{"version":3,"file":"static/js/3610.59dd96aa.chunk.js","mappings":";0FAAA,IAAIA,EAAyB,oBAATC,KAAuBA,KAAOC,KAC9CC,EAAW,WACf,SAASC,IACTF,KAAKG,OAAQ,EACbH,KAAKI,aAAeN,EAAOM,YAC3B,CAEA,OADAF,EAAEG,UAAYP,EACP,IAAII,CACV,CAPc,IAQf,SAAUH,IAEO,SAAWO,GAE1B,IAAIC,EACY,oBAAqBR,EADjCQ,EAEQ,WAAYR,GAAQ,aAAcS,OAF1CD,EAIA,eAAgBR,GAChB,SAAUA,GACV,WACE,IAEE,OADA,IAAIU,MACG,CACT,CAAE,MAAOC,GACP,OAAO,CACT,CACD,CAPD,GANAH,EAcQ,aAAcR,EAdtBQ,EAeW,gBAAiBR,EAOhC,GAAIQ,EACF,IAAII,EAAc,CAChB,qBACA,sBACA,6BACA,sBACA,uBACA,sBACA,uBACA,wBACA,yBAGEC,EACFC,YAAYC,QACZ,SAASC,GACP,OAAOA,GAAOJ,EAAYK,QAAQC,OAAOZ,UAAUa,SAASC,KAAKJ,KAAS,CAC5E,EAGJ,SAASK,EAAcC,GAIrB,GAHoB,iBAATA,IACTA,EAAOC,OAAOD,IAEZ,4BAA4BE,KAAKF,GACnC,MAAM,IAAIG,UAAU,0CAEtB,OAAOH,EAAKI,aACd,CAEA,SAASC,EAAeC,GAItB,MAHqB,iBAAVA,IACTA,EAAQL,OAAOK,IAEVA,CACT,CAGA,SAASC,EAAYC,GACnB,IAAIC,EAAW,CACbC,KAAM,WACJ,IAAIJ,EAAQE,EAAMG,QAClB,MAAO,CAACC,UAAgBC,IAAVP,EAAqBA,MAAOA,EAC5C,GASF,OANIpB,IACFuB,EAAStB,OAAOsB,UAAY,WAC1B,OAAOA,CACT,GAGKA,CACT,CAEA,SAASK,EAAQC,GACfpC,KAAKqC,IAAM,CAAC,EAERD,aAAmBD,EACrBC,EAAQE,SAAQ,SAASX,EAAON,GAC9BrB,KAAKuC,OAAOlB,EAAMM,EACpB,GAAG3B,MACMwC,MAAMC,QAAQL,GACvBA,EAAQE,SAAQ,SAASI,GACvB1C,KAAKuC,OAAOG,EAAO,GAAIA,EAAO,GAChC,GAAG1C,MACMoC,GACTnB,OAAO0B,oBAAoBP,GAASE,SAAQ,SAASjB,GACnDrB,KAAKuC,OAAOlB,EAAMe,EAAQf,GAC5B,GAAGrB,KAEP,CA8DA,SAAS4C,EAASC,GAChB,GAAIA,EAAKC,SACP,OAAOC,QAAQC,OAAO,IAAIxB,UAAU,iBAEtCqB,EAAKC,UAAW,CAClB,CAEA,SAASG,EAAgBC,GACvB,OAAO,IAAIH,SAAQ,SAASI,EAASH,GACnCE,EAAOE,OAAS,WACdD,EAAQD,EAAOG,OACjB,EACAH,EAAOI,QAAU,WACfN,EAAOE,EAAOK,MAChB,CACF,GACF,CAEA,SAASC,EAAsBC,GAC7B,IAAIP,EAAS,IAAIQ,WACbC,EAAUV,EAAgBC,GAE9B,OADAA,EAAOU,kBAAkBH,GAClBE,CACT,CAmBA,SAASE,EAAYC,GACnB,GAAIA,EAAIC,MACN,OAAOD,EAAIC,MAAM,GAEjB,IAAIC,EAAO,IAAIC,WAAWH,EAAII,YAE9B,OADAF,EAAKG,IAAI,IAAIF,WAAWH,IACjBE,EAAKI,MAEhB,CAEA,SAASC,IA0FP,OAzFArE,KAAK8C,UAAW,EAEhB9C,KAAKsE,UAAY,SAASzB,GAhM5B,IAAoB9B,EAiMhBf,KAAKuE,UAAY1B,EACZA,EAEsB,iBAATA,EAChB7C,KAAKwE,UAAY3B,EACRtC,GAAgBE,KAAKJ,UAAUoE,cAAc5B,GACtD7C,KAAK0E,UAAY7B,EACRtC,GAAoBoE,SAAStE,UAAUoE,cAAc5B,GAC9D7C,KAAK4E,cAAgB/B,EACZtC,GAAwBsE,gBAAgBxE,UAAUoE,cAAc5B,GACzE7C,KAAKwE,UAAY3B,EAAK3B,WACbX,GAAuBA,IA5MlBQ,EA4M6C8B,IA3MjDiC,SAASzE,UAAUoE,cAAc1D,IA4M3Cf,KAAK+E,iBAAmBlB,EAAYhB,EAAKuB,QAEzCpE,KAAKuE,UAAY,IAAI9D,KAAK,CAACT,KAAK+E,oBACvBxE,IAAwBM,YAAYR,UAAUoE,cAAc5B,IAASjC,EAAkBiC,IAChG7C,KAAK+E,iBAAmBlB,EAAYhB,GAEpC7C,KAAKwE,UAAY3B,EAAO5B,OAAOZ,UAAUa,SAASC,KAAK0B,GAhBvD7C,KAAKwE,UAAY,GAmBdxE,KAAKoC,QAAQ4C,IAAI,kBACA,iBAATnC,EACT7C,KAAKoC,QAAQ+B,IAAI,eAAgB,4BACxBnE,KAAK0E,WAAa1E,KAAK0E,UAAUO,KAC1CjF,KAAKoC,QAAQ+B,IAAI,eAAgBnE,KAAK0E,UAAUO,MACvC1E,GAAwBsE,gBAAgBxE,UAAUoE,cAAc5B,IACzE7C,KAAKoC,QAAQ+B,IAAI,eAAgB,mDAGvC,EAEI5D,IACFP,KAAKyD,KAAO,WACV,IAAIyB,EAAWtC,EAAS5C,MACxB,GAAIkF,EACF,OAAOA,EAGT,GAAIlF,KAAK0E,UACP,OAAO3B,QAAQI,QAAQnD,KAAK0E,WACvB,GAAI1E,KAAK+E,iBACd,OAAOhC,QAAQI,QAAQ,IAAI1C,KAAK,CAACT,KAAK+E,oBACjC,GAAI/E,KAAK4E,cACd,MAAM,IAAIO,MAAM,wCAEhB,OAAOpC,QAAQI,QAAQ,IAAI1C,KAAK,CAACT,KAAKwE,YAE1C,EAEAxE,KAAKoF,YAAc,WACjB,OAAIpF,KAAK+E,iBACAnC,EAAS5C,OAAS+C,QAAQI,QAAQnD,KAAK+E,kBAEvC/E,KAAKyD,OAAO4B,KAAK7B,EAE5B,GAGFxD,KAAKsF,KAAO,WACV,IA3FoB7B,EAClBP,EACAS,EAyFEuB,EAAWtC,EAAS5C,MACxB,GAAIkF,EACF,OAAOA,EAGT,GAAIlF,KAAK0E,UACP,OAjGkBjB,EAiGIzD,KAAK0E,UA/F3Bf,EAAUV,EADVC,EAAS,IAAIQ,YAEjBR,EAAOqC,WAAW9B,GACXE,EA8FE,GAAI3D,KAAK+E,iBACd,OAAOhC,QAAQI,QA5FrB,SAA+BW,GAI7B,IAHA,IAAIE,EAAO,IAAIC,WAAWH,GACtB0B,EAAQ,IAAIhD,MAAMwB,EAAKyB,QAElBC,EAAI,EAAGA,EAAI1B,EAAKyB,OAAQC,IAC/BF,EAAME,GAAKpE,OAAOqE,aAAa3B,EAAK0B,IAEtC,OAAOF,EAAMI,KAAK,GACpB,CAoF6BC,CAAsB7F,KAAK+E,mBAC7C,GAAI/E,KAAK4E,cACd,MAAM,IAAIO,MAAM,wCAEhB,OAAOpC,QAAQI,QAAQnD,KAAKwE,UAEhC,EAEIjE,IACFP,KAAK8F,SAAW,WACd,OAAO9F,KAAKsF,OAAOD,KAAKU,EAC1B,GAGF/F,KAAKgG,KAAO,WACV,OAAOhG,KAAKsF,OAAOD,KAAKY,KAAKC,MAC/B,EAEOlG,IACT,CA3MAmC,EAAQ9B,UAAUkC,OAAS,SAASlB,EAAMM,GACxCN,EAAOD,EAAcC,GACrBM,EAAQD,EAAeC,GACvB,IAAIwE,EAAWnG,KAAKqC,IAAIhB,GACxBrB,KAAKqC,IAAIhB,GAAQ8E,EAAWA,EAAW,KAAOxE,EAAQA,CACxD,EAEAQ,EAAQ9B,UAAkB,OAAI,SAASgB,UAC9BrB,KAAKqC,IAAIjB,EAAcC,GAChC,EAEAc,EAAQ9B,UAAU2E,IAAM,SAAS3D,GAE/B,OADAA,EAAOD,EAAcC,GACdrB,KAAKoG,IAAI/E,GAAQrB,KAAKqC,IAAIhB,GAAQ,IAC3C,EAEAc,EAAQ9B,UAAU+F,IAAM,SAAS/E,GAC/B,OAAOrB,KAAKqC,IAAIgE,eAAejF,EAAcC,GAC/C,EAEAc,EAAQ9B,UAAU8D,IAAM,SAAS9C,EAAMM,GACrC3B,KAAKqC,IAAIjB,EAAcC,IAASK,EAAeC,EACjD,EAEAQ,EAAQ9B,UAAUiC,QAAU,SAASgE,EAAUC,GAC7C,IAAK,IAAIlF,KAAQrB,KAAKqC,IAChBrC,KAAKqC,IAAIgE,eAAehF,IAC1BiF,EAASnF,KAAKoF,EAASvG,KAAKqC,IAAIhB,GAAOA,EAAMrB,KAGnD,EAEAmC,EAAQ9B,UAAUmG,KAAO,WACvB,IAAI3E,EAAQ,GAIZ,OAHA7B,KAAKsC,SAAQ,SAASX,EAAON,GAC3BQ,EAAM4E,KAAKpF,EACb,IACOO,EAAYC,EACrB,EAEAM,EAAQ9B,UAAUqG,OAAS,WACzB,IAAI7E,EAAQ,GAIZ,OAHA7B,KAAKsC,SAAQ,SAASX,GACpBE,EAAM4E,KAAK9E,EACb,IACOC,EAAYC,EACrB,EAEAM,EAAQ9B,UAAUsG,QAAU,WAC1B,IAAI9E,EAAQ,GAIZ,OAHA7B,KAAKsC,SAAQ,SAASX,EAAON,GAC3BQ,EAAM4E,KAAK,CAACpF,EAAMM,GACpB,IACOC,EAAYC,EACrB,EAEItB,IACF4B,EAAQ9B,UAAUG,OAAOsB,UAAYK,EAAQ9B,UAAUsG,SAqJzD,IAAIC,EAAU,CAAC,SAAU,MAAO,OAAQ,UAAW,OAAQ,OAO3D,SAASC,EAAQC,EAAOC,GAEtB,IAPuBC,EACnBC,EAMApE,GADJkE,EAAUA,GAAW,CAAC,GACHlE,KAEnB,GAAIiE,aAAiBD,EAAS,CAC5B,GAAIC,EAAMhE,SACR,MAAM,IAAItB,UAAU,gBAEtBxB,KAAKkH,IAAMJ,EAAMI,IACjBlH,KAAKmH,YAAcL,EAAMK,YACpBJ,EAAQ3E,UACXpC,KAAKoC,QAAU,IAAID,EAAQ2E,EAAM1E,UAEnCpC,KAAKgH,OAASF,EAAME,OACpBhH,KAAKoH,KAAON,EAAMM,KAClBpH,KAAKqH,OAASP,EAAMO,OACfxE,GAA2B,MAAnBiE,EAAMvC,YACjB1B,EAAOiE,EAAMvC,UACbuC,EAAMhE,UAAW,EAErB,MACE9C,KAAKkH,IAAM5F,OAAOwF,GAYpB,GATA9G,KAAKmH,YAAcJ,EAAQI,aAAenH,KAAKmH,aAAe,eAC1DJ,EAAQ3E,SAAYpC,KAAKoC,UAC3BpC,KAAKoC,QAAU,IAAID,EAAQ4E,EAAQ3E,UAErCpC,KAAKgH,QAhCDC,GADmBD,EAiCOD,EAAQC,QAAUhH,KAAKgH,QAAU,OAhC1CM,cACdV,EAAQ5F,QAAQiG,IAAY,EAAIA,EAAUD,GAgCjDhH,KAAKoH,KAAOL,EAAQK,MAAQpH,KAAKoH,MAAQ,KACzCpH,KAAKqH,OAASN,EAAQM,QAAUrH,KAAKqH,OACrCrH,KAAKuH,SAAW,MAEK,QAAhBvH,KAAKgH,QAAoC,SAAhBhH,KAAKgH,SAAsBnE,EACvD,MAAM,IAAIrB,UAAU,6CAEtBxB,KAAKsE,UAAUzB,EACjB,CAMA,SAASkD,EAAOlD,GACd,IAAI2E,EAAO,IAAI7C,SAYf,OAXA9B,EACG4E,OACAC,MAAM,KACNpF,SAAQ,SAASqF,GAChB,GAAIA,EAAO,CACT,IAAID,EAAQC,EAAMD,MAAM,KACpBrG,EAAOqG,EAAM1F,QAAQ4F,QAAQ,MAAO,KACpCjG,EAAQ+F,EAAM9B,KAAK,KAAKgC,QAAQ,MAAO,KAC3CJ,EAAKjF,OAAOsF,mBAAmBxG,GAAOwG,mBAAmBlG,GAC3D,CACF,IACK6F,CACT,CAoBA,SAASM,EAASC,EAAUhB,GACrBA,IACHA,EAAU,CAAC,GAGb/G,KAAKiF,KAAO,UACZjF,KAAKgI,YAA4B9F,IAAnB6E,EAAQiB,OAAuB,IAAMjB,EAAQiB,OAC3DhI,KAAKiI,GAAKjI,KAAKgI,QAAU,KAAOhI,KAAKgI,OAAS,IAC9ChI,KAAKkI,WAAa,eAAgBnB,EAAUA,EAAQmB,WAAa,KACjElI,KAAKoC,QAAU,IAAID,EAAQ4E,EAAQ3E,SACnCpC,KAAKkH,IAAMH,EAAQG,KAAO,GAC1BlH,KAAKsE,UAAUyD,EACjB,CAlDAlB,EAAQxG,UAAU8H,MAAQ,WACxB,OAAO,IAAItB,EAAQ7G,KAAM,CAAC6C,KAAM7C,KAAKuE,WACvC,EAkCAF,EAAKlD,KAAK0F,EAAQxG,WAgBlBgE,EAAKlD,KAAK2G,EAASzH,WAEnByH,EAASzH,UAAU8H,MAAQ,WACzB,OAAO,IAAIL,EAAS9H,KAAKuE,UAAW,CAClCyD,OAAQhI,KAAKgI,OACbE,WAAYlI,KAAKkI,WACjB9F,QAAS,IAAID,EAAQnC,KAAKoC,SAC1B8E,IAAKlH,KAAKkH,KAEd,EAEAY,EAASvE,MAAQ,WACf,IAAI6E,EAAW,IAAIN,EAAS,KAAM,CAACE,OAAQ,EAAGE,WAAY,KAE1D,OADAE,EAASnD,KAAO,QACTmD,CACT,EAEA,IAAIC,EAAmB,CAAC,IAAK,IAAK,IAAK,IAAK,KAE5CP,EAASQ,SAAW,SAASpB,EAAKc,GAChC,IAA0C,IAAtCK,EAAiBrH,QAAQgH,GAC3B,MAAM,IAAIO,WAAW,uBAGvB,OAAO,IAAIT,EAAS,KAAM,CAACE,OAAQA,EAAQ5F,QAAS,CAACoG,SAAUtB,IACjE,EAEA5G,EAAQF,aAAeL,EAAKK,aAC5B,IACE,IAAIE,EAAQF,YACd,CAAE,MAAOqI,GACPnI,EAAQF,aAAe,SAASsI,EAASrH,GACvCrB,KAAK0I,QAAUA,EACf1I,KAAKqB,KAAOA,EACZ,IAAIkC,EAAQ4B,MAAMuD,GAClB1I,KAAK2I,MAAQpF,EAAMoF,KACrB,EACArI,EAAQF,aAAaC,UAAYY,OAAO2H,OAAOzD,MAAM9E,WACrDC,EAAQF,aAAaC,UAAUwI,YAAcvI,EAAQF,YACvD,CAEA,SAASD,EAAM2G,EAAOgC,GACpB,OAAO,IAAI/F,SAAQ,SAASI,EAASH,GACnC,IAAI+F,EAAU,IAAIlC,EAAQC,EAAOgC,GAEjC,GAAIC,EAAQ1B,QAAU0B,EAAQ1B,OAAO2B,QACnC,OAAOhG,EAAO,IAAI1C,EAAQF,aAAa,UAAW,eAGpD,IAAI6I,EAAM,IAAIC,eAEd,SAASC,IACPF,EAAIG,OACN,CAEAH,EAAI7F,OAAS,WACX,IAxFgBiG,EAChBjH,EAuFI2E,EAAU,CACZiB,OAAQiB,EAAIjB,OACZE,WAAYe,EAAIf,WAChB9F,SA3FciH,EA2FQJ,EAAIK,yBAA2B,GA1FvDlH,EAAU,IAAID,EAGQkH,EAAWzB,QAAQ,eAAgB,KACzCF,MAAM,SAASpF,SAAQ,SAASiH,GAClD,IAAIC,EAAQD,EAAK7B,MAAM,KACnB+B,EAAMD,EAAMxH,QAAQyF,OACxB,GAAIgC,EAAK,CACP,IAAI9H,EAAQ6H,EAAM5D,KAAK,KAAK6B,OAC5BrF,EAAQG,OAAOkH,EAAK9H,EACtB,CACF,IACOS,IAgFH2E,EAAQG,IAAM,gBAAiB+B,EAAMA,EAAIS,YAAc3C,EAAQ3E,QAAQ4C,IAAI,iBAC3E,IAAInC,EAAO,aAAcoG,EAAMA,EAAIb,SAAWa,EAAIU,aAClDxG,EAAQ,IAAI2E,EAASjF,EAAMkE,GAC7B,EAEAkC,EAAI3F,QAAU,WACZN,EAAO,IAAIxB,UAAU,0BACvB,EAEAyH,EAAIW,UAAY,WACd5G,EAAO,IAAIxB,UAAU,0BACvB,EAEAyH,EAAIY,QAAU,WACZ7G,EAAO,IAAI1C,EAAQF,aAAa,UAAW,cAC7C,EAEA6I,EAAIa,KAAKf,EAAQ/B,OAAQ+B,EAAQ7B,KAAK,GAEV,YAAxB6B,EAAQ5B,YACV8B,EAAIc,iBAAkB,EACW,SAAxBhB,EAAQ5B,cACjB8B,EAAIc,iBAAkB,GAGpB,iBAAkBd,GAAO1I,IAC3B0I,EAAIe,aAAe,QAGrBjB,EAAQ3G,QAAQE,SAAQ,SAASX,EAAON,GACtC4H,EAAIgB,iBAAiB5I,EAAMM,EAC7B,IAEIoH,EAAQ1B,SACV0B,EAAQ1B,OAAO6C,iBAAiB,QAASf,GAEzCF,EAAIkB,mBAAqB,WAEA,IAAnBlB,EAAImB,YACNrB,EAAQ1B,OAAOgD,oBAAoB,QAASlB,EAEhD,GAGFF,EAAIqB,UAAkC,IAAtBvB,EAAQxE,UAA4B,KAAOwE,EAAQxE,UACrE,GACF,CAEApE,EAAMoK,UAAW,EAEZxK,EAAKI,QACRJ,EAAKI,MAAQA,EACbJ,EAAKoC,QAAUA,EACfpC,EAAK8G,QAAUA,EACf9G,EAAK+H,SAAWA,GAGlBxH,EAAQ6B,QAAUA,EAClB7B,EAAQuG,QAAUA,EAClBvG,EAAQwH,SAAWA,EACnBxH,EAAQH,MAAQA,EAEhBc,OAAOuJ,eAAelK,EAAS,aAAc,CAAEqB,OAAO,GAIvD,CAhhBgB,CAghBd,CAAC,EACH,CAnhBD,CAmhBG1B,GACHA,EAASE,MAAMsK,UAAW,SAEnBxK,EAASE,MAAMoK,SAGtB,IAAIG,EAAMzK,GACVK,EAAUoK,EAAIvK,OACd,QAAkBuK,EAAIvK,MACtBG,EAAQH,MAAQuK,EAAIvK,MACpBG,EAAQ6B,QAAUuI,EAAIvI,QACtB7B,EAAQuG,QAAU6D,EAAI7D,QACtBvG,EAAQwH,SAAW4C,EAAI5C,SACvB6C,EAAOrK,QAAUA,mwOChfLsK,EAQAC,EAmDAC,OAsCN,SAAUC,EAAgBhK,GAC9B,OAAOA,IAAQA,EAAI0I,KAAO1I,EAAIiK,GAChC,UC/IgBC,IACd,MAAsB,oBAAXC,OACFA,OAAOC,QACc,oBAAZA,QACTA,aAEP,CAEJ,UAEgBC,IACd,IAAIC,EAAgBJ,IAGpB,OAAII,GAAiBA,EAAcC,IAC1BD,EAEF,CACLC,IAAK,WAAa,EAClBC,KAAM,WAAa,EACnBC,MAAO,WAAa,EACpBC,SAAU,WAAa,EAE3B,CAEM,SAAUF,EAAKjG,GAEnB8F,IAAaG,KAAK,yBAA2BjG,EAE/C,CAEM,SAAUoG,EAAUpG,GAExB8F,IAAaG,KAAK,gCAAkCjG,EAEtD,CAEgB,SAAAqG,EAAcrG,EAAMsG,GAClC,OAAO,WAEL,OADAF,EAAUpG,GACHsG,EAAGC,MAAM,KAAMC,UACxB,CACF,CC3CgB,SAAAC,EAAKH,EAAIlB,GACvB,IAAIsB,EAAiBxJ,MAAMnC,UAAU0D,MAAM5C,KAAK2K,UAAW,GAC3D,OAAO,WACL,IAAIG,EAAOzJ,MAAMnC,UAAU0D,MAAM5C,KAAK2K,WAEtC,OADAG,EAAOD,EAAeE,OAAOD,GACtBL,EAAGC,MAAMnB,EAAKuB,EACvB,CACF,UAGgBE,IAEd,IAAIC,EAAON,UAAU,GAWrB,MATe,GAAG/H,MAAM5C,KAAK2K,UAAW,GAC/BxJ,SAAQ,SAASvB,GACxB,IAAK,IAAIsL,KAAQtL,EAEXE,OAAOZ,UAAUgG,eAAelF,KAAKJ,EAAKsL,SAAuBnK,IAAdnB,EAAIsL,KACzDD,EAAKC,GAAQtL,EAAIsL,GAGvB,IACOD,CACT,CAEM,SAAUE,EAAWvL,GACzB,IAAIwL,EAAU,GACd,IAAK,IAAIF,KAAQtL,EACf,GAAIE,OAAOZ,UAAUgG,eAAelF,KAAKJ,EAAKsL,GAAO,CACnD,IAAI1K,EAAQZ,EAAIsL,GACZ1K,UACF4K,EAAQF,GAAQ1K,EAEnB,CAEH,OAAO4K,CACT,CAEM,SAAUpE,EAAMpH,GACpB,GAAIA,EAAK,CACP,IAAIyL,EAAMvG,KAAKwG,UAAU1L,GACzB,GAAIyL,EACF,OAAOvG,KAAKC,MAAMsG,EAErB,CACD,OAAOzL,CACT,UAGgB2L,EAAK3L,KAAQ4L,GAE3B,IAAIC,EAAS,GACb,IAAK,IAAIC,KAAK9L,EACRE,OAAOZ,UAAUgG,eAAelF,KAAKJ,EAAK8L,KAA2B,GAArBF,EAAM3L,QAAQ6L,KAChED,EAAOC,GAAK9L,EAAI8L,IAGpB,OAAO1E,EAAMyE,EACf,CAEgB,SAAAE,EAAKC,EAAYC,GAE/B,IADA,IAAIC,EAAIF,EAAWtH,OACZwH,KAAK,CACV,IAAIC,EAAOH,EAAWE,GAClBE,GAAQ,EACZ,IAAK,IAAId,KAAQW,EACf,GAAK/L,OAAOZ,UAAUgG,eAAelF,KAAK6L,EAAcX,IAGpDa,EAAKb,KAAUW,EAAaX,GAAO,CACrCc,GAAQ,EACR,KACD,CAEH,GAAIA,EACF,OAAOD,CAEV,CACH,UAEgBE,EAAQrM,EAAKsM,EAAUC,GACrC,GAAKvM,GAAQA,EAAIwM,OAAjB,CAIA,IAAIC,EAAOrF,EAAMpH,EAAIwM,OAAOF,IAG5B,OAAIG,GAAQA,EAAKnM,MAAQiM,EACnBE,EAAKnM,OAASiM,EACTE,OADT,EAIOA,CAVR,CAYH,CChGM,SAAUC,EAAejB,GAC7B,IAAIhD,EAAQgD,EAAIkB,MAAM,QAClBC,EAAUC,KAAKC,IAAIrE,EAAM,GAAIA,EAAM,GAAK,EAAGA,EAAM,GAAIA,EAAM,GAAIA,EAAM,GAAIA,EAAM,IAGnF,OAFc,IAAIoE,KAAKD,GAERG,aACjB,CAEM,SAAUC,EAAgBtI,GAG9B,IAFA,IACIuI,EAAS,GACJf,EAAI,EAA8BA,EAAIxH,IAAUwH,EACvDe,GAHkB,gEAGMC,KAAKC,MADVC,GACgBF,KAAKD,WAE1C,OAAOA,CACT,CAEM,SAAUI,EAAMC,GACpB,OAAO,IAAItL,SAAQ,SAASI,GAC1BmL,WAAWnL,EAASkL,EACtB,GACF,CAEgB,SAAAE,EAAO/B,EAAKgC,GAC1B,MAAMhF,EAAQgD,EAAI9E,MAAM8G,GACxB,MAAO,CACLhF,EAAM,GACNA,EAAMiF,OAAO,EAAGjF,EAAM/D,QAAQG,KAAK4I,GAEvC,CC7BM,SAAUE,EAAcxH,GAC5B,MAAO,uBAAuB3F,KAAK2F,EACrC,UAEgByH,EAAczH,EAAM,GAAI0H,GACtC,OAAIF,EAAcxH,GACTA,GAET0H,EAAUC,EAAoBD,GACZ,MAAX1H,EAAI,GAAa,GAAG0H,IAAU1H,IAAQ,GAAG0H,KAAW1H,IAC7D,UAEgB4H,EAAc5H,EAAM,GAAI0H,GAKtC,OAJIF,EAAcxH,KAChBA,EAAMA,EAAI6H,UAAUH,EAAQnJ,SAGZ,MAAXyB,EAAI,GAAaA,EAAM,IAAIA,GACpC,CAEM,SAAU8H,EAAcjO,GAC5B,IAAIyL,EAAM,GACV,GAAY,OAARzL,EACF,IAAK,IAAI0I,KAAO1I,EACVE,OAAOZ,UAAUgG,eAAelF,KAAKJ,EAAK0I,SAC7BvH,IAAbnB,EAAI0I,IACS,OAAb1I,EAAI0I,IACN+C,EAAI/F,KAAKgD,EAAM,IAAMwF,mBAAmBlO,EAAI0I,KAIlD,OAAI+C,EAAI/G,OACC,IAAM+G,EAAI5G,KAAK,KAEf,EAEX,CAEM,SAAUiJ,EAAoBK,GAClC,GAAKA,EAAL,CAIA,IAAIC,EAAUD,EAAKtH,QAAQ,cAAc,IAIzC,OAFUuH,EAAQvH,QAAQ,OAAQ,GAJjC,CAOH,kbJHA,SAAYgD,GACV,oBACA,oBACA,oBACA,sBACA,qBACD,CAND,CAAYA,IAAAA,EAMX,KAED,SAAYC,GACV,gCACA,0BACA,8BACA,oCACA,wCACA,4BACA,qBACD,CARD,CAAYA,IAAAA,EAQX,KA2CD,SAAYC,GACV,uCACA,gCACA,4BACA,iCACD,CALD,CAAYA,IAAAA,EAKX,KK7GoB,MAAAsE,UAAoBjK,MACvC,WAAA0D,CAAYH,GAEV2G,MAAM3G,GACNzH,OAAOqO,eAAetP,gBAAiBK,UACxC,ECFkB,MAAAkP,UAAqBH,EAQxC,WAAAvG,CAAY2G,EAAavG,GACvBoG,MAAMG,GACNxP,KAAKqB,KAAO,eACZrB,KAAKyP,UAAY,WACjBzP,KAAK0P,aAAeF,EACpBxP,KAAK2P,UAAY,WACjB3P,KAAK4P,QAAU,WACf5P,KAAK6P,YAAc,GACf5G,IACFjJ,KAAKiJ,IAAMA,EAEd,WCjBa6G,IACd,OAAO/B,EAAgB,GACzB,UAEgBgC,IACd,OAAOhC,EAAgB,GACzB,CAEA,SAASiC,EAAUC,EAA6BlJ,EAAsB,CAAC,GAErE,OADe8H,EAAoB9H,EAAQmJ,SAAWD,EAAIlJ,QAAQmJ,MAEpE,UAEgBC,EAAgBF,EAA6BlJ,EAAsB,CAAC,GAClF,MAAMmJ,EAASF,EAAUC,EAAKlJ,GAE9B,OADgBmJ,EAAOlP,QAAQ,WAAa,EAAIkP,EAASA,EAAS,SAEpE,UAEgBE,EAAeH,EAA6BlJ,EAAsB,CAAC,GAGjF,OAFeiJ,EAAUC,EAAKlJ,GACRW,MAAM,WAAW,EAEzC,CAEgB,SAAA2I,EAAaJ,EAA6BlJ,GACxD,GAAI+E,UAAUrG,OAAS,EACrB,MAAM,IAAI8J,EAAa,wEAKzB,IAAIe,EAAezB,GAHnB9H,EAAUA,GAAW,CAAC,GAGyBuJ,eAAiBL,EAAIlJ,QAAQuJ,aACxEJ,EAASF,EAAUC,EAAKlJ,GACxBwJ,EAAc1B,EAAoB9H,EAAQwJ,cAAgBN,EAAIlJ,QAAQwJ,YACtEC,EAAW3B,EAAoB9H,EAAQyJ,WAAaP,EAAIlJ,QAAQyJ,SAChEC,EAAY5B,EAAoB9H,EAAQ0J,YAAcR,EAAIlJ,QAAQ0J,UAClEC,EAAY7B,EAAoB9H,EAAQ2J,YAAcT,EAAIlJ,QAAQ2J,UAElE9B,EAAUuB,EAAgBF,EAAKlJ,GAQnC,MAAO,CACLmJ,OAAQA,EACRI,aARFA,EAAeA,GAAgB1B,EAAU,gBASvC2B,YARFA,EAAcA,GAAe3B,EAAU,eASrC4B,SARFA,EAAWA,GAAY5B,EAAU,YAS/B8B,UARFA,EAAYA,GAAa9B,EAAU,aASjC6B,UARFA,EAAYA,GAAa7B,EAAU,aAUrC,CCpEgB,SAAA+B,EACdV,EACAW,GAEA,MAEMC,EAAkC,CACtCX,OAHaD,EAAIlJ,QAAQmJ,OAIzBY,KAHWT,EAAaJ,EAAKW,GAI7BG,SAAUH,EAAYG,SACtBC,YAAaJ,EAAYI,YACzBhH,aAAc4G,EAAY5G,aAC1BiH,aAAcL,EAAYK,aAC1BC,OAAQN,EAAYM,OACpBC,MAAOP,EAAYO,MACnBC,MAAOR,EAAYQ,MACnBC,gBAAiBT,EAAYS,gBAC7BC,UAAWV,EAAYU,WAGzB,OAAyB,IAArBV,EAAYW,KAEPV,EAGK,+BACTA,GAAS,CACZW,aAAcZ,EAAYY,aAC1BC,oBAAqBb,EAAYa,oBACjCC,cAAed,EAAYc,eAI/B,KCQYC,mCAMN,SAAUC,EAAQ7Q,GACtB,SAAIA,IACCA,EAAI8Q,aAAe9Q,EAAI+Q,SAAW/Q,EAAIgR,eACvCvP,MAAMC,QAAQ1B,EAAImQ,QAIxB,CAEM,SAAUc,EAAcjR,GAC5B,OAAOA,GAAOA,EAAI8Q,WACpB,CAEM,SAAUI,EAAUlR,GACxB,OAAOA,GAAOA,EAAI+Q,OACpB,CAEM,SAAUI,EAAenR,GAC7B,OAAOA,GAAOA,EAAIgR,YACpB,CCpDOI,eAAeC,EACpBC,EACAtL,EAAqC,CAAC,GAEtC,MAAM6J,QAAoByB,EAAWC,MAAMC,mBAAmBxL,GACxDyL,EAAW7B,EAAgB0B,EAAYzB,GAC7C,IAAI,KACF6B,EAAO,UAAS,gBAChB1I,GAAkB,EAAI,gBACtB2I,EAA2B,cAC3BC,EAAyB,OACzBC,EAAkB,UAClBtB,GACE,OAAH,wBAAQe,EAAWtL,SAAYA,GAWhC,OATU,+BACLyL,GAAQ,CACXC,OACA1I,kBACA2I,kBACAC,gBACAC,SACAtB,aAGJ,CAEgB,SAAAuB,EACdR,EACAtL,GAEA,MAAM+L,EAAYC,EAAwBV,EAAYtL,GACtD,SAAI+L,aAAS,EAATA,EAAWE,kBAIjB,CAGgB,SAAAD,EACdV,EACAtL,GAIA,IAAI+L,EAFJ/L,EAAUuF,EAAWvF,GACrBA,EAAU,OAAH,wBAAQsL,EAAWtL,SAAYA,GAEtC,IACE+L,EAAYT,EAAWY,mBAAmBC,KAAKnM,EAChD,CAAC,MAAOrG,GAER,CAED,GAAKoS,EAIL,OAAIK,GAAuBL,EAAW/L,GAC7B+L,OAMTvH,EAAK,8HAGP,CAEO4G,eAAeiB,GACpBf,EACAtL,GAEAA,EAAUuF,EAAWvF,GAIrB,OAD0BgM,EAAwBV,EAFlDtL,EAAU,OAAH,wBAAQsL,EAAWtL,SAAYA,KAO/BqL,EAAsBC,EAAYtL,EAC3C,CAEgB,SAAAsM,GAAqBhB,EAAkCiB,GACrEjB,EAAWY,mBAAmBM,KAAKD,EAAM,CAAEE,aAAa,GAC1D,CAEM,SAAUC,GAAsBpB,GACpCA,EAAWY,mBAAmBS,OAChC,UAEgBP,GAAwBG,EAAMvM,EAAsC,CAAC,GAYnF,IAA8D,IAA1D4M,GAAiCL,EAAMvM,EAV9B,CACX,SACA,WACA,cACA,QACA,gBACA,sBACA,kBACA,kBAGA,OAAO,EAIT,MAAM,KAAE0L,GAAS1L,EACjB,OAAkD,IAA9C6M,GAA8BN,EAAMb,EAK1C,CAEgB,SAAAmB,GAA8BN,EAAMb,GAGlD,QAD2BA,GAAiB,YAATA,GAA+B,YAATA,IAEnDA,IAASa,EAAKb,IAMtB,UAEgBkB,GAAiCL,EAAMvM,EAASP,GAS9D,OANiBA,EAAKqN,MAAKpK,IACzB,MAAM9H,EAAQoF,EAAQ0C,GACtB,GAAI9H,GAASA,IAAU2R,EAAK7J,GAC1B,OAAO,CACR,GAGL,CChJM,SAAUqK,GAAS/S,GACvB,MAA+C,oBAAxCE,OAAOZ,UAAUa,SAASC,KAAKJ,EACxC,CAEM,SAAUgT,GAAShT,GACvB,MAA+C,oBAAxCE,OAAOZ,UAAUa,SAASC,KAAKJ,EACxC,CAEM,SAAUiT,GAASjT,GACvB,MAA+C,oBAAxCE,OAAOZ,UAAUa,SAASC,KAAKJ,EACxC,CAEM,SAAUkT,GAAWrI,GACzB,QAASA,GAA+B,sBAAzB,CAAE,EAAC1K,SAASC,KAAKyK,EAClC,CAEM,SAAUsI,GAAUnT,GACxB,OAAOA,GAAOA,EAAIoT,SAAmC,mBAAhBpT,EAAIoT,OAC3C,EFeA,SAAYxC,GACV,uBACA,eACA,wBACD,CAJD,CAAYA,IAAAA,EAIX,KGrCM,MAAMyC,GAAuB,iBACvBC,GAAwB,IACxBC,GAAyB,IACzBC,GAAyB,MACzBC,GAAqB,qBACrBC,GAAqB,qBACrBC,GAAoB,oBACpBC,GAA2B,2BAC3BC,GAAkC,kCAClCC,GAA4B,4BAC5BC,GAA4B,4BAC5BC,GAA2B,cAC3BC,GAAwB,UACxBC,GAA6B,eAC7BC,GAA4B,eAI5BC,GAAsB,GACtBC,GAAsB,IACtBC,GAAgC,OAEhCC,GAAkB,QClBV,MAAAC,WAAqBnG,EASxC,WAAAvG,CAAYJ,EAAeQ,EAAoBqK,GAE7CjE,MADgB5G,EAAIiH,cAGpB1P,KAAKqB,KAAO,eACZrB,KAAK0P,aAAejH,EAAIiH,aACxB1P,KAAKyP,UAAYhH,EAAIgH,UACrBzP,KAAK2P,UAAYlH,EAAIkH,UACrB3P,KAAK4P,QAAUnH,EAAImH,QACnB5P,KAAK6P,YAAcpH,EAAIoH,YAEnB5G,IACFjJ,KAAKiJ,IAAMA,GAGTqK,IACFtT,KAAKsT,KAAOA,EAEf,EC5BkB,MAAAkC,WAAmBpG,EAQtC,WAAAvG,CAAY4G,EAAmBgG,GAC7BpG,MAAMoG,GAENzV,KAAKqB,KAAO,aACZrB,KAAKyP,UAAYA,EACjBzP,KAAK0P,aAAe+F,EAGpBzV,KAAKuD,MAAQkM,EACbzP,KAAK0V,kBAAoBD,CAC1B,ECGH,MAkBME,GAAc,CAAC1F,EAA4B2F,aAC/C,IAAInN,EACAoN,EAAiC,GACrC,GAAID,EAAKjM,cAAgBmK,GAAS8B,EAAKjM,cACrC,IACEkM,EAAY5P,KAAKC,MAAM0P,EAAKjM,aAC7B,CAAC,MAAOjJ,GACPmV,EAAY,CACVnG,aAAc,gBAEjB,CAiBH,GAdIkG,EAAK5N,QAAU,MACjB6N,EAAUnG,aAAe,iBAGvBO,EAAIlJ,QAAQ+O,oBACdF,EAAO3F,EAAIlJ,QAAQ+O,kBAAkB3N,EAAMyN,KAI3CnN,EADEoN,EAAUtS,OAASsS,EAAUH,kBACzB,IAAIF,GAAWK,EAAUtS,MAAOsS,EAAUH,mBAE1C,IAAIH,GAAaM,EAAuBD,GAG3B,OAAjBA,aAAI,EAAJA,EAAM5N,UAAoC,QAAhB,EAAA4N,aAAA,EAAAA,EAAMxT,eAAU,oCAAqB,CACjE,MAAM,MACJmB,EAAK,kBAELmS,EAAiB,QAEjBK,EAAO,WAEPC,GArDuC,CAC3CtT,IAEA,IAAKA,EACH,MAAM,IAAI6M,EAAa,yBAGzB,OAAO7M,EACJgF,MAAM,KACNrF,KAAI4T,GAAQA,EAAKxO,SACjBpF,KAAI4T,GAAQA,EAAKvO,MAAM,OACvBwO,QAAO,CAACC,EAAKC,KAEZD,EAAIC,EAAK,IAAMA,EAAK,GAAGxO,QAAQ,WAAY,MACpCuO,IACN,CAAE,EAAoC,EAuCrCE,CAAkD,QAAb,EAAAT,aAAA,EAAAA,EAAMxT,eAAO,eAAG,qBAC3C,wCAAVmB,IACFkF,EAAM,IAAI8M,GACR,CACE7F,aAAcnM,EAEdsM,YAAa,CAAC,CAAEH,aAAcgG,KAEhCE,EAAI,eAGFG,SAAUA,GAENC,GAAc,CAAEA,gBAI3B,CAED,OAAOvN,CAAG,EAGI,SAAA6N,GAAYrG,EAA4BlJ,GAGtD,GAFAA,EAAUA,GAAW,CAAC,EAElBkJ,EAAIlJ,QAAQwP,wBACd,IAAK,MAAMC,KAAevG,EAAIlJ,QAAQwP,wBACpCC,EAAYzP,GAIhB,IAAIG,EAAMH,EAAQG,IACdF,EAASD,EAAQC,OACjBiF,EAAOlF,EAAQkF,KACfwK,EAAiB1P,EAAQ0P,eACzB5E,EAAc9K,EAAQ8K,YACtB9H,GAA8C,IAA5BhD,EAAQgD,gBAE1B2M,EADczG,EAAIlJ,QAAQ4P,YACHD,QACvBE,EAAY3G,EAAI4G,eAAeC,aAAa7G,EAAIlJ,QAAQgQ,SAE5D,GAAIhQ,EAAQiQ,cAAe,CACzB,IACIC,EADgBL,EAAUM,aACKhQ,GACnC,GAAI+P,GAAkBrJ,KAAKuJ,MAAM,IAAOF,EAAeG,UACrD,OAAOrU,QAAQI,QAAQ8T,EAAe7O,SAEzC,CAED,IAAIiP,EAAsBpH,EAAIqH,eAAeC,gBACzCnV,EAAO,eACT,OAAU,mBACV,eAAgB,oBACbiV,GAELpW,OAAOuW,OAAOpV,EAAS6N,EAAIlJ,QAAQ3E,QAAS2E,EAAQ3E,SACpDA,EAAUkK,EAAWlK,GAEjByP,GAAeiC,GAASjC,KAC1BzP,EAAuB,cAAI,UAAYyP,GAGzC,IAMIpJ,EAAKgP,EANLC,EAA4B,CAC9BtV,UACAuV,KAAM1L,QAAQ/J,EACd6H,mBAIF,OAAOkG,EAAIlJ,QAAQ6Q,kBAAmB5Q,EAASE,EAAMwQ,GAClDrS,MAAK,SAASuQ,GAgCb,OA/BA6B,EAAM7B,EAAKjM,eACAmK,GAAS2D,KAClBA,EAAMxR,KAAKC,MAAMuR,KACS,iBAARA,IAAqBA,EAAIrV,UACrCI,MAAMC,QAAQgV,GAChBA,EAAInV,SAAQ4K,IACVA,EAAK9K,QAAUwT,EAAKxT,OAAO,IAG7BqV,EAAIrV,QAAUwT,EAAKxT,SAKrBqU,IACGgB,EAAII,YACPnB,EAAQoB,OAAO1D,KAIfqD,GAAOA,EAAII,YAAcJ,EAAIL,WAC/BV,EAAQvS,IAAIiQ,GAAsBqD,EAAII,WAAYJ,EAAIL,UAAWnH,EAAIlJ,QAAQgQ,SAG3EU,GAAO1Q,EAAQiQ,eACjBJ,EAAUmB,cAAc7Q,EAAM,CAC5BkQ,UAAWnJ,KAAKC,MAAMN,KAAKuJ,MAAM,KAAQ5C,GACzCnM,SAAUqP,IAIPA,CACT,IACCO,OAAM,SAASpC,GAOd,KAJsB,cAFtBnN,EAAMkN,GAAY1F,EAAK2F,IAEfnG,WACNiH,EAAQoB,OAAO1D,IAGX3L,CACR,GACJ,UAEgBzD,GAAIiL,EAA4B/I,EAAaH,GAE3D,IAAIkR,EAAa,CACf/Q,IAFFA,EAAMwH,EAAcxH,GAAOA,EAAM+I,EAAIiI,kBAAoBhR,EAGvDF,OAAQ,OAGV,OADA/F,OAAOuW,OAAOS,EAAYlR,GACnBuP,GAAYrG,EAAKgI,EAC1B,CAEM,SAAUE,GAAKlI,EAA4B/I,EAAa+E,EAAoBlF,GAEhF,IAAIqR,EAAc,CAChBlR,IAFFA,EAAMwH,EAAcxH,GAAOA,EAAM+I,EAAIiI,kBAAoBhR,EAGvDF,OAAQ,OACRiF,KAAMA,EACNwK,gBAAgB,GAGlB,OADAxV,OAAOuW,OAAOY,EAAarR,GACpBuP,GAAYrG,EAAKmI,EAC1B,CC5LA,SAASC,GAAY/E,GACnB,MAAO,CACLA,OACAN,kBAAmBM,EAAKN,kBACxB7B,MAAOmC,EAAKnC,MAEhB,CAGOgB,eAAemG,GACpBjG,EACAtL,EAA2B,CAAC,GAI5B,IAAIuM,EAAOP,EAAwBV,EAFnCtL,EAAUuF,EAAWvF,IAKrB,GAAIuM,aAAI,EAAJA,EAAMN,kBACR,OAAOqF,GAAY/E,GAIrBA,QAAalB,EAAsBC,EAAU,+BAAOiB,GAASvM,IAC7D,MAAM6H,EAAUuB,EAAgBkC,GAChC,IAAI,SACFtB,EAAQ,YACRC,EAAW,MACXG,EAAK,OACLD,EAAM,gBACNnH,EAAe,cACf2H,EAAa,oBACbD,EAAmB,gBACnBiB,EAAe,cACfC,EAAa,OACbC,EAAM,UACNtB,EAAS,MACTF,GACEkC,EACJ,MAAMiF,EAAexR,EAAQwR,cAAgBlG,EAAWtL,QAAQwR,aAChExO,EAAkBA,SAAAA,EAGlB,MAAM7C,EAAM,GAAG0H,gBACT4J,EAAS,qFACbC,UAAW1H,EACX2H,MAAOxH,EAAQtL,KAAK,KACpB+S,aAAc3H,EACd4H,eAAgBlH,EAChBmH,sBAAuBpH,EACvBN,SACIuB,GAAmB,CAAEoG,iBAAkBpG,IACvCC,GAAiB,CAAEoG,eAAgBpG,IAInC4F,GAAgB,CAAES,cAAeT,IACjC3F,GAAU,CAAEmD,QAASnD,IACrBtB,GAAa,CAAE0E,WAAY1E,IAC3BF,GAAS,CAAEA,UAeX4B,SAPasD,GAAYjE,EAAY,CACzCrL,OAAQ,OACRE,MACA9E,QAPc,CACd,eAAgB,qCAOhB2H,kBACAkC,KAAMuM,KAEuBS,mBAEzBC,EAAO,+BACR5F,GAAI,CACPN,oBAGAjJ,kBACAoH,QACAD,SACAyB,gBACAD,oBAKF,OAFAW,GAAoBhB,EAAY6G,GAEzBb,GAAYa,EACrB,6UClHA,MAAMC,GAAiB,SAAwBC,GAE7C,OAA2B,IAAlBA,EAAMC,OACjB,EAEMC,GAAuC,SAA+CC,WAC1F,MAAMC,EAAyB,GACzBC,EAAwB,GACxBC,EAA2B,GAIjC,IAAKH,EAAO5X,MAEV,OADA8X,EAAsBhT,KAAK8S,GACpB,CAAEC,yBAAwBC,wBAAuBC,4BAG1D,IAAM,IAAIN,KAASG,EAAO5X,MAEnBwX,GAAgBC,IAEnBK,EAAsBhT,KAAK2S,GAEX,QAAX,EAAAA,EAAMzX,aAAK,WACd6X,EAAuBJ,EAAM/X,MAAQ+X,EAAMzX,QAI7C+X,EAAyBN,EAAM/X,MAAuB,QAAf,EAAA+X,EAAMzX,aAAS,WAG1D,MAAO,CAAE6X,yBAAwBC,wBAAuBC,2BAC1D,EC3BMC,GAAsB,SAA6BtH,GAAkC,iBACzFuH,EAAgB,uBAChBJ,EAAyB,CAAE,2BAC3BE,EAA2B,GAAE,UAC7BG,EAAY,CAAkB,IAE9B,MAAMC,EAASF,EAAiBG,KAChC,OAAO5H,eAAeqG,EAA0B,CAAC,SAC/C,MAAMpW,EAAU,CACd,eAAgB,mBAChB,OAAUwX,EAAiBI,SAAW,wBAElCnX,EAAOoD,KAAKwG,UAAU,OAAD,sCACtB+M,GACAhB,GACAkB,IAGL,IACE,MAAMtR,QAAiBkO,GAAYjE,EAAY,CAC7CnL,IAAK4S,EACL9S,OAAQ4S,EAAiB5S,OACzB5E,UACA6J,KAAMpJ,EACNkH,gBAA2C,QAA1B,EAAA8P,aAAS,EAATA,EAAW9P,uBAAe,WAG7C,OAAOsI,EAAW4H,IAAIC,gBAAe,iBAAM9R,GAAYyR,GAAW,EACnE,CACD,MAAOpR,GACL,KAAMA,aAAe8M,KAAkB9M,aAAG,EAAHA,EAAKQ,MAC1C,MAAMR,EAGR,MAAML,EAAWK,EAAIQ,IACfkR,EAAU/R,EAASgS,cAAgBnU,KAAKC,MAAMkC,EAASuB,cACvD0Q,EAAgBjS,EAAShG,QAAQ,qBAAuBgG,EAAShG,QAAQ,oBAEzEkY,EAAcjI,EAAW4H,IAAIC,gBAAqB,iBAAAC,GAAWN,GAAW,GAS9E,OARwB,MAApBzR,EAASJ,QAAoC,sCAAlBqS,IAK7BC,EAAYC,QAAS,GAGhBD,CACR,CACH,CACF,EAmBME,GAAoB,SAA4BnI,EAAkCuH,EAAkBC,GAGxG,MAAMY,EAAYd,IACZ,cAAEe,EAAa,aAAEC,EAAY,gBAAEC,GD5CO,SAAyCC,GAErFA,EAAarY,MAAMC,QAAQoY,GAAcA,EAAa,CAAEA,GACxD,MAAMF,EAAe,GACfD,EAAgB,GAChBE,EAAkB,GAExB,IAAM,IAAIrB,KAAUsB,EAAa,CAC/B,MAAM,uBACJrB,EAAsB,sBACtBC,EAAqB,yBACrBC,GACEJ,GAAqCC,GACzCoB,EAAalU,KAAKgT,GAClBiB,EAAcnB,EAAOlY,MAAQmY,EAC7BoB,EAAgBrB,EAAOlY,MAAQqY,CAChC,CAED,MAAO,CAAEgB,gBAAeC,eAAcC,kBACxC,CCyB2DE,CAAgClB,GAEnFL,EAASkB,EAAUpI,EAAY,CACnCuH,mBACAJ,uBAAwBkB,EAAcd,EAAiBvY,MACvDqY,yBAA0BkB,EAAgBhB,EAAiBvY,MAC3DwY,cAGF,OADAN,EAAOoB,aAAeA,EACfpB,CACT,kBCjFA,MAAMwB,GAAc9Z,OAAO+Z,YAAY,CACrC,cACA,WACA3Y,KAAM+W,GAAU,CAAEA,GAAO,MAiDrB6B,GAAkB,CAACX,EAAa3Y,KACpCV,OAAOuF,KAAK7E,GAAOW,SAAQ4Y,IACzB,GAAU,cAANA,EAAmB,CACrB,MAAMC,EAAQ3Y,MAAMC,QAAQd,EAAMuZ,IAAMvZ,EAAMuZ,GAAG,GAAKvZ,EAAMuZ,GAC5D,GAAqB,iBAAVC,EAAoB,CAC7B,MAAM9X,GC5EW0D,ED4EO,CAAEmI,KAAMiM,EAAOnV,KAAMsU,IC1E5C,QAAS,OAAD,QAEhBc,aAAa,GAASrU,KDwE6C,GAC5D,GAAI1D,EAEF,YADA1B,EAAMuZ,GAAK7X,GAGX,MAAM,IAAIkM,EAAa,6BAA6B4L,IAEvD,CACF,CCpFC,IAAmBpU,EDqFjBvE,MAAMC,QAAQd,EAAMuZ,KACtBvZ,EAAMuZ,GAAG5Y,SAAQ+Y,GAAcJ,GAAgBX,EAAae,IAC7D,GACD,EAiBSC,GAAmB,SAA2BjJ,EAAkCiI,EAAaT,EAAY,UAKpH,MAAM0B,GAA2C,QAAzB,EAAAjB,EAAYkB,mBAAa,eAAA7Z,QAAS,GAE1D4Z,EAAgBjZ,SACdkZ,UAEE,GAAyB,yBAArBA,EAAYna,MACkB,4BAAP,QAAzB,EAAAma,aAAA,EAAAA,EAAaC,iBAAY,qBACxBnB,aAAW,EAAXA,EAAaoB,wBAMhB,OAAOT,GAAgBX,EAAakB,UAJ3BA,EAAYC,SAI2B,IAIpD,MAAME,EAAeJ,EAAgBlZ,KAAImZ,GApCV,EAACnJ,EAAkCmJ,EAAa3B,KAE/E,GAAI2B,EAAYI,IAAK,CACnB,MAAMC,EE/EkC,SAC1CxJ,EACAyJ,EACAjC,EAAY,IAEZ,OAAO5Y,OAAO+Z,YAAac,EAAiBzZ,KAAKmZ,GACxC,CACLA,EAAYna,KACZmZ,GAAkBnI,EAAYmJ,EAAa3B,MAGjD,CFoE+BkC,CAA8B1J,EAAY,CAACmJ,GAAc3B,GAC9EmC,EAAWH,EAAmBL,EAAYna,MAChD,sCACKma,GAAW,CACdjC,OAAQyC,GAEX,CAED,OAAOR,CAAW,EAyBsCS,CAA0B5J,EAAYmJ,EAAa3B,MAErG,QAAEqC,EAAO,QAAEC,GAzGiB,SAA+B9J,EAAkCiI,EAAaT,EAAY,IAC5H,MAAMsC,EAAU,GACVD,EAAU,GA0ChB,OAxCAjb,OAAOuF,KAAK8T,GACT8B,QAAQhD,IAAU2B,GAAY3B,KAC9B9W,SAAS8W,IAGR,GAFoD,iBAAvBkB,EAAYlB,KAAyBkB,EAAYlB,GAK5E,YADA8C,EAAQ9C,GAASkB,EAAYlB,IAI/B,GAAKkB,EAAYlB,GAAOwC,IAGtB,YADAO,EAAQ7B,EAAYlB,GAAO/X,MAAQmZ,GAAkBnI,EAAYiI,EAAYlB,GAAQS,IAIvF,MAAM,EAAsCS,EAAYlB,IAAhDzX,MAAO0a,EAAU,KAAEpX,GAAmC,EAA1BqX,EAA9B,uBACNJ,EAAQ9C,GAAW,eAAAnU,QAASqX,GAEd,WAATrX,GAOLiX,EAAQ9C,GAAOzX,MAAQ,CAAC,EACxBV,OAAO0F,QAAQ0V,GACZ/Z,SAAS,EAAEia,EAAU5a,MAChBA,EAAMia,IAERO,EAAQ,GAAG/C,KAASmD,EAASlb,MAAQkb,KAAc/B,GAAkBnI,EAAY1Q,EAAOkY,GAGxFqC,EAAQ9C,GAAOzX,MAAM4a,GAAY5a,CAClC,KAdHua,EAAQ9C,GAAOzX,MAAQ0a,CAerB,IAGD,CAAEH,UAASC,UACpB,CA4D+BK,CAAsBnK,EAAYiI,EAAaT,GAE5E,MAAO,CACL8B,eACAO,UACAC,UAEJ,EG1HA,IAAe,IACbM,aCDI,SACJpK,EACAiI,EACAT,EACA6C,aAEA,MAAMC,EAAkBrC,GAClB,aAAEqB,EAAY,QAAEO,EAAO,QAAEC,GAAYb,GAAkBjJ,EAAYiI,EAAaT,GA0BtF,MAAO,CACL+C,QAxBsCzK,eAAgB0K,EAAmBC,EAAiB,IAO1F,MAAMC,EAA0BpB,EAAa7O,MAAM0O,GAAgBA,EAAYna,OAASwb,IACxF,OAAME,EAKkB,mBADPA,EAAwBxD,OAEhCxW,QAAQC,OAAO,wDAAwD6Z,MAGzEE,EAAwBxD,OAAOuD,GAR7B/Z,QAAQC,OAAO,gCAAgC6Z,KAS1D,EAOEG,gBA3BsB,IAAIrB,GA4B1BQ,UACAD,UACAe,YAAaN,EACbO,gBARwF,QAAlE,EAAgD,QAAhD,EAA2C,QAA3C,EAAAP,EAAeQ,kCAA4B,eAAAxb,aAAK,eAAEmL,MADzDI,GAAsB,qBAAdA,EAAK7L,cAC4D,eAAEM,MAS1FkY,YACA6C,oBAEJ,GCrDa,MAAAU,GAAoB,SAA4BC,GAC3D,OAAQA,GACN,IAAK,QACH,OAAOC,GACT,UAAKpb,EACL,KAAK,KACH,MAAM,IAAIiD,MAAM,2BAClB,QACE,MAAM,IAAIA,MAAM,wBAAwBkY,oCAE9C,EAEM,SAAUE,GAAsBF,GACpC,IAAMA,EACJ,MAAM,IAAIlY,MAAM,uBAIlB,IADsBkY,QAAAA,EAAW,IAAIzV,QAAQ,kBAAmB,MAC1CyV,IAAYA,EAChC,MAAM,IAAIlY,MAAM,yEAGlBiY,GAAkBC,EACpB,CAEM,SAAU,GACdhL,EACAsK,EACA9C,EACA6C,SAEA,MAAMW,EAAqC,QAA3B,EAAAV,aAAA,EAAAA,EAAgBU,eAAW,QAAA/H,GAC3CiI,GAAsBF,GAEtB,MAAM,aAAEZ,GAAiBW,GAAkBC,GAC3C,OAAOZ,EAAapK,EAAYsK,EAAgB9C,EAAW6C,EAC7D,CCiMM,SAAUc,GAAiBzc,GAC/B,OAAOA,GAAOA,EAAIsc,OACpB,CC3NA,SAASI,GAAe1c,GACtB,OAAQA,aAAewU,EACzB,CAEA,SAASmI,GAAa3c,GACpB,OAAQA,aAAeyU,EACzB,CCHOrD,eAAewL,GACpBtL,EACAtL,EAA6B,CAAC,SAE9B,IAAI4V,EACAD,EAGJ,MAAMkB,EAAmBvL,EAAWY,mBAAmB4K,gBAAgB9W,GAOvE,GANI6W,IACFjB,EAAiBiB,EAAiBjB,eAClCD,EAAoBkB,EAAiBlB,oBAIlCC,EAAgB,CACnB,MAAMU,EAAUtW,EAAQsW,SAAW/H,GAC7BwI,EAAS1N,EAAeiC,IACxB,kBAAEW,EAAiB,YAAE+K,GAAgBhX,EACrCgD,EAAyC,QAAvB,EAAAhD,EAAQgD,uBAAe,SAC/C,IACE2S,GAAoB,EACpBa,GAAsBF,GACtB,MAAMnW,EAAM,GAAG4W,uBACTjb,EAAOkb,EAAc,CAAElG,WAAYkG,GAAgB,CAAE/K,qBACrD5Q,EAAU,CACd,eAAgB,sCAAsCib,IACtDW,OAAQ,sCAAsCX,KAEhDV,QAAuBrG,GAAYjE,EAAY,CAC7CrL,OAAQ,OACRE,MACA9E,UACA2H,kBACAkC,KAAMpJ,GAET,CAAC,MAAO4F,GACP,KAAIgV,GAAehV,IAAQA,EAAIQ,KAAOuU,GAAiB/U,EAAIQ,IAAImR,eAI7D,MAAM3R,EAHNkU,EAAiBlU,EAAIQ,IAAImR,aACzBsC,GAAoB,CAIvB,CACF,CAED,MAAM,gBAAE3S,GAAoBhD,EAC5B,OAAO,GAAasL,EAAYsK,EAAgB,CAAE5S,mBAAmB2S,EACvE,CC1CM,SAAUuB,GAAUzR,GACxB,OAAOA,EAAI0R,OAAO,GAAG5W,cAAgBkF,EAAIuC,UAAU,EACrD,CAEM,SAAUoP,GACd3C,GAGA,OAAOA,EAAY7Z,MAAOmL,MAAK,EAAGzL,UAAoB,kBAATA,GAC/C,CClCM,SAAU+c,GAAoBC,GAClC,IAAIC,EACJ,GAAKvT,EAAgBsT,GACnBC,EAAgBD,MACX,IAAwB,iBAAbA,EAKhB,MAAM,IAAIlZ,MAAM,oCAJhBmZ,EAAgB,CACd7U,IAAK4U,EAIR,CACD,OAAOC,CACT,CAGgB,SAAAC,GAAsBC,EAAOC,GAC3C,SAAKD,GAAUC,IAIXD,EAAMxT,IAAMyT,EAAMzT,GACZwT,EAAMxT,KAAOyT,EAAMzT,GAGzBwT,EAAM/U,KAAOgV,EAAMhV,KACb+U,EAAM/U,MAAQgV,EAAMhV,KAGhC,OCUaiV,GAQX,WAAA7V,CACE2S,EACA9U,EAAY,GACZK,EAA4B,IAG5B/G,KAAK0G,OAAc,iBAAAA,GACnB1G,KAAK+G,QAAe,iBAAAA,GACpB/G,KAAK2e,uBACL3e,KAAKwb,YAAcA,CACpB,CAEO,oBAAAmD,GASN,GARA3e,KAAK0G,OAAOkY,eAAkB5e,KAAK0G,OAAOkY,gBAAkB,GAG5D5e,KAAK0G,OAAOkY,eAAiB5e,KAAK0G,OAAOkY,eAAevc,KAAIic,GACnDF,GAAoBE,KAIzBte,KAAK0G,OAAO4X,cAAe,CAC7B,MAAMA,EAAgBF,GAAoBpe,KAAK0G,OAAO4X,eACvBte,KAAK0G,OAAOkY,eAAe/K,MAAKgL,GACtDN,GAAsBD,EAAeO,MAG5C7e,KAAK0G,OAAOkY,eAAenY,KAAK6X,EAEnC,CAIDte,KAAK0G,OAAOoY,mBAAqB9e,KAAK0G,OAAOkY,eAAe1I,QAAO,CAACC,EAAKmI,KAC1C,iBAAlBA,GAA8Brd,OAAOuF,KAAK8X,GAAe7Y,OAAS,GAE3E0Q,EAAI1P,KAAK6X,GAEJnI,IACNnW,KAAK0G,OAAOoY,oBAAsB,GACtC,CAED,OAAAC,GACE,OAAO/e,KAAKwb,YAAYna,IACzB,CAID,YAAA2d,CAAa9C,GF9ET,IAA4B+C,IEiF9B,QFjF8BA,EE+EKjf,KAAKwb,YF9Eb,QAAtB,EAAAyD,EAAetd,aAAO,eAAAuU,QAAO,CAACgJ,EAAUC,KACzCA,EAAID,UACNA,EAASzY,KAAK0Y,EAAI9d,MAEb6d,IACN,KE0EwBpS,MAAMrD,IAASzJ,KAAKof,QAAQ3V,IAKtD,CAGD,OAAA4V,CAAQ5V,GACN,IAAKA,EAAK,CACR,IACIgO,GF/FmBwH,EE8FMjf,KAAKwb,YF7FX,QAApB,EAAAyD,EAAetd,aAAK,eAAEU,KAAIid,GAAKA,EAAEje,QE8Ff6U,QAAO,CAACyB,EAAMlO,KACjCkO,EAAKlO,GAAOzJ,KAAKqf,QAAQ5V,GAClBkO,IACN,CAAE,GACL,OAAOF,CACR,CFpGC,IAAuBwH,IEuGzB,GAA4C,mBAAjCjf,KAAK,MAAMie,GAAUxU,MAAwB,CACtD,MAAM8V,EAAMvf,KAAK,MAAMie,GAAUxU,MAC/BzJ,KAAKwb,YAAY7Z,MAAOmL,MAAK,EAAEzL,UAAUA,IAASoI,KAEpD,GAAI8V,EACF,OAAOA,CAEV,CAGD,GAAIvf,KAAKqC,KAAOrC,KAAKqC,IAAIoH,GAAM,CAC7B,MAAM+V,EAAQxf,KAAKqC,IAAIoH,GACvB,IAAK,IAAI/D,EAAI,EAAGA,EAAI8Z,EAAM/Z,OAAQC,IAAK,CACrC,IAAI6Z,EAAMvf,KAAK0G,OAAO8Y,EAAM9Z,IAC5B,GAAI6Z,EACF,OAAOA,CAEV,CACF,CAGD,OAAOvf,KAAK0G,OAAO+C,EACpB,CAED,OAAA2V,CACE3V,GAIA,QAASzJ,KAAKqf,QAAQ5V,EACvB,CAED,WAAAgW,CAAYC,EAAmCC,GAC7C,MAAMte,EAAOrB,KAAK+e,UACZa,EAAS5f,KAAK6f,YACdvB,EAAgBte,KAAK8f,mBAGrB7a,EAAOqZ,aAAA,EAAAA,EAAerZ,KAC5B,oCACE5D,OACAue,UACI3a,GAAQ,CAAEA,SACVqZ,GAAiB,CAAEA,iBAE1B,CAGD,SAAAuB,GACE,MAAMD,EAAkB,GAqCxB,OApC8B5f,KAAKwb,YAAY7Z,OAAS,IAClCW,SAAQyd,IAC5B,IAAIjZ,GACA,KAAEzF,EAAI,KAAE4D,EAAI,QAAE+a,EAAO,SAAEC,GAAaF,EACxC,IAAgB,IAAZC,EAAJ,CAGA,GAAkD,mBAAvChgB,KAAK,WAAWie,GAAU5c,MACnCyF,EAAQ9G,KAAK,WAAWie,GAAU5c,MAAS0e,QACtC,GAAa,WAAT9a,EAAmB,CAE5B,IAAIib,EACJ,MAAMC,GAAWngB,KAAKqC,IAAMrC,KAAKqC,IAAIhB,GAAQ,OAAS,GAEpD6e,EADqB,IAAnBC,EAAQ1a,OACF0a,EAAQ,GAGRA,EAAQrT,MAAKzL,GAAQJ,OAAOuF,KAAKxG,KAAK0G,QAAQ0Z,SAAS/e,KAE7D6e,IACFpZ,EAAQ,OAAH,wBAAQiZ,GAAoB,CAAE1e,KAAM6e,IAE5C,CACIpZ,IACHA,EAAQiZ,GAENvd,MAAMC,QAAQqE,GAChBA,EAAMxE,SAAQoD,GAAKka,EAAOnZ,KAAKf,MAG3Bua,IACFnZ,EAAMmZ,SAAWA,GAEnBL,EAAOnZ,KAAKK,GA3Bb,CA4BA,IAEI8Y,CACR,CAED,kBAAOS,CAAY7E,WACjB,GAAKA,EAAY7Z,MAGjB,OAAiC,QAA1B,EAAsB,QAAtB,EAAA6Z,EAAY7Z,MAAM,UAAI,eAAA6F,YAAI,eAAE7F,MAAMuU,QAAO,CAAC+J,EAAwB7G,KACnEA,EAAM6G,WACRA,EAAW,IAAIA,KAAa7G,EAAM6G,SAASte,QAEtCse,IACN,GACJ,CAKD,qBAAAK,GACE,MAEMV,EAAS,IAFe5f,KAAKwb,YAAY7Z,OAAS,MAC3B3B,KAAK6f,aAMlC,IAAK,MAAM/Y,KAAS8Y,SACX5f,KAAK0G,OAAOI,EAAMzF,MAE3B,OAAOrB,KAAK0G,MACb,CAES,gBAAAoZ,WAER,MAAMrE,EAAwC,QAA5B,EAAAzb,KAAKwb,YAAYC,iBAAW,eAAA9Z,MAC9C,IAAK8Z,EACH,OAGF,MAAM8E,EAA+BpC,GAAgCne,KAAKwb,aAC1E,IAAK+E,EAEH,OAAO9E,EAKT,MAAMzQ,EAAKuV,EAA6B/Y,KAAM7F,MAC3CmL,MAAK,EAAGzL,UAAoB,OAATA,IAAgBM,MAChC6e,EACwC,QADzB,EAAAD,EAA6B/Y,KAAM7F,MACrDmL,MAAK,EAAGzL,UAAoB,iBAATA,WAAwB,eAAEM,MAEhD,OACK,+BAAA8Z,GAAS,CACZzQ,KACAwV,gBAEH,QC7PmBC,GAGpB,WAAA5X,CAAYyV,GACVte,KAAKsT,KAAOgL,CACb,ECGG,MAAOoC,WAAsCD,GACjD,SAAAE,CAAUja,GACR,SAAUA,EAAOS,aAAcT,EAAOka,kBAAoBla,EAAOma,IAClE,CAED,cAAAC,CAAepa,GACb,MAAM,YAAES,EAAW,iBAAEyZ,EAAgB,IAAEC,GAAQna,EAC/C,GAAKS,GAAgByZ,GAAqBC,EAG1C,OAAO1Z,GAAe,CAAE4Z,SAAUH,GAAoBC,EACvD,CAED,SAAAhB,CAAUmB,SACR,OACK,+BAAwB,QAAxB,EAAAA,EAAoBxZ,YAAI,eAAE7F,MAAM,IACnC,CAAAN,KAAM,mBACN4D,KAAM,SACNia,SAAU8B,EAAoB9B,UAEjC,EC5BG,MAAO+B,WAAuBP,GAClC,cAAAI,CAAepa,GACb,MAAM,iBAAEka,GAAqBla,EAC7B,GAAKka,EAGL,MAAO,CAAEM,KAAMN,EAChB,ECNG,MAAOO,WAAqBV,GAChC,SAAAE,CAAUja,GACR,SAAUA,EAAOS,aAAeT,EAAO0a,UAAY1a,EAAOqa,SAC3D,CAED,cAAAD,CAAepa,GACb,MAAM,YAAES,EAAW,SAAEia,EAAQ,SAAEL,GAAara,EAC5C,GAAKS,GAAgBia,GAAaL,EAGlC,OAAO5Z,GAAe,CAAE4Z,SAAUA,GAAYK,EAC/C,CAED,SAAAvB,CAAUmB,SACR,OACK,+BAAwB,QAAxB,EAAAA,EAAoBxZ,YAAI,eAAE7F,MAAM,IACnC,CAAAN,KAAM,WACN4D,KAAM,SACNia,SAAU8B,EAAoB9B,UAEjC,ECnBG,MAAOmC,WAAmCZ,GAC9C,SAAAE,CAAUja,GACR,MAAM,YAAES,GAAgBT,EACxB,GAAIS,GAAeA,EAAYma,aAAena,EAAYoa,OACxD,OAAO,EAET,MAAM,YAAED,EAAW,SAAEE,EAAQ,OAAED,GAAW7a,EAC1C,SAAU4a,IAAeC,OAAcC,IAAYD,EACpD,CAED,cAAAT,CAAepa,GACb,MAAM,YAAE4a,EAAW,SAAEE,EAAQ,OAAED,GAAW7a,EAC1C,GAAK6a,IAAYD,GAAgBE,GAGjC,MAAO,CACLF,YAAaE,EAAW,SAAWF,EACnCE,WACAD,SAEH,CAED,SAAA1B,GACE,MAAO,CACL,CAAExe,KAAM,cAAe4D,KAAM,SAAUia,UAAU,GACjD,CAAE7d,KAAM,WAAY4D,KAAM,SAAUwc,MAAO,8BAC3C,CAAEpgB,KAAM,SAAU4D,KAAM,SAAUwc,MAAO,SAAUvC,UAAU,GAEhE,EC7BG,MAAOwC,WAAqCjB,GAChD,SAAAE,CAAUja,GACR,MAAM,YAAES,GAAgBT,EACxB,GAAIS,GAAeA,EAAYoa,OAC7B,OAAO,EAET,MAAM,OAAEA,GAAW7a,EACnB,QAAS6a,CACV,CAED,cAAAT,CAAepa,GACb,MAAM,OAAE6a,GAAW7a,EACnB,GAAK6a,EAGL,MAAO,CACLD,YAAathB,KAAKsT,KAAKqO,eAAgBC,iBAAkBN,YACzDC,SAEH,CAED,SAAA1B,GACE,MAAO,CACL,CAAExe,KAAM,SAAU4D,KAAM,SAAUwc,MAAO,SAAUvC,UAAU,GAEhE,ECzBG,MAAO2C,WAA2BpB,GACtC,SAAAE,CAAUja,GACR,MAAM,YAAES,GAAgBT,EAClB3F,EAAMoG,GAAeT,GACrB,WAAEob,EAAU,YAAEC,GAAgBhhB,EACpC,SAAU+gB,IAAcC,EACzB,CAED,cAAAjB,CAAepa,GACb,MAAM,YAAES,EAAW,WAAE2a,EAAU,YAAEC,GAAgBrb,EACjD,GAAKS,GAAgB2a,GAAeC,EAGpC,OAAO5a,GAAgB,CACrB2a,aACAC,cAEH,CAED,SAAAlC,GACE,MAAO,CACL,CAAExe,KAAM,aAAc4D,KAAM,SAAUia,UAAU,EAAMc,SAAS,EAAOyB,MAAO,eAC7E,CAAEpgB,KAAM,cAAe4D,KAAM,SAAUia,UAAU,EAAMc,SAAS,EAAOyB,MAAO,eAEjF,ECvBG,MAAOO,WAA6BvB,GACxC,SAAAE,CAAUja,GACR,MAAM,YAAES,GAAgBT,EAClB3F,EAAMoG,GAAeT,GACrB,WAAEob,EAAU,kBAAEG,EAAiB,cAAEC,GAAkBnhB,EACzD,SAAU+gB,GAAcG,GAAqBC,EAC9C,CAED,cAAApB,CAAepa,GACb,MAAM,YAAES,EAAW,kBAAE8a,EAAiB,WAAEH,EAAU,cAAEI,GAAkBxb,EACtE,GAAKS,GAAgB8a,GAAsBH,GAAeI,EAG1D,OAAO/a,GAAgB,CACrB8a,oBACAH,aACAI,gBAEH,CAED,SAAArC,GACE,MAAO,CACL,CAAExe,KAAM,oBAAqB4D,KAAM,SAAUwc,MAAO,qBAAsBvC,UAAU,EAAMc,SAAS,GACnG,CAAE3e,KAAM,aAAc4D,KAAM,SAAUwc,MAAO,cAAevC,UAAU,EAAMc,SAAS,GACrF,CAAE3e,KAAM,gBAAiB4D,KAAM,SAAUwc,MAAO,iBAAkBvC,UAAU,EAAMc,SAAS,GAE9F,ECdG,MAAOmC,WACHzD,GAIR,WAAA7V,CAAY2S,EAA6B9U,EAAY,CAAC,GACpD2I,MAAMmM,EAAa9U,GACnB1G,KAAKse,cChBH,SAA2B9C,WAC/B,MAAMC,EAAYD,EAAYC,UACxB9Z,GAAQ8Z,aAAA,EAAAA,EAAW9Z,QAAS,GAClC,OAAQA,EAAM8H,KACZ,KAAKoB,EAAiBuX,cACpB,OAAO,IAAIjB,GAAaxf,GAC1B,KAAKkJ,EAAiBwX,kBACpB,OAAwB,QAApB,EAAA1gB,EAAMggB,sBAAc,eAAEC,kBACjB,IAAIF,GAA6B/f,GAEjC,IAAI0f,GAA2B1f,GAE1C,KAAKkJ,EAAiByX,YACpB,OAAO,IAAIrB,GAAetf,GAC5B,KAAKkJ,EAAiB0X,SACpB,OAAwB,QAApB,EAAA5gB,EAAMggB,sBAAc,eAAEa,eACjB,IAAIR,GAAqBrgB,GAEzB,IAAIkgB,GAAmBlgB,GAElC,QACE,OAAO,IAAI+e,GAA8B/e,GAE/C,CDPyBme,CAAiBtE,EACvC,CAED,WAAAiE,CAAYpN,EAAkC6J,SAC5C,MAAMuG,EAAWpT,MAAMoQ,YAAYpN,EAAY6J,GACzCwG,EAA8D,QAAnC,EAAAxG,aAAA,EAAAA,EAASwG,gCAA0B,eAAA/gB,MAEpE,OACK,+BAAA8gB,GACH,CAAAC,4BAEH,CAED,YAAA1D,GACE,OAAOhf,KAAKse,cAAcqC,UAAU3gB,KAAK0G,OAC1C,CAED,cAAAoa,GACE,OAAO9gB,KAAKse,cAAcwC,eAAe9gB,KAAK0G,OAC/C,CAED,mBAAAic,CAAoB7b,GAClB,OAAO9G,KAAKse,cAAcuB,UAAU/Y,EACrC,CAED,qBAAAwZ,GAGE,OAFAtgB,KAAK0G,OAAS2I,MAAMiR,wBACArf,OAAOuF,KAAKxG,KAAK0G,QAAQ0V,QAAOwG,GAAyB,gBAAbA,IAC3C1M,QAAO,CAACxP,EAAQkc,IAAa,+BAAKlc,GAAM,CAAE,CAACkc,GAAW5iB,KAAK0G,OAAOkc,MAAa,GACrG,EExCG,MAAOC,WAA4BV,IAChC,GAAe,gBAAG,uBCGrB,MAAOW,WAAmBpE,GAG9B,YAAAM,GACE,QAAShf,KAAK0G,OAAOqc,cAAsC,gBAAtB/iB,KAAK+G,QAAQic,IACnD,CAED,WAAAvD,CAAYpN,EAAkC6J,GAC5C,MAAM+G,EAAS5T,MAAMoQ,YAAYpN,EAAY6J,GAC7C,IAAIoC,EAAgBte,KAAK8f,mBAIzB,OAHKxB,IAAiBpC,aAAO,EAAPA,EAASgH,wBAC7B5E,EAAgBpC,EAAQgH,qBAAqBvhB,OAE/C,+BACKshB,GAAM,CACT3E,gBACA6E,KAAM,CACJjE,UAAU,EACVkE,QAASpjB,KAAKwb,YAAY4H,UAG/B,CAED,qBAAA9C,GAEE,OADoBrf,OAAOuF,KAAKxG,KAAK0G,QAAQ0V,QAAOwG,GAAyB,iBAAbA,IAC3C1M,QAAO,CAACxP,EAAQkc,IAAa,+BAAKlc,GAAM,CAAE,CAACkc,GAAW5iB,KAAK0G,OAAOkc,MAAa,GACrG,EAzBM,GAAe,gBAAG,cCArB,MAAOS,WAAgC3E,GAG3C,YAAAM,GACE,GAAIhf,KAAK0G,OAAO4c,QACd,OAAO,EAGT,GAAItjB,KAAK0G,OAAO4X,cAAe,CAC7B,MAAM,GAAEtT,EAAE,QAAEsY,GAAYtjB,KAAK0G,OAAO4X,cACpC,GAAMtT,GAAQsY,EACZ,OAAO,CAEV,CAED,OAAO,CACR,CAED,WAAA7D,CAAYpN,EAAkC6J,GAC5C,MAAM+G,EAAS5T,MAAMoQ,YAAYpN,EAAY6J,GACvCoC,EAAgBpC,EAAQgH,qBAAqBvhB,MACnD,OACK,+BAAAshB,GACH,CAAA3E,iBAEH,CAED,OAAAe,SAGE,MAAO,CACLf,cAAe,CACbtT,GAHqBhL,KAAKwb,YAAa7Z,MAAO,GAAGA,MAG5B6F,KAAK7F,MAAM,GAAGA,MACnC2hB,SAAqD,QAA3C,EAAAtjB,KAAK0G,OAAO4X,qBAA+B,eAAEgF,UAAWtjB,KAAK0G,OAAO4c,SAEhFvF,YAAa/d,KAAK0G,OAAOqX,YAG5B,CAED,qBAAAuC,GACEtgB,KAAK0G,OAAS2I,MAAMiR,+BACbtgB,KAAK0G,OAAOkY,eACnB,MAAM2E,EAAYvjB,KAAK0G,OAAO4c,QAAU,UAAY,gBAEpD,OADoBriB,OAAOuF,KAAKxG,KAAK0G,QAAQ0V,QAAOwG,GAAYA,IAAaW,IACxDrN,QAAO,CAACxP,EAAQkc,IAAa,+BAAKlc,GAAM,CAAE,CAACkc,GAAW5iB,KAAK0G,OAAOkc,MAAa,GACrG,EA7CM,GAAe,gBAAG,4BCArB,MAAOY,WAA8B9E,GAGzC,aAAA+E,GACE,MAAO,CACL,CAAEpiB,KAAM,QAAS4D,KAAM,SAAUia,UAAU,EAAMuC,MAAO,SAE3D,CAED,mBAAAiC,GACE,MAAO,CACL,CAAEriB,KAAM,cAAe4D,KAAM,SAAUia,UAAU,EAAMuC,MAAO,gBAEjE,CAED,YAAAzC,GACE,OAAO2E,QAAQ3jB,KAAK0G,OAAOkd,OAAS5jB,KAAK0G,OAAOmd,YACjD,CAED,WAAApE,CAAYpN,EAAkC6J,GAC5C,MAAM+G,EAAS5T,MAAMoQ,YAAYpN,EAAY6J,GACvCoC,EAAgBpC,EAAQgH,qBAAqBvhB,MACnD,OACK,+BAAAshB,GACH,CAAA3E,iBAEH,CAED,OAAAe,GACE,MAAO,CACLtB,YAAa/d,KAAK0G,OAAOqX,YACzB6F,MAAO5jB,KAAK0G,OAAOkd,MACnBC,YAAa7jB,KAAK0G,OAAOmd,YAE5B,CAED,qBAAAvD,GAEE,OADoBrf,OAAOuF,KAAKxG,KAAK0G,QAAQ0V,QAAOwG,IAAa,CAAC,QAAS,eAAexC,SAASwC,KAC9E1M,QAAO,CAACxP,EAAQkc,IAAa,+BAAKlc,GAAM,CAAE,CAACkc,GAAW5iB,KAAK0G,OAAOkc,MAAa,GACrG,EAtCM,GAAe,gBAAG,0BCRrB,MAAOkB,WAA+B3B,IACnC,GAAe,gBAAG,0BCHrB,MAAO4B,WAAsBjB,GAGjC,YAAA9D,GACE,QAAShf,KAAK0G,OAAOqc,cAAsC,mBAAtB/iB,KAAK+G,QAAQic,IACnD,EAJM,GAAe,gBAAG,iBCErB,MAAOgB,WAA2B7B,IAC/B,GAAe,gBAAG,sBCUrB,MAAO8B,WAAsBvF,GAKjC,WAAA7V,CACE2S,EACA9U,EAA8B,GAC9BK,EAA4B,IAE5BsI,MAAMmM,EAAa9U,EAAQK,GAP7B,KAAa,cAA8B,KAYrB/G,KAAKkkB,kCAEvBlkB,KAAKse,cAAgBte,KAAKse,cAAgB,IAAI6C,GAAa,CAAC,GAE/D,CAED,YAAAnC,GAEE,GAAIhf,KAAKse,gBAAkBte,KAAKse,cAAcqC,UAAU3gB,KAAK0G,QAC3D,OAAO,EAGT,MAAMyd,EAAwBnkB,KAAKqf,UAAU+E,YAC7C,QAAKD,GAI8BnkB,KAAKwb,YAAY7Z,MAAOmL,MAAK,EAAGzL,UAAoB,gBAATA,IAC5CmG,KAAM7F,MAAMuU,QAAO,CAAC8I,EAAc5I,KAC9DA,EAAK8I,WACPF,EAAeA,KAAkBmF,EAAsB/N,EAAK/U,OAEvD2d,KACN,EACJ,CAED,6BAAAkF,GACE,OAAOlkB,KAAKwb,YAAY7Z,MAAOmL,MAAK,EAAGzL,UAAoB,gBAATA,GACnD,CAED,cAAAgjB,EAAgB7c,MAAQ7F,MAAO2iB,KAC7B,MACM3M,EADiB2M,EAAkBjiB,KAAI,EAAEhB,UAAUA,IAC7B6U,QAAO,CAACqO,EAAiBC,IACnDxkB,KAAK0G,OAAO8d,GACT,+BAAAD,GAAe,CAClB,CAACC,GAAgBxkB,KAAK0G,OAAO8d,KAC3BD,GAAkB,CAAE,GACxB,GAAiC,IAA7BtjB,OAAOuF,KAAKmR,GAAMlS,OAGtB,OAAOkS,CACR,CAED,cAAAmJ,GACE,MAAMvB,EAAMvf,KAAKse,eAAiBte,KAAKse,cAAcwC,eAAe9gB,KAAK0G,QACzE,GAAK6Y,EAGL,OAAOA,CACR,CAED,mBAAAkF,CAAoB3d,GAClB,MAAO,IAAIA,EAAMU,KAAK7F,MACvB,CAED,mBAAAghB,CAAoB7b,GAClB,MAAO,IAAIA,EAAMU,KAAK7F,MACvB,CAED,gBAAA+iB,CAAiBC,GACf,OAAOA,EAAiBhjB,MAAM,GAAG6F,KAAK7F,MAAMuU,QAAO,CAAC0O,EAAQxL,KACtDA,EAAM6G,UACR2E,EAAOne,KAAK2S,EAAM6G,SAASte,MAAM,GAAG+G,SAE/Bkc,IACN,GACJ,EAhFM,GAAe,gBAAG,iBCPrB,MAAOC,WAAiBnG,GAA9B,kCAGE,KAAArc,IAAM,CACJ,WAAc,CAAC,YAwBlB,CArBC,YAAA2c,GACE,MAAM,WAAE8F,GAAe9kB,KAAKqf,UAC5B,QAASyF,CACV,CAED,cAAAhE,GACE,MAAM,YAAE3Z,EAAW,SAAEia,GAAaphB,KAAK0G,OACvC,GAAKS,GAAgBia,EAGrB,OAAOja,GAAe,CAAE4Z,SAAUK,EACnC,CAED,mBAAAuB,CAAoB7b,GAClB,sCACKA,EAAMU,KAAK7F,MAAM,IAAE,CACtBN,KAAM,WACN6d,SAAUpY,EAAMoY,UAEnB,EAzBM,GAAe,gBAAG,WCJrB,MAAO6F,WAA8BrG,GAGzC,cAAAoC,GACE,MAAM,YAAEkE,GAAgBhlB,KAAK0G,OAC7B,GAAKse,EAGL,MAAO,CACLjE,SAAUiE,EAEb,CAED,mBAAArC,CAAoB7b,GAElB,MACMzF,EAAyB,aADTrB,KAAK8f,mBAAoB7a,KACH,cAAgB,mBAC5D,OACK,+BAAA6B,EAAMU,KAAK7F,MAAM,IACpB,CAAAN,QAEH,EApBM,GAAe,gBAAG,yBCLrB,MAAO4jB,WAAoBvG,GAG/B,YAAAM,GACE,OAAO,CACR,CAED,WAAAS,GACE,MAAM,KAAEpe,EAAI,KAAE4D,EAAI,IAAEigB,EAAG,KAAEnL,GAAS/Z,KAAKwb,YACvC,MAAO,CACLna,OACA4D,OACAigB,MACAnL,OAEH,EAdM,GAAe,gBAAG,eCSrB,MAAOoL,WACHzG,GAKR,iBAAA0G,CAAkBxG,EAAgB7X,GAChC,IAAIse,EACJ,IAAK,IAAI/G,KAAiBM,EAGxB,GAFAyG,EAASte,EACN+F,MAAK,EAAG2O,eAAgBA,EAAUhS,KAAOgS,EAAUhS,MAAQ6U,EAAc7U,MACxE4b,EACF,MAGJ,OAAOA,CACR,CAGD,YAAArG,CAAa9C,WACX,MAAM,eAAE0C,EAAc,cAAEN,GAAkBte,KAAK0G,OACzC6Z,EAA+BpC,GAAgCne,KAAKwb,cACpE,QAAEzU,GAAYwZ,EAEpB,IAAK3B,IAAmBA,EAAenZ,OACrC,OAAO,EAIT,GAAIsF,EAAgBuT,IAAkBA,EAActT,GAClD,OAAO,EAIT,MAAMsa,EAAgBtlB,KAAKolB,kBAAkBxG,EAAgB7X,GAC7D,GAAIue,EAAe,CAEjB,MAAMC,GAAyBrJ,aAAO,EAAPA,EAASgH,wBACnChH,aAAO,EAAPA,EAASgH,qBAAqBvhB,MAAMqJ,OAAgC,QAAzB,EAAAsa,EAAc7J,iBAAW,eAAAzQ,IACnEwa,GAAmCtJ,aAAO,EAAPA,EAASuJ,kCAC7CvJ,aAAO,EAAPA,EAASuJ,+BAA+B9jB,MAAMqJ,OAAgC,QAAzB,EAAAsa,EAAc7J,iBAAW,eAAAzQ,IACnF,OAAQua,IAA2BC,CACpC,CAED,OAAO,CACR,CAED,gBAAAE,CAAiB5J,GACf,MAAM,eAAE8C,EAAc,cAAEN,GAAkBte,KAAK0G,OAG/C,GAAIqE,EAAgBuT,IAAkBA,EAActT,GAElD,OADAhL,KAAK2lB,sBAAwBrH,EACtBA,EAGT,MAAM,QAAEvX,GAAY+U,EACd8J,EvBjDM,SAAkBhH,EAAgB7X,GAChD,IAAIse,EACJ,IAAK,IAAI/G,KAAiBM,EAGxB,GAFAyG,EAASte,EACN+F,MAAK,EAAG2O,eAAgBA,EAAUhS,KAAOgS,EAAUhS,MAAQ6U,EAAc7U,MACxE4b,EACF,MAGJ,OAAOA,CACT,CuBuC2BD,CAAkBxG,EAAgB7X,GAGzD,OAFA/G,KAAK2lB,sBAAwBC,EAAenK,UAC5Czb,KAAK4lB,eAAiBA,EACf,CACL5a,GAAI4a,aAAc,EAAdA,EAAgBjkB,MAAM6F,KAAK7F,MAAMmL,MAAK,EAAGzL,UAAoB,OAATA,IAAeM,MAE1E,CAED,qBAAAkkB,CAAsBrK,GAOpB,MAAO,CAAEna,KAAM,gBAAiB4D,KAAM,SAAU8B,QANhCyU,EAAYzU,QAAQ1E,KAAI,EAAGof,QAAOhG,gBACzC,CACLgG,QACA9f,MAAO8Z,EAAUhS,QAItB,CAED,qBAAA6W,GACEtgB,KAAK0G,OAAS2I,MAAMiR,wBAEpB,MAAM1B,EAAkB5e,KAAK0G,OAAOkY,eACjCxC,QAAOkC,IACsE,IAArEC,GAAsBD,EAAete,KAAK2lB,yBAErD,sCAAY3lB,KAAK0G,QAAM,CAAEkY,kBAC1B,ECtFG,MAAOkH,WAAwCX,GAGnD,WAAAtc,CACE2S,EACA9U,EAAoC,GACpCK,EAA4B,UAE5BsI,MAAMmM,EAAa9U,EAAQK,GAG3B,MAAMgf,EAAuC,oBAAtB/lB,KAAK+G,QAAQ0L,MAE1B,QADmB,EAAA0L,GAAgC3C,GAC1DzU,eAAO,eAAE8M,MAAK,EAAG4H,gBAAgBA,aAAA,EAAAA,EAAWhS,OAAQoB,EAAiBuX,mBAC3C2D,GAAkB/lB,KAAK0G,OAAO0a,YACzDphB,KAAK0G,OAAOkY,eAAiB,IACxB5e,KAAK0G,OAAOkY,gBAAkB,GACjC,CAAEnV,IAAKoB,EAAiBuX,gBAG7B,EAnBM,GAAe,gBAAG,oCCNrB,MAAO4D,WAAkCb,IACtC,GAAe,gBAAG,8BCKrB,MAAOc,WAAyCd,GAAtD,kCAIE,KAAA9iB,IAAM,CACJyiB,WAAY,CAAC,YAgChB,CA7BC,YAAA9F,GAEE,QADmBhf,KAAKqf,QAAQ,eACThQ,MAAM2P,cAC9B,CAED,gBAAA0G,CAAiB5J,aACf,MAAMoK,EAAmB7W,MAAMqW,iBAAiB5J,GAC1CqK,EAAsC,QAAnB,EAAAnmB,KAAK4lB,sBAAc,eAAEjkB,MAAM6F,KAAK7F,MAAMmL,MAAK,EAAGzL,UAAoB,eAATA,IAK5E+kB,EAAkBpmB,KAAK0G,OAAO2f,aAClCF,aAAA,EAAAA,EAAkBxkB,SAAiD,QAA9B,EAAyB,QAAzB,EAAAwkB,aAAgB,EAAhBA,EAAkBpf,eAAO,eAAG,UAAE,eAAEpF,OAEvE,OAAIykB,EACF,+BACKF,GAAgB,CACnBG,WAAYD,IAITF,CACR,CAED,gBAAAI,GACE,MAAO,CAAEjlB,KAAM,WAAY4D,KAAM,SAClC,EAlCM,GAAe,gBAAG,sCCNrB,MAAOshB,WAA4B7H,GAGvC,YAAAM,GACE,OAAO,CACR,EAJM,GAAe,gBAAG,wBCIrB,MAAOwH,WAAuF9H,GAGlG,WAAA7V,CAAY2S,EAA6B9U,EAAY,CAAC,GACpD2I,MAAMmM,EAAa9U,GAGnB1G,KAAKse,cAAgBte,KAAK8f,mBAE1B9f,KAAKymB,yBACN,CAES,uBAAAA,GAER,GAD0BzmB,KAAK0mB,uBAE7B1mB,KAAK0G,OAAOoY,mBAAqB9e,KAAK0G,OAAOoY,mBAAoBzc,KAAIsV,GAC/D4G,GAAsBve,KAAKse,cAAe3G,GACrC3X,KAAK2mB,+BAA+BhP,GAEtCA,QAEJ,CACL,MAAMA,EAAO3X,KAAK2mB,iCACdhP,GACF3X,KAAK0G,OAAOoY,mBAAoBrY,KAAKkR,EAExC,CACF,CAES,oBAAA+O,GACR,OAAO1mB,KAAK0G,OAAOoY,mBAChBhS,MAAM6K,GAAS4G,GAAsBve,KAAKse,cAAe3G,IAC7D,CAED,YAAAqH,GACE,OAAOhf,KAAK0G,OAAOoY,mBAChBjL,MAAK8D,GAAQ4G,GAAsBve,KAAKse,cAAe3G,IAC3D,CAES,8BAAAgP,CAA+B1E,GAEvC,IAAI,WAAEoE,EAAU,cAAE/H,GAAkBte,KAAK0G,QACpC2f,GAActb,EAAgBuT,KAClC+H,EAAa/H,aAAa,EAAbA,EAAe+H,YAG7B,MAAM,GAAErb,EAAE,aAAEwV,GAAiBxgB,KAAKse,cAC5B3G,EAAO,OAAH,sBACR3M,KACAwV,gBACIyB,GAAqBA,GACrBoE,GAAc,CAAEA,eAGtB,OAAO1O,EAAK0O,WAAa1O,EAAO,IACjC,CAES,+BAAAwG,GAGR,OAFsBne,KAAKwb,YAAY7Z,MACpCmL,MAAK,EAAGzL,UAAoB,kBAATA,GAEvB,CAED,qBAAAif,GACEtgB,KAAK0G,OAAS2I,MAAMiR,wBAEpB,MAAMxB,EAAqB9e,KAAK0G,OAAOoY,mBACpC1C,QAAOzE,IAA4D,IAApD4G,GAAsBve,KAAKse,cAAe3G,KAC5D,sCAAY3X,KAAK0G,QAAM,CAAEoY,sBAC1B,EC3EG,MAAO8H,WAAsCJ,GAGjD,gBAAAd,GACE,OAAO1lB,KAAK0mB,sBACb,CAED,qBAAAb,GACE,MAAMvH,EAAgBte,KAAKme,kCACrBkI,EAAa/H,EAAc9W,KAAM7F,MAAMmL,MAAK,EAAGzL,UAAoB,eAATA,IAEhE,OAAIglB,GAAcA,EAAWtf,QACpB,CACL1F,KAAM,aACN4D,KAAM,SACNia,UAAU,EACVnY,QAASsf,EAAWtf,SAIT,IAAIuX,EAAc9W,KAAM7F,MAExC,CAED,qBAAA2e,GAGE,OAFAtgB,KAAK0G,OAAS2I,MAAMiR,wBACArf,OAAOuF,KAAKxG,KAAK0G,QAAQ0V,QAAOwG,GAAyB,kBAAbA,IAC3C1M,QAAO,CAACxP,EAAQkc,IAAa,+BAAKlc,GAAM,CAAE,CAACkc,GAAW5iB,KAAK0G,OAAOkc,MAAa,GACrG,EA3BM,GAAe,gBAAG,kCCGrB,MAAOiE,WAAoCL,GAG/C,gBAAAd,GACE,MAAMzD,EAAoBjiB,KAAK0mB,uBAE/B,MAAO,CACL1b,GAFmCmT,GAAgCne,KAAKwb,aAEvChU,KAAM7F,MACpCmL,MAAK,EAAGzL,UAAoB,OAATA,IAAgBM,MACtC0kB,WAAYpE,EAAmBoE,WAC/BxC,YAAa5B,EAAmB4B,YAEnC,CAED,qBAAAgC,CAAsBrK,GACpB,MAAO,CACL,CAAEna,KAAM,aAAc4D,KAAM,UAC5B,CAAE5D,KAAM,cAAeogB,MAAO,eAAgBxc,KAAM,WACpD5C,KAAI6K,IACJ,MAAMvL,EAAQ6Z,EAAYhU,KAAK7F,MAAMmL,MAAKyS,GAAOA,EAAIle,OAAS6L,EAAK7L,OACnE,OAAY,+BAAAM,GAAUuL,EAAO,GAEhC,CAES,8BAAAyZ,CAA+BhP,GAEvCA,EAAOtI,MAAMsX,+BAA+BhP,GAE5C,MAAM,YAAEkM,GAAgB7jB,KAAK0G,OAC7B,GAAKiR,GAASkM,EAId,sCACMlM,GAAQA,GACRkM,GAAe,CAAEA,eAExB,EApCM,GAAe,gBAAG,gCCHrB,MAAOiD,WAAapI,GAGxB,YAAAM,GACE,QAAShf,KAAK0G,OAAOqgB,MAA8B,SAAtB/mB,KAAK+G,QAAQic,IAC3C,ECpBG,SAAUgE,GAAgBxL,GAC9B,GAAIhZ,MAAMC,QAAQ+Y,GAChB,OAAOA,EACJnZ,KAAI6K,GACiB,iBAATA,GAAqC,iBAATA,GAAqC,kBAATA,EAC1DA,EAEF8Z,GAAgB9Z,KAI7B,MAAMuK,EAAM,GACZ,IAAK,MAAOhO,EAAK9H,KAAUV,OAAO0F,QAAQ6U,GACxC,GAAI7Z,QAIJ,GAAqB,iBAAVA,EAAoB,CAC7B,MAAMslB,EAAWhmB,OAAOuF,KAAK7E,GAG7B,GAAI,CAAC,QAAS,QAAQye,SAAS3W,IACN,IAApBwd,EAASxhB,QACT,CAAC,QAAS,QAAQ2a,SAAS6G,EAAS,IACvC,CAEA,MAAMC,EAAgBF,GAAgBrlB,GACtCV,OAAO0F,QAAQugB,GAAe5kB,SAAQ,EAAEmH,EAAK9H,MAC3C8V,EAAIhO,GAAO9H,CAAK,GAEnB,MAEC8V,EAAIhO,GAAOud,GAAgBrlB,EAE9B,MAEC8V,EAAIhO,GAAO9H,EAIf,OAAO8V,CACT,CDzBS,GAAe,gBAAG,OEhBrB,MAAO0P,WAA0BzI,GACrC,YAAAM,GAEE,QAAuC,mBAA5Bhf,KAAKwb,YAAYjC,QAWE,SAA1BvZ,KAAKwb,YAAYna,OAAmBrB,KAAKwb,YAAYna,KAAK+lB,SAAS,WAInEpnB,KAAK+G,QAAQic,KAMlB,CAED,OAAA3D,GAKE,OAJarf,KAAK6f,YAAY3J,QAAO,CAACC,GAAO9U,WAC3C8U,EAAI9U,GAAQrB,KAAK0G,OAAOrF,GACjB8U,IACN,CAAE,EAEN,CAED,WAAAsJ,CAAYpN,EAAkCsN,GAC5C,MAAMte,EAAOrB,KAAK+e,UACZa,EAAS5f,KAAK6f,YAId,EAYF7f,KAAKwb,aAZH,KAEJzB,EAAI,OACJ/S,EAAM,IACN4U,EAAG,QACH5B,EAAO,SACPqN,EAAQ,MAER1lB,EAAK,OAEL4X,GAAM,EACH+N,EAXC,oEAgBN,OAAI/N,EAEG,6CAAA+N,KACG1H,EAAOna,QAAU,CAAEma,WAAQ,CACjCrG,OAAQpH,MAAOqG,GACNnG,EAAW4H,IAAI2C,QAAO,eAC3BoG,KAAM3hB,GACHmX,MAOJ,OAAK,UAAAxY,KAAKwb,YAElB,CAED,SAAAqE,GACE,OAAQ7f,KAAKwb,YAAY7Z,OAAS,IAC/Bya,QAAO,EAAG/a,UAAoB,gBAATA,IACrBgB,IAAI2kB,IACJ3kB,KAAIyE,IAEHA,EAAM7B,KAAO6B,EAAM7B,MAAQ,SACpB6B,IAEZ,EChFG,SAAUygB,GAAmBjN,GACjC,MAAM,gBAAE0C,EAAe,gBAAEE,GAAoB5C,EAC7C,OAAQ0C,EAAgBvX,SAAWyX,CACrC,CAUM,SAAUsK,GACd7lB,GAEA,GAAKA,GAAUa,MAAMC,QAAQd,GAG7B,OAAOA,EAAMuU,QAAO,CAAC+J,EAAUte,KAI7B,GAHIA,EAAMse,WACRA,EAAW,IAAIA,KAAate,EAAMse,SAASte,QAEzCA,EAAM6F,KAAM,CACd,MAAMigB,EAAmBD,GAAmC7lB,EAAM6F,KAAK7F,QAAU,GACjFse,EAAW,IAAIA,KAAawH,EAC7B,CACD,GAAI9lB,EAAMoF,QAAS,CACjB,IAAI2gB,EAAe,GACnB/lB,EAAMoF,QAAQzE,SAAQ+iB,IACfA,EAAO1jB,OAAiC,iBAAjB0jB,EAAO1jB,QAGnC+lB,EAAe,IAAIA,EAAcrC,EAAO1jB,OAAe,IAEzD,MAAMgmB,EAAsBH,GAAmCE,IAAiB,GAChFzH,EAAW,IAAIA,KAAa0H,EAC7B,CACD,OAAO1H,CAAQ,GACd,GACL,CAEgB,SAAA2H,GAAwBtN,EAA0BvT,SAChE,IAAIkZ,EAAyB,GAC7B,MAAM,YAAEhD,EAAW,gBAAED,GAAoB1C,EAGnCuN,EAAuC,QAAtB,EAAA5K,EAAYgD,gBAAU,eAAAte,MAAMU,KAAIqG,GAAWA,IAQlE,GAPImf,IACF5H,EAAW,IAAIA,KAAa4H,KAMzB9gB,EAAQ+gB,qBACX,IAAK,IAAItM,KAAewB,EAAiB,CACvC,MAAM+K,EAAgBP,GAAmChM,EAAY7Z,OACjEomB,IACF9H,EAAW,IAAIA,KAAa8H,GAE/B,CAIH,MAAMC,EAAO,GAWb,OAVA/H,EAAWA,EAAS/J,QAAO,CAAC+R,EAAUvf,WACpC,MAAMe,EAAkB,QAAZ,EAAAf,EAAQwf,YAAI,eAAEze,IAC1B,OAAIA,GAAOue,EAAKve,IAAQf,EAAQA,UAAYsf,EAAKve,GAAKf,QAC7Cuf,GAETD,EAAKve,GAAOf,EACZuf,EAAW,IAAIA,EAAUvf,GACV,GACd,IAEIuX,CACT,CA+GA,SAASkI,GAAmB3M,EAA6BzU,GACvD,MAAM,qBAAE+gB,EAAoB,YAAEM,GAAgBrhB,EAE9C,GAAKyU,EAIL,OAAIsM,EACKX,GAIFiB,EAAa5M,EAAYna,KAClC,UAIgBgnB,GACd/N,EACA5T,EACAK,GAGA,MAAMqhB,EAAcrhB,EAAQqhB,YACtBN,EAAuB/gB,EAAQ+gB,sBAC9B9K,gBAAiBsL,EAAe,QAAEpM,GAAW5B,EAEpD,IAAIiO,EAEJ,GAAIxhB,EAAQic,KAAM,CAEhB,MAAMxH,EAAc8M,EAAgBxb,MAAK,EAAGzL,UAAWA,IAAS0F,EAAQic,OACxE,GAAIxH,EAAa,CACf,MAAMgN,EAAIL,GAAmB3M,EAAazU,GAC1C,OAAOyhB,EAAI,IAAIA,EAAEhN,EAAa9U,EAAQK,QAAW7E,CAClD,CAGC,YADAqJ,EAAK,SAASxE,EAAQic,uCAGzB,CAED,MAAMyF,EAAqC,GAC3C,GAAIX,EAEFW,EAAqBhiB,KAAK,IAAI0gB,GAAkBmB,EAAgB,GAAI5hB,EAAQK,SAE5E,IAAK,IAAIyU,KAAe8M,EAEtB,GAD2BrnB,OAAOuF,KAAK4hB,GAAuBhI,SAAS5E,EAAYna,MACnF,CAOA,GADAknB,EAAa,IADHJ,GAAmB3M,EAAazU,GAC7B,CAAMyU,EAAa9U,EAAQK,GACpCwhB,EAAWvJ,aAAa9C,GAE1B,OAAOqM,EAITE,EAAqBhiB,KAAK8hB,EAXzB,CAeL,OAAOE,EAAqB,EAC9B,UAGgBhJ,GACdpN,EAAkCkW,EAAwBjO,GAE1D,MAAMmI,EAAW8F,EAAW9I,YAAYpN,EAAYiI,EAAY4B,SAC1DwM,EAjQF,SAAoBpO,GACxB,OAAOA,EAAY0C,gBAAgBnJ,MAAK,EAAGxS,UAAoB,SAATA,GACxD,CA+PkBsnB,CAAUrO,GACpBsO,EA9PF,SAAsBtO,GAC1B,OAAOrZ,OAAOuF,KAAK8T,EAAY6B,SAAStI,MAAKgV,GAAcA,EAAWzI,SAAS,WACjF,CA4PoB0I,CAAYxO,GAC9B,oDACKmI,GACCiG,GAAW,CAACA,YACZE,GAAa,CAACA,aAEtB,CAEM,SAAUG,GACd1W,EACAiI,EACAvT,EAAU,IAEV,MAAMiiB,EAAWzB,GAAmBjN,GAC9B2F,EAAW2H,GAAwBtN,EAAavT,GACtD,GAAIiiB,EACF,MAAO,CAAE1O,cAAa0O,WAAU/I,YAC3B,CACL,MAAMsI,EAAaF,GAAc/N,EAAa,CAAE,EAAEvT,GAC5C0b,EAAW8F,GAAc9I,GAAYpN,EAAYkW,EAAYjO,GACnE,sBACEA,cACA2F,YACIwC,GAAY,CAAEA,YAErB,CAEH,CC/PA,SAASwG,GAAuBviB,GAE9B,sCACKA,GAAM,CACTwiB,YAAQhnB,GAEZ,CAEA,SAASinB,GAAwBpiB,EAA2B8hB,GAC1D,IAAI1M,EAAUpV,EAAQoV,SAAW,GAQjC,OAPAA,EAAUA,EAAQC,QAAOoD,GACF,iBAAVA,EACFA,IAAUqJ,EAEZrJ,EAAMne,OAASwnB,IAGZ,+BAAA9hB,GAAS,CAAAoV,WACvB,CAGOhK,eAAeiX,GACpB/W,EACAiI,EACA5T,EACAK,GAEA,IAAI,gBAAEiW,EAAe,gBAAEE,GAAoB5C,EAC3C,MAAM,KAAE7H,GAAS1L,EAGjB,GAAImW,EACF,MAAO,CAAE5C,eAGX,MAAMiO,EAAaF,GAAc/N,EAAa5T,EAAQK,GAGhDsiB,EA3CR,SAA6B3iB,EAA2B4T,GAEtD,OAAOrZ,OAAOuF,KAAK8T,EAAY6B,SAASrP,MAAKyM,KAAY7S,EAAOwiB,QAAU3P,EAAO6G,SAAS,YAC5F,CAwC2BkJ,CAAoB5iB,EAAQ4T,GAE/C6B,EAAU,IADUpV,EAAQoV,SAAW,MAGvCkN,GAAoB,CAACA,IAAqB,IAEhD,GAAIlN,EACF,IAAK,IAAI5C,KAAU4C,EAAS,CAE1B,IAAI3D,EAA0B,GACR,iBAAXe,IACTf,EAASe,EAAOf,QAAU,CAAC,EAC3Be,EAASA,EAAOlY,MAElB,IAAIkoB,EAA8BN,GAAuBviB,GACrD8iB,EAA+BL,GAAwBpiB,EAASwS,GAEpE,GAA2C,mBAAhCe,EAAY6B,QAAQ5C,GAE7B,OAAsC,KADtCe,QAAoBA,EAAY6B,QAAQ5C,GAAQf,IAChCkE,kBACPqM,GAAqB1W,EAAYiI,EAAavT,GAExC,WAAXwS,EACK,CAAEe,cAAamP,UAAU,GAE3BL,GACL/W,EACAiI,EACAiP,EACAC,GAKJ,MAAME,EAAoB1M,EAAgBlQ,MAAK,EAAGzL,UAAWA,IAASkY,IACtE,GAAImQ,EAEF,OAAsC,KADtCpP,QAAoBA,EAAYsC,QAAQrD,EAAQf,IAChCkE,kBACPqM,GAAqB1W,EAAYiI,EAAavT,GAEhDqiB,GAAU/W,EAAYiI,EAAa5T,EAAQ8iB,EAErD,CAIH,MAAMR,EAAWzB,GAAmBjN,GACpC,GAAI0O,EACF,MAAO,CAAE1O,cAAa0O,YAGxB,IAAKT,EAAY,CAEf,GAAIxhB,EAAQic,KAGV,OAFAtc,WDoCJ4T,EACAqP,EACAjjB,GAEA,MACM8U,GADelB,EAAY0C,iBAAmB,IACnBlQ,MAAKwS,GAAKA,EAAEje,OAASsoB,IACtD,OAAKnO,EAOwBA,EAAY7Z,MAAOuU,QAAO,CAACuB,EAAK+H,KAC3D,MAAM,KAAEne,EAAI,MAAEM,GAAU6d,EAMxB,OAJE/H,EAAIpW,GADO,gBAATA,EACUM,EAEA+E,EAAOrF,GAEdoW,CAAG,GACT,CAAE,IAbHlM,EAAK,gCAAgCoe,qCAC9BjjB,EAcX,CC3DekjB,CAA2BtP,EAAavT,EAAQic,KAAMtc,IAEzB,KADtC4T,QAAoBA,EAAYsC,QAAQ7V,EAAQic,KAAMtc,IACtCgW,kBACPqM,GAAqB1W,EAAYiI,EAAavT,GAEhD,CAAEuT,eAIX,GAAa,YAAT7H,EACF,MAAO,CAAE6H,eAEX,MAAM,IAAI/K,EAAa,2GAEJyN,EAAgB9G,QAAO,CAACC,EAAKC,IAASD,EAAMA,EAAM,KAAOC,EAAK/U,KAAO+U,EAAK/U,MAAM,aAEpG,CAGD,IAAKknB,EAAWvJ,eAEd,MAAO,CACL1E,cACAmI,SAHehD,GAAYpN,EAAYkW,EAAYjO,IAOvD,MAAMjZ,EAAOknB,EAAWxJ,UAClBpH,EAAO4Q,EAAWlJ,UAGxB,OAAsC,KADtC/E,QAAoBA,EAAYsC,QAAQvb,EAAMsW,IAC9B+E,kBACPqM,GAAqB1W,EAAYiI,EAAavT,IAIvDL,EAAS6hB,EAAWjI,0BACpBvZ,EAAU,OAAH,wBAAQA,GAAS,CAAAic,UAAM9gB,KAIlB4lB,sBAAyBxN,EAAY4C,iBAAoBqK,GAAmBjN,GAUjF8O,GAAU/W,EAAYiI,EAAa5T,EAAQK,GANzC,CACLuT,cACAmI,SAHehD,GAAYpN,EADlBgW,GAAc/N,EAAa5T,EAAQK,GACDuT,IASjD,CC5Ja,MAAAuP,GAAsC,CACjD,SAAYhF,GACZ,oCAAqCiB,GACrC,8BAA+BE,GAC/B,gCAAiCa,GACjC,kCAAmCD,GACnC,uBAAwB/D,GACxB,0BAA2BiB,GAC3B,iBAAkBC,GAClB,yBAA0BgB,GAC1B,cAAejC,GACf,4BAA6BO,GAC7B,0BAA2BG,GAC3B,eAAgByB,GAChB,KAAQ6B,ICnBGgD,GAAwC,CACnD,SAAYjF,GACZ,oBAAqBA,GACrB,oCAAqCiB,GACrC,8BAA+BE,GAC/B,0BAA2BlC,GAC3B,kCAAmC8C,GACnC,gCAAiCC,GACjC,sBAAuB7C,GACvB,yBAA0Be,GAC1B,cAAejC,ICVJiH,GAAoC,CAC/C,wBAAyBxD,GACzB,iBAAkBtC,GAClB,gCAAiC4C,GACjC,8BAA+Bb,GAC/B,cAAelD,GACf,4BAA6BO,GAC7B,0BAA2BG,GAC3B,uBAAwBX,GACxB,KAAQiE,ICZGkD,GAAqC,CAChD,SAAYnF,GAIZ,sCAAuCoB,GACvC,oCAAqCH,GACrC,0BAA2BhC,GAC3B,iBAAkBC,GAClB,kCAAmC6C,aCjBrBqD,GACdC,EACAzX,EAAuB,WAEvB,IAAI2V,EAAajM,EAASpS,GAAkB,EAC5C,OAAQ0I,GACN,IAAK,WACL,IAAK,SACL,IAAK,gBACH2V,EAAc2B,GACdhgB,GAAkB,EAClB,MACF,IAAK,kBACL,IAAK,gBACHqe,EAAc0B,GACd3N,EAAU,CACR,+BACA,0CAEFpS,GAAkB,EAClB,MACF,IAAK,gBACHqe,EAAc4B,GACdjgB,GAAkB,EAClBoS,EAAU,CACR,kBAEF,MAMF,QAEEiM,EAAcyB,GAGlB,MAAO,CAAEpX,OAAM2V,cAAajM,UAASpS,kBACvC,CCAA,SAASogB,GAAiBpjB,GAExB,MASML,EAAM,iBAAQK,GAIpB,MAbqB,CACnB,OACA,cACA,UACA,kBACA,OACA,uBACA,yBAGWzE,SAAQ+iB,WACZ3e,EAAO2e,EAAO,IAEhB3e,CACT,CAqOOyL,eAAeiY,GACpB/X,EACAtL,EAAsB,CAAC,SAEvB,IAAI4Q,EAAgB,CAClB5Q,UACAL,OAAQyjB,GAAiBpjB,IAG3B4Q,EA5OF,SAAwBtF,EAAYsF,GAClC,IAAI,QAAE5Q,GAAY4Q,EAClB5Q,EAAU,OAAH,wBACFsL,EAAWtL,QAAQkT,KACnBlT,GAEL,IAAI,KACF0L,EAAI,gBACJ1I,EAAe,YACfqe,EAAW,QACXjM,GACEpV,EAEJ,MAAMiB,EAAS4C,EAAUyf,QAIzB,GADA5X,EAAOA,GAAQJ,EAAW4H,IAAIqQ,WAAa,UACvC7X,EAAM,CACRJ,EAAW4H,IAAIsQ,QAAQ9X,GACvB,MAAM+X,EAAWP,GAAqB5X,EAAYI,GAElD1I,OAA8C,IAApBA,EAAmCA,EAAkBygB,EAASzgB,gBACxFqe,EAAcA,GAAeoC,EAASpC,YACtCjM,EAAUA,GAAWqO,EAASrO,OAC/B,CAED,sCACKxE,GACH,CAAA5Q,QACK,+BAAAA,GAAO,CACV0L,OACA1I,kBACAqe,cACAjM,YAEFnU,UAEJ,CAuMSyiB,CAAepY,EAAYsF,GAClCA,QAtMFxF,eAAqCE,EAAYsF,GAC/C,MAAM,QAAE5Q,GAAY4Q,GACd,YACJoG,EAAW,gBACXhU,EAAe,QACfsT,EAAO,MACPlM,EAAK,OACLD,EAAM,cACNyB,EAAa,gBACbD,EAAe,OACfE,EAAM,UACNtB,EAAS,MACTF,GACErK,EAEJ,IAAIuT,EACAhH,EAAOP,EAAwBV,EAAY,CAAElB,QAAOwB,gBAAeD,oBAEvE,GAAIqL,EACFzD,QAAoBqD,GAAWtL,EAAY,CAAEtI,kBAAiBsT,UAASU,oBAClE,CACL,IAAI/K,EAAoBM,aAAA,EAAAA,EAAMN,kBAC9B,IAAKA,EAAmB,CAEtBX,EAAWY,mBAAmBS,QAC9B,MAAMgX,QAAyBpS,GAASjG,EAAY,CAClDtI,kBACAoH,QACAD,SACAwB,kBACAC,gBACAC,SACAtB,YACAF,UAEF4B,EAAoB0X,EAAiB1X,kBACrCM,EAAOoX,EAAiBpX,IACzB,CAGDgH,QAAoBqD,GAAWtL,EAAY,CAAEtI,kBAAiBsT,UAASrK,qBACxE,CACD,sCAAY2E,GAAI,CAAE2C,cAAahH,QACjC,CA2JeqX,CAAsBtY,EAAYsF,GAC/CA,QA1JFxF,eAAoCE,EAAYsF,GAC9C,IAAI,YACF2C,EAAW,QACXvT,EAAO,OACPL,GACEiR,EAEJ,MAAM,cACJiT,EAAa,YACbxC,EAAW,QACXjM,EAAO,KACP1J,EAAI,KACJuQ,EAAI,qBACJ8E,GACE/gB,EAGJ,IAD2C,IAAlB6jB,KAA4BxC,GAAejM,GAAW6G,GAE7E,OAAOrL,EAGTjR,EAAS,OAAH,wBACDA,GAAM,CACTqX,YAAazD,EAAa2C,YAAYc,cAIxC,MACEzD,YAAauQ,EAA0B,SACvCpI,EAAQ,SACRgH,SACQL,GACR/W,EACAiI,EACA5T,EACA,CACE0hB,cACAjM,UACA1J,OACAuQ,OACA8E,yBAKJ,OAFAxN,EAAcuQ,EAEd,+BAAYlT,GAAM,CAAA2C,cAAamI,WAAUgH,YAC3C,CA4GeqB,CAAqBzY,EAAYsF,GAC9CA,QArFFxF,eAA4BE,EAAYsF,GACtC,IAAI,QACF5Q,EAAO,YACPuT,EAAW,SACXmP,EAAQ,OACRzhB,GACE2P,EACJ,MAAM,sBAAEoT,GAA0BhkB,EAClC,IAGImW,EACA8N,EACAC,EACAC,EACAjL,EACA+I,EARAmC,GAAqB,EACrBC,GAAyB,EACzBC,GAAqB,EAgBzB,GARI/Q,IACF6Q,KAAwB7Q,EAAYoC,oBAAqBpC,EAAYC,QACrE0Q,EP/JE,SAA6B3Q,GACjC,MAAM7C,EAAM,IACN,QAAE0E,EAAO,gBAAEa,GAAoB1C,EAkBrC,OAhBI6B,EAAQ,iCACV1E,EAAIhR,KAAKqE,EAAWwgB,mBAGlBtO,EAAgBnJ,MAAK,EAAGxS,UAAoB,0BAATA,KACrCoW,EAAIhR,KAAKqE,EAAWygB,cAGlBvO,EAAgBnJ,MAAK,EAAGxS,UAAoB,iBAATA,KACrCoW,EAAIhR,KAAKqE,EAAW0gB,YAGlBxO,EAAgBnJ,MAAK,EAAGxS,UAAoB,mBAATA,KACrCoW,EAAIhR,KAAKqE,EAAW2gB,gBAGfhU,CACT,CO0IsBiU,CAAmBpR,GACrC4Q,WPxIF7Y,EACAiI,EACAwN,SAEA,MAAMrQ,EAAkB,GAElBkU,EAAuD1qB,OAAOyF,OAAO0hB,GACxElS,QAAO,CAAC7T,EAAKupB,KAERA,EAAgBjC,kBAClBtnB,EAAIupB,EAAgBjC,iBAAmBiC,GAElCvpB,IACN,CAAE,GAEP,IAAK,IAAImZ,KAAelB,EAAY0C,gBAAiB,CACnD,MAAMwL,EAAIL,GAAmB3M,EAAa,CAAEsM,uBAAsBM,YAAauD,IAC/E,GAAInD,EAAG,CACL,MAAMD,EAAyB,IAAIC,EAAEhN,GACrC/D,EAAIhR,KAAM8hB,EAAW9I,YAAYpN,EAAYiI,EAAY4B,SAC1D,CACF,CAED,IAAK,MAAO7a,KAASJ,OAAO0F,QAAS2T,EAAY6B,SAAW,IAAM,CAChE,IAAI0P,EAAU,CACZxqB,OACAkY,OAAQpH,MAAOqG,GACNnG,EAAW4H,IAAI2C,QAAQ,CAC5BT,QAAS,CAAC,CAAE9a,OAAMmX,cAIxB,GAAInX,EAAKyqB,WAAW,wBAAyB,CAC3C,MAAOC,EAAOC,GAASzd,EAAOlN,EAAM,KAC9B4qB,EAAY3R,EAAY2C,YAAY8O,GAAOpqB,MAAMqqB,GAQlD1E,EAAI,GACL2E,EAPE,8CASAtqB,EAAuB,QAAf,EAAAsqB,EAAUtqB,aAAK,eAAEya,QAAOlP,GAAsB,gBAAdA,EAAK7L,OACnDwqB,EACK,6CAAAvE,GACC3lB,GAAS,CAAEA,UACZkqB,EAEN,CACDpU,EAAIhR,KAAKolB,EACV,CAED,OAAOpU,CACT,COgFqByU,CAAkB7Z,EAAYiI,EAAavT,EAAQ+gB,sBACpE7H,EAAW2H,GAAwBtN,EAAavT,GAChDiiB,EAAWzB,GAAmBjN,IAG5B0O,EAAU,CACZhhB,EAAS4C,EAAUuhB,SAMnB,MAAMC,EAAanrB,OAAOuF,KAAK8T,EAAa6B,SAAS1W,OAAS,EACxD4mB,IAAcpM,EAASnT,MAAK0C,GAAqB,UAAdA,EAAI8c,QAClBF,GAAeC,IAAgD,IAAnC/R,EAAaoC,kBAKlEyO,IAAuBiB,EAHvBhB,GAAyB,EAM3BC,GAAqB,CACtB,MAAU5B,GACTzhB,EAAS4C,EAAU2hB,SACnBnB,GAAyB,IAChB9Q,aAAW,EAAXA,EAAa4C,mBACtBA,EAAkB5C,EAAY4C,iBACA,IAA1B6N,GACF/iB,EAAS4C,EAAU4hB,QACnBpB,GAAyB,IAEzBJ,QA3EN7Y,eAAyBE,EAAYsF,GACnC,IAAI,KAAErE,EAAI,YAAEgH,GAAgB3C,EAC5B,MAAM,gBAAEuF,GAAoB5C,GACtB,SACJvJ,EAAQ,aACRS,EAAY,gBACZH,EAAe,YACfL,EAAW,KACXF,EAAI,OACJI,GACEoC,EASJ,aAR4BjB,EAAWC,MAAMyY,sBAAsB,CACjE7N,kBACAnM,WACAS,eACAH,kBACAL,cACAE,UACCJ,IACkBka,MACvB,CAuDqByB,CAAUpa,EAAYsF,GACrC3P,EAAS4C,EAAU4hB,QACnBpB,GAAyB,IAG7B,OACK,+BAAAzT,GAAI,CACP3P,SACAkV,kBACA8N,SACAG,qBACAC,yBACAC,qBACAJ,kBACAC,iBACAjL,WACA+I,YAEJ,CAce0D,CAAara,EAAYsF,GAEtC,MAAM,YACJ2C,EAAW,KACXhH,EAAI,mBACJ6X,EAAkB,uBAClBC,EAAsB,mBACtBC,EAAkB,OAClBrjB,EAAM,gBACNijB,EAAe,eACfC,EAAc,OACdF,EAAM,SACNvI,EAAQ,SACRxC,EAAQ,MACR1c,EAAK,gBACL2Z,GACEvF,EAEJ,GAAIyT,EACF/Y,EAAWY,mBAAmBS,MAAM,CAAE2X,4BAMtC,GAFAhY,GAAoBhB,EAAiB,iBAAAiB,IAEjC6X,EAAoB,CAEtB,MAAQlO,YAAaN,EAAc,kBAAED,GAAsBpC,EAC3DjI,EAAWY,mBAAmB0Z,gBAAgB,CAC5ChQ,iBACAD,oBACAqB,YAAiC,QAApB,EAAAzD,EAAa4B,eAAO,eAAE6B,YACnC/K,kBAAmBM,aAAA,EAAAA,EAAMN,mBAE5B,CAIH,MAAM,QAAEmJ,EAAO,QAAED,EAAO,gBAAEc,EAAe,QAAEJ,EAAO,YAAEK,EAAW,kBAAEP,EAAiB,OAAEnC,GAAWD,GAAe,CAAC,EAC/G,sIACEtS,OAAQA,GACJsL,GAAQ,CAAEA,SACV2X,GAAmB,CAAEA,oBACrBC,GAAkB,CAAEA,mBACpBF,GAAU,CAAEA,WACZvI,GAAY,CAAEA,aACdxC,GAAYA,EAASxa,QAAU,CAAEwa,aACjC1c,GAAS,CAAEA,UACXgX,GAAU,CAAEA,WAAQ,CACxB2C,kBAGAf,QAASA,EACTD,QAASA,EACTc,gBAAiBA,EACjBJ,QAASA,EACTK,YAAaA,EACbP,qBAEJ,CC7VOvK,eAAeya,GACpBva,EAAkCtL,EAAiC,CAAC,GAKpE,OAHIA,EAAQqa,WAAara,EAAQuX,gBAC/BvX,EAAQuX,cAAgBzT,EAAiBuX,eAEpCgI,GAAI/X,EACN,+BAAAtL,GAAO,CACV0L,KAAM,iBAEV,CCfON,eAAe0a,GAAQxa,EAAkCtL,GAC9D,MACMyjB,EAAWP,GAAqB5X,EADzBA,EAAWY,mBAAmBC,OACYT,MACvD,OAAO2X,GAAI/X,EAAY,OAAF,sCAChBtL,GACAyjB,GACH,CAAArO,QAAS,CAAC,YAEd,CCVM,SAAU2Q,GAAkBC,GAEhC,IAAIC,EAAa,MACbC,EAAa,qBACbC,EAAWH,GAAgB,GAGJ,MAAvBG,EAAShP,OAAO,IAAqC,MAAvBgP,EAAShP,OAAO,KAChDgP,EAAWA,EAASne,UAAU,IAIL,MAAvBme,EAAShP,OAAO,IAAqC,MAAvBgP,EAAShP,OAAO,KAChDgP,EAAWA,EAASne,UAAU,IAQhC,IAJA,IAGIoe,EAHApsB,EAAM,GAKRosB,EAAQF,EAAWG,KAAKF,IADb,CAIX,IAAIzjB,EAAM0jB,EAAM,GACZxrB,EAAQwrB,EAAM,GAIhBpsB,EAAI0I,GADM,aAARA,GAA8B,iBAARA,GAAkC,SAARA,EACvC9H,EAEAkG,mBAAmBlG,EAAMiG,QAAQolB,EAAY,KAE3D,CACD,OAAOjsB,CACT,CC/BM,MAAOssB,WAAiCje,EAI5C,WAAAvG,CAAYsI,EAAe0P,GACzBxR,MAAM,iDAAiDwR,KACvD7gB,KAAKqB,KAAO,2BACZrB,KAAKmR,MAAQA,EACbnR,KAAK6gB,IAAMA,CACZ,EAGG,SAAUyM,GAA2B/pB,GACzC,MAAuB,6BAAfA,EAAMlC,IAChB,CAGM,SAAUksB,GAAuBC,GACrC,MAAO,UAAUjsB,KAAKisB,IAAY,YAAYjsB,KAAKisB,EACrD,CAGM,SAAUC,GAAyBD,GACvC,OAAOV,GAAkBU,EAC3B,CAEOrb,eAAeub,GAA0Brb,EAAkCsb,GAChF,GAAIJ,GAAsBI,GAAS,CACjC,MAAM,MAAExc,EAAK,IAAE0P,GAAQ4M,GAAyBE,GAChD,GAAItb,EAAW4H,IAAI2T,WAAW,CAAEzc,UAE9B,aAAakB,EAAW4H,IAAI2C,QAAQ,CAAEzL,QAAO0P,QAG7C,MAAM,IAAIwM,GAAyBlc,EAAO0P,EAE7C,CACH,UClCgB+M,GAAWvb,EAAkCtL,EAA0B,CAAC,GAEtF,SADagM,EAAwBV,EAAYtL,KAC/BA,EAAQgX,YAC5B,CAEO5L,eAAeyK,GACpBvK,EACAtL,EAA0B,CAAC,GAG3B,IAAK6mB,GAAWvb,EAAYtL,GAC1B,MAAM,IAAIwI,EAAa,4DAGzB,IAAI,KAAEkD,EAAI,MAAEtB,GAAUpK,EACtB,IAAK0L,EAAM,CACT,MAAMa,EAAOP,EAAwBV,EAAY,CAAElB,UACnDsB,EAAOa,aAAI,EAAJA,EAAMb,IACd,CAED,OAAO2X,GAAI/X,EAAY,OAAF,wBAChBtL,GACH,CAAA0L,SAEJ,CCxBON,eAAegR,GAAK9Q,EAAkCtL,EAA0B,CAAC,SACtF,IAAI8mB,QAAoBjR,GAAQvK,EAAY,CAC1C0Q,cAAc,IAGhB,MAAMzP,EAAOP,EAAwBV,GACrC,IAAIyb,EAAmD,QAApB,EAAAxa,aAAA,EAAAA,EAAMqI,oBAAc,eAAA7O,MAAK0O,GAAeA,EAAY4E,SAAS,UAKhG,OAJK0N,aAA4B,EAA5BA,EAA8BroB,SACjC8F,EAAK,mEAGHwiB,OAAOC,UAAUjnB,EAAQqc,SACpB,IAAIrgB,SAAQ,SAAUI,EAASH,GACpCsL,YAAW6D,yBACT,IACE,MAAMiR,EAAsC,QAA5B,EAAsB,QAAtB,EAAAyK,EAAYpL,gBAAU,eAAAU,YAAM,eAAAC,QAE1CjgB,EADEigB,EACMD,GAAK9Q,EAAY,CACvB+Q,YAGMyK,EAEX,CAAC,MAAOplB,GACPzF,EAAOyF,EACR,CACH,GAAG1B,EAAQqc,QACb,IAGKyK,CACT,CCrCO1b,eAAe8b,GACpB5b,EACAtL,EAAwB,CAAC,GAKzB,OAFAsL,EAAWY,mBAAmBS,QAEvB0W,GAAI/X,EACT,eAAA0Y,uBAAuB,GACpBhkB,GAEP,CCHOoL,eAAe+b,GACpB7b,EAAkCtL,EAA+B,CAAC,GAIlE,IAAK8L,EAA0BR,GAAa,CAC1C,MAAM,gBAAE4Y,SAA0BgD,GAAiB5b,EAAY,OAAF,wBACxDtL,GACH,CAAA0L,KAAM,WACNmY,eAAe,KAEjB,IAAK7jB,EAAQ2L,iBAAmBuY,IAAoBA,EAAgB7K,SAAStV,EAAWygB,cACtF,MAAM,IAAIhc,EAAa,yEAE1B,CAED,OAAO6a,GAAI/X,EACN,+BAAAtL,GAAO,CACV0L,KAAM,aAEV,CCvBON,eAAegc,GACpB9b,EAAkCtL,EAAmC,CAAC,GAEtE,MAAMyjB,EAAWP,GAAqB5X,EAAY,mBAClD,OAAO+X,GACL/X,EAAY,OAAF,wBAELtL,GACAyjB,GAGT,CCfOrY,eAAeic,GACpB/b,EACAnL,GAEA,MAAMoM,EAAOjB,EAAWY,mBAAmBC,OAC3C,IAAKI,EACH,MAAM,IAAI/D,EAAa,4CAGzB,MAAM,aACJiC,EACAL,MAAOkd,GACL/a,GACE,aACJtG,GAGE,IAAIshB,IAAIpnB,GACNiK,EAAQnE,EAAahI,IAAI,SACzBkY,EAAkBlQ,EAAahI,IAAI,oBAGnCzB,EAAQyJ,EAAahI,IAAI,SAC/B,GAAIzB,EAEF,MAAM,IAAIiS,GAAWjS,EAAOyJ,EAAahI,IAAI,sBAE/C,GAAImM,IAAUkd,EACZ,MAAM,IAAI9e,EAAa,+DAEzB,IAAK2N,EACH,MAAM,IAAI3N,EAAa,iDAIzB,MAAM,OAAEyb,SAAiB3Y,EAAWC,MAAMyY,sBAAsB,CAAE7N,kBAAiB1L,iBACnFa,EAAWkc,aAAaC,UAAUxD,EACpC,CC9BO7Y,eAAesc,GACpBpc,EAAkCtL,EAAgC,CAAC,GAKnE,GAHAA,EAAQ0L,KAAO,iBAGVI,EAA0BR,GAAa,CAC1C,MAAM,gBAAE4Y,SAA0BgD,GAAiB5b,EAAU,+BAAOtL,GAAS,CAAA6jB,eAAe,KAC5F,GAAIK,IAAoBA,EAAgB7K,SAAStV,EAAW2gB,gBAC1D,MAAM,IAAIlc,EACR,wFAGL,CAED,OAAO6a,GAAI/X,EAAiB,iBAAAtL,GAC9B,CCxBM,SAAU2nB,GAA2BnrB,GACzC,MAAmB,eAAfA,EAAMlC,MAIuB,yBADdkC,EACAkM,SACrB,CAEgB,SAAAkf,GAAyB1e,EAA6B1M,GACpE,GAAmB,iBAAfA,EAAMlC,KACR,OAAO,EAET,MAEMutB,EAFerrB,EAEc0F,IAC7BmR,EAAewU,aAAA,EAAAA,EAAexU,aACpC,OAAOnK,EAAIlJ,QAAQwK,MAA2C,mBAAlC6I,aAAY,EAAZA,EAAc7W,MAC5C,CAEM,SAAUsrB,GAA2BtrB,GAEzC,OAAOma,GAAana,IACE,kBAApBA,EAAMkM,WACiB,6CAAvBlM,EAAMmM,YACV,CCxBM,SAAUof,GAAgBC,GAC9B,MAAO,wBAAwBxtB,KAAKwtB,EACtC,CAGM,SAAUC,GAAqBjC,GACnC,MAAO,WAAWxrB,KAAKwrB,EACzB,CAGM,SAAUkC,GAAmBlC,GACjC,MAAO,uBAAuBxrB,KAAKwrB,EACrC,CAEM,SAAUmC,GAAcnC,GAC5B,MAAO,YAAYxrB,KAAKwrB,IAAiB,uBAAuBxrB,KAAKwrB,EACvE,CAEgB,SAAAoC,GAAcC,EAAanf,GACzC,IAAIof,EAAapf,EAAIlJ,QACrB,SAAKqoB,IAAQC,EAAWre,cAGuB,IAAxCoe,EAAIpuB,QAAQquB,EAAWre,YAChC,CAEM,SAAUse,GAAWvoB,GACzB,OAAOA,EAAQwK,MAAiC,SAAzBxK,EAAQiD,cAAoD,UAAzBjD,EAAQkK,YACpE,CAEM,SAAUse,GAAgBxoB,GAG9B,OAFeuoB,GAAWvoB,IAC0B,aAAzBA,EAAQkK,aACjB/F,OAAO1C,SAASmlB,OAASziB,OAAO1C,SAASumB,IAC7D,CAMM,SAAUS,GAAiBvf,GAE/B,IAAKkf,GAAcjkB,OAAO1C,SAASuR,KAAM9J,GACvC,OAAO,EAIT,IAAIwf,EAAWH,GAAWrf,EAAIlJ,SAC1BgmB,EAAewC,GAAgBtf,EAAIlJ,SAEvC,QAAImoB,GAAcnC,KAId0C,EACaT,GAAqBjC,IAAiBkC,GAAmBlC,GAKnE+B,GAAgB5jB,OAAO1C,SAASumB,MACzC,CAMgB,SAAAW,GAAuBzf,EAA6B8c,GAClE,IAAKA,EAAc,CAEjB,IAAKyC,GAAgBvf,GACnB,OAAO,EAGT8c,EAAewC,GAAgBtf,EAAIlJ,QACpC,CACD,MAAO,gCAAgCxF,KAAKwrB,EAC9C,CClDM,SAAU4C,GAAa1f,GAC3B,MAAM2f,EAAwB3B,GAAiBliB,KAAK,KAAMkE,GA2C1D,MA1CY,CACVqI,SAAUA,GAASvM,KAAK,KAAMkE,GAC9B0N,WAAYA,GAAW5R,KAAK,KAAMkE,GAClCiK,gBAAiB,GAAanO,KAAK,KAAMkE,GAEzC2c,aAAcA,GAAa7gB,KAAK,KAAMkE,GACtCie,SAAUA,GAASniB,KAAK,KAAMkE,GAC9B4f,MAAOD,EACP3B,iBAAkB2B,EAClBzM,KAAMA,GAAKpX,KAAK,KAAMkE,GACtB2M,QAASA,GAAQ7Q,KAAK,KAAMkE,GAC5B4c,OAAQA,GAAO9gB,KAAK,KAAMkE,GAC1Bke,gBAAiBA,GAAgBpiB,KAAK,KAAMkE,GAG5Cme,8BAA+BA,GAA8BriB,KAAK,KAAMkE,GAGxEyf,sBAAuBA,GAAsB3jB,KAAK,KAAMkE,GACxDye,2BAA0B,GAG1BhB,0BAA2BA,GAA0B3hB,KAAK,KAAMkE,GAChEsd,sBAAqB,GACrBE,yBAAwB,GACxBH,2BAA0B,GAE1Bva,wBAAyBA,EAAwBhH,KAAK,KAAMkE,GAC5DmC,sBAAuBA,EAAsBrG,KAAK,KAAMkE,GACxDmD,mBAAoBA,GAAmBrH,KAAK,KAAMkE,GAClDoD,oBAAqBA,GAAoBtH,KAAK,KAAMkE,GACpDwD,qBAAsBA,GAAqB1H,KAAK,KAAMkE,GACtDkD,uBAAsB,GACtBoX,QAAU9X,IACRxC,EAAIlJ,QAAQ0L,KAAOA,CAAI,EAEzB6X,QAAS,IACAra,EAAIlJ,QAAQ0L,KAErBmb,WAAYA,GAAW7hB,KAAK,KAAMkE,GAClCwe,cAAeA,GAAc1iB,KAAK,KAAMkE,GAG5C,CC1EA,MAAM6f,GAAI,SAAStjB,GAAO,OAAOujB,KAAKvjB,EAAQ,EACxCwjB,GAAI,SAAUxjB,GAAO,OAAOyjB,KAAKzjB,EAAQ,EACzCS,GAAsB,oBAAXijB,OAAyB,KAAOA,OCC3CC,GAAiB,6CAEPC,KACd,MAA2B,oBAAbC,UAA8C,oBAAXnlB,MACnD,UAEgBolB,KACd,IAAKF,KACH,OAAO,EAET,MAAMG,EAAgBF,SAAiBE,aACvC,QAASA,GAAgBA,GAAgB,EAC3C,UAEgBC,KACd,OAAOC,UAAUC,SACnB,UAEgBC,KACd,MAAMC,EAAQJ,KACd,OAAOI,IAAUT,GAAe5uB,KAAKqvB,EACvC,UAEgBC,KACd,IAAKT,KACH,OAAO,EAET,MAAMG,EAAgBF,SAAiBE,aACvC,IAAIO,EAAWP,GAAgBA,EAAe,GAC9C,YAAkC,IAAvBrlB,OAAO6lB,cAAgCD,CAIpD,UAEgBE,KACd,OAAO,MAAOC,SAEmB,IAArBA,GAAUC,QACK,oBAAfjtB,UACd,UAEgBktB,KACd,MAA8B,oBAAhBC,WAChB,UAEgBC,KACd,OAAOL,MAA4BG,IACrC,UAEgBG,KACd,QAAKlB,MAG+B,WAA7BllB,OAAO1C,SAAS+oB,QACzB,UAEgBC,KAEd,OAAOpB,MAA4C,cAA7BllB,OAAO1C,SAASipB,QACxC,CCvDM,SAAUC,GAKdC,GAGA,MAAMC,EAQJ,WAAA/oB,IAAeoD,GACb,MAAMlF,EAAU,IAAI4qB,EAAmB1lB,EAAKxG,QAASwG,EAAK,IAAW,IACrEjM,KAAK+G,QAAUuF,EAAWvF,GAC1B/G,KAAK6xB,QAAU,IAAI,EACnB7xB,KAAK8xB,SAAW,CACjB,EAWH,OAnBS,EAAQ,SAAgB,EACxB,EAAS,UAAG,EAWrBF,EAAaE,SAAWF,EAAavxB,UAAUyxB,SAAW,EAG1D7wB,OAAOuW,OAAOoa,EAAc,CAC1BG,UAAS,IAGJH,CACT,CC/CgB,SAAAI,GAOdC,EAAaC,GAGb,OAAO,cAA8BD,EAGnC,WAAAppB,IAAeoD,GACboD,SAASpD,GACT,MAAM,eAAE4K,EAAc,QAAEE,EAAO,YAAEJ,GAAgB3W,KAAK+G,QACtD/G,KAAK6W,eAAiB,IAAIqb,EAAerb,EAAiBE,EAAUJ,EACrE,CACD,YAAAwb,GAEC,EAEL,OCdaC,GAGX,WAAAvpB,GAEE7I,KAAKqyB,aAAe,CAAC,sBACrBryB,KAAKsyB,yBACN,CAED,cAAAC,CAAeC,GACbxyB,KAAKqyB,aAAa5rB,KAAK+rB,EACxB,CAED,aAAAjb,GACE,MAAO,CAAE,6BAA8BvX,KAAKqyB,aAAazsB,KAAK,KAC/D,CAED,UAAA6sB,GACE,MAAO,OACR,CAED,uBAAAH,GACE,GAAIlC,OAAgBsC,UAAYA,QAAQC,SACtC,OAEF,MAAQC,KAAMvV,GAAYqV,QAAQC,SAClC3yB,KAAKqyB,aAAa5rB,KAAK,UAAU4W,IAClC,WC7BapT,GAAiBoI,EAAmCwgB,EAAYC,GAC9EzgB,EAAWtL,QAAQ3E,QAAUiQ,EAAWtL,QAAQ3E,SAAW,CAAC,EAC5DiQ,EAAWtL,QAAQ3E,QAAQywB,GAAcC,CAC3C,CCLM,SAAUC,GAOfd,GAEC,OAAO,cAA2BA,EAKhC,WAAAppB,IAAeoD,GACboD,SAASpD,GAETjM,KAAKsX,eAAiB,IAAI8a,GAG1BpyB,KAAKgzB,KAAO,CACV/oB,iBAAkBA,GAAiB8B,KAAK,KAAM/L,MAEjD,CAED,UAAAizB,CAAW7wB,GACTpC,KAAK+G,QAAQ3E,QAAUnB,OAAOuW,OAAO,CAAC,EAAGxX,KAAK+G,QAAQ3E,QAASA,EAChE,CAED,eAAA8V,GAGE,OAAOlY,KAAK+G,QAAQmJ,OAAQxI,MAAM,YAAY,EAC/C,CAED,SAAAwrB,CAAUC,GAOR,OAAOnuB,GAAIhF,KAND,yBAA2BgP,EAAcmkB,GACrC,CACZ/wB,QAAS,CACP,OAAU,yBAIf,EAEL,CCzCM,SAAUgxB,GAAkB5mB,GAEhC,OAAO6mB,GADGpD,GAAKzjB,GAEjB,CAGM,SAAU6mB,GAAkBC,GAChC,OAAOA,EAAI1rB,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,GACpE,CAGM,SAAU2rB,GAAkBC,GAChC,OAAOA,EAAK5rB,QAAQ,KAAM,KAAKA,QAAQ,KAAM,IAC/C,CAEM,SAAU6rB,GAAkBD,GAChC,IAAIF,EAAMC,GAAkBC,GAC5B,OAAQF,EAAI7tB,OAAS,GACnB,KAAK,EACH,MACF,KAAK,EACH6tB,GAAO,KACP,MACF,KAAK,EACHA,GAAO,IACP,MACF,QACE,MAAM,IAAI/jB,EAAa,yBAE3B,IAAImkB,EAAO3D,GAAKuD,GAChB,IACE,OAAOzrB,mBAAmB8rB,OAAOD,GAClC,CAAC,MAAOhzB,GACP,OAAOgzB,CACR,CACH,CAEM,SAAUE,GAAepnB,GAE7B,IADA,IAAIpI,EAAS,IAAIH,WAAWuI,EAAI/G,QACvBC,EAAI,EAAGA,EAAI8G,EAAI/G,OAAQC,IAC9BtB,EAAOsB,GAAK8G,EAAIqnB,WAAWnuB,GAE7B,OAAOtB,CACT,CAEM,SAAU0vB,GAAgBtnB,GAC9B,OAAOujB,GAAKwD,GAAkB/mB,GAChC,CAGM,SAAUunB,GAAkBP,GAChC,OAAOvvB,WAAW+vB,KAAKF,GAAgBN,IAAQvmB,GAAcA,EAAE4mB,WAAW,IAC5E,CAGM,SAAUI,GAAkBC,GAChC,OAAOjE,GAAK,IAAIhsB,WAAWiwB,GAAKhe,QAAO,CAACie,EAAGC,IAASD,EAAI7yB,OAAOqE,aAAayuB,IAAO,IACrF,CCzDM,SAAUC,GAAY7nB,GAC1B,IAAIpI,GAAS,IAAIgtB,aAAckD,OAAO9nB,GACtC,OAAOykB,GAAUC,OAAOqD,OAAO,UAAWnwB,GAAQiB,MAAK,SAASD,GAC9D,IACIovB,EADY,IAAIvwB,WAAWmB,GACLrB,MAAM,EAAG,IAGnC,OADWqvB,GADA9xB,OAAOqE,aAAakG,MAAM,KAAM2oB,GAG7C,GACF,CCTgB,SAAAC,GAAY3iB,EAASrI,GACnCA,EAAMtB,EAAMsB,GAEZ,IACIirB,EAAO,CACTrzB,KAAM,oBACN0tB,KAAM,CAAE1tB,KAAM,YAYhB,cAJOoI,EAAIkrB,IAIJ1D,GAAUC,OAAO0D,UAfX,MAiBXnrB,EACAirB,GAbgB,EACL,CAAC,WAgBbrvB,MAAK,SAASwvB,GACb,IAAIC,EAAMhjB,EAAQpK,MAAM,KACpByS,EAAUyZ,GAAekB,EAAI,GAAK,IAAMA,EAAI,IAE5CC,EAAYnB,GADGE,GAAgBgB,EAAI,KAGvC,OAAO7D,GAAUC,OAAO8D,OACtBN,EACAG,EACAE,EACA5a,EAEJ,GACF,OCxBa8a,GAKX,WAAApsB,CAAY9B,EAA+B,CAAEmuB,OAAO,IAClDl1B,KAAKm1B,MAAQ,GACbn1B,KAAKo1B,SAAU,EACfp1B,KAAK+G,QAAUA,CAChB,CAKD,IAAAN,CAAKO,EAA+BquB,KAAoBppB,GACtD,OAAO,IAAIlJ,SAAQ,CAACI,EAASH,KACvBhD,KAAKm1B,MAAM1vB,OAAS,IAGK,IAAvBzF,KAAK+G,QAAQmuB,OACf3pB,EACE,iJAKNvL,KAAKm1B,MAAM1uB,KAAK,CACdO,SACAquB,aACAppB,OACA9I,UACAH,WAEFhD,KAAKoqB,KAAK,GAEb,CAED,GAAAA,GACE,IAAIpqB,KAAKo1B,SAGiB,IAAtBp1B,KAAKm1B,MAAM1vB,OAAf,CAGAzF,KAAKo1B,SAAU,EAEf,IAAIE,EAAYt1B,KAAKm1B,MAAMnzB,QACvByV,EAAM6d,EAAUtuB,OAAO6E,MAAMypB,EAAUD,WAAYC,EAAUrpB,MAC7DiI,GAAUuD,GACXA,EAAyBpS,KAAKiwB,EAAUnyB,QAASmyB,EAAUtyB,QAAQmR,SAAQ,KAC1EnU,KAAKo1B,SAAU,EACfp1B,KAAKoqB,KAAK,KAGZkL,EAAUnyB,QAAQsU,GAClBzX,KAAKo1B,SAAU,EACfp1B,KAAKoqB,MAbN,CAeF,ECvEH,SAASmL,GAASC,GAChB,OAAQ,IAAMA,EAAIt0B,SAAS,KAAKu0B,QAAQ,EAC1C,CA0BA,IAAe,IACbpgB,8BAA6B,GAC7BqgB,iBAnBF,SAA0BC,GACxB,IAAIC,EAAWD,GAAU,GAIzB,OAHIC,EAASnwB,OAAS0P,KACpBygB,GAVJ,SAAyBnwB,GACvB,IAAIqqB,EAAI,IAAI7rB,WAAWgK,KAAK4nB,KAAKpwB,EAAS,IAG1C,OAFAwrB,GAAU6E,gBAAgBhG,GAChBttB,MAAMwxB,KAAKlE,EAAGyF,IAAS3vB,KAAK,IAC3B7B,MAAM,EAAG0B,EACtB,CAK0BswB,CAAgB5gB,GAAsBygB,EAASnwB,SAEhEwJ,mBAAmB2mB,GAAU7xB,MAAM,EAAGqR,GAC/C,EAcE4gB,iBAZF,SAA0BxpB,GACxB,IAAIpI,GAAS,IAAIgtB,aAAckD,OAAO9nB,GACtC,OAAOykB,GAAUC,OAAOqD,OAAO,UAAWnwB,GAAQiB,MAAK,SAASD,GAG9D,OADWguB,GADA9xB,OAAOqE,aAAakG,MAAM,KAAM,IAAI5H,WAAWmB,IAG5D,GACF,GC3BM,SAAU6wB,GAAY3jB,GAC1B,IACI4jB,EADApB,EAAMxiB,EAAM5K,MAAM,KAGtB,IACEwuB,EAAe,CACbxzB,OAAQuD,KAAKC,MAAMutB,GAAkBqB,EAAI,KACzC3a,QAASlU,KAAKC,MAAMutB,GAAkBqB,EAAI,KAC1CC,UAAWD,EAAI,GAElB,CAAC,MAAOp0B,GACP,MAAM,IAAI6O,EAAa,kBACxB,CAED,OAAO2mB,CACT,CCZM,SAAUC,GAAsBlmB,GACpC,MAAM,KACJsB,EAAI,SACJR,EAAQ,YACRC,EAAW,aACXhH,EAAY,aACZiH,EAAY,OACZC,EAAM,UACNI,EAAS,OACTsB,EAAM,MACNzB,EAAK,gBACLE,GACEpB,EAAIlJ,QACFqvB,EAAqBhG,KAAcllB,OAAO1C,SAASuR,UAAO7X,EAChE,OAAOoK,EAAW,CAChBiF,OACAR,WACAC,YAAaA,GAAeolB,EAC5BpsB,aAAcA,GAAgB,CAAC,QAAS,YACxCiH,eACAE,MAAOA,GAASrB,IAChBsB,MAAOrB,IACPmB,OAAQA,GAAU,CAAC,SAAU,SAC7BI,YACAsB,SACAvB,mBAEJ,UCgBgBglB,GAAoBpmB,EAAKlJ,EAAsB+J,IA5C/D,SAAyB/J,GAEvB,IAAKA,EAAQgK,SACX,MAAM,IAAIxB,EAAa,2EAGzB,IAAKxI,EAAQiK,YACX,MAAM,IAAIzB,EAAa,sEAGzB,IAAKxI,EAAQuvB,oBAAsBvvB,EAAQmW,gBACzC,MAAM,IAAI3N,EAAa,6EAGzB,IAAKxI,EAAQyK,aACX,MAAM,IAAIjC,EAAa,gFAE3B,CA4BEgnB,CAAgBxvB,GAChB,IAAI4Q,EA3BN,SAAqB1H,EAAKlJ,GAExB,IAAIyR,EAAsBlM,EAAW,CACnC,UAAavF,EAAQgK,SACrB,aAAgBhK,EAAQiK,YACxB,WAAcjK,EAAQmW,gBAAkB,mBAAqB,qBAC7D,cAAiBnW,EAAQyK,eAGvBzK,EAAQmW,gBACV1E,EAAyB,iBAAIzR,EAAQmW,gBAC5BnW,EAAQuvB,oBACjB9d,EAAOge,KAAOzvB,EAAQuvB,mBAGxB,MAAM,aAAE/d,GAAiBtI,EAAIlJ,QAM7B,OALIwR,IACFC,EAAsB,cAAID,GAIrBvJ,EAAcwJ,GAAQzU,MAAM,EACrC,CAKa0yB,CAAYxmB,EAAKlJ,GAM5B,OAAOuP,GAAYrG,EAAK,CACtB/I,IAAK4J,EAAKN,SACVxJ,OAAQ,OACRiF,KAAM0L,EACNvV,QARc,CACd,eAAgB,sCASpB,UAEgBs0B,GACdzmB,EACAlJ,EACAgL,GAEA,OAAOuE,GAAYrG,EAAK,CACtB/I,IAAK6K,EAAavB,SAClBxJ,OAAQ,OACR5E,QAAS,CACP,eAAgB,qCAGlB6J,KAAMhL,OAAO0F,QAAQ,CACnB8R,UAAW1R,EAAQgK,SACnB4lB,WAAY,gBACZje,MAAO3G,EAAab,OAAOtL,KAAK,KAChCgxB,cAAe7kB,EAAaA,eAC3B1P,KAAI,UAAWhB,EAAMM,IAEtB,OAAON,EAAO,IAAM4N,mBAAmBtN,EACzC,IAAGiE,KAAK,MAEZ,CCnFgB,SAAAixB,GAAa5mB,EAA6BC,GAExD,OAAOlL,GAAIiL,GADUC,GAAUD,EAAIlJ,QAAQmJ,QACX,oCAAqC,CACnE8G,eAAe,GAEnB,UAEgB8f,GAAO7mB,EAA6BC,EAAgB6mB,GAClE,IAAIngB,EAAY3G,EAAI4G,eAAeC,aAAa7G,EAAIlJ,QAAQgQ,SAE5D,OAAO8f,GAAa5mB,EAAKC,GACxB7K,MAAK,SAAS2xB,GACb,IAAIC,EAAUD,EAAoB,SAI9B/f,EADgBL,EAAUM,aACK+f,GACnC,GAAIhgB,GAAkBrJ,KAAKuJ,MAAM,IAAOF,EAAeG,UAAW,CAChE,IAAI8f,EAAYpqB,EAAKmK,EAAe7O,SAAS5B,KAAM,CACjDuwB,IAAKA,IAGP,GAAIG,EACF,OAAOA,CAEV,CAMD,OAHAtgB,EAAUub,aAAa8E,GAGhBjyB,GAAIiL,EAAKgnB,EAAS,CACvBjgB,eAAe,IAEhB3R,MAAK,SAASoS,GACb,IAAIhO,EAAMqD,EAAK2K,EAAIjR,KAAM,CACvBuwB,IAAKA,IAGP,GAAIttB,EACF,OAAOA,EAGT,MAAM,IAAI8F,EAAa,eAAiBwnB,EAAM,uCAChD,GACF,GACF,UC7CgBI,GAAelnB,EAA6BmnB,EAAoBC,GAC9E,MAAMC,EAAMD,EAAiBtmB,SACvBwmB,EAAMF,EAAiBnnB,OACvBkB,EAAQimB,EAAiBjmB,MACzBomB,EAAMH,EAAiB/lB,UAE7B,IAAK8lB,IAAWG,IAAQD,EACtB,MAAM,IAAI/nB,EAAa,oDAGzB,GAAI6B,GAASgmB,EAAOhmB,QAAUA,EAC5B,MAAM,IAAI7B,EAAa,yDAGzB,MAAM4H,EAAMlJ,KAAKC,MAAMN,KAAKuJ,MAAM,KAElC,GAAIigB,EAAOG,MAAQA,EACjB,MAAM,IAAIhoB,EAAa,eAAiB6nB,EAAOG,IAAxB,qBACAA,EAAM,KAG/B,GAAIH,EAAOE,MAAQA,EACjB,MAAM,IAAI/nB,EAAa,iBAAmB6nB,EAAOE,IAA1B,qBACAA,EAAM,KAG/B,GAAIE,GAAOJ,EAAOI,MAAQA,EACxB,MAAM,IAAIjoB,EAAa,YAAc6nB,EAAOI,IAArB,gCACWA,EAAM,KAG1C,GAAIJ,EAAOK,IAAOL,EAAOM,IACvB,MAAM,IAAInoB,EAAa,wCAGzB,IAAKU,EAAIlJ,QAAQ4wB,eAAgB,CAC/B,GAAKxgB,EAAMlH,EAAIlJ,QAAQ6wB,aAAiBR,EAAOM,IAC7C,MAAM,IAAInoB,EAAa,0CAGzB,GAAI6nB,EAAOK,IAAQtgB,EAAMlH,EAAIlJ,QAAQ6wB,aACnC,MAAM,IAAIroB,EAAa,mCAE1B,CACH,CCxCO4C,eAAe,GAAYlC,EAA6BqC,EAAgB+kB,GAC7E,IAAK/kB,IAAUA,EAAMR,QACnB,MAAM,IAAIvC,EAAa,iCAIzB,MAAMulB,EAAMmB,GAAY3jB,EAAMR,SAIxB+lB,GAAmBR,aAAA,EAAAA,EAAkBnnB,SAAUD,EAAIlJ,QAAQmJ,QAC3D,OAAEA,SAAiB2mB,GAAa5mB,EAAK4nB,GAErCC,EAAuC72B,OAAOuW,OAAO,CAEzDzG,SAAUd,EAAIlJ,QAAQgK,SACtBM,gBAAiBpB,EAAIlJ,QAAQsK,iBAC5BgmB,EAAkB,CAEnBnnB,WAQF,GAJAinB,GAAelnB,EAAK6kB,EAAI3a,QAAS2d,GAIQ,GAArCA,EAAkBzmB,kBAA4BpB,EAAI6hB,SAASd,yBAC7D,OAAO1e,EAIT,MAAM7I,QAAYqtB,GAAO7mB,EAAKqC,EAAMpC,OAAQ4kB,EAAIpyB,OAAOq0B,KAEvD,UADoBgB,GAAsBzlB,EAAMR,QAASrI,GAEvD,MAAM,IAAI8F,EAAa,oCAEzB,GAAI8nB,GAAoBA,EAAiBxlB,aAAeS,EAAM8kB,OAAOY,eAChDC,GAAsBZ,EAAiBxlB,eAC7CS,EAAM8kB,OAAOY,QACxB,MAAM,IAAIzoB,EAAa,kCAG3B,OAAO+C,CACT,CCvBOH,eAAe+lB,GACpBjoB,EACAW,EACA6G,EACA3G,GAMA,IAJkC,IAArBb,EAAIlJ,QAAQwK,OAIZkG,EAAI+e,MAAQ/e,EAAI0gB,kBAC3B,OAAOloB,EAAIqC,MAAMyY,sBAAsB9pB,OAAOuW,OAAO,CAAE,EAAE5G,EAAa,CACpE0lB,kBAAmB7e,EAAI+e,KACvBtZ,gBAAiBzF,EAAI0gB,mBACnBrnB,GAGNF,EAAcA,GAAeulB,GAAsBlmB,GACnDa,EAAOA,GAAQT,EAAaJ,EAAKW,GAEjC,IAKIM,EALAlH,EAAe4G,EAAY5G,cAAgB,GAC1CxH,MAAMC,QAAQuH,IAAkC,SAAjBA,IAClCA,EAAe,CAACA,IAKhBkH,EADEuG,EAAIiB,MACGjB,EAAIiB,MAAMhR,MAAM,KAEhBS,EAAMyI,EAAYM,QAE7B,MAAMH,EAAWH,EAAYG,UAAYd,EAAIlJ,QAAQgK,UAzCvD,SAA0B0G,EAAoB2gB,GAC5C,GAAI3gB,EAAW,OAAKA,EAAuB,kBACzC,MAAM,IAAIjC,GAAWiC,EAAW,MAAGA,EAAuB,mBAG5D,GAAIA,EAAItG,QAAUinB,EAAYjnB,MAC5B,MAAM,IAAI5B,EAAa,wDAE3B,CAoCE8oB,CAAiB5gB,EAAK7G,GAEtB,MAAM0nB,EAAY,GACZC,EAAY9gB,EAAI+gB,WAChBC,EAAYhhB,EAAIihB,WAChB7mB,EAAc4F,EAAIkhB,aAClB7mB,EAAU2F,EAAImhB,SACd7mB,EAAe0F,EAAImf,cACnBzf,EAAMlJ,KAAKC,MAAMN,KAAKuJ,MAAM,KAElC,GAAItF,EAAa,CACf,MAAMgnB,EAAY5oB,EAAIqC,MAAMvM,OAAO8L,GACnCymB,EAAUzmB,YAAc,CACtBA,YAAaA,EACbulB,OAAQyB,EAAU1e,QAClB/C,UAAW2W,OAAOwK,GAAaphB,EAC/BshB,UAAWA,EACXvnB,OAAQA,EACRZ,aAAcQ,EAAKR,aACnBC,YAAaO,EAAKP,YAErB,CAeD,GAbIwB,IACFumB,EAAUvmB,aAAe,CACvBA,aAAcA,EAGdqF,UAAW2W,OAAOwK,GAAaphB,EAC/BjG,OAAQA,EACRV,SAAUM,EAAKN,SACfF,aAAcQ,EAAKR,aACnBJ,OAAQY,EAAKZ,SAIb4B,EAAS,CACX,MAAMgnB,EAAQ7oB,EAAIqC,MAAMvM,OAAO+L,GACzBinB,EAAsB,CAC1BjnB,QAASA,EACTslB,OAAQ0B,EAAM3e,QACd/C,UAAW0hB,EAAM3e,QAAQud,IAAOoB,EAAM3e,QAAQsd,IAAOtgB,EACrDjG,OAAQA,EACRZ,aAAcQ,EAAKR,aACnBJ,OAAQY,EAAKZ,OACba,SAAUA,GAGNsmB,EAAsC,CAC1CtmB,SAAUA,EACVb,OAAQY,EAAKZ,OACbkB,MAAOR,EAAYQ,MACnBS,YAAaA,EACbP,UAAWV,EAAYU,gBAGWpP,IAAhC0O,EAAYS,kBACdgmB,EAAiBhmB,gBAAkBT,EAAYS,uBAG3C,GAAYpB,EAAK8oB,EAAY1B,GACnCiB,EAAUxmB,QAAUinB,CACrB,CAGD,IAAuC,IAAnC/uB,EAAahJ,QAAQ,WAAoBs3B,EAAUzmB,YAErD,MAAM,IAAItC,EAAa,iHAEzB,IAA0C,IAAtCvF,EAAahJ,QAAQ,cAAuBs3B,EAAUxmB,QAExD,MAAM,IAAIvC,EAAa,gHAGzB,MAAO,CACLyb,OAAQsN,EACRnnB,MAAOsG,EAAItG,MACXqlB,KAAM/e,EAAI+e,KACVxsB,eAGJ,UCzIgB+gB,GAAsB9a,EAA6BW,EAA0BE,GAC3FA,EAAOA,GAAQT,EAAaJ,EAAKW,GAEjCA,EAAc3P,OAAOuW,OAAO,CAAC,EAAG2e,GAAsBlmB,GAAM9H,EAAMyI,IAElE,MAAM,kBACJ0lB,EAAiB,gBACjBpZ,EAAe,aACf1L,EAAY,SACZT,EAAQ,YACRC,EAAW,OACXE,EAAM,gBACNG,EAAe,MACfF,EAAK,UACLG,GACEV,EAUJ,OAAOylB,GAAoBpmB,EARL,CACpBc,WACAC,cACAslB,oBACApZ,kBACA1L,gBAG+CV,GAC9CzL,MAAM+C,IAKL,MAAM4B,EAAoC,CAAC,SAY3C,OAXmC,IAA/BkH,EAAQlQ,QAAQ,WAClBgJ,EAAavD,KAAK,YAUbyxB,GAAoBjoB,EARgB,CACzCc,WACAC,cACAE,SACAlH,eACAqH,kBACAC,aAEqDlJ,EAAU0I,GAC9DzL,MAAM+C,IAELA,EAASouB,KAAOF,EAChBluB,EAAS+I,MAAQA,EACV/I,IACP,IAEL+L,SAAQ,KACPlE,EAAIgD,mBAAmBS,OAAO,GAEpC,CCzDOvB,eAAe6mB,GACpB/oB,EAAKgpB,EACLC,GAUA,OAPKD,IACHA,SAA2BhpB,EAAIse,aAAa9B,aAAa5a,aAEtDqnB,IACHA,SAAuBjpB,EAAIse,aAAa9B,aAAa3a,SAGlDmnB,GAAsBjnB,EAAcinB,GAIpCC,GAAkBjnB,EAAUinB,GAI1B5iB,GAAYrG,EAAK,CACtB/I,IAAK+xB,EAAkB1oB,YACvBvJ,OAAQ,MACR6K,YAAaonB,EAAkBpnB,cAE9BxM,MAAK8zB,GAEAA,EAASC,MAAQF,EAAc9B,OAAOgC,IACjCD,EAEFp2B,QAAQC,OAAO,IAAIuM,EAAa,6DAExCyI,OAAM,SAAUvP,GAEb,IAAI4wB,EADN,GAAI5wB,EAAIQ,MAA2B,MAAnBR,EAAIQ,IAAIjB,QAAqC,MAAnBS,EAAIQ,IAAIjB,UAE5CS,EAAIQ,IAAI7G,SAAW6R,GAAWxL,EAAIQ,IAAI7G,QAAQ4C,MAAQyD,EAAIQ,IAAI7G,QAAQ4C,IAAI,oBAC5Eq0B,EAAqB5wB,EAAIQ,IAAI7G,QAAQ4C,IAAI,oBAChCiP,GAAWxL,EAAIQ,IAAIqwB,qBAC5BD,EAAqB5wB,EAAIQ,IAAIqwB,kBAAkB,qBAE7CD,GAAoB,CACtB,IAAIE,EAAeF,EAAmB3rB,MAAM,kBAAoB,GAC5D8rB,EAA0BH,EAAmB3rB,MAAM,8BAAgC,GACnFnK,EAAQg2B,EAAa,GACrBE,EAAmBD,EAAwB,GAC3Cj2B,GAASk2B,IACXhxB,EAAM,IAAI+M,GAAWjS,EAAOk2B,GAE/B,CAEH,MAAMhxB,CACR,IAlCO1F,QAAQC,OAAO,IAAIuM,EAAa,4CAJhCxM,QAAQC,OAAO,IAAIuM,EAAa,+CAuC3C,UCrDgBmqB,GAAYC,EAAat4B,EAAMuK,GACzC+tB,EAAYzvB,iBACdyvB,EAAYzvB,iBAAiB7I,EAAMuK,GAEnC+tB,EAAYC,YAAY,KAAOv4B,EAAMuK,EAEzC,UAEgBiuB,GAAeF,EAAat4B,EAAMuK,GAC5C+tB,EAAYtvB,oBACdsvB,EAAYtvB,oBAAoBhJ,EAAMuK,GAEtC+tB,EAAYG,YAAY,KAAOz4B,EAAMuK,EAEzC,CAEM,SAAUmuB,GAAUC,GACxB,IAAIC,EAAS5J,SAAS6J,cAAc,UAIpC,OAHAD,EAAOE,MAAMC,QAAU,OACvBH,EAAOD,IAAMA,EAEN3J,SAASxtB,KAAKw3B,YAAYJ,EACnC,CAEgB,SAAAK,GAAUN,EAAKjzB,GAC7B,IAAIwzB,EAAQxzB,EAAQyzB,YAAc,iDAGlC,OAAOtvB,OAAOpB,KAAKkwB,EAAKO,EAFP,sFAGnB,UAEgBE,GAAuBxqB,EAA6ByqB,EAASvpB,GAC3E,IAAIwpB,EACAC,EA0BJ,OAzB2B,IAAI73B,SAAQ,SAAUI,EAASH,GAExD23B,EAAkB,SAAyBj6B,GACzC,GAAKA,EAAEiX,MAAQjX,EAAEiX,KAAKxG,QAAUA,EAShC,OAAIzQ,EAAEm6B,SAAW5qB,EAAIiI,kBACZlV,EAAO,IAAIuM,EAAa,yDAEjCpM,EAAQzC,EAAEiX,KACZ,EAEA+hB,GAAYxuB,OAAQ,UAAWyvB,GAE/BC,EAAYtsB,YAAW,WACrBtL,EAAO,IAAIuM,EAAa,wBAC1B,GAAGmrB,GAAW,KAChB,IAGGvmB,SAAQ,WACP2mB,aAAaF,GACbf,GAAe3uB,OAAQ,UAAWyvB,EACpC,GACJ,CC5DM,SAAUI,GAAkB9qB,GAChC,IAAKA,EAAI6hB,SAAST,kBAAmB,CACnC,IAAI2J,EAAe,sFASnB,MARK/qB,EAAI6hB,SAASR,YAEhB0J,GAAgB,oGAEb/qB,EAAI6hB,SAASX,mBAEhB6J,GAAgB,0GAEZ,IAAIzrB,EAAayrB,EACxB,CACH,CAEO7oB,eAAe8oB,GAA4BhrB,EAA6BwB,GAO7E,GALAA,EAAsBA,GAAuBxB,EAAIlJ,QAAQ0K,qBAAuB4D,IAKlC,YAFdwhB,GAAa5mB,IACqB,kCAAK,IAC3DjP,QAAQyQ,GAClB,MAAM,IAAIlC,EAAa,iCAEzB,OAAOkC,CACT,CAEOU,eAAe+oB,GACpBjrB,EACAW,GAEA,IAAI,aACFY,EAAY,cACZE,EAAa,oBACbD,GACEb,EAoBJ,OAjBAc,EAAgBA,GAAiBzB,EAAIlJ,QAAQ2K,cACxCA,IACHqpB,GAAkB9qB,GAClBuB,EAAeA,GAAgB2pB,GAAKzF,mBACpChkB,QAAsBypB,GAAKnF,iBAAiBxkB,IAE9CC,QAA4BwpB,GAA4BhrB,EAAKwB,GAG/C,OAAH,wBACNb,GAAW,CACd5G,aAAc,OACdwH,eACAE,gBACAD,uBAIJ,CAGOU,eAAeI,GACpBtC,EACAW,EAA2B,CAAC,GAG5B,MAAMwqB,EAAWjF,GAAsBlmB,GAGvC,OAAyB,KAFzBW,EAAmB,+BAAAwqB,GAAaxqB,IAEhBW,KAEPX,EAGFsqB,GAAYjrB,EAAKW,EAC1B,CC7EM,SAAUyqB,GAAgCzqB,GAE9C,IAAKA,EAAYG,SACf,MAAM,IAAIxB,EAAa,2EAGzB,GAAIuE,GAASlD,EAAY5G,gBAA4D,IAA3C4G,EAAY5G,aAAahJ,QAAQ,KACzE,MAAM,IAAIuO,EAAa,4DAIzB,IAAI6oB,EAA2B,CAC7B,UAAaxnB,EAAYG,SACzB,eAAkBH,EAAYc,cAC9B,sBAAyBd,EAAYa,oBACrC,QAAWb,EAAYwpB,QACvB,IAAOxpB,EAAYsU,IACnB,UAAatU,EAAY0qB,SACzB,WAAc1qB,EAAY2qB,UAC1B,QAAW3qB,EAAYgC,OACvB,MAAShC,EAAYQ,MACrB,OAAUR,EAAY4qB,OACtB,aAAgB5qB,EAAYI,YAC5B,cAAiBJ,EAAYK,aAC7B,cAAiBL,EAAY5G,aAC7B,aAAgB4G,EAAY6qB,aAC5B,MAAS7qB,EAAYO,MACrB,WAAcP,EAAYU,UAC1B,kBAAqBV,EAAY8qB,iBAUnC,GARAtD,EAAc9rB,EAAW8rB,GAEzB,CAAC,YAAa,gBAAiB,qBAAqB91B,SAAQ,SAAUq5B,GAChEn5B,MAAMC,QAAQ21B,EAAYuD,MAC5BvD,EAAYuD,GAAcvD,EAAYuD,GAAY/1B,KAAK,KAE3D,KAEuD,IAAnDgL,EAAY5G,aAAchJ,QAAQ,cACO,IAA3C4P,EAAYM,OAAQlQ,QAAQ,UAC5B,MAAM,IAAIuO,EAAa,qFAKzB,OAJWqB,EAAYM,SACrBknB,EAAY1f,MAAQ9H,EAAYM,OAAQtL,KAAK,MAGxCwyB,CACT,CAEM,SAAUwD,GAAqBhrB,GACnC,IAAIirB,EAAmBR,GAAgCzqB,GACvD,OAAO5B,EAAc,OAAD,wBACf6sB,GACCjrB,EAAYkrB,aAAW,iBAASlrB,EAAYkrB,cAEpD,CCWgB,SAAAC,GAAS9rB,EAA6BlJ,GACpD,GAAI+E,UAAUrG,OAAS,EACrB,OAAO1C,QAAQC,OAAO,IAAIuM,EAAa,qEAOzC,MAAMysB,GAJNj1B,EAAUA,GAAW,CAAC,GAIMi1B,YAG5B,OAFAj1B,EAAQi1B,iBAAc95B,EAEfqQ,GAAmBtC,EAAKlJ,GAC5B1B,MAAK,SAAUuL,GAGd,IAiBIqrB,EAEFnrB,EAkBF,OA3BI/J,EAAQ00B,aACVx6B,OAAOuW,OAAO5G,EAXY,CAC1B4qB,OAAQ,OACRvqB,aAAc,oBACdmpB,QAAS,OASArzB,EAAQme,KACjBjkB,OAAOuW,OAAO5G,EAPG,CACjBwpB,QAAS,UAeXtpB,EAAOT,EAAaJ,EAAKW,GAEzBqrB,GADWl1B,EAAQyK,aAAeV,EAAKN,SAAWM,EAAKR,cAC/BsrB,GAAqBhrB,GAIzCA,EAAY6qB,cAAwC,OAAxB7qB,EAAYwpB,QAC/B,SACsB,UAAxBxpB,EAAYwpB,QACV,QAEA,YAKX,IAAK,SACH,IAAI8B,EAAgBzB,GAAuBxqB,EAAKlJ,EAAQ2zB,QAAS9pB,EAAYO,OACzEgrB,EAAWpC,GAAUkC,GACzB,OAAOC,EACJ72B,MAAK,SAAUoS,GACd,OAAOygB,GAAoBjoB,EAAKW,EAAa6G,EAAsB3G,EACrE,IACCqD,SAAQ,iBACHkc,SAASxtB,KAAKu5B,SAASD,KACH,QAAtB,EAAAA,EAASE,qBAAa,SAAEC,YAAYH,GAExC,IAEJ,IAAK,QACH,IAAII,EAIJ,GAAiC,sBAA7B3rB,EAAYK,aAAsC,CACpD,IAAKhB,EAAI6hB,SAASjB,8BAChB,MAAM,IAAIthB,EAAa,sDAEzBgtB,EAAe9B,GAAuBxqB,EAAKlJ,EAAQ2zB,QAAS9pB,EAAYO,MACzE,CA6BD,OAzBI6qB,GACFA,EAAYxzB,SAASgP,OAAOykB,GAIX,IAAIl5B,SAAQ,SAAUI,EAASH,GAChD,IAAIw5B,EAAcC,aAAY,WACvBT,IAAeA,EAAYU,SAC9BC,cAAcH,GACdx5B,EAAO,IAAIuM,EAAa,wCAE3B,GAAE,KAGHgtB,EACGl3B,MAAK,SAAUoS,GACdklB,cAAcH,GACdr5B,EAAQsU,EACV,IACCO,OAAM,SAAUvP,GACfk0B,cAAcH,GACdx5B,EAAOyF,EACT,GACJ,IAGGpD,MAAK,SAAUoS,GACd,OAAOygB,GAAoBjoB,EAAKW,EAAa6G,EAAsB3G,EACrE,IACCqD,SAAQ,WACH6nB,IAAgBA,EAAYU,QAC9BV,EAAYY,OAEhB,IAEJ,QACE,MAAM,IAAIrtB,EAAa,gDAE7B,GACJ,CC1LgB,SAAAstB,GAAiB5sB,EAA6BlJ,GAC5D,OAAI+E,UAAUrG,OAAS,EACd1C,QAAQC,OAAO,IAAIuM,EAAa,8EAGzCxI,EAAUoB,EAAMpB,IAAY,CAAC,EAC7B9F,OAAOuW,OAAOzQ,EAAS,CACrBy0B,OAAQ,OACRvqB,aAAc,oBACdmpB,QAAS,OAEJ2B,GAAS9rB,EAAKlJ,GACvB,CCXgB,SAAA+1B,GAAa7sB,EAA6BlJ,GACxD,GAAI+E,UAAUrG,OAAS,EACrB,OAAO1C,QAAQC,OAAO,IAAIuM,EAAa,yEAMzC,MAAMysB,EAAc1B,GAAU,IAAKvzB,GAOnC,OANAA,EAAUoB,EAAMpB,IAAY,CAAC,EAC7B9F,OAAOuW,OAAOzQ,EAAS,CACrBqzB,QAAS,QACTnpB,aAAc,oBACd+qB,gBAEKD,GAAS9rB,EAAKlJ,EACvB,CCfOoL,eAAe4qB,GAAgB9sB,EAA6BlJ,GACjE,GAAI+E,UAAUrG,OAAS,EACrB,OAAO1C,QAAQC,OAAO,IAAIuM,EAAa,4EAGzCxI,EAAUoB,EAAMpB,IAAY,CAAC,EAE7B,MAAM6J,QAAoB2B,GAAmBtC,EAAKlJ,GAC5CuM,EAAO3C,EAAgBV,EAAKW,GAC5BqrB,EAAa3oB,EAAKxC,KAAKR,aAAesrB,GAAqBhrB,GACjEX,EAAIgD,mBAAmBM,KAAKD,GACxBrD,EAAIlJ,QAAQi2B,YACd/sB,EAAIlJ,QAAQi2B,YAAYf,GAExB/wB,OAAO1C,SAASgP,OAAOykB,EAE3B,CCYM,SAAUgB,GAAgBhtB,GAE9B,IAAIitB,EAAsBjtB,EAAIlJ,QAAQwK,KAAO,QAAU,WAEvD,OADmBtB,EAAIlJ,QAAQkK,cAAgBisB,CAEjD,CAEgB,SAAAC,GAA0BltB,EAAKlJ,GAEzC+M,GADJ/M,EAAUA,GAAW,CAAC,KAEpBA,EAAU,CAAEG,IAAKH,IAKnB,IAGIq2B,EAHAl2B,EAAMH,EAAQG,IACd+J,EAAelK,EAAQkK,cAAgBgsB,GAAgBhtB,GACvDotB,EAAYptB,EAAIqC,MAAMgrB,aAAaC,eASvC,KALEH,EADmB,UAAjBnsB,EACS/J,EAAMA,EAAI6H,UAAU7H,EAAIlG,QAAQ,MAAQq8B,EAAU1P,OAElDzmB,EAAMA,EAAI6H,UAAU7H,EAAIlG,QAAQ,MAAQq8B,EAAUtO,MAI7D,MAAM,IAAIxf,EAAa,wCAGzB,OAAOud,GAAkBsQ,EAC3B,CAQOjrB,eAAemrB,GAAartB,EAAKlJ,GAElC+M,GADJ/M,EAAUA,GAAW,CAAC,KAEpBA,EAAU,CAAEG,IAAKH,IAKnB,MAAM0Q,EAAqB0lB,GAA0BltB,EAAKlJ,GACpDoK,EAAQsG,EAAItG,MACZinB,EAA+BnoB,EAAIgD,mBAAmBC,KAAK,CAC/D/B,UAEF,IAAKinB,EAAa,CAChB,GAAInoB,EAAIlJ,QAAQwK,KAEd,MAAM,IAAIhC,EAAa,+JAA2JrN,GAEpL,MAAM,IAAIqN,EAAa,wDACxB,CACD,MAAMuB,EAAmBsnB,EAAYtnB,KAQrC,cAPOsnB,EAAYtnB,KAEd/J,EAAQG,KA7BC,SAA0B+I,EAAKlJ,GAG5B,WADIA,EAAQkK,cAAgBgsB,GAAgBhtB,IA9C/D,SAAsBA,GACpB,IAAIutB,EAAgBvtB,EAAIqC,MAAMgrB,aAAaG,cACvCC,EAAYztB,EAAIqC,MAAMgrB,aAAaK,eACnCN,EAAYptB,EAAIqC,MAAMgrB,aAAaC,eACnCC,GAAiBA,EAAcI,aACjCJ,EAAcI,aAAa,KAAMF,EAAUnD,MAAO8C,EAAUQ,SAAWR,EAAUtO,MAEjFsO,EAAU1P,OAAS,EAEvB,CAsC6BmQ,CAAa7tB,GA1D1C,SAAoBA,GAClB,IAAIutB,EAAgBvtB,EAAIqC,MAAMgrB,aAAaG,cACvCC,EAAYztB,EAAIqC,MAAMgrB,aAAaK,eACnCN,EAAYptB,EAAIqC,MAAMgrB,aAAaC,eACnCC,GAAiBA,EAAcI,aACjCJ,EAAcI,aAAa,KAAMF,EAAUnD,MAAO8C,EAAUQ,SAAWR,EAAU1P,QAEjF0P,EAAUtO,KAAO,EAErB,CAiDiDgP,CAAW9tB,EAC5D,CA2BI+tB,CAA0B/tB,EAAKlJ,GAG1BmxB,GAAoBjoB,EAAKmoB,EAAa3gB,EAAK3G,GAC/CkH,OAAMvP,IAML,MALKimB,GAA2BjmB,IAC9BwH,EAAIgD,mBAAmBS,MAAM,CAC3BvC,UAGE1I,CAAG,IAEVpD,MAAKoS,IACJxH,EAAIgD,mBAAmBS,MAAM,CAC3BvC,UAEKsG,IAGb,CC/HgB,SAAAwmB,GAAmBnO,EAAiBE,GAClD,OAAQF,EAAE/d,eAAiBie,EAAEje,YAC/B,CAEM,SAAUmsB,GAAoBz1B,GAClC,IAAKgV,GAAehV,GAClB,OAAO,EAGT,IAAKA,EAAIQ,MAAQR,EAAIQ,IAAImR,aACvB,OAAO,EAGT,MAAM,aAAEA,GAAiB3R,EAAIQ,IAC7B,MAA2B,kBAAvBmR,EAAa7W,KAKnB,CCFO4O,eAAegsB,GACpBluB,EACAW,EACAwtB,GAEA,MAAM,SAAErtB,GAAad,EAAIlJ,QACzB,IAAKgK,EACH,MAAM,IAAIxB,EAAa,4EAGzB,IACE,MAAM8uB,EAAgCp9B,OAAOuW,OAAO,CAAC,EAAG5G,EAAa,CACnEG,aAEIutB,QAAsB5H,GAAiBzmB,EAAKouB,EAAkBD,GAC9DttB,EAAOT,EAAaJ,EAAKW,IACzB,OAAEoa,SAAiBkN,GAAoBjoB,EAAKouB,EAAkBC,EAAextB,IAG7E,aAAEiB,GAAiBiZ,EAKzB,OAJIjZ,IAAiBksB,GAAmBlsB,EAAcqsB,IACpDnuB,EAAIse,aAAagQ,mBAAmBxsB,GAG/BiZ,CACR,CACD,MAAOviB,GAKL,MAJIomB,GAA2BpmB,IAE7BwH,EAAIse,aAAaiQ,qBAEb/1B,CACP,CACH,CCpCA,SAASg2B,KACP,MAAM,IAAIlvB,EACR,qFAEJ,CAGA,SAASmvB,GAAeC,EAAsB3T,GAC5C,OAAI/Y,EAAU0sB,GACL3T,EAAOlZ,QAEZE,EAAc2sB,GACT3T,EAAOnZ,iBAEhB4sB,IACF,CAGOtsB,eAAeysB,GAAW3uB,EAA6BqC,GACvDL,EAAUK,IAAWN,EAAcM,IACtCmsB,KAGF,IAAIzT,EAAS/a,EAAIse,aAAasQ,gBAC9B,GAAI7T,EAAOjZ,aAIT,OAHAiZ,QAAemT,GAAuBluB,EAAK,CACzCiB,OAAQoB,EAAMpB,QACb8Z,EAAOjZ,cACH2sB,GAAepsB,EAAO0Y,GAG/B,IAAIhhB,EAEFA,EADEiG,EAAIlJ,QAAQwK,KACC,OACNS,EAAcM,GACR,QAEA,WAGjB,MAAM,OAAEpB,EAAM,aAAEZ,EAAY,YAAEC,EAAW,OAAEL,GAAWoC,EACtD,OAAOuqB,GAAiB5sB,EAAK,CAC3BjG,eACAkH,SACAZ,eACAC,cACAL,WAEC7K,MAAK,SAAUoS,GACd,OAAOinB,GAAepsB,EAAOmF,EAAIuT,OACnC,GACJ,CChDO7Y,eAAe2sB,GAAY7uB,EAAKlJ,SACrC,MAAMikB,EAAwB,QAAf,EAAAjkB,aAAA,EAAAA,EAASikB,cAAM,QAAI/a,EAAIse,aAAasQ,gBACnD,GAAI7T,EAAOjZ,aACT,OAAOosB,GAAuBluB,EAAKlJ,GAAW,GAAIikB,EAAOjZ,cAG3D,IAAKiZ,EAAOnZ,cAAgBmZ,EAAOlZ,QACjC,MAAM,IAAIvC,EAAa,2DAGzB,MAAMsC,EAAcmZ,EAAOnZ,aAAe,CAAC,EACrCC,EAAUkZ,EAAOlZ,SAAW,CAAC,EAC7BZ,EAASW,EAAYX,QAAUY,EAAQZ,OAC7C,IAAKA,EACH,MAAM,IAAI3B,EAAa,sDAEzB,MAAMe,EAAeuB,EAAYvB,cAAgBwB,EAAQxB,aACzD,IAAKA,EACH,MAAM,IAAIf,EAAa,4DAEzB,MAAMgB,EAAcsB,EAAYtB,aAAeN,EAAIlJ,QAAQwJ,YACrDL,EAAS4B,EAAQ5B,QAAUD,EAAIlJ,QAAQmJ,OAU7C,GAPAnJ,EAAU9F,OAAOuW,OAAO,CACtBtG,SACAZ,eACAC,cACAL,UACCnJ,GAECkJ,EAAIlJ,QAAQwK,KACdxK,EAAQiD,aAAe,WAClB,CACL,MAAM,aAAEA,GAAiBmsB,GAAsBlmB,GAC/ClJ,EAAQiD,aAAeA,CACxB,CAED,OAAO6yB,GAAiB5sB,EAAKlJ,GAC1B1B,MAAKoS,GAAOA,EAAIuT,QAErB,CChCO7Y,eAAe4sB,GAAY9uB,EAA6BqC,GAC7D,IAAIT,EAAc,GACdE,EAAe,GAKnB,GAJIO,IACAT,EAAeS,EAAsBT,YACrCE,EAAgBO,EAAuBP,eAEvCF,IAAgBE,EAClB,MAAM,IAAIxC,EAAa,sDAEzB,IAAIwB,EAAWd,EAAIlJ,QAAQgK,SACvBwH,EAAetI,EAAIlJ,QAAQwR,aAC/B,IAAKxH,EACH,MAAM,IAAIxB,EAAa,8EAUzB,OAAO4I,GAAKlI,EAPII,EAAaJ,GAAKS,UACvB1B,EAAc,CAEvBgwB,gBAAiBjtB,EAAe,gBAAkB,eAClDO,MAAOP,GAAgBF,IACtB9N,MAAM,GAEyB,CAChC3B,QAAS,CACP,eAAgB,oCAChB,cAAiB,SAJM6tB,GAAf1X,EAAoB,GAAGxH,KAAYwH,IAAuBxH,KAOxE,CCtCA,MAAMkuB,GAAU,CACdptB,YAAa,eACbC,QAAS,WACTC,aAAc,iBAITI,eAAe+sB,GAAgBjvB,EAAKkvB,EAAiB7sB,SAC1D,IAAIpC,EACAa,EAAmBd,EAAIlJ,QAAQgK,SAC/BwH,EAAmCtI,EAAIlJ,QAAQwR,aAMnD,GAJKjG,IACHA,EAAQrC,EAAIse,aAAa9B,YAAY0S,KAGlC7sB,EACH,MAAM,IAAI/C,EAAa,kBAAkB4vB,6BAW3C,GAPEjvB,EADEivB,IAASxtB,EAAUytB,OACX9sB,aAAK,EAALA,EAAepC,OAGQ,QAAvB,EAAAoC,aAAA,EAAAA,EAAe8kB,cAAQ,eAAAG,IAEnCrnB,UAAAA,EAAWD,EAAIlJ,QAAQmJ,SAElBa,EACH,MAAM,IAAIxB,EAAa,kFAEzB,IAAKW,EACH,MAAM,IAAIX,EAAa,yBAGzB,MAAQ8vB,uBAAwBC,SAAyBzI,GAAa5mB,EAAKC,GACrEqvB,EAA4BtP,GAAf1X,EAAoB,GAAGxH,KAAYwH,IAAuBxH,GAM7E,OAAOoH,GAAKlI,EAAKqvB,EALJtwB,EAAc,CAEzBgwB,gBAAiBC,GAAQE,GACzB7sB,MAAOA,EAAM6sB,KACZp7B,MAAM,GAC6B,CACpC3B,QAAS,CACP,eAAgB,oCAChB,cAAiB,SAAWm9B,IAGlC,CChEgB,SAAAC,GACdvvB,EACAuI,GAgBA,MAZwC,CACtCtI,OAHaD,EAAIlJ,QAAQmJ,OAIzBY,KAHWT,EAAaJ,EAAKuI,GAI7BzH,SAAUyH,EAAOzH,SACjBC,YAAawH,EAAOxH,YACpBhH,aAAcwO,EAAOxO,aACrBiH,aAAcuH,EAAOvH,aACrBE,MAAOqH,EAAOrH,MACdG,UAAWkH,EAAOlH,UAClBoqB,gBAAiBljB,EAAOkjB,gBAI5B,CCJM,SAAU+D,GAAoCxvB,GAClD,MAAM,SACJc,EAAQ,YACRC,EAAW,aACXC,EAAY,MACZE,GACElB,EAAIlJ,QACFqvB,EAAqBhG,KAAcllB,OAAO1C,SAASuR,UAAO7X,EAChE,OAAOoK,EAAW,CAChByE,WACAC,YAAaA,GAAeolB,EAC5BnlB,eACAE,MAAOA,GAASrB,IAChB9F,aAAc,OACdwxB,OAAQ,wBAEZ,CCUgB,SAAAkE,GACdzvB,EACAlJ,GAEA,OAhCF,SACEyR,GAUA,KARAA,EAAM,+BACDA,GAAM,CAETxO,aAAc,OACdwxB,OAAQ,uBACR5oB,OAAQ,KAGE8oB,gBACV,MAAM,IAAInsB,EAAa,uCAEzB,IAAKiJ,EAAOlH,UAGV,MAAM,IAAI/B,EAAa,gCAOzB,cAHOiJ,EAAOtH,cACPsH,EAAOpH,MAEPoH,CACT,CAOSmnB,CAAc,OAAD,wBACfF,GAAoCxvB,IACpClJ,GAEP,CCnCgB,SAAA64B,GACd3vB,EACAlJ,GAIA,MAAMyR,EAASknB,GAAiCzvB,EAFhDlJ,EAAUoB,EAAMpB,IAAY,CAAC,GAGvBuM,EAAOksB,GAA8BvvB,EAAKuI,GAC1CyjB,EAAa3oB,EAAKxC,KAAKR,aAAesrB,GAAqBpjB,GACjEvI,EAAIgD,mBAAmBM,KAAKD,GACxBrD,EAAIlJ,QAAQi2B,YACd/sB,EAAIlJ,QAAQi2B,YAAYf,GAExB/wB,OAAO1C,SAASgP,OAAOykB,EAE3B,CCSgB,SAAA4D,GAAe5vB,EAA6BklB,GAC1D,MAAM2K,EAAY94B,GACTiuB,GAAa50B,UAAUoG,KAAKsF,KAAKopB,EAAOnuB,EAAQ,MAGnD+4B,EAAoBD,EAAS/C,GAAgBhxB,KAAK,KAAMkE,IAGxD+vB,EAAiBF,EAASxC,GAAavxB,KAAK,KAAMkE,IAClDgwB,EAAyCh/B,OAAOuW,OAAOwoB,EAAgB,CAE3EvC,YAAa,WACX,OAAOvyB,OAAOg1B,OACf,EAGD3C,aAAc,WACZ,OAAOryB,OAAO1C,QACf,EAGDm1B,aAAc,WACZ,OAAOzyB,OAAOmlB,QACf,IAGG/d,EAAiB,CACrBC,mBAAoBA,GAAmBxG,KAAK,KAAMkE,GAClD8a,sBAAuBA,GAAsBhf,KAAK,KAAMkE,GACxD4sB,iBAAkBA,GAAiB9wB,KAAK,KAAMkE,GAC9C6sB,aAAcA,GAAa/wB,KAAK,KAAMkE,GACtC8sB,gBAAiBgD,EACjBzC,aAAc2C,EACdl6B,OAAQkwB,GACRkK,OAAQpB,GAAYhzB,KAAK,KAAMkE,GAC/BmwB,MAAOxB,GAAW7yB,KAAK,KAAMkE,GAC7BkuB,uBAAwBA,GAAuBpyB,KAAK,KAAMkE,GAC1D6uB,YAAaA,GAAY/yB,KAAK,KAAMkE,GACpC+oB,YAAa,CACXC,EACAC,IAEOF,GAAY/oB,EAAKgpB,EAAmBC,GAE7ClE,OAAQ,GAAYjpB,KAAK,KAAMkE,GAC/Buf,gBAAiBA,GAAgBzjB,KAAK,KAAMkE,GAC5C0N,WAAYuhB,GAAenzB,KAAK,KAAMkE,IAiBxC,MAZe,CACb,mBACA,eACA,SACA,QACA,yBACA,eAEK3N,SAAQmH,IACb6I,EAAM7I,GAAOq2B,EAASxtB,EAAM7I,GAAK,IAG5B6I,CACT,CAEM,SAAU+tB,GAAgBpwB,GAC9B,MAAO,CACLqwB,UAAW,CACTV,oBAAqBA,GAAoB7zB,KAAK,KAAMkE,IAG1D,CC7GgB,SAAAswB,GAAcjuB,EAAcrN,GAC1C,IAAKgN,EAAUK,KAAWN,EAAcM,KAAWJ,EAAeI,GAChE,MAAM,IAAI/C,EACR,iHAIJ,GAAa,gBAATtK,IAA2B+M,EAAcM,GAC3C,MAAM,IAAI/C,EAAa,uBAEzB,GAAa,YAATtK,IAAuBgN,EAAUK,GACnC,MAAM,IAAI/C,EAAa,mBAGzB,GAAa,iBAATtK,IAA4BiN,EAAeI,GAC7C,MAAM,IAAI/C,EAAa,uBAE3B,CCVc,MAAOixB,GAGnB,WAAA33B,CAAY43B,GAEVzgC,KAAKygC,YAAcC,SAASD,GAAe,EAC5C,CAGD,aAAO73B,GAGL,OAAO,IAAI43B,GADO,EAEnB,CAGD,GAAArpB,GAEE,OADWvJ,KAAKuJ,MAAQnX,KAAKygC,aAAe,GAE7C,ECdI,MAAME,GAAgB,UAChBC,GAAgB,UAChBC,GAAc,QACdC,GAAgB,UAChBC,GAAc,QACdC,GAAoB,cC0B3BC,GAAkB,CAEtBC,WAAW,EACXC,YAAY,EACZC,aAAa,EAEbC,0BAA0B,EAC1B3qB,aAASxU,EACTo/B,mBAAoB,GACpBC,WAAY/sB,UAcDgtB,GAmCX,WAAA34B,CAAYoH,EAA6BlJ,EAA+B,CAAC,GAGvE,GAFA/G,KAAKiQ,IAAMA,EACXjQ,KAAK6xB,QAAW5hB,EAAY4hB,SACvB7xB,KAAK6xB,QACR,MAAM,IAAItiB,EAAa,qDAGzBxI,EAAU9F,OAAOuW,OAAO,CAAC,EAAGypB,GAAiB30B,EAAWvF,IACnDyqB,OACHzqB,EAAQu6B,mBAAqBL,GAAgBK,oBAG/CthC,KAAK+G,QAAUA,EAEf,MAAM06B,EAAiCn1B,EAAW,CAChDi1B,WAAYx6B,EAAQw6B,WACpBG,OAAQ36B,EAAQ26B,SAEa,iBAApB36B,EAAQ2P,QAEjB+qB,EAAeE,gBAAkB56B,EAAQ2P,QAChC3P,EAAQ2P,UACjB+qB,EAAeG,YAAc76B,EAAQ2P,SAGvC1W,KAAK0W,QAAUzG,EAAI4G,eAAegrB,gBAAe,+BAAKJ,GAAgB,CAAAK,oBAAoB,KAC1F9hC,KAAK+hC,MAAQvB,GAAS53B,SACtB5I,KAAKmR,MAnEA,CACL6wB,eAAgB,CAAE,EAClBC,aAAc,KAkEf,CAlDD,EAAAC,CAAGC,EAA6BC,EAAsClmB,GAChEA,EACFlc,KAAK6xB,QAAQqQ,GAAGC,EAAOC,EAASlmB,GAEhClc,KAAK6xB,QAAQqQ,GAAGC,EAAOC,EAE1B,CAOD,GAAAC,CAAIF,EAA6BC,GAC3BA,EACFpiC,KAAK6xB,QAAQwQ,IAAIF,EAAOC,GAExBpiC,KAAK6xB,QAAQwQ,IAAIF,EAEpB,CAiCD,KAAAtS,GACM7vB,KAAK+G,QAAQs6B,0BACfrhC,KAAKqhC,2BAEPrhC,KAAKsiC,2BACLtiC,KAAKmR,MAAMoxB,SAAU,CACtB,CAED,IAAAC,GACExiC,KAAKyiC,6BACLziC,KAAKmR,MAAMoxB,SAAU,CACtB,CAED,SAAAG,GACE,QAAS1iC,KAAKmR,MAAMoxB,OACrB,CAED,UAAAtqB,GACE,OAAO9P,EAAMnI,KAAK+G,QACnB,CAED,aAAA47B,CAAcrwB,GACZ,MAAMgvB,EAAqBthC,KAAK+G,QAAQu6B,oBAAsB,EAE9D,OADiBhvB,EAAM8E,UAAYkqB,CAEpC,CAED,UAAAsB,CAAWtwB,GAET,OADiBtS,KAAK2iC,cAAcrwB,IACftS,KAAK+hC,MAAM5qB,KACjC,CAED,WAAA0rB,CAAYp5B,EAAK6I,GACftS,KAAK6xB,QAAQiR,KAAKnC,GAAel3B,EAAK6I,EACvC,CAED,WAAAywB,CAAYt5B,EAAKu5B,EAAYC,GAC3BjjC,KAAK6xB,QAAQiR,KAAKlC,GAAen3B,EAAKu5B,EAAYC,EACnD,CAED,SAAAC,CAAUz5B,EAAK6I,GACbtS,KAAK6xB,QAAQiR,KAAKjC,GAAap3B,EAAK6I,EACrC,CAED,WAAA6wB,CAAY15B,EAAK6I,GACftS,KAAK6xB,QAAQiR,KAAKhC,GAAer3B,EAAK6I,EACvC,CAED,SAAA8wB,CAAU7/B,GACRvD,KAAK6xB,QAAQiR,KAAK/B,GAAax9B,EAChC,CAED,uBAAA8/B,CAAwB55B,GACtBqxB,aAAa96B,KAAKmR,MAAM6wB,eAAev4B,WAChCzJ,KAAKmR,MAAM6wB,eAAev4B,GAGjCzJ,KAAKmR,MAAM8wB,aAAe,IAC3B,CAED,0BAAAQ,GACE,IAAIT,EAAiBhiC,KAAKmR,MAAM6wB,eAChC,IAAK,IAAIv4B,KAAOu4B,EACT/gC,OAAOZ,UAAUgG,eAAelF,KAAK6gC,EAAgBv4B,IAG1DzJ,KAAKqjC,wBAAwB55B,EAEhC,CAED,qBAAA65B,CAAsB75B,EAAK6I,GACzB,IAAIJ,EAAeI,GAAnB,CAIA,IAAIixB,EAAavjC,KAAK2iC,cAAcrwB,GAChCkxB,EAA+D,IAA7Cv1B,KAAKw1B,IAAIF,EAAavjC,KAAK+hC,MAAM5qB,MAAO,GAG9DnX,KAAKqjC,wBAAwB55B,GAE7B,IAAIi6B,EAAqBp1B,YAAW,KAClCtO,KAAK6iC,YAAYp5B,EAAK6I,EAAM,GAC3BkxB,GAGHxjC,KAAKmR,MAAM6wB,eAAev4B,GAAOi6B,CAbhC,CAcF,CAED,wBAAApB,GACE,IAAIqB,EAAe3jC,KAAK0W,QAAQQ,aAChC,IAAI,IAAIzN,KAAOk6B,EACb,GAAK1iC,OAAOZ,UAAUgG,eAAelF,KAAKwiC,EAAcl6B,GAAxD,CAGA,IAAI6I,EAAQqxB,EAAal6B,GACzBzJ,KAAKsjC,sBAAsB75B,EAAK6I,EAF/B,CAIJ,CAGD,0BAAAsxB,GACE5jC,KAAKyiC,6BACLziC,KAAKsiC,0BACN,CAED,GAAAuB,CAAIp6B,EAAK6I,GACP,IAAIqxB,EAAe3jC,KAAK0W,QAAQQ,aAChCqpB,GAAcjuB,GACdqxB,EAAal6B,GAAO6I,EACpBtS,KAAK0W,QAAQotB,WAAWH,GACxB3jC,KAAK+jC,sBACL/jC,KAAKkjC,UAAUz5B,EAAK6I,GACpBtS,KAAKsjC,sBAAsB75B,EAAK6I,EACjC,CAED,OAAA0xB,CAAQv6B,GAEN,OADmBzJ,KAAK0W,QAAQQ,aACZzN,EACrB,CAED,SAAMzE,CAAIyE,GACR,OAAOzJ,KAAKgkC,QAAQv6B,EACrB,CAED,aAAAo1B,GACE,MAAM7T,EAAS,GACT2Y,EAAe3jC,KAAK0W,QAAQQ,aAWlC,OAVAjW,OAAOuF,KAAKm9B,GAAcrhC,SAAQmH,IAChC,MAAM6I,EAAQqxB,EAAal6B,GACvBuI,EAAcM,GAChB0Y,EAAOnZ,YAAcS,EACZL,EAAUK,GACnB0Y,EAAOlZ,QAAUQ,EACRJ,EAAeI,KACxB0Y,EAAOjZ,aAAeO,EACvB,IAEI0Y,CACR,CAED,eAAMyB,GACJ,OAAOzsB,KAAK6+B,eACb,CAED,mBAAAoF,CAAoBh/B,GAClB,MAAM0+B,EAAe3jC,KAAK0W,QAAQQ,aAOlC,OANYjW,OAAOuF,KAAKm9B,GAAcvnB,QAAO3S,IAC3C,MAAM6I,EAAQqxB,EAAal6B,GAC3B,OAAQuI,EAAcM,IAAmB,gBAATrN,GAC1BgN,EAAUK,IAAmB,YAATrN,GACpBiN,EAAeI,IAAmB,iBAATrN,CAAwB,IACtD,EAEJ,CAEO,YAAAi/B,CAAa5xB,GACnB,GAAIN,EAAcM,GAChB,MAAO,cAET,GAAIL,EAAUK,GACZ,MAAO,UAET,GAAGJ,EAAeI,GAChB,MAAO,eAET,MAAM,IAAI/C,EAAa,qBACxB,CAGO,mBAAAw0B,GACN,GAAIzT,KAAgB,CAClB,MAAM5Z,EAAU1W,KAAK0W,QAAQQ,aAC7BlX,KAAK6xB,QAAQiR,KAAK9B,GAAmBtqB,EACtC,CACF,CAGM,UAAAQ,GACL,OAAOlX,KAAK0W,OACb,CAED,SAAA8X,CACExD,EAEAmZ,EACAC,EACAC,GAEA,MAAMC,EAAsB,CAAC76B,EAAK6I,KAChC,MAAMrN,EAAOjF,KAAKkkC,aAAa5xB,GAClB,gBAATrN,EACFk/B,GAAiBA,EAAc16B,EAAK6I,GAClB,YAATrN,EACTm/B,GAAaA,EAAU36B,EAAK6I,GACV,iBAATrN,GACTo/B,GAAkBA,EAAe56B,EAAK6I,EACvC,EAEGiyB,EAAc,CAAC96B,EAAK6I,KACxBtS,KAAKkjC,UAAUz5B,EAAK6I,GACpBtS,KAAKsjC,sBAAsB75B,EAAK6I,GAChCgyB,EAAoB76B,EAAK6I,EAAM,EAE3BkyB,EAAgB,CAAC/6B,EAAK6I,EAAO2wB,KACjCjjC,KAAK+iC,YAAYt5B,EAAK6I,EAAO2wB,GAC7BjjC,KAAKqjC,wBAAwB55B,GAC7BzJ,KAAKsjC,sBAAsB75B,EAAK6I,GAChCgyB,EAAoB76B,EAAK6I,EAAM,EAE3BmyB,EAAgB,CAACh7B,EAAK6I,KAC1BtS,KAAKqjC,wBAAwB55B,GAC7BzJ,KAAKmjC,YAAY15B,EAAK6I,GACtBgyB,EAAoB76B,EAAK6I,EAAM,EAG3BoyB,EAAqB,CAAC,UAAW,cAAe,gBAChDC,EAAiB3kC,KAAK6+B,gBAG5B6F,EAAMpiC,SAAS2C,IACb,MAAMqN,EAAQ0Y,EAAO/lB,GACjBqN,GACFiuB,GAAcjuB,EAAOrN,EACtB,IAIH,MAAMyR,EAAUguB,EAAMxuB,QAAO,CAACQ,EAASzR,KACrC,MAAMqN,EAAQ0Y,EAAO/lB,GAKrB,OAJIqN,IAEFoE,EADmB1W,KAAKikC,oBAAoBh/B,IAASA,GAC/BqN,GAEjBoE,CAAO,GACb,CAAE,GACL1W,KAAK0W,QAAQotB,WAAWptB,GACxB1W,KAAK+jC,sBAGLW,EAAMpiC,SAAQ2C,IACZ,MAAM2/B,EAAW5Z,EAAO/lB,GAClB4/B,EAAgBF,EAAe1/B,GAC/Bs8B,EAAavhC,KAAKikC,oBAAoBh/B,IAASA,EACjD2/B,GAAYC,GAEdJ,EAAclD,EAAYsD,GAC1BN,EAAYhD,EAAYqD,GACxBJ,EAAcjD,EAAYqD,EAAUC,IAC3BD,EACTL,EAAYhD,EAAYqD,GACfC,GACTJ,EAAclD,EAAYsD,EAC3B,GAEJ,CAED,MAAAC,CAAOr7B,GAELzJ,KAAKqjC,wBAAwB55B,GAE7B,IAAIk6B,EAAe3jC,KAAK0W,QAAQQ,aAC5B6tB,EAAepB,EAAal6B,UACzBk6B,EAAal6B,GACpBzJ,KAAK0W,QAAQotB,WAAWH,GACxB3jC,KAAK+jC,sBAEL/jC,KAAKmjC,YAAY15B,EAAKs7B,EACvB,CAGD,gBAAMnG,CAAWtsB,SACf,OAAqB,QAAd,EAAAtS,KAAKiQ,IAAIqC,aAAK,eAAE8tB,MAAM9tB,EAC9B,CAED,aAAAiuB,CAAcjuB,GACZ,OAAOiuB,GAAcjuB,EACtB,CAGD,KAAA8tB,CAAM32B,GAEJ,GAAIzJ,KAAKmR,MAAM8wB,aACb,OAAOjiC,KAAKmR,MAAM8wB,aAGpB,IACE,IAAI3vB,EAAQtS,KAAKgkC,QAAQv6B,GACzB,IAAK6I,EACH,MAAM,IAAI/C,EAAa,8CAAgD9F,EAE1E,CAAC,MAAO/I,GACP,OAAOqC,QAAQC,OAAOtC,EACvB,CA2BD,OAxBAV,KAAKqjC,wBAAwB55B,GAIRzJ,KAAKmR,MAAM8wB,aAAejiC,KAAKiQ,IAAIqC,MAAMwsB,cAC3Dz5B,MAAK2lB,IACJhrB,KAAKwuB,UAAUxD,GAIRA,EADWhrB,KAAKkkC,aAAa5xB,OAGrC0F,OAAMvP,IAKL,MAHAzI,KAAK8kC,OAAOr7B,GACZhB,EAAIu8B,SAAWv7B,EACfzJ,KAAKojC,UAAU36B,GACTA,CAAG,IAEV0L,SAAQ,KAEPnU,KAAKmR,MAAM8wB,aAAe,IAAI,GAInC,CAED,KAAAvuB,GACE,MAAMsX,EAAShrB,KAAK6+B,gBACpB7+B,KAAKyiC,6BACLziC,KAAK0W,QAAQyb,eACbnyB,KAAK+jC,sBAEL9iC,OAAOuF,KAAKwkB,GAAQ1oB,SAAQmH,IAC1BzJ,KAAKmjC,YAAY15B,EAAKuhB,EAAOvhB,GAAK,GAErC,CAED,wBAAA43B,GACE,MAAMsC,EAAe3jC,KAAK0W,QAAQQ,aAC5B+tB,EAAgB,GACtBhkC,OAAOuF,KAAKm9B,GAAcrhC,SAAQmH,IAC5Bk6B,EAAal6B,GAAKy7B,gBACpBD,EAAcx7B,GAAOk6B,EAAal6B,UAC3Bk6B,EAAal6B,GACrB,IAEHzJ,KAAK0W,QAAQotB,WAAWH,GACxB3jC,KAAK+jC,sBACL9iC,OAAOuF,KAAKy+B,GAAe3iC,SAAQmH,IACjCzJ,KAAKqjC,wBAAwB55B,GAC7BzJ,KAAKmjC,YAAY15B,EAAKw7B,EAAcx7B,GAAK,GAE5C,CAED,kBAAA80B,CAAmBjsB,GACjB,MAAM7I,EAAMzJ,KAAKikC,oBAAoB,iBAAmBhvB,GAGxD,IAAI0uB,EAAe3jC,KAAK0W,QAAQQ,aAChCqpB,GAAcjuB,GACdqxB,EAAal6B,GAAO6I,EACpBtS,KAAK0W,QAAQotB,WAAWH,GACxB3jC,KAAK+jC,qBACN,CAED,kBAAAvF,GACE,MAAM/0B,EAAMzJ,KAAKikC,oBAAoB,iBAAmBhvB,GACxDjV,KAAK8kC,OAAOr7B,EACb,CAED,qBAAA07B,GACE,MAAMna,EAAShrB,KAAK6+B,gBACpB59B,OAAOuF,KAAKwkB,GAAQ1oB,SAAQmH,IAC1BuhB,EAAOvhB,GAAKy7B,eAAgB,CAAI,IAElCllC,KAAKwuB,UAAUxD,EAChB,EC/cH,IAAIrU,GAAkC,CAIpCyuB,uBAAwB,WACtB,IACE,IAAI1uB,EAAU1W,KAAKqlC,kBACnB,OAAOrlC,KAAKslC,YAAY5uB,EACzB,CAAC,MAAOhW,GACP,OAAO,CACR,CACF,EAED6kC,yBAA0B,WACxB,IACE,IAAI7uB,EAAU1W,KAAKwlC,oBACnB,OAAOxlC,KAAKslC,YAAY5uB,EACzB,CAAC,MAAOhW,GACP,OAAO,CACR,CACF,EAED+kC,gBAAiB,SAAS7D,GACxB,IAAI8D,GAAY,EAChB,OAAQ9D,GACN,IAAK,iBACH8D,EAAY1lC,KAAKulC,2BACjB,MACF,IAAK,eACHG,EAAY1lC,KAAKolC,yBACjB,MACF,IAAK,SACL,IAAK,SACHM,GAAY,EACZ,MACF,QACEA,GAAY,EAGhB,OAAOA,CACR,EAEDC,iBAAkB,SAAS/D,EAA0B76B,GACnD,IAAI46B,EACJ,OAAQC,GACN,IAAK,iBACHD,EAAkB3hC,KAAKwlC,oBACvB,MACF,IAAK,eACH7D,EAAkB3hC,KAAKqlC,kBACvB,MACF,IAAK,SACH1D,EAAkB3hC,KAAK4lC,iBAAiB7+B,GACxC,MACF,IAAK,SACH46B,EAAkB3hC,KAAK6lC,qBACvB,MACF,QACE,MAAM,IAAIt2B,EAAa,gCAAgCqyB,KAG3D,OAAOD,CACR,EAEDmE,gBAAiB,SAASpB,GACxB,IAAIqB,EACAC,EAKJ,OAFAD,GADArB,EAAQA,EAAM3gC,SACE/B,QAChBgkC,EAAWtB,EAAMj/B,OAASi/B,EAAM,GAAK,KAChCsB,EAIDhmC,KAAKylC,gBAAgBM,GAChBA,GAITx6B,EAAK,gCAAgCw6B,mBAAyBC,MAGvDhmC,KAAK8lC,gBAAgBpB,IAXnBqB,CAYV,EAEDV,gBAAiB,WAMf,OAJI/U,OAAmBplB,OAAO+6B,YAC5B/6B,OAAO+6B,UAAY,cAGdC,YACR,EAEDV,kBAAmB,WACjB,OAAOW,cACR,EAGDP,iBAAkB,SAAS7+B,GACzB,MAAM26B,EAAS36B,EAAS26B,OAClB0E,EAAWr/B,EAASq/B,SACpBC,EAAgBt/B,EAASs/B,cAC/B,QAAsB,IAAX3E,QAA8C,IAAb0E,EAC1C,MAAM,IAAI72B,EAAa,sEAEzB,MAAMmH,EAAyB,CAC7B4vB,QAAStmC,KAAK0W,QAAQ1R,IACtBuhC,QAAS,CAAC98B,EAAK9H,EAAOyV,EAAY,8BAEhCA,EAAaivB,EAAgB,KAAOjvB,EACpCpX,KAAK0W,QAAQvS,IAAIsF,EAAK9H,EAAOyV,EAAW,CACtCsqB,OAAQA,EACR0E,SAAUA,GACV,EAEJI,WAAa/8B,IACXzJ,KAAK0W,QAAQoB,OAAOrO,EAAI,GAI5B,OAAK1C,EAAS+6B,mBAOP,CACLwE,QAAS,SAAS78B,GAChB,IAAIkO,EAAOjB,EAAQ4vB,UACf3kC,EAAQ,GAMZ,OALAV,OAAOuF,KAAKmR,GAAMrV,SAAQ4Y,IACA,IAApBA,EAAEla,QAAQyI,KACZ9H,EAAMuZ,EAAEtT,QAAQ,GAAG6B,KAAQ,KAAOxD,KAAKC,MAAMyR,EAAKuD,IACnD,IAEIjV,KAAKwG,UAAU9K,EACvB,EACD4kC,QAAS,SAAS98B,EAAK9H,GACrB,IAAI8kC,EAAiBxgC,KAAKC,MAAMlG,KAAKsmC,QAAQ78B,IAC7C9H,EAAQsE,KAAKC,MAAMvE,GAEnBV,OAAOuF,KAAK7E,GAAOW,SAAQ4Y,IACzB,IAAIqmB,EAAa93B,EAAM,IAAMyR,EACzBwrB,EAAezgC,KAAKwG,UAAU9K,EAAMuZ,IACxCxE,EAAQ6vB,QAAQhF,EAAYmF,UACrBD,EAAevrB,EAAE,IAG1Bja,OAAOuF,KAAKigC,GAAgBnkC,SAAQ4Y,IAClCxE,EAAQ8vB,WAAW/8B,EAAM,IAAMyR,EAAE,GAEpC,EACDsrB,WAAY,SAAS/8B,GACnB,IAAIg9B,EAAiBxgC,KAAKC,MAAMlG,KAAKsmC,QAAQ78B,IAC7CxI,OAAOuF,KAAKigC,GAAgBnkC,SAAQ4Y,IAClCxE,EAAQ8vB,WAAW/8B,EAAM,IAAMyR,EAAE,GAEpC,GArCMxE,CAuCV,EAGDiwB,cAAe,CAAE,EACjBd,mBAAoB,WAClB,MAAO,CACLS,QAAU78B,GACDzJ,KAAK2mC,cAAcl9B,GAE5B88B,QAAS,CAAC98B,EAAK9H,KACb3B,KAAK2mC,cAAcl9B,GAAO9H,CAAK,EAGpC,EAED2jC,YAAa,SAAS5uB,GACpB,IAAIjN,EAAM,oBACV,IAGE,OAFAiN,EAAQ6vB,QAAQ98B,EAAKA,GACrBiN,EAAQ8vB,WAAW/8B,IACZ,CACR,CAAC,MAAO/I,GACP,OAAO,CACR,CACF,EAEDgW,QAAS,CACPvS,IAAK,SAAS9C,EAAcM,EAAeyV,EAAmBrQ,GAC5D,MAAM,SAAEq/B,EAAQ,OAAE1E,GAAW36B,EAC7B,QAAsB,IAAX26B,QAA8C,IAAb0E,EAC1C,MAAM,IAAI72B,EAAa,iEAEzB,IAAIq3B,EAA+B,CACjC13B,KAAMnI,EAAQmI,MAAQ,IACtBwyB,SACA0E,YAaF,OATOx4B,KAAK1H,MAAMkR,KAKhBwvB,EAAcC,QAAU,IAAIj5B,KAAKwJ,IAGnC,IAAQjT,IAAI9C,EAAMM,EAAOilC,GAClB5mC,KAAKgF,IAAI3D,EACjB,EAED2D,IAAK,SAAS3D,GAEZ,OAAKyK,UAAUrG,OAGR,IAAQT,IAAI3D,GAFV,IAAQ2D,KAGlB,EAED8S,OAAQ,SAASzW,GACf,OAAO,IAAQyjC,OAAOzjC,EAAM,CAAE6N,KAAM,KACrC,ICzOW,SAAA43B,GAUd7U,EACA8U,SAGA,MAAMC,GC9BPC,ED8B4ChV,EC7BpC,cAA8BgV,EACnC,cAAAC,CAAeC,EAAqBh2B,GAEXi2B,GAAe5B,oBACvBe,QAAQrxB,GAA2BiyB,IAGlDh2B,EAAQA,GAASnR,KAAK+G,QAAQoK,QAENnR,KAAK6W,eAAewwB,wBAC5Bd,QAAQp1B,EAAOg2B,EAEhC,CAED,cAAAG,CAAen2B,GAGb,GADAA,EAAQA,GAASnR,KAAK+G,QAAQoK,MACnB,CACT,MACMg2B,EADgBnnC,KAAK6W,eAAewwB,wBACRf,QAAQn1B,GAC1C,GAAIg2B,EACF,OAAOA,CAEV,CAGD,MAAMzwB,EAAU0wB,GAAe5B,oBAC/B,OAAO9uB,GAAUA,EAAQ4vB,QAAQpxB,UAA0ChT,CAC5E,CAED,iBAAAqlC,CAAkBp2B,GAOhB,GALgBi2B,GAAe5B,oBACvBgB,WAAWtxB,IAGnB/D,EAAQA,GAASnR,KAAK+G,QAAQoK,MACnB,CACT,MAAMq2B,EAAgBxnC,KAAK6W,eAAewwB,wBAC1CG,EAAchB,YAAcgB,EAAchB,WAAWr1B,EACtD,CACF,IAlDC,IAQL81B,ED+BC,OAAO,gBAA4BD,EAajC,WAAAn+B,IAAeoD,GACboD,SAASpD,GAETjM,KAAKiT,mBAAqB,IAAI8zB,EAA8B9lC,OAAOuW,OAAO,CACxEX,eAAgB7W,KAAK6W,gBACpB7W,KAAK+G,QAAQkM,qBAEhBjT,KAAKuR,KAAO,CACV8D,8BAA+B8lB,GAAK9lB,8BACpCqgB,iBAAkByF,GAAKzF,iBACvBM,iBAAkBmF,GAAKnF,kBAGzBh2B,KAAKynC,SAAW,CAAEC,aAAa,GAE/B1nC,KAAK2nC,YAAc,IAAI1S,GAEvBj1B,KAAKsS,MAAQutB,GAAe7/B,KAAMA,KAAK2nC,aAGvC3nC,KAAKuuB,aAAe,IAAIiT,GAAaxhC,KAAMA,KAAK+G,QAAQwnB,cAExDvuB,KAAK4nC,UAAYvH,GAAgBrgC,KAClC,CAGD,YAAAmyB,GACE9iB,MAAM8iB,eAGNnyB,KAAKuuB,aAAa7a,OACnB,CAKD,qBAAMm0B,CAAgB9gC,EAAkC,CAAC,GAEvD,MAAM,UAAEm6B,EAAS,WAAEC,GAAenhC,KAAKuuB,aAAatW,aAE9C6vB,EAAc/gC,EAAQghC,eAA4C,UAA3BhhC,EAAQghC,eAA6B7G,EAC5E8G,EAAejhC,EAAQghC,eAA4C,WAA3BhhC,EAAQghC,eAA8B5G,EAEpF,IAAI,YAAEtvB,GAAgB7R,KAAKuuB,aAAasQ,gBACxC,GAAIhtB,GAAe7R,KAAKuuB,aAAaqU,WAAW/wB,GAE9C,GADAA,OAAc3P,EACV4lC,EACF,IACEj2B,QAAoB7R,KAAKuuB,aAAa6R,MAAM,cAC7C,CAAC,MAAM,GAEP,MACQ4H,GACThoC,KAAKuuB,aAAauW,OAAO,eAI7B,IAAI,QAAEhzB,GAAY9R,KAAKuuB,aAAasQ,gBACpC,GAAI/sB,GAAW9R,KAAKuuB,aAAaqU,WAAW9wB,GAE1C,GADAA,OAAU5P,EACN4lC,EACF,IACEh2B,QAAgB9R,KAAKuuB,aAAa6R,MAAM,UACzC,CAAC,MAAM,GAEP,MACQ4H,GACThoC,KAAKuuB,aAAauW,OAAO,WAI7B,SAAUjzB,IAAeC,EAC1B,CAGD,wBAAMm2B,CAAmB9U,EAAkC,CAAC,GAC1D,MAAM,YAAEgU,GAAqChU,EAArB+U,EAAgB,GAAK/U,EAAvC,CAAoC,gBAC1C,IAAGnzB,KAAKynC,SAASC,YAAjB,CAKA1nC,KAAKynC,SAASC,aAAc,EAC5B,IAEMP,GACFnnC,KAAKknC,eAAeC,GAEtB,MAAM3uB,EAASvX,OAAOuW,OAAO,CAE3BtG,OAAQlR,KAAK+G,QAAQmK,QAAU,CAAC,SAAU,QAAS,YAClDg3B,SACGloC,KAAKsS,MAAMyqB,gBAAgBvkB,EAClC,CAAS,QACRxY,KAAKynC,SAASC,aAAc,CAC7B,CAfA,CAgBF,CAED,aAAMS,GACJ,MAAM,QAAEr2B,EAAO,YAAED,GAAgB7R,KAAKuuB,aAAasQ,gBACnD,OAAO7+B,KAAKsS,MAAM0mB,YAAYnnB,EAAaC,EAC5C,CAED,UAAAs2B,GACE,MAAM,QAAEt2B,GAAY9R,KAAKuuB,aAAasQ,gBACtC,OAAO/sB,EAAUA,EAAQA,aAAU5P,CACpC,CAED,cAAAmmC,GACE,MAAM,YAAEx2B,GAAgB7R,KAAKuuB,aAAasQ,gBAC1C,OAAOhtB,EAAcA,EAAYA,iBAAc3P,CAChD,CAED,eAAAomC,GACE,MAAM,aAAEv2B,GAAiB/R,KAAKuuB,aAAasQ,gBAC3C,OAAO9sB,EAAeA,EAAaA,kBAAe7P,CACnD,CAKD,6BAAMqmC,GACJ,MAAM,OAAEvd,EAAM,aAAEhhB,SAAuBhK,KAAKsS,MAAMgrB,eAC7B,SAAjBtzB,GACFhK,KAAKuuB,aAAaC,UAAUxD,EAE/B,CAED,eAAAwE,GACE,OAAOA,GAAgBxvB,KACxB,CAED,MAAAwoC,GACE,QAASxoC,KAAK+G,QAAQwK,IACvB,CAED,eAAAk3B,CAAgBz+B,GACd,IAAIy+B,GAAkB,EAMtB,OAJEA,EADEjmC,MAAMC,QAAQzC,KAAK+G,QAAQiD,eAAiBhK,KAAK+G,QAAQiD,aAAavE,OACtDzF,KAAK+G,QAAQiD,aAAahJ,QAAQgJ,IAAiB,EAEnDhK,KAAK+G,QAAQiD,eAAiBA,EAE3Cy+B,CACR,CAED,uBAAAC,GACE,OAAO1oC,KAAKyoC,gBAAgB,OAC7B,CAGD,qBAAME,CAAgB5hC,GACpB,IAAKA,EAAQ8K,YAAa,CACxB,MAAMA,SAAqB7R,KAAKuuB,aAAa9B,aAAa5a,YAC1D9K,EAAQ8K,YAAcA,aAAA,EAAAA,EAAaA,WACpC,CACD,OAAOyE,GAAYtW,KAAM+G,EAC1B,CAGD,uBAAM6hC,CAAkB/2B,GACtB,IAAKA,EAAa,CAChBA,SAAqB7R,KAAKuuB,aAAa9B,aAAa5a,YACpD,MAAMg3B,EAAiB7oC,KAAKuuB,aAAa0V,oBAAoB,eAC7DjkC,KAAKuuB,aAAauW,OAAO+D,EAC1B,CAED,OAAKh3B,EAGE7R,KAAKsS,MAAM6tB,OAAOtuB,GAFhB9O,QAAQI,QAAQ,KAG1B,CAGD,wBAAM2lC,CAAmB/2B,GACvB,IAAKA,EAAc,CACjBA,SAAsB/R,KAAKuuB,aAAa9B,aAAa1a,aACrD,MAAMg3B,EAAkB/oC,KAAKuuB,aAAa0V,oBAAoB,gBAC9DjkC,KAAKuuB,aAAauW,OAAOiE,EAC1B,CAED,OAAKh3B,EAGE/R,KAAKsS,MAAM6tB,OAAOpuB,GAFhBhP,QAAQI,QAAQ,KAG1B,CAED,qBAAA6lC,CAAsBjiC,EAAqC,CAAC,GAC1D,IAAI,QACF+K,EAAO,sBACPm3B,EAAqB,MACrB93B,GACEpK,EAIJ,GAHK+K,IACHA,EAAU9R,KAAKuuB,aAAasQ,gBAAgB/sB,UAEzCA,EACH,MAAO,QAEqB5P,IAA1B+mC,IACFA,EAAwBjpC,KAAK+G,QAAQkiC,uBAGvC,MAAMx4B,EAAYJ,EAAarQ,MAAMyQ,UAC/By4B,EAAcp3B,EAAQA,QAC5B,IAAIq3B,EAAY14B,EAAY,kBAAoBxB,mBAAmBi6B,GASnE,OARID,IACFE,GAAa,6BAA+Bl6B,mBAAmBg6B,IAG7D93B,IACFg4B,GAAa,UAAYl6B,mBAAmBkC,IAGvCg4B,CACR,CAID,aAAMC,CAAQriC,GACZA,EAAU9F,OAAOuW,OAAO,CAAE,EAAEzQ,GAG5B,MAAMsiC,EAAan+B,OAAO1C,SAASqyB,OAC7ByO,EAAap+B,OAAO1C,SAASuR,KAK7BkvB,EAA0D,OAAlCliC,EAAQkiC,sBAAiC,KACpEliC,EAAQkiC,uBACNjpC,KAAK+G,QAAQkiC,uBACbI,EACCl4B,EAAQpK,aAAA,EAAAA,EAASoK,MAGvB,IAAIU,EAAc9K,EAAQ8K,YACtBE,EAAehL,EAAQgL,aAC3B,MAAM62B,GAAkD,IAA9B7hC,EAAQ6hC,kBAC5BE,GAAoD,IAA/B/hC,EAAQ+hC,mBAE/BA,QAA8C,IAAjB/2B,IAC/BA,EAAe/R,KAAKuuB,aAAasQ,gBAAgB9sB,cAG/C62B,QAA4C,IAAhB/2B,IAC9BA,EAAc7R,KAAKuuB,aAAasQ,gBAAgBhtB,aAG7C9K,EAAQ+K,UACX/K,EAAQ+K,QAAU9R,KAAKuuB,aAAasQ,gBAAgB/sB,SAGlDg3B,GAAsB/2B,SAClB/R,KAAK8oC,mBAAmB/2B,GAG5B62B,GAAqB/2B,SACjB7R,KAAK4oC,kBAAkB/2B,GAG/B,MAAMs3B,EAAYnpC,KAAKgpC,sBAAsB,OAAD,wBAAMjiC,GAAO,CAAEkiC,2BAG3D,GAAKE,EAuBH,OARIpiC,EAAQwiC,0BAEVvpC,KAAKuuB,aAAa7a,QAElB1T,KAAKuuB,aAAa4W,wBAGpBj6B,OAAO1C,SAASgP,OAAO2xB,IAChB,EAvBO,CAEd,MAAMK,QAAsBxpC,KAAKypC,eAC3Bz4B,EAAc,IAAIsd,IAAI2a,GAAyBI,GAUrD,OATIl4B,GACFH,EAAYhE,aAAazK,OAAO,QAAS4O,GAEvC83B,IAA0BK,EAE5Bp+B,OAAO1C,SAASuR,KAAO/I,EAAY+I,KAEnC7O,OAAO1C,SAASgP,OAAOxG,EAAY+I,MAE9ByvB,CACR,CAWF,IA3SMtZ,OAAoBA,EA6S3B,CAEJ,iBEtUO,MAAMwZ,GAAqB,KAC5BC,GAAkB,CACtBC,uBAAwB,KACxBC,cAAe,GAEXC,GAA0B,wBAiBnBC,GAiBX,WAAAlhC,CAAYoH,GACV,IAAKA,EAAI4hB,QACP,MAAM,IAAItiB,EAAa,yDAGzBvP,KAAKgqC,KAAO/5B,EACZjQ,KAAKynC,SAAgB,iBAAAkC,IACrB3pC,KAAKiqC,WAAaP,GAClB1pC,KAAKkqC,YAAc,CAAC,EACpBlqC,KAAKmqC,eAAiB,KACtBnqC,KAAKoqC,gBAAkB,IAAInV,GAAa,CACtCC,OAAO,IAMTjlB,EAAIse,aAAa2T,GAAGrB,IAAa,CAACp3B,EAAK6I,KACrCtS,KAAKqqC,eAAe,CAAElI,MAAOtB,GAAap3B,MAAK6I,UAC/CtS,KAAKsqC,iBAAiB,IAExBr6B,EAAIse,aAAa2T,GAAGpB,IAAe,CAACr3B,EAAK6I,KACvCtS,KAAKqqC,eAAe,CAAElI,MAAOrB,GAAer3B,MAAK6I,UACjDtS,KAAKsqC,iBAAiB,GAEzB,CAED,cAAAD,CAAetjC,GACb/G,KAAKkqC,YAAcnjC,CACpB,CAED,YAAAwjC,GACE,OAAOvqC,KAAKiqC,UACb,CAED,oBAAAO,GACE,OAAOxqC,KAAKmqC,cACb,CAED,qBAAMG,GACJ,MAAM,mBAAEG,EAAkB,QAAEC,GAAY1qC,KAAKgqC,KAAKjjC,QAE5CuE,EAAOtD,IACX,MAAM,MAAEm6B,EAAK,IAAE14B,EAAG,MAAE6I,GAAUtS,KAAKkqC,YACnC9+B,IAAaI,MAAM,uCAAuC22B,YAAgBn6B,KAC1EoD,IAAaE,IAAI7B,EAAK6I,GACtBlH,IAAaE,IAAI,oBAAqBtL,KAAKiqC,YAC3C7+B,IAAaK,WAGbzL,KAAKkqC,YAAc,CAAC,CAAC,EAGjBS,EAAuBC,IAnFT,IAACC,EAA6B15B,IAoFXy5B,GApFlBC,EAoFC7qC,KAAKiqC,aA9EtBY,EAAUhD,kBAAoB12B,EAAM02B,iBACtC5hC,KAAKwG,UAAUo+B,EAAU/4B,WAAa7L,KAAKwG,UAAU0E,EAAMW,UAC3D7L,KAAKwG,UAAUo+B,EAAUh5B,eAAiB5L,KAAKwG,UAAU0E,EAAMU,cAC/Dg5B,EAAUtnC,QAAU4N,EAAM5N,MA4EzBmnC,GAAWp/B,EAAI,cAGjBtL,KAAKmqC,eAAiBnqC,KAAKiqC,WAC3BjqC,KAAKiqC,WAAaW,EAElB5qC,KAAKgqC,KAAKnY,QAAQiR,KAAKgH,GAAyB,OAAF,UAAOc,IACrDF,GAAWp/B,EAAI,WAAU,EAGrBw/B,EAAgBC,GACb/qC,KAAKynC,SAASmC,uBAAuBvkC,MAAK,KAC/C,MAAM2lC,EAAahrC,KAAKynC,SAASmC,uBACjC,OAAIoB,GAAcA,IAAeD,EACxBD,EAAaE,GAEfhrC,KAAKuqC,cAAc,IAI9B,GAAIvqC,KAAKynC,SAASmC,uBAAwB,CACxC,GAAI5pC,KAAKynC,SAASoC,eA7GS,GAiHzB,OADAa,GAAWp/B,EAAI,cACRw/B,EAAa9qC,KAAKynC,SAASmC,wBAElC5pC,KAAKynC,SAASmC,uBAAuB/c,QAExC,CAGD,MAAMoe,EAAoB,IAAI,IAAY,CAAC9nC,EAAS+nC,EAAGC,KACrDA,EAASC,cAAe,EACxBD,GAAS,KACPnrC,KAAKynC,SAASmC,uBAAyB,KACvC5pC,KAAKynC,SAASoC,cAAgB7pC,KAAKynC,SAASoC,cAAgB,EAC5Da,GAAWp/B,EAAI,WAAW,IAG5B,MAAM+/B,EAAkBT,IAClBK,EAAkBK,WACpBnoC,KAIFwnC,EAAoBC,GACpBznC,IAGAnD,KAAKynC,SAAgB,iBAAAkC,IAAiB,EAGxC3pC,KAAKgqC,KAAKnC,kBACPxiC,MAAK,KACJ,GAAI4lC,EAAkBK,WAEpB,YADAnoC,IAIF,MAAM,YAAE0O,EAAW,QAAEC,EAAO,aAAEC,GAAiB/R,KAAKgqC,KAAKzb,aAAasQ,gBAChE+L,EAAY,CAChB/4B,cACAC,UACAC,eACA81B,mBAAoBh2B,IAAeC,KAID24B,EAChCzqC,KAAKoqC,gBAAgB3jC,KAAKgkC,EAAoB,KAAMzqC,KAAKgqC,KAAMY,GAC/D7nC,QAAQI,QAAQynC,IAGjBvlC,MAAKulC,GAAaS,EAAeT,KACjC5yB,OAAMzU,GAAS8nC,EAAe,CAC7Bx5B,cACAC,UACAC,eACA81B,iBAAiB,EACjBtkC,WACC,GACL,IAKN,OAFAvD,KAAKynC,SAASmC,uBAAyBqB,EAEhCH,EAAaG,EACrB,CAED,SAAAM,CAAUnJ,GACRpiC,KAAKgqC,KAAKnY,QAAQqQ,GAAG4H,GAAyB1H,EAC/C,CAED,WAAAoJ,CAAYpJ,GACVpiC,KAAKgqC,KAAKnY,QAAQwQ,IAAIyH,GAAyB1H,EAChD,QC3MUqJ,GAMX,WAAA5iC,CAAY0lB,EAAqCxnB,EAAiC,CAAC,GAF3E,KAAO,SAAG,EAGhB/G,KAAKuuB,aAAeA,EACpBvuB,KAAK+G,QAAUA,EACf/G,KAAK0rC,eAAiB,GACtB1rC,KAAK2rC,sBAAwB3rC,KAAK2rC,sBAAsB5/B,KAAK/L,KAC9D,CAEO,mBAAA4rC,GACN,IAAIn0B,GAAM,EAEV,GADAzX,KAAK0rC,eAAejlC,KAAKmH,KAAKuJ,OAC1BnX,KAAK0rC,eAAejmC,QAAU,GAAI,CAEpC,MAAMomC,EAAY7rC,KAAK0rC,eAAe1pC,QAEtCyV,EADiBzX,KAAK0rC,eAAe1rC,KAAK0rC,eAAejmC,OAAS,GAChDomC,EAAa,GAChC,CACD,OAAOp0B,CACR,CAED,kBAAAq0B,GAEE,QAAS9rC,KAAK+G,QAAQq6B,aAAehR,IACtC,CAEO,oBAAA2b,GACN,MACM/gB,EADehrB,KAAKuuB,aAAarX,aACXA,aAC5BjW,OAAOuF,KAAKwkB,GAAQ1oB,SAAQmH,IAC1B,MAAM6I,EAAQ0Y,EAAOvhB,IAChByI,EAAeI,IAAUtS,KAAKuuB,aAAaqU,WAAWtwB,IACzDtS,KAAK2rC,sBAAsBliC,EAC5B,GAEJ,CAEO,qBAAAkiC,CAAsBliC,GAC5B,GAAIzJ,KAAK+G,QAAQm6B,UACf,GAAIlhC,KAAK4rC,sBAAuB,CAC9B,MAAMroC,EAAQ,IAAIgM,EAAa,iCAC/BvP,KAAKuuB,aAAa6U,UAAU7/B,EAC7B,MACCvD,KAAKuuB,aAAa6R,MAAM32B,GAAKuO,OAAM,cAE5BhY,KAAK+G,QAAQo6B,YACtBnhC,KAAKuuB,aAAauW,OAAOr7B,EAE5B,CAED,QAAAuiC,GACE,SAAUhsC,KAAK+G,QAAQm6B,YAAelhC,KAAK+G,QAAQo6B,YAAgBnhC,KAAKuiC,QACzE,CAED,WAAM1S,GACA7vB,KAAKgsC,aACPhsC,KAAKuuB,aAAa2T,GAAGvB,GAAe3gC,KAAK2rC,uBACrC3rC,KAAKuuB,aAAamU,aAGpB1iC,KAAK+rC,uBAEP/rC,KAAKuiC,SAAU,EAElB,CAED,UAAMC,GACAxiC,KAAKuiC,UACPviC,KAAKuuB,aAAa8T,IAAI1B,GAAe3gC,KAAK2rC,uBAC1C3rC,KAAK0rC,eAAiB,GACtB1rC,KAAKuiC,SAAU,EAElB,CAED,SAAAG,GACE,OAAO1iC,KAAKuiC,OACb,wBCpEU0J,GAOX,WAAApjC,CAAY0lB,EAAqCxnB,EAAiC,CAAC,GAH3E,KAAO,SAAG,EACV,KAAiB,mBAAG,EAG1B/G,KAAKuuB,aAAeA,EACpBvuB,KAAK+G,QAAUA,EACf/G,KAAKksC,oBAAsBlsC,KAAKksC,oBAAoBngC,KAAK/L,MACzDA,KAAKmsC,sBAAwBnsC,KAAKmsC,sBAAsBpgC,KAAK/L,MAC7DA,KAAKosC,sBAAwBpsC,KAAKosC,sBAAsBrgC,KAAK/L,MAC7DA,KAAKqsC,oBAAsBrsC,KAAKqsC,oBAAoBtgC,KAAK/L,MACzDA,KAAKssC,qBAAuBtsC,KAAKssC,qBAAqBvgC,KAAK/L,KAC5D,CAED,kBAAA8rC,GACE,OAAO,CACR,CAED,SAAApJ,GACE,OAAO1iC,KAAKuiC,OACb,CAED,QAAAyJ,GACE,QAAShsC,KAAK+G,QAAQq6B,aAAehR,OAAgBpwB,KAAKuiC,OAC3D,CAED,WAAM1S,GACJ,IAAK7vB,KAAKgsC,WACR,OAGF,MAAM,gBAAEO,GAAoBvsC,KAAK+G,QACjC,IAEE/G,KAAKsjB,QAAU,IAAI,MAAiBipB,EACrC,CAAC,MAAO9jC,GACP,MAAM,IAAI8G,EAAa,0DACxB,CAEDvP,KAAKuuB,aAAa2T,GAAGrB,GAAa7gC,KAAKksC,qBACvClsC,KAAKuuB,aAAa2T,GAAGpB,GAAe9gC,KAAKmsC,uBACzCnsC,KAAKuuB,aAAa2T,GAAGtB,GAAe5gC,KAAKosC,uBACzCpsC,KAAKuuB,aAAa2T,GAAGlB,GAAmBhhC,KAAKqsC,qBAC7CrsC,KAAKsjB,QAAQpZ,iBAAiB,UAAWlK,KAAKssC,sBAC9CtsC,KAAKuiC,SAAU,CAChB,CAED,UAAMC,WACAxiC,KAAKuiC,UACPviC,KAAKuuB,aAAa8T,IAAIxB,GAAa7gC,KAAKksC,qBACxClsC,KAAKuuB,aAAa8T,IAAIvB,GAAe9gC,KAAKmsC,uBAC1CnsC,KAAKuuB,aAAa8T,IAAIzB,GAAe5gC,KAAKosC,uBAC1CpsC,KAAKuuB,aAAa8T,IAAIrB,GAAmBhhC,KAAKqsC,qBAClC,QAAZ,EAAArsC,KAAKsjB,eAAO,SAAEjZ,oBAAoB,UAAWrK,KAAKssC,4BAC9B,QAAd,EAAAtsC,KAAKsjB,eAAS,eAAAsZ,SACpB58B,KAAKsjB,aAAUphB,EACflC,KAAKuiC,SAAU,EAElB,CAEO,mBAAA2J,CAAoBziC,EAAa6I,SAClCtS,KAAKwsC,oBAGE,QAAZ,EAAAxsC,KAAKsjB,eAAO,SAAEyN,YAAY,CACxB9rB,KAAM47B,GACNp3B,MACA6I,UAEH,CAEO,qBAAA65B,CAAsB1iC,EAAa6I,SACpCtS,KAAKwsC,oBAGE,QAAZ,EAAAxsC,KAAKsjB,eAAO,SAAEyN,YAAY,CACxB9rB,KAAM67B,GACNr3B,MACA6I,UAEH,CAEO,qBAAA85B,CAAsB3iC,EAAa6I,EAAc2wB,SAClDjjC,KAAKwsC,oBAGE,QAAZ,EAAAxsC,KAAKsjB,eAAO,SAAEyN,YAAY,CACxB9rB,KAAM27B,GACNn3B,MACA6I,QACA2wB,aAEH,CAEO,mBAAAoJ,CAAoB31B,SACd,QAAZ,EAAA1W,KAAKsjB,eAAO,SAAEyN,YAAY,CACxB9rB,KAAM+7B,GACNtqB,WAEH,CAGO,oBAAA41B,CAAqB98B,GAU3B,OADAxP,KAAKwsC,mBAAoB,EACjBh9B,EAAIvK,MACV,KAAK+7B,GACHhhC,KAAKuuB,aAAarX,aAAa4sB,WAAWt0B,EAAIkH,SAC9C,MACF,KAAKmqB,GACH7gC,KAAKuuB,aAAa2U,UAAU1zB,EAAI/F,IAAM+F,EAAI8C,OAC1CtS,KAAKuuB,aAAa+U,sBAAsB9zB,EAAI/F,IAAM+F,EAAI8C,OACtD,MACF,KAAKwuB,GACH9gC,KAAKuuB,aAAa8U,wBAAwB7zB,EAAI/F,KAC9CzJ,KAAKuuB,aAAa4U,YAAY3zB,EAAI/F,IAAM+F,EAAI8C,OAC5C,MACF,KAAKsuB,GACH5gC,KAAKuuB,aAAawU,YAAYvzB,EAAI/F,IAAM+F,EAAI8C,MAAQ9C,EAAIyzB,UAK5DjjC,KAAKwsC,mBAAoB,CAC1B,QC1IUC,GAMX,WAAA5jC,CAAY9B,EAA0B,CAAC,GAF/B,KAAO,SAAG,EAGhB/G,KAAK+G,QAAUA,EACf/G,KAAK0sC,kBAAoB1sC,KAAK0sC,kBAAkB3gC,KAAK/L,MACrDA,KAAK2sC,SAAW3sC,KAAK2sC,SAAS5gC,KAAK/L,KACpC,CAEO,iBAAA0sC,GACP,CAEO,cAAMC,iBACmB,QAAzB,KAAA3sC,KAAK+G,SAAQ4lC,gBAAY,uBAChC,CAED,QAAAC,SACE,SAAqB,QAAZ,EAAA5sC,KAAK6sC,eAAO,eAAED,SACxB,CAED,SAAAE,SACE,SAAqB,QAAZ,EAAA9sC,KAAK6sC,eAAO,eAAEC,UACxB,CAED,WAAMjd,GACJ,GAAI7vB,KAAKgsC,WAAY,CACnB,MAAM,oBAAEe,GAAwB/sC,KAAK+G,QACrC/G,KAAKsjB,QAAU,IAAI,MAAiBypB,GACpC/sC,KAAK6sC,SAAU,SAAqB7sC,KAAKsjB,SACzCtjB,KAAK6sC,QAAQG,YAAchtC,KAAK0sC,kBAChC1sC,KAAK6sC,QAAQI,kBAAkB5nC,KAAKrF,KAAK2sC,UACzC3sC,KAAKuiC,SAAU,CAChB,CACF,CAED,UAAMC,GACAxiC,KAAKuiC,UACHviC,KAAK6sC,gBACD7sC,KAAK6sC,QAAQK,MACnBltC,KAAK6sC,aAAU3qC,GAEblC,KAAKsjB,UAENtjB,KAAKsjB,QAAgB6pB,aAAe,IAAMpqC,QAAQI,gBAC7CnD,KAAKsjB,QAAQsZ,QACnB58B,KAAKsjB,aAAUphB,GAEjBlC,KAAKuiC,SAAU,EAElB,CAED,kBAAAuJ,GACE,OAAO,CACR,CAED,SAAApJ,GACE,OAAO1iC,KAAKuiC,OACb,CAED,QAAAyJ,GACE,OAAO5b,OAAgBpwB,KAAKuiC,OAC7B,EC9DH,MAAM6K,GAAa,YACbC,GAAe,cACfC,GAAkB,uBAEXC,GAqBX,WAAA1kC,CAAYoH,EAAqClJ,EAAiC,CAAC,GACjF/G,KAAKiQ,IAAMA,EACXjQ,KAAK2sC,SAAW3sC,KAAK2sC,SAAS5gC,KAAK/L,MAGnC,MAAM,UAAEkhC,EAAS,WAAEC,EAAU,YAAEC,GAAgBnxB,EAAIse,aAAatW,aAChElR,EAAQgmC,oBAAsBhmC,EAAQgmC,qBAAuBhmC,EAAQymC,qBACrExtC,KAAK+G,QAAU9F,OAAOuW,OAAO,CAAE,EAC7B+1B,GAAeE,eACf,CAAEvM,YAAWC,aAAYC,eACzB,CACE2L,oBAAqB,GAAG98B,EAAIlJ,QAAQgK,oBACpCw7B,gBAAiB,GAAGt8B,EAAIlJ,QAAQgK,iBAElCzE,EAAWvF,IAGb/G,KAAKuiC,SAAU,EACfviC,KAAK0tC,SAAW,IAAIC,IAEpBJ,GAAeK,cAActrC,SAAQjB,IACnC,MAAMwsC,EAAM7tC,KAAK8tC,cAAczsC,GAC3BwsC,GACF7tC,KAAK0tC,SAASvpC,IAAI9C,EAAMwsC,EACzB,GAEJ,CAEO,cAAMlB,GACR3sC,KAAKuiC,eAEDviC,KAAK+tC,eAEd,CAED,QAAAnB,SACE,OAAkE,QAA1D,EAAA5sC,KAAKguC,WAAWV,WAA0C,eAAEV,UACrE,CAED,gBAAAqB,GACE,MAAO,IAAIjuC,KAAK0tC,SAAShnC,UAAUmN,MAAKq6B,GAAOA,EAAIlC,YAAckC,EAAIpC,sBACtE,CAED,WAAMjc,GACA7vB,KAAKuiC,gBAGHviC,KAAK+tC,gBACX/tC,KAAKuiC,SAAU,EAChB,CAED,UAAMC,SACExiC,KAAKmuC,eACXnuC,KAAKuiC,SAAU,CAChB,CAED,UAAAyL,CAAW3sC,GACT,OAAOrB,KAAK0tC,SAAS1oC,IAAI3D,EAC1B,CAEO,mBAAM0sC,GACZ,IAAK,MAAO1sC,EAAM6sC,KAAQluC,KAAK0tC,SAAS/mC,UAClC3G,KAAKouC,gBAAgB/sC,EAAM6sC,UACvBA,EAAIre,OAGf,CAEO,kBAAMse,GACZ,IAAK,MAAMD,KAAOluC,KAAK0tC,SAAShnC,eACxBwnC,EAAI1L,MAEb,CAGO,eAAA4L,CAAgB/sC,EAAc6sC,GACpC,IAAIlC,EAAWkC,EAAIlC,aAAekC,EAAIxL,YAOtC,OALIrhC,IAASisC,GACXtB,IAAAA,EAAahsC,KAAKiuC,oBACTC,EAAIpC,sBACbE,IAAAA,EAAahsC,KAAK4sC,YAEbZ,CACR,CAEO,aAAA8B,CAAczsC,GACpB,MAAMktB,EAAevuB,KAAKiQ,IAAIse,aAE9B,IAAI8f,EACJ,OAAQhtC,GACN,KAAKisC,GACHe,EAAU,IAAI5B,GAAsB,OAAD,wBAAKzsC,KAAK+G,SAAS,CAAA4lC,SAAU3sC,KAAK2sC,YACrE,MACF,KAAKS,GACHiB,EAAU,IAAI5C,GAAiBld,EAAc,OAAF,UAAMvuB,KAAK+G,UACtD,MACF,KAAKsmC,GACHgB,EAAU,IAAIpC,GAAmB1d,EAAc,OAAF,UAAMvuB,KAAK+G,UACxD,MACF,QACE,MAAM,IAAI5B,MAAM,mBAAmB9D,KAEvC,OAAOgtC,CACR,EC/IG,SAAUC,GASfrc,GAEC,OAAO,cAA2BA,EAKhC,WAAAppB,IAAeoD,GACboD,SAASpD,GAGTjM,KAAKuuC,iBAAmB,IAAIxE,GAA0B/pC,MAGtDA,KAAKwuC,eAAiB,IAAIjB,GAAwBvtC,KAAMA,KAAK+G,QAAQ2mC,SACtE,CAED,WAAM7d,SACE7vB,KAAKwuC,eAAe3e,QAE1B7vB,KAAKuuB,aAAasB,QACb7vB,KAAKsS,MAAMkd,yBACRxvB,KAAKuuC,iBAAiBjE,iBAE/B,CAED,UAAM9H,GAEJxiC,KAAKuuB,aAAaiU,aACZxiC,KAAKwuC,eAAehM,MAC3B,CAED,oBAAMiM,CAAetH,SACbnnC,KAAK0uC,yBAAoBxsC,EAAWilC,EAC3C,CAGD,yBAAMuH,CAAoB1jB,EAAiBmc,GACzC,IAAIh2B,EAAQnR,KAAK+G,QAAQoK,MAGzB,GAAI6Z,EACFhrB,KAAKuuB,aAAaC,UAAUxD,GAC5Bmc,EAAcA,GAAennC,KAAKsnC,eAAetnC,KAAK+G,QAAQoK,WACzD,KAAInR,KAAKwvB,kBAad,OAZA,IAGEre,SAD4BgsB,GAA0Bn9B,KAAM,CAAE,IACxCmR,MACtBg2B,EAAcA,GAAennC,KAAKsnC,eAAen2B,SAC3CnR,KAAKuoC,yBACZ,CAAC,MAAM7nC,GAGN,YADMV,KAAKuuC,iBAAiBjE,kBACtB5pC,CACP,CAGF,OAGKV,KAAKuuC,iBAAiBjE,kBAG5BtqC,KAAKunC,kBAAkBp2B,GAGvB,MAAM,mBAAEw9B,GAAuB3uC,KAAK+G,QAChC4nC,QACIA,EAAmB3uC,KAAMmnC,GACtBA,GACTj8B,OAAO1C,SAASZ,QAAQu/B,EAE3B,EAEL,CClFA,SAASyH,GAAc3+B,GACrB,OAAOA,EAAI4+B,QAAQ7pC,MAChBK,MAAK,SAASoS,GACb,MAAmB,WAAfA,EAAIzP,MAIV,IACCgQ,OAAM,WACL,OAAO,CACT,GACJ,CAEA,SAAS82B,GAAW7+B,GAClB,OAAOjL,GAAIiL,EAAK,sBAAuB,CAAElG,iBAAiB,IACzD1E,MAAK,SAASwpC,GACb,IAAIp3B,EAAM/K,EAAKmiC,EAAS,UAUxB,OARAp3B,EAAI2L,QAAU,WACZ,OAAOjL,GAAKlI,EAAK7C,EAAQyhC,EAAS,WAAW90B,KAAM,CAAC,EAAG,CAAEhQ,iBAAiB,GAC5E,EAEA0N,EAAIs3B,KAAO,WACT,OAAO/pC,GAAIiL,EAAK7C,EAAQyhC,EAAS,QAAQ90B,KAAM,CAAEhQ,iBAAiB,GACpE,EAEO0N,CACT,IACCO,OAAM,WAEL,MAAO,CAAChQ,OAAQ,WAClB,GACF,CAEA,SAASyhC,GAAax5B,GACpB,OAAOqG,GAAYrG,EAAK,CACtB/I,IAAK+I,EAAIiI,kBAAoB,sBAC7BlR,OAAQ,SACR+C,iBAAiB,GAErB,CAEA,SAASilC,GAAe/+B,GACtB,OAAOkI,GAAKlI,EAAK,wCAAyC,CAAE,EAAE,CAAElG,iBAAiB,GACnF,CAEA,SAASklC,GAAqBh/B,EAAKwrB,EAAcyT,GAC/CA,EAAcA,GAAehkC,OAAO1C,SAASuR,KAC7C7O,OAAO1C,SAASgP,OAAOvH,EAAIiI,kBAAoB,+BAC7ClJ,EAAc,CACZmgC,2BAA2B,EAC3B78B,MAAOmpB,EACPyT,YAAaA,IAEnB,CClEM,SAAUE,GAAiBn/B,GAQ/B,MAPgB,CACd2sB,MAAO6M,GAAa19B,KAAK,KAAMkE,GAC/Bo/B,OAAQT,GAAc7iC,KAAK,KAAMkE,GACjCjL,IAAK8pC,GAAW/iC,KAAK,KAAMkE,GAC3BmT,QAAS4rB,GAAejjC,KAAK,KAAMkE,GACnCg/B,qBAAsBA,GAAqBljC,KAAK,KAAMkE,GAG1D,CCLM,SAAUq/B,GAOfrd,GAEC,OAAO,cAA8BA,EAInC,WAAAppB,IAAeoD,GACboD,SAASpD,GAETjM,KAAK6uC,QAAUO,GAAiBpvC,KACjC,CAGD,YAAAypC,GACE,OAAOzpC,KAAK6uC,QAAQjS,QACnBv3B,MAAK8M,UAEJnS,KAAKmyB,gBACE,KAERna,OAAM,SAAStX,GACd,GAAe,iBAAXA,EAAEW,MAA2C,aAAhBX,EAAE+O,UAEjC,OAAO,EAET,MAAM/O,CACR,GACD,EAEL,UC3BgB6uC,GAMdC,EACA7d,EACAoV,GASA,OADauH,GADKxH,GADEwI,GADHvc,GADGf,GADPN,GAAmBC,GACa6d,KAGUzI,GAGzD,CLUiB,GAAa,cAAG,CAACqG,GAAYC,GAAcC,IAE3C,GAAAG,eAAiB,CAC9BvM,WAAW,EACXC,YAAY,EACZC,aAAa,GM7BjB,MAAMqO,GAAyB,CAAC/sB,EAA+C,MAC7E,MAAMvb,EAA+C,GASrD,OARAub,EAAyBpgB,SAASotC,IACR,aAApBA,EAAYjmC,KACdtC,EAAYV,KAAK,CACfxB,KAAM,aACN+F,GAAI+oB,GAAkB2b,EAAYC,eAErC,IAEIxoC,CAAW,EAKPyoC,GAAiC,CAC5CC,EAAgCntB,KAEzB,CACLotB,UAAW,CACTC,GAAIF,EAAeE,GACnBhB,KAAM,CACJ/jC,GAAI+oB,GAAkB8b,EAAed,KAAK/jC,IAC1C3J,KAAMwuC,EAAed,KAAK1tC,KAC1B2uC,YAAaH,EAAed,KAAKiB,aAEnCC,UAAWlc,GAAkB8b,EAAeI,WAC5CC,iBAAkBL,EAAeK,iBACjCnuB,YAAa8tB,EAAe9tB,YAC5BouB,uBAAwBN,EAAeM,uBACvCC,mBAAoBX,GAAuB/sB,MAQpC2tB,GAAgC,CAC3C7tB,EAA8BE,KAEvB,CACLotB,UAAW,CACTG,UAAWlc,GAAkBvR,EAAcytB,WAC3CK,iBAAkB9tB,EAAc8tB,iBAChCC,iBAAkBd,GAAuB/sB,MAOlC8tB,GAAkBC,IAC7B,MAAMroC,EAAWqoC,EAAWroC,SAI5B,MAAO,CACL4C,GAJSylC,EAAWzlC,GAKpB8W,WAJiBmS,GAAkB7rB,EAASsoC,gBAK5C3uB,YAJkBkS,GAAkB7rB,EAASuoC,mBAK9C,EAKUC,GAAgBH,IAC3B,MAAMroC,EAAWqoC,EAAWroC,SAK5B,MAAO,CACL4C,GALSylC,EAAWzlC,GAMpB8W,WALiBmS,GAAkB7rB,EAASsoC,gBAM5CzuB,kBALwBgS,GAAkB7rB,EAAS6Z,mBAMnDC,cALoB+R,GAAkB7rB,EAAS2sB,WAMhD,ECnFG,SAAU8b,GASf5e,SAEC,OAAO,gBAA0BA,EAK/B,WAAAppB,IAAeoD,GACboD,SAASpD,GACTjM,KAAKia,IAAM0V,GAAa3vB,KACzB,IALM8wC,SAAwB,EAM/B,CACJ,UCzBgBC,GAMdvB,EACA7d,EACAoV,GAUA,OADgB8J,GALHtB,GACXC,EACA7d,EACAoV,GAIJ,UChBgBiK,KAEd,OAAO,MAGL,WAAAnoC,CAAYoD,GACVjM,KAAK0qC,UAAYz+B,EAAKy+B,OACvB,EAGL,CCCa,MAAAuG,GAAiD,CAC5D3+B,MAAO,CACL4+B,aAAc,CACZ,eACA,iBACA,WAGJC,MAAO,CACLD,aAAc,CACZ,eACA,iBACA,WAGJrjB,YAAa,CACXqjB,aAAc,CACZ,iBACA,eACA,WAGJ,qBAAsB,CACpBA,aAAc,CACZ,iBAGJ,eAAgB,CACdA,aAAc,CACZ,2BCrCUE,KAEd,MAAMC,EFHC,MAGL,WAAAxoC,CAAYoD,GACVjM,KAAK0qC,UAAYz+B,EAAKy+B,OACvB,GEDH,OAAO,cAAwC2G,EAK7C,WAAAxoC,CAAYoD,GACVoD,MAAMpD,GACNjM,KAAK+W,iBDgCuB9K,EAA+B,CAAE,EAAEqlB,GAInE,IAAIggB,EAAiBrlC,EAAK8K,SAAW,CAAC,EAyBtC,YAxBqC,IAA1Bu6B,EAAe5P,SACxB4P,EAAe5P,OAASpQ,QAEa,IAA5BggB,EAAelL,WACxBkL,EAAelL,SAAWkL,EAAe5P,OAAS,OAAS,OAIzD4P,EAAe5P,SAAWpQ,IAE5B/lB,EACE,2LAIF+lC,EAAe5P,QAAS,GAKM,SAA5B4P,EAAelL,UAAwBkL,EAAe5P,SACxD4P,EAAelL,SAAW,OAGrBkL,CACT,CC9DqBC,CAAkBtlC,EAAMqlB,MACvCtxB,KAAK2W,YAAc1K,EAAK0K,aDTR1V,OAAOuW,OAAO,CAAC,EAAG4vB,GAAgB,CACpDT,cAAe,CAAE,ICSf3mC,KAAK6W,eAAsB,+BAAAo6B,IAA4BhlC,EAAK4K,eAC7D,EAEL,CChBA,MAAM26B,GAA0B,0BAsChC,SAASC,GAAazqC,EAAgBE,EAAa+E,GACjD,IAAIpJ,EAAOoJ,EAAK0L,KACZvV,EAAU6J,EAAK7J,SAAW,CAAC,EAC3BsvC,EAAetvC,EAAQ,iBAAmBA,EAAQ,iBAAmB,GAErES,GAAwB,iBAATA,IAEb2uC,GAAwBjwC,KAAKmwC,GAC/B7uC,EAAOoD,KAAKwG,UAAU5J,GAEC,sCAAhB6uC,IACP7uC,EAAO5B,OAAO0F,QAAQ9D,GACrBR,KAAK,EAAE8qB,EAAOxrB,KAAW,GAAGwrB,KAASle,mBAAmBtN,OACxDiE,KAAK,OAIV,IACI+rC,GADQ,OAAOxxC,OAAS,GACH+G,EAAK,CAC5BF,OAAQA,EACR5E,QAAS6J,EAAK7J,QACdS,KAAMA,EACNsE,YAAa8E,EAAKlC,gBAAkB,UAAY,SAOlD,OAJK4nC,EAAax9B,UAChBw9B,EAAe5uC,QAAQI,QAAQwuC,IAG1BA,EAAatsC,MAAK,SAAS+C,GAChC,IAAI7E,GAAS6E,EAASH,GAClBD,EAASI,EAASJ,OACtB,OApEJ,SAAkBI,GAChB,OAAIA,EAAShG,QAAQ4C,IAAI,iBAEvBoD,EAAShG,QAAQ4C,IAAI,gBAAiBvD,cAAcT,QAAQ,qBAAuB,EAC9EoH,EAASpC,OAEbgS,OAAMtX,IACE,CACL6C,MAAO7C,EACPgP,aAAc,sCAIXtH,EAAS9C,MAEpB,CAqDWssC,CAASxpC,GACb/C,MAAKsS,GApDZ,SAAsB3P,EAAgB2P,EAAuBvP,GAC3D,MAAM2L,EAA2B,iBAAT4D,EAClBvV,EAAU,GAChB,IAAK,MAAMyvC,KAASzpC,EAAShG,QAAgBuE,UAC3CvE,EAAQyvC,EAAK,IAAMA,EAAK,GAE1B,MAAMxuC,EAAuB,CAC3BsG,aAAcoK,EAAW9N,KAAKwG,UAAUkL,GAAQA,EAChD3P,OAAQA,EACR5F,WAMF,OAJI2R,IACF1Q,EAAO2G,aAAe,OACtB3G,EAAO+W,aAAezC,GAEjBtU,CACT,CAqCeyuC,CAAa9pC,EAAQ2P,EAAMvP,KAEnC/C,MAAKhC,UACJ,GAAIE,IAA4B,QAAnB,EAAAF,EAAO+W,oBAAY,eAAE7W,OAEhC,MAAMF,EAER,OAAOA,CAAM,GAEnB,GACF,UClFgB0uC,KACd,MAAMC,EAA4BZ,KAClC,OAAO,cAAqCY,EAO1C,WAAAnpC,CAAYoD,GACVoD,MAAMpD,GACNjM,KAAKkQ,OAASjE,EAAKiE,OACnBlQ,KAAK8V,kBAAoB7J,EAAK6J,kBAC9B9V,KAAKoC,QAAU6J,EAAK7J,QACpBpC,KAAK4X,kBAAoB3L,EAAK2L,mBAAqB65B,GACnDzxC,KAAKuW,wBAA0BtK,EAAKsK,uBACrC,EAEL,CClCO,MAAM07B,IAAsB,WCwDnBC,KACd,MAAMC,EAAyBJ,KAC/B,OAAO,cACGI,EAyCR,WAAAtpC,CAAY9B,GACVsI,MAAMtI,GAzEZ,SAA2BkF,GAGzB,IAAIiF,GAFJjF,EAAOA,GAAQ,CAAC,GAEEiF,OAClB,GAAIA,IAAW1O,MAAMC,QAAQyO,GAC3B,MAAM,IAAI3B,EAAa,kGAKzB,IAAIW,EAASjE,EAAKiE,OAClB,IAAKA,EACH,MAAM,IAAIX,EAAa,iIAKzB,IADiB,IAAI6iC,OAAO,iBACZ7wC,KAAK2O,GACnB,MAAM,IAAIX,EAAa,4HAIzB,IAAmC,IAA/BW,EAAOlP,QAAQ,WACjB,MAAM,IAAIuO,EAAa,yIAG3B,CAiDM8iC,CAAkBtrC,GAElB/G,KAAKkQ,OAASrB,EAAoB9H,EAAQmJ,QAC1ClQ,KAAKwQ,SAAW3B,EAAoB9H,EAAQyJ,UAC5CxQ,KAAKsQ,aAAezB,EAAoB9H,EAAQuJ,cAChDtQ,KAAKuQ,YAAc1B,EAAoB9H,EAAQwJ,aAC/CvQ,KAAK0Q,UAAY7B,EAAoB9H,EAAQ2J,WAC7C1Q,KAAKyQ,UAAY5B,EAAoB9H,EAAQ0J,WAE7CzQ,KAAKuR,MAAwB,IAAjBxK,EAAQwK,KACpBvR,KAAK+Q,SAAWhK,EAAQgK,SACxB/Q,KAAKgR,YAAcjK,EAAQiK,YACvBof,OACFpwB,KAAKgR,YAAcrC,EAAc5H,EAAQiK,YAAa9F,OAAO1C,SAASqyB,SAExE76B,KAAKgK,aAAejD,EAAQiD,aAC5BhK,KAAKiR,aAAelK,EAAQkK,aAC5BjR,KAAKmR,MAAQpK,EAAQoK,MACrBnR,KAAKkR,OAASnK,EAAQmK,OAEtBlR,KAAKqR,kBAAoBtK,EAAQsK,gBACjCrR,KAAK0R,cAAgB3K,EAAQ2K,cAC7B1R,KAAKyR,oBAAsB1K,EAAQ0K,oBACnCzR,KAAKsR,UAAYvK,EAAQuK,UACzBtR,KAAK4S,OAAS7L,EAAQ6L,OAEtB5S,KAAKuuB,aAAexnB,EAAQwnB,aAC5BvuB,KAAKipC,sBAAwBliC,EAAQkiC,sBACrCjpC,KAAK2uC,mBAAqB5nC,EAAQ4nC,mBAClC3uC,KAAKiT,mBAAuB,eAAAg/B,oBAAmB,IAAKlrC,EAAQkM,oBAE5DjT,KAAKuY,aAAexR,EAAQwR,aAC5BvY,KAAKg9B,YAAcj2B,EAAQi2B,YAK3Bh9B,KAAK23B,iBAAmB5wB,EAAQ4wB,eAS3B5wB,EAAQ6wB,cAAyC,IAAzB7wB,EAAQ6wB,aAGnC53B,KAAK43B,aAAe7wB,EAAQ6wB,aAF5B53B,KAAK43B,aAAetjB,EAKvB,EAEL,UC7IgBg+B,KAEd,MAAMC,EAA0BL,KAChC,OAAO,cACGK,EAMR,WAAA1pC,CAAY9B,GACVsI,MAAMtI,GACN/G,KAAK0tC,SAAW3mC,EAAQ2mC,SACxB1tC,KAAKyqC,mBAAqB1jC,EAAQ0jC,kBACnC,EAEL,UCfgB+H,KACd,MAAMC,EAAyBH,KAC/B,OAAO,cACGG,EAaR,WAAA5pC,CAAY9B,GACVsI,MAAMtI,GAEN/G,KAAKyS,KAAO1L,EAAQ0L,KACpBzS,KAAK0S,gBAAkB3L,EAAQ2L,gBAC/B1S,KAAK2S,cAAgB5L,EAAQ4L,cAC7B3S,KAAKia,IAAMlT,EAAQkT,GACpB,EAGL,OC1Bay4B,GAIX,WAAA7pC,CAAY6N,EAAwBi8B,GAClC,IAAKj8B,EACH,MAAM,IAAInH,EAAa,yBAGzB,GAA2B,iBAAhBojC,IAA6BA,EAAYltC,OAClD,MAAM,IAAI8J,EAAa,6BAGzBvP,KAAK2yC,YAAcA,EACnB3yC,KAAK2hC,gBAAkBjrB,CACxB,CAMD,OAAA4vB,CAAQ78B,GACN,OAAOzJ,KAAKkX,aAAazN,EAC1B,CAED,OAAA88B,CAAQ98B,EAAa9H,GACnB,OAAO3B,KAAK+X,cAActO,EAAK9H,EAChC,CAED,UAAA6kC,CAAW/8B,GACT,OAAOzJ,KAAKmyB,aAAa1oB,EAC1B,CAMD,UAAAyN,GACE,IAAI07B,EAAgB5yC,KAAK2hC,gBAAgB2E,QAAQtmC,KAAK2yC,aACtDC,EAAgBA,GAAiB,KACjC,IACE,OAAO3sC,KAAKC,MAAM0sC,EACnB,CAAC,MAAMlyC,GACN,MAAM,IAAI6O,EAAa,mCAAqCvP,KAAK2yC,YAClE,CACF,CAED,UAAA7O,CAAW/iC,GACT,IACE,IAAI6xC,EAAgB7xC,EAAMkF,KAAKwG,UAAU1L,GAAO,KAChDf,KAAK2hC,gBAAgB4E,QAAQvmC,KAAK2yC,YAAaC,EAChD,CAAC,MAAMlyC,GACN,MAAM,IAAI6O,EAAa,0BAA4BvP,KAAK2yC,YACzD,CACF,CAED,YAAAxgB,CAAa1oB,GACX,GAAKA,EAAL,CAUA,IAAI1I,EAAMf,KAAKkX,oBACRnW,EAAI0I,GACXzJ,KAAK8jC,WAAW/iC,EAJf,MANKf,KAAK2hC,gBAAgB6E,WACvBxmC,KAAK2hC,gBAAgB6E,WAAWxmC,KAAK2yC,aAErC3yC,KAAK8jC,YAQV,CAED,aAAA/rB,CAActO,EAAK9H,GACjB,IAAIZ,EAAMf,KAAKkX,aACfnW,EAAI0I,GAAO9H,EACX3B,KAAK8jC,WAAW/iC,EACjB,EC9DG,SAAU8xC,GAAkC9rC,GAC3CqpB,MAAgBrpB,EAAQ46B,iBAAoB56B,EAAQw6B,YAEvDh2B,EAAK,8KAET,OAGaunC,GAKX,WAAAjqC,CAAYkqC,EAA8CnM,EAA8BjwB,GACtF3W,KAAK+yC,sBAAwBA,EAC7B/yC,KAAK4mC,cAAgBA,EACrB5mC,KAAK2W,YAAcA,CACpB,CAGD,oBAAAq8B,CAAqBC,EAAqBC,GACxC,OAAOjyC,OAAOuW,OAAO,CAAC,EAAGxX,KAAK+yC,sBAAsBE,GAAcC,EACnE,CAID,UAAAh8B,CAAWnQ,GAGT,IAFAA,EAAU9F,OAAOuW,OAAO,CAAC,EAAGxX,KAAK4mC,cAAe7/B,IAEpC46B,gBACV,OAAO56B,EAAQ46B,gBAGjB,IAAI,YAAEC,EAAW,aAAEsP,GAAiBnqC,EASpC,GAPmB,mBAAhB66B,IACD76B,EAAQs/B,eAAgB,GAMtBzE,GAAesP,EAAc,CAC/B,MAAMj3B,EAAMi3B,EAAalwC,QAAQ4gC,GAC7B3nB,GAAO,IACTi3B,EAAeA,EAAantC,MAAMkW,GAClC2nB,OAAc1/B,EAEjB,CAMD,OAJK0/B,IAEHA,EAAc5hC,KAAK2W,YAAYmvB,gBAAgBoL,IAE1ClxC,KAAK2W,YAAYgvB,iBAAiB/D,EAAa76B,EACvD,CAGD,eAAA86B,CAAgB96B,GAEd8rC,GADA9rC,EAAU/G,KAAKgzC,qBAAqB,QAASjsC,IAE7C,MAAM2P,EAAU1W,KAAKkX,WAAWnQ,GAC1Bw6B,EAAax6B,EAAQw6B,YAAc/sB,GACzC,OAAO,IAAIk+B,GAAYh8B,EAAS6qB,EACjC,CAGD,YAAAzqB,CAAa/P,GACXA,EAAU/G,KAAKgzC,qBAAqB,QAASjsC,GAC7C,MAAM2P,EAAU1W,KAAKkX,WAAWnQ,GAC1Bw6B,EAAax6B,EAAQw6B,YAAc9sB,GACzC,OAAO,IAAIi+B,GAAYh8B,EAAS6qB,EACjC,WC3Fa4R,KAEd,OAAO,cACGL,GAGR,WAAAjqC,CAAYkqC,EAA8CnM,EAA8BjwB,GACtFtH,MAAM0jC,EAAuBnM,EAAejwB,EAC7C,CAED,qBAAAy8B,CAAsBrsC,GAEpB8rC,GADA9rC,EAAU/G,KAAKgzC,qBAAqB,cAAejsC,IAEnD,MAAM2P,EAAU1W,KAAKkX,WAAWnQ,GAC1Bw6B,EAAax6B,EAAQw6B,YAAc5sB,GACzC,OAAO,IAAI+9B,GAAYh8B,EAAS6qB,EACjC,CAED,0BAAA8R,CAA2BtsC,GAEzB8rC,GADA9rC,EAAU/G,KAAKgzC,qBAAqB,qBAAsBjsC,IAE1D,MAAM2P,EAAU1W,KAAKkX,WAAWnQ,GAC1Bw6B,EAAax6B,EAAQw6B,YAAc3sB,GACzC,OAAO,IAAI89B,GAAYh8B,EAAS6qB,EACjC,CAED,qBAAA8F,CAAsBtgC,GAEpB8rC,GADA9rC,EAAU/G,KAAKgzC,qBAAqB,eAAgBjsC,IAEpD,MAAM2P,EAAU1W,KAAKkX,WAAWnQ,GAC1Bw6B,EAAax6B,EAAQw6B,YAAc1sB,GACzC,OAAO,IAAI69B,GAAYh8B,EAAS6qB,EACjC,EAGL,UC5CgB+R,KACd,OAAOH,IACT,UCKgBI,KAEd,MAAMC,EAAqBF,KAC3B,OAAO,cAAgCE,EAErC,WAAA3qC,CAAYkqC,EAA8CnM,EAA8BjwB,GACtFtH,MAAM0jC,EAAuBnM,EAAejwB,EAC7C,CAKD,qBAAA88B,CAAsB1sC,GACpB,IAAI2P,EACJ,GAAI0Z,KAEF,IACE1Z,EAAU1W,KAAK2W,YAAYgvB,iBAAiB,SAAU5+B,EACvD,CAAC,MAAOrG,GAGP6K,EAAK,0IACN,KACI,CAEL,MAAMmoC,EAAqB1zC,KAAKozC,sBAAsBrsC,GAClD2sC,IACFh9B,EAAU,CACR4vB,QAAU78B,IACR,MAAMokB,EAAc6lB,EAAmBx8B,aACvC,OAAI2W,GAAeA,EAAYpkB,GACtBokB,EAAYpkB,GAEd,IAAI,EAEb88B,QAAS,CAAC98B,EAAK8V,KACb,MAAMsO,EAAc6lB,EAAmBx8B,aACvC,IAAK2W,EACH,MAAM,IAAIte,EAAa,yDAEzBse,EAAYpkB,GAAO8V,EACnBm0B,EAAmB5P,WAAWjW,EAAY,EAE5C2Y,WAAa/8B,IACX,MAAMokB,EAAc6lB,EAAmBx8B,aAClC2W,WAGEA,EAAYpkB,GACnBiqC,EAAmB5P,WAAWjW,GAAY,GAIjD,CAED,OAAKnX,EAIE,IAAIg8B,GAAYh8B,EAAS5B,IAHvB,IAIV,EAEL,CCnCA,SAAS6+B,GAAuB5yC,GAC9B,SAAKA,GAAsB,iBAARA,GAAkD,IAA9BE,OAAOyF,OAAO3F,GAAK0E,OAI5D,CAEM,SAAUmuC,GAAuB7yC,GACrC,SAAK4yC,GAAuB5yC,KAGnBA,EAAIiQ,cAAiBjQ,EAAIiJ,aACpC,CAEM,SAAU6pC,GAAsB9yC,GACpC,QAAK6yC,GAAuB7yC,MAGlBA,EAAYyQ,YACxB,CAEM,SAAUsiC,GAAqB/yC,GACnC,QAAK8yC,GAAsB9yC,MAGjBA,EAAYiS,iBACxB,CAEM,SAAU+gC,GAA4BhzC,GAC1C,QAAK4yC,GAAuB5yC,SAGkEmB,IAApEjB,OAAOyF,OAAO3F,GAAK+L,MAAMnL,GAA4B,iBAAVA,GAEvE,CAEM,SAAUqyC,GAAkBjzC,GAChC,SAAI6yC,GAAuB7yC,KAAQgzC,GAA4BhzC,GAIjE,CC5EA,MAAMkzC,GAAqB,cC+BXC,KAOd,OAAO,MAOL,WAAArrC,CAAY9B,GAEV/G,KAAK6W,eAAiB9P,EAAQ8P,eAC9B7W,KAAKiyC,qBAAsD,IAAhClrC,EAAQkrC,oBACnCjyC,KAAKm0C,kBAAgD,IAA7BptC,EAAQotC,iBAChCn0C,KAAK+G,QAAUA,CAChB,CAGD,KAAA2M,CAAM3M,EAAuC,CAAC,GAC5C,MAAM2sC,EAAsC1zC,KAAK6W,eAAeu8B,wBAC1D9/B,EAAOogC,EAAmBx8B,aAMhC,GAHAw8B,EAAmBvhB,eAGfnyB,KAAKiyC,sBAAsD,IAA/BlrC,EAAQskB,mBAA8B,CACpE,MAAMla,EAAQpK,EAAQoK,QAASmC,aAAA,EAAAA,EAAMnC,OACjCA,GDxBI,SACd0F,EAAiD1F,GAEjD,MAAMq2B,EAAgB3wB,EAAew8B,6BAC/B1sC,EAAU6gC,EAActwB,oBACvBvQ,EAAQwK,GACfq2B,EAAc1D,WAAWn9B,EAC3B,CCkBUytC,CAAkCp0C,KAAK6W,eAAgB1F,EAE1D,CACF,CAGD,IAAAoC,CAAKD,EAASvM,EAAkC,CAAC,GAK/C,IAAI2P,EAA2B1W,KAAK6W,eAAeu8B,wBAK/CY,GAJQt9B,EAAQQ,gBAIWnQ,EAAQyM,aAErCjI,EAAK,2GAGPmL,EAAQotB,WAAWxwB,GAGftT,KAAKiyC,qBAAuB3+B,EAAKnC,gBDzEzC0F,EAAiD1F,EAAemC,GAEhE,MAAMk0B,EAAgB3wB,EAAew8B,6BAC/B1sC,EAAU6gC,EAActwB,aAC9BvQ,EAAQwK,GAAS,CACfkjC,YAAazmC,KAAKuJ,MAClB0W,YAAava,GAEfk0B,EAAc1D,WAAWn9B,EAC3B,CCiEQ2tC,CAA+Bt0C,KAAK6W,eAAgBvD,EAAKnC,MAAOmC,EAEnE,CAED,MAAA+7B,CAAOtoC,EAAkC,CAAC,GACxC,IAEE,QADa/G,KAAKkT,KAAKnM,EAExB,CAAC,MAAM,GACN,OAAO,CACR,CACF,CAID,IAAAmM,CAAKnM,EAAkC,CAAC,GAEtC,IAAIuM,EAGJ,OAAItT,KAAKiyC,qBAAuBlrC,EAAQoK,QD5GxC,SAA6D0F,GACjE,MAAM2wB,EAAgB3wB,EAAew8B,6BAC/B1sC,EAAU6gC,EAActwB,aAC9BjW,OAAOuF,KAAKG,GAASrE,SAAQ6O,IAC3B,MAAMqO,EAAQ7Y,EAAQwK,GACVvD,KAAKuJ,MAAQqI,EAAM60B,YACrBJ,WACDttC,EAAQwK,EAChB,IAEHq2B,EAAc1D,WAAWn9B,EAC3B,CCkGQ4tC,CAAmBv0C,KAAK6W,gBACxBvD,EDpFQ,SACduD,EAAiD1F,GAEjD,MAEMqO,EAFgB3I,EAAew8B,6BACPn8B,aACR/F,GACtB,OAAIqO,GAASA,EAAMqO,aAAemmB,GAAkBx0B,EAAMqO,aACjDrO,EAAMqO,YAER,IACT,CC0Ee2mB,CAAiCx0C,KAAK6W,eAAgB9P,EAAQoK,OACjE6iC,GAAkB1gC,IACbA,GAKXA,EAD+BtT,KAAK6W,eAAeu8B,wBACpCl8B,aACX88B,GAAkB1gC,GAEbA,EAGF,KACR,EAGL,UC7HgBmhC,KAOd,MAAMC,EAAqBR,KAC3B,OAAO,cAAoCQ,EAEzC,WAAA7rC,CAAY9B,GACVsI,MAAMtI,EACP,CAED,KAAA2M,CAAM3M,EAAuC,CAAC,GAC5CsI,MAAMqE,MAAM3M,IAEqB,IAA7BA,EAAQ4tC,kBACV30C,KAAK20C,kBAER,CAED,eAAAhoB,CAAgBhV,GACd,IAAK3X,KAAKm0C,iBACR,OAEF,MAAMz9B,EAAU1W,KAAK6W,eAAe48B,wBAC/B/8B,GAGLA,EAAQotB,WAAWnsB,EACpB,CAGD,eAAAkG,CAAgB9W,GACd,IAAK/G,KAAKm0C,iBACR,OAAO,KAET,MAAMz9B,EAAU1W,KAAK6W,eAAe48B,wBACpC,IAAK/8B,EACH,OAAO,KAET,MAAMk+B,EAAcl+B,EAAQQ,aAC5B,IAAK09B,IAAgBp3B,GAAiBo3B,EAAYj4B,gBAChD,OAAO,KAGT,GAAI5V,EAAS,CACX,MAAM,kBAAEiM,GAAsBjM,EAC9B,GAAIiM,GAAqB4hC,EAAY5hC,oBAAsBA,EACzD,OAAO,IAEV,CAED,OAAO4hC,CACR,CAED,gBAAAD,GACE,IAAK30C,KAAKm0C,iBACR,OAEF,MAAMz9B,EAAU1W,KAAK6W,eAAe48B,wBACpC/8B,SAAAA,EAASyb,cACV,EAEL,CC3Dc,MAAO0iB,GAInB,WAAAhsC,CAAYqhB,EAAiCnjB,GAC3C,MAAM,IAAE0Q,GAAQ1Q,GACV,QAAE3E,GAAqBqV,EAAT6P,EAAI,GAAK7P,EAAvB,CAAoB,YAGtBrV,IACFpC,KAAKoC,QAAUA,GAIjBnB,OAAOuF,KAAK8gB,GAAMhlB,SAAQmH,IACZ,WAARA,IAGJzJ,KAAKyJ,GAAO6d,EAAK7d,GAAI,GAExB,EC9BkB,MAAAqrC,WAA2BD,GAK9C,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB,MAAM,UAAEguC,EAAS,WAAEC,EAAU,QAAEC,GAAYluC,EAAQ0Q,IACnDzX,KAAK+0C,UAAYA,EACjB/0C,KAAKg1C,WAAaA,EAClBh1C,KAAKi1C,QAAUA,CAChB,ECZkB,MAAAC,WAAiCL,GAGpD,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB/G,KAAKm1C,WAAapuC,EAAQ0Q,IAAI09B,UAC/B,ECJkB,MAAAC,WAAyBP,GAa5C,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB,MAAM,YAAE8K,EAAW,IAAE4F,GAAQ1Q,GAEvB,GAAEiE,EAAE,QAAEiqC,EAAO,MAAEI,EAAK,OAAErtC,EAAM,OAAEuF,GAAWkK,EAC/CzX,KAAKgL,GAAKA,EACVhL,KAAKi1C,QAAUA,EACfj1C,KAAKq1C,MAAQA,EACbr1C,KAAKgI,OAASA,EAGdhI,KAAKgF,IAAMmN,UACT,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,MACZC,MAAOjoC,EACPkoC,qBAAsB,qBAExB,aAAa7pC,GAAwB,EAEvC5L,KAAK8X,OAAS3F,UACZ,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,IAET,aAAa3B,GAAuB,EAEtC5L,KAAKiwC,UAAY99B,UACf,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,YACZC,MAAOjoC,EACPkoC,qBAAsB,8BAExB,aAAa7pC,GAAiC,EAE5C2B,EAAO4V,OACTnjB,KAAKmjB,KAAOhR,UACV,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,OACZC,MAAOjoC,EACPkoC,qBAAsB,2BAExB,aAAa7pC,GAA8B,GAG3C2B,EAAOynB,SACTh1B,KAAKg1B,OAAS7iB,MAAOgI,IACnB,MAAMvO,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,IAET,aAAa3B,EAAGuO,EAA2B,EAGhD,EC/EkB,MAAAu7B,WAA+Bb,GAMlD,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB,MAAM,IAAE0Q,GAAQ1Q,GAEV,GAAEiE,EAAE,QAAEiqC,EAAO,UAAE79B,EAAS,OAAEpP,GAAWyP,EAC3CzX,KAAKgL,GAAKA,EACVhL,KAAKoX,UAAYA,EACjBpX,KAAKi1C,QAAUA,EACfj1C,KAAKgI,OAASA,CACf,ECVkB,MAAA2tC,WAAkCd,GAUrD,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB,MAAM,YAAE8K,EAAW,IAAE4F,GAAQ1Q,GAEvB,GAAEiE,EAAE,UAAEoM,EAAS,QAAE69B,EAAO,OAAEjtC,EAAM,OAAEuF,GAAWkK,EACnDzX,KAAKgL,GAAKA,EACVhL,KAAKoX,UAAYA,EACjBpX,KAAKi1C,QAAUA,EACfj1C,KAAKgI,OAASA,EAGdhI,KAAKmjB,KAAOhR,UACV,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,OACZC,MAAOjoC,EACPkoC,qBAAsB,2BAExB,aAAa7pC,GAA8B,EAE7C5L,KAAKg1B,OAAS7iB,MAAOgI,IACnB,MAAMvO,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,IAET,aAAa3B,EAAGuO,EAAqC,CAExD,EC9CkB,MAAAy7B,WAAyBf,GAW5C,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB,MAAM,IAAE0Q,EAAG,YAAE5F,GAAgB9K,GAEvB,GAAEiE,EAAE,QAAEiqC,EAAO,OAAEjtC,EAAM,OAAEuF,GAAWkK,EACxCzX,KAAKgL,GAAKA,EACVhL,KAAKi1C,QAAUA,EACfj1C,KAAKgI,OAASA,EAGdhI,KAAKgF,IAAMmN,UACT,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,MACZC,MAAOjoC,EACPkoC,qBAAsB,qBAExB,aAAa7pC,GAAwB,EAEvC5L,KAAK8X,OAAS3F,UACZ,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,IAET,aAAa3B,GAAuB,EAEtC5L,KAAKiwC,UAAY99B,MAAOgI,IACtB,MAAMvO,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,YACZC,MAAOjoC,IAET,aAAa3B,EAAGuO,EAA2B,EAEzC5M,EAAOynB,SACTh1B,KAAKg1B,OAAS7iB,MAAOgI,IACnB,MAAMvO,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,IAET,aAAa3B,EAAGuO,EAA2B,EAGhD,MC9CS07B,GAKAC,GAKAC,IAVZ,SAAYF,GACV,oBACA,uBACD,CAHD,CAAYA,KAAAA,GAGX,KAED,SAAYC,GACV,sBACA,yBACD,CAHD,CAAYA,KAAAA,GAGX,KAED,SAAYC,GACV,8BACA,iBACD,CAHD,CAAYA,KAAAA,GAGX,KC5BoB,MAAAC,WAA4BnB,GAc/C,WAAAhsC,CAAYqhB,EAAUnjB,GACpBsI,MAAM6a,EAAUnjB,GAEhB,MAAM,IAAE0Q,EAAG,YAAE5F,GAAgB9K,GAEvB,GAAEiE,EAAE,OAAEhD,EAAM,QAAEiuC,EAAO,YAAEC,EAAW,OAAE3oC,GAAWkK,EACrDzX,KAAKgL,GAAKA,EACVhL,KAAKgI,OAASA,EACdhI,KAAKi2C,QAAUA,EACfj2C,KAAKk2C,YAAcA,EAGfl2C,KAAKgI,QAAU+tC,GAAeI,aAChCn2C,KAAKo2C,OAASjkC,MAAOgI,IACnB,MAAMvO,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,EACPkoC,qBAAsB,wBAExB,aAAa7pC,EAAGuO,EAA+B,GAIjDna,KAAKgF,IAAMmN,UACT,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,MACZC,MAAOjoC,EACPkoC,qBAAsB,wBAExB,aAAa7pC,GAA2B,EAG1C5L,KAAKq2C,OAASlkC,MAAOgI,IACnB,MAAMvO,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,MACZC,MAAOjoC,EACPkoC,qBAAsB,wBAExB,aAAa7pC,EAAGuO,EAA+B,EAGjDna,KAAK8X,OAAS3F,UACZ,MAAMvG,EAAK0pC,GAA2B,CACpCprB,WACArY,cACA0jC,WAAY,SACZC,MAAOjoC,IAET,aAAa3B,GAAuB,EAGzC,ECzCIuG,eAAemkC,GACpBpsB,EACAnjB,GAEA,MACE8K,YAAa0kC,GACXrsB,EAASqE,aAAasQ,gBAEpBhtB,EAAc9K,EAAQ8K,cAAe0kC,aAAA,EAAAA,EAAgB1kC,aACrD3B,EAASga,EAAShS,mBAClB,IAAEhR,EAAG,OAAEF,EAAM,QAAEmT,GAAYpT,EAC3Bk1B,EAAa/0B,EAAI4kB,WAAW5b,GAAWhJ,EAAM,GAAGgJ,IAAShJ,IAE/D,IAAK2K,EACH,MAAM,IAAItC,EAAa,+DAGzB,MAAMkI,QAAYnB,GAAY4T,EAAQ,eACpC9nB,QAAS,CAAE,OAAU,0BACrByP,cACA3K,IAAK+0B,EACLj1B,UACImT,GAAW,CAAElO,KAAMkO,KAYnBq8B,EATM,CACVpB,iBAAgB,GAChBM,uBAAsB,GACtBC,0BAAyB,GACzBb,mBAAkB,GAClBI,yBAAwB,GACxBU,iBAAgB,GAChBI,oBAAmB,IAEQjvC,EAAQ0uC,uBAA0BZ,GAE/D,OAAIryC,MAAMC,QAAQgV,GACTA,EAAIpV,KAAI6K,GAAQ,IAAIspC,EAAiBtsB,EAAU,CACpDzS,IAAKvK,EACL2E,kBAIG,IAAI2kC,EAAiBtsB,EAAU,CACpCzS,MACA5F,eAEJ,CAagB,SAAAyjC,IAA4B,SAC1CprB,EAAQ,YACRrY,EAAW,WACX0jC,EAAU,MACVC,EAAK,qBACLC,IAEA,IAAK,MAAMzuC,IAAU,CAAC,MAAO,OAAQ,MAAO,UAC1C,GAAIA,EAAOvF,gBAAkB8zC,EAAY,CACvC,MAAM/nC,EAAOgoC,EAAMz1C,KACnB,OAAO,MAAQoa,GAAam8B,GAAYpsB,EAAU,CAChDrY,cACA3K,IAAKsG,EAAKuM,KACV/S,SACAmT,UACAs7B,wBAEH,CAGH,MAAMjoC,EAAOgoC,EAAMD,GACnB,IAAK/nC,EACH,MAAM,IAAI+B,EAAa,qCAAqCgmC,KAG9D,OAAO,MAAQp7B,GAAam8B,GAAYpsB,EAAU,CAChDrY,cACA3K,IAAKsG,EAAKuM,KACV/S,OAAQwG,EAAKipC,MAAOC,MAAO,GAC3Bv8B,UACAs7B,wBAEJ,CCpHa,MAAAkB,GAA+CxkC,MAAO+X,EAAUnjB,UACjDuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBACLF,OAAQ,MACR6K,YAAa9K,aAAA,EAAAA,EAAS8K,YACtB4jC,qBAAsB,uBAQbmB,GAAkDzkC,MAC7D+X,EACAnjB,KAEA,MAAM,QAAEoT,EAAO,YAAEtI,GAAgB9K,EAQjC,aAP0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBACLF,OAAQ,MACRmT,UACAtI,cACA4jC,qBAAsB,sBAEN,EAMPoB,GAA2D1kC,MACtE+X,EACAnjB,UAE0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,gCACLF,OAAQ,MACR6K,YAAa9K,aAAA,EAAAA,EAAS8K,YACtB4jC,qBAAsB,6BCtCbqB,GAA8C3kC,MACzD+X,EACAnjB,UAE0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,wBACLF,OAAQ,MACR6K,YAAa9K,aAAA,EAAAA,EAAS8K,YACtB4jC,qBAAsB,qBAQbsB,GAA2C5kC,MACtD+X,EACAnjB,KAEA,MAAM,GAAEiE,EAAE,YAAE6G,GAAgB9K,EAO5B,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,IAC9BhE,OAAQ,MACR6K,cACA4jC,qBAAsB,oBAEN,EAMPuB,GAA2C7kC,MACtD+X,EACAnjB,KAEA,MAAM,YAAE8K,EAAW,QAAEsI,GAAYpT,EAQjC,aAP0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,wBACLF,OAAQ,OACRmT,UACAtI,cACA4jC,qBAAsB,oBAEN,EAMPwB,GAA6C9kC,MACxD+X,EACAnjB,KAEA,MAAM,GAAEiE,EAAE,YAAE6G,GAAgB9K,EAM5B,aAL0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,IAC9BhE,OAAQ,SACR6K,eAEgB,EAMPqlC,GAA8D/kC,MACzE+X,EACAnjB,KAEA,MAAM,GAAEiE,EAAE,YAAE6G,GAAgB9K,EAO5B,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,cAC9BhE,OAAQ,OACR6K,cACA4jC,qBAAsB,6BAEN,EAMP0B,GAA6DhlC,MACxE+X,EACAnjB,KAEA,MAAM,QAAEqwC,EAAO,YAAEC,EAAW,YAAExlC,GAAgB9K,EAO9C,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyBkwC,eAAqBC,IACnDrwC,OAAQ,OACR6K,cACA4jC,qBAAsB,6BAEN,EAMP6B,GAAsDnlC,MACjE+X,EACAnjB,KAEA,MAAM,QAAEqwC,EAAO,YAAEC,EAAW,QAAEl9B,EAAO,YAAEtI,GAAgB9K,EAOvD,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyBkwC,eAAqBC,WACnDrwC,OAAQ,OACRmT,UACAtI,eAEgB,ECjHP0lC,GAA8CplC,MACzD+X,EACAnjB,UAE0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,wBACLF,OAAQ,MACR6K,YAAa9K,aAAA,EAAAA,EAAS8K,YACtB4jC,qBAAsB,qBAQb+B,GAA2CrlC,MACtD+X,EACAnjB,KAEA,MAAM,YAAE8K,EAAW,GAAE7G,GAAOjE,EAO5B,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,IAC9BhE,OAAQ,MACR6K,cACA4jC,qBAAsB,oBAEN,EAMPgC,GAA2CtlC,MACtD+X,EACAnjB,KAEA,MAAM,YAAE8K,EAAW,QAAEsI,GAAYpT,EAQjC,aAP0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,wBACLF,OAAQ,OACRmT,UACAtI,cACA4jC,qBAAsB,oBAEN,EAMPiC,GAA6CvlC,MACxD+X,EACAnjB,KAEA,MAAM,GAAEiE,EAAE,YAAE6G,GAAgB9K,EAM5B,aAL0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,IAC9BhE,OAAQ,SACR6K,eAEgB,EAMP8lC,GAAoDxlC,MAC/D+X,EACAnjB,KAEA,MAAM,YAAE8K,EAAW,GAAE7G,EAAE,QAAEmP,GAAYpT,EAOrC,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,cAC9BhE,OAAQ,OACRmT,UACAtI,eAEgB,EAMP+lC,GAAsDzlC,MACjE+X,EACAnjB,KAEA,MAAM,GAAEiE,EAAE,QAAEmP,EAAO,YAAEtI,GAAgB9K,EAOrC,aAN0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,yBAAyB8D,WAC9BhE,OAAQ,OACRmT,UACAtI,eAEgB,EC/FPgmC,GAAiD1lC,MAC5D+X,EACAnjB,UAE0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,0BACLF,OAAQ,MACR6K,YAAa9K,aAAA,EAAAA,EAAS8K,YACtB4jC,qBAAsB,wBAQbqC,GAAoD3lC,MAC/D+X,EACAnjB,KAEA,MAAM,YAAE8K,EAAW,QAAEsI,GAAYpT,EAQjC,aAP0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,0BACLF,OAAQ,OACRmT,UACAtI,cACA4jC,qBAAsB,uBAEN,EAMPsC,GAAoD5lC,MAC/D+X,EACAnjB,KAEA,MAAM,YAAE8K,EAAW,QAAEsI,GAAYpT,EAQjC,aAP0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,0BACLF,OAAQ,MACRmT,UACAtI,cACA4jC,qBAAsB,uBAEN,EAMPuC,GAAgD7lC,MAC3D+X,EACAnjB,UAE0BuvC,GAAYpsB,EAAU,CAC9ChjB,IAAK,0BACLF,OAAQ,SACR6K,YAAa9K,aAAA,EAAAA,EAAS8K,cCzDpB,SAAUomC,GAQfhmB,GAEC,OAAO,cAAgCA,EAIrC,WAAAppB,IAAeoD,GACboD,SAASpD,GAETjM,KAAKk4C,UAAYj3C,OAAO0F,QAAQwxC,GAC7B/7B,QAAO,EAAG/a,KAAoB,YAATA,IACrB6U,QAAO,CAACC,GAAM9U,EAAMuK,MACnBuK,EAAI9U,GAASuK,EAAWG,KAAK,KAAM/L,MAC5BmW,IACN,CAAE,EACR,EAEL,UCxBgBiiC,GAQd5I,EACA7d,EACA+iB,GAMA,OADsBuD,GADT1I,GAA4BC,EAA2B7d,EAAoB+iB,GAG1F,CCdgB,SAAA2D,GAAc5gC,EAAK1Q,GACjC,IAAIuxC,EAAY,GAQhB,OAPAr3C,OAAOuW,OAAO8gC,EAAWvxC,IAGpBuxC,EAAUzgC,YAAcJ,EAAII,aAC/BygC,EAAUzgC,WAAaJ,EAAII,YAGtBygC,CACT,CCHgB,SAAAC,GAAkBtoC,EAA4BhE,GAE5D,OADAA,EAAOosC,GAAcpoC,EAAKhE,GACnBkM,GAAKlI,EAAKA,EAAIiI,kBAAoB,gBAAiBjM,EAAM,CAAElC,iBAAiB,GACrF,CA0CM,SAAUyuC,GAAkBvoC,GAEhC,QAASwoC,GAAmBxoC,EAC9B,CAEM,SAAUyoC,GAAkBzoC,EAA4B0oC,EAAyBzxC,EAAa+E,EAAMlF,GAExG,OAAOoR,GAAKlI,EAAK/I,EAAK+E,EADtBlF,EAAU9F,OAAOuW,OAAO,CAAEzN,iBAAiB,GAAQhD,IAEhD1B,MAAK,SAASoS,GACb,OAAOkhC,EAAGC,kBAAkBnhC,EAC9B,GACJ,CAEM,SAAUghC,GAAmBxoC,GAG/B,OADgBA,EAAIlJ,QAAQ4P,YAAaD,QAC1B1R,IAAIoP,GACvB,CCpEgB,SAAAykC,GAAQ5oC,EAA4B0oC,EAAyBlhC,EAAK1W,EAAKyM,EAAMsrC,GAC3F,GAAIt2C,MAAMC,QAAQ+K,GAChB,OAAO,SAASnM,EAAM8xB,GACpB,IAAK9xB,EACH,MAAM,IAAIkO,EAAa,4BAGzB,IAAIwpC,EAAKjsC,EAAKU,EAAM,CAACnM,KAAMA,IAC3B,IAAK03C,EACH,MAAM,IAAIxpC,EAAa,+BAGzB,OAAOspC,GAAQ5oC,EAAK0oC,EAAIlhC,EAAK1W,EAAKg4C,EAAID,EAA/BD,CAAoC1lB,EAC7C,EAEK,GAAI3lB,EAAKipC,OACZjpC,EAAKipC,MAAMC,OACiB,IAA5BlpC,EAAKipC,MAAMC,MAAMjxC,OAEnB,OADa+H,EAAKipC,MAAMC,MAAM,IAG5B,IAAK,MACH,OAAO,WACL,OAAO1xC,GAAIiL,EAAKzC,EAAKuM,KAAM,CAAEhQ,iBAAiB,GAChD,EAEF,IAAK,OAEH,OAAO,SAASopB,GACV2lB,GAAOA,EAAIE,YACbF,EAAIE,WAAY,GAGlB,IAAIrhC,EAAO0gC,GAAc5gC,EAAK0b,GAEX,eAAf1b,EAAIzP,QAA0C,kBAAfyP,EAAIzP,QAErC/G,OAAOuW,OAAOG,EAAM,CAClBshC,WAAYl4C,EAAIk4C,WAChBC,SAAUn4C,EAAIm4C,WAIlB,IAAI1gC,EAAS,GACT2gC,EAAWxhC,EAAKwhC,SACpB,QAAiBj3C,IAAbi3C,EAAwB,CAC1B,GAAwB,mBAAbA,EACT,IACE3gC,EAAO2gC,WAAaA,GACrB,CACD,MAAOz4C,GACL,OAAOqC,QAAQC,OAAO,IAAIuM,EAAa,kCACxC,MAEmB,OAAb4pC,IACP3gC,EAAO2gC,WAAaA,GAEtBxhC,EAAOjL,EAAKiL,EAAM,WACnB,CAED,IAAIyhC,EAAiBzhC,EAAKyhC,eAC1B,QAAuBl3C,IAAnBk3C,EAA8B,CAChC,GAA8B,mBAAnBA,EACT,IACE5gC,EAAO4gC,iBAAmBA,GAC3B,CACD,MAAO14C,GACL,OAAOqC,QAAQC,OAAO,IAAIuM,EAAa,wCACxC,MAEyB,OAAnB6pC,IACP5gC,EAAO4gC,iBAAmBA,GAE5BzhC,EAAOjL,EAAKiL,EAAM,iBAEnB,MAAUA,EAAKs9B,cACuB/yC,IAA7ByV,EAAKs9B,QAAQoE,cACjB1hC,EAAKs9B,QAAQoE,cACf7gC,EAAO6gC,aAAc,GAEvB1hC,EAAKs9B,QAAUvoC,EAAKiL,EAAKs9B,QAAS,gBAEpC,IAAIl7B,EAAOvM,EAAKuM,KAAO/K,EAAcwJ,GACrC,OAAOkgC,GAAkBzoC,EAAK0oC,EAAI5+B,EAAMpC,EAC1C,EAGR,CC1FqB,MAAA2hC,WAA0BlqC,EAC7C,WAAAvG,GAEEwG,MADgB,kCAEjB,WCUakqC,GAAUtpC,EAAKwH,EAA4BqhC,GACzD,OAAO,SAAU/xC,GACf,IAAIqH,EACAgrC,EACAD,EACAK,EAEAxlC,GAASjN,GACXqH,EAAQrH,EACCgN,GAAShN,KAElBqH,EAAQrH,EAAQqH,MAChBgrC,EAAiBryC,EAAQqyC,eACzBD,EAAWpyC,EAAQoyC,SACnBK,EAAsBzyC,EAAQyyC,qBAG3BprC,GAAmB,IAAVA,IACZA,EAAQiG,IAIV,IAAIolC,EAAWrsC,EAAQqK,EAAK,OAAQ,QAkCpCqhC,EAAIE,WAAY,EAEhB,IAAIU,EAAa,EACbC,EAAgB,WAElB,OAAKb,EAAIE,UArCX,WACE,IAAI7lB,EAAO,GACX,GAAwB,mBAAbgmB,EACT,IACEhmB,EAAKgmB,WAAaA,GACnB,CACD,MAAOz4C,GACL,OAAOqC,QAAQC,OAAO,IAAIuM,EAAa,kCACxC,MAEM4pC,UACPhmB,EAAKgmB,WAAaA,GAEpB,GAA8B,mBAAnBC,EACT,IACEjmB,EAAKimB,iBAAmBA,GACzB,CACD,MAAO14C,GACL,OAAOqC,QAAQC,OAAO,IAAIuM,EAAa,wCACxC,MAEM6pC,UACPjmB,EAAKimB,iBAAmBA,GAG1B,IAAIr/B,EAAO0/B,EAAS1/B,KAAO/K,EAAcmkB,GACzC,OAAOhb,GAAKlI,EAAK8J,EJlDjB,SAAwBtC,GAC5B,OAAO4gC,GAAc5gC,EACvB,CIgD6BmiC,CAAcniC,GAAM,CACzChB,gBAAgB,EAChB1M,iBAAiB,GAEpB,CAUQ8vC,GACJx0C,MAAK,SAAUy0C,GAKd,GAHAJ,EAAa,EAGTI,EAAQC,cAAyC,YAAzBD,EAAQC,aAA4B,CAG9D,IAAKjB,EAAIE,UACP,MAAM,IAAIM,GAQZ,MALmC,mBAAxBE,GACTA,EAAoBM,GAIfE,EAAQ5rC,GAAO/I,KAAKs0C,EAE5B,CAIC,OADAb,EAAIE,WAAY,EACT/oC,EAAI0oC,GAAGC,kBAAkBkB,EAEpC,IACC9hC,OAAM,SAASvP,GAEd,GAAIA,EAAIQ,MACgB,IAAnBR,EAAIQ,IAAIjB,QAAmC,MAAnBS,EAAIQ,IAAIjB,SACjC0xC,GAAc,EAAG,CACnB,IAAIO,EAAwC,IAA1BhsC,KAAKisC,IAAI,EAAGR,GAE9B,OADAA,IACOM,EAAQC,GACZ50C,KAAKs0C,EACT,CACD,MAAMlxC,CACR,IAxCO1F,QAAQC,OAAO,IAAIs2C,GAyC9B,EACA,OAAOK,IACJ3hC,OAAM,SAASvP,GAEd,MADAqwC,EAAIE,WAAY,EACVvwC,CACR,GACJ,CACF,CCpIM,SAAU0xC,GAAgBlqC,EAA4B0oC,EAAyBlhC,EAAK1W,EAAK+3C,GAI7F,GAFA/3C,EAAMoH,EADNpH,EAAMA,GAAO0W,GAGTjV,MAAMC,QAAQ1B,GAAM,CAEtB,IADA,IAAIq5C,EAAS,GACJC,EAAI,EAAGC,EAAKv5C,EAAI0E,OAAQ40C,EAAIC,EAAID,IACvCD,EAAO3zC,KAAK0zC,GAAgBlqC,EAAK0oC,EAAIlhC,EAAK1W,EAAIs5C,GAAIvB,IAEpD,OAAOsB,CACR,CAED,IAAIG,EAAWx5C,EAAIy5C,WAAa,CAAC,EAEjC,IAAK,IAAI/wC,KAAO8wC,EACTt5C,OAAOZ,UAAUgG,eAAelF,KAAKo5C,EAAU9wC,KAKhDsK,GAASwmC,EAAS9wC,KAASjH,MAAMC,QAAQ83C,EAAS9wC,OACpD8wC,EAAS9wC,GAAO0wC,GAAgBlqC,EAAK0oC,EAAIlhC,EAAK8iC,EAAS9wC,GAAMqvC,IAKjE,IAAI2B,EC3BA,SAAoBxqC,EAA4B0oC,EAAyBlhC,EAAK1W,EAAK+3C,GACvF,IAAI2B,EAAM,GACV,IAAK,IAAIptC,KAAYtM,EAAIwM,OACvB,GAAKtM,OAAOZ,UAAUgG,eAAelF,KAAKJ,EAAIwM,OAAQF,GAAtD,CAIA,IAAIG,EAAOzM,EAAIwM,OAAOF,GAMtB,GAJiB,SAAbA,IACFA,EAAWG,EAAKnM,MAGdmM,EAAKvI,KACPw1C,EAAIptC,GAAYG,OAIlB,GAGO,SAHCH,EAIJotC,EAAIt3B,KAAOo2B,GAAUtpC,EAAKwH,EAAKqhC,OAGjC,CACE,IAAIltC,EAAKitC,GAAQ5oC,EAAK0oC,EAAIlhC,EAAK1W,EAAKyM,EAAMsrC,GACtCltC,IACF6uC,EAAIptC,GAAYzB,EACjB,CAxBJ,CA2BH,OAAO6uC,CACT,CDNYC,CAAUzqC,EAAK0oC,EAAIlhC,EAAK1W,EAAK+3C,GAKvC,OAJA73C,OAAOuW,OAAO+iC,EAAUE,GAExB15C,EAAM2L,EAAK3L,EAAK,YAAa,UAC7BE,OAAOuW,OAAOzW,EAAKw5C,GACZx5C,CACT,OEhBa45C,GA0BX,WAAA9xC,CAAYoH,EAA4B0oC,EAAyBlhC,EAAoC,MACnGzX,KAAK2X,UAAOzV,EACZlC,KAAKgI,YAAS9F,EACVuV,IACFzX,KAAK2X,KAAOF,EAGZxW,OAAOuW,OAAOxX,KAAMm6C,GAAgBlqC,EAAK0oC,EAAIlhC,EAAKA,EAAK,CAAE,WAClDzX,KAAK6X,WAMO,uBAAfJ,EAAIzP,QAAoCyP,EAAIlK,SAC9CvN,KAAK6sB,OAAS,WACZ,OAAO9pB,QAAQI,QAAQw1C,EAAGC,oBAC5B,GAGL,EC3CG,SAAUgC,GAA0B3qC,GACxC,MAAM0oC,EAA0B,CAC9B3wC,OAAQuwC,GAAkBxsC,KAAK,KAAMkE,GACrC4qC,OAAO5uC,YPAuBgE,EAA4B0oC,EAAyB1sC,GACrF,IAAKA,IAASA,EAAK4L,WAAY,CAC7B,IAAIA,EAAa4gC,GAAmBxoC,GACpC,IAAI4H,EAKF,OAAO9U,QAAQC,OAAO,IAAIuM,EAAa,6BAJvCtD,EAAO,CACL4L,WAAYA,EAKjB,CACD,OAAO0gC,GAAkBtoC,EAAKhE,GAC3B5G,MAAK,SAASoS,GACb,OAAOkhC,EAAGC,kBAAkBnhC,EAC9B,GACJ,COdaqjC,CAAkB7qC,EAAK0oC,EAAI1sC,GAEpCojC,OAAQmJ,GAAkBzsC,KAAK,KAAMkE,GACrC0N,WAAW1R,YPakBgE,EAA4B0oC,EAAyB1sC,GACpF,IAAKA,IAASA,EAAK4L,WAAY,CAC7B,IAAIA,EAAa4gC,GAAmBxoC,GACpC,IAAI4H,EAKF,OAAO9U,QAAQC,OAAO,IAAIuM,EAAa,+BAJvCtD,EAAO,CACL4L,WAAYA,EAKjB,CACD,OAMc,SAAgB5H,EAA4BhE,GAG1D,OAFAA,EAAOosC,GAAcpoC,EAAKhE,GAEnBkM,GAAKlI,EAAKA,EAAIiI,kBAAoB,2BAA4BjM,EAAM,CAAElC,iBAAiB,GAChG,CAVSgxC,CAAgB9qC,EAAKhE,GACzB5G,MAAK,SAAUoS,GACd,OAAOkhC,EAAGC,kBAAkBnhC,EAC9B,GACJ,CO3BaujC,CAAgB/qC,EAAK0oC,EAAI1sC,GAElC2sC,kBAAoBnhC,GACX,IAAIkjC,GAAqB1qC,EAAK0oC,EAAIlhC,GAE3CihC,kBAAmB,CAACxxC,EAAa+E,EAAoBlF,IAC5C2xC,GAAkBzoC,EAAK0oC,EAAIzxC,EAAK+E,EAAMlF,IAGjD,OAAO4xC,CACT,CCrBc,SAAUsC,GAAYhrC,EAA4BlJ,GAG9D,OAFAA,EAAUA,GAAW,CAAC,EAEjB4pB,KAOS,IAAI5tB,SAAQ,SAAUI,EAASH,IAC3Ci3B,EAAS5J,SAAS6J,cAAc,WACzBC,MAAMC,QAAU,OAGvB8gB,EAAW,SAAkBx6C,GAC3B,GAAKA,GAAMA,EAAEiX,MAAQjX,EAAEm6B,SAAW5qB,EAAIiI,kBAAtC,CAIA,IACE,IAAI1I,EAAMvJ,KAAKC,MAAMxF,EAAEiX,KACxB,CAAC,MAAOlP,GAIP,MACD,CAED,GAAK+G,EACL,MAAiB,yBAAbA,EAAIvK,KACC9B,EAAQqM,EAAIyrC,kBAEJ,4BAAbzrC,EAAIvK,MACNvE,EAAEy6C,OAAOpqB,YAAY9qB,KAAKwG,UAAU,CAClCxH,KAAM,mBACJvE,EAAEm6B,QAlBP,CAoBH,EACAnB,GAAYxuB,OAAQ,UAAWgwC,GAE/BjhB,EAAOD,IAAM/pB,EAAIiI,kBAAoB,mCACrCmY,SAASxtB,KAAKw3B,YAAYJ,GAE1BS,EAAUpsB,YAAW,WACnBtL,EAAO,IAAIuM,EAAa,4BACzB,IAAExI,aAAO,EAAPA,EAAS2zB,UAAW,KACzB,IAEevmB,SAAQ,WACrB2mB,aAAaJ,GACbb,GAAe3uB,OAAQ,UAAWgwC,GAC9B7qB,SAASxtB,KAAKu5B,SAASnC,IACzBA,EAAOoC,cAAcC,YAAYrC,EAErC,IAnDSl3B,QAAQC,OAAO,IAAIuM,EAAa,mDAGzC,IAAImrB,EACAT,EACAihB,CA+CN,CC3CM,SAAUE,GAOfnpB,GAEC,OAAO,cAAyBA,EAK9B,WAAAppB,IAAeoD,GACboD,SAASpD,GAETjM,KAAKq7C,MAAQr7C,KAAK24C,GAAKiC,GAA0B56C,MAGjDA,KAAKi7C,YAAcA,GAAYlvC,KAAK,KAAM/L,KAC3C,CAGD,YAAMs7C,CAAOnoB,GACXA,EAAOhrB,EAAMgrB,GAAQ,IACrB,MAAMooB,EAAsBx0C,WACnBosB,EAAKqoB,gBACLx7C,KAAK24C,GAAGD,kBAAkB,gBAAiBvlB,EAAMpsB,IAE1D,OAAKosB,EAAKqoB,gBAGHx7C,KAAKi7C,cACX51C,MAAK,SAAS41C,GACb,OAAOM,EAAmB,CACxBn5C,QAAS,CACP,uBAAwB64C,IAG9B,IATSM,GAUV,CAGD,2BAAME,CAAsBtoB,GAC1B,OAAOnzB,KAAKs7C,OAAOnoB,EACpB,CAGD,cAAAuoB,CAAevoB,GACb,OAAOnzB,KAAK24C,GAAGD,kBAAkB,kCAAmCvlB,EACrE,CAGD,aAAA1E,CAAc0E,GACZ,OAAOnzB,KAAK24C,GAAGD,kBAAkB,gCAAiCvlB,EACnE,CAGD,mBAAAwoB,CAAoBxoB,GAClB,OAAOnzB,KAAK24C,GAAGD,kBAAkB,+BAAgCvlB,EAClE,EAGL,UCjFgByoB,GAQdpM,EACA7d,EACAoV,GAQA,OADkBD,GADEwI,GADHvc,GADGf,GADPN,GAAmBC,GACa6d,KAGUzI,EAEzD,CChBA,MAAMpV,GAAkE6gB,KAOlEqJ,GAAYT,GADInD,GADNlH,GAJqCwC,KAIH5hB,GAHW8iB,QAO7D,MAAMqH,WAAiBD,GACrB,WAAAhzC,CAAY9B,GACVsI,MAAMtI,EACP","sources":["webpack:///./node_modules/cross-fetch/dist/browser-ponyfill.js","webpack:///./node_modules/@okta/lib/idx/types/api.ts","webpack:///./node_modules/@okta/lib/util/console.ts","webpack:///./node_modules/@okta/lib/util/object.ts","webpack:///./node_modules/@okta/lib/util/misc.ts","webpack:///./node_modules/@okta/lib/util/url.ts","webpack:///./node_modules/@okta/lib/errors/CustomError.ts","webpack:///./node_modules/@okta/lib/errors/AuthSdkError.ts","webpack:///./node_modules/@okta/lib/oidc/util/oauth.ts","webpack:///./node_modules/@okta/lib/oidc/util/oauthMeta.ts","webpack:///./node_modules/@okta/lib/oidc/types/Token.ts","webpack:///./node_modules/@okta/lib/idx/transactionMeta.ts","webpack:///./node_modules/@okta/lib/util/types.ts","webpack:///./node_modules/@okta/lib/constants.ts","webpack:///./node_modules/@okta/lib/errors/AuthApiError.ts","webpack:///./node_modules/@okta/lib/errors/OAuthError.ts","webpack:///./node_modules/@okta/lib/http/request.ts","webpack:///./node_modules/@okta/lib/idx/interact.ts","webpack:///./node_modules/@okta/lib/idx/idxState/v1/actionParser.ts","webpack:///./node_modules/@okta/lib/idx/idxState/v1/generateIdxAction.ts","webpack:///./node_modules/@okta/lib/idx/idxState/v1/idxResponseParser.ts","webpack:///./node_modules/@okta/lib/util/jsonpath.ts","webpack:///./node_modules/@okta/lib/idx/idxState/v1/remediationParser.ts","webpack:///./node_modules/@okta/lib/idx/idxState/v1/parsers.ts","webpack:///./node_modules/@okta/lib/idx/idxState/v1/makeIdxState.ts","webpack:///./node_modules/@okta/lib/idx/idxState/index.ts","webpack:///./node_modules/@okta/lib/idx/types/idx-js.ts","webpack:///./node_modules/@okta/lib/errors/index.ts","webpack:///./node_modules/@okta/lib/idx/introspect.ts","webpack:///./node_modules/@okta/lib/idx/remediators/util.