Could not parse home account ID for CCS Header\");\n }\n }\n } else if (request.loginHint) {\n this.logger.verbose(\"createAuthCodeUrlQueryString: No account, adding login_hint from request\");\n parameterBuilder.addLoginHint(request.loginHint);\n parameterBuilder.addCcsUpn(request.loginHint);\n }\n } else {\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints\");\n }\n\n if (request.nonce) {\n parameterBuilder.addNonce(request.nonce);\n }\n\n if (request.state) {\n parameterBuilder.addState(request.state);\n }\n\n if (!StringUtils.isEmpty(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) {\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\n }\n\n if (request.extraQueryParameters) {\n parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);\n }\n\n if (request.nativeBroker) {\n // signal ests that this is a WAM call\n parameterBuilder.addNativeBroker();\n\n // pass the req_cnf for POP\n if (request.authenticationScheme === AuthenticationScheme.POP) {\n const popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);\n // to reduce the URL length, it is recommended to send the hash of the req_cnf instead of the whole string\n const reqCnfData = await popTokenGenerator.generateCnf(request);\n parameterBuilder.addPopToken(reqCnfData.reqCnfHash);\n }\n }\n\n return parameterBuilder.createQueryString();\n }\n\n /**\n * This API validates the `EndSessionRequest` and creates a URL\n * @param request\n */\n private createLogoutUrlQueryString(request: CommonEndSessionRequest): string {\n const parameterBuilder = new RequestParameterBuilder();\n\n if (request.postLogoutRedirectUri) {\n parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);\n }\n\n if (request.correlationId) {\n parameterBuilder.addCorrelationId(request.correlationId);\n }\n\n if (request.idTokenHint) {\n parameterBuilder.addIdTokenHint(request.idTokenHint);\n }\n\n if(request.state) {\n parameterBuilder.addState(request.state);\n }\n\n if (request.logoutHint) {\n parameterBuilder.addLogoutHint(request.logoutHint);\n }\n\n if (request.extraQueryParameters) {\n parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);\n }\n\n return parameterBuilder.createQueryString();\n }\n\n /**\n * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.\n * @param account\n */\n private extractAccountSid(account: AccountInfo): string | null {\n return account.idTokenClaims?.sid || null;\n }\n\n private extractLoginHint(account: AccountInfo): string | null {\n return account.idTokenClaims?.login_hint || null;\n }\n}\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA;;;AAGG;AA4BH;;AAEG;AACH,IAAA,uBAAA,kBAAA,UAAA,MAAA,EAAA;IAA6C,SAAU,CAAA,uBAAA,EAAA,MAAA,CAAA,CAAA;AAInD,IAAA,SAAA,uBAAA,CAAY,aAAkC,EAAA;QAA9C,IACI,KAAA,GAAA,MAAA,CAAA,IAAA,CAAA,IAAA,EAAM,aAAa,CAAC,IACvB,IAAA,CAAA;;QAJS,KAAkB,CAAA,kBAAA,GAAY,IAAI,CAAC;;KAI5C;AAED;;;;;;;;;AASG;IACG,uBAAc,CAAA,SAAA,CAAA,cAAA,GAApB,UAAqB,OAAsC,EAAA;;;;;AACnC,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,YAAM,IAAI,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAA,CAAA;;AAA9D,wBAAA,WAAW,GAAG,EAAgD,CAAA,IAAA,EAAA,CAAA;AAEpE,wBAAA,OAAA,CAAA,CAAA,aAAO,SAAS,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,qBAAqB,EAAE,WAAW,CAAC,CAAC,CAAA;;;;AACzF,KAAA,CAAA;AAED;;;;AAIG;AACG,IAAA,uBAAA,CAAA,SAAA,CAAA,YAAY,GAAlB,UAAmB,OAAuC,EAAE,eAA0C,EAAA;;;;;;;AAClG,wBAAA,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;wBACzC,IAAI,CAAC,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;AAC/C,4BAAA,MAAM,eAAe,CAAC,mCAAmC,EAAE,CAAC;AAC/D,yBAAA;AAEK,wBAAA,YAAY,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;wBAC3B,OAAM,CAAA,CAAA,YAAA,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA,CAAA;;AAAlE,wBAAA,QAAQ,GAAG,EAAuD,CAAA,IAAA,EAAA,CAAA;wBAGlE,SAAS,GAAA,CAAA,EAAA,GAAG,QAAQ,CAAC,OAAO,0CAAG,WAAW,CAAC,eAAe,CAAC,CAAC;AAE5D,wBAAA,eAAe,GAAG,IAAI,eAAe,CACvC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAChC,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAC7B,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAChC,CAAC;;AAGF,wBAAA,eAAe,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;wBAC9C,OAAM,CAAA,CAAA,YAAA,eAAe,CAAC,yBAAyB,CAClD,QAAQ,CAAC,IAAI,EACb,IAAI,CAAC,SAAS,EACd,YAAY,EACZ,OAAO,EACP,eAAe,EACf,SAAS,EACT,SAAS,EACT,SAAS,EACT,SAAS,CACZ,CAAA,CAAA;AAVD,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,aAAO,SAUN,CAAC,CAAA;;;;AACL,KAAA,CAAA;AAED;;;;AAIG;AACH,IAAA,uBAAA,CAAA,SAAA,CAAA,sBAAsB,GAAtB,UAAuB,YAAoB,EAAE,WAAmB,EAAA;;AAE5D,QAAA,IAAM,eAAe,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;;AAG5I,QAAA,IAAM,aAAa,GAAG,IAAI,SAAS,CAAC,YAAY,CAAC,CAAC;;QAElD,IAAM,YAAY,GAAoC,SAAS,CAAC,mBAAmB,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;;QAG7G,eAAe,CAAC,uCAAuC,CAAC,YAAY,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;;AAGrG,QAAA,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE;AACpB,YAAA,MAAM,eAAe,CAAC,qCAAqC,EAAE,CAAC;AACjE,SAAA;AACD,QAAA,OAAA,QAAA,CAAA,QAAA,CAAA,EAAA,EACO,YAAY,CAAA,EAAA;;AAEf,YAAA,IAAI,EAAE,YAAY,CAAC,IAAI,EACzB,CAAA,CAAA;KACL,CAAA;AAED;;;;AAIG;IACH,uBAAY,CAAA,SAAA,CAAA,YAAA,GAAZ,UAAa,aAAsC,EAAA;;QAE/C,IAAI,CAAC,aAAa,EAAE;AAChB,YAAA,MAAM,wBAAwB,CAAC,6BAA6B,EAAE,CAAC;AAClE,SAAA;QACD,IAAM,WAAW,GAAG,IAAI,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;;AAGnE,QAAA,OAAO,SAAS,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;KACtF,CAAA;AAED;;;;AAIG;AACW,IAAA,uBAAA,CAAA,SAAA,CAAA,mBAAmB,GAAjC,UAAkC,SAAoB,EAAE,OAAuC,EAAA;;;;;;AACrF,wBAAA,UAAU,GAAsB;AAClC,4BAAA,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ;4BAC1C,SAAS,EAAE,SAAS,CAAC,kBAAkB;4BACvC,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,MAAM,EAAE,OAAO,CAAC,MAAM;4BACtB,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;4BAClD,qBAAqB,EAAE,OAAO,CAAC,qBAAqB;4BACpD,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;4BAC9C,SAAS,EAAE,OAAO,CAAC,SAAS;4BAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;yBACzB,CAAC;AAEkB,wBAAA,OAAA,CAAA,CAAA,YAAM,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAA,CAAA;;AAAxD,wBAAA,WAAW,GAAG,EAA0C,CAAA,IAAA,EAAA,CAAA;AACxD,wBAAA,eAAe,GAAG,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;wBAC7D,aAAa,GAA8B,SAAS,CAAC;wBACzD,IAAI,OAAO,CAAC,UAAU,EAAE;4BACpB,IAAI;gCACM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;AACzE,gCAAA,aAAa,GAAG;AACZ,oCAAA,UAAU,EAAE,EAAA,GAAG,UAAU,CAAC,GAAG,GAAG,UAAU,CAAC,qBAAqB,GAAG,UAAU,CAAC,IAAM;oCACpF,IAAI,EAAE,iBAAiB,CAAC,eAAe;iCAC1C,CAAC;AACL,6BAAA;AAAC,4BAAA,OAAO,CAAC,EAAE;gCACR,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8CAA8C,GAAG,CAAC,CAAC,CAAC;AAC3E,6BAAA;AACJ,yBAAA;wBACK,OAAO,GAA2B,IAAI,CAAC,yBAAyB,CAAC,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC,CAAC;wBACzG,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,eAAe,CAAC,GAAG,SAAS,CAAC,aAAa,GAAM,SAAS,CAAC,aAAa,GAAI,GAAA,GAAA,eAAiB,CAAC;AAElI,wBAAA,OAAA,CAAA,CAAA,aAAO,IAAI,CAAC,0BAA0B,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC,CAAA;;;;AACtF,KAAA,CAAA;AAED;;;AAGG;IACK,uBAA0B,CAAA,SAAA,CAAA,0BAAA,GAAlC,UAAmC,OAAuC,EAAA;AACtE,QAAA,IAAM,gBAAgB,GAAG,IAAI,uBAAuB,EAAE,CAAC;QAEvD,IAAI,OAAO,CAAC,oBAAoB,EAAE;AAC9B,YAAA,gBAAgB,CAAC,uBAAuB,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1E,SAAA;AAED,QAAA,OAAO,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;KAC/C,CAAA;AAED;;;AAGG;IACW,uBAAsB,CAAA,SAAA,CAAA,sBAAA,GAApC,UAAqC,OAAuC,EAAA;;;;;;;AAClE,wBAAA,gBAAgB,GAAG,IAAI,uBAAuB,EAAE,CAAC;wBAEvD,gBAAgB,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;AAE/D;;;AAGG;AACH,wBAAA,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE;;AAE1B,4BAAA,gBAAgB,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AAC7D,yBAAA;AAAM,6BAAA;;AAEH,4BAAA,gBAAgB,CAAC,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AACxD,yBAAA;;AAGD,wBAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;;AAG3C,wBAAA,gBAAgB,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;;wBAGpD,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;wBACzD,gBAAgB,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;wBAC5E,gBAAgB,CAAC,aAAa,EAAE,CAAC;wBAEjC,IAAI,IAAI,CAAC,sBAAsB,EAAE;AAC7B,4BAAA,gBAAgB,CAAC,kBAAkB,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;AACpE,yBAAA;;wBAGD,IAAI,OAAO,CAAC,YAAY,EAAE;AACtB,4BAAA,gBAAgB,CAAC,eAAe,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;AAC1D,yBAAA;AAED,wBAAA,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,YAAY,EAAE;4BAC5C,gBAAgB,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAChF,yBAAA;AAED,wBAAA,IAAI,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,eAAe,EAAE;4BACzC,eAAe,GAAG,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,eAAe,CAAC;AACtE,4BAAA,gBAAgB,CAAC,kBAAkB,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;AAC/D,4BAAA,gBAAgB,CAAC,sBAAsB,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;AAC1E,yBAAA;AAED,wBAAA,gBAAgB,CAAC,YAAY,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;wBAClE,gBAAgB,CAAC,aAAa,EAAE,CAAC;8BAE7B,OAAO,CAAC,oBAAoB,KAAK,oBAAoB,CAAC,GAAG,CAAA,EAAzD,OAAyD,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;wBACnD,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAC/C,wBAAA,OAAA,CAAA,CAAA,YAAM,iBAAiB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA,CAAA;;AAAzD,wBAAA,UAAU,GAAG,EAA4C,CAAA,IAAA,EAAA,CAAA;;AAE/D,wBAAA,gBAAgB,CAAC,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;;;AACnD,wBAAA,IAAI,OAAO,CAAC,oBAAoB,KAAK,oBAAoB,CAAC,GAAG,EAAE;4BAClE,IAAG,OAAO,CAAC,MAAM,EAAE;AACf,gCAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAC9C,6BAAA;AAAM,iCAAA;AACH,gCAAA,MAAM,wBAAwB,CAAC,wBAAwB,EAAE,CAAC;AAC7D,6BAAA;AACJ,yBAAA;;;AAEK,wBAAA,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,EAAE,CAAC;AAC3F,wBAAA,gBAAgB,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;AAEjD,wBAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;AAChJ,4BAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;AAC1F,yBAAA;wBAEG,OAAO,GAA8B,SAAS,CAAC;wBACnD,IAAI,OAAO,CAAC,UAAU,EAAE;4BACpB,IAAI;gCACM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;AACzE,gCAAA,OAAO,GAAG;AACN,oCAAA,UAAU,EAAE,EAAA,GAAG,UAAU,CAAC,GAAG,GAAG,UAAU,CAAC,qBAAqB,GAAG,UAAU,CAAC,IAAM;oCACpF,IAAI,EAAE,iBAAiB,CAAC,eAAe;iCAC1C,CAAC;AACL,6BAAA;AAAC,4BAAA,OAAO,CAAC,EAAE;gCACR,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8CAA8C,GAAG,CAAC,CAAC,CAAC;AAC3E,6BAAA;AACJ,yBAAA;AAAM,6BAAA;AACH,4BAAA,OAAO,GAAG,OAAO,CAAC,aAAa,CAAC;AACnC,yBAAA;;wBAGD,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,oBAAoB,IAAI,OAAO,EAAE;4BAC3D,QAAQ,OAAO,CAAC,IAAI;gCAChB,KAAK,iBAAiB,CAAC,eAAe;oCAClC,IAAI;AACM,wCAAA,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AACxE,wCAAA,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;AAC1C,qCAAA;AAAC,oCAAA,OAAO,CAAC,EAAE;wCACR,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,kDAAkD,GAAG,CAAC,CAAC,CAAC;AAC/E,qCAAA;oCACD,MAAM;gCACV,KAAK,iBAAiB,CAAC,GAAG;AACtB,oCAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;oCAC/C,MAAM;AACb,6BAAA;AACJ,yBAAA;wBAED,IAAI,OAAO,CAAC,mBAAmB,EAAE;AAC7B,4BAAA,gBAAgB,CAAC,uBAAuB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;AACzE,yBAAA;;wBAGD,IAAI,OAAO,CAAC,0BAA0B,KAAK,CAAC,OAAO,CAAC,mBAAmB,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC,EAAE;AAC1I,4BAAA,gBAAgB,CAAC,uBAAuB,EAAA,EAAA,GAAA,EAAA;AACpC,gCAAA,EAAA,CAAC,kBAAkB,CAAC,eAAe,CAAA,GAAG,GAAG;oCAC3C,CAAC;AACN,yBAAA;AAED,wBAAA,OAAA,CAAA,CAAA,aAAO,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,CAAA;;;;AAC/C,KAAA,CAAA;AAED;;;AAGG;IACW,uBAA4B,CAAA,SAAA,CAAA,4BAAA,GAA1C,UAA2C,OAAsC,EAAA;;;;;;AACvE,wBAAA,gBAAgB,GAAG,IAAI,uBAAuB,EAAE,CAAC;wBAEvD,gBAAgB,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;AAEzD,wBAAA,aAAa,GAAO,cAAA,CAAA,OAAO,CAAC,MAAM,IAAI,EAAE,EAAK,OAAO,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;AACvF,wBAAA,gBAAgB