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/util.ts","webpack:///./node_modules/@okta/lib/idx/remediators/Base/Remediator.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/Authenticator.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/VerificationCodeAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/OktaVerifyTotp.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/OktaPassword.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/SecurityQuestionEnrollment.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/SecurityQuestionVerification.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/WebauthnEnrollment.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/WebauthnVerification.ts","webpack:///./node_modules/@okta/lib/idx/remediators/Base/VerifyAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/authenticator/getAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/remediators/EnrollAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/remediators/EnrollPoll.ts","webpack:///./node_modules/@okta/lib/idx/remediators/SelectEnrollmentChannel.ts","webpack:///./node_modules/@okta/lib/idx/remediators/EnrollmentChannelData.ts","webpack:///./node_modules/@okta/lib/idx/remediators/ChallengeAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/remediators/ChallengePoll.ts","webpack:///./node_modules/@okta/lib/idx/remediators/ResetAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/remediators/EnrollProfile.ts","webpack:///./node_modules/@okta/lib/idx/remediators/Identify.ts","webpack:///./node_modules/@okta/lib/idx/remediators/ReEnrollAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/remediators/RedirectIdp.ts","webpack:///./node_modules/@okta/lib/idx/remediators/Base/SelectAuthenticator.ts","webpack:///./node_modules/@okta/lib/idx/remediators/SelectAuthenticatorAuthenticate.ts","webpack:///./node_modules/@okta/lib/idx/remediators/SelectAuthenticatorEnroll.ts","webpack:///./node_modules/@okta/lib/idx/remediators/SelectAuthenticatorUnlockAccount.ts","webpack:///./node_modules/@okta/lib/idx/remediators/SelectEnrollProfile.ts","webpack:///./node_modules/@okta/lib/idx/remediators/Base/AuthenticatorData.ts","webpack:///./node_modules/@okta/lib/idx/remediators/AuthenticatorVerificationData.ts","webpack:///./node_modules/@okta/lib/idx/remediators/AuthenticatorEnrollmentData.ts","webpack:///./node_modules/@okta/lib/idx/remediators/Skip.ts","webpack:///./node_modules/@okta/lib/idx/remediators/GenericRemediator/util.ts","webpack:///./node_modules/@okta/lib/idx/remediators/GenericRemediator/GenericRemediator.ts","webpack:///./node_modules/@okta/lib/idx/util.ts","webpack:///./node_modules/@okta/lib/idx/remediate.ts","webpack:///./node_modules/@okta/lib/idx/flow/AuthenticationFlow.ts","webpack:///./node_modules/@okta/lib/idx/flow/PasswordRecoveryFlow.ts","webpack:///./node_modules/@okta/lib/idx/flow/RegistrationFlow.ts","webpack:///./node_modules/@okta/lib/idx/flow/AccountUnlockFlow.ts","webpack:///./node_modules/@okta/lib/idx/flow/FlowSpecification.ts","webpack:///./node_modules/@okta/lib/idx/run.ts","webpack:///./node_modules/@okta/lib/idx/authenticate.ts","webpack:///./node_modules/@okta/lib/idx/cancel.ts","webpack:///./node_modules/@okta/lib/oidc/util/urlParams.ts","webpack:///./node_modules/@okta/lib/idx/emailVerify.ts","webpack:///./node_modules/@okta/lib/idx/proceed.ts","webpack:///./node_modules/@okta/lib/idx/poll.ts","webpack:///./node_modules/@okta/lib/idx/startTransaction.ts","webpack:///./node_modules/@okta/lib/idx/register.ts","webpack:///./node_modules/@okta/lib/idx/recoverPassword.ts","webpack:///./node_modules/@okta/lib/idx/handleInteractionCodeRedirect.ts","webpack:///./node_modules/@okta/lib/idx/unlockAccount.ts","webpack:///./node_modules/@okta/lib/oidc/util/errors.ts","webpack:///./node_modules/@okta/lib/oidc/util/loginRedirect.ts","webpack:///./node_modules/@okta/lib/idx/factory/api.ts","webpack:///./node_modules/@okta/lib/crypto/browser.ts","webpack:///./node_modules/@okta/lib/features.ts","webpack:///./node_modules/@okta/lib/base/factory.ts","webpack:///./node_modules/@okta/lib/storage/mixin.ts","webpack:///./node_modules/@okta/lib/http/OktaUserAgent.ts","webpack:///./node_modules/@okta/lib/http/headers.ts","webpack:///./node_modules/@okta/lib/http/mixin.ts","webpack:///./node_modules/@okta/lib/crypto/base64.ts","webpack:///./node_modules/@okta/lib/crypto/oidcHash.ts","webpack:///./node_modules/@okta/lib/crypto/verifyToken.ts","webpack:///./node_modules/@okta/lib/util/PromiseQueue.ts","webpack:///./node_modules/@okta/lib/oidc/util/pkce.ts","webpack:///./node_modules/@okta/lib/oidc/decodeToken.ts","webpack:///./node_modules/@okta/lib/oidc/util/defaultTokenParams.ts","webpack:///./node_modules/@okta/lib/oidc/endpoints/token.ts","webpack:///./node_modules/@okta/lib/oidc/endpoints/well-known.ts","webpack:///./node_modules/@okta/lib/oidc/util/validateClaims.ts","webpack:///./node_modules/@okta/lib/oidc/verifyToken.ts","webpack:///./node_modules/@okta/lib/oidc/handleOAuthResponse.ts","webpack:///./node_modules/@okta/lib/oidc/exchangeCodeForTokens.ts","webpack:///./node_modules/@okta/lib/oidc/getUserInfo.ts","webpack:///./node_modules/@okta/lib/oidc/util/browser.ts","webpack:///./node_modules/@okta/lib/oidc/util/prepareTokenParams.ts","webpack:///./node_modules/@okta/lib/oidc/endpoints/authorize.ts","webpack:///./node_modules/@okta/lib/oidc/getToken.ts","webpack:///./node_modules/@okta/lib/oidc/getWithoutPrompt.ts","webpack:///./node_modules/@okta/lib/oidc/getWithPopup.ts","webpack:///./node_modules/@okta/lib/oidc/getWithRedirect.ts","webpack:///./node_modules/@okta/lib/oidc/parseFromUrl.ts","webpack:///./node_modules/@okta/lib/oidc/util/refreshToken.ts","webpack:///./node_modules/@okta/lib/oidc/renewTokensWithRefresh.ts","webpack:///./node_modules/@okta/lib/oidc/renewToken.ts","webpack:///./node_modules/@okta/lib/oidc/renewTokens.ts","webpack:///./node_modules/@okta/lib/oidc/revokeToken.ts","webpack:///./node_modules/@okta/lib/oidc/introspect.ts","webpack:///./node_modules/@okta/lib/oidc/util/enrollAuthenticatorMeta.ts","webpack:///./node_modules/@okta/lib/oidc/util/defaultEnrollAuthenticatorParams.ts","webpack:///./node_modules/@okta/lib/oidc/util/prepareEnrollAuthenticatorParams.ts","webpack:///./node_modules/@okta/lib/oidc/enrollAuthenticator.ts","webpack:///./node_modules/@okta/lib/oidc/factory/api.ts","webpack:///./node_modules/@okta/lib/oidc/util/validateToken.ts","webpack:///./node_modules/@okta/lib/clock.ts","webpack:///./node_modules/@okta/lib/oidc/types/TokenManager.ts","webpack:///./node_modules/@okta/lib/oidc/TokenManager.ts","webpack:///./node_modules/@okta/lib/browser/browserStorage.ts","webpack:///./node_modules/@okta/lib/oidc/mixin/index.ts","webpack:///./node_modules/@okta/lib/oidc/mixin/browser.ts","webpack:///./node_modules/@okta/lib/core/AuthStateManager.ts","webpack:///./node_modules/@okta/lib/services/AutoRenewService.ts","webpack:///./node_modules/@okta/lib/services/SyncStorageService.ts","webpack:///./node_modules/@okta/lib/services/LeaderElectionService.ts","webpack:///./node_modules/@okta/lib/core/ServiceManager/browser.ts","webpack:///./node_modules/@okta/lib/core/mixin.ts","webpack:///./node_modules/@okta/lib/session/api.ts","webpack:///./node_modules/@okta/lib/session/factory.ts","webpack:///./node_modules/@okta/lib/session/mixin.ts","webpack:///./node_modules/@okta/lib/core/factory.ts","webpack:///./node_modules/@okta/lib/idx/webauthn.ts","webpack:///./node_modules/@okta/lib/idx/mixin.ts","webpack:///./node_modules/@okta/lib/idx/factory/OktaAuthIdx.ts","webpack:///./node_modules/@okta/lib/base/options.ts","webpack:///./node_modules/@okta/lib/storage/options/browser.ts","webpack:///./node_modules/@okta/lib/storage/options/StorageOptionsConstructor.ts","webpack:///./node_modules/@okta/lib/fetch/fetchRequest.ts","webpack:///./node_modules/@okta/lib/http/options.ts","webpack:///./node_modules/@okta/lib/oidc/options/browser.ts","webpack:///./node_modules/@okta/lib/oidc/options/OAuthOptionsConstructor.ts","webpack:///./node_modules/@okta/lib/core/options.ts","webpack:///./node_modules/@okta/lib/idx/options.ts","webpack:///./node_modules/@okta/lib/storage/SavedObject.ts","webpack:///./node_modules/@okta/lib/storage/BaseStorageManager.ts","webpack:///./node_modules/@okta/lib/oidc/storage.ts","webpack:///./node_modules/@okta/lib/core/storage.ts","webpack:///./node_modules/@okta/lib/idx/storage.ts","webpack:///./node_modules/@okta/lib/oidc/types/Transaction.ts","webpack:///./node_modules/@okta/lib/oidc/util/sharedStorage.ts","webpack:///./node_modules/@okta/lib/oidc/TransactionManager.ts","webpack:///./node_modules/@okta/lib/idx/IdxTransactionManager.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/Base.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/ProfileTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/ProfileSchemaTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/EmailTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/EmailStatusTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/EmailChallengeTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/PhoneTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/types.ts","webpack:///./node_modules/@okta/lib/myaccount/transactions/PasswordTransaction.ts","webpack:///./node_modules/@okta/lib/myaccount/request.ts","webpack:///./node_modules/@okta/lib/myaccount/profileApi.ts","webpack:///./node_modules/@okta/lib/myaccount/emailApi.ts","webpack:///./node_modules/@okta/lib/myaccount/phoneApi.ts","webpack:///./node_modules/@okta/lib/myaccount/passwordApi.ts","webpack:///./node_modules/@okta/lib/myaccount/mixin.ts","webpack:///./node_modules/@okta/lib/myaccount/factory.ts","webpack:///./node_modules/@okta/lib/authn/util/stateToken.ts","webpack:///./node_modules/@okta/lib/authn/api.ts","webpack:///./node_modules/@okta/lib/authn/util/link2fn.ts","webpack:///./node_modules/@okta/lib/errors/AuthPollStopError.ts","webpack:///./node_modules/@okta/lib/authn/util/poll.ts","webpack:///./node_modules/@okta/lib/authn/util/flattenEmbedded.ts","webpack:///./node_modules/@okta/lib/authn/util/links2fns.ts","webpack:///./node_modules/@okta/lib/authn/AuthnTransactionImpl.ts","webpack:///./node_modules/@okta/lib/authn/factory.ts","webpack:///./node_modules/@okta/lib/browser/fingerprint.ts","webpack:///./node_modules/@okta/lib/authn/mixin.ts","webpack:///./node_modules/@okta/lib/oidc/factory/OktaAuthOAuth.ts","webpack:///./node_modules/@okta/lib/exports/default.ts"],"sourcesContent":["var global = typeof self !== 'undefined' ? self : this;\nvar __self__ = (function () {\nfunction F() {\nthis.fetch = false;\nthis.DOMException = global.DOMException\n}\nF.prototype = global;\nreturn new F();\n})();\n(function(self) {\n\nvar irrelevant = (function (exports) {\n\n  var support = {\n    searchParams: 'URLSearchParams' in self,\n    iterable: 'Symbol' in self && 'iterator' in Symbol,\n    blob:\n      'FileReader' in self &&\n      'Blob' in self &&\n      (function() {\n        try {\n          new Blob();\n          return true\n        } catch (e) {\n          return false\n        }\n      })(),\n    formData: 'FormData' in self,\n    arrayBuffer: 'ArrayBuffer' in self\n  };\n\n  function isDataView(obj) {\n    return obj && DataView.prototype.isPrototypeOf(obj)\n  }\n\n  if (support.arrayBuffer) {\n    var viewClasses = [\n      '[object Int8Array]',\n      '[object Uint8Array]',\n      '[object Uint8ClampedArray]',\n      '[object Int16Array]',\n      '[object Uint16Array]',\n      '[object Int32Array]',\n      '[object Uint32Array]',\n      '[object Float32Array]',\n      '[object Float64Array]'\n    ];\n\n    var isArrayBufferView =\n      ArrayBuffer.isView ||\n      function(obj) {\n        return obj && viewClasses.indexOf(Object.prototype.toString.call(obj)) > -1\n      };\n  }\n\n  function normalizeName(name) {\n    if (typeof name !== 'string') {\n      name = String(name);\n    }\n    if (/[^a-z0-9\\-#$%&'*+.^_`|~]/i.test(name)) {\n      throw new TypeError('Invalid character in header field name')\n    }\n    return name.toLowerCase()\n  }\n\n  function normalizeValue(value) {\n    if (typeof value !== 'string') {\n      value = String(value);\n    }\n    return value\n  }\n\n  // Build a destructive iterator for the value list\n  function iteratorFor(items) {\n    var iterator = {\n      next: function() {\n        var value = items.shift();\n        return {done: value === undefined, value: value}\n      }\n    };\n\n    if (support.iterable) {\n      iterator[Symbol.iterator] = function() {\n        return iterator\n      };\n    }\n\n    return iterator\n  }\n\n  function Headers(headers) {\n    this.map = {};\n\n    if (headers instanceof Headers) {\n      headers.forEach(function(value, name) {\n        this.append(name, value);\n      }, this);\n    } else if (Array.isArray(headers)) {\n      headers.forEach(function(header) {\n        this.append(header[0], header[1]);\n      }, this);\n    } else if (headers) {\n      Object.getOwnPropertyNames(headers).forEach(function(name) {\n        this.append(name, headers[name]);\n      }, this);\n    }\n  }\n\n  Headers.prototype.append = function(name, value) {\n    name = normalizeName(name);\n    value = normalizeValue(value);\n    var oldValue = this.map[name];\n    this.map[name] = oldValue ? oldValue + ', ' + value : value;\n  };\n\n  Headers.prototype['delete'] = function(name) {\n    delete this.map[normalizeName(name)];\n  };\n\n  Headers.prototype.get = function(name) {\n    name = normalizeName(name);\n    return this.has(name) ? this.map[name] : null\n  };\n\n  Headers.prototype.has = function(name) {\n    return this.map.hasOwnProperty(normalizeName(name))\n  };\n\n  Headers.prototype.set = function(name, value) {\n    this.map[normalizeName(name)] = normalizeValue(value);\n  };\n\n  Headers.prototype.forEach = function(callback, thisArg) {\n    for (var name in this.map) {\n      if (this.map.hasOwnProperty(name)) {\n        callback.call(thisArg, this.map[name], name, this);\n      }\n    }\n  };\n\n  Headers.prototype.keys = function() {\n    var items = [];\n    this.forEach(function(value, name) {\n      items.push(name);\n    });\n    return iteratorFor(items)\n  };\n\n  Headers.prototype.values = function() {\n    var items = [];\n    this.forEach(function(value) {\n      items.push(value);\n    });\n    return iteratorFor(items)\n  };\n\n  Headers.prototype.entries = function() {\n    var items = [];\n    this.forEach(function(value, name) {\n      items.push([name, value]);\n    });\n    return iteratorFor(items)\n  };\n\n  if (support.iterable) {\n    Headers.prototype[Symbol.iterator] = Headers.prototype.entries;\n  }\n\n  function consumed(body) {\n    if (body.bodyUsed) {\n      return Promise.reject(new TypeError('Already read'))\n    }\n    body.bodyUsed = true;\n  }\n\n  function fileReaderReady(reader) {\n    return new Promise(function(resolve, reject) {\n      reader.onload = function() {\n        resolve(reader.result);\n      };\n      reader.onerror = function() {\n        reject(reader.error);\n      };\n    })\n  }\n\n  function readBlobAsArrayBuffer(blob) {\n    var reader = new FileReader();\n    var promise = fileReaderReady(reader);\n    reader.readAsArrayBuffer(blob);\n    return promise\n  }\n\n  function readBlobAsText(blob) {\n    var reader = new FileReader();\n    var promise = fileReaderReady(reader);\n    reader.readAsText(blob);\n    return promise\n  }\n\n  function readArrayBufferAsText(buf) {\n    var view = new Uint8Array(buf);\n    var chars = new Array(view.length);\n\n    for (var i = 0; i < view.length; i++) {\n      chars[i] = String.fromCharCode(view[i]);\n    }\n    return chars.join('')\n  }\n\n  function bufferClone(buf) {\n    if (buf.slice) {\n      return buf.slice(0)\n    } else {\n      var view = new Uint8Array(buf.byteLength);\n      view.set(new Uint8Array(buf));\n      return view.buffer\n    }\n  }\n\n  function Body() {\n    this.bodyUsed = false;\n\n    this._initBody = function(body) {\n      this._bodyInit = body;\n      if (!body) {\n        this._bodyText = '';\n      } else if (typeof body === 'string') {\n        this._bodyText = body;\n      } else if (support.blob && Blob.prototype.isPrototypeOf(body)) {\n        this._bodyBlob = body;\n      } else if (support.formData && FormData.prototype.isPrototypeOf(body)) {\n        this._bodyFormData = body;\n      } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n        this._bodyText = body.toString();\n      } else if (support.arrayBuffer && support.blob && isDataView(body)) {\n        this._bodyArrayBuffer = bufferClone(body.buffer);\n        // IE 10-11 can't handle a DataView body.\n        this._bodyInit = new Blob([this._bodyArrayBuffer]);\n      } else if (support.arrayBuffer && (ArrayBuffer.prototype.isPrototypeOf(body) || isArrayBufferView(body))) {\n        this._bodyArrayBuffer = bufferClone(body);\n      } else {\n        this._bodyText = body = Object.prototype.toString.call(body);\n      }\n\n      if (!this.headers.get('content-type')) {\n        if (typeof body === 'string') {\n          this.headers.set('content-type', 'text/plain;charset=UTF-8');\n        } else if (this._bodyBlob && this._bodyBlob.type) {\n          this.headers.set('content-type', this._bodyBlob.type);\n        } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n          this.headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n        }\n      }\n    };\n\n    if (support.blob) {\n      this.blob = function() {\n        var rejected = consumed(this);\n        if (rejected) {\n          return rejected\n        }\n\n        if (this._bodyBlob) {\n          return Promise.resolve(this._bodyBlob)\n        } else if (this._bodyArrayBuffer) {\n          return Promise.resolve(new Blob([this._bodyArrayBuffer]))\n        } else if (this._bodyFormData) {\n          throw new Error('could not read FormData body as blob')\n        } else {\n          return Promise.resolve(new Blob([this._bodyText]))\n        }\n      };\n\n      this.arrayBuffer = function() {\n        if (this._bodyArrayBuffer) {\n          return consumed(this) || Promise.resolve(this._bodyArrayBuffer)\n        } else {\n          return this.blob().then(readBlobAsArrayBuffer)\n        }\n      };\n    }\n\n    this.text = function() {\n      var rejected = consumed(this);\n      if (rejected) {\n        return rejected\n      }\n\n      if (this._bodyBlob) {\n        return readBlobAsText(this._bodyBlob)\n      } else if (this._bodyArrayBuffer) {\n        return Promise.resolve(readArrayBufferAsText(this._bodyArrayBuffer))\n      } else if (this._bodyFormData) {\n        throw new Error('could not read FormData body as text')\n      } else {\n        return Promise.resolve(this._bodyText)\n      }\n    };\n\n    if (support.formData) {\n      this.formData = function() {\n        return this.text().then(decode)\n      };\n    }\n\n    this.json = function() {\n      return this.text().then(JSON.parse)\n    };\n\n    return this\n  }\n\n  // HTTP methods whose capitalization should be normalized\n  var methods = ['DELETE', 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT'];\n\n  function normalizeMethod(method) {\n    var upcased = method.toUpperCase();\n    return methods.indexOf(upcased) > -1 ? upcased : method\n  }\n\n  function Request(input, options) {\n    options = options || {};\n    var body = options.body;\n\n    if (input instanceof Request) {\n      if (input.bodyUsed) {\n        throw new TypeError('Already read')\n      }\n      this.url = input.url;\n      this.credentials = input.credentials;\n      if (!options.headers) {\n        this.headers = new Headers(input.headers);\n      }\n      this.method = input.method;\n      this.mode = input.mode;\n      this.signal = input.signal;\n      if (!body && input._bodyInit != null) {\n        body = input._bodyInit;\n        input.bodyUsed = true;\n      }\n    } else {\n      this.url = String(input);\n    }\n\n    this.credentials = options.credentials || this.credentials || 'same-origin';\n    if (options.headers || !this.headers) {\n      this.headers = new Headers(options.headers);\n    }\n    this.method = normalizeMethod(options.method || this.method || 'GET');\n    this.mode = options.mode || this.mode || null;\n    this.signal = options.signal || this.signal;\n    this.referrer = null;\n\n    if ((this.method === 'GET' || this.method === 'HEAD') && body) {\n      throw new TypeError('Body not allowed for GET or HEAD requests')\n    }\n    this._initBody(body);\n  }\n\n  Request.prototype.clone = function() {\n    return new Request(this, {body: this._bodyInit})\n  };\n\n  function decode(body) {\n    var form = new FormData();\n    body\n      .trim()\n      .split('&')\n      .forEach(function(bytes) {\n        if (bytes) {\n          var split = bytes.split('=');\n          var name = split.shift().replace(/\\+/g, ' ');\n          var value = split.join('=').replace(/\\+/g, ' ');\n          form.append(decodeURIComponent(name), decodeURIComponent(value));\n        }\n      });\n    return form\n  }\n\n  function parseHeaders(rawHeaders) {\n    var headers = new Headers();\n    // Replace instances of \\r\\n and \\n followed by at least one space or horizontal tab with a space\n    // https://tools.ietf.org/html/rfc7230#section-3.2\n    var preProcessedHeaders = rawHeaders.replace(/\\r?\\n[\\t ]+/g, ' ');\n    preProcessedHeaders.split(/\\r?\\n/).forEach(function(line) {\n      var parts = line.split(':');\n      var key = parts.shift().trim();\n      if (key) {\n        var value = parts.join(':').trim();\n        headers.append(key, value);\n      }\n    });\n    return headers\n  }\n\n  Body.call(Request.prototype);\n\n  function Response(bodyInit, options) {\n    if (!options) {\n      options = {};\n    }\n\n    this.type = 'default';\n    this.status = options.status === undefined ? 200 : options.status;\n    this.ok = this.status >= 200 && this.status < 300;\n    this.statusText = 'statusText' in options ? options.statusText : 'OK';\n    this.headers = new Headers(options.headers);\n    this.url = options.url || '';\n    this._initBody(bodyInit);\n  }\n\n  Body.call(Response.prototype);\n\n  Response.prototype.clone = function() {\n    return new Response(this._bodyInit, {\n      status: this.status,\n      statusText: this.statusText,\n      headers: new Headers(this.headers),\n      url: this.url\n    })\n  };\n\n  Response.error = function() {\n    var response = new Response(null, {status: 0, statusText: ''});\n    response.type = 'error';\n    return response\n  };\n\n  var redirectStatuses = [301, 302, 303, 307, 308];\n\n  Response.redirect = function(url, status) {\n    if (redirectStatuses.indexOf(status) === -1) {\n      throw new RangeError('Invalid status code')\n    }\n\n    return new Response(null, {status: status, headers: {location: url}})\n  };\n\n  exports.DOMException = self.DOMException;\n  try {\n    new exports.DOMException();\n  } catch (err) {\n    exports.DOMException = function(message, name) {\n      this.message = message;\n      this.name = name;\n      var error = Error(message);\n      this.stack = error.stack;\n    };\n    exports.DOMException.prototype = Object.create(Error.prototype);\n    exports.DOMException.prototype.constructor = exports.DOMException;\n  }\n\n  function fetch(input, init) {\n    return new Promise(function(resolve, reject) {\n      var request = new Request(input, init);\n\n      if (request.signal && request.signal.aborted) {\n        return reject(new exports.DOMException('Aborted', 'AbortError'))\n      }\n\n      var xhr = new XMLHttpRequest();\n\n      function abortXhr() {\n        xhr.abort();\n      }\n\n      xhr.onload = function() {\n        var options = {\n          status: xhr.status,\n          statusText: xhr.statusText,\n          headers: parseHeaders(xhr.getAllResponseHeaders() || '')\n        };\n        options.url = 'responseURL' in xhr ? xhr.responseURL : options.headers.get('X-Request-URL');\n        var body = 'response' in xhr ? xhr.response : xhr.responseText;\n        resolve(new Response(body, options));\n      };\n\n      xhr.onerror = function() {\n        reject(new TypeError('Network request failed'));\n      };\n\n      xhr.ontimeout = function() {\n        reject(new TypeError('Network request failed'));\n      };\n\n      xhr.onabort = function() {\n        reject(new exports.DOMException('Aborted', 'AbortError'));\n      };\n\n      xhr.open(request.method, request.url, true);\n\n      if (request.credentials === 'include') {\n        xhr.withCredentials = true;\n      } else if (request.credentials === 'omit') {\n        xhr.withCredentials = false;\n      }\n\n      if ('responseType' in xhr && support.blob) {\n        xhr.responseType = 'blob';\n      }\n\n      request.headers.forEach(function(value, name) {\n        xhr.setRequestHeader(name, value);\n      });\n\n      if (request.signal) {\n        request.signal.addEventListener('abort', abortXhr);\n\n        xhr.onreadystatechange = function() {\n          // DONE (success or failure)\n          if (xhr.readyState === 4) {\n            request.signal.removeEventListener('abort', abortXhr);\n          }\n        };\n      }\n\n      xhr.send(typeof request._bodyInit === 'undefined' ? null : request._bodyInit);\n    })\n  }\n\n  fetch.polyfill = true;\n\n  if (!self.fetch) {\n    self.fetch = fetch;\n    self.Headers = Headers;\n    self.Request = Request;\n    self.Response = Response;\n  }\n\n  exports.Headers = Headers;\n  exports.Request = Request;\n  exports.Response = Response;\n  exports.fetch = fetch;\n\n  Object.defineProperty(exports, '__esModule', { value: true });\n\n  return exports;\n\n})({});\n})(__self__);\n__self__.fetch.ponyfill = true;\n// Remove \"polyfill\" property added by whatwg-fetch\ndelete __self__.fetch.polyfill;\n// Choose between native implementation (global) or custom implementation (__self__)\n// var ctx = global.fetch ? global : __self__;\nvar ctx = __self__; // this line disable service worker support temporarily\nexports = ctx.fetch // To enable: import fetch from 'cross-fetch'\nexports.default = ctx.fetch // For TypeScript consumers without esModuleInterop.\nexports.fetch = ctx.fetch // To enable: import {fetch} from 'cross-fetch'\nexports.Headers = ctx.Headers\nexports.Request = ctx.Request\nexports.Response = ctx.Response\nmodule.exports = exports\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { APIError } from '../../errors/types';\nimport {\n  OktaAuthOAuthInterface,\n  Tokens,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../../oidc/types';\nimport { FlowIdentifier } from './FlowIdentifier';\nimport {\n  IdxActions,\n  IdxAuthenticator,\n  IdxContext,\n  IdxForm,\n  IdxMessage,\n  IdxOption,\n  IdxRemediation,\n  IdxResponse,\n  RawIdxResponse,\n  IdxActionParams,\n  IdpConfig,\n  IdxToPersist,\n  ChallengeData,\n  ActivationData,\n} from './idx-js';\nimport {\n  AccountUnlockOptions,\n  AuthenticationOptions,\n  CancelOptions,\n  InteractOptions,\n  IntrospectOptions,\n  OktaAuthIdxOptions,\n  PasswordRecoveryOptions,\n  ProceedOptions,\n  RegistrationOptions,\n  StartOptions,\n  IdxTransactionMetaOptions\n} from './options';\nimport { IdxTransactionMeta } from './meta';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './storage';\nimport type {\n  WebauthnEnrollValues,\n  WebauthnVerificationValues\n} from '../authenticator';\nimport { OktaAuthConstructor } from '../../base/types';\n\nexport enum IdxStatus {\n  SUCCESS = 'SUCCESS',\n  PENDING = 'PENDING',\n  FAILURE = 'FAILURE',\n  TERMINAL = 'TERMINAL',\n  CANCELED = 'CANCELED',\n}\n\nexport enum AuthenticatorKey {\n  OKTA_PASSWORD = 'okta_password',\n  OKTA_EMAIL = 'okta_email',\n  PHONE_NUMBER = 'phone_number',\n  GOOGLE_AUTHENTICATOR = 'google_otp',\n  SECURITY_QUESTION = 'security_question',\n  OKTA_VERIFY = 'okta_verify',\n  WEBAUTHN = 'webauthn',\n}\n\nexport type Input = {\n  name: string;\n  key?: string;\n  type?: string;\n  label?: string;\n  value?: string | {form: IdxForm} | Input[];\n  minLength?: number;\n  maxLength?: number;\n  secret?: boolean;\n  required?: boolean;\n  options?: IdxOption[];\n  mutable?: boolean;\n  visible?: boolean;\n  customLabel?: boolean\n}\n\n\nexport interface IdxPollOptions {\n  required?: boolean;\n  refresh?: number;\n}\n\nexport type NextStep = {\n  name: string;\n  authenticator?: IdxAuthenticator;\n  canSkip?: boolean;\n  canResend?: boolean;\n  inputs?: Input[];\n  poll?: IdxPollOptions;\n  authenticatorEnrollments?: IdxAuthenticator[];\n  // eslint-disable-next-line no-use-before-define\n  action?: (params?: IdxActionParams) => Promise<IdxTransaction>;\n  idp?: IdpConfig;\n  href?: string;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  refresh?: number;\n}\n\nexport enum IdxFeature {\n  PASSWORD_RECOVERY = 'recover-password',\n  REGISTRATION = 'enroll-profile',\n  SOCIAL_IDP = 'redirect-idp',\n  ACCOUNT_UNLOCK = 'unlock-account',\n}\n\n\nexport interface IdxTransaction {\n  status: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n  \n  // from idx-js, used by signin widget\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  context: IdxContext;\n}\n\n\nexport type Authenticator = {\n  id?: string;\n  key?: string;\n  methodType?: string;\n  phoneNumber?: string;\n  channel?: string;\n};\n\nexport function isAuthenticator(obj: any): obj is Authenticator {\n  return obj && (obj.key || obj.id);\n}\n\nexport interface RemediationResponse {\n  idxResponse: IdxResponse;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  terminal?: boolean;\n  canceled?: boolean;\n}\n\nexport interface InteractResponse {\n  state?: string;\n  interactionHandle: string;\n  meta: IdxTransactionMeta;\n}\n\nexport interface EmailVerifyCallbackResponse {\n  state: string;\n  otp: string;\n}\n\nexport interface IdxAPI {\n  // lowest level api\n  interact: (options?: InteractOptions) => Promise<InteractResponse>;\n  introspect: (options?: IntrospectOptions) => Promise<IdxResponse>;\n  makeIdxResponse: (rawIdxResponse: RawIdxResponse, toPersist: IdxToPersist, requestDidSucceed: boolean) => IdxResponse;\n\n  // flow entrypoints\n  authenticate: (options?: AuthenticationOptions) => Promise<IdxTransaction>;\n  register: (options?: RegistrationOptions) => Promise<IdxTransaction>;\n  recoverPassword: (options?: PasswordRecoveryOptions) => Promise<IdxTransaction>;\n  unlockAccount: (options?: AccountUnlockOptions) => Promise<IdxTransaction>;\n  poll: (options?: IdxPollOptions) => Promise<IdxTransaction>;\n\n  // flow control\n  start: (options?: StartOptions) => Promise<IdxTransaction>;\n  canProceed(options?: ProceedOptions): boolean;\n  proceed: (options?: ProceedOptions) => Promise<IdxTransaction>;\n  cancel: (options?: CancelOptions) => Promise<IdxTransaction>;\n  getFlow(): FlowIdentifier | undefined;\n  setFlow(flow: FlowIdentifier): void;\n\n  // call `start` instead of `startTransaction`. `startTransaction` will be removed in next major version (7.0)\n  startTransaction: (options?: StartOptions) => Promise<IdxTransaction>;\n\n  // redirect callbacks\n  isInteractionRequired: (hashOrSearch?: string) => boolean;\n  isInteractionRequiredError: (error: Error) => boolean; \n  handleInteractionCodeRedirect: (url: string) => Promise<void>;\n  isEmailVerifyCallback: (search: string) => boolean;\n  parseEmailVerifyCallback: (search: string) => EmailVerifyCallbackResponse;\n  handleEmailVerifyCallback: (search: string) => Promise<IdxTransaction | undefined>;\n  isEmailVerifyCallbackError: (error: Error) => boolean;\n\n  // transaction meta\n  getSavedTransactionMeta: (options?: IdxTransactionMetaOptions) => IdxTransactionMeta | undefined;\n  createTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  getTransactionMeta: (options?: IdxTransactionMetaOptions) => Promise<IdxTransactionMeta>;\n  saveTransactionMeta: (meta: unknown) => void;\n  clearTransactionMeta: () => void;\n  isTransactionMetaValid: (meta: unknown) => boolean;\n}\n\nexport interface IdxTransactionManagerInterface extends TransactionManagerInterface {\n  saveIdxResponse(data: SavedIdxResponse): void;\n  loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null;\n  clearIdxResponse(): void;\n}\n\nexport type IdxTransactionManagerConstructor = TransactionManagerConstructor<IdxTransactionManagerInterface>;\n\nexport interface WebauthnAPI {\n  getAssertion(credential: PublicKeyCredential): WebauthnVerificationValues;\n  getAttestation(credential: PublicKeyCredential): WebauthnEnrollValues;\n  buildCredentialRequestOptions(\n    challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialRequestOptions;\n  buildCredentialCreationOptions(\n    activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n  ): CredentialCreationOptions;\n}\n\nexport interface OktaAuthIdxInterface\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>\n  extends OktaAuthOAuthInterface<M, S, O, TM>\n{\n  idx: IdxAPI;\n}\n\nexport interface OktaAuthIdxConstructor\n<\n  I extends OktaAuthIdxInterface = OktaAuthIdxInterface\n>\n extends OktaAuthConstructor<I>\n{\n  new(...args: any[]): I;\n  webauthn: WebauthnAPI;\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window */\n\nexport function getNativeConsole() {\n  if (typeof window !== 'undefined') {\n    return window.console;\n  } else if (typeof console !== 'undefined') {\n    return console;\n  } else {\n    return undefined;\n  }\n}\n\nexport function getConsole() {\n  var nativeConsole = getNativeConsole();\n  // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n  // @ts-ignore\n  if (nativeConsole && nativeConsole.log) {\n    return nativeConsole;\n  }\n  return {\n    log: function() {},\n    warn: function() {},\n    group: function() {},\n    groupEnd: function() {}\n  };\n}\n\nexport function warn(text) {\n  /* eslint-disable no-console */\n  getConsole().warn('[okta-auth-sdk] WARN: ' + text);\n  /* eslint-enable */\n}\n\nexport function deprecate(text) {\n  /* eslint-disable no-console */\n  getConsole().warn('[okta-auth-sdk] DEPRECATION: ' + text);\n  /* eslint-enable */\n}\n\nexport function deprecateWrap(text, fn) {\n  return function() {\n    deprecate(text);\n    return fn.apply(null, arguments);\n  };\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function bind(fn, ctx) {\n  var additionalArgs = Array.prototype.slice.call(arguments, 2);\n  return function() {\n    var args = Array.prototype.slice.call(arguments);\n    args = additionalArgs.concat(args);\n    return fn.apply(ctx, args);\n  };\n}\n\n// TODO: replace all references with `Object.assign` then remove this function\nexport function extend() {\n  // First object will be modified!\n  var obj1 = arguments[0];\n  // Properties from other objects will be copied over\n  var objArray = [].slice.call(arguments, 1);\n  objArray.forEach(function(obj) {\n    for (var prop in obj) {\n      // copy over all properties with defined values\n      if (Object.prototype.hasOwnProperty.call(obj, prop) && obj[prop] !== undefined) {\n        obj1[prop] = obj[prop];\n      }\n    }\n  });\n  return obj1; // return the modified object\n}\n\nexport function removeNils(obj) {\n  var cleaned = {};\n  for (var prop in obj) {\n    if (Object.prototype.hasOwnProperty.call(obj, prop)) {\n      var value = obj[prop];\n      if (value !== null && value !== undefined) {\n        cleaned[prop] = value;\n      }\n    }\n  }\n  return cleaned;\n}\n\nexport function clone(obj) {\n  if (obj) {\n    var str = JSON.stringify(obj);\n    if (str) {\n      return JSON.parse(str);\n    }\n  }\n  return obj;\n}\n\n// Analogous to _.omit\nexport function omit(obj, ...props: any[]) {\n  // var props = Array.prototype.slice.call(arguments, 1);\n  var newobj = {};\n  for (var p in obj) {\n    if (Object.prototype.hasOwnProperty.call(obj, p) && props.indexOf(p) == -1) {\n      newobj[p] = obj[p];\n    }\n  }\n  return clone(newobj);\n}\n\nexport function find(collection, searchParams) {\n  var c = collection.length;\n  while (c--) {\n    var item = collection[c];\n    var found = true;\n    for (var prop in searchParams) {\n      if (!Object.prototype.hasOwnProperty.call(searchParams, prop)) {\n        continue;\n      }\n      if (item[prop] !== searchParams[prop]) {\n        found = false;\n        break;\n      }\n    }\n    if (found) {\n      return item;\n    }\n  }\n}\n\nexport function getLink(obj, linkName, altName?) {\n  if (!obj || !obj._links) {\n    return;\n  }\n\n  var link = clone(obj._links[linkName]);\n\n  // If a link has a name and we have an altName, return if they match\n  if (link && link.name && altName) {\n    if (link.name === altName) {\n      return link;\n    }\n  } else {\n    return link;\n  }\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isoToUTCString(str) {\n  var parts = str.match(/\\d+/g),\n      isoTime = Date.UTC(parts[0], parts[1] - 1, parts[2], parts[3], parts[4], parts[5]),\n      isoDate = new Date(isoTime);\n\n  return isoDate.toUTCString();\n}\n\nexport function genRandomString(length) {\n  var randomCharset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';\n  var random = '';\n  for (var c = 0, cl = randomCharset.length; c < length; ++c) {\n    random += randomCharset[Math.floor(Math.random() * cl)];\n  }\n  return random;\n}\n\nexport function delay(ms) {\n  return new Promise(function(resolve) {\n    setTimeout(resolve, ms);\n  });\n}\n\nexport function split2(str, delim) {\n  const parts = str.split(delim);\n  return [\n    parts[0], \n    parts.splice(1, parts.length).join(delim),\n  ];\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isAbsoluteUrl(url) {\n  return /^[a-z][a-z0-9+.-]*:/i.test(url);\n}\n\nexport function toAbsoluteUrl(url = '', baseUrl) {\n  if (isAbsoluteUrl(url)) {\n    return url;\n  }\n  baseUrl = removeTrailingSlash(baseUrl);\n  return url[0] === '/' ? `${baseUrl}${url}` : `${baseUrl}/${url}`;\n}\n\nexport function toRelativeUrl(url = '', baseUrl) {\n  if (isAbsoluteUrl(url)) {\n    url = url.substring(baseUrl.length);\n  }\n\n  return url[0] === '/' ? url : `/${url}`;\n}\n\nexport function toQueryString(obj) {\n  var str = [];\n  if (obj !== null) {\n    for (var key in obj) {\n      if (Object.prototype.hasOwnProperty.call(obj, key) &&\n          obj[key] !== undefined &&\n          obj[key] !== null) {\n        str.push(key + '=' + encodeURIComponent(obj[key]) as never);\n      }\n    }\n  }\n  if (str.length) {\n    return '?' + str.join('&');\n  } else {\n    return '';\n  }\n}\n\nexport function removeTrailingSlash(path) {\n  if (!path) {\n    return;\n  }\n  // Remove any whitespace before or after string\n  var trimmed = path.replace(/^\\s+|\\s+$/gm,'');\n  // Remove trailing slash(es)\n  trimmed = trimmed.replace(/\\/+$/, '');\n\n  return trimmed;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport default class CustomError extends Error {\n  constructor(message: string) {\n    // https://stackoverflow.com/questions/41102060/typescript-extending-error-class\n    super(message); // 'Error' breaks prototype chain here\n    Object.setPrototypeOf(this, new.target.prototype); // restore prototype chain\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { APIError, FieldError } from './types';\n\nexport default class AuthSdkError extends CustomError implements APIError {\n  errorSummary: string;\n  errorCode: string;\n  errorLink: string;\n  errorId: string;\n  errorCauses: Array<FieldError>;\n  xhr?: XMLHttpRequest;\n\n  constructor(msg: string, xhr?: XMLHttpRequest) {\n    super(msg);\n    this.name = 'AuthSdkError';\n    this.errorCode = 'INTERNAL';\n    this.errorSummary = msg;\n    this.errorLink = 'INTERNAL';\n    this.errorId = 'INTERNAL';\n    this.errorCauses = [];\n    if (xhr) {\n      this.xhr = xhr;\n    }\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\nimport { genRandomString, removeTrailingSlash } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, CustomUrls } from '../types';\n\nexport function generateState() {\n  return genRandomString(64);\n}\n\nexport function generateNonce() {\n  return genRandomString(64);\n}\n\nfunction getIssuer(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  return issuer;\n}\n\nexport function getOAuthBaseUrl(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  return baseUrl;\n}\n\nexport function getOAuthDomain(sdk: OktaAuthOAuthInterface, options: CustomUrls = {}) {\n  const issuer = getIssuer(sdk, options);\n  const domain = issuer.split('/oauth2')[0];\n  return domain;\n}\n\nexport function getOAuthUrls(sdk: OktaAuthOAuthInterface, options?: CustomUrls): CustomUrls {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = getIssuer(sdk, options);\n  var userinfoUrl = removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = getOAuthBaseUrl(sdk, options);\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, PKCETransactionMeta, TokenParams } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createOAuthMeta(\n  sdk: OktaAuthOAuthInterface, \n  tokenParams: TokenParams\n): OAuthTransactionMeta | PKCETransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, tokenParams);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: tokenParams.clientId!,\n    redirectUri: tokenParams.redirectUri!,\n    responseType: tokenParams.responseType!,\n    responseMode: tokenParams.responseMode!,\n    scopes: tokenParams.scopes!,\n    state: tokenParams.state!,\n    nonce: tokenParams.nonce!,\n    ignoreSignature: tokenParams.ignoreSignature!,\n    acrValues: tokenParams.acrValues,\n  };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return oauthMeta;\n  }\n\n  const pkceMeta: PKCETransactionMeta = {\n    ...oauthMeta,\n    codeVerifier: tokenParams.codeVerifier!,\n    codeChallengeMethod: tokenParams.codeChallengeMethod!,\n    codeChallenge: tokenParams.codeChallenge!,\n  };\n\n  return pkceMeta;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { UserClaims } from './UserClaims';\n\nexport interface AbstractToken {\n  expiresAt: number;\n  authorizeUrl: string;\n  scopes: string[];\n  pendingRemove?: boolean;\n}\n\nexport interface AccessToken extends AbstractToken {\n  accessToken: string;\n  claims: UserClaims;\n  tokenType: string;\n  userinfoUrl: string;\n}\n\nexport interface RefreshToken extends AbstractToken {\n  refreshToken: string;\n  tokenUrl: string;\n  issuer: string;\n}\n\nexport interface IDToken extends AbstractToken {\n  idToken: string;\n  claims: UserClaims;\n  issuer: string;\n  clientId: string;\n}\n\nexport type Token = AccessToken | IDToken | RefreshToken;\nexport type RevocableToken = AccessToken | RefreshToken;\n\nexport type TokenType = 'accessToken' | 'idToken' | 'refreshToken';\nexport enum TokenKind {\n  ACCESS = 'accessToken',\n  ID = 'idToken',\n  REFRESH = 'refreshToken',\n}\n\nexport function isToken(obj: any): obj is Token {\n  if (obj &&\n      (obj.accessToken || obj.idToken || obj.refreshToken) &&\n      Array.isArray(obj.scopes)) {\n    return true;\n  }\n  return false;\n}\n\nexport function isAccessToken(obj: any): obj is AccessToken {\n  return obj && obj.accessToken;\n}\n\nexport function isIDToken(obj: any): obj is IDToken {\n  return obj && obj.idToken;\n}\n\nexport function isRefreshToken(obj: any): obj is RefreshToken {\n  return obj && obj.refreshToken;\n}\n\nexport interface Tokens {\n  accessToken?: AccessToken;\n  idToken?: IDToken;\n  refreshToken?: RefreshToken;\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, IdxTransactionMeta, IdxTransactionMetaOptions } from './types';\nimport { removeNils, warn } from '../util';\nimport { createOAuthMeta, PKCETransactionMeta } from '../oidc';\n\n// Calculate new values\nexport async function createTransactionMeta(\n  authClient: OktaAuthIdxInterface,\n  options: IdxTransactionMetaOptions = {}\n): Promise<IdxTransactionMeta> {\n  const tokenParams = await authClient.token.prepareTokenParams(options);\n  const pkceMeta = createOAuthMeta(authClient, tokenParams) as PKCETransactionMeta;\n  let {\n    flow = 'default',\n    withCredentials = true,\n    activationToken = undefined,\n    recoveryToken = undefined,\n    maxAge = undefined,\n    acrValues = undefined,\n  } = { ...authClient.options, ...options }; // local options override SDK options\n\n  const meta: IdxTransactionMeta = {\n    ...pkceMeta,\n    flow,\n    withCredentials,\n    activationToken,\n    recoveryToken,\n    maxAge,\n    acrValues\n  };\n  return meta;\n}\n\nexport function hasSavedInteractionHandle(\n  authClient: OktaAuthIdxInterface,\n  options?: IdxTransactionMetaOptions\n): boolean {\n  const savedMeta = getSavedTransactionMeta(authClient, options);\n  if (savedMeta?.interactionHandle) {\n    return true;\n  }\n  return false;\n}\n\n// Returns the saved transaction meta, if it exists and is valid\nexport function getSavedTransactionMeta(\n  authClient: OktaAuthIdxInterface,\n  options?: IdxTransactionMetaOptions\n): IdxTransactionMeta | undefined {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  let savedMeta;\n  try {\n    savedMeta = authClient.transactionManager.load(options) as IdxTransactionMeta;\n  } catch (e) {\n    // ignore errors here\n  }\n\n  if (!savedMeta) {\n    return;\n  }\n\n  if (isTransactionMetaValid(savedMeta, options)) {\n    return savedMeta;\n  }\n\n  // existing meta is not valid for this configuration\n  // this is common when changing configuration in local development environment\n  // in a production environment, this may indicate that two apps are sharing a storage key\n  warn('Saved transaction meta does not match the current configuration. ' + \n    'This may indicate that two apps are sharing a storage key.');\n\n}\n\nexport async function getTransactionMeta(\n  authClient: OktaAuthIdxInterface,\n  options?: IdxTransactionMetaOptions\n): Promise<IdxTransactionMeta> {\n  options = removeNils(options);\n  options = { ...authClient.options, ...options }; // local options override SDK options\n  // Load existing transaction meta from storage\n  const validExistingMeta = getSavedTransactionMeta(authClient, options);\n  if (validExistingMeta) {\n    return validExistingMeta;\n  }\n  // No existing? Create new transaction meta.\n  return createTransactionMeta(authClient, options);\n}\n\nexport function saveTransactionMeta (authClient: OktaAuthIdxInterface, meta): void {\n  authClient.transactionManager.save(meta, { muteWarning: true });\n}\n\nexport function clearTransactionMeta (authClient: OktaAuthIdxInterface): void {\n  authClient.transactionManager.clear();\n}\n\nexport function isTransactionMetaValid (meta, options: IdxTransactionMetaOptions  = {}): boolean {\n  // Validate against certain options. If these exist in options, they must match in meta\n  const keys = [\n    'issuer',\n    'clientId',\n    'redirectUri',\n    'state',\n    'codeChallenge',\n    'codeChallengeMethod',\n    'activationToken',\n    'recoveryToken'\n  ];\n  if (isTransactionMetaValidForOptions(meta, options, keys) === false) {\n    return false;\n  }\n\n  // Validate configured flow\n  const { flow } = options;\n  if (isTransactionMetaValidForFlow(meta, flow) === false) {\n    return false;\n  }\n\n  return true;\n}\n\nexport function isTransactionMetaValidForFlow(meta, flow) {\n  // Specific flows should not share transaction data\n  const shouldValidateFlow = flow && flow !== 'default' && flow !== 'proceed';\n  if (shouldValidateFlow) {\n    if (flow !== meta.flow) {\n      // The flow has changed; abandon the old transaction\n      return false;\n    }\n  }\n  return true;\n}\n\nexport function isTransactionMetaValidForOptions(meta, options, keys) {\n  // returns false if values in meta do not match options\n  // if the option does not have a value for a specific key, it is ignored\n  const mismatch = keys.some(key => {\n    const value = options[key];\n    if (value && value !== meta[key]) {\n      return true;\n    }\n  });\n  return !mismatch;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport function isString(obj: any): obj is string {\n  return Object.prototype.toString.call(obj) === '[object String]';\n}\n\nexport function isObject(obj: any): obj is object {\n  return Object.prototype.toString.call(obj) === '[object Object]';\n}\n\nexport function isNumber(obj: any): obj is number {\n  return Object.prototype.toString.call(obj) === '[object Number]';\n}\n\nexport function isFunction(fn: any): fn is (...any: any[]) => any {\n  return !!fn && {}.toString.call(fn) === '[object Function]';\n}\n\nexport function isPromise(obj) {\n  return obj && obj.finally && (typeof obj.finally === 'function');\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport const STATE_TOKEN_KEY_NAME = 'oktaStateToken';\nexport const DEFAULT_POLLING_DELAY = 500;\nexport const DEFAULT_MAX_CLOCK_SKEW = 300;\nexport const DEFAULT_CACHE_DURATION = 86400;\nexport const TOKEN_STORAGE_NAME = 'okta-token-storage';\nexport const CACHE_STORAGE_NAME = 'okta-cache-storage';\nexport const PKCE_STORAGE_NAME = 'okta-pkce-storage';\nexport const TRANSACTION_STORAGE_NAME = 'okta-transaction-storage';\nexport const SHARED_TRANSACTION_STORAGE_NAME = 'okta-shared-transaction-storage';\nexport const ORIGINAL_URI_STORAGE_NAME = 'okta-original-uri-storage';\nexport const IDX_RESPONSE_STORAGE_NAME = 'okta-idx-response-storage';\nexport const ACCESS_TOKEN_STORAGE_KEY = 'accessToken';\nexport const ID_TOKEN_STORAGE_KEY =  'idToken';\nexport const REFRESH_TOKEN_STORAGE_KEY =  'refreshToken';\nexport const REFERRER_PATH_STORAGE_KEY = 'referrerPath';\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nexport const MIN_VERIFIER_LENGTH = 43;\nexport const MAX_VERIFIER_LENGTH = 128;\nexport const DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nexport const IDX_API_VERSION = '1.0.0';","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\nimport { HttpResponse } from '../http/types';\nimport { APIError, FieldError } from './types';\n\nexport default class AuthApiError extends CustomError implements APIError {\n  errorSummary: string;\n  errorCode?: string;\n  errorLink?: string;\n  errorId?: string;\n  errorCauses?: Array<FieldError>;\n  xhr?: HttpResponse;\n  meta?: Record<string, string | number>;\n\n  constructor(err: APIError, xhr?: HttpResponse, meta?: Record<string, string | number>) {\n    const message = err.errorSummary;\n    super(message);\n\n    this.name = 'AuthApiError';\n    this.errorSummary = err.errorSummary;\n    this.errorCode = err.errorCode;\n    this.errorLink = err.errorLink;\n    this.errorId = err.errorId;\n    this.errorCauses = err.errorCauses;\n\n    if (xhr) {\n      this.xhr = xhr;\n    }\n\n    if (meta) {\n      this.meta = meta;\n    }\n  }\n}\n","/* eslint-disable camelcase */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\n\nexport default class OAuthError extends CustomError {\n  errorCode: string;\n  errorSummary: string;\n\n  // for widget / idx-js backward compatibility\n  error: string;\n  error_description: string;\n\n  constructor(errorCode: string, summary: string) {\n    super(summary);\n\n    this.name = 'OAuthError';\n    this.errorCode = errorCode;\n    this.errorSummary = summary;\n\n    // for widget / idx-js backward compatibility\n    this.error = errorCode;\n    this.error_description = summary;\n  }\n}\n\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nimport { isString, clone, isAbsoluteUrl, removeNils } from '../util';\nimport { STATE_TOKEN_KEY_NAME, DEFAULT_CACHE_DURATION } from '../constants';\nimport {\n  OktaAuthHttpInterface,\n  RequestOptions,\n  FetchOptions,\n  RequestData,\n  HttpResponse\n} from './types';\nimport { AuthApiError, OAuthError, AuthSdkError, APIError } from '../errors';\n\ntype InsufficientAuthenticationError = {\n  error: string;\n  // eslint-disable-next-line camelcase\n  error_description: string;\n  // eslint-disable-next-line camelcase\n  max_age: string;\n  // eslint-disable-next-line camelcase\n  acr_values: string;\n};\n\nconst parseInsufficientAuthenticationError = (\n  header: string\n): InsufficientAuthenticationError => {\n  if (!header) {\n    throw new AuthSdkError('Missing header string');\n  }\n\n  return header\n    .split(',')\n    .map(part => part.trim())\n    .map(part => part.split('='))\n    .reduce((acc, curr) => {\n      // unwrap quotes from value\n      acc[curr[0]] = curr[1].replace(/^\"(.*)\"$/, '$1');\n      return acc;\n    }, {}) as InsufficientAuthenticationError;\n};\n\nconst formatError = (sdk: OktaAuthHttpInterface, resp: HttpResponse): AuthApiError | OAuthError => {\n  let err: AuthApiError | OAuthError;\n  let serverErr: Record<string, any> = {};\n  if (resp.responseText && isString(resp.responseText)) {\n    try {\n      serverErr = JSON.parse(resp.responseText);\n    } catch (e) {\n      serverErr = {\n        errorSummary: 'Unknown error'\n      };\n    }\n  }\n\n  if (resp.status >= 500) {\n    serverErr.errorSummary = 'Unknown error';\n  }\n\n  if (sdk.options.transformErrorXHR) {\n    resp = sdk.options.transformErrorXHR(clone(resp));\n  }\n\n  if (serverErr.error && serverErr.error_description) {\n    err = new OAuthError(serverErr.error, serverErr.error_description);\n  } else {\n    err = new AuthApiError(serverErr as APIError, resp);\n  }\n\n  if (resp?.status === 403 && !!resp?.headers?.['www-authenticate']) {\n    const { \n      error, \n      // eslint-disable-next-line camelcase\n      error_description,\n      // eslint-disable-next-line camelcase\n      max_age,\n      // eslint-disable-next-line camelcase\n      acr_values \n    } = parseInsufficientAuthenticationError(resp?.headers?.['www-authenticate']);\n    if (error === 'insufficient_authentication_context') {\n      err = new AuthApiError(\n        { \n          errorSummary: error,\n          // eslint-disable-next-line camelcase\n          errorCauses: [{ errorSummary: error_description }]\n        }, \n        resp, \n        {\n          // eslint-disable-next-line camelcase\n          max_age: +max_age,\n          // eslint-disable-next-line camelcase\n          ...(acr_values && { acr_values })\n        }\n      );\n    }\n  }\n\n  return err;\n};\n\nexport function httpRequest(sdk: OktaAuthHttpInterface, options: RequestOptions): Promise<any> {\n  options = options || {};\n\n  if (sdk.options.httpRequestInterceptors) {\n    for (const interceptor of sdk.options.httpRequestInterceptors) {\n      interceptor(options);\n    }\n  }\n\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials === true, // default value is false\n      storageUtil = sdk.options.storageUtil,\n      storage = storageUtil!.storage,\n      httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url as string];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var oktaUserAgentHeader = sdk._oktaUserAgent.getHttpHeader();\n  var headers: HeadersInit = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    ...oktaUserAgentHeader\n  };\n  Object.assign(headers, sdk.options.headers, options.headers);\n  headers = removeNils(headers) as HeadersInit;\n\n  if (accessToken && isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions: FetchOptions = {\n    headers,\n    data: args || undefined,\n    withCredentials\n  };\n\n  var err, res;\n  return sdk.options.httpRequestClient!(method!, url!, ajaxOptions)\n    .then(function(resp) {\n      res = resp.responseText;\n      if (res && isString(res)) {\n        res = JSON.parse(res);\n        if (res && typeof res === 'object' && !res.headers) {\n          if (Array.isArray(res)) {\n            res.forEach(item => {\n              item.headers = resp.headers;\n            });\n          } else {\n            res.headers = resp.headers;\n          }\n        }\n      }\n\n      if (saveAuthnState) {\n        if (!res.stateToken) {\n          storage.delete(STATE_TOKEN_KEY_NAME);\n        }\n      }\n\n      if (res && res.stateToken && res.expiresAt) {\n        storage.set(STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies!);\n      }\n\n      if (res && options.cacheResponse) {\n        httpCache.updateStorage(url!, {\n          expiresAt: Math.floor(Date.now()/1000) + DEFAULT_CACHE_DURATION,\n          response: res\n        });\n      }\n      \n      return res;\n    })\n    .catch(function(resp) {\n      err = formatError(sdk, resp);\n\n      if (err.errorCode === 'E0000011') {\n        storage.delete(STATE_TOKEN_KEY_NAME);\n      }\n\n      throw err;\n    });\n}\n\nexport function get(sdk: OktaAuthHttpInterface, url: string, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  Object.assign(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nexport function post(sdk: OktaAuthHttpInterface, url: string, args?: RequestData, options?: RequestOptions) {\n  url = isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  Object.assign(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* eslint complexity:[0,8] */\nimport { OktaAuthIdxInterface, IdxTransactionMeta, InteractOptions, InteractResponse } from './types';\nimport { getSavedTransactionMeta, saveTransactionMeta, createTransactionMeta } from './transactionMeta';\nimport { getOAuthBaseUrl } from '../oidc';\nimport { removeNils } from '../util';\nimport { httpRequest } from '../http';\n\n\n/* eslint-disable camelcase */\nexport interface InteractParams {\n  client_id: string;\n  scope: string;\n  redirect_uri: string;\n  code_challenge: string;\n  code_challenge_method: string;\n  state: string;\n  activation_token?: string;\n  recovery_token?: string;\n  client_secret?: string;\n  max_age?: string | number;\n  acr_values?: string;\n  nonce?: string;\n}\n/* eslint-enable camelcase */\n\nfunction getResponse(meta: IdxTransactionMeta): InteractResponse {\n  return {\n    meta,\n    interactionHandle: meta.interactionHandle!,\n    state: meta.state\n  };\n}\n\n// Begin or resume a transaction. Returns an interaction handle\nexport async function interact (\n  authClient: OktaAuthIdxInterface, \n  options: InteractOptions = {}\n): Promise<InteractResponse> {\n  options = removeNils(options);\n\n  let meta = getSavedTransactionMeta(authClient, options);\n  // If meta exists, it has been validated against all options\n\n  if (meta?.interactionHandle) {\n    return getResponse(meta); // Saved transaction, return meta\n  }\n\n  // Create new meta, respecting previous meta if it has been set and is not overridden\n  meta = await createTransactionMeta(authClient, { ...meta, ...options });\n  const baseUrl = getOAuthBaseUrl(authClient);\n  let {\n    clientId,\n    redirectUri,\n    state,\n    scopes,\n    withCredentials,\n    codeChallenge,\n    codeChallengeMethod,\n    activationToken,\n    recoveryToken,\n    maxAge,\n    acrValues,\n    nonce\n  } = meta as IdxTransactionMeta;\n  const clientSecret = options.clientSecret || authClient.options.clientSecret;\n  withCredentials = withCredentials ?? true;\n\n  /* eslint-disable camelcase */\n  const url = `${baseUrl}/v1/interact`;\n  const params = {\n    client_id: clientId,\n    scope: scopes!.join(' '),\n    redirect_uri: redirectUri,\n    code_challenge: codeChallenge,\n    code_challenge_method: codeChallengeMethod,\n    state,\n    ...(activationToken && { activation_token: activationToken }),\n    ...(recoveryToken && { recovery_token: recoveryToken }),\n    // X-Device-Token header need to pair with `client_secret`\n    // eslint-disable-next-line max-len\n    // https://oktawiki.atlassian.net/wiki/spaces/eng/pages/2445902453/Support+Device+Binding+in+interact#Scenario-1%3A-Non-User-Agent-with-Confidential-Client-(top-priority)\n    ...(clientSecret && { client_secret: clientSecret }),\n    ...(maxAge && { max_age: maxAge }),\n    ...(acrValues && { acr_values: acrValues }),\n    ...(nonce && { nonce }),\n  } as InteractParams;\n  /* eslint-enable camelcase */\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded',\n  };\n\n  const resp = await httpRequest(authClient, {\n    method: 'POST',\n    url,\n    headers,\n    withCredentials,\n    args: params\n  });\n  const interactionHandle = resp.interaction_handle;\n\n  const newMeta = {\n    ...meta,\n    interactionHandle,\n    \n    // Options which can be passed into interact() should be saved in the meta\n    withCredentials,\n    state,\n    scopes,\n    recoveryToken,\n    activationToken\n  };\n  // Save transaction meta so it can be resumed\n  saveTransactionMeta(authClient, newMeta);\n\n  return getResponse(newMeta);\n}\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nconst isFieldMutable = function isFieldMutable(field) {\n  // mutable defaults to true, annoyingly\n  return ( field.mutable !== false );\n};\n\nconst divideSingleActionParamsByMutability = function divideSingleActionParamsByMutability( action ) {\n  const defaultParamsForAction = {}; // mutable and present\n  const neededParamsForAction = []; // mutable values\n  const immutableParamsForAction = {}; // immutable\n  // TODO: remove assumption that form names are unique, neededParams being an array is a temp fix\n  // not all actions have value (e.g. redirect)\n  // making sure they are not empty and instead hold the remediation object\n  if (!action.value) {\n    neededParamsForAction.push(action);\n    return { defaultParamsForAction, neededParamsForAction, immutableParamsForAction };\n  }\n\n  for ( let field of action.value ) {\n\n    if ( isFieldMutable( field ) ) {\n\n      neededParamsForAction.push(field);\n\n      if ( field.value ?? false ) {\n        defaultParamsForAction[field.name] = field.value;\n      }\n\n    } else {\n      immutableParamsForAction[field.name] = field.value ?? '';\n    }\n  }\n  return { defaultParamsForAction, neededParamsForAction, immutableParamsForAction };\n};\n\nexport const divideActionParamsByMutability = function divideActionParamsByMutability( actionList ) {\n  // TODO: when removing form name is unique assumption, this may all be redundant\n  actionList = Array.isArray(actionList) ? actionList : [ actionList ];\n  const neededParams = [];\n  const defaultParams = {};\n  const immutableParams = {};\n\n  for ( let action of actionList ) {\n    const { \n      defaultParamsForAction, \n      neededParamsForAction, \n      immutableParamsForAction \n    } = divideSingleActionParamsByMutability(action);\n    neededParams.push(neededParamsForAction);\n    defaultParams[action.name] = defaultParamsForAction;\n    immutableParams[action.name] = immutableParamsForAction;\n  }\n\n  return { defaultParams, neededParams, immutableParams };\n};\n\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len, complexity */\nimport { httpRequest } from '../../../http';\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport { IdxActionFunction, IdxActionParams, IdxResponse, IdxToPersist } from '../../types/idx-js';\nimport { divideActionParamsByMutability } from './actionParser';\nimport AuthApiError from '../../../errors/AuthApiError';\n\nconst generateDirectFetch = function generateDirectFetch(authClient: OktaAuthIdxInterface, { \n  actionDefinition, \n  defaultParamsForAction = {}, \n  immutableParamsForAction = {}, \n  toPersist = {} as IdxToPersist\n}): IdxActionFunction {\n  const target = actionDefinition.href;\n  return async function(params: IdxActionParams = {}): Promise<IdxResponse> {\n    const headers = {\n      'Content-Type': 'application/json',\n      'Accept': actionDefinition.accepts || 'application/ion+json',\n    };\n    const body = JSON.stringify({\n      ...defaultParamsForAction,\n      ...params,\n      ...immutableParamsForAction\n    });\n\n    try {\n      const response = await httpRequest(authClient, {\n        url: target,\n        method: actionDefinition.method,\n        headers,\n        args: body,\n        withCredentials: toPersist?.withCredentials ?? true\n      });\n\n      return authClient.idx.makeIdxResponse({ ...response }, toPersist, true);\n    }\n    catch (err) {\n      if (!(err instanceof AuthApiError) || !err?.xhr) {\n        throw err;\n      }\n\n      const response = err.xhr;\n      const payload = response.responseJSON || JSON.parse(response.responseText);\n      const wwwAuthHeader = response.headers['WWW-Authenticate'] || response.headers['www-authenticate'];\n\n      const idxResponse = authClient.idx.makeIdxResponse({ ...payload }, toPersist, false);\n      if (response.status === 401 && wwwAuthHeader === 'Oktadevicejwt realm=\"Okta Device\"') {\n        // Okta server responds 401 status code with WWW-Authenticate header and new remediation\n        // so that the iOS/MacOS credential SSO extension (Okta Verify) can intercept\n        // the response reaches here when Okta Verify is not installed\n        // set `stepUp` to true if flow should be continued without showing any errors\n        idxResponse.stepUp = true;\n      }\n\n      return idxResponse;\n    }\n  };\n};\n\n// TODO: Resolve in M2: Either build the final polling solution or remove this code\n// const generatePollingFetch = function generatePollingFetch( { actionDefinition, defaultParamsForAction = {}, immutableParamsForAction = {} } ) {\n//   // TODO: Discussions ongoing about when/how to terminate polling: OKTA-246581\n//   const target = actionDefinition.href;\n//   return async function(params) {\n//     return fetch(target, {\n//       method: actionDefinition.method,\n//       headers: {\n//         'content-type': actionDefinition.accepts,\n//       },\n//       body: JSON.stringify({ ...defaultParamsForAction, ...params, ...immutableParamsForAction })\n//     })\n//       .then( response => response.ok ? response.json() : response.json().then( err => Promise.reject(err)) )\n//       .then( idxResponse => makeIdxState(authClient, idxResponse) );\n//   };\n// };\n\nconst generateIdxAction = function generateIdxAction( authClient: OktaAuthIdxInterface, actionDefinition, toPersist ): IdxActionFunction {\n  // TODO: leaving this here to see where the polling is EXPECTED to drop into the code, but removing any accidental trigger of incomplete code\n  // const generator =  actionDefinition.refresh ? generatePollingFetch : generateDirectFetch;\n  const generator = generateDirectFetch;\n  const { defaultParams, neededParams, immutableParams } = divideActionParamsByMutability( actionDefinition );\n\n  const action = generator(authClient, {\n    actionDefinition,\n    defaultParamsForAction: defaultParams[actionDefinition.name],\n    immutableParamsForAction: immutableParams[actionDefinition.name],\n    toPersist\n  });\n  action.neededParams = neededParams;\n  return action;\n};\n\nexport default generateIdxAction;\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable max-len */\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport { generateRemediationFunctions } from './remediationParser';\nimport generateIdxAction from './generateIdxAction';\nimport { jsonpath } from '../../../util/jsonpath';\nimport { AuthSdkError } from '../../../errors';\n\nconst SKIP_FIELDS = Object.fromEntries([\n  'remediation', // remediations are put into proceed/neededToProceed\n  'context', // the API response of 'context' isn't externally useful.  We ignore it and put all non-action (contextual) info into idxState.context\n].map( (field) => [ field, !!'skip this field' ] ));\n\nexport const parseNonRemediations = function parseNonRemediations( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ) {\n  const actions = {};\n  const context = {};\n\n  Object.keys(idxResponse)\n    .filter( field => !SKIP_FIELDS[field])\n    .forEach( field => {\n      const fieldIsObject = typeof idxResponse[field] === 'object' && !!idxResponse[field];\n\n      if ( !fieldIsObject ) {\n        // simple fields are contextual info\n        context[field] = idxResponse[field];\n        return;\n      }\n\n      if ( idxResponse[field].rel ) {\n        // top level actions\n        actions[idxResponse[field].name] = generateIdxAction(authClient, idxResponse[field], toPersist);\n        return;\n      }\n\n      const { value: fieldValue, type, ...info} = idxResponse[field];\n      context[field] = { type, ...info}; // add the non-action parts as context\n\n      if ( type !== 'object' ) {\n        // only object values hold actions\n        context[field].value = fieldValue;\n        return;\n      }\n\n      // We are an object field containing an object value\n      context[field].value = {};\n      Object.entries(fieldValue)\n        .forEach( ([subField, value]) => {\n          if (value.rel) { // is [field].value[subField] an action?\n            // add any \"action\" value subfields to actions\n            actions[`${field}-${subField.name || subField}`] = generateIdxAction(authClient, value, toPersist);\n          } else {\n            // add non-action value subfields to context\n            context[field].value[subField] = value;\n          }\n        });\n    });\n\n  return { context, actions };\n};\n\nconst expandRelatesTo = (idxResponse, value) => {\n  Object.keys(value).forEach(k => {\n    if (k === 'relatesTo') {\n      const query = Array.isArray(value[k]) ? value[k][0] : value[k];\n      if (typeof query === 'string') {\n        const result = jsonpath({ path: query, json: idxResponse })[0];\n        if (result) {\n          value[k] = result;\n          return;\n        } else {\n          throw new AuthSdkError(`Cannot resolve relatesTo: ${query}`);\n        }\n      }\n    }\n    if (Array.isArray(value[k])) {\n      value[k].forEach(innerValue => expandRelatesTo(idxResponse, innerValue));\n    }\n  });\n};\n\nconst convertRemediationAction = (authClient: OktaAuthIdxInterface, remediation, toPersist) => {\n  // Only remediation that has `rel` field (indicator for form submission) can have http action\n  if (remediation.rel) {\n    const remediationActions = generateRemediationFunctions( authClient, [remediation], toPersist );\n    const actionFn = remediationActions[remediation.name];\n    return {\n      ...remediation,\n      action: actionFn,\n    };\n  }\n\n  return remediation;\n};\n\nexport const parseIdxResponse = function parseIdxResponse( authClient: OktaAuthIdxInterface, idxResponse, toPersist = {} ): {\n  remediations: IdxRemediation[];\n  context: IdxContext;\n  actions: IdxActions;\n} {\n  const remediationData = idxResponse.remediation?.value || [];\n\n  remediationData.forEach(\n    remediation => {\n      // TODO: remove once IDX is fixed - OKTA-659181\n      if (remediation.name === 'launch-authenticator' &&\n        remediation?.relatesTo?.[0] === 'authenticatorChallenge' &&\n        !idxResponse?.authenticatorChallenge\n      ) {\n        delete remediation.relatesTo;\n        return;\n      }\n\n      return expandRelatesTo(idxResponse, remediation);\n    }\n  );\n\n  const remediations = remediationData.map(remediation => convertRemediationAction( authClient, remediation, toPersist ));\n\n  const { context, actions } = parseNonRemediations( authClient, idxResponse, toPersist );\n\n  return {\n    remediations,\n    context,\n    actions,\n  };\n};\n","import { JSONPath, JSONPathOptions } from 'jsonpath-plus';\n\nexport function jsonpath(options: JSONPathOptions): any {\n  // eslint-disable-next-line new-cap\n  return JSONPath({\n    // Disable javascript evaluation by default\n\tpreventEval: true, ...options, });\n}\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { OktaAuthIdxInterface } from '../../types';    // auth-js/types\nimport generateIdxAction from './generateIdxAction';\n\nexport const generateRemediationFunctions = function generateRemediationFunctions(\n  authClient: OktaAuthIdxInterface,\n  remediationValue,\n  toPersist = {}\n) {\n  return Object.fromEntries( remediationValue.map( remediation => {\n    return [\n      remediation.name,\n      generateIdxAction(authClient, remediation, toPersist),\n    ];\n  }) );\n};\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-nocheck\nimport { makeIdxState } from './makeIdxState';\n\nexport default {\n  makeIdxState,\n};\n","/*!\n * Copyright (c) 2021-Present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { IdxResponse, IdxToPersist } from '../../types/idx-js';\nimport { OktaAuthIdxInterface, RawIdxResponse } from '../../types';    // auth-js/types\nimport { parseIdxResponse } from './idxResponseParser';\n\nexport function makeIdxState( \n  authClient: OktaAuthIdxInterface,\n  idxResponse: RawIdxResponse,\n  toPersist: IdxToPersist,\n  requestDidSucceed: boolean\n): IdxResponse {\n  const rawIdxResponse =  idxResponse;\n  const { remediations, context, actions } = parseIdxResponse( authClient, idxResponse, toPersist );\n  const neededToProceed = [...remediations];\n\n  const proceed: IdxResponse['proceed'] = async function( remediationChoice, paramsFromUser = {} ) {\n    /*\n    remediationChoice is the name attribute on each form\n    name should remain unique for items inside the remediation that are considered forms(identify, select-factor)\n    name can be duplicate for items like redirect where its not considered a form(redirect)\n    when names are not unique its a redirect to a href, so widget wont POST to idx-js layer.\n    */\n    const remediationChoiceObject = remediations.find((remediation) => remediation.name === remediationChoice);\n    if ( !remediationChoiceObject ) {\n      return Promise.reject(`Unknown remediation choice: [${remediationChoice}]`);\n    }\n\n    const actionFn = remediationChoiceObject.action;\n    if (typeof actionFn !== 'function') {\n      return Promise.reject(`Current remediation cannot make form submit action: [${remediationChoice}]`);\n    }\n\n    return remediationChoiceObject.action(paramsFromUser);\n  };\n\n  const findCode = item => item.name === 'interaction_code';\n  const interactionCode = rawIdxResponse.successWithInteractionCode?.value?.find( findCode )?.value as string;\n\n  return {\n    proceed,\n    neededToProceed,\n    actions,\n    context,\n    rawIdxState: rawIdxResponse,\n    interactionCode,\n    toPersist,\n    requestDidSucceed,\n  };\n}\n","import { OktaAuthIdxInterface } from '../types';    // auth-js/types\nimport { IdxResponse, IdxToPersist, RawIdxResponse } from '../types/idx-js';      // idx/types\nimport { IDX_API_VERSION } from '../../constants';\nimport v1 from './v1/parsers';\n\n\nexport const parsersForVersion = function parsersForVersion( version ) {\n  switch (version) {\n    case '1.0.0':\n      return v1;\n    case undefined:\n    case null:\n      throw new Error('Api version is required');\n    default:\n      throw new Error(`Unknown api version: ${version}.  Use an exact semver version.`);\n  }\n};\n\nexport function validateVersionConfig(version) {\n  if ( !version ) {\n    throw new Error('version is required');\n  }\n\n  const cleanVersion = (version ?? '').replace(/[^0-9a-zA-Z._-]/, '');\n  if ( cleanVersion !== version || !version ) {\n    throw new Error('invalid version supplied - version is required and uses semver syntax');\n  }\n\n  parsersForVersion(version); // will throw for invalid version\n}\n\nexport function makeIdxState ( \n  authClient: OktaAuthIdxInterface,\n  rawIdxResponse: RawIdxResponse,\n  toPersist: IdxToPersist,\n  requestDidSucceed: boolean,\n): IdxResponse {\n  const version = rawIdxResponse?.version ?? IDX_API_VERSION;\n  validateVersionConfig(version);\n  \n  const { makeIdxState } = parsersForVersion(version);\n  return makeIdxState(authClient, rawIdxResponse, toPersist, requestDidSucceed);\n}\n","/* eslint-disable no-use-before-define */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Input } from './api';\n\n\n// TODO: remove when idx-js provides type information\n\nexport interface ChallengeData {\n  challenge: string; \n  userVerification: string; \n  extensions?: {\n    appid: string;\n  };\n}\nexport interface ActivationData {\n  challenge: string;\n  rp: {\n    name: string;\n  };\n  user: {\n    id: string;\n    name: string;\n    displayName: string;\n  };\n  pubKeyCredParams: {\n    type: string;\n    alg: number;\n  }[];\n  attestation?: string;\n  authenticatorSelection?: {\n    userVerification?: string;\n    authenticatorAttachment?: string;\n    requireResidentKey?: boolean;\n    residentKey?: string;\n  };\n  excludeCredentials?: {\n    id: string;\n    type: string;\n  }[];\n}\nexport interface IdxAuthenticatorMethod {\n  type: string;\n}\nexport interface IdxAuthenticator {\n  displayName: string;\n  id: string;\n  key: string;\n  methods: IdxAuthenticatorMethod[];\n  type: string;\n  settings?: {\n    complexity?: unknown;\n    age?: unknown;\n  };\n  contextualData?: {\n    enrolledQuestion?: {\n      question: string;\n      questionKey: string;\n    };\n    qrcode?: { \n      href: string; \n      method: string; \n      type: string; \n    };\n    sharedSecret?: string;\n    questions?: {\n      questionKey: string;\n      question: string;\n    }[];\n    questionKeys?: string[];\n    selectedChannel?: string;\n    activationData?: ActivationData;\n    challengeData?: ChallengeData;\n  };\n  credentialId?: string;\n  enrollmentId?: string;\n  profile?: Record<string, unknown>;\n  resend?: Record<string, unknown>;\n  poll?: Record<string, unknown>;\n  recover?: Record<string, unknown>;\n  deviceKnown?: boolean;\n}\n\nexport interface IdxForm {\n  value: IdxRemediationValue[];\n}\n\nexport interface IdxOption {\n  value: string | {form: IdxForm} | Input[];\n  label: string;\n  relatesTo?: IdxAuthenticator;\n}\n\nexport interface IdpConfig {\n  id: string;\n  name: string;\n}\n\nexport interface IdxRemediationValueForm {\n  form: IdxForm;\n}\n\nexport interface IdxRemediationValue {\n  name: string;\n  type?: string;\n  required?: boolean;\n  secret?: boolean;\n  visible?: boolean;\n  mutable?: boolean;\n  value?: string | IdxRemediationValueForm;\n  label?: string;\n  form?: IdxForm;\n  options?: IdxOption[];\n  messages?: IdxMessages;\n  minLength?: number;\n  maxLength?: number;\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n}\n\nexport interface IdxRemediation {\n  name: string;\n  label?: string;\n  value?: IdxRemediationValue[];\n  relatesTo?: {\n    type?: string;\n    value: IdxAuthenticator;\n  };\n  idp?: IdpConfig;\n  href?: string;\n  method?: string;\n  type?: string;\n  accepts?: string;\n  produces?: string;\n  refresh?: number;\n  rel?: string[];\n  action?: (payload?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxContext {\n  version: string;\n  stateHandle: string;\n  expiresAt: string;\n  intent: string;\n  currentAuthenticator: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  currentAuthenticatorEnrollment: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  authenticators: {\n    type: string;\n    value: IdxAuthenticator[];\n  };\n  authenticatorEnrollments: {\n    type: string;\n    value: IdxAuthenticator[];\n  };\n  enrollmentAuthenticator: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  user?: {\n    type: string;\n    value: Record<string, unknown>;\n  };\n  uiDisplay?: IdxContextUIDisplay\n  app: {\n    type: string;\n    value: Record<string, unknown>;\n  };\n  messages?: IdxMessages;\n  success?: IdxRemediation;\n  failure?: IdxRemediation;\n}\n\nexport interface IdxContextUIDisplay {\n  type: string;\n  value: {\n    label?: string;\n    buttonLabel?: string;\n  }\n}\n\nexport interface IdxMessage {\n  message: string;\n  class: string;\n  i18n: {\n    key: string;\n    params?: unknown[];\n  };\n}\n\nexport interface IdxMessages {\n  type: 'array';\n  value: IdxMessage[];\n}\n\n// JSON response from the server\nexport interface RawIdxResponse {\n  version: string;\n  stateHandle: string;\n  intent?: string;\n  expiresAt?: string;\n  remediation?: {\n    type: 'array';\n    value: IdxRemediation[];\n  };\n  messages?: IdxMessages;\n  success?: boolean;\n  successWithInteractionCode?: IdxRemediation;\n  currentAuthenticator?: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n  currentAuthenticatorEnrollment?: {\n    type: string;\n    value: IdxAuthenticator;\n  };\n}\n\nexport function isRawIdxResponse(obj: any): obj is RawIdxResponse {\n  return obj && obj.version;\n}\n\nexport interface IdxActionParams {\n  [key: string]: string | boolean | number | object;\n}\n\nexport interface IdxActions {\n  [key: string]: (params?: IdxActionParams) => Promise<IdxResponse>;\n}\n\nexport interface IdxToPersist {\n  interactionHandle?: string;\n  withCredentials?: boolean;\n}\n\nexport interface IdxActionFunction {\n  (params: IdxActionParams): Promise<IdxResponse>;\n  neededParams?: Array<Array<IdxRemediationValue>>;\n}\n\nexport interface IdxResponse {\n  proceed: (remediationName: string, params: unknown) => Promise<IdxResponse>;\n  neededToProceed: IdxRemediation[];\n  rawIdxState: RawIdxResponse;\n  interactionCode?: string;\n  actions: IdxActions;\n  toPersist: IdxToPersist;\n  context?: IdxContext;\n  requestDidSucceed?: boolean;\n  stepUp?: boolean;\n}\n\nexport function isIdxResponse(obj: any): obj is IdxResponse {\n  return obj && isRawIdxResponse(obj.rawIdxState);\n}\n","\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport AuthApiError from './AuthApiError';\nimport AuthPollStopError from './AuthPollStopError';\nimport AuthSdkError from './AuthSdkError';\nimport OAuthError from './OAuthError';\n\nfunction isAuthApiError(obj: any): obj is AuthApiError {\n  return (obj instanceof AuthApiError);\n}\n\nfunction isOAuthError(obj: any): obj is OAuthError {\n  return (obj instanceof OAuthError);\n}\n\nexport {\n  isAuthApiError,\n  isOAuthError,\n  AuthApiError,\n  AuthPollStopError,\n  AuthSdkError,\n  OAuthError\n};\n\nexport * from './types';\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { makeIdxState, validateVersionConfig } from './idxState';\nimport { IntrospectOptions, OktaAuthIdxInterface } from './types';\nimport { IdxResponse, isRawIdxResponse } from './types/idx-js';\nimport { getOAuthDomain } from '../oidc';\nimport { IDX_API_VERSION } from '../constants';\nimport { httpRequest } from '../http';\nimport { isAuthApiError } from '../errors';\n\nexport async function introspect (\n  authClient: OktaAuthIdxInterface, \n  options: IntrospectOptions = {}\n): Promise<IdxResponse> {\n  let rawIdxResponse;\n  let requestDidSucceed;\n\n  // try load from storage first\n  const savedIdxResponse = authClient.transactionManager.loadIdxResponse(options);\n  if (savedIdxResponse) {\n    rawIdxResponse = savedIdxResponse.rawIdxResponse;\n    requestDidSucceed = savedIdxResponse.requestDidSucceed;\n  }\n\n  // call idx.introspect if no existing idx response available in storage\n  if (!rawIdxResponse) {\n    const version = options.version || IDX_API_VERSION;\n    const domain = getOAuthDomain(authClient);\n    const { interactionHandle, stateHandle } = options;\n    const withCredentials = options.withCredentials ?? true;\n    try {\n      requestDidSucceed = true;\n      validateVersionConfig(version);\n      const url = `${domain}/idp/idx/introspect`;\n      const body = stateHandle ? { stateToken: stateHandle } : { interactionHandle };\n      const headers = {\n        'Content-Type': `application/ion+json; okta-version=${version}`, // Server wants this version info\n        Accept: `application/ion+json; okta-version=${version}`,\n      };\n      rawIdxResponse = await httpRequest(authClient, {\n        method: 'POST',\n        url,\n        headers,\n        withCredentials,\n        args: body\n      });\n    } catch (err) {\n      if (isAuthApiError(err) && err.xhr && isRawIdxResponse(err.xhr.responseJSON)) {\n        rawIdxResponse = err.xhr.responseJSON;\n        requestDidSucceed = false;\n      } else {\n        throw err;\n      }\n    }\n  }\n\n  const { withCredentials } = options;\n  return makeIdxState(authClient, rawIdxResponse, { withCredentials }, requestDidSucceed);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { IdxRemediation, IdxRemediationValue } from '../types/idx-js';\n\nexport function getAllValues(idxRemediation: IdxRemediation) {\n  return idxRemediation.value?.map(r => r.name);\n}\n\nexport function getRequiredValues(idxRemediation: IdxRemediation) {\n  return idxRemediation.value?.reduce((required, cur) => {\n    if (cur.required) {\n      required.push(cur.name as never);\n    }\n    return required;\n  }, []);\n}\n\nexport function titleCase(str: string) {\n  return str.charAt(0).toUpperCase() + str.substring(1);\n}\n\nexport function getAuthenticatorFromRemediation(\n  remediation: IdxRemediation\n): IdxRemediationValue {\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  return remediation.value!.find(({ name }) => name === 'authenticator') as IdxRemediationValue;\n}\n","import { Authenticator, isAuthenticator } from '../types';\n\nexport function formatAuthenticator(incoming: unknown): Authenticator {\n  let authenticator: Authenticator;\n  if  (isAuthenticator(incoming)) {\n    authenticator = incoming;\n  } else if (typeof incoming === 'string') {\n    authenticator = {\n      key: incoming\n    };\n  } else {\n    throw new Error('Invalid format for authenticator');\n  }\n  return authenticator;\n}\n\n// Returns true if the authenticators are equivalent\nexport function compareAuthenticators(auth1, auth2) {\n  if (!auth1 || !auth2) {\n    return false;\n  }\n  // by id\n  if (auth1.id && auth2.id) {\n    return (auth1.id === auth2.id);\n  }\n  // by key\n  if (auth1.key && auth2.key) {\n    return (auth1.key === auth2.key);\n  }\n  return false;\n}\n\n// Find matched authenticator in provided order\nexport function findMatchedOption(authenticators, options) {\n  let option;\n  for (let authenticator of authenticators) {\n    option = options\n      .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n    if (option) {\n      break;\n    }\n  }\n  return option;\n}","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable complexity */\nimport { OktaAuthIdxInterface, NextStep, IdxMessage, Authenticator, Input, RemediateOptions } from '../../types';\nimport { IdxAuthenticator, IdxRemediation, IdxContext } from '../../types/idx-js';\nimport { getAllValues, getRequiredValues, titleCase, getAuthenticatorFromRemediation } from '../util';\nimport { formatAuthenticator, compareAuthenticators } from '../../authenticator/util';\n\n// A map from IDX data values (server spec) to RemediationValues (client spec)\nexport type IdxToRemediationValueMap = Record<string, string[]>;\n\nexport interface RemediationValues {\n  stateHandle?: string;\n  authenticators?: (Authenticator | string)[];\n  authenticator?: string | Authenticator;\n  authenticatorsData?: Authenticator[];\n  resend?: boolean;\n}\n\nexport interface RemediatorConstructor {\n  new<T extends RemediationValues>(\n    remediation: IdxRemediation, \n    values?: T, \n    options?: RemediateOptions\n  ): any;\n}\n\n// Base class - DO NOT expose static remediationName\nexport class Remediator<T extends RemediationValues = RemediationValues> {\n  static remediationName: string;\n\n  remediation: IdxRemediation;\n  values: T;\n  options: RemediateOptions;\n  map?: IdxToRemediationValueMap;\n\n  constructor(\n    remediation: IdxRemediation, \n    values: T = {} as T, \n    options: RemediateOptions = {}\n  ) {\n    // assign fields to the instance\n    this.values = { ...values };\n    this.options = { ...options };\n    this.formatAuthenticators();\n    this.remediation = remediation;\n  }\n\n  private formatAuthenticators() {\n    this.values.authenticators = (this.values.authenticators || []) as Authenticator[];\n\n    // ensure authenticators are in the correct format\n    this.values.authenticators = this.values.authenticators.map(authenticator => {\n      return formatAuthenticator(authenticator);\n    });\n\n    // add authenticator (if any) to \"authenticators\"\n    if (this.values.authenticator) {\n      const authenticator = formatAuthenticator(this.values.authenticator);\n      const hasAuthenticatorInList = this.values.authenticators.some(existing => {\n        return compareAuthenticators(authenticator, existing);\n      });\n      if (!hasAuthenticatorInList) {\n        this.values.authenticators.push(authenticator);\n      }\n    }\n\n    // save non-key meta to \"authenticatorsData\" field\n    // authenticators will be removed after selection to avoid select-authenticator loop\n    this.values.authenticatorsData = this.values.authenticators.reduce((acc, authenticator) => {\n      if (typeof authenticator === 'object' && Object.keys(authenticator).length > 1) {\n        // save authenticator meta into authenticator data\n        acc.push(authenticator);\n      }\n      return acc;\n    }, this.values.authenticatorsData || []);\n  }\n\n  getName(): string {\n    return this.remediation.name;\n  }\n\n  // Override this method to provide custom check\n  /* eslint-disable-next-line no-unused-vars, @typescript-eslint/no-unused-vars */\n  canRemediate(context?: IdxContext): boolean {\n    const required = getRequiredValues(this.remediation);\n    const needed = required!.find((key) => !this.hasData(key));\n    if (needed) {\n      return false; // missing data for a required field\n    }\n    return true; // all required fields have available data\n  }\n\n  // returns an object for the entire remediation form, or just a part\n  getData(key?: string) {\n    if (!key) {\n      let allValues = getAllValues(this.remediation);\n      let res = allValues!.reduce((data, key) => {\n        data[key] = this.getData(key); // recursive\n        return data;\n      }, {});\n      return res;\n    }\n\n    // Map value by \"map${Property}\" function in each subClass\n    if (typeof this[`map${titleCase(key)}`] === 'function') {\n      const val = this[`map${titleCase(key)}`](\n        this.remediation.value!.find(({name}) => name === key)\n      );\n      if (val) {\n        return val;\n      }\n    }\n\n    // If a map is defined for this key, return the first aliased property that returns a truthy value\n    if (this.map && this.map[key]) {\n      const entry = this.map[key];\n      for (let i = 0; i < entry.length; i++) {\n        let val = this.values[entry[i]];\n        if (val) {\n          return val;\n        }\n      }\n    }\n\n    // fallback: return the value by key\n    return this.values[key];\n  }\n\n  hasData(\n    key: string // idx name\n  ): boolean \n  {\n    // no attempt to format, we want simple true/false\n    return !!this.getData(key);\n  }\n\n  getNextStep(_authClient: OktaAuthIdxInterface, _context?: IdxContext): NextStep {\n    const name = this.getName();\n    const inputs = this.getInputs();\n    const authenticator = this.getAuthenticator();\n    // TODO: remove type field in the next major version change\n    // https://oktainc.atlassian.net/browse/OKTA-431749\n    const type = authenticator?.type;\n    return { \n      name, \n      inputs, \n      ...(type && { type }),\n      ...(authenticator && { authenticator }),\n    };\n  }\n\n  // Get inputs for the next step\n  getInputs(): Input[] {\n    const inputs: Input[] = [];\n    const inputsFromRemediation = this.remediation.value || [];\n    inputsFromRemediation.forEach(inputFromRemediation => {\n      let input;\n      let { name, type, visible, messages } = inputFromRemediation;\n      if (visible === false) {\n        return; // Filter out invisible inputs, like stateHandle\n      }\n      if (typeof this[`getInput${titleCase(name)}`] === 'function') {\n        input = this[`getInput${titleCase(name)}`](inputFromRemediation);\n      } else if (type !== 'object') {\n        // handle general primitive types\n        let alias;\n        const aliases = (this.map ? this.map[name] : null) || [];\n        if (aliases.length === 1) {\n          alias = aliases[0];\n        } else {\n          // try find key from values\n          alias = aliases.find(name => Object.keys(this.values).includes(name));\n        }\n        if (alias) {\n          input = { ...inputFromRemediation, name: alias };\n        }\n      }\n      if (!input) {\n        input = inputFromRemediation;\n      }\n      if (Array.isArray(input)) {\n        input.forEach(i => inputs.push(i));\n      } else {\n        // guarantees field-level messages are passed back\n        if (messages) {\n          input.messages = messages;\n        }\n        inputs.push(input);\n      }\n    });\n    return inputs;\n  }\n\n  static getMessages(remediation: IdxRemediation): IdxMessage[] | undefined {\n    if (!remediation.value) {\n      return;\n    }\n    return remediation.value[0]?.form?.value.reduce((messages: IdxMessage[], field) => {\n      if (field.messages) {\n        messages = [...messages, ...field.messages.value];\n      }\n      return messages;\n    }, []);\n  }\n\n  // Prepare values for the next remediation\n  // In general, remove used values from inputs for the current remediation\n  // Override this method if special cases need be handled\n  getValuesAfterProceed(): T {\n    const inputsFromRemediation = this.remediation.value || []; // \"raw\" inputs from server response\n    const inputsFromRemediator = this.getInputs(); // \"aliased\" inputs from SDK remediator\n    const inputs = [\n      ...inputsFromRemediation,\n      ...inputsFromRemediator\n    ];\n    // scrub all values related to this remediation\n    for (const input of inputs) {\n      delete this.values[input.name];\n    }\n    return this.values;\n  }\n\n  protected getAuthenticator(): IdxAuthenticator | undefined {\n    // relatesTo value may be an authenticator or an authenticatorEnrollment\n    const relatesTo = this.remediation.relatesTo?.value;\n    if (!relatesTo) {\n      return;\n    }\n\n    const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n    if (!authenticatorFromRemediation) {\n      // Hopefully value is an authenticator\n      return relatesTo;\n    }\n\n    // If relatesTo is an authenticatorEnrollment, the id is actually the enrollmentId\n    // Let's get the correct authenticator id from the form value\n    const id = authenticatorFromRemediation.form!.value\n      .find(({ name }) => name === 'id')!.value as string;\n    const enrollmentId = authenticatorFromRemediation.form!.value\n      .find(({ name }) => name === 'enrollmentId')?.value as string;\n\n    return {\n      ...relatesTo,\n      id,\n      enrollmentId\n    };\n  }\n}\n","import { IdxAuthenticator, IdxRemediationValue } from '../types/idx-js';\n\n\nexport interface Credentials {\n  [key: string]: string | undefined;\n}\n\nexport abstract class Authenticator<Values> {\n  meta: IdxAuthenticator;\n\n  constructor(authenticator: IdxAuthenticator) {\n    this.meta = authenticator;\n  }\n\n  abstract canVerify(values: Values): boolean;\n\n  abstract mapCredentials(values: Values): Credentials | undefined;\n\n  abstract getInputs(idxRemediationValue: IdxRemediationValue): any; // TODO: add type\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface VerificationCodeValues {\n  verificationCode?: string;\n  otp?: string;\n  credentials?: Credentials;\n}\n\ninterface VerificationCodeCredentials extends Credentials {\n  passcode: string;\n}\n\n// general authenticator to handle \"verificationCode\" input\n// it can be used for \"email\", \"phone\", \"google authenticator\"\n// a new authenticator class should be created if special cases need to be handled\nexport class VerificationCodeAuthenticator extends Authenticator<VerificationCodeValues> {\n  canVerify(values: VerificationCodeValues) {\n    return !!(values.credentials ||values.verificationCode || values.otp);\n  }\n\n  mapCredentials(values): VerificationCodeCredentials | Credentials | undefined {\n    const { credentials, verificationCode, otp } = values;\n    if (!credentials && !verificationCode && !otp) {\n      return;\n    }\n    return credentials || { passcode: verificationCode || otp };\n  }\n\n  getInputs(idxRemediationValue) {\n    return {\n      ...idxRemediationValue.form?.value[0],\n      name: 'verificationCode',\n      type: 'string',\n      required: idxRemediationValue.required\n    };\n  }\n}\n","import { Credentials } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\n\ninterface TotpCredentials extends Credentials {\n  totp: string;\n}\n\nexport class OktaVerifyTotp extends VerificationCodeAuthenticator {\n  mapCredentials(values): TotpCredentials | undefined {\n    const { verificationCode } = values;\n    if (!verificationCode) {\n      return;\n    }\n    return { totp: verificationCode };\n  }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface OktaPasswordInputValues {\n  password?: string;\n  passcode?: string;\n  credentials?: Credentials;\n}\n\nexport class OktaPassword extends Authenticator<OktaPasswordInputValues> {\n  canVerify(values: OktaPasswordInputValues) {\n    return !!(values.credentials || values.password || values.passcode);\n  }\n\n  mapCredentials(values: OktaPasswordInputValues): Credentials | undefined {\n    const { credentials, password, passcode } = values;\n    if (!credentials && !password && !passcode) {\n      return;\n    }\n    return credentials || { passcode: passcode || password };\n  }\n\n  getInputs(idxRemediationValue) {\n    return {\n      ...idxRemediationValue.form?.value[0],\n      name: 'password',\n      type: 'string',\n      required: idxRemediationValue.required\n    };\n  }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionEnrollValues {\n  questionKey?: string;\n  question?: string;\n  answer?: string;\n  credentials?: Credentials;\n}\n\nexport class SecurityQuestionEnrollment extends Authenticator<SecurityQuestionEnrollValues> {\n  canVerify(values: SecurityQuestionEnrollValues) {\n    const { credentials } = values;\n    if (credentials && credentials.questionKey && credentials.answer) {\n      return true;\n    }\n    const { questionKey, question, answer } = values;\n    return !!(questionKey && answer) || !!(question && answer);\n  }\n\n  mapCredentials(values: SecurityQuestionEnrollValues): Credentials | undefined {\n    const { questionKey, question, answer } = values;\n    if (!answer || (!questionKey && !question)) {\n      return;\n    }\n    return {\n      questionKey: question ? 'custom' : questionKey,\n      question,\n      answer\n    };\n  }\n\n  getInputs() {\n    return [\n      { name: 'questionKey', type: 'string', required: true },\n      { name: 'question', type: 'string', label: 'Create a security question' },\n      { name: 'answer', type: 'string', label: 'Answer', required: true },\n    ];\n  }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { Authenticator, Credentials } from './Authenticator';\n\nexport interface SecurityQuestionVerificationValues {\n  answer?: string;\n  credentials?: Credentials;\n}\n\nexport class SecurityQuestionVerification extends Authenticator<SecurityQuestionVerificationValues> {\n  canVerify(values: SecurityQuestionVerificationValues) {\n    const { credentials } = values;\n    if (credentials && credentials.answer) {\n      return true;\n    }\n    const { answer } = values;\n    return !!answer;\n  }\n\n  mapCredentials(values: SecurityQuestionVerificationValues): Credentials | undefined {\n    const { answer } = values;\n    if (!answer) {\n      return;\n    }\n    return {\n      questionKey: this.meta.contextualData!.enrolledQuestion!.questionKey,\n      answer\n    };\n  }\n\n  getInputs() {\n    return [\n      { name: 'answer', type: 'string', label: 'Answer', required: true }\n    ];\n  }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnEnrollValues {\n  clientData?: string;\n  attestation?: string;\n  credentials?: Credentials;\n}\n\nexport class WebauthnEnrollment extends Authenticator<WebauthnEnrollValues> {\n  canVerify(values: WebauthnEnrollValues) {\n    const { credentials } = values;\n    const obj = credentials || values;\n    const { clientData, attestation } = obj;\n    return !!(clientData && attestation);\n  }\n\n  mapCredentials(values: WebauthnEnrollValues): Credentials | undefined {\n    const { credentials, clientData, attestation } = values;\n    if (!credentials && !clientData && !attestation) {\n      return;\n    }\n    return credentials || ({\n      clientData,\n      attestation\n    });\n  }\n\n  getInputs() {\n    return [\n      { name: 'clientData', type: 'string', required: true, visible: false, label: 'Client Data' },\n      { name: 'attestation', type: 'string', required: true, visible: false, label: 'Attestation' },\n    ];\n  }\n}\n","import { Authenticator, Credentials } from './Authenticator';\n\nexport interface WebauthnVerificationValues {\n  clientData?: string;\n  authenticatorData?: string;\n  signatureData?: string;\n  credentials?: Credentials;\n}\n\nexport class WebauthnVerification extends Authenticator<WebauthnVerificationValues> {\n  canVerify(values: WebauthnVerificationValues) {\n    const { credentials } = values;\n    const obj = credentials || values;\n    const { clientData, authenticatorData, signatureData } = obj;\n    return !!(clientData && authenticatorData && signatureData);\n  }\n\n  mapCredentials(values: WebauthnVerificationValues): Credentials | undefined {\n    const { credentials, authenticatorData, clientData, signatureData } = values;\n    if (!credentials && !authenticatorData && !clientData && !signatureData) {\n      return;\n    }\n    return credentials || ({\n      authenticatorData,\n      clientData,\n      signatureData\n    });\n  }\n\n  getInputs() {\n    return [\n      { name: 'authenticatorData', type: 'string', label: 'Authenticator Data', required: true, visible: false },\n      { name: 'clientData', type: 'string', label: 'Client Data', required: true, visible: false },\n      { name: 'signatureData', type: 'string', label: 'Signature Data', required: true, visible: false },\n    ];\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticator, Authenticator, AuthenticatorValues } from '../../authenticator';\nimport { IdxRemediation, IdxContext } from '../../types/idx-js';\nimport { OktaAuthIdxInterface, NextStep } from '../../types';\n\nexport type VerifyAuthenticatorValues = AuthenticatorValues & RemediationValues;\n\n// Base class - DO NOT expose static remediationName\nexport class VerifyAuthenticator<T extends VerifyAuthenticatorValues = VerifyAuthenticatorValues>\n  extends Remediator<T> {\n\n  authenticator: Authenticator<VerifyAuthenticatorValues>;\n\n  constructor(remediation: IdxRemediation, values: T = {} as T) {\n    super(remediation, values);\n    this.authenticator = getAuthenticator(remediation);\n  }\n\n  getNextStep(authClient: OktaAuthIdxInterface, context?: IdxContext): NextStep {\n    const nextStep = super.getNextStep(authClient, context);\n    const authenticatorEnrollments = context?.authenticatorEnrollments?.value;\n\n    return {\n      ...nextStep,\n      authenticatorEnrollments\n    };\n  }\n\n  canRemediate() {\n    return this.authenticator.canVerify(this.values);\n  }\n\n  mapCredentials() {\n    return this.authenticator.mapCredentials(this.values);\n  }\n\n  getInputCredentials(input) {\n    return this.authenticator.getInputs(input);\n  }\n\n  getValuesAfterProceed(): T {\n    this.values = super.getValuesAfterProceed();\n    let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'credentials');\n    return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {} as T);\n  }\n}\n","import { OktaVerifyTotp } from './OktaVerifyTotp';\nimport { Authenticator } from './Authenticator';\nimport { VerificationCodeAuthenticator } from './VerificationCodeAuthenticator';\nimport { OktaPassword } from './OktaPassword';\nimport { SecurityQuestionEnrollment } from './SecurityQuestionEnrollment';\nimport { SecurityQuestionVerification } from './SecurityQuestionVerification';\nimport { WebauthnEnrollment } from './WebauthnEnrollment';\nimport { WebauthnVerification } from './WebauthnVerification';\nimport { IdxAuthenticator, IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey } from '../types';\n\n/* eslint complexity:[0,8] */\nexport function getAuthenticator(remediation: IdxRemediation): Authenticator<any> {\n  const relatesTo = remediation.relatesTo;\n  const value = relatesTo?.value || {} as IdxAuthenticator;\n  switch (value.key) {\n    case AuthenticatorKey.OKTA_PASSWORD:\n      return new OktaPassword(value);\n    case AuthenticatorKey.SECURITY_QUESTION:\n      if (value.contextualData?.enrolledQuestion) {\n        return new SecurityQuestionVerification(value);\n      } else {\n        return new SecurityQuestionEnrollment(value);\n      }\n    case AuthenticatorKey.OKTA_VERIFY:\n      return new OktaVerifyTotp(value);\n    case AuthenticatorKey.WEBAUTHN:\n      if (value.contextualData?.challengeData) {\n        return new WebauthnVerification(value);\n      } else {\n        return new WebauthnEnrollment(value);\n      }\n    default:\n      return new VerificationCodeAuthenticator(value);\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type EnrollAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class EnrollAuthenticator extends VerifyAuthenticator<EnrollAuthenticatorValues> {\n  static remediationName = 'enroll-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { NextStep, OktaAuthIdxInterface } from '../types';\nimport { IdxContext } from '../types/idx-js';\n\nexport interface EnrollPollValues extends RemediationValues {\n  startPolling?: boolean;\n}\n\nexport class EnrollPoll extends Remediator<EnrollPollValues> {\n  static remediationName = 'enroll-poll';\n\n  canRemediate() {\n    return !!this.values.startPolling || this.options.step === 'enroll-poll';\n  }\n\n  getNextStep(authClient: OktaAuthIdxInterface, context?: IdxContext): NextStep {\n    const common = super.getNextStep(authClient, context);\n    let authenticator = this.getAuthenticator();\n    if (!authenticator && context?.currentAuthenticator) {\n      authenticator = context.currentAuthenticator.value;\n    }\n    return {\n      ...common,\n      authenticator,\n      poll: {\n        required: true,\n        refresh: this.remediation.refresh\n      },\n    };\n  }\n\n  getValuesAfterProceed(): EnrollPollValues {\n    let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'startPolling');\n    return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n  }\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { IdxRemediationValueForm, IdxContext } from '../types/idx-js';\nimport { Authenticator, OktaAuthIdxInterface } from '../types/api';\n\n\nexport type SelectEnrollmentChannelValues = RemediationValues & {\n  channel?: string;\n};\n\nexport class SelectEnrollmentChannel extends Remediator<SelectEnrollmentChannelValues> {\n  static remediationName = 'select-enrollment-channel';\n\n  canRemediate() {\n    if (this.values.channel) {\n      return true;\n    }\n\n    if (this.values.authenticator) {\n      const { id, channel } = this.values.authenticator as Authenticator;\n      if (!!id && !!channel) {\n        return true;\n      }\n    }\n\n    return false;\n  }\n\n  getNextStep(authClient: OktaAuthIdxInterface, context: IdxContext) {\n    const common = super.getNextStep(authClient, context);\n    const authenticator = context.currentAuthenticator.value;\n    return {\n      ...common,\n      authenticator,\n    };\n  }\n\n  getData() {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const remediationValue = this.remediation!.value![0].value as IdxRemediationValueForm;\n    return {\n      authenticator: {\n        id: remediationValue.form.value[0].value,\n        channel: (this.values.authenticator as Authenticator)?.channel || this.values.channel,\n      },\n      stateHandle: this.values.stateHandle,\n\n    };\n  }\n\n  getValuesAfterProceed(): SelectEnrollmentChannelValues {\n    this.values = super.getValuesAfterProceed();\n    delete this.values.authenticators;    // required to prevent infinite loops from auto-remediating via values\n    const filterKey = this.values.channel ? 'channel' : 'authenticator';\n    let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== filterKey);\n    return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n  }\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { IdxContext } from '../types/idx-js';\nimport { OktaAuthIdxInterface } from '../types';\n\n\nexport type EnrollmentChannelDataValues = RemediationValues & {\n  email?: string;\n  phoneNumber?: string;\n};\n\nexport class EnrollmentChannelData extends Remediator<EnrollmentChannelDataValues> {\n  static remediationName = 'enrollment-channel-data';\n\n  getInputEmail() {\n    return [\n      { name: 'email', type: 'string', required: true, label: 'Email' },\n    ];\n  }\n\n  getInputPhoneNumber() {\n    return [\n      { name: 'phoneNumber', type: 'string', required: true, label: 'Phone Number' },\n    ];\n  }\n\n  canRemediate() {\n    return Boolean(this.values.email || this.values.phoneNumber);\n  }\n\n  getNextStep(authClient: OktaAuthIdxInterface, context: IdxContext) {\n    const common = super.getNextStep(authClient, context);\n    const authenticator = context.currentAuthenticator.value;\n    return {\n      ...common,\n      authenticator,\n    };\n  }\n\n  getData() {\n    return {\n      stateHandle: this.values.stateHandle,\n      email: this.values.email,\n      phoneNumber: this.values.phoneNumber\n    };\n  }\n\n  getValuesAfterProceed(): EnrollmentChannelDataValues {\n    let trimmedValues = Object.keys(this.values).filter(valueKey => !['email', 'phoneNumber'].includes(valueKey));\n    return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type ChallengeAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class ChallengeAuthenticator extends VerifyAuthenticator<ChallengeAuthenticatorValues> {\n  static remediationName = 'challenge-authenticator';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { EnrollPoll } from './EnrollPoll';\n\nexport class ChallengePoll extends EnrollPoll{\n  static remediationName = 'challenge-poll';\n\n  canRemediate() {\n    return !!this.values.startPolling || this.options.step === 'challenge-poll';\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { VerifyAuthenticator, VerifyAuthenticatorValues } from './Base/VerifyAuthenticator';\n\nexport type ResetAuthenticatorValues = VerifyAuthenticatorValues;\n\nexport class ResetAuthenticator extends VerifyAuthenticator<ResetAuthenticatorValues> {\n  static remediationName = 'reset-authenticator';\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { IdxRemediation, IdxRemediationValue, IdxAuthenticator } from '../types/idx-js';\nimport { RemediateOptions } from '../types';\nimport { Remediator, RemediationValues } from './Base/Remediator';\nimport { Authenticator, Credentials, OktaPassword } from '../authenticator';\n\nexport interface EnrollProfileValues extends RemediationValues {\n  firstName?: string;\n  lastName?: string;\n  email?: string;\n  credentials?: Credentials;\n  password?: string;\n  passcode?: string;\n}\n\nexport class EnrollProfile extends Remediator<EnrollProfileValues> {\n  static remediationName = 'enroll-profile';\n\n  authenticator: Authenticator<any> | null = null;\n\n  constructor(\n    remediation: IdxRemediation,\n    values: EnrollProfileValues = {},\n    options: RemediateOptions = {}\n  ) {\n    super(remediation, values, options);\n\n    // credentials are only required when Profile Enrollment policy requires them\n    // if credentials are included in the remediation, they are considered required\n    // otherwise it will be omitted\n    const credentials = this.getCredentialsFromRemediation();\n    if (credentials) {\n      this.authenticator = this.authenticator = new OktaPassword({} as IdxAuthenticator);\n    }\n  }\n\n  canRemediate() {\n    // ensure credentials can be verified, if required\n    if (this.authenticator && !this.authenticator.canVerify(this.values)) {\n      return false;\n    }\n\n    const userProfileFromValues = this.getData().userProfile;\n    if (!userProfileFromValues) {\n      return false;\n    }\n    // eslint-disable-next-line max-len\n    const userProfileFromRemediation = this.remediation.value!.find(({ name }) => name === 'userProfile') as IdxRemediationValue;\n    return userProfileFromRemediation.form!.value.reduce((canRemediate, curr) => {\n      if (curr.required) {\n        canRemediate = canRemediate && !!userProfileFromValues[curr.name];\n      }\n      return canRemediate;\n    }, true);\n  }\n\n  getCredentialsFromRemediation () {\n    return this.remediation.value!.find(({ name }) => name === 'credentials');\n  }\n\n  mapUserProfile({form: { value: profileAttributes }}) {\n    const attributeNames = profileAttributes.map(({name}) => name);\n    const data = attributeNames.reduce((attributeValues, attributeName) => (\n      this.values[attributeName] ? {\n      ...attributeValues,\n      [attributeName]: this.values[attributeName]\n    } : attributeValues), {});\n    if (Object.keys(data).length === 0) {\n      return;\n    }\n    return data;\n  }\n\n  mapCredentials() {\n    const val = this.authenticator && this.authenticator.mapCredentials(this.values);\n    if (!val) {\n      return;\n    }\n    return val;\n  }\n\n  getInputUserProfile(input) {\n    return [...input.form.value];\n  }\n\n  getInputCredentials(input) {\n    return [...input.form.value];\n  }\n\n  getErrorMessages(errorRemediation) {\n    return errorRemediation.value[0].form.value.reduce((errors, field) => {\n      if (field.messages) {\n        errors.push(field.messages.value[0].message);\n      }\n      return errors;\n    }, []);\n  }\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Credentials } from '../authenticator';\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface IdentifyValues extends RemediationValues {\n  username?: string;\n  password?: string;\n  credentials?: Credentials;\n}\n\nexport class Identify extends Remediator<IdentifyValues> {\n  static remediationName = 'identify';\n\n  map = {\n    'identifier': ['username']\n  };\n\n  canRemediate(): boolean {\n    const { identifier } = this.getData();\n    return !!identifier;\n  }\n\n  mapCredentials() {\n    const { credentials, password } = this.values;\n    if (!credentials && !password) {\n      return;\n    }\n    return credentials || { passcode: password };\n  }\n\n  getInputCredentials(input) {\n    return {\n      ...input.form.value[0],\n      name: 'password',\n      required: input.required\n    };\n  }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface ReEnrollAuthenticatorValues extends RemediationValues {\n  newPassword?: string;\n}\n\nexport class ReEnrollAuthenticator extends Remediator<ReEnrollAuthenticatorValues> {\n  static remediationName = 'reenroll-authenticator';\n\n  mapCredentials() {\n    const { newPassword } = this.values;\n    if (!newPassword) {\n      return;\n    }\n    return { \n      passcode: newPassword,\n    };\n  }\n\n  getInputCredentials(input) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const challengeType = this.getAuthenticator()!.type;\n    const name = challengeType === 'password' ? 'newPassword' : 'verificationCode';\n    return {\n      ...input.form.value[0],\n      name\n    };\n  }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator } from './Base/Remediator';\n\nexport class RedirectIdp extends Remediator {\n  static remediationName = 'redirect-idp';\n\n  canRemediate() {\n    return false;\n  }\n\n  getNextStep() {\n    const { name, type, idp, href } = this.remediation;\n    return {\n      name,\n      type,\n      idp,\n      href\n    };\n  }\n\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { getAuthenticatorFromRemediation } from '../util';\nimport { IdxRemediationValue, IdxContext, IdxOption } from '../../types/idx-js';\nimport { Authenticator, isAuthenticator } from '../../types/api';\nimport { compareAuthenticators, findMatchedOption} from '../../authenticator/util';\n\nexport type SelectAuthenticatorValues = RemediationValues & {\n  authenticator?: string | Authenticator;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class SelectAuthenticator<T extends SelectAuthenticatorValues = SelectAuthenticatorValues>\n  extends Remediator<T> {\n  selectedAuthenticator?: Authenticator;\n  selectedOption?: any;\n\n  // Find matched authenticator in provided order\n  findMatchedOption(authenticators, options) {\n    let option: IdxOption | undefined;\n    for (let authenticator of authenticators) {\n      option = options\n        .find(({ relatesTo }) => relatesTo.key && relatesTo.key === authenticator.key);\n      if (option) {\n        break;\n      }\n    }\n    return option;\n  }\n\n  /* eslint complexity:[0,9] */\n  canRemediate(context?: IdxContext) {\n    const { authenticators, authenticator } = this.values;\n    const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation);\n    const { options } = authenticatorFromRemediation;\n    // Let users select authenticator if no input is provided\n    if (!authenticators || !authenticators.length) {\n      return false;\n    }\n\n    // Authenticator is explicitly specified by id\n    if (isAuthenticator(authenticator) && authenticator.id) {\n      return true;\n    }\n\n    // Proceed with provided authenticators\n    const matchedOption = this.findMatchedOption(authenticators, options!);\n    if (matchedOption) {\n      // Don't select current authenticator (OKTA-612939)\n      const isCurrentAuthenticator = context?.currentAuthenticator\n        && context?.currentAuthenticator.value.id === matchedOption.relatesTo?.id;\n      const isCurrentAuthenticatorEnrollment = context?.currentAuthenticatorEnrollment\n        && context?.currentAuthenticatorEnrollment.value.id === matchedOption.relatesTo?.id;\n      return !isCurrentAuthenticator && !isCurrentAuthenticatorEnrollment;\n    }\n    \n    return false;\n  }\n\n  mapAuthenticator(remediationValue: IdxRemediationValue) {\n    const { authenticators, authenticator } = this.values;\n\n    // Authenticator is explicitly specified by id\n    if (isAuthenticator(authenticator) && authenticator.id) {\n      this.selectedAuthenticator = authenticator; // track the selected authenticator\n      return authenticator;\n    }\n\n    const { options } = remediationValue;\n    const selectedOption = findMatchedOption(authenticators, options);\n    this.selectedAuthenticator = selectedOption.relatesTo; // track the selected authenticator\n    this.selectedOption = selectedOption;\n    return {\n      id: selectedOption?.value.form.value.find(({ name }) => name === 'id').value\n    };\n  }\n\n  getInputAuthenticator(remediation) {\n    const options = remediation.options.map(({ label, relatesTo }) => {\n      return {\n        label,\n        value: relatesTo.key\n      };\n    });\n    return { name: 'authenticator', type: 'string', options };\n  }\n\n  getValuesAfterProceed(): T {\n    this.values = super.getValuesAfterProceed();\n    // remove used authenticators\n    const authenticators = (this.values.authenticators as Authenticator[])\n      .filter(authenticator => {\n        return compareAuthenticators(authenticator, this.selectedAuthenticator) !== true;\n      });\n    return { ...this.values, authenticators };\n  }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\nimport { getAuthenticatorFromRemediation } from './util';\nimport { IdxRemediation } from '../types/idx-js';\nimport { AuthenticatorKey, Authenticator, RemediateOptions } from '../types';\n\nexport type SelectAuthenticatorAuthenticateValues = SelectAuthenticatorValues & {\n  password?: string;\n};\n\nexport class SelectAuthenticatorAuthenticate extends SelectAuthenticator<SelectAuthenticatorAuthenticateValues> {\n  static remediationName = 'select-authenticator-authenticate';\n\n  constructor(\n    remediation: IdxRemediation, \n    values: SelectAuthenticatorValues = {}, \n    options: RemediateOptions = {}\n  ) {\n    super(remediation, values, options);\n\n    // Preset password authenticator to trigger recover action\n    const isRecoveryFlow = this.options.flow === 'recoverPassword';\n    const hasPasswordInOptions = getAuthenticatorFromRemediation(remediation)\n      .options?.some(({ relatesTo }) => relatesTo?.key === AuthenticatorKey.OKTA_PASSWORD);\n    if (hasPasswordInOptions && (isRecoveryFlow || this.values.password)) {\n      this.values.authenticators = [\n        ...this.values.authenticators || [],\n        { key: AuthenticatorKey.OKTA_PASSWORD }\n      ] as Authenticator[];\n    }\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\n\nexport type SelectAuthenticatorEnrollValues = SelectAuthenticatorValues;\n\nexport class SelectAuthenticatorEnroll extends SelectAuthenticator<SelectAuthenticatorEnrollValues> {\n  static remediationName = 'select-authenticator-enroll';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { SelectAuthenticator, SelectAuthenticatorValues } from './Base/SelectAuthenticator';\nimport { Authenticator } from '../types';\nimport { IdxRemediationValue } from '../types/idx-js';\n\n\nexport type SelectAuthenticatorUnlockAccountValues = SelectAuthenticatorValues & {\n  identifier?: string;\n  methodType?: string;\n};\n\nexport class SelectAuthenticatorUnlockAccount extends SelectAuthenticator<SelectAuthenticatorUnlockAccountValues> {\n  static remediationName = 'select-authenticator-unlock-account';\n  authenticator?: Authenticator;\n\n  map = {\n    identifier: ['username']\n  };\n\n  canRemediate() {\n    const identifier = this.getData('identifier');\n    return !!identifier && super.canRemediate();\n  }\n\n  mapAuthenticator(remediationValue: IdxRemediationValue) {\n    const authenticatorMap = super.mapAuthenticator(remediationValue);\n    const methodTypeOption = this.selectedOption?.value.form.value.find(({ name }) => name === 'methodType');\n\n    // defaults to 'manually defined' value\n    // 2nd: option may have pre-defined value, like stateHandle\n    // 3rd: if only a single OV option is available, default to that option\n    const methodTypeValue = this.values.methodType ||\n      methodTypeOption?.value as string || methodTypeOption?.options?.[0]?.value as string;\n\n    if (methodTypeValue) {\n      return {\n        ...authenticatorMap,\n        methodType: methodTypeValue\n      };\n    }\n\n    return authenticatorMap;\n  }\n\n  getInputUsername () {\n    return { name: 'username', type: 'string' };\n  }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\n// eslint-disable-next-line @typescript-eslint/no-empty-interface\nexport interface SelectEnrollProfileValues extends RemediationValues {}\n\nexport class SelectEnrollProfile extends Remediator<SelectEnrollProfileValues> {\n  static remediationName = 'select-enroll-profile';\n\n  canRemediate() {\n    return true;\n  }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { Remediator, RemediationValues } from './Remediator';\nimport { IdxRemediationValue, IdxRemediation, IdxAuthenticator } from '../../types/idx-js';\nimport { isAuthenticator } from '../../types/api';\nimport { compareAuthenticators } from '../../authenticator/util';\n\nexport type AuthenticatorDataValues = RemediationValues & {\n  methodType?: string;\n};\n\n// Base class - DO NOT expose static remediationName\nexport class AuthenticatorData<T extends AuthenticatorDataValues = AuthenticatorDataValues> extends Remediator<T> {\n  authenticator: IdxAuthenticator;\n\n  constructor(remediation: IdxRemediation, values: T = {} as T) {\n    super(remediation, values);\n\n    // set before other data calculation\n    this.authenticator = this.getAuthenticator()!;\n\n    this.formatAuthenticatorData();\n  }\n\n  protected formatAuthenticatorData() {\n    const authenticatorData = this.getAuthenticatorData();\n    if (authenticatorData) {\n      this.values.authenticatorsData = this.values.authenticatorsData!.map(data => {\n        if (compareAuthenticators(this.authenticator, data)) {\n          return this.mapAuthenticatorDataFromValues(data);\n        }\n        return data;\n      });\n    } else {\n      const data = this.mapAuthenticatorDataFromValues();\n      if (data) {\n        this.values.authenticatorsData!.push(data);\n      }\n    }\n  }\n\n  protected getAuthenticatorData() {\n    return this.values.authenticatorsData!\n      .find((data) => compareAuthenticators(this.authenticator, data));\n  }\n\n  canRemediate() {\n    return this.values.authenticatorsData!\n      .some(data => compareAuthenticators(this.authenticator, data));\n  }\n\n  protected mapAuthenticatorDataFromValues(authenticatorData?) {\n    // add methodType to authenticatorData if it exists in values\n    let { methodType, authenticator } = this.values;\n    if (!methodType && isAuthenticator(authenticator)) {\n     methodType = authenticator?.methodType;\n    }\n    \n    const { id, enrollmentId } = this.authenticator;\n    const data = { \n      id,\n      enrollmentId,\n      ...(authenticatorData && authenticatorData),\n      ...(methodType && { methodType }) \n    };\n\n    return data.methodType ? data : null;\n  }\n\n  protected getAuthenticatorFromRemediation(): IdxRemediationValue {\n    const authenticator = this.remediation.value!\n      .find(({ name }) => name === 'authenticator') as IdxRemediationValue;\n    return authenticator;\n  }\n\n  getValuesAfterProceed(): T {\n    this.values = super.getValuesAfterProceed();\n    // remove used authenticatorData\n    const authenticatorsData = this.values.authenticatorsData!\n      .filter(data => compareAuthenticators(this.authenticator, data) !== true);\n    return { ...this.values, authenticatorsData };\n  }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\n\nexport type AuthenticatorVerificationDataValues = AuthenticatorDataValues;\n\nexport class AuthenticatorVerificationData extends AuthenticatorData<AuthenticatorVerificationDataValues> {\n  static remediationName = 'authenticator-verification-data';\n\n  mapAuthenticator() {\n    return this.getAuthenticatorData();\n  }\n\n  getInputAuthenticator() {\n    const authenticator = this.getAuthenticatorFromRemediation();\n    const methodType = authenticator.form!.value.find(({ name }) => name === 'methodType');\n    // if has methodType in form, let user select the methodType\n    if (methodType && methodType.options) {\n      return { \n        name: 'methodType', \n        type: 'string', \n        required: true, \n        options: methodType.options \n      };\n    }\n    // no methodType, then return form values\n    const inputs = [...authenticator.form!.value];\n    return inputs;\n  }\n\n  getValuesAfterProceed(): AuthenticatorVerificationDataValues {\n    this.values = super.getValuesAfterProceed();\n    let trimmedValues = Object.keys(this.values).filter(valueKey => valueKey !== 'authenticator');\n    return trimmedValues.reduce((values, valueKey) => ({...values, [valueKey]: this.values[valueKey]}), {});\n  }\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthenticatorData, AuthenticatorDataValues } from './Base/AuthenticatorData';\nimport { getAuthenticatorFromRemediation } from './util';\n\nexport type AuthenticatorEnrollmentDataValues =  AuthenticatorDataValues & {\n  phoneNumber?: string;\n  resend?: boolean; // resend is not a remediator value - revise when IdxResponse structure is updated\n}\nexport class AuthenticatorEnrollmentData extends AuthenticatorData<AuthenticatorEnrollmentDataValues> {\n  static remediationName = 'authenticator-enrollment-data';\n\n  mapAuthenticator() {\n    const authenticatorData = this.getAuthenticatorData();\n    const authenticatorFromRemediation = getAuthenticatorFromRemediation(this.remediation)!;\n    return { \n      id: authenticatorFromRemediation.form!.value\n        .find(({ name }) => name === 'id')!.value,\n      methodType: authenticatorData!.methodType,\n      phoneNumber: authenticatorData!.phoneNumber,\n    };\n  }\n\n  getInputAuthenticator(remediation) {\n    return [\n      { name: 'methodType', type: 'string' }, \n      { name: 'phoneNumber', label: 'Phone Number', type: 'string' }\n    ].map(item => {\n      const value = remediation.form.value.find(val => val.name === item.name);\n      return { ...value, ...item };\n    });\n  }\n\n  protected mapAuthenticatorDataFromValues(data?) {\n    // get mapped authenticator from base class\n    data = super.mapAuthenticatorDataFromValues(data);\n    // add phoneNumber to authenticator if it exists in values\n    const { phoneNumber } = this.values;\n    if (!data && !phoneNumber) {\n      return;\n    }\n\n    return { \n      ...(data && data), \n      ...