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;;AAG1C,wBAAA,gBAAgB,CAAC,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AAG/C,wBAAA,aAAa,GAAG,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,aAAa,EAAE,CAAC;AAC3F,wBAAA,gBAAgB,CAAC,gBAAgB,CAAC,aAAa,CAAC,CAAC;;AAGjD,wBAAA,gBAAgB,CAAC,eAAe,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;;wBAGvD,gBAAgB,CAAC,mBAAmB,EAAE,CAAC;;wBAGvC,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;wBACzD,gBAAgB,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;;wBAG5E,gBAAgB,CAAC,aAAa,EAAE,CAAC;AAEjC,wBAAA,IAAI,OAAO,CAAC,aAAa,IAAI,OAAO,CAAC,mBAAmB,EAAE;4BACtD,gBAAgB,CAAC,sBAAsB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAC/F,yBAAA;wBAED,IAAI,OAAO,CAAC,MAAM,EAAE;AAChB,4BAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;AAC9C,yBAAA;wBAED,IAAI,OAAO,CAAC,UAAU,EAAE;AACpB,4BAAA,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AACtD,yBAAA;;AAGD,wBAAA,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,cAAc,EAAE;;4BAE/C,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,IAAI,EAAE;;AAEpD,gCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,uEAAuE,CAAC,CAAC;AAC7F,gCAAA,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AACxC,6BAAA;iCAAM,IAAI,OAAO,CAAC,OAAO,EAAE;gCAClB,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gCACrD,qBAAqB,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;;AAErE,gCAAA,IAAI,qBAAqB,EAAE;AACvB,oCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,mEAAmE,CAAC,CAAC;AACzF,oCAAA,gBAAgB,CAAC,YAAY,CAAC,qBAAqB,CAAC,CAAC;oCACrD,IAAI;wCACM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;AACnF,wCAAA,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;AAC1C,qCAAA;AAAC,oCAAA,OAAO,CAAC,EAAE;AACR,wCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8EAA8E,CAAC,CAAC;AACvG,qCAAA;AACJ,iCAAA;qCAAM,IAAI,UAAU,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,IAAI,EAAE;AAC1D;;;AAGG;AACH,oCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,uEAAuE,CAAC,CAAC;AAC7F,oCAAA,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;oCACpC,IAAI;wCACM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;AACnF,wCAAA,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;AAC1C,qCAAA;AAAC,oCAAA,OAAO,CAAC,EAAE;AACR,wCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8EAA8E,CAAC,CAAC;AACvG,qCAAA;AACJ,iCAAA;qCAAM,IAAI,OAAO,CAAC,SAAS,EAAE;AAC1B,oCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8DAA8D,CAAC,CAAC;AACpF,oCAAA,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AACjD,oCAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AACjD,iCAAA;AAAM,qCAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE;;AAEjC,oCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8DAA8D,CAAC,CAAC;oCACpF,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;oCACxD,IAAI;wCACM,UAAU,GAAG,gCAAgC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;AACnF,wCAAA,