(phoneNumber && { phoneNumber }) \n    };\n  }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { Remediator, RemediationValues } from './Base/Remediator';\n\nexport interface SkipValues extends RemediationValues {\n  skip?: boolean;\n}\n\nexport class Skip extends Remediator<SkipValues> {\n  static remediationName = 'skip';\n\n  canRemediate() {\n    return !!this.values.skip || this.options.step === 'skip';\n  }\n\n}\n","/* eslint-disable complexity */\nimport { AuthSdkError } from '../../../errors';\nimport { Input } from '../../types';\n\nexport function unwrapFormValue(remediation): Input { \n  if (Array.isArray(remediation)) {\n    return remediation\n      .map(item => {\n        if (typeof item === 'string' || typeof item === 'number' || typeof item === 'boolean') {\n          return item;\n        }\n        return unwrapFormValue(item);\n      }) as any;\n  }\n\n  const res = {};\n  for (const [key, value] of Object.entries(remediation)) {\n    if (value === null || typeof value === 'undefined') {\n      continue;\n    }\n\n    if (typeof value === 'object') {\n      const formKeys = Object.keys(value as object);\n      // detect patterns like:\n      // value -> form -> value | form -> value\n      if (['value', 'form'].includes(key) \n        && formKeys.length === 1 \n        && ['value', 'form'].includes(formKeys[0])\n      ) {\n        // unwrap nested form\n        const unwrappedForm = unwrapFormValue(value);\n        Object.entries(unwrappedForm).forEach(([key, value]) => {\n          res[key] = value;\n        });\n      } else {\n        // dfs\n        res[key] = unwrapFormValue(value);\n      }\n    } else {\n      // handle primitive value\n      res[key] = value;\n    }\n  }\n\n  return res as Input;\n}\n\n// only check if value is required for now\n// TODO: support SDK layer type based input validation\nexport function hasValidInputValue(input, values) {\n  const fn = (input, values, requiredTracker) => {\n    const { name, value, type, options, required } = input;\n    const isRequired = required || requiredTracker;\n\n    // handle nested value - all required fields should be avaiable in values \n    if (Array.isArray(value)) {\n      return value.reduce((acc, item) => {\n        return acc && fn(item, values[name], isRequired); // recursive call\n      }, true);\n    }\n\n    // handle options field\n    // 1. object type options - check if each object field is required and value can be found from the selectedOption\n    // 2. primitive options - required field is avaiable from top level\n    // 3. unknown format - pass to backend for validation\n    if (options) {\n      // object type options\n      if (type === 'object') {\n        const selectedOption = values[name];\n        if (!selectedOption) {\n          return false;\n        }\n        if (!selectedOption.id) {\n          // unknown option format, pass to backend for validation\n          return true;\n        }\n        const optionSchema = options.find((option) => {\n          const idSchema = option.value.find(({ name }) => name === 'id' );\n          return idSchema.value === selectedOption.id;\n        });\n        if (!optionSchema) {\n          return false;\n        }\n        return optionSchema.value\n          .filter(({ required }) => !!required)\n          .reduce((acc, { name }) => {\n            return acc && !!selectedOption[name];\n          }, true);\n      }\n\n      // primitive options, not required - always valid\n      if (required === false) {\n        return true;\n      }\n\n      // primitive options, required - check if value is available\n      if (required === true) {\n        return !!values[name];\n      }\n\n      // unknown options, throw\n      throw new AuthSdkError(`Unknown options type, ${JSON.stringify(input)}`);\n    }\n\n    // base case\n    if (!isRequired) {\n      return true;\n    }\n      \n    return !!(values && values[name]);\n  };\n\n  return fn(input, values, false);\n}\n","import { OktaAuthIdxInterface, IdxContext, NextStep, Input } from '../../types';\nimport { Remediator } from '../Base/Remediator';\nimport { unwrapFormValue } from './util';\n\nexport class GenericRemediator extends Remediator {\n  canRemediate(): boolean {\n    // only handle remediations that are able to submit form (xhr)\n    if (typeof this.remediation.action !== 'function') {\n      return false;\n    }\n\n    // DO NOT REMOVE - bring it back when enable client side validation for GenericRemediator - OKTA-512003\n    // const inputs = this.getInputs();\n    // const res = inputs.reduce((acc, input) => {\n    //   return acc && hasValidInputValue(input, this.values);\n    // }, true);\n    // return res;\n\n    if (this.remediation.name === 'poll' || this.remediation.name.endsWith('-poll')) {\n      return true;\n    }\n\n    if (this.options.step) {\n      return true;\n    }\n    \n    // disable auto proceed for unknown remediations\n    return false;\n  }\n\n  getData() {\n    const data = this.getInputs().reduce((acc, { name }) => {\n      acc[name] = this.values[name];\n      return acc;\n    }, {});\n    return data;\n  }\n\n  getNextStep(authClient: OktaAuthIdxInterface, _context?: IdxContext): NextStep {\n    const name = this.getName();\n    const inputs = this.getInputs();\n    \n    /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n    // excludes transformed fields\n    const { \n      // http metas have been transformed to action\n      href, \n      method, \n      rel, \n      accepts, \n      produces, \n      // value has been transform to inputs\n      value,\n      // will be transformed to a function that resolves IdxTransaction\n      action,\n      ...rest \n    } = this.remediation;\n    /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n\n    // step to handle form submission\n    if (action) {\n      return { \n        ...rest,\n        ...(!!inputs.length && { inputs }),\n        action: async (params?) => {\n          return authClient.idx.proceed({\n            step: name,\n            ...params\n          });\n        }\n      };\n    }\n\n    // return whole remediation data for other steps, eg \"redirect-idp\"\n    return { ...this.remediation } as NextStep;\n    \n  }\n\n  getInputs(): Input[] {\n    return (this.remediation.value || [])\n      .filter(({ name }) => name !== 'stateHandle')\n      .map(unwrapFormValue)\n      .map(input => {\n        // use string as default input type\n        input.type = input.type || 'string';\n        return input;\n      });\n  }\n\n}\n","import { warn, split2 } from '../util';\nimport * as remediators from './remediators';\nimport { RemediationValues, Remediator, RemediatorConstructor } from './remediators';\nimport { GenericRemediator } from './remediators/GenericRemediator';\nimport { OktaAuthIdxInterface, IdxFeature, NextStep, RemediateOptions, RemediationResponse, RunOptions } from './types';\nimport { IdxMessage, IdxRemediation, IdxRemediationValue, IdxResponse } from './types/idx-js';\n\nexport function isTerminalResponse(idxResponse: IdxResponse) {\n  const { neededToProceed, interactionCode } = idxResponse;\n  return !neededToProceed.length && !interactionCode;\n}\n\nexport function canSkipFn(idxResponse: IdxResponse) {\n  return idxResponse.neededToProceed.some(({ name }) => name === 'skip');\n}\n\nexport function canResendFn(idxResponse: IdxResponse) {\n  return Object.keys(idxResponse.actions).some(actionName => actionName.includes('resend'));\n}\n\nexport function getMessagesFromIdxRemediationValue(\n  value?: IdxRemediationValue[]\n): IdxMessage[] | undefined {\n  if (!value || !Array.isArray(value)) {\n    return;\n  }\n  return value.reduce((messages, value) => {\n    if (value.messages) {\n      messages = [...messages, ...value.messages.value] as never;\n    }\n    if (value.form) {\n      const messagesFromForm = getMessagesFromIdxRemediationValue(value.form.value) || [];\n      messages = [...messages, ...messagesFromForm] as never;\n    } \n    if (value.options) {\n      let optionValues = [];\n      value.options.forEach(option => {\n        if (!option.value || typeof option.value === 'string') {\n          return;\n        }\n        optionValues = [...optionValues, option.value] as never;\n      });\n      const messagesFromOptions = getMessagesFromIdxRemediationValue(optionValues) || [];\n      messages = [...messages, ...messagesFromOptions] as never;\n    }\n    return messages;\n  }, []);\n}\n\nexport function getMessagesFromResponse(idxResponse: IdxResponse, options: RunOptions): IdxMessage[] {\n  let messages: IdxMessage[] = [];\n  const { rawIdxState, neededToProceed } = idxResponse;\n\n  // Handle global messages\n  const globalMessages = rawIdxState.messages?.value.map(message => message);\n  if (globalMessages) {\n    messages = [...messages, ...globalMessages] as never;\n  }\n\n  // Handle field messages for current flow\n  // Preserve existing logic for general cases, remove in the next major version\n  // Follow ion response format for top level messages when useGenericRemediator is true\n  if (!options.useGenericRemediator) {\n    for (let remediation of neededToProceed) {\n      const fieldMessages = getMessagesFromIdxRemediationValue(remediation.value);\n      if (fieldMessages) {\n        messages = [...messages, ...fieldMessages] as never;\n      }\n    }\n  }\n\n  // API may return identical error on same field, filter by i18n key\n  const seen = {};\n  messages = messages.reduce((filtered, message) => {\n    const key = message.i18n?.key;\n    if (key && seen[key] && message.message === seen[key].message) {\n      return filtered;\n    }\n    seen[key] = message;\n    filtered = [...filtered, message] as never;\n    return filtered;\n  }, []);\n\n  return messages;\n}\n\n\nexport function getEnabledFeatures(idxResponse: IdxResponse): IdxFeature[] {\n  const res = [];\n  const { actions, neededToProceed } = idxResponse;\n\n  if (actions['currentAuthenticator-recover']) {\n    res.push(IdxFeature.PASSWORD_RECOVERY as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'select-enroll-profile')) {\n    res.push(IdxFeature.REGISTRATION as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'redirect-idp')) {\n    res.push(IdxFeature.SOCIAL_IDP as never);\n  }\n\n  if (neededToProceed.some(({ name }) => name === 'unlock-account')) {\n    res.push(IdxFeature.ACCOUNT_UNLOCK as never);\n  }\n\n  return res;\n}\n\nexport function getAvailableSteps(\n  authClient: OktaAuthIdxInterface, \n  idxResponse: IdxResponse, \n  useGenericRemediator?: boolean\n): NextStep[] {\n  const res: NextStep[] = [];\n\n  const remediatorMap: Record<string, RemediatorConstructor> = Object.values(remediators)\n    .reduce((map, remediatorClass) => {\n      // Only add concrete subclasses to the map\n      if (remediatorClass.remediationName) {\n        map[remediatorClass.remediationName] = remediatorClass;\n      }\n      return map;\n    }, {});\n\n  for (let remediation of idxResponse.neededToProceed) {\n    const T = getRemediatorClass(remediation, { useGenericRemediator, remediators: remediatorMap });\n    if (T) {\n      const remediator: Remediator = new T(remediation);\n      res.push (remediator.getNextStep(authClient, idxResponse.context) as never);\n    }\n  }\n\n  for (const [name] of Object.entries((idxResponse.actions || {}))) {\n    let stepObj = {\n      name, \n      action: async (params?) => {\n        return authClient.idx.proceed({ \n          actions: [{ name, params }] \n        });\n      }\n    };\n    if (name.startsWith('currentAuthenticator')) {\n      const [part1, part2] = split2(name, '-');\n      const actionObj = idxResponse.rawIdxState[part1].value[part2];\n      /* eslint-disable no-unused-vars, @typescript-eslint/no-unused-vars */\n      const {\n        href, \n        method, \n        rel, \n        accepts, \n        produces, \n        ...rest\n      } = actionObj;\n      /* eslint-enable no-unused-vars, @typescript-eslint/no-unused-vars */\n      const value = actionObj.value?.filter(item => item.name !== 'stateHandle');\n      stepObj = { \n        ...rest,  \n        ...(value && { value }),\n        ...stepObj,\n      };\n    }\n    res.push(stepObj);\n  }\n\n  return res;\n}\n\nexport function filterValuesForRemediation(\n  idxResponse: IdxResponse,\n  remediationName: string,\n  values: RemediationValues\n): RemediationValues {\n  const remediations = idxResponse.neededToProceed || [];\n  const remediation = remediations.find(r => r.name === remediationName);\n  if (!remediation) {\n    // step was specified, but remediation was not found. This is unexpected!\n    warn(`filterValuesForRemediation: \"${remediationName}\" did not match any remediations`);\n    return values;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const valuesForRemediation = remediation.value!.reduce((res, entry) => {\n    const { name, value } = entry;\n    if (name === 'stateHandle') {\n      res[name] = value; // use the stateHandle value in the remediation\n    } else {\n      res[name] = values[name]; // use the value provided by the caller\n    }\n    return res;\n  }, {});\n  return valuesForRemediation;\n}\n\nfunction getRemediatorClass(remediation: IdxRemediation, options: RemediateOptions) {\n  const { useGenericRemediator, remediators } = options;\n  \n  if (!remediation) {\n    return undefined;\n  }\n\n  if (useGenericRemediator) {\n    return GenericRemediator;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  return remediators![remediation.name];\n}\n\n// Return first match idxRemediation in allowed remediators\n// eslint-disable-next-line complexity\nexport function getRemediator(\n  idxResponse: IdxResponse,\n  values: RemediationValues,\n  options: RemediateOptions,\n): Remediator | undefined {\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const remediators = options.remediators!;\n  const useGenericRemediator = options.useGenericRemediator;\n  const {neededToProceed: idxRemediations, context} = idxResponse;\n\n  let remediator: Remediator;\n  // remediation name specified by caller - fast-track remediator lookup \n  if (options.step) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const remediation = idxRemediations.find(({ name }) => name === options.step)!;\n    if (remediation) {\n      const T = getRemediatorClass(remediation, options);\n      return T ? new T(remediation, values, options) : undefined;\n    } else {\n      // step was specified, but remediation was not found. This is unexpected!\n      warn(`step \"${options.step}\" did not match any remediations`);\n      return;\n    }\n  }\n\n  const remediatorCandidates: Remediator[] = [];\n  if (useGenericRemediator) {\n    // always pick the first remediation for when use GenericRemediator\n    remediatorCandidates.push(new GenericRemediator(idxRemediations[0], values, options));\n  } else {\n    for (let remediation of idxRemediations) {\n      const isRemeditionInFlow = Object.keys(remediators as object).includes(remediation.name);\n      if (!isRemeditionInFlow) {\n        continue;\n      }\n\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      const T = getRemediatorClass(remediation, options)!;\n      remediator = new T(remediation, values, options);\n      if (remediator.canRemediate(context)) {\n        // found the remediator\n        return remediator;\n      }\n      // remediator cannot handle the current values\n      // maybe return for next step\n      remediatorCandidates.push(remediator);  \n    }\n  }\n  \n  return remediatorCandidates[0];\n}\n\n\nexport function getNextStep(\n  authClient: OktaAuthIdxInterface, remediator: Remediator, idxResponse: IdxResponse\n): NextStep {\n  const nextStep = remediator.getNextStep(authClient, idxResponse.context);\n  const canSkip = canSkipFn(idxResponse);\n  const canResend = canResendFn(idxResponse);\n  return {\n    ...nextStep,\n    ...(canSkip && {canSkip}),\n    ...(canResend && {canResend}),\n  };\n}\n\nexport function handleFailedResponse(\n  authClient: OktaAuthIdxInterface,\n  idxResponse: IdxResponse,\n  options = {}\n): RemediationResponse {\n  const terminal = isTerminalResponse(idxResponse);\n  const messages = getMessagesFromResponse(idxResponse, options);\n  if (terminal) {\n    return { idxResponse, terminal, messages };\n  } else {\n    const remediator = getRemediator(idxResponse, {}, options);\n    const nextStep = remediator && getNextStep(authClient, remediator, idxResponse);\n    return {\n      idxResponse,\n      messages,\n      ...(nextStep && { nextStep }),\n    };\n  }\n  \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, max-depth, complexity */\nimport { AuthSdkError } from '../errors';\nimport { RemediationValues } from './remediators';\nimport { OktaAuthIdxInterface, RemediateOptions, RemediationResponse } from './types';\nimport { \n  IdxResponse,\n  IdxActionParams, \n} from './types/idx-js';\nimport {\n  isTerminalResponse,\n  filterValuesForRemediation,\n  getRemediator,\n  getNextStep,\n  handleFailedResponse\n} from './util';\n\nexport interface RemediateActionWithOptionalParams {\n  name: string;\n  params?: IdxActionParams;\n}\n\nexport type RemediateAction = string | RemediateActionWithOptionalParams;\n\n\nfunction getActionFromValues(values: RemediationValues, idxResponse: IdxResponse): string | undefined {\n  // Currently support resend actions only\n  return Object.keys(idxResponse.actions).find(action => !!values.resend && action.includes('-resend'));\n}\n\nfunction removeActionFromValues(values: RemediationValues): RemediationValues {\n  // Currently support resend actions only\n  return {\n    ...values,\n    resend: undefined\n  };\n}\n\nfunction removeActionFromOptions(options: RemediateOptions, actionName: string): RemediateOptions {\n  let actions = options.actions || [];\n  actions = actions.filter(entry => {\n    if (typeof entry === 'string') {\n      return entry !== actionName;\n    }\n    return entry.name !== actionName;\n  });\n\n  return { ...options, actions };\n}\n\n// This function is called recursively until it reaches success or cannot be remediated\nexport async function remediate(\n  authClient: OktaAuthIdxInterface,\n  idxResponse: IdxResponse,\n  values: RemediationValues,\n  options: RemediateOptions\n): Promise<RemediationResponse> {\n  let { neededToProceed, interactionCode } = idxResponse;\n  const { flow } = options;\n\n  // If the response contains an interaction code, there is no need to remediate\n  if (interactionCode) {\n    return { idxResponse };\n  }\n\n  const remediator = getRemediator(idxResponse, values, options);\n\n  // Try actions in idxResponse first\n  const actionFromValues = getActionFromValues(values, idxResponse);\n  const actionFromOptions = options.actions || [];\n  const actions = [\n    ...actionFromOptions,\n    ...(actionFromValues && [actionFromValues] || []),\n  ];\n  if (actions) {\n    for (let action of actions) {\n      // Action can either be specified as a string, or as an object with name and optional params\n      let params: IdxActionParams = {};\n      if (typeof action !== 'string') {\n        params = action.params || {};\n        action = action.name;\n      }\n      let valuesWithoutExecutedAction = removeActionFromValues(values);\n      let optionsWithoutExecutedAction = removeActionFromOptions(options, action);\n\n      if (typeof idxResponse.actions[action] === 'function') {\n        idxResponse = await idxResponse.actions[action](params);\n        if (idxResponse.requestDidSucceed === false) {\n          return handleFailedResponse(authClient, idxResponse, options);\n        }\n        if (action === 'cancel') {\n          return { idxResponse, canceled: true };\n        }\n        return remediate(\n          authClient, \n          idxResponse, \n          valuesWithoutExecutedAction, \n          optionsWithoutExecutedAction\n        ); // recursive call\n      }\n\n      // search for action in remediation list\n      const remediationAction = neededToProceed.find(({ name }) => name === action);\n      if (remediationAction) {\n        idxResponse = await idxResponse.proceed(action, params);\n        if (idxResponse.requestDidSucceed === false) {\n          return handleFailedResponse(authClient, idxResponse, options);\n        }\n        return remediate(authClient, idxResponse, values, optionsWithoutExecutedAction); // recursive call\n      }\n    }\n  }\n\n  // Do not attempt to remediate if response is in terminal state\n  const terminal = isTerminalResponse(idxResponse);\n  if (terminal) {\n    return { idxResponse, terminal };\n  }\n\n  if (!remediator) {\n    // With options.step, remediator is not required\n    if (options.step) {\n      values = filterValuesForRemediation(idxResponse, options.step, values); // include only requested values\n      idxResponse = await idxResponse.proceed(options.step, values);\n      if (idxResponse.requestDidSucceed === false) {\n        return handleFailedResponse(authClient, idxResponse, options);\n      }\n      return { idxResponse };\n    }\n\n    // With default flow, remediator is not required\n    if (flow === 'default') {\n      return { idxResponse };\n    }\n    throw new AuthSdkError(`\n      No remediation can match current flow, check policy settings in your org.\n      Remediations: [${neededToProceed.reduce((acc, curr) => acc ? acc + ' ,' + curr.name : curr.name, '')}]\n    `);\n  }\n\n  // Return next step to the caller\n  if (!remediator.canRemediate()) {\n    const nextStep = getNextStep(authClient, remediator, idxResponse);\n    return {\n      idxResponse,\n      nextStep,\n    };\n  }\n\n  const name = remediator.getName();\n  const data = remediator.getData();\n\n  idxResponse = await idxResponse.proceed(name, data);\n  if (idxResponse.requestDidSucceed === false) {\n    return handleFailedResponse(authClient, idxResponse, options);\n  }\n  // We may want to trim the values bag for the next remediation\n  // Let the remediator decide what the values should be (default to current values)\n  values = remediator.getValuesAfterProceed();\n  options = { ...options, step: undefined }; // do not re-use the step\n\n  // generic remediator should not auto proceed in pending status\n  // return nextStep directly\n  if (options.useGenericRemediator && !idxResponse.interactionCode && !isTerminalResponse(idxResponse)) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const gr = getRemediator(idxResponse, values, options)!;\n    const nextStep = getNextStep(authClient, gr, idxResponse);\n    return {\n      idxResponse,\n      nextStep,\n    };\n  }\n  \n  return remediate(authClient, idxResponse, values, options); // recursive call\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n  Identify,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  ReEnrollAuthenticator,\n  RedirectIdp,\n  AuthenticatorEnrollmentData,\n  SelectAuthenticatorEnroll,\n  EnrollAuthenticator,\n  AuthenticatorVerificationData,\n  EnrollPoll,\n  ChallengePoll,\n  SelectEnrollmentChannel,\n  EnrollmentChannelData,\n  Skip\n} from '../remediators';\n\nexport const AuthenticationFlow: RemediationFlow = {\n  'identify': Identify,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n  'enroll-authenticator': EnrollAuthenticator,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'challenge-poll': ChallengePoll,\n  'reenroll-authenticator': ReEnrollAuthenticator,\n  'enroll-poll': EnrollPoll,\n  'select-enrollment-channel': SelectEnrollmentChannel,\n  'enrollment-channel-data': EnrollmentChannelData,\n  'redirect-idp': RedirectIdp,\n  'skip': Skip,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n  Identify,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  AuthenticatorVerificationData,\n  ResetAuthenticator,\n  ReEnrollAuthenticator,\n  SelectAuthenticatorEnroll,\n  AuthenticatorEnrollmentData,\n  EnrollPoll\n} from '../remediators';\n\nexport const PasswordRecoveryFlow: RemediationFlow = {\n  'identify': Identify,\n  'identify-recovery': Identify,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'reset-authenticator': ResetAuthenticator,\n  'reenroll-authenticator': ReEnrollAuthenticator,\n  'enroll-poll': EnrollPoll,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport { \n  SelectEnrollProfile,\n  EnrollPoll,\n  SelectEnrollmentChannel,\n  EnrollmentChannelData,\n  EnrollProfile,\n  SelectAuthenticatorEnroll,\n  EnrollAuthenticator,\n  AuthenticatorEnrollmentData,\n  Skip,\n} from '../remediators';\n\nexport const RegistrationFlow: RemediationFlow = {\n  'select-enroll-profile': SelectEnrollProfile,\n  'enroll-profile': EnrollProfile,\n  'authenticator-enrollment-data': AuthenticatorEnrollmentData,\n  'select-authenticator-enroll': SelectAuthenticatorEnroll,\n  'enroll-poll': EnrollPoll,\n  'select-enrollment-channel': SelectEnrollmentChannel,\n  'enrollment-channel-data': EnrollmentChannelData,\n  'enroll-authenticator': EnrollAuthenticator,\n  'skip': Skip,\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { RemediationFlow } from './RemediationFlow';\nimport {\n  Identify,\n  SelectAuthenticatorUnlockAccount,\n  SelectAuthenticatorAuthenticate,\n  ChallengeAuthenticator,\n  ChallengePoll,\n  AuthenticatorVerificationData\n} from '../remediators';\n\nexport const AccountUnlockFlow: RemediationFlow = {\n  'identify': Identify,\n  // NOTE: unlock-account is purposely not included. Handled as action\n  // because it's a rememdiation which requires no input\n  // 'unlock-account': UnlockAccount,\n  'select-authenticator-unlock-account': SelectAuthenticatorUnlockAccount,\n  'select-authenticator-authenticate': SelectAuthenticatorAuthenticate,\n  'challenge-authenticator': ChallengeAuthenticator,\n  'challenge-poll': ChallengePoll,\n  'authenticator-verification-data': AuthenticatorVerificationData,\n};\n","import { OktaAuthIdxInterface, FlowIdentifier } from '../types';\nimport { AuthenticationFlow } from './AuthenticationFlow';\nimport { PasswordRecoveryFlow } from './PasswordRecoveryFlow';\nimport { RegistrationFlow } from './RegistrationFlow';\nimport { AccountUnlockFlow } from './AccountUnlockFlow';\nimport { RemediationFlow } from './RemediationFlow';\n\nexport interface FlowSpecification {\n  flow: FlowIdentifier;\n  remediators: RemediationFlow;\n  actions?: string[];\n  withCredentials?: boolean;\n}\n\n// eslint-disable-next-line complexity\nexport function getFlowSpecification(\n  oktaAuth: OktaAuthIdxInterface,\n  flow: FlowIdentifier = 'default'\n): FlowSpecification {\n  let remediators, actions, withCredentials = true;\n  switch (flow) {\n    case 'register':\n    case 'signup':\n    case 'enrollProfile':\n      remediators = RegistrationFlow;\n      withCredentials = false;\n      break;\n    case 'recoverPassword':\n    case 'resetPassword':\n      remediators = PasswordRecoveryFlow;\n      actions = [\n        'currentAuthenticator-recover', \n        'currentAuthenticatorEnrollment-recover'\n      ];\n      withCredentials = false;\n      break;\n    case 'unlockAccount':\n      remediators = AccountUnlockFlow;\n      withCredentials = false;\n      actions = [\n        'unlock-account'\n      ];\n      break;\n    case 'authenticate':\n    case 'login':\n    case 'signin':\n      remediators = AuthenticationFlow;\n      break;\n    default:\n      // default case has no flow monitor\n      remediators = AuthenticationFlow;\n      break;\n  }\n  return { flow, remediators, actions, withCredentials };\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* eslint-disable max-statements, complexity, max-depth */\nimport { interact } from './interact';\nimport { introspect } from './introspect';\nimport { remediate } from './remediate';\nimport { getFlowSpecification } from './flow';\nimport * as remediators from './remediators';\nimport { \n  OktaAuthIdxInterface,\n  IdxStatus,\n  IdxTransaction,\n  IdxFeature,\n  NextStep,\n  RunOptions,\n  IdxTransactionMeta,\n} from './types';\nimport { IdxMessage, IdxResponse } from './types/idx-js';\nimport { getSavedTransactionMeta, saveTransactionMeta } from './transactionMeta';\nimport { getAvailableSteps, getEnabledFeatures, getMessagesFromResponse, isTerminalResponse } from './util';\nimport { Tokens } from '../oidc/types';\nimport { APIError } from '../errors/types';\ndeclare interface RunData {\n  options: RunOptions;\n  values: remediators.RemediationValues;\n  status?: IdxStatus;\n  tokens?: Tokens;\n  nextStep?: NextStep;\n  messages?: IdxMessage[];\n  error?: APIError | IdxResponse;\n  meta?: IdxTransactionMeta;\n  enabledFeatures?: IdxFeature[];\n  availableSteps?: NextStep[];\n  idxResponse?: IdxResponse;\n  canceled?: boolean;\n  interactionCode?: string;\n  shouldSaveResponse?: boolean;\n  shouldClearTransaction?: boolean;\n  clearSharedStorage?: boolean;\n  terminal?: boolean;\n}\n\nfunction initializeValues(options: RunOptions) {\n  // remove known options, everything else is assumed to be a value\n  const knownOptions = [\n    'flow', \n    'remediators', \n    'actions', \n    'withCredentials', \n    'step',\n    'useGenericRemediator',\n    'exchangeCodeForTokens',\n  ];\n  const values = { ...options };\n  knownOptions.forEach(option => {\n    delete values[option];\n  });\n  return values;\n}\n\nfunction initializeData(authClient, data: RunData): RunData {\n  let { options } = data;\n  options = {\n    ...authClient.options.idx,\n    ...options\n  };\n  let {\n    flow,\n    withCredentials,\n    remediators,\n    actions,\n  } = options;\n\n  const status = IdxStatus.PENDING;\n\n  // certain options can be set by the flow specification\n  flow = flow || authClient.idx.getFlow() || 'default';\n  if (flow) {\n    authClient.idx.setFlow(flow);\n    const flowSpec = getFlowSpecification(authClient, flow);\n    // Favor option values over flow spec\n    withCredentials = (typeof withCredentials !== 'undefined') ? withCredentials : flowSpec.withCredentials;\n    remediators = remediators || flowSpec.remediators;\n    actions = actions || flowSpec.actions;\n  }\n\n  return { \n    ...data,\n    options: { \n      ...options, \n      flow, \n      withCredentials, \n      remediators, \n      actions,\n    },\n    status\n  };\n}\n\nasync function getDataFromIntrospect(authClient, data: RunData): Promise<RunData> {\n  const { options } = data;\n  const {\n    stateHandle,\n    withCredentials,\n    version,\n    state,\n    scopes,\n    recoveryToken,\n    activationToken,\n    maxAge,\n    acrValues,\n    nonce,\n  } = options;\n\n  let idxResponse;\n  let meta = getSavedTransactionMeta(authClient, { state, recoveryToken, activationToken }); // may be undefined\n\n  if (stateHandle) {\n    idxResponse = await introspect(authClient, { withCredentials, version, stateHandle });\n  } else {\n    let interactionHandle = meta?.interactionHandle; // may be undefined\n    if (!interactionHandle) {\n      // start a new transaction\n      authClient.transactionManager.clear();\n      const interactResponse = await interact(authClient, {\n        withCredentials,\n        state,\n        scopes,\n        activationToken,\n        recoveryToken,\n        maxAge,\n        acrValues,\n        nonce,\n      }); \n      interactionHandle = interactResponse.interactionHandle;\n      meta = interactResponse.meta;\n    }\n  \n    // Introspect to get idx response\n    idxResponse = await introspect(authClient, { withCredentials, version, interactionHandle });\n  }\n  return { ...data, idxResponse, meta };\n}\n\nasync function getDataFromRemediate(authClient, data: RunData): Promise<RunData> {\n  let {\n    idxResponse,\n    options,\n    values\n  } = data;\n\n  const {\n    autoRemediate,\n    remediators,\n    actions,\n    flow,\n    step,\n    useGenericRemediator,\n  } = options;\n  \n  const shouldRemediate = (autoRemediate !== false && (remediators || actions || step));\n  if (!shouldRemediate) {\n    return data;\n  }\n\n  values = { \n    ...values, \n    stateHandle: idxResponse!.rawIdxState.stateHandle \n  };\n\n  // Can we handle the remediations?\n  const { \n    idxResponse: idxResponseFromRemediation, \n    nextStep,\n    canceled,\n  } = await remediate(\n    authClient,\n    idxResponse!, \n    values, \n    {\n      remediators,\n      actions,\n      flow,\n      step,\n      useGenericRemediator,\n    }\n  );\n  idxResponse = idxResponseFromRemediation;\n\n  return { ...data, idxResponse, nextStep, canceled };\n}\n\nasync function getTokens(authClient, data: RunData): Promise<Tokens> {\n  let { meta, idxResponse } = data;\n  const { interactionCode } = idxResponse as IdxResponse;\n  const {\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    urls,\n    scopes,\n  } = meta as IdxTransactionMeta;\n  const tokenResponse = await authClient.token.exchangeCodeForTokens({\n    interactionCode,\n    clientId,\n    codeVerifier,\n    ignoreSignature,\n    redirectUri,\n    scopes\n  }, urls);\n  return tokenResponse.tokens;\n}\n\nasync function finalizeData(authClient, data: RunData): Promise<RunData> {\n  let {\n    options,\n    idxResponse,\n    canceled,\n    status,\n  } = data;\n  const { exchangeCodeForTokens } = options;\n  let shouldSaveResponse = false;\n  let shouldClearTransaction = false;\n  let clearSharedStorage = true;\n  let interactionCode;\n  let tokens;\n  let enabledFeatures;\n  let availableSteps;\n  let messages;\n  let terminal;\n\n  if (idxResponse) {\n    shouldSaveResponse = !!(idxResponse.requestDidSucceed || idxResponse.stepUp);\n    enabledFeatures = getEnabledFeatures(idxResponse);\n    availableSteps = getAvailableSteps(authClient, idxResponse, options.useGenericRemediator);\n    messages = getMessagesFromResponse(idxResponse, options);\n    terminal = isTerminalResponse(idxResponse);\n  }\n\n  if (terminal) {\n    status = IdxStatus.TERMINAL;\n\n    // In most cases a terminal response should not clear transaction data. The user should cancel or skip to continue.\n    // A terminal \"success\" is a non-error response with no further actions available.\n    // In these narrow cases, saved transaction data should be cleared.\n    // One example of a terminal success is when the email verify flow is continued in another tab\n    const hasActions = Object.keys(idxResponse!.actions).length > 0;\n    const hasErrors = !!messages.find(msg => msg.class === 'ERROR');\n    const isTerminalSuccess = !hasActions && !hasErrors && idxResponse!.requestDidSucceed === true;\n    if (isTerminalSuccess) {\n      shouldClearTransaction = true;\n    } else {\n      // save response if there are actions available (ignore messages)\n      shouldSaveResponse = !!hasActions;\n    }\n    // leave shared storage intact so the transaction can be continued in another tab\n    clearSharedStorage = false;\n  } else if (canceled) {\n    status = IdxStatus.CANCELED;\n    shouldClearTransaction = true;\n  } else if (idxResponse?.interactionCode) { \n    interactionCode = idxResponse.interactionCode;\n    if (exchangeCodeForTokens === false) {\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = false;\n    } else {\n      tokens = await getTokens(authClient, data);\n      status = IdxStatus.SUCCESS;\n      shouldClearTransaction = true;\n    }\n  }\n  return {\n    ...data,\n    status,\n    interactionCode,\n    tokens,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    enabledFeatures,\n    availableSteps,\n    messages,\n    terminal\n  };\n}\n\nexport async function run(\n  authClient: OktaAuthIdxInterface, \n  options: RunOptions = {},\n): Promise<IdxTransaction> {\n  let data: RunData = {\n    options,\n    values: initializeValues(options)\n  };\n\n  data = initializeData(authClient, data);\n  data = await getDataFromIntrospect(authClient, data);\n  data = await getDataFromRemediate(authClient, data);\n  data = await finalizeData(authClient, data);\n\n  const {\n    idxResponse,\n    meta,\n    shouldSaveResponse,\n    shouldClearTransaction,\n    clearSharedStorage,\n    status,\n    enabledFeatures,\n    availableSteps,\n    tokens,\n    nextStep,\n    messages,\n    error,\n    interactionCode\n  } = data;\n\n  if (shouldClearTransaction) {\n    authClient.transactionManager.clear({ clearSharedStorage });\n  }\n  else {\n    // ensures state is saved to sessionStorage\n    saveTransactionMeta(authClient, { ...meta });\n\n    if (shouldSaveResponse) {\n      // Save intermediate idx response in storage to reduce introspect call\n      const { rawIdxState: rawIdxResponse, requestDidSucceed } = idxResponse!;\n      authClient.transactionManager.saveIdxResponse({\n        rawIdxResponse,\n        requestDidSucceed,\n        stateHandle: idxResponse!.context?.stateHandle,\n        interactionHandle: meta?.interactionHandle\n      });\n    }\n  }\n  \n  // copy all fields from idxResponse which are needed by the widget\n  const { actions, context, neededToProceed, proceed, rawIdxState, requestDidSucceed, stepUp } = idxResponse || {};\n  return {\n    status: status!,\n    ...(meta && { meta }),\n    ...(enabledFeatures && { enabledFeatures }),\n    ...(availableSteps && { availableSteps }),\n    ...(tokens && { tokens }),\n    ...(nextStep && { nextStep }),\n    ...(messages && messages.length && { messages }),\n    ...(error && { error }),\n    ...(stepUp && { stepUp }),\n    interactionCode, // if options.exchangeCodeForTokens is false\n\n    // from idx-js\n    actions: actions!,\n    context: context!,\n    neededToProceed: neededToProceed!,\n    proceed: proceed!,\n    rawIdxState: rawIdxState!,\n    requestDidSucceed\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n  OktaAuthIdxInterface,\n  IdxTransaction,\n  AuthenticatorKey,\n  AuthenticationOptions\n} from './types';\nimport { run } from './run';\n\nexport async function authenticate(\n  authClient: OktaAuthIdxInterface, options: AuthenticationOptions = {}\n): Promise<IdxTransaction> {\n  if (options.password && !options.authenticator) {\n    options.authenticator = AuthenticatorKey.OKTA_PASSWORD;\n  }\n  return run(authClient, { \n    ...options, \n    flow: 'authenticate'\n  });\n}\n","/*!\n * Copyright (c) 2021, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface, CancelOptions, IdxTransactionMeta } from './types';\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\n\nexport async function cancel (authClient: OktaAuthIdxInterface, options?: CancelOptions) {\n  const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n  const flowSpec = getFlowSpecification(authClient, meta.flow);\n  return run(authClient, {\n    ...options,\n    ...flowSpec,\n    actions: ['cancel']\n  });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nexport function urlParamsToObject(hashOrSearch: string) {\n  // Predefine regexs for parsing hash\n  var plus2space = /\\+/g;\n  var paramSplit = /([^&=]+)=?([^&]*)/g;\n  var fragment = hashOrSearch || '';\n\n  // Some hash based routers will automatically add a / character after the hash\n  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n    fragment = fragment.substring(2);\n  }\n\n  // Remove the leading # or ?\n  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n    fragment = fragment.substring(1);\n  }\n\n\n  var obj = {};\n\n  // Loop until we have no more params\n  var param;\n  while (true) { // eslint-disable-line no-constant-condition\n    param = paramSplit.exec(fragment);\n    if (!param) { break; }\n\n    var key = param[1];\n    var value = param[2];\n\n    // id_token should remain base64url encoded\n    if (key === 'id_token' || key === 'access_token' || key === 'code') {\n      obj[key] = value;\n    } else {\n      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n    }\n  }\n  return obj;\n}\n","\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthIdxInterface } from './types';\n\nimport CustomError from '../errors/CustomError';\nimport { urlParamsToObject  } from '../oidc/util/urlParams';\nimport { EmailVerifyCallbackResponse } from './types/api';\n\nexport class EmailVerifyCallbackError extends CustomError {\n  state: string;\n  otp: string;\n\n  constructor(state: string, otp: string) {\n    super(`Enter the OTP code in the originating client: ${otp}`);\n    this.name = 'EmailVerifyCallbackError';\n    this.state = state;\n    this.otp = otp;\n  }\n}\n\nexport function isEmailVerifyCallbackError(error: Error) {\n  return (error.name === 'EmailVerifyCallbackError');\n}\n\n// Check if state && otp have been passed back in the url\nexport function isEmailVerifyCallback (urlPath: string): boolean {\n  return /(otp=)/i.test(urlPath) && /(state=)/i.test(urlPath);\n}\n\n// Parse state and otp from a urlPath (should be either a search or fragment from the URL)\nexport function parseEmailVerifyCallback(urlPath: string): EmailVerifyCallbackResponse {\n  return urlParamsToObject(urlPath) as EmailVerifyCallbackResponse;\n}\n\nexport async function handleEmailVerifyCallback(authClient: OktaAuthIdxInterface, search: string) {\n  if (isEmailVerifyCallback(search)) {\n    const { state, otp } = parseEmailVerifyCallback(search);\n    if (authClient.idx.canProceed({ state })) {\n      // same browser / device\n      return await authClient.idx.proceed({ state, otp });\n    } else {\n      // different browser or device\n      throw new EmailVerifyCallbackError(state, otp);\n    }\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { \n  OktaAuthIdxInterface,\n  IdxTransaction,\n  ProceedOptions,\n} from './types';\nimport { run } from './run';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { AuthSdkError } from '../errors';\n\nexport function canProceed(authClient: OktaAuthIdxInterface, options: ProceedOptions = {}): boolean {\n  const meta = getSavedTransactionMeta(authClient, options);\n  return !!(meta || options.stateHandle);\n}\n\nexport async function proceed(\n  authClient: OktaAuthIdxInterface,\n  options: ProceedOptions = {}\n): Promise<IdxTransaction> {\n\n  if (!canProceed(authClient, options)) {\n    throw new AuthSdkError('Unable to proceed: saved transaction could not be loaded');\n  }\n\n  let { flow, state } = options;\n  if (!flow) {\n    const meta = getSavedTransactionMeta(authClient, { state });\n    flow = meta?.flow;\n  }\n\n  return run(authClient, { \n    ...options, \n    flow\n  });\n}\n","/*!\n * Copyright (c) 2021-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { proceed } from './proceed';\n\nimport { \n  IdxPollOptions,\n  IdxTransaction,\n  OktaAuthIdxInterface,\n} from './types';\nimport { getSavedTransactionMeta } from './transactionMeta';\nimport { warn } from '../util';\n\nexport async function poll(authClient: OktaAuthIdxInterface, options: IdxPollOptions = {}): Promise<IdxTransaction> {\n  let transaction = await proceed(authClient, {\n    startPolling: true\n  });\n\n  const meta = getSavedTransactionMeta(authClient);\n  let availablePollingRemeditaions = meta?.remediations?.find(remediation => remediation.includes('poll'));\n  if (!availablePollingRemeditaions?.length) {\n    warn('No polling remediations available at the current IDX flow stage');\n  }\n\n  if (Number.isInteger(options.refresh)) {\n    return new Promise(function (resolve, reject) {\n      setTimeout(async function () {\n        try {\n          const refresh = transaction.nextStep?.poll?.refresh;\n          if (refresh) {\n            resolve(poll(authClient, {\n              refresh\n            }));\n          } else {\n            resolve(transaction);\n          }\n        } catch (err) {\n          reject(err);\n        }\n      }, options.refresh);\n    });\n  }\n\n  return transaction;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { OktaAuthIdxInterface, IdxTransaction, StartOptions } from './types';\n\nexport async function startTransaction(\n  authClient: OktaAuthIdxInterface, \n  options: StartOptions = {}\n): Promise<IdxTransaction> {\n  // Clear IDX response cache and saved transaction meta (if any)\n  authClient.transactionManager.clear();\n\n  return run(authClient, {\n    exchangeCodeForTokens: false,\n    ...options\n  });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n  RegistrationOptions, \n  IdxTransaction, \n  OktaAuthIdxInterface, \n  IdxFeature,\n} from './types';\n\nexport async function register(\n  authClient: OktaAuthIdxInterface, options: RegistrationOptions = {}\n): Promise<IdxTransaction> {\n\n  // Only check at the beginning of the transaction\n  if (!hasSavedInteractionHandle(authClient)) {\n    const { enabledFeatures } = await startTransaction(authClient, {\n      ...options,\n      flow: 'register',\n      autoRemediate: false\n    });\n    if (!options.activationToken && enabledFeatures && !enabledFeatures.includes(IdxFeature.REGISTRATION)) {\n      throw new AuthSdkError('Registration is not supported based on your current org configuration.');\n    }\n  }\n\n  return run(authClient, {\n    ...options,\n    flow: 'register'\n  });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { getFlowSpecification } from './flow';\nimport { \n  OktaAuthIdxInterface, \n  PasswordRecoveryOptions, \n  IdxTransaction,\n} from './types';\n\nexport async function recoverPassword(\n  authClient: OktaAuthIdxInterface, options: PasswordRecoveryOptions = {}\n): Promise<IdxTransaction> {\n  const flowSpec = getFlowSpecification(authClient, 'recoverPassword');\n  return run(\n    authClient, \n    { \n      ...options,\n      ...flowSpec,\n    }\n  );\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { IdxTransactionMeta } from './types/meta';\nimport { OktaAuthIdxInterface } from './types';\n\nexport async function handleInteractionCodeRedirect(\n  authClient: OktaAuthIdxInterface, \n  url: string\n): Promise<void> {\n  const meta = authClient.transactionManager.load() as IdxTransactionMeta;\n  if (!meta) {\n    throw new AuthSdkError('No transaction data was found in storage');\n  }\n\n  const { \n    codeVerifier,\n    state: savedState \n  } = meta;\n  const { \n    searchParams\n  // URL API has been added to the polyfill\n  // eslint-disable-next-line compat/compat\n  } = new URL(url); \n  const state = searchParams.get('state');\n  const interactionCode = searchParams.get('interaction_code');\n\n  // Error handling\n  const error = searchParams.get('error');\n  if (error) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    throw new OAuthError(error, searchParams.get('error_description')!);\n  }\n  if (state !== savedState) {\n    throw new AuthSdkError('State in redirect uri does not match with transaction state');\n  }\n  if (!interactionCode) {\n    throw new AuthSdkError('Unable to parse interaction_code from the url');\n  }\n  \n  // Save tokens to storage\n  const { tokens } = await authClient.token.exchangeCodeForTokens({ interactionCode, codeVerifier });\n  authClient.tokenManager.setTokens(tokens);\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { run } from './run';\nimport { hasSavedInteractionHandle } from './transactionMeta';\nimport { startTransaction } from './startTransaction';\nimport { AuthSdkError } from '../errors';\nimport { \n  OktaAuthIdxInterface, \n  AccountUnlockOptions, \n  IdxTransaction,\n  IdxFeature,\n} from './types';\n\nexport async function unlockAccount(\n  authClient: OktaAuthIdxInterface, options: AccountUnlockOptions = {}\n): Promise<IdxTransaction> {\n  options.flow = 'unlockAccount';\n\n  // Only check at the beginning of the transaction\n  if (!hasSavedInteractionHandle(authClient)) {\n    const { enabledFeatures } = await startTransaction(authClient, { ...options, autoRemediate: false });\n    if (enabledFeatures && !enabledFeatures.includes(IdxFeature.ACCOUNT_UNLOCK)) {\n      throw new AuthSdkError(\n        'Self Service Account Unlock is not supported based on your current org configuration.'\n      );\n    }\n  }\n\n  return run(authClient, { ...options });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { OktaAuthOAuthInterface } from '../types';\nimport { OAuthError, AuthApiError, isOAuthError } from '../../errors';\n\nexport function isInteractionRequiredError(error: Error) {\n  if (error.name !== 'OAuthError') {\n    return false;\n  }\n  const oauthError = error as OAuthError;\n  return (oauthError.errorCode === 'interaction_required');\n}\n\nexport function isAuthorizationCodeError(sdk: OktaAuthOAuthInterface, error: Error) {\n  if (error.name !== 'AuthApiError') {\n    return false;\n  }\n  const authApiError = error as AuthApiError;\n  // xhr property doesn't seem to match XMLHttpRequest type\n  const errorResponse = authApiError.xhr as unknown as Record<string, unknown>;\n  const responseJSON = errorResponse?.responseJSON as Record<string, unknown>;\n  return sdk.options.pkce && (responseJSON?.error as string === 'invalid_grant');\n}\n\nexport function isRefreshTokenInvalidError(error: unknown): boolean {\n  // error: {\"error\":\"invalid_grant\",\"error_description\":\"The refresh token is invalid or expired.\"}\n  return isOAuthError(error) &&\n    error.errorCode === 'invalid_grant' &&\n    error.errorSummary === 'The refresh token is invalid or expired.';\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\n/* eslint-disable complexity, max-statements */\nimport { OktaAuthOAuthOptions, OktaAuthOAuthInterface } from '../types';\n\nexport function hasTokensInHash(hash: string): boolean {\n  return /((id|access)_token=)/i.test(hash);\n}\n\n// authorization_code\nexport function hasAuthorizationCode(hashOrSearch: string): boolean {\n  return /(code=)/i.test(hashOrSearch);\n}\n\n// interaction_code\nexport function hasInteractionCode(hashOrSearch: string): boolean {\n  return /(interaction_code=)/i.test(hashOrSearch);\n}\n\nexport function hasErrorInUrl(hashOrSearch: string): boolean {\n  return /(error=)/i.test(hashOrSearch) || /(error_description)/i.test(hashOrSearch);\n}\n\nexport function isRedirectUri(uri: string, sdk: OktaAuthOAuthInterface): boolean {\n  var authParams = sdk.options;\n  if (!uri || !authParams.redirectUri) {\n    return false;\n  }\n  return uri.indexOf(authParams.redirectUri) === 0;\n}\n\nexport function isCodeFlow(options: OktaAuthOAuthOptions) {\n  return options.pkce || options.responseType === 'code' || options.responseMode === 'query';\n}\n\nexport function getHashOrSearch(options: OktaAuthOAuthOptions) {\n  var codeFlow = isCodeFlow(options);\n  var useQuery = codeFlow && options.responseMode !== 'fragment';\n  return useQuery ? window.location.search : window.location.hash;\n}\n\n/**\n * Check if tokens or a code have been passed back into the url, which happens in\n * the OIDC (including social auth IDP) redirect flow.\n */\nexport function isLoginRedirect (sdk: OktaAuthOAuthInterface) {\n  // First check, is this a redirect URI?\n  if (!isRedirectUri(window.location.href, sdk)){\n    return false;\n  }\n\n  // The location contains either a code, token, or an error + error_description\n  var codeFlow = isCodeFlow(sdk.options);\n  var hashOrSearch = getHashOrSearch(sdk.options);\n\n  if (hasErrorInUrl(hashOrSearch)) {\n    return true;\n  }\n\n  if (codeFlow) {\n    var hasCode =  hasAuthorizationCode(hashOrSearch) || hasInteractionCode(hashOrSearch);\n    return hasCode;\n  }\n\n  // implicit flow, will always be hash fragment\n  return hasTokensInHash(window.location.hash);\n}\n\n/**\n * Check if error=interaction_required has been passed back in the url, which happens in\n * the social auth IDP redirect flow.\n */\nexport function isInteractionRequired (sdk: OktaAuthOAuthInterface, hashOrSearch?: string) {\n  if (!hashOrSearch) { // web only\n    // First check, is this a redirect URI?\n    if (!isLoginRedirect(sdk)){\n      return false;\n    }\n  \n    hashOrSearch = getHashOrSearch(sdk.options);\n  }\n  return /(error=interaction_required)/i.test(hashOrSearch);\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { isInteractionRequired, isInteractionRequiredError } from '../../oidc';\nimport { authenticate } from '../authenticate';\nimport { cancel } from '../cancel';\nimport {\n  handleEmailVerifyCallback,\n  isEmailVerifyCallback,\n  isEmailVerifyCallbackError,\n  parseEmailVerifyCallback\n} from '../emailVerify';\nimport { handleInteractionCodeRedirect } from '../handleInteractionCodeRedirect';\nimport { makeIdxState } from '../idxState';\nimport { interact } from '../interact';\nimport { introspect } from '../introspect';\nimport { poll } from '../poll';\nimport { canProceed, proceed } from '../proceed';\nimport { recoverPassword } from '../recoverPassword';\nimport { register } from '../register';\nimport { startTransaction } from '../startTransaction';\nimport {\n  clearTransactionMeta,\n  createTransactionMeta,\n  getSavedTransactionMeta,\n  getTransactionMeta,\n  isTransactionMetaValid,\n  saveTransactionMeta\n} from '../transactionMeta';\nimport { FlowIdentifier, IdxAPI, OktaAuthIdxInterface } from '../types';\nimport { unlockAccount } from '../unlockAccount';\n\n// Factory\nexport function createIdxAPI(sdk: OktaAuthIdxInterface): IdxAPI {\n  const boundStartTransaction = startTransaction.bind(null, sdk);\n  const idx = {\n    interact: interact.bind(null, sdk),\n    introspect: introspect.bind(null, sdk),\n    makeIdxResponse: makeIdxState.bind(null, sdk),\n    \n    authenticate: authenticate.bind(null, sdk),\n    register: register.bind(null, sdk),\n    start: boundStartTransaction,\n    startTransaction: boundStartTransaction, // Use `start` instead. `startTransaction` will be removed in 7.0\n    poll: poll.bind(null, sdk),\n    proceed: proceed.bind(null, sdk),\n    cancel: cancel.bind(null, sdk),\n    recoverPassword: recoverPassword.bind(null, sdk),\n\n    // oauth redirect callback\n    handleInteractionCodeRedirect: handleInteractionCodeRedirect.bind(null, sdk),\n\n    // interaction required callback\n    isInteractionRequired: isInteractionRequired.bind(null, sdk),\n    isInteractionRequiredError,\n\n    // email verify callback\n    handleEmailVerifyCallback: handleEmailVerifyCallback.bind(null, sdk),\n    isEmailVerifyCallback,\n    parseEmailVerifyCallback,\n    isEmailVerifyCallbackError,\n    \n    getSavedTransactionMeta: getSavedTransactionMeta.bind(null, sdk),\n    createTransactionMeta: createTransactionMeta.bind(null, sdk),\n    getTransactionMeta: getTransactionMeta.bind(null, sdk),\n    saveTransactionMeta: saveTransactionMeta.bind(null, sdk),\n    clearTransactionMeta: clearTransactionMeta.bind(null, sdk),\n    isTransactionMetaValid,\n    setFlow: (flow: FlowIdentifier) => {\n      sdk.options.flow = flow;\n    },\n    getFlow: (): FlowIdentifier | undefined => {\n      return sdk.options.flow;\n    },\n    canProceed: canProceed.bind(null, sdk),\n    unlockAccount: unlockAccount.bind(null, sdk),\n  };\n  return idx;\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n/* global atob, btoa, crypto */\nconst a = function(str) { return atob(str); };\nconst b = function (str) { return btoa(str); };\nconst c = typeof crypto === 'undefined' ? null : crypto;\n\nexport { a as atob, b as btoa, c as webcrypto };\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable node/no-unsupported-features/node-builtins */\n/* global document, window, TextEncoder, navigator */\n\nimport { webcrypto } from './crypto';\n\nconst isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\t\n\nexport function isBrowser() {\n  return typeof document !== 'undefined' && typeof window !== 'undefined';\n}\n\nexport function isIE11OrLess() {\n  if (!isBrowser()) {\n    return false;\n  }\n  const documentMode = (document as any).documentMode;\n  return !!documentMode && documentMode <= 11;\n}\n\nexport function getUserAgent() {\n  return navigator.userAgent;\n}\n\nexport function isFingerprintSupported() {\n  const agent = getUserAgent();\n  return agent && !isWindowsPhone.test(agent);\t\n}\n\nexport function isPopupPostMessageSupported() {\n  if (!isBrowser()) {\n    return false;\n  }\n  const documentMode = (document as any).documentMode;\n  var isIE8or9 = documentMode && documentMode < 10;\n  if (typeof window.postMessage !== 'undefined' && !isIE8or9) {\n    return true;\n  }\n  return false;\n}\n\nexport function isTokenVerifySupported() {\n  return typeof webcrypto !== 'undefined'\n    && webcrypto !== null\n    && typeof webcrypto.subtle !== 'undefined'\n    && typeof Uint8Array !== 'undefined';\n}\n\nexport function hasTextEncoder() {\n  return typeof TextEncoder !== 'undefined';\n}\n\nexport function isPKCESupported() {\n  return isTokenVerifySupported() && hasTextEncoder();\n}\n\nexport function isHTTPS() {\n  if (!isBrowser()) {\n    return false;\n  }\n  return window.location.protocol === 'https:';\n}\n\nexport function isLocalhost() {\n  // eslint-disable-next-line compat/compat\n  return isBrowser() && window.location.hostname === 'localhost';\n}\n\n","\n\n// Do not use this type in code, so it won't be emitted in the declaration output\nimport { removeNils } from '../util';\n\nimport * as features from '../features';\nimport * as constants from '../constants';\n\n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport Emitter from 'tiny-emitter';\n\nimport {\n  EventEmitter,\n  OktaAuthConstructor,\n  OktaAuthBaseInterface,\n  OktaAuthBaseOptions,\n  OktaAuthOptionsConstructor, \n  FeaturesAPI,\n} from './types';\n\nexport function createOktaAuthBase\n<\n  O extends OktaAuthBaseOptions = OktaAuthBaseOptions,\n>\n(\n  OptionsConstructor: OktaAuthOptionsConstructor<O>\n): OktaAuthConstructor<OktaAuthBaseInterface<O>>\n{\n  class OktaAuthBase implements OktaAuthBaseInterface<O>\n  {\n    options: O;\n    emitter: EventEmitter;\n    features: FeaturesAPI;\n    static features: FeaturesAPI = features;\n    static constants = constants;\n    \n    constructor(...args: any[]) {\n      const options = new OptionsConstructor(args.length ? args[0] || {} : {});\n      this.options = removeNils(options) as O; // clear out undefined values\n      this.emitter = new Emitter();\n      this.features = features;\n    }\n  }\n\n  // Hoist feature detection functions to prototype & static type\n  OktaAuthBase.features = OktaAuthBase.prototype.features = features;\n\n  // Also hoist constants for CommonJS users\n  Object.assign(OktaAuthBase, {\n    constants\n  });\n\n  return OktaAuthBase;\n}\n","import { OktaAuthBaseInterface, OktaAuthConstructor } from '../base/types';\nimport {\n  OktaAuthStorageInterface,\n  OktaAuthStorageOptions,\n  StorageManagerConstructor,\n  StorageManagerInterface,\n} from './types';\n\nexport function mixinStorage\n<\n  S extends StorageManagerInterface = StorageManagerInterface,\n  O extends OktaAuthStorageOptions = OktaAuthStorageOptions,\n  TBase extends OktaAuthConstructor<OktaAuthBaseInterface<O>> = OktaAuthConstructor<OktaAuthBaseInterface<O>>\n>\n(\n  Base: TBase, StorageManager: StorageManagerConstructor<S>\n): TBase & OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n{\n  return class OktaAuthStorage extends Base implements OktaAuthStorageInterface<S, O>\n  {\n    storageManager: S;\n    constructor(...args: any[]) {\n      super(...args);\n      const { storageManager, cookies, storageUtil } = this.options;\n      this.storageManager = new StorageManager(storageManager!, cookies!, storageUtil!);\n    }\n    clearStorage(): void {\n      // override in subclass\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global SDK_VERSION */\n\nimport { isBrowser } from '../features';\nexport class OktaUserAgent {\n  environments: string[];\n\n  constructor() {\n    // add base sdk env\n    this.environments = [`okta-auth-js/${SDK_VERSION}`];\n    this.maybeAddNodeEnvironment();\n  }\n\n  addEnvironment(env: string) {\n    this.environments.push(env);\n  }\n\n  getHttpHeader() {\n    return { 'X-Okta-User-Agent-Extended': this.environments.join(' ') };\n  }\n\n  getVersion() {\n    return SDK_VERSION;\n  }\n\n  maybeAddNodeEnvironment() {\n    if (isBrowser() || !process || !process.versions) {\n      return;\n    }\n    const { node: version } = process.versions;\n    this.environments.push(`nodejs/${version}`);\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { OktaAuthHttpInterface } from './types';\n\nexport function setRequestHeader(authClient: OktaAuthHttpInterface, headerName, headerValue) {\n  authClient.options.headers = authClient.options.headers || {};\n  authClient.options.headers[headerName] = headerValue;\n}","import { OktaAuthStorageInterface, StorageManagerInterface } from '../storage/types';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n  HttpAPI,\n  OktaAuthHttpInterface,\n  OktaAuthHttpOptions,\n} from './types';\nimport { OktaUserAgent } from './OktaUserAgent';\nimport { setRequestHeader } from './headers';\nimport { toQueryString } from '../util';\nimport { get } from './request';\n\nexport function mixinHttp\n<\n  S extends StorageManagerInterface = StorageManagerInterface,\n  O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n  TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n{\n  return class OktaAuthHttp extends Base implements OktaAuthHttpInterface<S, O>\n  {\n    _oktaUserAgent: OktaUserAgent;\n    http: HttpAPI;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this._oktaUserAgent = new OktaUserAgent();\n\n      // HTTP\n      this.http = {\n        setRequestHeader: setRequestHeader.bind(null, this)\n      };\n    }\n\n    setHeaders(headers) {\n      this.options.headers = Object.assign({}, this.options.headers, headers);\n    }\n  \n    getIssuerOrigin(): string {\n      // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return this.options.issuer!.split('/oauth2/')[0];\n    }\n  \n    webfinger(opts): Promise<object> {\n      var url = '/.well-known/webfinger' + toQueryString(opts);\n      var options = {\n        headers: {\n          'Accept': 'application/jrd+json'\n        }\n      };\n      return get(this, url, options);\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { AuthSdkError } from '../errors';\nimport { atob, btoa } from './webcrypto';\n\n// converts a string to base64 (url/filename safe variant)\nexport function stringToBase64Url(str) {\n  var b64 = btoa(str);\n  return base64ToBase64Url(b64);\n}\n\n// converts a standard base64-encoded string to a \"url/filename safe\" variant\nexport function base64ToBase64Url(b64) {\n  return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// converts a \"url/filename safe\" base64 string to a \"standard\" base64 string\nexport function base64UrlToBase64(b64u) {\n  return b64u.replace(/-/g, '+').replace(/_/g, '/');\n}\n\nexport function base64UrlToString(b64u) {\n  var b64 = base64UrlToBase64(b64u);\n  switch (b64.length % 4) {\n    case 0:\n      break;\n    case 2:\n      b64 += '==';\n      break;\n    case 3:\n      b64 += '=';\n      break;\n    default:\n      throw new AuthSdkError('Not a valid Base64Url');\n  }\n  var utf8 = atob(b64);\n  try {\n    return decodeURIComponent(escape(utf8));\n  } catch (e) {\n    return utf8;\n  }\n}\n\nexport function stringToBuffer(str) {\n  var buffer = new Uint8Array(str.length);\n  for (var i = 0; i < str.length; i++) {\n    buffer[i] = str.charCodeAt(i);\n  }\n  return buffer;\n}\n\nexport function base64UrlDecode(str) {\n  return atob(base64UrlToBase64(str));\n}\n\n// Converts base64 string to binary data view\nexport function base64UrlToBuffer(b64u) {\n  return Uint8Array.from(base64UrlDecode(b64u), (c: string) => c.charCodeAt(0));\n}\n\n// Converts an ArrayBuffer object that contains binary data to base64 encoded string\nexport function bufferToBase64Url(bin) {\n  return btoa(new Uint8Array(bin).reduce((s, byte) => s + String.fromCharCode(byte), ''));\n}\n\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* global TextEncoder */\nimport { stringToBase64Url } from './base64';\nimport { webcrypto } from './webcrypto';\n\nexport function getOidcHash(str) {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var intBuffer = new Uint8Array(arrayBuffer);\n    var firstHalf = intBuffer.slice(0, 16);\n    var hash = String.fromCharCode.apply(null, firstHalf as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { clone } from '../util';\nimport { stringToBuffer, base64UrlDecode } from './base64';\nimport { webcrypto } from './webcrypto';\n\nexport function verifyToken(idToken, key) {\n  key = clone(key);\n\n  var format = 'jwk';\n  var algo = {\n    name: 'RSASSA-PKCS1-v1_5',\n    hash: { name: 'SHA-256' }\n  };\n  var extractable = true;\n  var usages = ['verify'];\n\n  // https://connect.microsoft.com/IE/feedback/details/2242108/webcryptoapi-importing-jwk-with-use-field-fails\n  // This is a metadata tag that specifies the intent of how the key should be used.\n  // It's not necessary to properly verify the jwt's signature.\n  delete key.use;\n\n  // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n  // @ts-ignore\n  return webcrypto.subtle.importKey(\n    format,\n    key,\n    algo,\n    extractable,\n    usages\n  )\n  .then(function(cryptoKey) {\n    var jwt = idToken.split('.');\n    var payload = stringToBuffer(jwt[0] + '.' + jwt[1]);\n    var b64Signature = base64UrlDecode(jwt[2]);\n    var signature = stringToBuffer(b64Signature);\n\n    return webcrypto.subtle.verify(\n      algo,\n      cryptoKey,\n      signature,\n      payload\n    );\n  });\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n// Implements a queue for synchronous or asynchronous methods\n// Methods will be wrapped in a promise and execute sequentially\n// This can be used to prevent concurrent calls to a single method or a set of methods\n\nimport { isPromise } from './types';\nimport { warn } from './console';\n\ninterface QueueItem {\n  method: () => void;\n  thisObject: object;\n  args: any[];\n  resolve: (value?: unknown) => void;\n  reject: (reason?: unknown) => void;\n}\n\ninterface PromiseQueueOptions {\n  quiet?: boolean; // if false, concurrrency warnings will not be logged\n}\nexport class PromiseQueue {\n  queue: QueueItem[];\n  running: boolean;\n  options: PromiseQueueOptions;\n\n  constructor(options: PromiseQueueOptions = { quiet: false }) {\n    this.queue = [];\n    this.running = false;\n    this.options = options;\n  }\n\n  // Returns a promise\n  // If the method is synchronous, it will resolve when the method completes\n  // If the method returns a promise, it will resolve (or reject) with the value from the method's promise\n  push(method: (...args: any) => any, thisObject: any, ...args: any[]) {\n    return new Promise((resolve, reject) => {\n      if (this.queue.length > 0) {\n        // There is at least one other pending call.\n        // The PromiseQueue will prevent these methods from running concurrently.\n        if (this.options.quiet !== false) {\n          warn(\n            'Async method is being called but another async method is already running. ' +\n            'The new method will be delayed until the previous method completes.'\n          );\n        }\n      }\n      this.queue.push({\n        method,\n        thisObject,\n        args,\n        resolve,\n        reject\n      });\n      this.run();\n    });\n  }\n\n  run() {\n    if (this.running) {\n      return;\n    }\n    if (this.queue.length === 0) {\n      return;\n    }\n    this.running = true;\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    var queueItem = this.queue.shift()!;\n    var res = queueItem.method.apply(queueItem.thisObject, queueItem.args as never) as unknown;\n    if (isPromise(res)) {\n      (res as Promise<unknown>).then(queueItem.resolve, queueItem.reject).finally(() => {\n        this.running = false;\n        this.run();\n      });\n    } else {\n      queueItem.resolve(res);\n      this.running = false;\n      this.run();\n    }\n  }\n}\n","/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n /* eslint-disable complexity, max-statements */\nimport { stringToBase64Url, webcrypto } from '../../crypto';\nimport { MIN_VERIFIER_LENGTH, MAX_VERIFIER_LENGTH, DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  webcrypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix?: string): string {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction computeChallenge(str: string): PromiseLike<any> {  \n  var buffer = new TextEncoder().encode(str);\n  return webcrypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer) as unknown as number[]);\n    var b64u = stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nexport default {\n  DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier,\n  computeChallenge\n};\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { JWTObject } from './types';\nimport { base64UrlToString } from '../crypto';\n\nexport function decodeToken(token: string): JWTObject {\n  var jwt = token.split('.');\n  var decodedToken: JWTObject;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(base64UrlToString(jwt[0])),\n      payload: JSON.parse(base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n","\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateNonce, generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultTokenParams(sdk: OktaAuthOAuthInterface): TokenParams {\n  const {\n    pkce,\n    clientId,\n    redirectUri,\n    responseType,\n    responseMode,\n    scopes,\n    acrValues,\n    maxAge,\n    state,\n    ignoreSignature\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    pkce,\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseType: responseType || ['token', 'id_token'],\n    responseMode,\n    state: state || generateState(),\n    nonce: generateNonce(),\n    scopes: scopes || ['openid', 'email'],\n    acrValues,\n    maxAge,\n    ignoreSignature\n  });\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../../errors';\nimport { CustomUrls, OAuthParams, OAuthResponse, RefreshToken, TokenParams } from '../types';\nimport { removeNils, toQueryString } from '../../util';\nimport { httpRequest, OktaAuthHttpInterface } from '../../http';\n\nfunction validateOptions(options: TokenParams) {\n  // Quick validation\n  if (!options.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!options.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!options.authorizationCode && !options.interactionCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!options.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(sdk, options: TokenParams): string {\n  // Convert Token params to OAuth params, sent to the /token endpoint\n  var params: OAuthParams = removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': options.interactionCode ? 'interaction_code' : 'authorization_code',\n    'code_verifier': options.codeVerifier\n  });\n\n  if (options.interactionCode) {\n    params['interaction_code'] = options.interactionCode;\n  } else if (options.authorizationCode) {\n    params.code = options.authorizationCode;\n  }\n\n  const { clientSecret } = sdk.options;\n  if (clientSecret) {\n    params['client_secret'] = clientSecret;\n  }\n\n  // Encode as URL string\n  return toQueryString(params).slice(1);\n}\n\n// exchange authorization code for an access token\nexport function postToTokenEndpoint(sdk, options: TokenParams, urls: CustomUrls): Promise<OAuthResponse> {\n  validateOptions(options);\n  var data = getPostData(sdk, options);\n\n  const headers = {\n    'Content-Type': 'application/x-www-form-urlencoded'\n  };\n\n  return httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    headers\n  });\n}\n\nexport function postRefreshToken(\n  sdk: OktaAuthHttpInterface,\n  options: TokenParams,\n  refreshToken: RefreshToken\n): Promise<OAuthResponse> {\n  return httpRequest(sdk, {\n    url: refreshToken.tokenUrl,\n    method: 'POST',\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n    },\n\n    args: Object.entries({\n      client_id: options.clientId, // eslint-disable-line camelcase\n      grant_type: 'refresh_token', // eslint-disable-line camelcase\n      scope: refreshToken.scopes.join(' '),\n      refresh_token: refreshToken.refreshToken, // eslint-disable-line camelcase\n    }).map(function ([name, value]) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      return name + '=' + encodeURIComponent(value!);\n    }).join('&'),\n  });\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { get } from '../../http';\nimport { find } from '../../util';\nimport { OktaAuthOAuthInterface, WellKnownResponse } from '../types';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nexport function getWellKnown(sdk: OktaAuthOAuthInterface, issuer?: string): Promise<WellKnownResponse> {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nexport function getKey(sdk: OktaAuthOAuthInterface, issuer: string, kid: string): Promise<string> {\n  var httpCache = sdk.storageManager.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* eslint-disable complexity, max-statements */\n\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { OktaAuthOAuthInterface, TokenVerifyParams, UserClaims } from '../../oidc/types';\n\nexport function validateClaims(sdk: OktaAuthOAuthInterface, claims: UserClaims, validationParams: TokenVerifyParams) {\n  const aud = validationParams.clientId;\n  const iss = validationParams.issuer;\n  const nonce = validationParams.nonce;\n  const acr = validationParams.acrValues;\n\n  if (!claims || !iss || !aud) {\n    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n  }\n\n  if (nonce && claims.nonce !== nonce) {\n    throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n  }\n\n  const now = Math.floor(Date.now()/1000);\n\n  if (claims.iss !== iss) {\n    throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n      'does not match [' + iss + ']');\n  }\n\n  if (claims.aud !== aud) {\n    throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n      'does not match [' + aud + ']');\n  }\n\n  if (acr && claims.acr !== acr) {\n    throw new AuthSdkError('The acr [' + claims.acr + '] ' +\n      'does not match acr_values [' + acr + ']');\n  }\n\n  if (claims.iat! > claims.exp!) {\n    throw new AuthSdkError('The JWT expired before it was issued');\n  }\n\n  if (!sdk.options.ignoreLifetime) {\n    if ((now - sdk.options.maxClockSkew!) > claims.exp!) {\n      throw new AuthSdkError('The JWT expired and is no longer valid');\n    }\n\n    if (claims.iat! > (now + sdk.options.maxClockSkew!)) {\n      throw new AuthSdkError('The JWT was issued in the future');\n    }\n  }\n}\n","/* eslint-disable max-len */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown, getKey } from './endpoints/well-known';\nimport { validateClaims } from './util';\nimport { AuthSdkError } from '../errors';\nimport { IDToken, OktaAuthOAuthInterface, TokenVerifyParams } from '../oidc/types';\nimport { decodeToken } from './decodeToken';\nimport * as sdkCrypto from '../crypto';\n\n// Verify the id token\nexport async function verifyToken(sdk: OktaAuthOAuthInterface, token: IDToken, validationParams: TokenVerifyParams): Promise<IDToken> {\n  if (!token || !token.idToken) {\n    throw new AuthSdkError('Only idTokens may be verified');\n  }\n\n  // Decode the Jwt object (may throw)\n  const jwt = decodeToken(token.idToken);\n\n  // The configured issuer may point to a frontend proxy.\n  // Get the \"real\" issuer from .well-known/openid-configuration\n  const configuredIssuer = validationParams?.issuer || sdk.options.issuer;\n  const { issuer } = await getWellKnown(sdk, configuredIssuer);\n\n  const validationOptions: TokenVerifyParams = Object.assign({\n    // base options, can be overridden by params\n    clientId: sdk.options.clientId,\n    ignoreSignature: sdk.options.ignoreSignature\n  }, validationParams, {\n    // final options, cannot be overridden\n    issuer\n  });\n\n  // Standard claim validation (may throw)\n  validateClaims(sdk, jwt.payload, validationOptions);\n\n  // If the browser doesn't support native crypto or we choose not\n  // to verify the signature, bail early\n  if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n    return token;\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  const key = await getKey(sdk, token.issuer, jwt.header.kid!);\n  const valid = await sdkCrypto.verifyToken(token.idToken, key);\n  if (!valid) {\n    throw new AuthSdkError('The token signature is not valid');\n  }\n  if (validationParams && validationParams.accessToken && token.claims.at_hash) {\n    const hash = await sdkCrypto.getOidcHash(validationParams.accessToken);\n    if (hash !== token.claims.at_hash) {\n      throw new AuthSdkError('Token hash verification failed');\n    }\n  }\n  return token;\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { clone } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport {\n  OktaAuthOAuthInterface,\n  TokenVerifyParams,\n  IDToken,\n  OAuthResponse,\n  TokenParams,\n  TokenResponse,\n  CustomUrls,\n  Tokens,\n} from './types';\nimport { verifyToken } from './verifyToken';\nimport { getDefaultTokenParams } from './util';\n\nfunction validateResponse(res: OAuthResponse, oauthParams: TokenParams) {\n  if (res['error'] && res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nexport async function handleOAuthResponse(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams,\n  res: OAuthResponse,\n  urls?: CustomUrls\n): Promise<TokenResponse> {\n  const pkce = sdk.options.pkce !== false;\n\n  // The result contains an authorization_code and PKCE is enabled \n  // `exchangeCodeForTokens` will call /token then call `handleOauthResponse` recursively with the result\n  if (pkce && (res.code || res.interaction_code)) {\n    return sdk.token.exchangeCodeForTokens(Object.assign({}, tokenParams, {\n      authorizationCode: res.code,\n      interactionCode: res.interaction_code\n    }), urls);\n  }\n\n  tokenParams = tokenParams || getDefaultTokenParams(sdk);\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n\n  let responseType = tokenParams.responseType || [];\n  if (!Array.isArray(responseType) && responseType !== 'none') {\n    responseType = [responseType];\n  }\n\n  let scopes;\n  if (res.scope) {\n    scopes = res.scope.split(' ');\n  } else {\n    scopes = clone(tokenParams.scopes);\n  }\n  const clientId = tokenParams.clientId || sdk.options.clientId;\n\n  // Handling the result from implicit flow or PKCE token exchange\n  validateResponse(res, tokenParams);\n\n  const tokenDict = {} as Tokens;\n  const expiresIn = res.expires_in;\n  const tokenType = res.token_type;\n  const accessToken = res.access_token;\n  const idToken = res.id_token;\n  const refreshToken = res.refresh_token;\n  const now = Math.floor(Date.now()/1000);\n\n  if (accessToken) {\n    const accessJwt = sdk.token.decode(accessToken);\n    tokenDict.accessToken = {\n      accessToken: accessToken,\n      claims: accessJwt.payload,\n      expiresAt: Number(expiresIn) + now,\n      tokenType: tokenType!,\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      userinfoUrl: urls.userinfoUrl!\n    };\n  }\n\n  if (refreshToken) {\n    tokenDict.refreshToken = {\n      refreshToken: refreshToken,\n      // should not be used, this is the accessToken expire time\n      // TODO: remove \"expiresAt\" in the next major version OKTA-407224\n      expiresAt: Number(expiresIn) + now, \n      scopes: scopes,\n      tokenUrl: urls.tokenUrl!,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n    };\n  }\n\n  if (idToken) {\n    const idJwt = sdk.token.decode(idToken);\n    const idTokenObj: IDToken = {\n      idToken: idToken,\n      claims: idJwt.payload,\n      expiresAt: idJwt.payload.exp! - idJwt.payload.iat! + now, // adjusting expiresAt to be in local time\n      scopes: scopes,\n      authorizeUrl: urls.authorizeUrl!,\n      issuer: urls.issuer!,\n      clientId: clientId!\n    };\n\n    const validationParams: TokenVerifyParams = {\n      clientId: clientId!,\n      issuer: urls.issuer!,\n      nonce: tokenParams.nonce,\n      accessToken: accessToken,\n      acrValues: tokenParams.acrValues\n    };\n\n    if (tokenParams.ignoreSignature !== undefined) {\n      validationParams.ignoreSignature = tokenParams.ignoreSignature;\n    }\n\n    await verifyToken(sdk, idTokenObj, validationParams);\n    tokenDict.idToken = idTokenObj;\n  }\n\n  // Validate received tokens against requested response types \n  if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n  }\n  if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n    // eslint-disable-next-line max-len\n    throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n  }\n\n  return {\n    tokens: tokenDict,\n    state: res.state!,\n    code: res.code,\n    responseType\n  };\n  \n}","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/* eslint-disable max-len */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { CustomUrls, OAuthResponse, OAuthResponseType, OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { getOAuthUrls, getDefaultTokenParams } from './util';\nimport { clone } from '../util';\nimport { postToTokenEndpoint } from './endpoints/token';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\n// codeVerifier is required. May pass either an authorizationCode or interactionCode\nexport function exchangeCodeForTokens(sdk: OktaAuthOAuthInterface, tokenParams: TokenParams, urls?: CustomUrls): Promise<TokenResponse> {\n  urls = urls || getOAuthUrls(sdk, tokenParams);\n  // build params using defaults + options\n  tokenParams = Object.assign({}, getDefaultTokenParams(sdk), clone(tokenParams));\n\n  const {\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n    clientId,\n    redirectUri,\n    scopes,\n    ignoreSignature,\n    state,\n    acrValues\n  } = tokenParams;\n\n  var getTokenOptions = {\n    clientId,\n    redirectUri,\n    authorizationCode,\n    interactionCode,\n    codeVerifier,\n  };\n\n  return postToTokenEndpoint(sdk, getTokenOptions, urls)\n    .then((response: OAuthResponse) => {\n\n      // `handleOAuthResponse` hanadles responses from both `/authorize` and `/token` endpoints\n      // Here we modify the response from `/token` so that it more closely matches a response from `/authorize`\n      // `responseType` is used to validate that the expected tokens were returned\n      const responseType: OAuthResponseType[] = ['token']; // an accessToken will always be returned\n      if (scopes!.indexOf('openid') !== -1) {\n        responseType.push('id_token'); // an idToken will be returned if \"openid\" is in the scopes\n      }\n      const handleResponseOptions: TokenParams = {\n        clientId,\n        redirectUri,\n        scopes,\n        responseType,\n        ignoreSignature,\n        acrValues\n      };\n      return handleOAuthResponse(sdk, handleResponseOptions, response, urls!)\n        .then((response: TokenResponse) => {\n          // For compatibility, \"code\" is returned in the TokenResponse. OKTA-326091\n          response.code = authorizationCode;\n          response.state = state!;\n          return response;\n        });\n    })\n    .finally(() => {\n      sdk.transactionManager.clear();\n    });\n}","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { isFunction } from '../util';\nimport { AuthSdkError, OAuthError } from '../errors';\nimport { httpRequest } from '../http';\nimport { AccessToken, IDToken, UserClaims, isAccessToken, isIDToken, CustomUserClaims } from './types';\n\nexport async function getUserInfo<T extends CustomUserClaims = CustomUserClaims>(\n  sdk, accessTokenObject: AccessToken,\n  idTokenObject: IDToken\n): Promise<UserClaims<T>> {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = (await sdk.tokenManager.getTokens()).accessToken as AccessToken;\n  }\n  if (!idTokenObject) {\n    idTokenObject = (await sdk.tokenManager.getTokens()).idToken as IDToken;\n  }\n\n  if (!accessTokenObject || !isAccessToken(accessTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject || !isIDToken(idTokenObject)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n    .then(userInfo => {\n      // Only return the userinfo response if subjects match to mitigate token substitution attacks\n      if (userInfo.sub === idTokenObject.claims.sub) {\n        return userInfo;\n      }\n      return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n    })\n    .catch(function (err) {\n      if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n        var authenticateHeader;\n        if (err.xhr.headers && isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n          authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n        } else if (isFunction(err.xhr.getResponseHeader)) {\n          authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n        }\n        if (authenticateHeader) {\n          var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n          var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n          var error = errorMatches[1];\n          var errorDescription = errorDescriptionMatches[1];\n          if (error && errorDescription) {\n            err = new OAuthError(error, errorDescription);\n          }\n        }\n      }\n      throw err;\n    });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface } from '../types';\n\nexport function addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nexport function removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nexport function loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nexport function loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n  return window.open(src, title, appearance);\n}\n\nexport function addPostMessageListener(sdk: OktaAuthOAuthInterface, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n      resolve(e.data);\n    };\n\n    addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function () {\n      clearTimeout(timeoutId);\n      removeListener(window, 'message', responseHandler);\n    });\n}\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { getWellKnown } from '../endpoints/well-known';\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { getDefaultTokenParams } from './defaultTokenParams';\nimport { DEFAULT_CODE_CHALLENGE_METHOD } from '../../constants';\nimport PKCE from './pkce';\nimport { OktaAuthBaseInterface } from '../../base/types';\n\nexport function assertPKCESupport(sdk: OktaAuthBaseInterface) {\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    throw new AuthSdkError(errorMessage);\n  }\n}\n\nexport async function validateCodeChallengeMethod(sdk: OktaAuthOAuthInterface, codeChallengeMethod?: string) {\n  // set default code challenge method, if none provided\n  codeChallengeMethod = codeChallengeMethod || sdk.options.codeChallengeMethod || DEFAULT_CODE_CHALLENGE_METHOD;\n\n  // validate against .well-known/openid-configuration\n  const wellKnownResponse = await getWellKnown(sdk);\n  var methods = wellKnownResponse['code_challenge_methods_supported'] || [];\n  if (methods.indexOf(codeChallengeMethod) === -1) {\n    throw new AuthSdkError('Invalid code_challenge_method');\n  }\n  return codeChallengeMethod;\n}\n\nexport async function preparePKCE(\n  sdk: OktaAuthOAuthInterface, \n  tokenParams: TokenParams\n): Promise<TokenParams> {\n  let {\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  } = tokenParams;\n\n  // PKCE calculations can be avoided by passing a codeChallenge\n  codeChallenge = codeChallenge || sdk.options.codeChallenge;\n  if (!codeChallenge) {\n    assertPKCESupport(sdk);\n    codeVerifier = codeVerifier || PKCE.generateVerifier();\n    codeChallenge = await PKCE.computeChallenge(codeVerifier);\n  }\n  codeChallengeMethod = await validateCodeChallengeMethod(sdk, codeChallengeMethod);\n\n  // Clone/copy the params. Set PKCE values\n  tokenParams = {\n    ...tokenParams,\n    responseType: 'code', // responseType is forced\n    codeVerifier,\n    codeChallenge,\n    codeChallengeMethod\n  };\n\n  return tokenParams;\n}\n\n// Prepares params for a call to /authorize or /token\nexport async function prepareTokenParams(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams = {}\n): Promise<TokenParams> {\n  // build params using defaults + options\n  const defaults = getDefaultTokenParams(sdk);\n  tokenParams = { ...defaults, ...tokenParams };\n\n  if (tokenParams.pkce === false) {\n    // Implicit flow or authorization_code without PKCE\n    return tokenParams;\n  }\n\n  return preparePKCE(sdk, tokenParams);\n}","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { isString, removeNils, toQueryString } from '../../util';\nimport { AuthSdkError } from '../../errors';\nimport { OAuthParams, TokenParams } from '../types';\n\nexport function convertTokenParamsToOAuthParams(tokenParams: TokenParams) {\n  // Quick validation\n  if (!tokenParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (isString(tokenParams.responseType) && tokenParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthParams: OAuthParams = {\n    'client_id': tokenParams.clientId,\n    'code_challenge': tokenParams.codeChallenge,\n    'code_challenge_method': tokenParams.codeChallengeMethod,\n    'display': tokenParams.display,\n    'idp': tokenParams.idp,\n    'idp_scope': tokenParams.idpScope,\n    'login_hint': tokenParams.loginHint,\n    'max_age': tokenParams.maxAge,\n    'nonce': tokenParams.nonce,\n    'prompt': tokenParams.prompt,\n    'redirect_uri': tokenParams.redirectUri,\n    'response_mode': tokenParams.responseMode,\n    'response_type': tokenParams.responseType,\n    'sessionToken': tokenParams.sessionToken,\n    'state': tokenParams.state,\n    'acr_values': tokenParams.acrValues,\n    'enroll_amr_values': tokenParams.enrollAmrValues,\n  };\n  oauthParams = removeNils(oauthParams) as OAuthParams;\n\n  ['idp_scope', 'response_type', 'enroll_amr_values'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthParams[mayBeArray])) {\n      oauthParams[mayBeArray] = oauthParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (tokenParams.responseType!.indexOf('id_token') !== -1 &&\n    tokenParams.scopes!.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else if (tokenParams.scopes) {\n    oauthParams.scope = tokenParams.scopes!.join(' ');\n  }\n\n  return oauthParams;\n}\n\nexport function buildAuthorizeParams(tokenParams: TokenParams) {\n  var oauthQueryParams = convertTokenParamsToOAuthParams(tokenParams);\n  return toQueryString({ \n    ...oauthQueryParams, \n    ...(tokenParams.extraParams && { ...tokenParams.extraParams })\n  });\n}\n","\n/* global document */\n/* eslint-disable complexity, max-statements */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport {\n  getOAuthUrls,\n  loadFrame,\n  addPostMessageListener\n} from './util';\n\nimport AuthSdkError from '../errors/AuthSdkError';\n\nimport {\n  OktaAuthOAuthInterface,\n  TokenParams,\n  PopupParams,\n  OAuthResponse,\n} from './types';\n\nimport { prepareTokenParams } from './util/prepareTokenParams';\nimport { buildAuthorizeParams } from './endpoints/authorize';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nexport function getToken(sdk: OktaAuthOAuthInterface, options: TokenParams & PopupParams) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n\n  // window object cannot be serialized, save for later use\n  // TODO: move popup related params into a separate options object\n  const popupWindow = options.popupWindow;\n  options.popupWindow = undefined;\n\n  return prepareTokenParams(sdk, options)\n    .then(function (tokenParams: TokenParams) {\n\n      // Start overriding any options that don't make sense\n      var sessionTokenOverrides = {\n        prompt: 'none',\n        responseMode: 'okta_post_message',\n        display: null\n      };\n\n      var idpOverrides = {\n        display: 'popup'\n      };\n\n      if (options.sessionToken) {\n        Object.assign(tokenParams, sessionTokenOverrides);\n      } else if (options.idp) {\n        Object.assign(tokenParams, idpOverrides);\n      }\n\n      // Use the query params to build the authorize url\n      var requestUrl,\n        endpoint,\n        urls;\n\n      // Get authorizeUrl and issuer\n      urls = getOAuthUrls(sdk, tokenParams);\n      endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n      requestUrl = endpoint + buildAuthorizeParams(tokenParams);\n\n      // Determine the flow type\n      var flowType;\n      if (tokenParams.sessionToken || tokenParams.display === null) {\n        flowType = 'IFRAME';\n      } else if (tokenParams.display === 'popup') {\n        flowType = 'POPUP';\n      } else {\n        flowType = 'IMPLICIT';\n      }\n\n      // Execute the flow type\n      switch (flowType) {\n        case 'IFRAME':\n          var iframePromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          var iframeEl = loadFrame(requestUrl);\n          return iframePromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (document.body.contains(iframeEl)) {\n                iframeEl.parentElement?.removeChild(iframeEl);\n              }\n            });\n\n        case 'POPUP':\n          var oauthPromise; // resolves with OAuth response\n\n          // Add listener on postMessage before window creation, so\n          // postMessage isn't triggered before we're listening\n          if (tokenParams.responseMode === 'okta_post_message') {\n            if (!sdk.features.isPopupPostMessageSupported()) {\n              throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n            }\n            oauthPromise = addPostMessageListener(sdk, options.timeout, tokenParams.state);\n          }\n\n          // Redirect for authorization\n          // popupWindown can be null when popup is blocked\n          if (popupWindow) { \n            popupWindow.location.assign(requestUrl);\n          }\n\n          // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n          var popupPromise = new Promise(function (resolve, reject) {\n            var closePoller = setInterval(function () {\n              if (!popupWindow || popupWindow.closed) {\n                clearInterval(closePoller);\n                reject(new AuthSdkError('Unable to parse OAuth flow response'));\n              }\n            }, 100);\n\n            // Proxy the OAuth promise results\n            oauthPromise\n              .then(function (res) {\n                clearInterval(closePoller);\n                resolve(res);\n              })\n              .catch(function (err) {\n                clearInterval(closePoller);\n                reject(err);\n              });\n          });\n\n          return popupPromise\n            .then(function (res) {\n              return handleOAuthResponse(sdk, tokenParams, res as OAuthResponse, urls);\n            })\n            .finally(function () {\n              if (popupWindow && !popupWindow.closed) {\n                popupWindow.close();\n              }\n            });\n\n        default:\n          throw new AuthSdkError('The full page redirect flow is not supported');\n      }\n    });\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\n\nexport function getWithoutPrompt(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  \n  options = clone(options) || {};\n  Object.assign(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams, TokenResponse } from './types';\nimport { clone } from '../util';\nimport { getToken } from './getToken';\nimport { loadPopup } from './util';\n\nexport function getWithPopup(sdk: OktaAuthOAuthInterface, options: TokenParams): Promise<TokenResponse> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  // some browsers (safari, firefox) block popup if it's initialed from an async process\n  // here we create the popup window immediately after user interaction\n  // then redirect to the /authorize endpoint when the requestUrl is available\n  const popupWindow = loadPopup('/', options);\n  options = clone(options) || {};\n  Object.assign(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message',\n    popupWindow\n  });\n  return getToken(sdk, options);\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, TokenParams } from './types';\nimport { clone } from '../util';\nimport { prepareTokenParams, createOAuthMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport async function getWithRedirect(sdk: OktaAuthOAuthInterface, options?: TokenParams): Promise<void> {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = clone(options) || {};\n\n  const tokenParams = await prepareTokenParams(sdk, options);\n  const meta = createOAuthMeta(sdk, tokenParams);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(tokenParams);\n  sdk.transactionManager.save(meta);\n  if (sdk.options.setLocation) {\n    sdk.options.setLocation(requestUrl);\n  } else {\n    window.location.assign(requestUrl);\n  }\n}\n","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { isInteractionRequiredError, urlParamsToObject } from './util';\nimport {\n  ParseFromUrlOptions,\n  TokenResponse,\n  CustomUrls,\n  TransactionMeta,\n  OAuthResponse\n} from './types';\nimport { isString } from '../util';\nimport { handleOAuthResponse } from './handleOAuthResponse';\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nexport function getResponseMode(sdk): 'query' | 'fragment' {\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var responseMode = sdk.options.responseMode || defaultResponseMode;\n  return responseMode;\n}\n\nexport function parseOAuthResponseFromUrl(sdk, options: string | ParseFromUrlOptions): OAuthResponse {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  var url = options.url;\n  var responseMode = options.responseMode || getResponseMode(sdk);\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    throw new AuthSdkError('Unable to parse a token from the url');\n  }\n\n  return urlParamsToObject(paramStr);\n}\n\nexport function cleanOAuthResponseFromUrl(sdk, options: ParseFromUrlOptions) {\n  // Clean hash or search from the url\n  const responseMode = options.responseMode || getResponseMode(sdk);\n  responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n}\n\nexport async function parseFromUrl(sdk, options?: string | ParseFromUrlOptions): Promise<TokenResponse> {\n  options = options || {};\n  if (isString(options)) {\n    options = { url: options } as ParseFromUrlOptions;\n  } else {\n    options = options as ParseFromUrlOptions;\n  }\n\n  const res: OAuthResponse = parseOAuthResponseFromUrl(sdk, options);\n  const state = res.state;\n  const oauthParams: TransactionMeta = sdk.transactionManager.load({\n    state\n  });\n  if (!oauthParams) {\n    if (sdk.options.pkce) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Could not load PKCE codeVerifier from storage. This may indicate the auth flow has already completed or multiple auth flows are executing concurrently.', undefined);\n    }\n    throw new AuthSdkError('Unable to retrieve OAuth redirect params from storage');\n  }\n  const urls: CustomUrls = oauthParams.urls as CustomUrls;\n  delete oauthParams.urls;\n\n  if (!options.url) {\n    // Clean hash or search from the url\n    cleanOAuthResponseFromUrl(sdk, options);\n  }\n\n  return handleOAuthResponse(sdk, oauthParams, res, urls)\n    .catch(err => {\n      if (!isInteractionRequiredError(err)) {\n        sdk.transactionManager.clear({\n          state\n        });\n      }\n      throw err;\n    })\n    .then(res => {\n      sdk.transactionManager.clear({\n        state\n      });\n      return res;\n    });\n\n}\n","import { RefreshToken } from '../types';\nimport { isAuthApiError } from '../../errors';\n\nexport function isSameRefreshToken(a: RefreshToken, b: RefreshToken) {\n  return (a.refreshToken === b.refreshToken);\n}\n\nexport function isRefreshTokenError(err: Error) {\n  if (!isAuthApiError(err)) {\n    return false;\n  }\n\n  if (!err.xhr || !err.xhr.responseJSON) {\n    return false;\n  }\n\n  const { responseJSON } = err.xhr;\n  if (responseJSON.error === 'invalid_grant') {\n    return true;\n  }\n\n  return false;\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { getOAuthUrls } from './util/oauth';\nimport { isSameRefreshToken } from './util/refreshToken';\nimport { OktaAuthOAuthInterface, TokenParams, RefreshToken, Tokens } from './types';\nimport { handleOAuthResponse } from './handleOAuthResponse';\nimport { postRefreshToken } from './endpoints/token';\nimport { isRefreshTokenInvalidError } from './util/errors';\n\nexport async function renewTokensWithRefresh(\n  sdk: OktaAuthOAuthInterface,\n  tokenParams: TokenParams,\n  refreshTokenObject: RefreshToken\n): Promise<Tokens> {\n  const { clientId } = sdk.options;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to renew tokens');\n  }\n\n  try {\n    const renewTokenParams: TokenParams = Object.assign({}, tokenParams, {\n      clientId,\n    });\n    const tokenResponse = await postRefreshToken(sdk, renewTokenParams, refreshTokenObject);\n    const urls = getOAuthUrls(sdk, tokenParams);\n    const { tokens } = await handleOAuthResponse(sdk, renewTokenParams, tokenResponse, urls);\n\n    // Support rotating refresh tokens\n    const { refreshToken } = tokens;\n    if (refreshToken && !isSameRefreshToken(refreshToken, refreshTokenObject)) {\n      sdk.tokenManager.updateRefreshToken(refreshToken);\n    }\n\n    return tokens;\n  }\n  catch (err) {\n    if (isRefreshTokenInvalidError(err)) {\n      // if the refresh token is invalid, remove it from storage\n      sdk.tokenManager.removeRefreshToken();\n    }\n    throw err;\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { OktaAuthOAuthInterface, Token, Tokens, isAccessToken, AccessToken, IDToken, isIDToken } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\n\nfunction throwInvalidTokenError() {\n  throw new AuthSdkError(\n    'Renew must be passed a token with an array of scopes and an accessToken or idToken'\n  );\n}\n\n// Multiple tokens may have come back. Return only the token which was requested.\nfunction getSingleToken(originalToken: Token, tokens: Tokens) {\n  if (isIDToken(originalToken)) {\n    return tokens.idToken;\n  }\n  if (isAccessToken(originalToken)) {\n    return tokens.accessToken;\n  }\n  throwInvalidTokenError();\n}\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\nexport async function renewToken(sdk: OktaAuthOAuthInterface, token: Token): Promise<Token | undefined> {\n  if (!isIDToken(token) && !isAccessToken(token)) {\n    throwInvalidTokenError();\n  }\n\n  let tokens = sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    tokens = await renewTokensWithRefresh(sdk, {\n      scopes: token.scopes,\n    }, tokens.refreshToken);\n    return getSingleToken(token, tokens);\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (isAccessToken(token)) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  const { scopes, authorizeUrl, userinfoUrl, issuer } = token as (AccessToken & IDToken);\n  return getWithoutPrompt(sdk, {\n    responseType,\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  })\n    .then(function (res) {\n      return getSingleToken(token, res.tokens);\n    });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../errors';\nimport { RenewTokensParams, Tokens } from './types';\nimport { getWithoutPrompt } from './getWithoutPrompt';\nimport { renewTokensWithRefresh } from './renewTokensWithRefresh';\nimport { getDefaultTokenParams } from './util';\n\n// If we have a refresh token, renew using that, otherwise getWithoutPrompt\n// eslint-disable-next-line complexity\nexport async function renewTokens(sdk, options?: RenewTokensParams): Promise<Tokens> {\n  const tokens = options?.tokens ?? sdk.tokenManager.getTokensSync();\n  if (tokens.refreshToken) {\n    return renewTokensWithRefresh(sdk, options || {}, tokens.refreshToken);\n  }\n\n  if (!tokens.accessToken && !tokens.idToken) {\n    throw new AuthSdkError('renewTokens() was called but there is no existing token');\n  }\n\n  const accessToken = tokens.accessToken || {};\n  const idToken = tokens.idToken || {};\n  const scopes = accessToken.scopes || idToken.scopes;\n  if (!scopes) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read scopes');\n  }\n  const authorizeUrl = accessToken.authorizeUrl || idToken.authorizeUrl;\n  if (!authorizeUrl) {\n    throw new AuthSdkError('renewTokens: invalid tokens: could not read authorizeUrl');\n  }\n  const userinfoUrl = accessToken.userinfoUrl || sdk.options.userinfoUrl;\n  const issuer = idToken.issuer || sdk.options.issuer;\n\n  // Get tokens using the SSO cookie\n  options = Object.assign({\n    scopes,\n    authorizeUrl,\n    userinfoUrl,\n    issuer\n  }, options);\n\n  if (sdk.options.pkce) {\n    options.responseType = 'code';\n  } else {\n    const { responseType } = getDefaultTokenParams(sdk);\n    options.responseType = responseType;\n  }\n\n  return getWithoutPrompt(sdk, options)\n    .then(res => res.tokens);\n    \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint complexity:[0,8] */\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport {\n  getOAuthUrls,\n} from './util/oauth';\nimport { btoa } from '../crypto';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  OktaAuthOAuthInterface,\n  RevocableToken,\n  AccessToken,\n  RefreshToken\n} from './types';\n\n// refresh tokens have precedence to be revoked if no token is specified\nexport async function revokeToken(sdk: OktaAuthOAuthInterface, token: RevocableToken): Promise<any> {\n  let accessToken = '';\n  let refreshToken = '';\n  if (token) { \n      accessToken = (token as AccessToken).accessToken;\n      refreshToken = (token as RefreshToken).refreshToken;  \n  }\n  if(!accessToken && !refreshToken) { \n    throw new AuthSdkError('A valid access or refresh token object is required');\n  }\n  var clientId = sdk.options.clientId;\n  var clientSecret = sdk.options.clientSecret;\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n  }\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var revokeUrl = getOAuthUrls(sdk).revokeUrl!;\n  var args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: refreshToken ? 'refresh_token' : 'access_token', \n    token: refreshToken || accessToken,\n  }).slice(1);\n  var creds = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  return post(sdk, revokeUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + creds\n    }\n  });\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { AuthSdkError } from '../errors';\nimport { getWellKnown } from './endpoints/well-known';\nimport { post } from '../http';\nimport { toQueryString } from '../util';\nimport { btoa } from '../crypto';\nimport { Token, TokenKind } from './types';\n\nconst hintMap = {\n  accessToken: 'access_token',\n  idToken: 'id_token',\n  refreshToken: 'refresh_token'\n};\n\n/* eslint complexity: [2, 9] */\nexport async function oidcIntrospect (sdk, kind: TokenKind, token?: Token) {\n  let issuer: string;\n  let clientId: string = sdk.options.clientId;\n  let clientSecret: string | undefined = sdk.options.clientSecret;\n\n  if (!token) {\n    token = sdk.tokenManager.getTokens()[kind];\n  }\n\n  if (!token) {\n    throw new AuthSdkError(`unable to find ${kind} in storage or fn params`);\n  }\n\n  if (kind !== TokenKind.ACCESS) {\n    issuer = (token as any)?.issuer;\n  }\n  else {\n    issuer = (token as any)?.claims?.iss;\n  }\n  issuer ??= sdk.options.issuer;\n\n  if (!clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to introspect a token');\n  }\n  if (!issuer) {\n    throw new AuthSdkError('Unable to find issuer');\n  }\n\n  const { introspection_endpoint: introspectUrl }  = await getWellKnown(sdk, issuer);\n  const authHeader = clientSecret ? btoa(`${clientId}:${clientSecret}`) : btoa(clientId);\n  const args = toQueryString({\n    // eslint-disable-next-line camelcase\n    token_type_hint: hintMap[kind],\n    token: token[kind]    // extract raw token string from token object\n  }).slice(1);\n  return post(sdk, introspectUrl, args, {\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded',\n      'Authorization': 'Basic ' + authHeader\n    }\n  });\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\nimport { OAuthTransactionMeta, OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types';\nimport { getOAuthUrls } from './oauth';\n\nexport function createEnrollAuthenticatorMeta(\n  sdk: OktaAuthOAuthInterface, \n  params: EnrollAuthenticatorOptions\n): OAuthTransactionMeta {\n  const issuer = sdk.options.issuer!;\n  const urls = getOAuthUrls(sdk, params);\n  const oauthMeta: OAuthTransactionMeta = {\n    issuer,\n    urls,\n    clientId: params.clientId!,\n    redirectUri: params.redirectUri!,\n    responseType: params.responseType!,\n    responseMode: params.responseMode!,\n    state: params.state!,\n    acrValues: params.acrValues,\n    enrollAmrValues: params.enrollAmrValues,\n  };\n\n  return oauthMeta;\n}\n","\n/* global window */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { generateState } from './oauth';\nimport { OktaAuthOAuthInterface, TokenParams } from '../types';\nimport { isBrowser } from '../../features';\nimport { removeNils } from '../../util';\n\nexport function getDefaultEnrollAuthenticatorParams(sdk: OktaAuthOAuthInterface): TokenParams {\n  const {\n    clientId,\n    redirectUri,\n    responseMode,\n    state,\n  } = sdk.options;\n  const defaultRedirectUri = isBrowser() ? window.location.href : undefined;\n  return removeNils({\n    clientId,\n    redirectUri: redirectUri || defaultRedirectUri,\n    responseMode,\n    state: state || generateState(),\n    responseType: 'none',\n    prompt: 'enroll_authenticator',\n  });\n}","/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { AuthSdkError } from '../../errors';\nimport { OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from '../types';\nimport { getDefaultEnrollAuthenticatorParams } from './defaultEnrollAuthenticatorParams';\n\nfunction prepareParams(\n  params: EnrollAuthenticatorOptions\n): EnrollAuthenticatorOptions {\n  params = {\n    ...params,\n    // forced params:\n    responseType: 'none',\n    prompt: 'enroll_authenticator',\n    maxAge: 0,\n  };\n\n  if (!params.enrollAmrValues) {\n    throw new AuthSdkError('enroll_amr_values must be specified');\n  }\n  if (!params.acrValues) {\n    // `acr_values` is required and should equal 'urn:okta:2fa:any:ifpossible'\n    // But this can be changed in future\n    throw new AuthSdkError('acr_values must be specified');\n  }\n\n  // `scope`, `nonce` must be omitted\n  delete params.scopes;\n  delete params.nonce;\n\n  return params;\n}\n\n// Prepares params for a call to /authorize\nexport function prepareEnrollAuthenticatorParams(\n  sdk: OktaAuthOAuthInterface,\n  options: EnrollAuthenticatorOptions\n): EnrollAuthenticatorOptions {\n  return prepareParams({\n    ...getDefaultEnrollAuthenticatorParams(sdk),\n    ...options\n  });\n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { OktaAuthOAuthInterface, EnrollAuthenticatorOptions } from './types';\nimport { clone } from '../util';\nimport { prepareEnrollAuthenticatorParams, createEnrollAuthenticatorMeta } from './util';\nimport { buildAuthorizeParams } from './endpoints/authorize';\n\nexport function enrollAuthenticator(\n  sdk: OktaAuthOAuthInterface, \n  options: EnrollAuthenticatorOptions\n): void {\n  options = clone(options) || {};\n\n  const params = prepareEnrollAuthenticatorParams(sdk, options);\n  const meta = createEnrollAuthenticatorMeta(sdk, params);\n  const requestUrl = meta.urls.authorizeUrl + buildAuthorizeParams(params);\n  sdk.transactionManager.save(meta);\n  if (sdk.options.setLocation) {\n    sdk.options.setLocation(requestUrl);\n  } else {\n    window.location.assign(requestUrl);\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { PromiseQueue } from '../../util';\nimport { decodeToken } from '../decodeToken';\nimport { exchangeCodeForTokens } from '../exchangeCodeForTokens';\nimport { getUserInfo } from '../getUserInfo';\nimport { getWithoutPrompt } from '../getWithoutPrompt';\nimport { getWithPopup } from '../getWithPopup';\nimport { getWithRedirect } from '../getWithRedirect';\nimport { parseFromUrl } from '../parseFromUrl';\nimport { renewToken } from '../renewToken';\nimport { renewTokens } from '../renewTokens';\nimport { renewTokensWithRefresh } from '../renewTokensWithRefresh';\nimport { revokeToken } from '../revokeToken';\nimport { oidcIntrospect } from '../introspect';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  GetWithRedirectFunction,\n  IDToken,\n  OktaAuthOAuthInterface,\n  ParseFromUrlInterface,\n  TokenAPI,\n  UserClaims,\n  Endpoints,\n} from '../types';\nimport { isLoginRedirect, prepareTokenParams } from '../util';\nimport { verifyToken } from '../verifyToken';\nimport { enrollAuthenticator } from '../enrollAuthenticator';\n\n// Factory\nexport function createTokenAPI(sdk: OktaAuthOAuthInterface, queue: PromiseQueue): TokenAPI {\n  const useQueue = (method) => {\n    return PromiseQueue.prototype.push.bind(queue, method, null);\n  };\n\n  const getWithRedirectFn = useQueue(getWithRedirect.bind(null, sdk)) as GetWithRedirectFunction;\n\n  // eslint-disable-next-line max-len\n  const parseFromUrlFn = useQueue(parseFromUrl.bind(null, sdk)) as ParseFromUrlInterface;\n  const parseFromUrlApi: ParseFromUrlInterface = Object.assign(parseFromUrlFn, {\n    // This is exposed so we can mock getting window.history in our tests\n    _getHistory: function() {\n      return window.history;\n    },\n\n    // This is exposed so we can mock getting window.location in our tests\n    _getLocation: function() {\n      return window.location;\n    },\n\n    // This is exposed so we can mock getting window.document in our tests\n    _getDocument: function() {\n      return window.document;\n    }\n  });\n\n  const token: TokenAPI ={\n    prepareTokenParams: prepareTokenParams.bind(null, sdk),\n    exchangeCodeForTokens: exchangeCodeForTokens.bind(null, sdk),\n    getWithoutPrompt: getWithoutPrompt.bind(null, sdk),\n    getWithPopup: getWithPopup.bind(null, sdk),\n    getWithRedirect: getWithRedirectFn,\n    parseFromUrl: parseFromUrlApi,\n    decode: decodeToken,\n    revoke: revokeToken.bind(null, sdk),\n    renew: renewToken.bind(null, sdk),\n    renewTokensWithRefresh: renewTokensWithRefresh.bind(null, sdk),\n    renewTokens: renewTokens.bind(null, sdk),\n    getUserInfo: <C extends CustomUserClaims = CustomUserClaims>(\n      accessTokenObject: AccessToken,\n      idTokenObject: IDToken\n    ): Promise<UserClaims<C>> => {\n      return getUserInfo(sdk, accessTokenObject, idTokenObject);\n    },\n    verify: verifyToken.bind(null, sdk),\n    isLoginRedirect: isLoginRedirect.bind(null, sdk),\n    introspect: oidcIntrospect.bind(null, sdk),\n  };\n\n  // Wrap certain async token API methods using PromiseQueue to avoid issues with concurrency\n  // 'getWithRedirect' and 'parseFromUrl' are already wrapped\n  const toWrap = [\n    'getWithoutPrompt',\n    'getWithPopup',\n    'revoke',\n    'renew',\n    'renewTokensWithRefresh',\n    'renewTokens'\n  ];\n  toWrap.forEach(key => {\n    token[key] = useQueue(token[key]);\n  });\n\n  return token;\n}\n\nexport function createEndpoints(sdk: OktaAuthOAuthInterface): Endpoints {\n  return {\n    authorize: {\n      enrollAuthenticator: enrollAuthenticator.bind(null, sdk),\n    }\n  };\n}\n","/* eslint-disable complexity */\n\nimport { AuthSdkError } from '../../errors';\nimport { isAccessToken, isIDToken, isRefreshToken, Token, TokenType } from '../../oidc/types';\n\nexport function validateToken(token: Token, type?: TokenType) {\n  if (!isIDToken(token) && !isAccessToken(token) && !isRefreshToken(token)) {\n    throw new AuthSdkError(\n      'Token must be an Object with scopes, expiresAt, and one of: an idToken, accessToken, or refreshToken property'\n    );\n  }\n  \n  if (type === 'accessToken' && !isAccessToken(token)) {\n    throw new AuthSdkError('invalid accessToken');\n  } \n  if (type === 'idToken' && !isIDToken(token)) {\n    throw new AuthSdkError('invalid idToken');\n  }\n\n  if (type === 'refreshToken' && !isRefreshToken(token)) {\n    throw new AuthSdkError('invalid refreshToken');\n  }\n}","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nexport default class SdkClock {\n  localOffset: number;\n\n  constructor(localOffset) {\n    // Calculated local clock offset from server time (in milliseconds). Can be positive or negative.\n    this.localOffset = parseInt(localOffset || 0);\n  }\n\n  // factory method. Create an instance of a clock from current context.\n  static create(/* sdk, options */): SdkClock {\n    // TODO: calculate localOffset\n    var localOffset = 0;\n    return new SdkClock(localOffset);\n  }\n\n  // Return the current time (in seconds)\n  now() {\n    var now = (Date.now() + this.localOffset) / 1000;\n    return now;\n  }\n}\n","/* eslint-disable max-len */\nimport { StorageProvider } from '../../storage/types';\nimport { TokenManagerOptions } from './options';\nimport { AccessToken, IDToken, RefreshToken, Token, Tokens, TokenType } from './Token';\n\nexport interface TokenManagerError {\n  errorSummary: string;\n  errorCode: string;\n  message: string;\n  name: string;\n  tokenKey: string;\n}\n\nexport declare type AccessTokenCallback = (key: string, token: AccessToken) => void;\nexport declare type IDTokenCallback = (key: string, token: IDToken) => void;\nexport declare type RefreshTokenCallback = (key: string, token: RefreshToken) => void;\n\nexport const EVENT_EXPIRED = 'expired';\nexport const EVENT_RENEWED = 'renewed';\nexport const EVENT_ADDED = 'added';\nexport const EVENT_REMOVED = 'removed';\nexport const EVENT_ERROR = 'error';\nexport const EVENT_SET_STORAGE = 'set_storage';\n\nexport declare type TokenManagerErrorEventHandler = (error: TokenManagerError) => void;\nexport declare type TokenManagerEventHandler = (key: string, token: Token) => void;\nexport declare type TokenManagerRenewEventHandler = (key: string, token: Token, oldtoken: Token) => void;\nexport declare type TokenManagerSetStorageEventHandler = (storage: Tokens) => void;\n\nexport declare type TokenManagerAnyEventHandler = TokenManagerErrorEventHandler | TokenManagerRenewEventHandler | TokenManagerSetStorageEventHandler | TokenManagerEventHandler;\nexport declare type TokenManagerAnyEvent = typeof EVENT_RENEWED | typeof EVENT_ERROR | typeof EVENT_SET_STORAGE | typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED;\n\n// only add methods needed internally\nexport interface TokenManagerInterface {\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler: TokenManagerEventHandler, context?: object): void;\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, handler?: TokenManagerEventHandler): void;\n\n  clear(): void;\n  setExpireEventTimeout(key: string, token: Token): void;\n  clearExpireEventTimeout(key: string): void;\n  clearExpireEventTimeoutAll(): void;\n  emitAdded(key: string, token: Token): void;\n  emitError(error: Error): void;\n  emitRemoved(key: string, token: Token): void;\n  emitRenewed(key: string, token: Token, oldToken?: Token): void;\n  renew(key: string): Promise<Token | undefined>;\n  remove(key: string): void;\n  hasExpired(token: Token): boolean;\n  getExpireTime(token: Token): number;\n\n  get(key): Promise<Token | undefined>;\n  getSync(key): Token | undefined;\n  getTokens(): Promise<Tokens>;\n  getTokensSync(): Tokens;\n  setTokens({ accessToken, idToken, refreshToken }: Tokens, accessTokenCb?: AccessTokenCallback, idTokenCb?: IDTokenCallback, refreshTokenCb?: RefreshTokenCallback): void;\n  getStorageKeyByType(type: TokenType): string;\n  add(key: any, token: Token): void;\n  updateRefreshToken(token: RefreshToken);\n  removeRefreshToken(): void;\n  clearPendingRemoveTokens(): void;\n\n  getOptions(): TokenManagerOptions;\n  getStorage(): StorageProvider;\n\n  start();\n  stop();\n  isStarted(): boolean;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nimport { removeNils, clone } from '../util';\nimport { AuthSdkError } from '../errors';\nimport { validateToken  } from '../oidc/util';\nimport { isLocalhost, isIE11OrLess } from '../features';\nimport SdkClock from '../clock';\nimport {\n  Token, \n  Tokens, \n  TokenType, \n  TokenManagerOptions, \n  isIDToken, \n  isAccessToken,\n  isRefreshToken,\n  TokenManagerErrorEventHandler,\n  TokenManagerSetStorageEventHandler,\n  TokenManagerRenewEventHandler,\n  TokenManagerEventHandler,\n  TokenManagerInterface,\n  RefreshToken,\n  AccessTokenCallback,\n  IDTokenCallback,\n  RefreshTokenCallback,\n  EVENT_RENEWED,\n  EVENT_ADDED,\n  EVENT_ERROR,\n  EVENT_EXPIRED,\n  EVENT_REMOVED,\n  EVENT_SET_STORAGE,\n  TokenManagerAnyEventHandler,\n  TokenManagerAnyEvent,\n  OktaAuthOAuthInterface\n} from './types';\nimport { REFRESH_TOKEN_STORAGE_KEY, TOKEN_STORAGE_NAME } from '../constants';\nimport { EventEmitter } from '../base/types';\nimport { StorageOptions, StorageProvider, StorageType } from '../storage/types';\n\nconst DEFAULT_OPTIONS = {\n  // TODO: remove in next major version - OKTA-473815\n  autoRenew: true,\n  autoRemove: true,\n  syncStorage: true,\n  // --- //\n  clearPendingRemoveTokens: true,\n  storage: undefined, // will use value from storageManager config\n  expireEarlySeconds: 30,\n  storageKey: TOKEN_STORAGE_NAME\n};\n\ninterface TokenManagerState {\n  expireTimeouts: Record<string, unknown>;\n  renewPromise: Promise<Token | undefined> | null;\n  started?: boolean;\n}\nfunction defaultState(): TokenManagerState {\n  return {\n    expireTimeouts: {},\n    renewPromise: null\n  };\n}\nexport class TokenManager implements TokenManagerInterface {\n  private sdk: OktaAuthOAuthInterface;\n  private clock: SdkClock;\n  private emitter: EventEmitter;\n  private storage: StorageProvider;\n  private state: TokenManagerState;\n  private options: TokenManagerOptions;\n\n  on(event: typeof EVENT_RENEWED, handler: TokenManagerRenewEventHandler, context?: object): void;\n  on(event: typeof EVENT_ERROR, handler: TokenManagerErrorEventHandler, context?: object): void;\n  on(event: typeof EVENT_SET_STORAGE, handler: TokenManagerSetStorageEventHandler, context?: object): void;\n  on(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler: TokenManagerEventHandler, context?: object): void;\n  on(event: TokenManagerAnyEvent, handler: TokenManagerAnyEventHandler, context?: object): void {\n    if (context) {\n      this.emitter.on(event, handler, context);\n    } else {\n      this.emitter.on(event, handler);\n    }\n  }\n\n  off(event: typeof EVENT_RENEWED, handler?: TokenManagerRenewEventHandler): void;\n  off(event: typeof EVENT_ERROR, handler?: TokenManagerErrorEventHandler): void;\n  off(event: typeof EVENT_SET_STORAGE, handler?: TokenManagerSetStorageEventHandler): void;\n  off(event: typeof EVENT_EXPIRED | typeof EVENT_ADDED | typeof EVENT_REMOVED, \n    handler?: TokenManagerEventHandler): void;\n  off(event: TokenManagerAnyEvent, handler?: TokenManagerAnyEventHandler): void {\n    if (handler) {\n      this.emitter.off(event, handler);\n    } else {\n      this.emitter.off(event);\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  constructor(sdk: OktaAuthOAuthInterface, options: TokenManagerOptions = {}) {\n    this.sdk = sdk;\n    this.emitter = (sdk as any).emitter;\n    if (!this.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before TokenManager');\n    }\n    \n    options = Object.assign({}, DEFAULT_OPTIONS, removeNils(options));\n    if (!isLocalhost()) {\n      options.expireEarlySeconds = DEFAULT_OPTIONS.expireEarlySeconds;\n    }\n\n    this.options = options;\n\n    const storageOptions: StorageOptions = removeNils({\n      storageKey: options.storageKey,\n      secure: options.secure,\n    });\n    if (typeof options.storage === 'object') {\n      // A custom storage provider must implement getItem(key) and setItem(key, val)\n      storageOptions.storageProvider = options.storage;\n    } else if (options.storage) {\n      storageOptions.storageType = options.storage as StorageType;\n    }\n\n    this.storage = sdk.storageManager.getTokenStorage({...storageOptions, useSeparateCookies: true});\n    this.clock = SdkClock.create(/* sdk, options */);\n    this.state = defaultState();\n  }\n\n  start() {\n    if (this.options.clearPendingRemoveTokens) {\n      this.clearPendingRemoveTokens();\n    }\n    this.setExpireEventTimeoutAll();\n    this.state.started = true;\n  }\n  \n  stop() {\n    this.clearExpireEventTimeoutAll();\n    this.state.started = false;\n  }\n\n  isStarted() {\n    return !!this.state.started;\n  }\n\n  getOptions(): TokenManagerOptions {\n    return clone(this.options);\n  }\n  \n  getExpireTime(token) {\n    const expireEarlySeconds = this.options.expireEarlySeconds || 0;\n    var expireTime = token.expiresAt - expireEarlySeconds;\n    return expireTime;\n  }\n  \n  hasExpired(token) {\n    var expireTime = this.getExpireTime(token);\n    return expireTime <= this.clock.now();\n  }\n  \n  emitExpired(key, token) {\n    this.emitter.emit(EVENT_EXPIRED, key, token);\n  }\n  \n  emitRenewed(key, freshToken, oldToken) {\n    this.emitter.emit(EVENT_RENEWED, key, freshToken, oldToken);\n  }\n  \n  emitAdded(key, token) {\n    this.emitter.emit(EVENT_ADDED, key, token);\n  }\n  \n  emitRemoved(key, token?) {\n    this.emitter.emit(EVENT_REMOVED, key, token);\n  }\n  \n  emitError(error) {\n    this.emitter.emit(EVENT_ERROR, error);\n  }\n  \n  clearExpireEventTimeout(key) {\n    clearTimeout(this.state.expireTimeouts[key] as any);\n    delete this.state.expireTimeouts[key];\n  \n    // Remove the renew promise (if it exists)\n    this.state.renewPromise = null;\n  }\n  \n  clearExpireEventTimeoutAll() {\n    var expireTimeouts = this.state.expireTimeouts;\n    for (var key in expireTimeouts) {\n      if (!Object.prototype.hasOwnProperty.call(expireTimeouts, key)) {\n        continue;\n      }\n      this.clearExpireEventTimeout(key);\n    }\n  }\n  \n  setExpireEventTimeout(key, token) {\n    if (isRefreshToken(token)) {\n      return;\n    }\n\n    var expireTime = this.getExpireTime(token);\n    var expireEventWait = Math.max(expireTime - this.clock.now(), 0) * 1000;\n  \n    // Clear any existing timeout\n    this.clearExpireEventTimeout(key);\n  \n    var expireEventTimeout = setTimeout(() => {\n      this.emitExpired(key, token);\n    }, expireEventWait);\n  \n    // Add a new timeout\n    this.state.expireTimeouts[key] = expireEventTimeout;\n  }\n  \n  setExpireEventTimeoutAll() {\n    var tokenStorage = this.storage.getStorage();\n    for(var key in tokenStorage) {\n      if (!Object.prototype.hasOwnProperty.call(tokenStorage, key)) {\n        continue;\n      }\n      var token = tokenStorage[key];\n      this.setExpireEventTimeout(key, token);\n    }\n  }\n  \n  // reset timeouts to setup autoRenew for tokens from other document context (tabs)\n  resetExpireEventTimeoutAll() {\n    this.clearExpireEventTimeoutAll();\n    this.setExpireEventTimeoutAll();\n  }\n  \n  add(key, token: Token) {\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    this.emitAdded(key, token);\n    this.setExpireEventTimeout(key, token);\n  }\n  \n  getSync(key): Token | undefined {\n    var tokenStorage = this.storage.getStorage();\n    return tokenStorage[key];\n  }\n  \n  async get(key): Promise<Token | undefined> {\n    return this.getSync(key);\n  }\n  \n  getTokensSync(): Tokens {\n    const tokens = {} as Tokens;\n    const tokenStorage = this.storage.getStorage();\n    Object.keys(tokenStorage).forEach(key => {\n      const token = tokenStorage[key];\n      if (isAccessToken(token)) {\n        tokens.accessToken = token;\n      } else if (isIDToken(token)) {\n        tokens.idToken = token;\n      } else if (isRefreshToken(token)) { \n        tokens.refreshToken = token;\n      }\n    });\n    return tokens;\n  }\n  \n  async getTokens(): Promise<Tokens> {\n    return this.getTokensSync();\n  }\n\n  getStorageKeyByType(type: TokenType): string {\n    const tokenStorage = this.storage.getStorage();\n    const key = Object.keys(tokenStorage).filter(key => {\n      const token = tokenStorage[key];\n      return (isAccessToken(token) && type === 'accessToken') \n        || (isIDToken(token) && type === 'idToken')\n        || (isRefreshToken(token) && type === 'refreshToken');\n    })[0];\n    return key;\n  }\n\n  private getTokenType(token: Token): TokenType {\n    if (isAccessToken(token)) {\n      return 'accessToken';\n    }\n    if (isIDToken(token)) {\n      return 'idToken';\n    }\n    if(isRefreshToken(token)) {\n      return 'refreshToken';\n    }\n    throw new AuthSdkError('Unknown token type');\n  }\n\n  // for synchronization of LocalStorage cross tabs for IE11\n  private emitSetStorageEvent() {\n    if (isIE11OrLess()) {\n      const storage = this.storage.getStorage();\n      this.emitter.emit(EVENT_SET_STORAGE, storage);\n    }\n  }\n\n  // used in `SyncStorageService` for synchronization of LocalStorage cross tabs for IE11\n  public getStorage() {\n    return this.storage;\n  }\n\n  setTokens(\n    tokens: Tokens,\n    // TODO: callbacks can be removed in the next major version OKTA-407224\n    accessTokenCb?: AccessTokenCallback, \n    idTokenCb?: IDTokenCallback,\n    refreshTokenCb?: RefreshTokenCallback\n  ): void {\n    const handleTokenCallback = (key, token) => {\n      const type = this.getTokenType(token);\n      if (type === 'accessToken') {\n        accessTokenCb && accessTokenCb(key, token);\n      } else if (type === 'idToken') {\n        idTokenCb && idTokenCb(key, token);\n      } else if (type === 'refreshToken') {\n        refreshTokenCb && refreshTokenCb(key, token);\n      }\n    };\n    const handleAdded = (key, token) => {\n      this.emitAdded(key, token);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRenewed = (key, token, oldToken) => {\n      this.emitRenewed(key, token, oldToken);\n      this.clearExpireEventTimeout(key);\n      this.setExpireEventTimeout(key, token);\n      handleTokenCallback(key, token);\n    };\n    const handleRemoved = (key, token) => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, token);\n      handleTokenCallback(key, token);\n    };\n    \n    const types: TokenType[] = ['idToken', 'accessToken', 'refreshToken'];\n    const existingTokens = this.getTokensSync();\n\n    // valid tokens\n    types.forEach((type) => {\n      const token = tokens[type];\n      if (token) {\n        validateToken(token, type);\n      }\n    });\n  \n    // add token to storage\n    const storage = types.reduce((storage, type) => {\n      const token = tokens[type];\n      if (token) {\n        const storageKey = this.getStorageKeyByType(type) || type;\n        storage[storageKey] = token;\n      }\n      return storage;\n    }, {});\n    this.storage.setStorage(storage);\n    this.emitSetStorageEvent();\n\n    // emit event and start expiration timer\n    types.forEach(type => {\n      const newToken = tokens[type];\n      const existingToken = existingTokens[type];\n      const storageKey = this.getStorageKeyByType(type) || type;\n      if (newToken && existingToken) { // renew\n        // call handleRemoved first, since it clears timers\n        handleRemoved(storageKey, existingToken);\n        handleAdded(storageKey, newToken);\n        handleRenewed(storageKey, newToken, existingToken);\n      } else if (newToken) { // add\n        handleAdded(storageKey, newToken);\n      } else if (existingToken) { //remove\n        handleRemoved(storageKey, existingToken);\n      }\n    });\n  }\n  \n  remove(key) {\n    // Clear any listener for this token\n    this.clearExpireEventTimeout(key);\n  \n    var tokenStorage = this.storage.getStorage();\n    var removedToken = tokenStorage[key];\n    delete tokenStorage[key];\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  \n    this.emitRemoved(key, removedToken);\n  }\n  \n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  async renewToken(token) {\n    return this.sdk.token?.renew(token);\n  }\n  // TODO: this methods is redundant and can be removed in the next major version OKTA-407224\n  validateToken(token: Token) {\n    return validateToken(token);\n  }\n\n  // TODO: renew method should take no param, change in the next major version OKTA-407224\n  renew(key): Promise<Token | undefined> {\n    // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n    if (this.state.renewPromise) {\n      return this.state.renewPromise;\n    }\n  \n    try {\n      var token = this.getSync(key);\n      if (!token) {\n        throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n      }\n    } catch (e) {\n      return Promise.reject(e);\n    }\n  \n    // Remove existing autoRenew timeout\n    this.clearExpireEventTimeout(key);\n  \n    // A refresh token means a replace instead of renewal\n    // Store the renew promise state, to avoid renewing again\n    const renewPromise = this.state.renewPromise = this.sdk.token.renewTokens()\n      .then(tokens => {\n        this.setTokens(tokens);\n\n        // resolve token based on the key\n        const tokenType = this.getTokenType(token!);\n        return tokens[tokenType];\n      })\n      .catch(err => {\n        // If renew fails, remove token from storage and emit error\n        this.remove(key);\n        err.tokenKey = key;\n        this.emitError(err);\n        throw err;\n      })\n      .finally(() => {\n        // Remove existing promise key\n        this.state.renewPromise = null;\n      });\n  \n    return renewPromise;\n  }\n  \n  clear() {\n    const tokens = this.getTokensSync();\n    this.clearExpireEventTimeoutAll();\n    this.storage.clearStorage();\n    this.emitSetStorageEvent();\n\n    Object.keys(tokens).forEach(key => {\n      this.emitRemoved(key, tokens[key]);\n    });\n  }\n\n  clearPendingRemoveTokens() {\n    const tokenStorage = this.storage.getStorage();\n    const removedTokens = {};\n    Object.keys(tokenStorage).forEach(key => {\n      if (tokenStorage[key].pendingRemove) {\n        removedTokens[key] = tokenStorage[key];\n        delete tokenStorage[key];\n      }\n    });\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n    Object.keys(removedTokens).forEach(key => {\n      this.clearExpireEventTimeout(key);\n      this.emitRemoved(key, removedTokens[key]);\n    });\n  }\n\n  updateRefreshToken(token: RefreshToken) {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n\n    // do not emit any event\n    var tokenStorage = this.storage.getStorage();\n    validateToken(token);\n    tokenStorage[key] = token;\n    this.storage.setStorage(tokenStorage);\n    this.emitSetStorageEvent();\n  }\n\n  removeRefreshToken () {\n    const key = this.getStorageKeyByType('refreshToken') || REFRESH_TOKEN_STORAGE_KEY;\n    this.remove(key);\n  }\n\n  addPendingRemoveFlags() {\n    const tokens = this.getTokensSync();\n    Object.keys(tokens).forEach(key => {\n      tokens[key].pendingRemove = true;\n    });\n    this.setTokens(tokens);\n  }\n  \n}\n","/* eslint-disable @typescript-eslint/no-non-null-assertion */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport Cookies from 'js-cookie';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport {\n  StorageOptions,\n  CookieOptions,\n  SimpleStorage,\n  StorageType,\n  StorageUtil,\n} from '../storage/types';\nimport { warn } from '../util';\nimport { isIE11OrLess } from '../features';\n\nexport interface CookieStorage extends SimpleStorage {\n  setItem(key: string, value: any, expiresAt?: string | null): void; // can customize expiresAt\n  getItem(key?: string): any; // if no key is passed, all cookies are returned\n  removeItem(key: string); // remove a cookie\n}\n\nexport interface BrowserStorageUtil extends StorageUtil {\n  browserHasLocalStorage(): boolean;\n  browserHasSessionStorage(): boolean;\n  getStorageByType(storageType: StorageType, options: StorageOptions): SimpleStorage;\n  getLocalStorage(): Storage;\n  getSessionStorage(): Storage;\n  getInMemoryStorage(): SimpleStorage;\n  getCookieStorage(options?: StorageOptions): CookieStorage;\n  testStorage(storage: any): boolean;\n  storage: Cookies;\n  inMemoryStore: Record<string, unknown>;\n}\n\n// Building this as an object allows us to mock the functions in our tests\nvar storageUtil: BrowserStorageUtil = {\n\n  // IE11 bug that Microsoft doesn't plan to fix\n  // https://connect.microsoft.com/IE/Feedback/Details/1496040\n  browserHasLocalStorage: function() {\n    try {\n      var storage = this.getLocalStorage();\n      return this.testStorage(storage);\n    } catch (e) {\n      return false;\n    }\n  },\n\n  browserHasSessionStorage: function() {\n    try {\n      var storage = this.getSessionStorage();\n      return this.testStorage(storage);\n    } catch (e) {\n      return false;\n    }\n  },\n\n  testStorageType: function(storageType: StorageType): boolean {\n    var supported = false;\n    switch (storageType) {\n      case 'sessionStorage':\n        supported = this.browserHasSessionStorage();\n        break;\n      case 'localStorage':\n        supported = this.browserHasLocalStorage();\n        break;\n      case 'cookie':\n      case 'memory':\n        supported = true;\n        break;\n      default:\n        supported = false;\n        break;\n    }\n    return supported;\n  },\n\n  getStorageByType: function(storageType: StorageType, options?: StorageOptions): SimpleStorage {\n    let storageProvider;\n    switch (storageType) {\n      case 'sessionStorage':\n        storageProvider = this.getSessionStorage();\n        break;\n      case 'localStorage':\n        storageProvider = this.getLocalStorage();\n        break;\n      case 'cookie':\n        storageProvider = this.getCookieStorage(options);\n        break;\n      case 'memory':\n        storageProvider = this.getInMemoryStorage();\n        break;\n      default:\n        throw new AuthSdkError(`Unrecognized storage option: ${storageType}`);\n        break;\n    }\n    return storageProvider;\n  },\n\n  findStorageType: function(types: StorageType[]) {\n    let curType;\n    let nextType;\n    \n    types = types.slice(); // copy array\n    curType = types.shift();\n    nextType = types.length ? types[0] : null;\n    if (!nextType) {\n      return curType;\n    }\n\n    if (this.testStorageType(curType)) {\n      return curType;\n    }\n\n    // preferred type was unsupported.