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;AAC1C,qCAAA;AAAC,oCAAA,OAAO,CAAC,EAAE;AACR,wCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8EAA8E,CAAC,CAAC;AACvG,qCAAA;AACJ,iCAAA;AACJ,6BAAA;iCAAM,IAAI,OAAO,CAAC,SAAS,EAAE;AAC1B,gCAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0EAA0E,CAAC,CAAC;AAChG,gCAAA,gBAAgB,CAAC,YAAY,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AACjD,gCAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AACjD,6BAAA;AACJ,yBAAA;AAAM,6BAAA;AACH,4BAAA,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,gFAAgF,CAAC,CAAC;AACzG,yBAAA;wBAED,IAAI,OAAO,CAAC,KAAK,EAAE;AACf,4BAAA,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC5C,yBAAA;wBAED,IAAI,OAAO,CAAC,KAAK,EAAE;AACf,4BAAA,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC5C,yBAAA;AAED,wBAAA,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;AAC7I,4BAAA,gBAAgB,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,CAAC;AAC1F,yBAAA;wBAED,IAAI,OAAO,CAAC,oBAAoB,EAAE;AAC9B,4BAAA,gBAAgB,CAAC,uBAAuB,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1E,yBAAA;6BAEG,OAAO,CAAC,YAAY,EAApB,OAAoB,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;;wBAEpB,gBAAgB,CAAC,eAAe,EAAE,CAAC;8BAG/B,OAAO,CAAC,oBAAoB,KAAK,oBAAoB,CAAC,GAAG,CAAA,EAAzD,OAAyD,CAAA,CAAA,YAAA,CAAA,CAAA,CAAA;wBACnD,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;AAE/C,wBAAA,OAAA,CAAA,CAAA,YAAM,iBAAiB,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA,CAAA;;AAAzD,wBAAA,UAAU,GAAG,EAA4C,CAAA,IAAA,EAAA,CAAA;AAC/D,wBAAA,gBAAgB,CAAC,WAAW,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;;AAI5D,oBAAA,KAAA,CAAA,EAAA,OAAA,CAAA,CAAA,aAAO,gBAAgB,CAAC,iBAAiB,EAAE,CAAC,CAAA;;;;AAC/C,KAAA,CAAA;AAED;;;AAGG;IACK,uBAA0B,CAAA,SAAA,CAAA,0BAAA,GAAlC,UAAmC,OAAgC,EAAA;AAC/D,QAAA,IAAM,gBAAgB,GAAG,IAAI,uBAAuB,EAAE,CAAC;QAEvD,IAAI,OAAO,CAAC,qBAAqB,EAAE;AAC/B,YAAA,gBAAgB,CAAC,wBAAwB,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAC5E,SAAA;QAED,IAAI,OAAO,CAAC,aAAa,EAAE;AACvB,YAAA,gBAAgB,CAAC,gBAAgB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;AAC5D,SAAA;QAED,IAAI,OAAO,CAAC,WAAW,EAAE;AACrB,YAAA,gBAAgB,CAAC,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;AACxD,SAAA;QAED,IAAG,OAAO,CAAC,KAAK,EAAE;AACd,YAAA,gBAAgB,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC5C,SAAA;QAED,IAAI,OAAO,CAAC,UAAU,EAAE;AACpB,YAAA,gBAAgB,CAAC,aAAa,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AACtD,SAAA;QAED,IAAI,OAAO,CAAC,oBAAoB,EAAE;AAC9B,YAAA,gBAAgB,CAAC,uBAAuB,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAC1E,SAAA;AAED,QAAA,OAAO,gBAAgB,CAAC,iBAAiB,EAAE,CAAC;KAC/C,CAAA;AAED;;;AAGG;IACK,uBAAiB,CAAA,SAAA,CAAA,iBAAA,GAAzB,UAA0B,OAAoB,EAAA;;QAC1C,OAAO,CAAA,CAAA,EAAA,GAAA,OAAO,CAAC,aAAa,0CAAE,GAAG,KAAI,IAAI,CAAC;KAC7C,CAAA;IAEO,uBAAgB,CAAA,SAAA,CAAA,gBAAA,GAAxB,UAAyB,OAAoB,EAAA;;QACzC,OAAO,CAAA,CAAA,EAAA,GAAA,OAAO,CAAC,aAAa,0CAAE,UAAU,KAAI,IAAI,CAAC;KACpD,CAAA;IACL,OAAC,uBAAA,CAAA;AAAD,CA3cA,CAA6C,UAAU,CA2ctD;;;;"}