\n    warn(`This browser doesn't support ${curType}. Switching to ${nextType}.`);\n\n    // fallback to the next type. this is a recursive call\n    return this.findStorageType(types);\n  },\n\n  getLocalStorage: function() {\n    // Workaound for synchronization issue of LocalStorage cross tabs in IE11\n    if (isIE11OrLess() && !window.onstorage) {\n      window.onstorage = function() {};\n    }\n    \n    return localStorage;\n  },\n\n  getSessionStorage: function() {\n    return sessionStorage;\n  },\n\n  // Provides webStorage-like interface for cookies\n  getCookieStorage: function(options): CookieStorage {\n    const secure = options!.secure;\n    const sameSite = options!.sameSite;\n    const sessionCookie = options!.sessionCookie;\n    if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n      throw new AuthSdkError('getCookieStorage: \"secure\" and \"sameSite\" options must be provided');\n    }\n    const storage: CookieStorage = {\n      getItem: this.storage.get,\n      setItem: (key, value, expiresAt = '2200-01-01T00:00:00.000Z') => {\n        // By defauilt, cookie shouldn't expire\n        expiresAt = (sessionCookie ? null : expiresAt) as string;\n        this.storage.set(key, value, expiresAt, {\n          secure: secure, \n          sameSite: sameSite,\n        });\n      },\n      removeItem: (key) => {\n        this.storage.delete(key);\n      },\n    };\n\n    if (!options!.useSeparateCookies) {\n      return storage;\n    }\n\n    // Tokens are stored separately because cookies have size limits.\n    // Can only be used when storing an object value. Object properties will be saved to separate cookies.\n    // Each property of the object must also be an object.\n    return {\n      getItem: function(key) {\n        var data = storage.getItem(); // read all cookies\n        var value = {};\n        Object.keys(data).forEach(k => {\n          if (k.indexOf(key!) === 0) { // filter out unrelated cookies\n            value[k.replace(`${key}_`, '')] = JSON.parse(data[k]); // populate with cookie data\n          }\n        });\n        return JSON.stringify(value);\n      },\n      setItem: function(key, value) {\n        var existingValues = JSON.parse(this.getItem(key));\n        value = JSON.parse(value);\n        // Set key-value pairs from input to cookies\n        Object.keys(value).forEach(k => {\n          var storageKey = key + '_' + k;\n          var valueToStore = JSON.stringify(value[k]);\n          storage.setItem(storageKey, valueToStore);\n          delete existingValues[k];\n        });\n        // Delete unmatched keys from existing cookies\n        Object.keys(existingValues).forEach(k => {\n          storage.removeItem(key + '_' + k);\n        });\n      },\n      removeItem: function(key) {\n        var existingValues = JSON.parse(this.getItem(key));\n        Object.keys(existingValues).forEach(k => {\n          storage.removeItem(key + '_' + k);\n        });\n      },\n    };\n  },\n\n  // Provides an in-memory solution\n  inMemoryStore: {}, // override this for a unique memory store per instance\n  getInMemoryStorage: function() {\n    return {\n      getItem: (key) => {\n        return this.inMemoryStore[key];\n      },\n      setItem: (key, value) => {\n        this.inMemoryStore[key] = value;\n      },\n    };\n  },\n\n  testStorage: function(storage) {\n    var key = 'okta-test-storage';\n    try {\n      storage.setItem(key, key);\n      storage.removeItem(key);\n      return true;\n    } catch (e) {\n      return false;\n    }\n  },\n\n  storage: {\n    set: function(name: string, value: string, expiresAt: string, options: CookieOptions): string {\n      const { sameSite, secure } = options;\n      if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n        throw new AuthSdkError('storage.set: \"secure\" and \"sameSite\" options must be provided');\n      }\n      var cookieOptions: CookieOptions = {\n        path: options.path || '/',\n        secure,\n        sameSite\n      };\n\n      // eslint-disable-next-line no-extra-boolean-cast\n      if (!!(Date.parse(expiresAt))) {\n        // Expires value can be converted to a Date object.\n        //\n        // If the 'expiresAt' value is not provided, or the value cannot be\n        // parsed as a Date object, the cookie will set as a session cookie.\n        cookieOptions.expires = new Date(expiresAt);\n      }\n\n      Cookies.set(name, value, cookieOptions);\n      return this.get(name);\n    },\n\n    get: function(name?: string): string {\n      // return all cookies when no args is provided\n      if (!arguments.length) {\n        return Cookies.get();\n      }\n      return Cookies.get(name);\n    },\n\n    delete: function(name: string): string {\n      return Cookies.remove(name, { path: '/' });\n    }\n  }\n};\n\nexport default storageUtil;\n","import { httpRequest, RequestOptions } from '../../http';\nimport { OktaAuthConstructor } from '../../base/types';\nimport { \n  PromiseQueue,\n} from '../../util';\nimport { CryptoAPI } from '../../crypto/types';\nimport * as crypto from '../../crypto';\nimport {\n  AccessToken,\n  CustomUserClaims,\n  IDToken,\n  IsAuthenticatedOptions,\n  OAuthResponseType,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PkceAPI,\n  PKCETransactionMeta,\n  RefreshToken,\n  SigninWithRedirectOptions,\n  SignoutOptions,\n  SignoutRedirectUrlOptions,\n  TokenAPI,\n  TransactionManagerInterface,\n  TransactionManagerConstructor,\n  UserClaims,\n  Endpoints,\n} from '../types';\nimport PKCE from '../util/pkce';\nimport { createEndpoints, createTokenAPI } from '../factory';\nimport { TokenManager } from '../TokenManager';\nimport { getOAuthUrls, isLoginRedirect } from '../util';\n\nimport { OktaAuthSessionInterface } from '../../session/types';\nimport { provideOriginalUri } from './node';\nexport function mixinOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n>\n(\n  Base: TBase,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>,\n): TBase & OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const WithOriginalUri = provideOriginalUri(Base);\n  return class OktaAuthOAuth extends WithOriginalUri\n  implements OktaAuthOAuthInterface<M, S, O, TM>\n  {\n    static crypto: CryptoAPI = crypto;\n    token: TokenAPI;\n    tokenManager: TokenManager;\n    transactionManager: TM;\n    pkce: PkceAPI;\n    endpoints: Endpoints;\n\n    _pending: { handleLogin: boolean };\n    _tokenQueue: PromiseQueue;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.transactionManager = new TransactionManagerConstructor(Object.assign({\n        storageManager: this.storageManager,\n      }, this.options.transactionManager));\n  \n      this.pkce = {\n        DEFAULT_CODE_CHALLENGE_METHOD: PKCE.DEFAULT_CODE_CHALLENGE_METHOD,\n        generateVerifier: PKCE.generateVerifier,\n        computeChallenge: PKCE.computeChallenge\n      };\n  \n      this._pending = { handleLogin: false };\n\n      this._tokenQueue = new PromiseQueue();\n\n      this.token = createTokenAPI(this, this._tokenQueue);\n\n      // TokenManager\n      this.tokenManager = new TokenManager(this, this.options.tokenManager);\n\n      this.endpoints = createEndpoints(this);\n    }\n\n    // inherited from subclass\n    clearStorage(): void {\n      super.clearStorage();\n      \n      // Clear all local tokens\n      this.tokenManager.clear();\n    }\n\n    // Returns true if both accessToken and idToken are not expired\n    // If `autoRenew` option is set, will attempt to renew expired tokens before returning.\n    // eslint-disable-next-line complexity\n    async isAuthenticated(options: IsAuthenticatedOptions = {}): Promise<boolean> {\n      // TODO: remove dependency on tokenManager options in next major version - OKTA-473815\n      const { autoRenew, autoRemove } = this.tokenManager.getOptions();\n\n      const shouldRenew = options.onExpiredToken ? options.onExpiredToken === 'renew' : autoRenew;\n      const shouldRemove = options.onExpiredToken ? options.onExpiredToken === 'remove' : autoRemove;\n\n      let { accessToken } = this.tokenManager.getTokensSync();\n      if (accessToken && this.tokenManager.hasExpired(accessToken)) {\n        accessToken = undefined;\n        if (shouldRenew) {\n          try {\n            accessToken = await this.tokenManager.renew('accessToken') as AccessToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('accessToken');\n        }\n      }\n\n      let { idToken } = this.tokenManager.getTokensSync();\n      if (idToken && this.tokenManager.hasExpired(idToken)) {\n        idToken = undefined;\n        if (shouldRenew) {\n          try {\n            idToken = await this.tokenManager.renew('idToken') as IDToken;\n          } catch {\n            // Renew errors will emit an \"error\" event \n          }\n        } else if (shouldRemove) {\n          this.tokenManager.remove('idToken');\n        }\n      }\n\n      return !!(accessToken && idToken);\n    }\n\n\n    async signInWithRedirect(opts: SigninWithRedirectOptions = {}) {\n      const { originalUri, ...additionalParams } = opts;\n      if(this._pending.handleLogin) { \n        // Don't trigger second round\n        return;\n      }\n\n      this._pending.handleLogin = true;\n      try {\n        // Trigger default signIn redirect flow\n        if (originalUri) {\n          this.setOriginalUri(originalUri);\n        }\n        const params = Object.assign({\n          // TODO: remove this line when default scopes are changed OKTA-343294\n          scopes: this.options.scopes || ['openid', 'email', 'profile']\n        }, additionalParams);\n        await this.token.getWithRedirect(params);\n      } finally {\n        this._pending.handleLogin = false;\n      }\n    }\n\n    async getUser<T extends CustomUserClaims = CustomUserClaims>(): Promise<UserClaims<T>> {\n      const { idToken, accessToken } = this.tokenManager.getTokensSync();\n      return this.token.getUserInfo(accessToken, idToken);\n    }\n  \n    getIdToken(): string | undefined {\n      const { idToken } = this.tokenManager.getTokensSync();\n      return idToken ? idToken.idToken : undefined;\n    }\n  \n    getAccessToken(): string | undefined {\n      const { accessToken } = this.tokenManager.getTokensSync();\n      return accessToken ? accessToken.accessToken : undefined;\n    }\n  \n    getRefreshToken(): string | undefined {\n      const { refreshToken } = this.tokenManager.getTokensSync();\n      return refreshToken ? refreshToken.refreshToken : undefined;\n    }\n  \n    /**\n     * Store parsed tokens from redirect url\n     */\n    async storeTokensFromRedirect(): Promise<void> {\n      const { tokens, responseType } = await this.token.parseFromUrl();\n      if (responseType !== 'none') {\n        this.tokenManager.setTokens(tokens);\n      }\n    }\n  \n    isLoginRedirect(): boolean {\n      return isLoginRedirect(this);\n    }\n\n    isPKCE(): boolean {\n      return !!this.options.pkce;\n    }\n  \n    hasResponseType(responseType: OAuthResponseType): boolean {\n      let hasResponseType = false;\n      if (Array.isArray(this.options.responseType) && this.options.responseType.length) {\n        hasResponseType = this.options.responseType.indexOf(responseType) >= 0;\n      } else {\n        hasResponseType = this.options.responseType === responseType;\n      }\n      return hasResponseType;\n    }\n  \n    isAuthorizationCodeFlow(): boolean {\n      return this.hasResponseType('code');\n    }\n\n    // Escape hatch method to make arbitrary OKTA API call\n    async invokeApiMethod(options: RequestOptions): Promise<unknown> {\n      if (!options.accessToken) {\n        const accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        options.accessToken = accessToken?.accessToken;\n      }\n      return httpRequest(this, options);\n    }\n    \n    // Revokes the access token for the application session\n    async revokeAccessToken(accessToken?: AccessToken): Promise<unknown> {\n      if (!accessToken) {\n        accessToken = (await this.tokenManager.getTokens()).accessToken as AccessToken;\n        const accessTokenKey = this.tokenManager.getStorageKeyByType('accessToken');\n        this.tokenManager.remove(accessTokenKey);\n      }\n      // Access token may have been removed. In this case, we will silently succeed.\n      if (!accessToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(accessToken);\n    }\n\n    // Revokes the refresh token for the application session\n    async revokeRefreshToken(refreshToken?: RefreshToken): Promise<unknown> {\n      if (!refreshToken) {\n        refreshToken = (await this.tokenManager.getTokens()).refreshToken as RefreshToken;\n        const refreshTokenKey = this.tokenManager.getStorageKeyByType('refreshToken');\n        this.tokenManager.remove(refreshTokenKey);\n      }\n      // Refresh token may have been removed. In this case, we will silently succeed.\n      if (!refreshToken) {\n        return Promise.resolve(null);\n      }\n      return this.token.revoke(refreshToken);\n    }\n\n    getSignOutRedirectUrl(options: SignoutRedirectUrlOptions = {}) {\n      let {\n        idToken,\n        postLogoutRedirectUri,\n        state,\n      } = options;\n      if (!idToken) {\n        idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n      if (!idToken) {\n        return '';\n      }\n      if (postLogoutRedirectUri === undefined) {\n        postLogoutRedirectUri = this.options.postLogoutRedirectUri;\n      }\n\n      const logoutUrl = getOAuthUrls(this).logoutUrl;\n      const idTokenHint = idToken.idToken; // a string\n      let logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint);\n      if (postLogoutRedirectUri) {\n        logoutUri += '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n      } \n      // State allows option parameters to be passed to logout redirect uri\n      if (state) {\n        logoutUri += '&state=' + encodeURIComponent(state);\n      }\n\n      return logoutUri;\n    }\n\n    // Revokes refreshToken or accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n    // eslint-disable-next-line complexity, max-statements\n    async signOut(options?: SignoutOptions): Promise<boolean> {\n      options = Object.assign({}, options);\n    \n      // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n      const defaultUri = window.location.origin;\n      const currentUri = window.location.href;\n      // Fix for issue/1410 - allow for no postLogoutRedirectUri to be passed, resulting in /logout default behavior\n      //    \"If no Okta session exists, this endpoint has no effect and the browser is redirected immediately to the\n      //    Okta sign-in page or the post_logout_redirect_uri (if specified).\"\n      // - https://developer.okta.com/docs/reference/api/oidc/#logout\n      const postLogoutRedirectUri = options.postLogoutRedirectUri === null ? null :\n        (options.postLogoutRedirectUri\n        || this.options.postLogoutRedirectUri\n        || defaultUri);\n      const state = options?.state;\n      \n    \n      let accessToken = options.accessToken;\n      let refreshToken = options.refreshToken;\n      const revokeAccessToken = options.revokeAccessToken !== false;\n      const revokeRefreshToken = options.revokeRefreshToken !== false;\n    \n      if (revokeRefreshToken && typeof refreshToken === 'undefined') {\n        refreshToken = this.tokenManager.getTokensSync().refreshToken as RefreshToken;\n      }\n\n      if (revokeAccessToken && typeof accessToken === 'undefined') {\n        accessToken = this.tokenManager.getTokensSync().accessToken as AccessToken;\n      }\n    \n      if (!options.idToken) {\n        options.idToken = this.tokenManager.getTokensSync().idToken as IDToken;\n      }\n\n      if (revokeRefreshToken && refreshToken) {\n        await this.revokeRefreshToken(refreshToken);\n      }\n\n      if (revokeAccessToken && accessToken) {\n        await this.revokeAccessToken(accessToken);\n      }\n\n      const logoutUri = this.getSignOutRedirectUrl({ ...options, postLogoutRedirectUri });\n      // No logoutUri? This can happen if the storage was cleared.\n      // Fallback to XHR signOut, then simulate a redirect to the post logout uri\n      if (!logoutUri) {\n        // local tokens are cleared once session is closed\n        const sessionClosed = await this.closeSession();   // can throw if the user cannot be signed out\n        const redirectUri = new URL(postLogoutRedirectUri || defaultUri); // during fallback, redirectUri cannot be null\n        if (state) {\n          redirectUri.searchParams.append('state', state);\n        }\n        if (postLogoutRedirectUri === currentUri) {\n          // window.location.reload(); // force a hard reload if URI is not changing\n          window.location.href = redirectUri.href;\n        } else {\n          window.location.assign(redirectUri.href);\n        }\n        return sessionClosed;\n      } else {\n        if (options.clearTokensBeforeRedirect) {\n          // Clear all local tokens\n          this.tokenManager.clear();\n        } else {\n          this.tokenManager.addPendingRemoveFlags();\n        }\n        // Flow ends with logout redirect\n        window.location.assign(logoutUri);\n        return true;\n      }\n    }\n\n  };\n\n}\n","import { REFERRER_PATH_STORAGE_KEY } from '../../constants';\nimport browserStorage from '../../browser/browserStorage';\nimport { OktaAuthStorageInterface } from '../../storage';\nimport { OktaAuthConstructor } from '../../base';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthOptions,\n  OriginalUriApi,\n  PKCETransactionMeta,\n} from '../types';\n\nexport function provideOriginalUri\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TBase extends OktaAuthConstructor<OktaAuthStorageInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthStorageInterface<S, O>> \n>\n(BaseClass: TBase) {\n  return class WithOriginalUri extends BaseClass implements OriginalUriApi {\n    setOriginalUri(originalUri: string, state?: string): void {\n      // always store in session storage\n      const sessionStorage = browserStorage.getSessionStorage();\n      sessionStorage.setItem(REFERRER_PATH_STORAGE_KEY, originalUri);\n  \n      // to support multi-tab flows, set a state in constructor or pass as param\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        sharedStorage.setItem(state, originalUri);\n      }\n    }\n  \n    getOriginalUri(state?: string): string | undefined {\n      // Prefer shared storage (if state is available)\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        const originalUri = sharedStorage.getItem(state);\n        if (originalUri) {\n          return originalUri;\n        }\n      }\n  \n      // Try to load from session storage\n      const storage = browserStorage.getSessionStorage();\n      return storage ? storage.getItem(REFERRER_PATH_STORAGE_KEY) || undefined : undefined;\n    }\n  \n    removeOriginalUri(state?: string): void {\n      // Remove from sessionStorage\n      const storage = browserStorage.getSessionStorage();\n      storage.removeItem(REFERRER_PATH_STORAGE_KEY);\n  \n      // Also remove from shared storage\n      state = state || this.options.state;\n      if (state) {\n        const sharedStorage = this.storageManager.getOriginalUriStorage();\n        sharedStorage.removeItem && sharedStorage.removeItem(state);\n      }\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n \n// eslint-disable-next-line @typescript-eslint/ban-ts-comment\n// @ts-ignore \n// Do not use this type in code, so it won't be emitted in the declaration output\nimport PCancelable from 'p-cancelable';\nimport { AuthSdkError } from '../errors';\nimport {\n  EVENT_ADDED,\n  EVENT_REMOVED,\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface\n} from '../oidc';\nimport {\n  AuthState,\n  AuthStateLogOptions,\n  OktaAuthCoreOptions,\n} from './types';\nimport { PromiseQueue, getConsole } from '../util';\n\nexport const INITIAL_AUTH_STATE = null;\nconst DEFAULT_PENDING = {\n  updateAuthStatePromise: null,\n  canceledTimes: 0\n};\nconst EVENT_AUTH_STATE_CHANGE = 'authStateChange';\nconst MAX_PROMISE_CANCEL_TIMES = 10;\n\n// only compare first level of authState\nconst isSameAuthState = (prevState: AuthState | null, state: AuthState) => {\n  // initial state is null\n  if (!prevState) {\n    return false;\n  }\n\n  return prevState.isAuthenticated === state.isAuthenticated \n    && JSON.stringify(prevState.idToken) === JSON.stringify(state.idToken)\n    && JSON.stringify(prevState.accessToken) === JSON.stringify(state.accessToken)\n    && prevState.error === state.error;\n};\n\n\nexport class AuthStateManager\n<\n  M extends OAuthTransactionMeta,\n  S extends OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions\n>\n{\n  _sdk: OktaAuthOAuthInterface<M, S, O>;\n  _pending: { \n    updateAuthStatePromise: any;\n    canceledTimes: number; \n  };\n  _authState: AuthState | null;\n  _prevAuthState: AuthState | null;\n  _logOptions: AuthStateLogOptions;\n  _transformQueue: PromiseQueue;\n\n  constructor(sdk: OktaAuthOAuthInterface<M, S, O>) {\n    if (!sdk.emitter) {\n      throw new AuthSdkError('Emitter should be initialized before AuthStateManager');\n    }\n\n    this._sdk = sdk;\n    this._pending = { ...DEFAULT_PENDING };\n    this._authState = INITIAL_AUTH_STATE;\n    this._logOptions = {};\n    this._prevAuthState = null;\n    this._transformQueue = new PromiseQueue({\n      quiet: true\n    });\n\n    // Listen on tokenManager events to start updateState process\n    // \"added\" event is emitted in both add and renew process\n    // Only listen on \"added\" event to update auth state\n    sdk.tokenManager.on(EVENT_ADDED, (key, token) => {\n      this._setLogOptions({ event: EVENT_ADDED, key, token });\n      this.updateAuthState();\n    });\n    sdk.tokenManager.on(EVENT_REMOVED, (key, token) => {\n      this._setLogOptions({ event: EVENT_REMOVED, key, token });\n      this.updateAuthState();\n    });\n  }\n\n  _setLogOptions(options) {\n    this._logOptions = options;\n  }\n\n  getAuthState(): AuthState | null {\n    return this._authState;\n  }\n\n  getPreviousAuthState(): AuthState | null {\n    return this._prevAuthState;\n  }\n\n  async updateAuthState(): Promise<AuthState> {\n    const { transformAuthState, devMode } = this._sdk.options;\n\n    const log = (status) => {\n      const { event, key, token } = this._logOptions;\n      getConsole().group(`OKTA-AUTH-JS:updateAuthState: Event:${event} Status:${status}`);\n      getConsole().log(key, token);\n      getConsole().log('Current authState', this._authState);\n      getConsole().groupEnd();\n      \n      // clear log options after logging\n      this._logOptions = {};\n    };\n\n    const emitAuthStateChange = (authState) => {\n      if (isSameAuthState(this._authState, authState)) {\n        devMode && log('unchanged'); \n        return;\n      }\n      this._prevAuthState = this._authState;\n      this._authState = authState;\n      // emit new authState object\n      this._sdk.emitter.emit(EVENT_AUTH_STATE_CHANGE, { ...authState });\n      devMode && log('emitted');\n    };\n\n    const finalPromise = (origPromise) => {       \n      return this._pending.updateAuthStatePromise.then(() => {\n        const curPromise = this._pending.updateAuthStatePromise;\n        if (curPromise && curPromise !== origPromise) {\n          return finalPromise(curPromise);\n        }\n        return this.getAuthState();\n      });\n    };\n\n    if (this._pending.updateAuthStatePromise) {\n      if (this._pending.canceledTimes >= MAX_PROMISE_CANCEL_TIMES) {\n        // stop canceling then starting a new promise\n        // let existing promise finish to prevent running into loops\n        devMode && log('terminated');\n        return finalPromise(this._pending.updateAuthStatePromise);\n      } else {\n        this._pending.updateAuthStatePromise.cancel();\n      }\n    }\n\n    /* eslint-disable complexity */\n    const cancelablePromise = new PCancelable((resolve, _, onCancel) => {\n      onCancel.shouldReject = false;\n      onCancel(() => {\n        this._pending.updateAuthStatePromise = null;\n        this._pending.canceledTimes = this._pending.canceledTimes + 1;\n        devMode && log('canceled');\n      });\n\n      const emitAndResolve = (authState) => {\n        if (cancelablePromise.isCanceled) {\n          resolve();\n          return;\n        }\n        // emit event and resolve promise \n        emitAuthStateChange(authState);\n        resolve();\n\n        // clear pending states after resolve\n        this._pending = { ...DEFAULT_PENDING };\n      };\n\n      this._sdk.isAuthenticated()\n        .then(() => {\n          if (cancelablePromise.isCanceled) {\n            resolve();\n            return;\n          }\n\n          const { accessToken, idToken, refreshToken } = this._sdk.tokenManager.getTokensSync();\n          const authState = {\n            accessToken,\n            idToken,\n            refreshToken,\n            isAuthenticated: !!(accessToken && idToken)\n          };\n\n          // Enqueue transformAuthState so that it does not run concurrently\n          const promise: Promise<AuthState> = transformAuthState\n            ? this._transformQueue.push(transformAuthState, null, this._sdk, authState) as Promise<AuthState>\n            : Promise.resolve(authState);\n\n          promise\n            .then(authState => emitAndResolve(authState))\n            .catch(error => emitAndResolve({\n              accessToken, \n              idToken, \n              refreshToken,\n              isAuthenticated: false, \n              error\n            }));\n        });\n    });\n    /* eslint-enable complexity */\n    this._pending.updateAuthStatePromise = cancelablePromise;\n\n    return finalPromise(cancelablePromise);\n  }\n\n  subscribe(handler): void {\n    this._sdk.emitter.on(EVENT_AUTH_STATE_CHANGE, handler);\n  }\n\n  unsubscribe(handler?): void {\n    this._sdk.emitter.off(EVENT_AUTH_STATE_CHANGE, handler);\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport { EVENT_EXPIRED, TokenManagerInterface, isRefreshToken } from '../oidc/types';\nimport { isBrowser } from '../features';\n\nexport class AutoRenewService implements ServiceInterface {\n  private tokenManager: TokenManagerInterface;\n  private options: ServiceManagerOptions;\n  private renewTimeQueue: Array<number>;\n  private started = false;\n\n  constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n    this.tokenManager = tokenManager;\n    this.options = options;\n    this.renewTimeQueue = [];\n    this.onTokenExpiredHandler = this.onTokenExpiredHandler.bind(this);\n  }\n  \n  private shouldThrottleRenew(): boolean {\n    let res = false;\n    this.renewTimeQueue.push(Date.now());\n    if (this.renewTimeQueue.length >= 10) {\n      // get and remove first item from queue\n      const firstTime = this.renewTimeQueue.shift() as number;\n      const lastTime = this.renewTimeQueue[this.renewTimeQueue.length - 1];\n      res = (lastTime - firstTime) < 30 * 1000;\n    }\n    return res;\n  }\n\n  requiresLeadership() {\n    // If tokens sync storage is enabled, handle tokens expiration only in 1 leader tab\n    return !!this.options.syncStorage && isBrowser();\n  }\n\n  private processExpiredTokens() {\n    const tokenStorage = this.tokenManager.getStorage();\n    const tokens = tokenStorage.getStorage();\n    Object.keys(tokens).forEach(key => {\n      const token = tokens[key];\n      if (!isRefreshToken(token) && this.tokenManager.hasExpired(token)) {\n        this.onTokenExpiredHandler(key);\n      }\n    });\n  }\n\n  private onTokenExpiredHandler(key: string) {\n    if (this.options.autoRenew) {\n      if (this.shouldThrottleRenew()) {\n        const error = new AuthSdkError('Too many token renew requests');\n        this.tokenManager.emitError(error);\n      } else {\n        this.tokenManager.renew(key).catch(() => {}); // Renew errors will emit an \"error\" event \n      }\n    } else if (this.options.autoRemove) {\n      this.tokenManager.remove(key);\n    }\n  }\n\n  canStart() {\n    return (!!this.options.autoRenew || !!this.options.autoRemove) && !this.started;\n  }\n\n  async start() {\n    if (this.canStart()) {\n      this.tokenManager.on(EVENT_EXPIRED, this.onTokenExpiredHandler);\n      if (this.tokenManager.isStarted()) {\n        // If token manager has been already started, we could miss token expire events,\n        //  so need to process expired tokens manually.\n        this.processExpiredTokens();\n      }\n      this.started = true;\n    }\n  }\n\n  async stop() {\n    if (this.started) {\n      this.tokenManager.off(EVENT_EXPIRED, this.onTokenExpiredHandler);\n      this.renewTimeQueue = [];\n      this.started = false;\n    }\n  }\n\n  isStarted() {\n    return this.started;\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { BroadcastChannel } from 'broadcast-channel';\nimport { isBrowser } from '../features';\nimport {\n  ServiceManagerOptions, ServiceInterface\n} from '../core/types';\nimport {\n  Token, Tokens, \n  EVENT_ADDED, EVENT_REMOVED, EVENT_RENEWED, EVENT_SET_STORAGE, TokenManagerInterface\n} from '../oidc/types';\nimport { AuthSdkError } from '../errors';\n\nexport type SyncMessage = {\n  type: string;\n  key?: string;\n  token?: Token;\n  oldToken?: Token;\n  storage?: Tokens;\n};\nexport class SyncStorageService implements ServiceInterface {\n  private tokenManager: TokenManagerInterface;\n  private options: ServiceManagerOptions;\n  private channel?: BroadcastChannel<SyncMessage>;\n  private started = false;\n  private enablePostMessage = true;\n\n  constructor(tokenManager: TokenManagerInterface, options: ServiceManagerOptions = {}) {\n    this.tokenManager = tokenManager;\n    this.options = options;\n    this.onTokenAddedHandler = this.onTokenAddedHandler.bind(this);\n    this.onTokenRemovedHandler = this.onTokenRemovedHandler.bind(this);\n    this.onTokenRenewedHandler = this.onTokenRenewedHandler.bind(this);\n    this.onSetStorageHandler = this.onSetStorageHandler.bind(this);\n    this.onSyncMessageHandler = this.onSyncMessageHandler.bind(this);\n  }\n\n  requiresLeadership() {\n    return false;\n  }\n\n  isStarted() {\n    return this.started;\n  }\n\n  canStart() {\n    return !!this.options.syncStorage && isBrowser() && !this.started;\n  }\n\n  async start() {\n    if (!this.canStart()) {\n      return;\n    }\n    \n    const { syncChannelName } = this.options;\n    try {\n      // BroadcastChannel throws if no supported method can be found\n      this.channel = new BroadcastChannel(syncChannelName as string);\n    } catch (err) {\n      throw new AuthSdkError('SyncStorageService is not supported in current browser.');\n    }\n\n    this.tokenManager.on(EVENT_ADDED, this.onTokenAddedHandler);\n    this.tokenManager.on(EVENT_REMOVED, this.onTokenRemovedHandler);\n    this.tokenManager.on(EVENT_RENEWED, this.onTokenRenewedHandler);\n    this.tokenManager.on(EVENT_SET_STORAGE, this.onSetStorageHandler);\n    this.channel.addEventListener('message', this.onSyncMessageHandler);\n    this.started = true;\n  }\n\n  async stop() {\n    if (this.started) {\n      this.tokenManager.off(EVENT_ADDED, this.onTokenAddedHandler);\n      this.tokenManager.off(EVENT_REMOVED, this.onTokenRemovedHandler);\n      this.tokenManager.off(EVENT_RENEWED, this.onTokenRenewedHandler);\n      this.tokenManager.off(EVENT_SET_STORAGE, this.onSetStorageHandler);\n      this.channel?.removeEventListener('message', this.onSyncMessageHandler);\n      await this.channel?.close();\n      this.channel = undefined;\n      this.started = false;\n    }\n  }\n\n  private onTokenAddedHandler(key: string, token: Token) {\n    if (!this.enablePostMessage) {\n      return;\n    }\n    this.channel?.postMessage({\n      type: EVENT_ADDED,\n      key,\n      token\n    });\n  }\n\n  private onTokenRemovedHandler(key: string, token: Token) {\n    if (!this.enablePostMessage) {\n      return;\n    }\n    this.channel?.postMessage({\n      type: EVENT_REMOVED,\n      key,\n      token\n    });\n  }\n\n  private onTokenRenewedHandler(key: string, token: Token, oldToken?: Token) {\n    if (!this.enablePostMessage) {\n      return;\n    }\n    this.channel?.postMessage({\n      type: EVENT_RENEWED,\n      key,\n      token,\n      oldToken\n    });\n  }\n\n  private onSetStorageHandler(storage: Tokens) {\n    this.channel?.postMessage({\n      type: EVENT_SET_STORAGE,\n      storage\n    });\n  }\n\n  /* eslint-disable complexity */\n  private onSyncMessageHandler(msg: SyncMessage) {\n    // Notes:\n    // 1. Using `enablePostMessage` flag here to prevent sync message loop.\n    //    If this flag is on, tokenManager event handlers do not post sync message.\n    // 2. IE11 has known issue with synchronization of LocalStorage cross tabs.\n    //    One workaround is to set empty event handler for `window.onstorage`.\n    //    But it's not 100% working, sometimes you still get old value from LocalStorage.\n    //    Better approch is to explicitly udpate LocalStorage with `setStorage`.\n\n    this.enablePostMessage = false;\n    switch (msg.type) {\n      case EVENT_SET_STORAGE:\n        this.tokenManager.getStorage().setStorage(msg.storage);\n        break;\n      case EVENT_ADDED:\n        this.tokenManager.emitAdded(msg.key!, msg.token!);\n        this.tokenManager.setExpireEventTimeout(msg.key!, msg.token!);\n        break;\n      case EVENT_REMOVED:\n        this.tokenManager.clearExpireEventTimeout(msg.key!);\n        this.tokenManager.emitRemoved(msg.key!, msg.token!);\n        break;\n      case EVENT_RENEWED:\n        this.tokenManager.emitRenewed(msg.key!, msg.token!, msg.oldToken);\n        break;\n      default:\n        break;\n    }\n    this.enablePostMessage = true;\n  }\n} ","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { ServiceInterface, ServiceManagerOptions } from '../core/types';\nimport {\n  BroadcastChannel,\n  createLeaderElection,\n  LeaderElector\n} from 'broadcast-channel';\nimport { isBrowser } from '../features';\n\ndeclare type OnLeaderHandler = (() => Promise<void>);\ndeclare type ServiceOptions = ServiceManagerOptions & {\n  onLeader?: OnLeaderHandler;\n};\n\nexport class LeaderElectionService implements ServiceInterface {\n  private options: ServiceOptions;\n  private channel?: BroadcastChannel;\n  private elector?: LeaderElector;\n  private started = false;\n\n  constructor(options: ServiceOptions = {}) {\n    this.options = options;\n    this.onLeaderDuplicate = this.onLeaderDuplicate.bind(this);\n    this.onLeader = this.onLeader.bind(this);\n  }\n\n  private onLeaderDuplicate() {\n  }\n\n  private async onLeader() {\n    await this.options.onLeader?.();\n  }\n\n  isLeader() {\n    return !!this.elector?.isLeader;\n  }\n\n  hasLeader() {\n    return !!this.elector?.hasLeader;\n  }\n\n  async start() {\n    if (this.canStart()) {\n      const { electionChannelName } = this.options;\n      this.channel = new BroadcastChannel(electionChannelName as string);\n      this.elector = createLeaderElection(this.channel);\n      this.elector.onduplicate = this.onLeaderDuplicate;\n      this.elector.awaitLeadership().then(this.onLeader);\n      this.started = true;\n    }\n  }\n\n  async stop() {\n    if (this.started) {\n      if (this.elector) {\n        await this.elector.die();\n        this.elector = undefined;\n      }\n      if (this.channel) {\n        // Workaround to fix error `Failed to execute 'postMessage' on 'BroadcastChannel': Channel is closed`\n        (this.channel as any).postInternal = () => Promise.resolve();\n        await this.channel.close();\n        this.channel = undefined;\n      }\n      this.started = false;\n    }\n  }\n\n  requiresLeadership() {\n    return false;\n  }\n\n  isStarted() {\n    return this.started;\n  }\n\n  canStart() {\n    return isBrowser() && !this.started;\n  }\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport {\n  OAuthTransactionMeta,\n  OAuthStorageManagerInterface,\n} from '../../oidc';\n\nimport {\n  ServiceManagerInterface,\n  ServiceInterface,\n  ServiceManagerOptions,\n  OktaAuthCoreInterface,\n  OktaAuthCoreOptions\n} from '../types';\nimport { AutoRenewService, SyncStorageService, LeaderElectionService } from '../../services';\nimport { removeNils } from '../../util';\n\nconst AUTO_RENEW = 'autoRenew';\nconst SYNC_STORAGE = 'syncStorage';\nconst LEADER_ELECTION = 'leaderElection';\n\nexport class ServiceManager\n<\n  M extends OAuthTransactionMeta,\n  S extends OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions\n>\nimplements ServiceManagerInterface \n{\n  private sdk: OktaAuthCoreInterface<M, S, O>;\n  private options: ServiceManagerOptions;\n  private services: Map<string, ServiceInterface>;\n  private started: boolean;\n\n  private static knownServices = [AUTO_RENEW, SYNC_STORAGE, LEADER_ELECTION];\n\n  private static defaultOptions = {\n    autoRenew: true,\n    autoRemove: true,\n    syncStorage: true\n  };\n\n  constructor(sdk: OktaAuthCoreInterface<M, S, O>, options: ServiceManagerOptions = {}) {\n    this.sdk = sdk;\n    this.onLeader = this.onLeader.bind(this);\n\n    // TODO: backwards compatibility, remove in next major version - OKTA-473815\n    const { autoRenew, autoRemove, syncStorage } = sdk.tokenManager.getOptions();\n    options.electionChannelName = options.electionChannelName || options.broadcastChannelName;\n    this.options = Object.assign({}, \n      ServiceManager.defaultOptions,\n      { autoRenew, autoRemove, syncStorage }, \n      {\n        electionChannelName: `${sdk.options.clientId}-election`,\n        syncChannelName: `${sdk.options.clientId}-sync`,\n      },\n      removeNils(options)\n    );\n\n    this.started = false;\n    this.services = new Map();\n\n    ServiceManager.knownServices.forEach(name => {\n      const svc = this.createService(name);\n      if (svc) {\n        this.services.set(name, svc);\n      }\n    });\n  }\n\n  private async onLeader() {\n    if (this.started) {\n      // Start services that requires leadership\n      await this.startServices();\n    }\n  }\n\n  isLeader() {\n    return (this.getService(LEADER_ELECTION) as LeaderElectionService)?.isLeader();\n  }\n\n  isLeaderRequired() {\n    return [...this.services.values()].some(srv => srv.canStart() && srv.requiresLeadership());\n  }\n\n  async start() {\n    if (this.started) {\n      return;     // noop if services have already started\n    }\n    await this.startServices();\n    this.started = true;\n  }\n  \n  async stop() {\n    await this.stopServices();\n    this.started = false;\n  }\n\n  getService(name: string): ServiceInterface | undefined {\n    return this.services.get(name);\n  }\n\n  private async startServices() {\n    for (const [name, srv] of this.services.entries()) {\n      if (this.canStartService(name, srv)) {\n        await srv.start();\n      }\n    }\n  }\n\n  private async stopServices() {\n    for (const srv of this.services.values()) {\n      await srv.stop();\n    }\n  }\n\n  // eslint-disable-next-line complexity\n  private canStartService(name: string, srv: ServiceInterface): boolean {\n    let canStart = srv.canStart() && !srv.isStarted();\n    // only start election if a leader is required\n    if (name === LEADER_ELECTION) {\n      canStart &&= this.isLeaderRequired();\n    } else if (srv.requiresLeadership()) {\n      canStart &&= this.isLeader();\n    }\n    return canStart;\n  }\n\n  private createService(name: string): ServiceInterface {\n    const tokenManager = this.sdk.tokenManager;\n\n    let service: ServiceInterface;\n    switch (name) {\n      case LEADER_ELECTION:\n        service = new LeaderElectionService({...this.options, onLeader: this.onLeader});\n        break;\n      case AUTO_RENEW:\n        service = new AutoRenewService(tokenManager, {...this.options});\n        break;\n      case SYNC_STORAGE:\n        service = new SyncStorageService(tokenManager, {...this.options});\n        break;\n      default:\n        throw new Error(`Unknown service ${name}`);\n    }\n    return service;\n  }\n\n}\n","import { parseOAuthResponseFromUrl } from '../oidc/parseFromUrl';\nimport { OktaAuthConstructor } from '../base/types';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  PKCETransactionMeta,\n  Tokens,\n  TransactionManagerInterface,\n} from '../oidc/types';\nimport { AuthStateManager } from './AuthStateManager';\nimport { ServiceManager } from './ServiceManager';\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\n\nexport function mixinCore\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n  return class OktaAuthCore extends Base implements OktaAuthCoreInterface<M, S, O, TM>\n  {\n    authStateManager: AuthStateManager<M, S, O>;\n    serviceManager: ServiceManager<M, S, O>;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      // AuthStateManager\n      this.authStateManager = new AuthStateManager<M, S, O>(this);\n\n      // ServiceManager\n      this.serviceManager = new ServiceManager<M, S, O>(this, this.options.services);\n    }\n\n    async start() {\n      await this.serviceManager.start();\n      // TODO: review tokenManager.start\n      this.tokenManager.start();\n      if (!this.token.isLoginRedirect()) {\n        await this.authStateManager.updateAuthState();\n      }\n    }\n  \n    async stop() {\n      // TODO: review tokenManager.stop\n      this.tokenManager.stop();\n      await this.serviceManager.stop();\n    }\n\n    async handleRedirect(originalUri?: string): Promise<void> {\n      await this.handleLoginRedirect(undefined, originalUri);\n    }\n\n    // eslint-disable-next-line complexity\n    async handleLoginRedirect(tokens?: Tokens, originalUri?: string): Promise<void> {\n      let state = this.options.state;\n  \n      // Store tokens and update AuthState by the emitted events\n      if (tokens) {\n        this.tokenManager.setTokens(tokens);\n        originalUri = originalUri || this.getOriginalUri(this.options.state);\n      } else if (this.isLoginRedirect()) {\n        try {\n          // For redirect flow, get state from the URL and use it to retrieve the originalUri\n          const oAuthResponse = await parseOAuthResponseFromUrl(this, {});\n          state = oAuthResponse.state;\n          originalUri = originalUri || this.getOriginalUri(state);\n          await this.storeTokensFromRedirect();\n        } catch(e) {\n          // auth state should be updated\n          await this.authStateManager.updateAuthState();\n          throw e;\n        }\n      } else {\n        return; // nothing to do\n      }\n      \n      // ensure auth state has been updated\n      await this.authStateManager.updateAuthState();\n  \n      // clear originalUri from storage\n      this.removeOriginalUri(state);\n  \n      // Redirect to originalUri\n      const { restoreOriginalUri } = this.options;\n      if (restoreOriginalUri) {\n        await restoreOriginalUri(this, originalUri);\n      } else if (originalUri) {\n        window.location.replace(originalUri);\n      }\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\nimport { omit, getLink, toQueryString } from '../util';\nimport { get, post, httpRequest } from '../http';\n\nfunction sessionExists(sdk) {\n  return sdk.session.get()\n    .then(function(res) {\n      if (res.status === 'ACTIVE') {\n        return true;\n      }\n      return false;\n    })\n    .catch(function() {\n      return false;\n    });\n}\n\nfunction getSession(sdk) { \n  return get(sdk, '/api/v1/sessions/me', { withCredentials: true })\n  .then(function(session) {\n    var res = omit(session, '_links');\n\n    res.refresh = function() {\n      return post(sdk, getLink(session, 'refresh').href, {}, { withCredentials: true });\n    };\n\n    res.user = function() {\n      return get(sdk, getLink(session, 'user').href, { withCredentials: true });\n    };\n\n    return res;\n  })\n  .catch(function() {\n    // Return INACTIVE status on failure\n    return {status: 'INACTIVE'};\n  });\n}\n\nfunction closeSession(sdk) {\n  return httpRequest(sdk, {\n    url: sdk.getIssuerOrigin() + '/api/v1/sessions/me',\n    method: 'DELETE',\n    withCredentials: true\n  });\n}\n\nfunction refreshSession(sdk) {\n  return post(sdk, '/api/v1/sessions/me/lifecycle/refresh', {}, { withCredentials: true });\n}\n\nfunction setCookieAndRedirect(sdk, sessionToken, redirectUrl) {\n  redirectUrl = redirectUrl || window.location.href;\n  window.location.assign(sdk.getIssuerOrigin() + '/login/sessionCookieRedirect' +\n    toQueryString({\n      checkAccountSetupComplete: true,\n      token: sessionToken,\n      redirectUrl: redirectUrl\n    }));\n}\n\nexport {\n  sessionExists,\n  getSession,\n  closeSession,\n  refreshSession,\n  setCookieAndRedirect\n};\n","import { SessionAPI } from './types';\nimport { closeSession, getSession, refreshSession, sessionExists, setCookieAndRedirect } from './api';\nimport { OktaAuthBaseInterface } from '../base/types';\n\nexport function createSessionApi(sdk: OktaAuthBaseInterface): SessionAPI {\n  const session = {\n    close: closeSession.bind(null, sdk),\n    exists: sessionExists.bind(null, sdk),\n    get: getSession.bind(null, sdk),\n    refresh: refreshSession.bind(null, sdk),\n    setCookieAndRedirect: setCookieAndRedirect.bind(null, sdk)\n  };\n  return session;\n}\n","import { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { OktaAuthConstructor } from '../base/types';\nimport { createSessionApi } from './factory';\nimport {\n  OktaAuthSessionInterface, SessionAPI,\n} from './types';\nimport { StorageManagerInterface } from '../storage/types';\n\nexport function mixinSession\n<\n  S extends StorageManagerInterface = StorageManagerInterface,\n  O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n  TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthSessionInterface<S, O>>\n{\n  return class OktaAuthSession extends Base implements OktaAuthSessionInterface<S, O>\n  {\n    session: SessionAPI;\n\n    constructor(...args: any[]) {\n      super(...args);\n\n      this.session = createSessionApi(this);\n    }\n\n    // Ends the current Okta SSO session without redirecting to Okta.\n    closeSession(): Promise<boolean> {\n      return this.session.close() // DELETE /api/v1/sessions/me\n      .then(async () => {\n        // Clear all local tokens\n        this.clearStorage();\n        return true;\n      })\n      .catch(function(e) {\n        if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n          // Session does not exist or has already been closed\n          return false;\n        }\n        throw e;\n      });\n    }\n  };\n}\n","import { StorageManagerConstructor } from '../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../base/types';\n\nimport { OktaAuthCoreInterface, OktaAuthCoreOptions } from './types';\nimport { createOktaAuthBase } from '../base';\nimport { mixinStorage } from '../storage/mixin';\nimport { mixinHttp } from '../http/mixin';\nimport { mixinOAuth } from '../oidc/mixin';\nimport {\n  OAuthStorageManagerInterface,\n  PKCETransactionMeta,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../oidc/types';\nimport { mixinCore } from './mixin';\nimport { mixinSession } from '../session/mixin';\n\nexport function createOktaAuthCore<\n  M extends PKCETransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n>(\n  StorageManagerConstructor: StorageManagerConstructor<S>,\n  OptionsConstructor: OktaAuthOptionsConstructor<O>,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>\n): OktaAuthConstructor<OktaAuthCoreInterface<M, S, O, TM>>\n{\n  const Base = createOktaAuthBase(OptionsConstructor);\n  const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n  const WithHttp = mixinHttp<S, O>(WithStorage);\n  const WithSession = mixinSession<S, O>(WithHttp);\n  const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n  const Core = mixinCore<M, S, O, TM>(WithOAuth);\n  return Core;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { base64UrlToBuffer, bufferToBase64Url } from '../crypto/base64';\nimport {\n  ActivationData,\n  ChallengeData,\n  IdxAuthenticator,\n} from './types';\n\n\n// Get known credentials from list of enrolled authenticators\nconst getEnrolledCredentials = (authenticatorEnrollments: IdxAuthenticator[] = []) => {\n  const credentials: PublicKeyCredentialDescriptor[] = [];\n  authenticatorEnrollments.forEach((enrollement) => {\n    if (enrollement.key === 'webauthn') {\n      credentials.push({\n        type: 'public-key',\n        id: base64UrlToBuffer(enrollement.credentialId),\n      });\n    }\n  });\n  return credentials;\n};\n\n// Build options for navigator.credentials.create\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create\nexport const buildCredentialCreationOptions = (\n  activationData: ActivationData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n  return {\n    publicKey: {\n      rp: activationData.rp,\n      user: {\n        id: base64UrlToBuffer(activationData.user.id),\n        name: activationData.user.name,\n        displayName: activationData.user.displayName\n      },\n      challenge: base64UrlToBuffer(activationData.challenge),\n      pubKeyCredParams: activationData.pubKeyCredParams,\n      attestation: activationData.attestation,\n      authenticatorSelection: activationData.authenticatorSelection,\n      excludeCredentials: getEnrolledCredentials(authenticatorEnrollments),\n    }\n  } as CredentialCreationOptions;\n};\n\n\n// Build options for navigator.credentials.get\n// https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get\nexport const buildCredentialRequestOptions = (\n  challengeData: ChallengeData, authenticatorEnrollments: IdxAuthenticator[]\n) => {\n  return {\n    publicKey: {\n      challenge: base64UrlToBuffer(challengeData.challenge),\n      userVerification: challengeData.userVerification,\n      allowCredentials: getEnrolledCredentials(authenticatorEnrollments),\n    }\n  } as CredentialRequestOptions;\n};\n\n// Build attestation for webauthn enroll\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAttestationResponse\nexport const getAttestation = (credential: PublicKeyCredential) => {\n  const response = credential.response as AuthenticatorAttestationResponse;\n  const id = credential.id;\n  const clientData = bufferToBase64Url(response.clientDataJSON);\n  const attestation = bufferToBase64Url(response.attestationObject);\n  return {\n    id,\n    clientData,\n    attestation\n  };\n};\n\n// Build assertion for webauthn verification\n// https://developer.mozilla.org/en-US/docs/Web/API/AuthenticatorAssertionResponse\nexport const getAssertion = (credential: PublicKeyCredential) => {\n  const response = credential.response as AuthenticatorAssertionResponse;\n  const id = credential.id;\n  const clientData = bufferToBase64Url(response.clientDataJSON);\n  const authenticatorData = bufferToBase64Url(response.authenticatorData);\n  const signatureData = bufferToBase64Url(response.signature);\n  return {\n    id,\n    clientData,\n    authenticatorData,\n    signatureData\n  };\n};\n","import { OktaAuthConstructor } from '../base/types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\nimport {\n  IdxAPI, \n  IdxTransactionManagerInterface, \n  OktaAuthIdxInterface, \n  OktaAuthIdxConstructor, \n  OktaAuthIdxOptions, \n  WebauthnAPI\n} from './types';\nimport { IdxTransactionMeta } from './types/meta';\nimport { IdxStorageManagerInterface } from './types/storage';\nimport { createIdxAPI } from './factory/api';\nimport * as webauthn from './webauthn';\n\nexport function mixinIdx\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n>\n(Base: TBase): TBase & OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM>>\n{\n  return class OktaAuthIdx extends Base implements OktaAuthIdxInterface<M, S, O, TM>\n  {\n    idx: IdxAPI;\n    static webauthn: WebauthnAPI = webauthn;\n    \n    constructor(...args: any[]) {\n      super(...args);\n      this.idx = createIdxAPI(this);\n    }\n  };\n}\n","import { createOktaAuthCore } from '../../core/factory';\nimport { OktaAuthOptionsConstructor } from '../../base/types';\nimport { StorageManagerConstructor } from '../../storage/types';\nimport { IdxTransactionManagerInterface, OktaAuthIdxInterface, OktaAuthIdxConstructor } from '../types/api';\nimport { IdxTransactionMeta } from '../types/meta';\nimport { IdxStorageManagerInterface } from '../types/storage';\nimport { OktaAuthIdxOptions } from '../types/options';\nimport { mixinIdx } from '../mixin';\nimport { TransactionManagerConstructor } from '../../oidc/types';\nimport { OktaAuthCoreInterface } from '../../core/types';\n\nexport function createOktaAuthIdx<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>,\n  O extends OktaAuthIdxOptions = OktaAuthIdxOptions,\n  TM extends IdxTransactionManagerInterface = IdxTransactionManagerInterface\n>(\n  StorageManagerConstructor: StorageManagerConstructor<S>,\n  OptionsConstructor: OktaAuthOptionsConstructor<O>,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>\n)\n: OktaAuthIdxConstructor<OktaAuthIdxInterface<M, S, O, TM> & OktaAuthCoreInterface<M, S, O, TM>>\n{\n  const Core = createOktaAuthCore<M, S, O, TM>(\n    StorageManagerConstructor,\n    OptionsConstructor,\n    TransactionManagerConstructor\n  );\n  const WithIdx = mixinIdx(Core);\n  return WithIdx;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { OktaAuthBaseOptions } from './types';\n\nexport function createBaseOptionsConstructor() {\n\n  return class BaseOptionsConstructor implements Required<OktaAuthBaseOptions> {\n    devMode: boolean;\n\n    constructor(args: any) {\n      this.devMode = !!args.devMode;\n    }\n  };\n\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\nimport { StorageManagerOptions, StorageUtil, OktaAuthStorageOptions } from '../types';\nimport { warn } from '../../util';\n\nimport { default as browserStorage } from '../../browser/browserStorage';\n\nexport function getStorage(): StorageUtil {\n  const storageUtil = Object.assign({}, browserStorage, {\n    inMemoryStore: {} // create unique storage for this instance\n  });\n  return storageUtil;\n}\n\nexport const STORAGE_MANAGER_OPTIONS: StorageManagerOptions = {\n  token: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  cache: {\n    storageTypes: [\n      'localStorage',\n      'sessionStorage',\n      'cookie'\n    ]\n  },\n  transaction: {\n    storageTypes: [\n      'sessionStorage',\n      'localStorage',\n      'cookie'\n    ]\n  },\n  'shared-transaction': {\n    storageTypes: [\n      'localStorage'\n    ]\n  },\n  'original-uri': {\n    storageTypes: [\n      'localStorage'\n    ]\n  }\n};\n\nexport function getCookieSettings(args: OktaAuthStorageOptions = {}, isHTTPS: boolean) {\n  // Secure cookies will be automatically used on a HTTPS connection\n  // Non-secure cookies will be automatically used on a HTTP connection\n  // secure option can override the automatic behavior\n  var cookieSettings = args.cookies || {};\n  if (typeof cookieSettings.secure === 'undefined') {\n    cookieSettings.secure = isHTTPS;\n  }\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n\n  // If secure=true, but the connection is not HTTPS, set secure=false.\n  if (cookieSettings.secure && !isHTTPS) {\n    // eslint-disable-next-line no-console\n    warn(\n      'The current page is not being served with the HTTPS protocol.\\n' +\n      'For security reasons, we strongly recommend using HTTPS.\\n' +\n      'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n    );\n    cookieSettings.secure = false;\n  }\n\n  // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n  // If sameSite=none, but the connection is not HTTPS, set sameSite=lax.\n  if (cookieSettings.sameSite === 'none' && !cookieSettings.secure) {\n    cookieSettings.sameSite = 'lax';\n  }\n\n  return cookieSettings;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createBaseOptionsConstructor } from '../../base';\nimport { CookieOptions, OktaAuthStorageOptions, StorageManagerOptions, StorageUtil } from '../types';\nimport { getStorage, STORAGE_MANAGER_OPTIONS, getCookieSettings } from './node';\nimport { isHTTPS } from '../../features';\n\nexport function createStorageOptionsConstructor() {\n\n  const BaseOptionsConstructor = createBaseOptionsConstructor();\n  return class StorageOptionsConstructor extends BaseOptionsConstructor implements Required<OktaAuthStorageOptions> {\n    cookies: CookieOptions;\n    storageUtil: StorageUtil;\n    storageManager: StorageManagerOptions;\n    \n    constructor(args: any) {\n      super(args);\n      this.cookies = getCookieSettings(args, isHTTPS())!;\n      this.storageUtil = args.storageUtil || getStorage();\n      this.storageManager = { ...STORAGE_MANAGER_OPTIONS, ...args.storageManager };\n    }\n  };\n}\n","/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport crossFetch from 'cross-fetch';\nimport { FetchOptions, HttpResponse } from '../http/types';\n\n// content-type = application/json OR application/ion+json\nconst appJsonContentTypeRegex = /application\\/\\w*\\+?json/;\n\nfunction readData(response: Response): Promise<object | string> {\n  if (response.headers.get('Content-Type') &&\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    response.headers.get('Content-Type')!.toLowerCase().indexOf('application/json') >= 0) {\n  return response.json()\n    // JSON parse can fail if response is not a valid object\n    .catch(e => {\n      return {\n        error: e,\n        errorSummary: 'Could not parse server response'\n      };\n    });\n  } else {\n    return response.text();\n  }\n}\n\nfunction formatResult(status: number, data: object | string, response: Response) {\n  const isObject = typeof data === 'object';\n  const headers = {};\n  for (const pair of (response.headers as any).entries()) {\n    headers[pair[0]] = pair[1];\n  }\n  const result: HttpResponse = {\n    responseText: isObject ? JSON.stringify(data) : data as string,\n    status: status,\n    headers\n  };\n  if (isObject) {\n    result.responseType = 'json';\n    result.responseJSON = data as object;\n  }\n  return result;\n}\n\n/* eslint-disable complexity */\nfunction fetchRequest(method: string, url: string, args: FetchOptions) {\n  var body = args.data;\n  var headers = args.headers || {};\n  var contentType = (headers['Content-Type'] || headers['content-type'] || '');\n\n  if (body && typeof body !== 'string') {\n    // JSON encode body (if appropriate)\n    if (appJsonContentTypeRegex.test(contentType)) {\n      body = JSON.stringify(body);\n    }\n    else if (contentType === 'application/x-www-form-urlencoded') {\n      body = Object.entries(body)\n      .map( ([param, value]) => `${param}=${encodeURIComponent(value)}` )\n      .join('&');\n    }\n  }\n\n  var fetch = global.fetch || crossFetch;\n  var fetchPromise = fetch(url, {\n    method: method,\n    headers: args.headers,\n    body: body as string,\n    credentials: args.withCredentials ? 'include' : 'omit'\n  });\n\n  if (!fetchPromise.finally) {\n    fetchPromise = Promise.resolve(fetchPromise);\n  }\n\n  return fetchPromise.then(function(response) {\n    var error = !response.ok;\n    var status = response.status;\n    return readData(response)\n      .then(data => {\n        return formatResult(status, data, response);\n      })\n      .then(result => {\n        if (error || result.responseJSON?.error) {\n          // Throwing result object since error handling is done in http.js\n          throw result;\n        }\n        return result;\n      });\n  });\n}\n\nexport default fetchRequest;\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createStorageOptionsConstructor } from '../storage';\nimport { HttpRequestClient, OktaAuthHttpOptions, RequestOptions } from './types';\nimport fetchRequest from '../fetch/fetchRequest';\n\nexport function createHttpOptionsConstructor() {\n  const StorageOptionsConstructor = createStorageOptionsConstructor();\n  return class HttpOptionsConstructor extends StorageOptionsConstructor implements Required<OktaAuthHttpOptions> {\n    issuer: string;\n    transformErrorXHR: (xhr: object) => any;\n    headers: object;\n    httpRequestClient: HttpRequestClient;\n    httpRequestInterceptors: ((request: RequestOptions) => void)[];\n    \n    constructor(args: any) {\n      super(args);\n      this.issuer = args.issuer;\n      this.transformErrorXHR = args.transformErrorXHR;\n      this.headers = args.headers;\n      this.httpRequestClient = args.httpRequestClient || fetchRequest;\n      this.httpRequestInterceptors = args.httpRequestInterceptors;\n    }\n  };\n}\n","export const enableSharedStorage = true;\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { DEFAULT_MAX_CLOCK_SKEW } from '../../constants';\nimport { removeTrailingSlash, toAbsoluteUrl } from '../../util/url';\nimport { isBrowser } from '../../features';\nimport { createHttpOptionsConstructor } from '../../http/options';\nimport {\n  OAuthResponseMode,\n  OAuthResponseType,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  SetLocationFunction,\n  TokenManagerOptions,\n  TransactionManagerOptions\n} from '../types';\nimport { enableSharedStorage } from './node';\nimport AuthSdkError from '../../errors/AuthSdkError';\n\nfunction assertValidConfig(args) {\n  args = args || {};\n\n  var scopes = args.scopes;\n  if (scopes && !Array.isArray(scopes)) {\n    throw new AuthSdkError('scopes must be a array of strings. ' +\n      'Required usage: new OktaAuth({scopes: [\"openid\", \"email\"]})');\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n  var issuer = args.issuer!;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n}\n\nexport function createOAuthOptionsConstructor() {\n  const HttpOptionsConstructor = createHttpOptionsConstructor();\n  return class OAuthOptionsConstructor\n    extends HttpOptionsConstructor\n    implements Required<OktaAuthOAuthOptions>\n  {\n    // CustomUrls\n    issuer: string;\n    authorizeUrl: string;\n    userinfoUrl: string;\n    tokenUrl: string;\n    revokeUrl: string;\n    logoutUrl: string;\n    \n    // TokenParams\n    pkce: boolean;\n    clientId: string;\n    redirectUri: string;\n    responseType: OAuthResponseType | OAuthResponseType[];\n    responseMode: OAuthResponseMode;\n    state: string;\n    scopes: string[];\n    ignoreSignature: boolean;\n    codeChallenge: string;\n    codeChallengeMethod: string;\n    acrValues: string;\n    maxAge: string | number;\n\n    // Additional options\n    tokenManager: TokenManagerOptions;\n    postLogoutRedirectUri: string;\n    restoreOriginalUri: (oktaAuth: OktaAuthOAuthInterface, originalUri?: string) => Promise<void>;\n    transactionManager: TransactionManagerOptions;\n\n    // For server-side web applications ONLY!\n    clientSecret: string;\n    setLocation: SetLocationFunction;\n\n    // Workaround for bad client time/clock\n    ignoreLifetime: boolean;\n    maxClockSkew: number;\n\n\n    // eslint-disable-next-line max-statements\n    constructor(options: any) {\n      super(options);\n      \n      assertValidConfig(options);\n      \n      this.issuer = removeTrailingSlash(options.issuer);\n      this.tokenUrl = removeTrailingSlash(options.tokenUrl);\n      this.authorizeUrl = removeTrailingSlash(options.authorizeUrl);\n      this.userinfoUrl = removeTrailingSlash(options.userinfoUrl);\n      this.revokeUrl = removeTrailingSlash(options.revokeUrl);\n      this.logoutUrl = removeTrailingSlash(options.logoutUrl);\n\n      this.pkce = options.pkce === false ? false : true; // PKCE defaults to true\n      this.clientId = options.clientId;\n      this.redirectUri = options.redirectUri;\n      if (isBrowser()) {\n        this.redirectUri = toAbsoluteUrl(options.redirectUri, window.location.origin); // allow relative URIs\n      }\n      this.responseType = options.responseType;\n      this.responseMode = options.responseMode;\n      this.state = options.state;\n      this.scopes = options.scopes;\n      // Give the developer the ability to disable token signature validation.\n      this.ignoreSignature = !!options.ignoreSignature;\n      this.codeChallenge = options.codeChallenge;\n      this.codeChallengeMethod = options.codeChallengeMethod;\n      this.acrValues = options.acrValues;\n      this.maxAge = options.maxAge;\n\n      this.tokenManager = options.tokenManager;\n      this.postLogoutRedirectUri = options.postLogoutRedirectUri;\n      this.restoreOriginalUri = options.restoreOriginalUri;\n      this.transactionManager = { enableSharedStorage, ...options.transactionManager };\n      \n      this.clientSecret = options.clientSecret;\n      this.setLocation = options.setLocation;\n      \n      // As some end user's devices can have their date \n      // and time incorrectly set, allow for the disabling\n      // of the jwt liftetime validation\n      this.ignoreLifetime = !!options.ignoreLifetime;\n\n      // Digital clocks will drift over time, so the server\n      // can misalign with the time reported by the browser.\n      // The maxClockSkew allows relaxing the time-based\n      // validation of tokens (in seconds, not milliseconds).\n      // It currently defaults to 300, because 5 min is the\n      // default maximum tolerance allowed by Kerberos.\n      // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n      if (!options.maxClockSkew && options.maxClockSkew !== 0) {\n        this.maxClockSkew = DEFAULT_MAX_CLOCK_SKEW;\n      } else {\n        this.maxClockSkew = options.maxClockSkew;\n      }\n\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createOAuthOptionsConstructor } from '../oidc';\nimport { AuthState, OktaAuthCoreInterface, OktaAuthCoreOptions, ServiceManagerOptions } from './types';\n\n\nexport function createCoreOptionsConstructor()\n{\n  const OAuthOptionsConstructor = createOAuthOptionsConstructor();\n  return class CoreOptionsConstructor\n    extends OAuthOptionsConstructor\n    implements Required<OktaAuthCoreOptions>\n  {\n    services: ServiceManagerOptions;\n    transformAuthState: (oktaAuth: OktaAuthCoreInterface, authState: AuthState) => Promise<AuthState>;\n\n    constructor(options: any) {\n      super(options);\n      this.services = options.services;\n      this.transformAuthState = options.transformAuthState;\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { createCoreOptionsConstructor } from '../core/options';\nimport { FlowIdentifier } from './types/FlowIdentifier';\nimport { OktaAuthIdxOptions } from './types/options';\n\n\nexport function createIdxOptionsConstructor() {\n  const CoreOptionsConstructor = createCoreOptionsConstructor();\n  return class IdxOptionsConstructor\n    extends CoreOptionsConstructor \n    implements Required<OktaAuthIdxOptions>\n  {\n    flow: FlowIdentifier;\n    activationToken: string;\n    recoveryToken: string;\n  \n    // BETA WARNING: configs in this section are subject to change without a breaking change notice\n    idx: {\n      useGenericRemediator?: boolean;\n      exchangeCodeForTokens?: boolean;\n    };\n  \n    constructor(options: any) {\n      super(options);\n  \n      this.flow = options.flow;\n      this.activationToken = options.activationToken;\n      this.recoveryToken = options.recoveryToken;\n      this.idx = options.idx;\n    }\n  };\n  \n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { StorageProvider, SimpleStorage } from './types';\n\n// formerly known as \"storageBuilder\". Represents an object saved under a key/name.\nexport class SavedObject implements StorageProvider {\n  storageProvider: SimpleStorage;\n  storageName: string;\n\n  constructor(storage: SimpleStorage, storageName: string) {\n    if (!storage) {\n      throw new AuthSdkError('\"storage\" is required');\n    }\n\n    if (typeof storageName !== 'string' || !storageName.length) {\n      throw new AuthSdkError('\"storageName\" is required');\n    }\n\n    this.storageName = storageName;\n    this.storageProvider = storage;\n  }\n\n  //\n  // SimpleStorage interface\n  //\n\n  getItem(key: string) {\n    return this.getStorage()[key];\n  }\n\n  setItem(key: string, value: any) {\n    return this.updateStorage(key, value);\n  }\n\n  removeItem(key: string) {\n    return this.clearStorage(key);\n  }\n\n  //\n  // StorageProvider interface\n  //\n\n  getStorage() {\n    var storageString = this.storageProvider.getItem(this.storageName);\n    storageString = storageString || '{}';\n    try {\n      return JSON.parse(storageString);\n    } catch(e) {\n      throw new AuthSdkError('Unable to parse storage string: ' + this.storageName);\n    }\n  }\n\n  setStorage(obj?: any) {\n    try {\n      var storageString = obj ? JSON.stringify(obj) : '{}';\n      this.storageProvider.setItem(this.storageName, storageString);\n    } catch(e) {\n      throw new AuthSdkError('Unable to set storage: ' + this.storageName);\n    }\n  }\n\n  clearStorage(key?: string) {\n    if (!key) {\n      // clear all\n      if (this.storageProvider.removeItem) {\n        this.storageProvider.removeItem(this.storageName);\n      } else {\n        this.setStorage();\n      }\n      return;\n    }\n\n    var obj = this.getStorage();\n    delete obj[key];\n    this.setStorage(obj);\n  }\n\n  updateStorage(key, value) {\n    var obj = this.getStorage();\n    obj[key] = value;\n    this.setStorage(obj);\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\n\nimport {\n  TOKEN_STORAGE_NAME,\n  CACHE_STORAGE_NAME,\n} from '../constants';\nimport {\n  StorageUtil,\n  StorageProvider,\n  StorageOptions,\n  CookieOptions,\n  StorageManagerOptions,\n  SimpleStorage,\n  StorageManagerInterface\n} from './types';\nimport { SavedObject } from './SavedObject';\nimport { isBrowser } from '../features';\nimport { warn } from '../util';\n\nexport function logServerSideMemoryStorageWarning(options: StorageOptions) {\n  if (!isBrowser() && !options.storageProvider && !options.storageKey) {\n    // eslint-disable-next-line max-len\n    warn('Memory storage can only support simple single user use case on server side, please provide custom storageProvider or storageKey if advanced scenarios need to be supported.');\n  }\n}\n\n\nexport class BaseStorageManager implements StorageManagerInterface {\n  storageManagerOptions: StorageManagerOptions;\n  cookieOptions: CookieOptions;\n  storageUtil: StorageUtil;\n\n  constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n    this.storageManagerOptions = storageManagerOptions;\n    this.cookieOptions = cookieOptions;\n    this.storageUtil = storageUtil;\n  }\n\n  // combines defaults in order\n  getOptionsForSection(sectionName: string, overrideOptions?: StorageOptions) {\n    return Object.assign({}, this.storageManagerOptions[sectionName], overrideOptions);\n  }\n \n  // generic method to get any available storage provider\n  // eslint-disable-next-line complexity\n  getStorage(options: StorageOptions): SimpleStorage {\n    options = Object.assign({}, this.cookieOptions, options); // set defaults\n\n    if (options.storageProvider) {\n      return options.storageProvider;\n    }\n\n    let { storageType, storageTypes } = options;\n\n    if(storageType === 'sessionStorage') {\n      options.sessionCookie = true;\n    }\n\n    // If both storageType and storageTypes are specified, then storageType will be used first\n    // If storageType cannot be used but it matches an entry in storageTypes, subsequent entries may be used as fallback\n    // if storageType does not match an entry in storageTypes then storageType is used with no fallback.\n    if (storageType && storageTypes) {\n      const idx = storageTypes.indexOf(storageType);\n      if (idx >= 0) {\n        storageTypes = storageTypes.slice(idx);\n        storageType = undefined;\n      }\n    }\n\n    if (!storageType) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      storageType = this.storageUtil.findStorageType(storageTypes!);\n    }\n    return this.storageUtil.getStorageByType(storageType, options);\n  }\n\n  // access_token, id_token, refresh_token\n  getTokenStorage(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('token', options);\n    logServerSideMemoryStorageWarning(options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || TOKEN_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n  // caches well-known response, among others\n  getHttpCache(options?: StorageOptions): StorageProvider {\n    options = this.getOptionsForSection('cache', options);\n    const storage = this.getStorage(options);\n    const storageKey = options.storageKey || CACHE_STORAGE_NAME;\n    return new SavedObject(storage, storageKey);\n  }\n\n}\n","import {\n  CookieOptions,\n  StorageManagerOptions,\n  StorageOptions,\n  StorageUtil\n} from '../storage/types';\nimport { BaseStorageManager, logServerSideMemoryStorageWarning } from '../storage/BaseStorageManager';\nimport { TransactionStorage, OAuthTransactionMeta, OAuthStorageManagerInterface, PKCETransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { ORIGINAL_URI_STORAGE_NAME, SHARED_TRANSACTION_STORAGE_NAME, TRANSACTION_STORAGE_NAME } from '../constants';\n\n\nexport function createOAuthStorageManager<M extends OAuthTransactionMeta = PKCETransactionMeta>()\n{\n  return class OAuthStorageManager\n    extends BaseStorageManager\n    implements OAuthStorageManagerInterface<M>\n  {\n    constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n      super(storageManagerOptions, cookieOptions, storageUtil);\n    }\n\n    getTransactionStorage(options?: StorageOptions): TransactionStorage<M> {\n      options = this.getOptionsForSection('transaction', options);\n      logServerSideMemoryStorageWarning(options);\n      const storage = this.getStorage(options);\n      const storageKey = options.storageKey || TRANSACTION_STORAGE_NAME;\n      return new SavedObject(storage, storageKey);\n    }\n\n    getSharedTansactionStorage(options?: StorageOptions): TransactionStorage<M> {\n      options = this.getOptionsForSection('shared-transaction', options);\n      logServerSideMemoryStorageWarning(options);\n      const storage = this.getStorage(options);\n      const storageKey = options.storageKey || SHARED_TRANSACTION_STORAGE_NAME;\n      return new SavedObject(storage, storageKey);\n    }\n\n    getOriginalUriStorage(options?: StorageOptions): TransactionStorage<M> {\n      options = this.getOptionsForSection('original-uri', options);\n      logServerSideMemoryStorageWarning(options);\n      const storage = this.getStorage(options);\n      const storageKey = options.storageKey || ORIGINAL_URI_STORAGE_NAME;\n      return new SavedObject(storage, storageKey);\n    }\n  };\n\n}\n","import { createOAuthStorageManager } from '../oidc/storage';\nimport { PKCETransactionMeta } from '../oidc/types';\n\nexport function createCoreStorageManager<M extends PKCETransactionMeta = PKCETransactionMeta>() {\n  return createOAuthStorageManager<M>();\n}\n","import { CookieOptions, StorageManagerOptions, StorageOptions, StorageUtil } from '../storage/types';\nimport {  IdxTransactionMeta } from './types';\nimport { SavedObject } from '../storage';\nimport { IDX_RESPONSE_STORAGE_NAME } from '../constants';\nimport { createCoreStorageManager } from '../core/storage';\nimport { IdxResponseStorage } from './types/storage';\nimport { isBrowser } from '../features';\nimport { warn } from '../util';\nimport AuthSdkError from '../errors/AuthSdkError';\n\nexport function createIdxStorageManager<M extends IdxTransactionMeta>()\n{\n  const CoreStorageManager = createCoreStorageManager<M>();\n  return class IdxStorageManager extends CoreStorageManager\n  {\n    constructor(storageManagerOptions: StorageManagerOptions, cookieOptions: CookieOptions, storageUtil: StorageUtil) {\n      super(storageManagerOptions, cookieOptions, storageUtil);\n    }\n\n    // intermediate idxResponse\n    // store for network traffic optimazation purpose\n    // TODO: revisit in auth-js 6.0 epic JIRA: OKTA-399791\n    getIdxResponseStorage(options?: StorageOptions): IdxResponseStorage | null {\n      let storage;\n      if (isBrowser()) {\n        // on browser side only use memory storage \n        try {\n          storage = this.storageUtil.getStorageByType('memory', options);\n        } catch (e) {\n          // it's ok to miss response storage\n          // eslint-disable-next-line max-len\n          warn('No response storage found, you may want to provide custom implementation for intermediate idx responses to optimize the network traffic');\n        }\n      } else {\n        // on server side re-use transaction custom storage\n        const transactionStorage = this.getTransactionStorage(options);\n        if (transactionStorage) {\n          storage = {\n            getItem: (key) => {\n              const transaction = transactionStorage.getStorage();\n              if (transaction && transaction[key]) {\n                return transaction[key];\n              }\n              return null;\n            },\n            setItem: (key, val) => {\n              const transaction = transactionStorage.getStorage();\n              if (!transaction) {\n                throw new AuthSdkError('Transaction has been cleared, failed to save idxState');\n              }\n              transaction[key] = val;\n              transactionStorage.setStorage(transaction);\n            },\n            removeItem: (key) => {\n              const transaction = transactionStorage.getStorage();\n              if (!transaction) {\n                return;\n              }\n              delete transaction[key];\n              transactionStorage.setStorage(transaction);\n            }\n          };\n        }\n      }\n\n      if (!storage) {\n        return null;\n      }\n\n      return new SavedObject(storage, IDX_RESPONSE_STORAGE_NAME);\n    }\n  };\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { IdxTransactionMeta } from '../../idx/types/meta';\nimport { OAuthTransactionMeta, PKCETransactionMeta } from './meta';\nimport { OAuthStorageManagerInterface } from './storage';\n\nexport interface TransactionManagerOptions\n{\n  storageManager?: OAuthStorageManagerInterface;\n  enableSharedStorage?: boolean; // default true\n  saveNonceCookie?: boolean; // default true\n  saveStateCookie?: boolean; // default true\n  saveParamsCookie?: boolean; // default true\n  saveLastResponse?: boolean; // default true\n}\n\n\nexport type CustomAuthTransactionMeta = Record<string, string | undefined>;\n\nexport type TransactionMeta =\n  IdxTransactionMeta |\n  PKCETransactionMeta |\n  OAuthTransactionMeta |\n  CustomAuthTransactionMeta;\n\n\nfunction isObjectWithProperties(obj) {\n  if (!obj || typeof obj !== 'object' || Object.values(obj).length === 0) {\n    return false;\n  }\n  return true;\n}\n\nexport function isOAuthTransactionMeta(obj: any): obj is OAuthTransactionMeta {\n  if (!isObjectWithProperties(obj)) {\n    return false;\n  }\n  return !!obj.redirectUri || !!obj.responseType;\n}\n\nexport function isPKCETransactionMeta(obj: any): obj is PKCETransactionMeta {\n  if (!isOAuthTransactionMeta(obj)) {\n    return false;\n  }\n  return !!(obj as any).codeVerifier;\n}\n\nexport function isIdxTransactionMeta(obj: any): obj is IdxTransactionMeta {\n  if (!isPKCETransactionMeta(obj)) {\n    return false;\n  }\n  return !!(obj as any).interactionHandle;\n}\n\nexport function isCustomAuthTransactionMeta(obj: any): obj is CustomAuthTransactionMeta {\n  if (!isObjectWithProperties(obj)) {\n    return false;\n  }\n  const isAllStringValues = Object.values(obj).find((value) => (typeof value !== 'string')) === undefined;\n  return isAllStringValues;\n}\n\nexport function isTransactionMeta(obj: any): obj is TransactionMeta {\n  if (isOAuthTransactionMeta(obj) || isCustomAuthTransactionMeta(obj)) {\n    return true;\n  }\n  return false;\n}\n","import { OAuthStorageManagerInterface, OAuthTransactionMeta, isTransactionMeta } from '../types';\n\nconst MAX_ENTRY_LIFETIME = 30 * 60 * 1000; // 30 minutes\n\nexport function pruneSharedStorage<M extends OAuthTransactionMeta>(storageManager: OAuthStorageManagerInterface<M>) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  Object.keys(entries).forEach(state => {\n    const entry = entries[state];\n    const age = Date.now() - entry.dateCreated;\n    if (age > MAX_ENTRY_LIFETIME) {\n      delete entries[state];\n    }\n  });\n  sharedStorage.setStorage(entries);\n}\n\nexport function saveTransactionToSharedStorage<M extends OAuthTransactionMeta>(\n  storageManager: OAuthStorageManagerInterface<M>, state: string, meta: M\n) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  entries[state] = {\n    dateCreated: Date.now(),\n    transaction: meta\n  };\n  sharedStorage.setStorage(entries);\n}\n\n\nexport function loadTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n  storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  const entry = entries[state];\n  if (entry && entry.transaction && isTransactionMeta(entry.transaction)) {\n    return entry.transaction;\n  }\n  return null;\n}\n\nexport function clearTransactionFromSharedStorage<M extends OAuthTransactionMeta>(\n  storageManager: OAuthStorageManagerInterface<M>, state: string\n) {\n  const sharedStorage = storageManager.getSharedTansactionStorage();\n  const entries = sharedStorage.getStorage();\n  delete entries[state];\n  sharedStorage.setStorage(entries);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { StorageProvider } from '../storage/types';\nimport {\n  TransactionMeta,\n  isTransactionMeta,\n  TransactionMetaOptions,\n  TransactionManagerOptions,\n  OAuthTransactionMeta,\n  OAuthStorageManagerInterface,\n  ClearTransactionMetaOptions,\n  TransactionManagerInterface,\n  PKCETransactionMeta\n} from './types';\nimport { warn } from '../util';\nimport {\n  clearTransactionFromSharedStorage,\n  loadTransactionFromSharedStorage,\n  pruneSharedStorage,\n  saveTransactionToSharedStorage\n} from './util/sharedStorage';\n\n\nexport function createTransactionManager\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>\n>\n()\n{\n  return class TransactionManager implements TransactionManagerInterface\n  {\n    options: TransactionManagerOptions;\n    storageManager: S;\n    enableSharedStorage: boolean;\n    saveLastResponse: boolean;\n\n    constructor(options: TransactionManagerOptions) {\n      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n      this.storageManager = options.storageManager! as S;\n      this.enableSharedStorage = options.enableSharedStorage === false ? false : true;\n      this.saveLastResponse = options.saveLastResponse === false ? false : true;\n      this.options = options;\n    }\n\n    // eslint-disable-next-line complexity\n    clear(options: ClearTransactionMetaOptions = {}) {\n      const transactionStorage: StorageProvider = this.storageManager.getTransactionStorage();\n      const meta = transactionStorage.getStorage();\n\n      // Clear primary storage (by default, sessionStorage on browser)\n      transactionStorage.clearStorage();\n\n      // Usually we want to also clear shared storage unless another tab may need it to continue/complete a flow\n      if (this.enableSharedStorage && options.clearSharedStorage !== false) {\n        const state = options.state || meta?.state;\n        if (state) {\n          clearTransactionFromSharedStorage(this.storageManager, state);\n        }\n      }\n    }\n\n    // eslint-disable-next-line complexity\n    save(meta: M, options: TransactionMetaOptions = {}) {\n      // There must be only one transaction executing at a time.\n      // Before saving, check to see if a transaction is already stored.\n      // An existing transaction indicates a concurrency/race/overlap condition\n\n      let storage: StorageProvider = this.storageManager.getTransactionStorage();\n      const obj = storage.getStorage();\n      // oie process may need to update transaction in the middle of process for tracking purpose\n      // false alarm might be caused \n      // TODO: revisit for a better solution, https://oktainc.atlassian.net/browse/OKTA-430919\n      if (isTransactionMeta(obj) && !options.muteWarning) {\n        // eslint-disable-next-line max-len\n        warn('a saved auth transaction exists in storage. This may indicate another auth flow is already in progress.');\n      }\n\n      storage.setStorage(meta);\n\n      // Shared storage allows continuation of transaction in another tab\n      if (this.enableSharedStorage && meta.state) {\n        saveTransactionToSharedStorage(this.storageManager, meta.state, meta);\n      }\n    }\n\n    exists(options: TransactionMetaOptions = {}): boolean {\n      try {\n        const meta = this.load(options);\n        return !!meta;\n      } catch {\n        return false;\n      }\n    }\n\n    // load transaction meta from storage\n    // eslint-disable-next-line complexity,max-statements\n    load(options: TransactionMetaOptions = {}): TransactionMeta | null {\n\n      let meta: TransactionMeta;\n\n      // If state was passed, try loading transaction data from shared storage\n      if (this.enableSharedStorage && options.state) {\n        pruneSharedStorage(this.storageManager); // prune before load\n        meta = loadTransactionFromSharedStorage(this.storageManager, options.state);\n        if (isTransactionMeta(meta)) {\n          return meta;\n        }\n      }\n\n      let storage: StorageProvider = this.storageManager.getTransactionStorage();\n      meta = storage.getStorage();\n      if (isTransactionMeta(meta)) {\n        // if we have meta in the new location, there is no need to go further\n        return meta;\n      }\n\n      return null;\n    }\n\n  };\n}\n","import { ClearTransactionMetaOptions, TransactionManagerOptions } from '../oidc/types';\nimport { createTransactionManager } from '../oidc/TransactionManager';\nimport { IdxTransactionMeta, IntrospectOptions } from './types';\nimport { isRawIdxResponse } from './types/idx-js';\nimport { IdxStorageManagerInterface, SavedIdxResponse } from './types/storage';\n\nexport function createIdxTransactionManager\n<\n  M extends IdxTransactionMeta = IdxTransactionMeta,\n  S extends IdxStorageManagerInterface<M> = IdxStorageManagerInterface<M>\n>\n()\n{\n  const TransactionManager = createTransactionManager<M, S>();\n  return class IdxTransactionManager extends TransactionManager\n  {\n    constructor(options: TransactionManagerOptions) {\n      super(options);\n    }\n\n    clear(options: ClearTransactionMetaOptions = {}) {\n      super.clear(options);\n\n      if (options.clearIdxResponse !== false) {\n        this.clearIdxResponse();\n      }\n    }\n    \n    saveIdxResponse(data: SavedIdxResponse): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return;\n      }\n      storage.setStorage(data);\n    }\n\n    // eslint-disable-next-line complexity\n    loadIdxResponse(options?: IntrospectOptions): SavedIdxResponse | null {\n      if (!this.saveLastResponse) {\n        return null;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      if (!storage) {\n        return null;\n      }\n      const storedValue = storage.getStorage();\n      if (!storedValue || !isRawIdxResponse(storedValue.rawIdxResponse)) {\n        return null;\n      }\n\n      if (options) {\n        const { interactionHandle } = options;\n        if (interactionHandle && storedValue.interactionHandle !== interactionHandle) {\n          return null;\n        }\n      }\n\n      return storedValue;\n    }\n\n    clearIdxResponse(): void {\n      if (!this.saveLastResponse) {\n        return;\n      }\n      const storage = this.storageManager.getIdxResponseStorage();\n      storage?.clearStorage();\n    }\n  };\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { TransactionLink } from '../request';\n\ntype TransactionOptions = {\n  // TODO: move res type to http module\n  res: {\n    headers: Record<string, string>;\n    _links?: Record<string, TransactionLink>;\n    [property: string]: unknown;\n  };\n  accessToken: string;\n};\nexport default class BaseTransaction {\n  // Deprecated\n  headers?: Record<string, string>;\n\n  constructor(oktaAuth: OktaAuthHttpInterface, options: TransactionOptions) {\n    const { res } = options;\n    const { headers, ...rest } = res;\n    \n    // assign required fields from res\n    if (headers) {\n      this.headers = headers;\n    }\n\n    // add all rest fields from res\n    Object.keys(rest).forEach(key => {\n      if (key === '_links') {\n        return;\n      }\n      this[key] = rest[key];\n    });\n  }\n}\n","import BaseTransaction from './Base';\n\nexport default class ProfileTransaction extends BaseTransaction {\n  createdAt: string;\n  modifiedAt: string;\n  profile: Record<string, string>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { createdAt, modifiedAt, profile } = options.res;\n    this.createdAt = createdAt;\n    this.modifiedAt = modifiedAt;\n    this.profile = profile;\n  }\n}\n","import BaseTransaction from './Base';\n\nexport default class ProfileSchemaTransaction extends BaseTransaction {\n  properties: Record<string, object>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    this.properties = options.res.properties;\n  }\n}\n","import { EmailChallengeTransaction, EmailStatusTransaction } from '.';\nimport { EmailProfile, EmailRole, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class EmailTransaction extends BaseTransaction {\n  id: string;\n  profile: EmailProfile;\n  roles: EmailRole[];\n  status: Status;\n\n  // eslint-disable-next-line no-use-before-define\n  get: () => Promise<EmailTransaction>;\n  delete: () => Promise<BaseTransaction>;\n  challenge: () => Promise<EmailChallengeTransaction>;\n  poll?: () => Promise<EmailStatusTransaction>;\n  verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { accessToken, res } = options;\n    // assign required fields from res\n    const { id, profile, roles, status, _links } = res;\n    this.id = id;\n    this.profile = profile;\n    this.roles = roles;\n    this.status = status;\n\n    // assign transformed fns to transaction\n    this.get = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'get', \n        links: _links,\n        transactionClassName: 'EmailTransaction'\n      });\n      return await fn() as EmailTransaction;\n    };\n    this.delete = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'delete', \n        links: _links \n      });\n      return await fn() as BaseTransaction;\n    };\n    this.challenge = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'challenge', \n        links: _links,\n        transactionClassName: 'EmailChallengeTransaction'\n      });\n      return await fn() as EmailChallengeTransaction;\n    };\n    if (_links.poll) {\n      this.poll = async () => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'poll', \n          links: _links,\n          transactionClassName: 'EmailStatusTransaction'\n        });\n        return await fn() as EmailStatusTransaction;\n      };\n    }\n    if (_links.verify) {\n      this.verify = async (payload: VerificationPayload) => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'verify', \n          links: _links,\n        });\n        return await fn(payload) as BaseTransaction;\n      };\n    }\n  }\n}\n","import { EmailProfile, Status } from '../types';\nimport BaseTransaction from './Base';\n\nexport default class EmailStatusTransaction extends BaseTransaction {\n  id: string;\n  expiresAt: string;\n  profile: EmailProfile;\n  status: Status;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { res } = options;\n    // assign required fields from res\n    const { id, profile, expiresAt, status } = res;\n    this.id = id;\n    this.expiresAt = expiresAt;\n    this.profile = profile;\n    this.status = status;\n  }\n}\n","import EmailStatusTransaction from './EmailStatusTransaction';\nimport { \n  EmailProfile, \n  Status,\n  VerificationPayload, \n} from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class EmailChallengeTransaction extends BaseTransaction {\n  id: string;\n  expiresAt: string;\n  profile: EmailProfile;\n  status: Status;\n\n  poll: () => Promise<EmailStatusTransaction>;\n  // eslint-disable-next-line no-use-before-define\n  verify: (payload: VerificationPayload) => Promise<EmailChallengeTransaction>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { accessToken, res } = options;\n    // assign required fields from res\n    const { id, expiresAt, profile, status, _links } = res;\n    this.id = id;\n    this.expiresAt = expiresAt;\n    this.profile = profile;\n    this.status = status;\n\n    // assign transformed fns to transaction\n    this.poll = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'poll', \n        links: _links,\n        transactionClassName: 'EmailStatusTransaction'\n      });\n      return await fn() as EmailStatusTransaction;\n    };\n    this.verify = async (payload) => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'verify', \n        links: _links,\n      });\n      return await fn(payload) as EmailChallengeTransaction;\n    };\n  }\n}\n","import { ChallengePhonePayload, PhoneProfile, Status, VerificationPayload } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PhoneTransaction extends BaseTransaction {\n  id: string;\n  profile: PhoneProfile;\n  status: Status;\n\n  // eslint-disable-next-line no-use-before-define\n  get: () => Promise<PhoneTransaction>;\n  delete: () => Promise<BaseTransaction>;\n  challenge: (payload: ChallengePhonePayload) => Promise<BaseTransaction>;\n  verify?: (payload: VerificationPayload) => Promise<BaseTransaction>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { res, accessToken } = options;\n    // assign required fields from res\n    const { id, profile, status, _links } = res;\n    this.id = id;\n    this.profile = profile;\n    this.status = status;\n\n    // assign transformed fns to transaction\n    this.get = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'get', \n        links: _links,\n        transactionClassName: 'PhoneTransaction'\n      });\n      return await fn() as PhoneTransaction;\n    };\n    this.delete = async () => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'delete', \n        links: _links \n      });\n      return await fn() as BaseTransaction;\n    };\n    this.challenge = async (payload) => {\n      const fn = generateRequestFnFromLinks({ \n        oktaAuth, \n        accessToken, \n        methodName: 'challenge', \n        links: _links \n      });\n      return await fn(payload) as BaseTransaction;\n    };\n    if (_links.verify) {\n      this.verify = async (payload) => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'verify', \n          links: _links \n        });\n        return await fn(payload) as BaseTransaction;\n      } ;\n    }\n  }\n}\n","import {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta\n} from '../oidc/types';\n\nexport { \n  EmailTransaction, \n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  PhoneTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PasswordTransaction,\n  BaseTransaction\n} from './transactions';\n\nexport enum EmailRole {\n  PRIMARY = 'PRIMARY',\n  SECONDARY = 'SECONDARY'\n}\n\nexport enum Status {\n  VERIFIED = 'VERIFIED',\n  UNVERIFIED = 'UNVERIFIED'\n}\n\nexport enum PasswordStatus {\n  NOT_ENROLLED = 'NOT_ENROLLED',\n  ACTIVE = 'ACTIVE'\n}\n\nexport type EmailProfile = {\n  email: string;\n}\n\nexport type AddEmailPayload = {\n  profile: {\n    email: string;\n  };\n  sendEmail: boolean;\n  role: EmailRole;\n}\n\nexport type PhoneProfile = {\n  profile: {\n    phoneNumber: string;\n  };\n}\n\nexport type AddPhonePayload = {\n  profile: {\n    phoneNumber: string;\n  };\n  sendCode: boolean;\n  method: string;\n};\n\nexport type ChallengePhonePayload = {\n  method: string;\n}\n\nexport type VerificationPayload = {\n  verificationCode: string;\n};\n\nexport type EnrollPasswordPayload = {\n  profile: {\n    password: string;\n  }\n}\n\nexport type UpdatePasswordPayload = {\n  profile: {\n    password: string;\n    currentPassword?: string;\n  }\n}\n\nexport type UpdateProfilePayload = {\n  profile: {\n    firstName?: string;\n    lastName?: string;\n    email?: string;\n    login?: string;\n    [property: string]: any;\n  };\n};\n\nexport type MyAccountRequestOptions = {\n  id?: string;\n  emailId?: string;\n  challengeId?: string;\n  payload?: AddEmailPayload \n    | AddPhonePayload \n    | ChallengePhonePayload\n    | VerificationPayload \n    | UpdateProfilePayload\n    | EnrollPasswordPayload\n    | UpdatePasswordPayload;\n  accessToken?: string;\n}\n\nexport type IAPIFunction<T> = (\n  oktaAuth: OktaAuthOAuthInterface, \n  options?: MyAccountRequestOptions\n) => Promise<T>;\n\nexport interface OktaAuthMyAccountInterface\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions\n> \n  extends OktaAuthOAuthInterface<M, S, O>\n{\n  myaccount;\n}\n","import { EnrollPasswordPayload, UpdatePasswordPayload, PasswordStatus } from '../types';\nimport BaseTransaction from './Base';\nimport { generateRequestFnFromLinks } from '../request';\n\nexport default class PasswordTransaction extends BaseTransaction {\n  id: string;\n  created: string;\n  lastUpdated: string;\n  status: PasswordStatus;\n\n  // eslint-disable-next-line no-use-before-define\n  get?: () => Promise<PasswordTransaction>;\n  // eslint-disable-next-line no-use-before-define\n  enroll?: (payload: EnrollPasswordPayload) => Promise<PasswordTransaction>;\n  // eslint-disable-next-line no-use-before-define\n  update?: (payload: UpdatePasswordPayload) => Promise<PasswordTransaction>;\n  delete?: () => Promise<BaseTransaction>;\n\n  constructor(oktaAuth, options) {\n    super(oktaAuth, options);\n\n    const { res, accessToken } = options;\n    // assign required fields from res\n    const { id, status, created, lastUpdated, _links } = res;\n    this.id = id;\n    this.status = status;\n    this.created = created;\n    this.lastUpdated = lastUpdated;\n\n    // assign transformed fns to transaction\n    if (this.status == PasswordStatus.NOT_ENROLLED) {\n      this.enroll = async (payload) => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'enroll',\n          links: _links,\n          transactionClassName: 'PasswordTransaction'\n        });\n        return await fn(payload) as PasswordTransaction;\n      };\n    }\n    else {\n      this.get = async () => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'get',\n          links: _links,\n          transactionClassName: 'PasswordTransaction'\n        });\n        return await fn() as PasswordTransaction;\n      };\n\n      this.update = async (payload) => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'put', \n          links: _links,\n          transactionClassName: 'PasswordTransaction'\n        });\n        return await fn(payload) as PasswordTransaction;\n      };\n  \n      this.delete = async () => {\n        const fn = generateRequestFnFromLinks({ \n          oktaAuth, \n          accessToken, \n          methodName: 'delete', \n          links: _links \n        });\n        return await fn() as BaseTransaction;\n      };\n    }\n  }\n}\n","import { \n  BaseTransaction,\n  EmailTransaction,\n  EmailStatusTransaction,\n  EmailChallengeTransaction,\n  ProfileTransaction,\n  ProfileSchemaTransaction,\n  PhoneTransaction,\n  PasswordTransaction\n} from './transactions';\nimport { httpRequest } from '../http';\nimport { AuthSdkError } from '../errors';\nimport { MyAccountRequestOptions as RequestOptions } from './types';\nimport { OktaAuthOAuthInterface } from '../oidc/types';\n\nexport type TransactionLink = {\n  href: string;\n  hints?: {\n    allow?: string[];\n  };\n}\n\ntype TransactionLinks = {\n  self: TransactionLink;\n  [property: string]: TransactionLink;\n}\n\ntype SendRequestOptions = RequestOptions & {\n  url: string;\n  method: string;\n  transactionClassName?: string;\n}\n\n/* eslint-disable complexity */\nexport async function sendRequest<T extends BaseTransaction> (\n  oktaAuth: OktaAuthOAuthInterface, \n  options: SendRequestOptions\n): Promise<T | T[]> {\n  const { \n    accessToken: accessTokenObj\n  } = oktaAuth.tokenManager.getTokensSync();\n  \n  const accessToken = options.accessToken || accessTokenObj?.accessToken;\n  const issuer = oktaAuth.getIssuerOrigin();\n  const { url, method, payload } = options;\n  const requestUrl = url.startsWith(issuer!) ? url : `${issuer}${url}`;\n\n  if (!accessToken) {\n    throw new AuthSdkError('AccessToken is required to request MyAccount API endpoints.');\n  }\n  \n  const res = await httpRequest(oktaAuth, {\n    headers: { 'Accept': '*/*;okta-version=1.0.0' },\n    accessToken,\n    url: requestUrl,\n    method,\n    ...(payload && { args: payload })\n  });\n\n  const map = {\n    EmailTransaction,\n    EmailStatusTransaction,\n    EmailChallengeTransaction,\n    ProfileTransaction,\n    ProfileSchemaTransaction,\n    PhoneTransaction,\n    PasswordTransaction\n  };\n  const TransactionClass = map[options.transactionClassName!] || BaseTransaction;\n\n  if (Array.isArray(res)) {\n    return res.map(item => new TransactionClass(oktaAuth, { \n      res: item, \n      accessToken\n    }));\n  }\n\n  return new TransactionClass(oktaAuth, { \n    res, \n    accessToken\n  });\n}\n/* eslint-enable complexity */\n\nexport type GenerateRequestFnFromLinksOptions = {\n  oktaAuth: OktaAuthOAuthInterface;\n  accessToken: string;\n  methodName: string;\n  links: TransactionLinks;\n  transactionClassName?: string;\n}\n\ntype IRequestFnFromLinks = <T extends BaseTransaction>(payload?) => Promise<T | T[]>;\n\nexport function generateRequestFnFromLinks ({\n  oktaAuth, \n  accessToken,\n  methodName,\n  links,\n  transactionClassName\n}: GenerateRequestFnFromLinksOptions): IRequestFnFromLinks {\n  for (const method of ['GET', 'POST', 'PUT', 'DELETE']) {\n    if (method.toLowerCase() === methodName) {\n      const link = links.self;\n      return (async (payload?) => sendRequest(oktaAuth, {\n        accessToken,\n        url: link.href,\n        method,\n        payload,\n        transactionClassName\n      }));\n    }\n  }\n  \n  const link = links[methodName];\n  if (!link) {\n    throw new AuthSdkError(`No link is found with methodName: ${methodName}`);\n  }\n\n  return (async (payload?) => sendRequest(oktaAuth, {\n    accessToken,\n    url: link.href,\n    method: link.hints!.allow![0],\n    payload,\n    transactionClassName\n  }));\n}\n","import { sendRequest } from './request';\nimport { \n  IAPIFunction,\n  ProfileTransaction,\n  ProfileSchemaTransaction\n} from './types';\n\n/**\n * @scope: okta.myAccount.profile.read\n */\nexport const getProfile: IAPIFunction<ProfileTransaction> = async (oktaAuth, options?) => {\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/profile',\n    method: 'GET',\n    accessToken: options?.accessToken,\n    transactionClassName: 'ProfileTransaction'\n  }) as ProfileTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.profile.manage\n */\nexport const updateProfile: IAPIFunction<ProfileTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { payload, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/profile',\n    method: 'PUT',\n    payload,\n    accessToken,\n    transactionClassName: 'ProfileTransaction'\n  }) as ProfileTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.profile.read\n */\nexport const getProfileSchema: IAPIFunction<ProfileSchemaTransaction> = async (\n  oktaAuth, \n  options?\n): Promise<ProfileSchemaTransaction> => {\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/profile/schema',\n    method: 'GET',\n    accessToken: options?.accessToken,\n    transactionClassName: 'ProfileSchemaTransaction'\n  }) as ProfileSchemaTransaction;\n  return transaction;\n};\n","import { sendRequest } from './request';\nimport { \n  IAPIFunction, \n  BaseTransaction, \n  EmailTransaction, \n  EmailChallengeTransaction \n} from './types';\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmails: IAPIFunction<EmailTransaction[]> = async (\n  oktaAuth,\n  options?\n) => {\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/emails',\n    method: 'GET',\n    accessToken: options?.accessToken,\n    transactionClassName: 'EmailTransaction'\n  }) as EmailTransaction[];\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmail: IAPIFunction<EmailTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { id, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/emails/${id}`,\n    method: 'GET',\n    accessToken,\n    transactionClassName: 'EmailTransaction'\n  }) as EmailTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const addEmail: IAPIFunction<EmailTransaction> = async (\n  oktaAuth, \n  options\n): Promise<EmailTransaction> => {\n  const { accessToken, payload } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/emails',\n    method: 'POST',\n    payload,\n    accessToken,\n    transactionClassName: 'EmailTransaction'\n  }) as EmailTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const deleteEmail: IAPIFunction<BaseTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { id, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/emails/${id}`,\n    method: 'DELETE',\n    accessToken\n  }) as BaseTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const sendEmailChallenge: IAPIFunction<EmailChallengeTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { id, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/emails/${id}/challenge`,\n    method: 'POST',\n    accessToken,\n    transactionClassName: 'EmailChallengeTransaction'\n  }) as EmailChallengeTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.read\n */\nexport const getEmailChallenge: IAPIFunction<EmailChallengeTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { emailId, challengeId, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/emails/${emailId}/challenge/${challengeId}`,\n    method: 'POST',\n    accessToken,\n    transactionClassName: 'EmailChallengeTransaction'\n  }) as EmailChallengeTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.email.manage\n */\nexport const verifyEmailChallenge: IAPIFunction<BaseTransaction> = async (\n  oktaAuth,\n  options\n) => {\n  const { emailId, challengeId, payload, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/emails/${emailId}/challenge/${challengeId}/verify`,\n    method: 'POST',\n    payload,\n    accessToken\n  }) as BaseTransaction;\n  return transaction;\n};\n","import { sendRequest } from './request';\nimport { \n  IAPIFunction,\n  BaseTransaction, \n  PhoneTransaction\n} from './types';\n\n/**\n * @scope: okta.myAccount.phone.read\n */\nexport const getPhones: IAPIFunction<PhoneTransaction[]> = async (\n  oktaAuth,\n  options?\n) => {\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/phones',\n    method: 'GET',\n    accessToken: options?.accessToken,\n    transactionClassName: 'PhoneTransaction'\n  }) as PhoneTransaction[];\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.read\n */\nexport const getPhone: IAPIFunction<PhoneTransaction> = async (\n  oktaAuth,\n  options\n) => {\n  const { accessToken, id } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/phones/${id}`,\n    method: 'GET',\n    accessToken,\n    transactionClassName: 'PhoneTransaction'\n  }) as PhoneTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const addPhone: IAPIFunction<PhoneTransaction> = async (\n  oktaAuth, \n  options\n): Promise<PhoneTransaction> => {\n  const { accessToken, payload } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/phones',\n    method: 'POST',\n    payload,\n    accessToken,\n    transactionClassName: 'PhoneTransaction'\n  }) as PhoneTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const deletePhone: IAPIFunction<BaseTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { id, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/phones/${id}`,\n    method: 'DELETE',\n    accessToken,\n  }) as BaseTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const sendPhoneChallenge: IAPIFunction<BaseTransaction> = async (\n  oktaAuth, \n  options\n) => {\n  const { accessToken, id, payload } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/phones/${id}/challenge`,\n    method: 'POST',\n    payload,\n    accessToken\n  }) as BaseTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.phone.manage\n */\nexport const verifyPhoneChallenge: IAPIFunction<BaseTransaction> = async (\n  oktaAuth,\n  options\n) => {\n  const { id, payload, accessToken } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/phones/${id}/verify`,\n    method: 'POST',\n    payload,\n    accessToken\n  }) as BaseTransaction;\n  return transaction;\n};\n","import { sendRequest } from './request';\nimport { \n  IAPIFunction,\n  BaseTransaction, \n  PasswordTransaction\n} from './types';\n\n/**\n * @scope: okta.myAccount.password.read\n */\nexport const getPassword: IAPIFunction<PasswordTransaction> = async (\n  oktaAuth,\n  options\n) => {\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/password`,\n    method: 'GET',\n    accessToken: options?.accessToken,\n    transactionClassName: 'PasswordTransaction'\n  }) as PasswordTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const enrollPassword: IAPIFunction<PasswordTransaction> = async (\n  oktaAuth, \n  options\n): Promise<PasswordTransaction> => {\n  const { accessToken, payload } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/password',\n    method: 'POST',\n    payload,\n    accessToken,\n    transactionClassName: 'PasswordTransaction'\n  }) as PasswordTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const updatePassword: IAPIFunction<PasswordTransaction> = async (\n  oktaAuth, \n  options\n): Promise<PasswordTransaction> => {\n  const { accessToken, payload } = options!;\n  const transaction = await sendRequest(oktaAuth, {\n    url: '/idp/myaccount/password',\n    method: 'PUT',\n    payload,\n    accessToken,\n    transactionClassName: 'PasswordTransaction'\n  }) as PasswordTransaction;\n  return transaction;\n};\n\n/**\n * @scope: okta.myAccount.password.manage\n */\nexport const deletePassword: IAPIFunction<BaseTransaction> = async (\n  oktaAuth, \n  options?\n) => {\n  const transaction = await sendRequest(oktaAuth, {\n    url: `/idp/myaccount/password`,\n    method: 'DELETE',\n    accessToken: options?.accessToken,\n  }) as BaseTransaction;\n  return transaction;\n};\n","import { OktaAuthConstructor } from '../base/types';\nimport {\n  OAuthStorageManagerInterface,\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  PKCETransactionMeta,\n} from '../oidc/types';\nimport { OktaAuthMyAccountInterface } from './types';\n\nimport * as MyAccountMethods from './api';\n\nexport function mixinMyAccount\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TBase extends OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O>>\n    = OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthMyAccountInterface<M, S, O>>\n{\n  return class OktaAuthMyAccount extends Base implements OktaAuthMyAccountInterface<M, S, O>\n  {\n    myaccount: any;\n    \n    constructor(...args: any[]) {\n      super(...args);\n\n      this.myaccount = Object.entries(MyAccountMethods)\n        .filter(([ name ]) => name !== 'default')\n        .reduce((acc, [name, fn]) => {\n          acc[name] = (fn as any).bind(null, this);\n          return acc;\n        }, {});\n    }\n  };\n}\n","import { StorageManagerConstructor } from '../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../base/types';\nimport {\n  OAuthStorageManagerInterface,\n  PKCETransactionMeta,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../oidc/types';\nimport { createOktaAuthCore } from '../core/factory';\nimport { OktaAuthCoreOptions } from '../core/types';\nimport { mixinMyAccount } from './mixin';\nimport { OktaAuthMyAccountInterface } from './types';\n\nexport function createOktaAuthMyAccount\n<\n  M extends PKCETransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthCoreOptions = OktaAuthCoreOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n  StorageManagerConstructor: StorageManagerConstructor<S>,\n  OptionsConstructor: OktaAuthOptionsConstructor<O>,\n  TransactionManager: TransactionManagerConstructor<TM>\n)\n: OktaAuthConstructor<OktaAuthMyAccountInterface<M, S, O>>\n{\n  const Core = createOktaAuthCore<M, S, O>(StorageManagerConstructor, OptionsConstructor, TransactionManager);\n  const WithMyAccount = mixinMyAccount<M, S, O>(Core);\n  return WithMyAccount;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n\nimport { AuthnTransactionState } from '../types';\n\nexport function addStateToken(res, options?) {\n  var builtArgs = {} as AuthnTransactionState;\n  Object.assign(builtArgs, options);\n\n  // Add the stateToken if one isn't passed and we have one\n  if (!builtArgs.stateToken && res.stateToken) {\n    builtArgs.stateToken = res.stateToken;\n  }\n\n  return builtArgs;\n}\n\nexport function getStateToken(res) {\n  return addStateToken(res);\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nimport { post } from '../http';\nimport AuthSdkError from '../errors/AuthSdkError';\nimport { STATE_TOKEN_KEY_NAME } from '../constants';\nimport { OktaAuthHttpInterface } from '../http/types';\nimport { OktaAuthStorageOptions } from '../storage/types';\nimport { addStateToken } from './util/stateToken';\nimport { AuthnTransactionAPI } from './types';\nimport { OktaAuthBaseInterface } from '../base/types';\n\nexport function transactionStatus(sdk: OktaAuthHttpInterface, args) {\n  args = addStateToken(sdk, args);\n  return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args, { withCredentials: true });\n}\n\nexport function resumeTransaction(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, args) {\n  if (!args || !args.stateToken) {\n    var stateToken = getSavedStateToken(sdk);\n    if (stateToken) {\n      args = {\n        stateToken: stateToken\n      };\n    } else {\n      return Promise.reject(new AuthSdkError('No transaction to resume'));\n    }\n  }\n  return transactionStatus(sdk, args)\n    .then(function(res) {\n      return tx.createTransaction(res);\n    });\n}\n\nexport function introspectAuthn (sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, args) {\n  if (!args || !args.stateToken) {\n    var stateToken = getSavedStateToken(sdk);\n    if (stateToken) {\n      args = {\n        stateToken: stateToken\n      };\n    } else {\n      return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n    }\n  }\n  return transactionStep(sdk, args)\n    .then(function (res) {\n      return tx.createTransaction(res);\n    });\n}\n\nexport function transactionStep(sdk: OktaAuthHttpInterface, args) {\n  args = addStateToken(sdk, args);\n  // v1 pipeline introspect API\n  return post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args, { withCredentials: true });\n}\n\nexport function transactionExists(sdk: OktaAuthBaseInterface<OktaAuthStorageOptions>) {\n  // We have a cookie state token\n  return !!getSavedStateToken(sdk);\n}\n\nexport function postToTransaction(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, url: string, args, options?) {\n  options = Object.assign({ withCredentials: true }, options);\n  return post(sdk, url, args, options)\n    .then(function(res) {\n      return tx.createTransaction(res);\n    });\n}\n\nexport function getSavedStateToken(sdk: OktaAuthBaseInterface<OktaAuthStorageOptions>) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    const storage = sdk.options.storageUtil!.storage;\n    return storage.get(STATE_TOKEN_KEY_NAME);\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { find, omit, toQueryString } from '../../util';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport { get } from '../../http';\nimport { AuthnTransactionAPI, AuthnTransactionState } from '../types';\nimport { postToTransaction } from '../api';\nimport { addStateToken } from './stateToken';\n\n\n// query parameters to post url\ninterface PostToTransactionParams {\n  autoPush?: boolean;\n  rememberDevice?: boolean;\n  updatePhone?: boolean;\n}\n\n// eslint-disable-next-line max-params\nexport function link2fn(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, link, ref) {\n  if (Array.isArray(link)) {\n    return function(name, opts?) {\n      if (!name) {\n        throw new AuthSdkError('Must provide a link name');\n      }\n\n      var lk = find(link, {name: name});\n      if (!lk) {\n        throw new AuthSdkError('No link found for that name');\n      }\n\n      return link2fn(sdk, tx, res, obj, lk, ref)(opts);\n    };\n\n  } else if (link.hints &&\n      link.hints.allow &&\n      link.hints.allow.length === 1) {\n    var method = link.hints.allow[0];\n    switch (method) {\n\n      case 'GET':\n        return function() {\n          return get(sdk, link.href, { withCredentials: true });\n        };\n\n      case 'POST':\n        // eslint-disable-next-line max-statements,complexity\n        return function(opts: AuthnTransactionState) {\n          if (ref && ref.isPolling) {\n            ref.isPolling = false;\n          }\n\n          var data = addStateToken(res, opts);\n\n          if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n            // Add factorType and provider\n            Object.assign(data, {\n              factorType: obj.factorType,\n              provider: obj.provider\n            });\n          }\n\n          var params = {} as PostToTransactionParams;\n          var autoPush = data.autoPush;\n          if (autoPush !== undefined) {\n            if (typeof autoPush === 'function') {\n              try {\n                params.autoPush = !!autoPush();\n              }\n              catch (e) {\n                return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n              }\n            }\n            else if (autoPush !== null) {\n              params.autoPush = !!autoPush;\n            }\n            data = omit(data, 'autoPush');\n          }\n\n          var rememberDevice = data.rememberDevice;\n          if (rememberDevice !== undefined) {\n            if (typeof rememberDevice === 'function') {\n              try {\n                params.rememberDevice = !!rememberDevice();\n              }\n              catch (e) {\n                return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n              }\n            }\n            else if (rememberDevice !== null) {\n              params.rememberDevice = !!rememberDevice;\n            }\n            data = omit(data, 'rememberDevice');\n\n          } else if (data.profile &&\n                    data.profile.updatePhone !== undefined) {\n            if (data.profile.updatePhone) {\n              params.updatePhone = true;\n            }\n            data.profile = omit(data.profile, 'updatePhone');\n          }\n          var href = link.href + toQueryString(params);\n          return postToTransaction(sdk, tx, href, data);\n        };\n    }\n  }\n}\n\n\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport CustomError from './CustomError';\n\nexport default class AuthPollStopError extends CustomError {\n  constructor() {\n    const message = 'The poll was stopped by the sdk';\n    super(message);\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { post } from '../../http';\nimport { isNumber, isObject, getLink, toQueryString, delay as delayFn } from '../../util';\nimport { DEFAULT_POLLING_DELAY } from '../../constants';\nimport AuthSdkError from '../../errors/AuthSdkError';\nimport AuthPollStopError from '../../errors/AuthPollStopError';\nimport { AuthnTransactionState } from '../types';\nimport { getStateToken } from './stateToken';\n\ninterface PollOptions {\n  delay?: number;\n  rememberDevice?: boolean;\n  autoPush?: boolean;\n  transactionCallBack?: (AuthnTransactionState) => void;\n}\n\nexport function getPollFn(sdk, res: AuthnTransactionState, ref) {\n  return function (options: PollOptions | number) {\n    var delay;\n    var rememberDevice;\n    var autoPush;\n    var transactionCallBack;\n\n    if (isNumber(options)) {\n      delay = options;\n    } else if (isObject(options)) {\n      options = options as PollOptions;\n      delay = options.delay;\n      rememberDevice = options.rememberDevice;\n      autoPush = options.autoPush;\n      transactionCallBack = options.transactionCallBack;\n    }\n\n    if (!delay && delay !== 0) {\n      delay = DEFAULT_POLLING_DELAY;\n    }\n\n    // Get the poll function\n    var pollLink = getLink(res, 'next', 'poll');\n    // eslint-disable-next-line complexity\n    function pollFn() {\n      var opts = {} as PollOptions;\n      if (typeof autoPush === 'function') {\n        try {\n          opts.autoPush = !!autoPush();\n        }\n        catch (e) {\n          return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n        }\n      }\n      else if (autoPush !== undefined && autoPush !== null) {\n        opts.autoPush = !!autoPush;\n      }\n      if (typeof rememberDevice === 'function') {\n        try {\n          opts.rememberDevice = !!rememberDevice();\n        }\n        catch (e) {\n          return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n        }\n      }\n      else if (rememberDevice !== undefined && rememberDevice !== null) {\n        opts.rememberDevice = !!rememberDevice;\n      }\n\n      var href = pollLink.href + toQueryString(opts);\n      return post(sdk, href, getStateToken(res), {\n        saveAuthnState: false,\n        withCredentials: true\n      });\n    }\n\n    ref.isPolling = true;\n\n    var retryCount = 0;\n    var recursivePoll = function () {\n      // If the poll was manually stopped during the delay\n      if (!ref.isPolling) {\n        return Promise.reject(new AuthPollStopError());\n      }\n      return pollFn()\n        .then(function (pollRes) {\n          // Reset our retry counter on success\n          retryCount = 0;\n\n          // If we're still waiting\n          if (pollRes.factorResult && pollRes.factorResult === 'WAITING') {\n\n            // If the poll was manually stopped while the pollFn was called\n            if (!ref.isPolling) {\n              throw new AuthPollStopError();\n            }\n\n            if (typeof transactionCallBack === 'function') {\n              transactionCallBack(pollRes);\n            }\n\n            // Continue poll\n            return delayFn(delay).then(recursivePoll);\n\n          } else {\n            // Any non-waiting result, even if polling was stopped\n            // during a request, will return\n            ref.isPolling = false;\n            return sdk.tx.createTransaction(pollRes);\n          }\n        })\n        .catch(function(err) {\n          // Exponential backoff, up to 16 seconds\n          if (err.xhr &&\n              (err.xhr.status === 0 || err.xhr.status === 429) &&\n              retryCount <= 4) {\n            var delayLength = Math.pow(2, retryCount) * 1000;\n            retryCount++;\n            return delayFn(delayLength)\n              .then(recursivePoll);\n          }\n          throw err;\n        });\n    };\n    return recursivePoll()\n      .catch(function(err) {\n        ref.isPolling = false;\n        throw err;\n      });\n  };\n}\n","/* eslint-disable complexity */\nimport { OktaAuthHttpInterface } from '../../http/types';\nimport { clone, isObject, omit } from '../../util';\nimport { AuthnTransactionAPI } from '../types';\nimport { links2fns } from './links2fns';\n\nexport function flattenEmbedded(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, ref) {\n  obj = obj || res;\n  obj = clone(obj);\n\n  if (Array.isArray(obj)) {\n    var objArr = [];\n    for (var o = 0, ol = obj.length; o < ol; o++) {\n      objArr.push(flattenEmbedded(sdk, tx, res, obj[o], ref) as never);\n    }\n    return objArr;\n  }\n\n  var embedded = obj._embedded || {};\n\n  for (var key in embedded) {\n    if (!Object.prototype.hasOwnProperty.call(embedded, key)) {\n      continue;\n    }\n\n    // Flatten any nested _embedded objects\n    if (isObject(embedded[key]) || Array.isArray(embedded[key])) {\n      embedded[key] = flattenEmbedded(sdk, tx, res, embedded[key], ref);\n    }\n  }\n\n  // Convert any links on the embedded object\n  var fns = links2fns(sdk, tx, res, obj, ref);\n  Object.assign(embedded, fns);\n\n  obj = omit(obj, '_embedded', '_links');\n  Object.assign(obj, embedded);\n  return obj;\n}\n","import { OktaAuthHttpInterface } from '../../http/types';\nimport { AuthnTransactionFunctions, AuthnTransactionAPI } from '../types';\nimport { link2fn } from './link2fn';\nimport { getPollFn } from './poll';\n\nexport function links2fns(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res, obj, ref) {\n  var fns = {} as AuthnTransactionFunctions;\n  for (var linkName in obj._links) {\n    if (!Object.prototype.hasOwnProperty.call(obj._links, linkName)) {\n      continue;\n    }\n\n    var link = obj._links[linkName];\n    \n    if (linkName === 'next') {\n      linkName = link.name;\n    }\n\n    if (link.type) {\n      fns[linkName] = link;\n      continue;\n    }\n\n    switch (linkName) {\n      // poll is only found at the transaction\n      // level, so we don't need to pass the link\n      case 'poll':\n        fns.poll = getPollFn(sdk, res, ref);\n        break;\n\n      default:\n        var fn = link2fn(sdk, tx, res, obj, link, ref);\n        if (fn) {\n          fns[linkName] = fn;\n        }\n    }\n  }\n  return fns;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { OktaAuthHttpInterface } from '../http/types';\nimport {\n  AuthnTransactionFunction,\n  AuthnTransaction,\n  AuthnTransactionAPI,\n  AuthnTransactionState\n} from './types';\nimport { flattenEmbedded } from './util/flattenEmbedded';\n\nexport class AuthnTransactionImpl implements AuthnTransaction {\n  next?: AuthnTransactionFunction;\n  cancel?: AuthnTransactionFunction;\n  skip?: AuthnTransactionFunction;\n  unlock?: AuthnTransactionFunction;\n  changePassword?: AuthnTransactionFunction;\n  resetPassword?: AuthnTransactionFunction;\n  answer?: AuthnTransactionFunction;\n  recovery?: AuthnTransactionFunction;\n  verify?: AuthnTransactionFunction;\n  resend?: AuthnTransactionFunction;\n  activate?: AuthnTransactionFunction;\n  poll?: AuthnTransactionFunction;\n  prev?: AuthnTransactionFunction;\n\n  data?: AuthnTransactionState;\n  stateToken?: string;\n  sessionToken?: string;\n  status: string;\n  user?: Record<string, any>;\n  factor?: Record<string, any>;\n  factors?: Array<Record<string, any> >;\n  policy?: Record<string, any>;\n  scopes?: Array<Record<string, any> >;\n  target?: Record<string, any>;\n  authentication?: Record<string, any>;\n  constructor(sdk: OktaAuthHttpInterface, tx: AuthnTransactionAPI, res: AuthnTransactionState | null = null) {\n    this.data = undefined;\n    this.status = undefined as unknown as string;\n    if (res) {\n      this.data = res;\n\n      // Parse response from Authn V1\n      Object.assign(this, flattenEmbedded(sdk, tx, res, res, {}));\n      delete this.stateToken;\n\n      // RECOVERY_CHALLENGE has some responses without _links.\n      // Without _links, we emulate cancel to make it intuitive\n      // to return to the starting state. We may remove this\n      // when OKTA-75434 is resolved\n      if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n        this.cancel = function() {\n          return Promise.resolve(tx.createTransaction());\n        };\n      }\n    }\n  }\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nimport { RequestData, RequestOptions, OktaAuthHttpInterface } from '../http/types';\nimport {\n  introspectAuthn,\n  transactionStatus,\n  transactionExists,\n  resumeTransaction,\n  postToTransaction\n} from './api';\nimport { AuthnTransactionImpl } from './AuthnTransactionImpl';\nimport { AuthnTransactionAPI, AuthnTransactionState } from './types';\n\n// Factory\nexport function createAuthnTransactionAPI(sdk: OktaAuthHttpInterface): AuthnTransactionAPI {\n  const tx: AuthnTransactionAPI = {\n    status: transactionStatus.bind(null, sdk),\n    resume(args) {\n      return resumeTransaction(sdk, tx, args);\n    },\n    exists: transactionExists.bind(null, sdk),\n    introspect(args) {\n      return introspectAuthn(sdk, tx, args);\n    },\n    createTransaction: (res?: AuthnTransactionState) => {\n      return new AuthnTransactionImpl(sdk, tx, res);\n    },\n    postToTransaction: (url: string, args?: RequestData, options?: RequestOptions) => {\n      return postToTransaction(sdk, tx, url, args, options);\n    }\n  };\n  return tx;\n}\n","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * \n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n\nimport { AuthSdkError } from '../errors';\nimport { isFingerprintSupported } from '../features';\nimport {\n  addListener,\n  removeListener\n} from '../oidc';\nimport { FingerprintOptions } from '../authn/types';\nimport { OktaAuthHttpInterface } from '../http/types';\n\nexport default function fingerprint(sdk: OktaAuthHttpInterface, options?: FingerprintOptions): Promise<string> {\n  options = options || {};\n\n  if (!isFingerprintSupported()) {\n    return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n  }\n\n  var timeout;\n  var iframe;\n  var listener;\n  var promise = new Promise(function (resolve, reject) {\n    iframe = document.createElement('iframe');\n    iframe.style.display = 'none';\n\n    // eslint-disable-next-line complexity\n    listener = function listener(e) {\n      if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n        return;\n      }\n\n      try {\n        var msg = JSON.parse(e.data);\n      } catch (err) {\n        // iframe messages should all be parsable\n        // skip not parsable messages come from other sources in same origin (browser extensions)\n        // TODO: add namespace flag in okta-core to distinguish messages that come from other sources\n        return;\n      }\n\n      if (!msg) { return; }\n      if (msg.type === 'FingerprintAvailable') {\n        return resolve(msg.fingerprint as string);\n      }\n      if (msg.type === 'FingerprintServiceReady') {\n        e.source.postMessage(JSON.stringify({\n          type: 'GetFingerprint'\n        }), e.origin);\n      }\n    };\n    addListener(window, 'message', listener);\n\n    iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n    document.body.appendChild(iframe);\n\n    timeout = setTimeout(function() {\n      reject(new AuthSdkError('Fingerprinting timed out'));\n    }, options?.timeout || 15000);\n  });\n\n  return promise.finally(function() {\n    clearTimeout(timeout);\n    removeListener(window, 'message', listener);\n    if (document.body.contains(iframe)) {\n      iframe.parentElement.removeChild(iframe);\n    }\n  }) as Promise<string>;\n}\n","/* eslint-disable max-statements */\n/* eslint-disable complexity */\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nimport { \n  clone,\n} from '../util';\nimport fingerprint from '../browser/fingerprint';\nimport {\n  FingerprintAPI,\n  SigninWithCredentialsOptions,\n  ForgotPasswordOptions,\n  VerifyRecoveryTokenOptions,\n  SigninOptions,\n  OktaAuthTxInterface,\n  AuthnTransaction,\n  AuthnTransactionAPI\n} from './types';\nimport {\n  createAuthnTransactionAPI,\n} from './factory';\nimport { StorageManagerInterface } from '../storage/types';\nimport { OktaAuthHttpInterface, OktaAuthHttpOptions } from '../http/types';\nimport { OktaAuthConstructor } from '../base/types';\n\nexport function mixinAuthn\n<\n  S extends StorageManagerInterface = StorageManagerInterface,\n  O extends OktaAuthHttpOptions = OktaAuthHttpOptions,\n  TBase extends OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n    = OktaAuthConstructor<OktaAuthHttpInterface<S, O>>\n>\n(Base: TBase): TBase & OktaAuthConstructor<OktaAuthTxInterface<S, O>>\n{\n  return class OktaAuthTx extends Base implements OktaAuthTxInterface<S, O> {\n    tx: AuthnTransactionAPI; // legacy, may be removed in future version\n    authn: AuthnTransactionAPI;\n    fingerprint: FingerprintAPI;\n\n    constructor(...args: any[]) {\n      super(...args);\n\n      this.authn = this.tx = createAuthnTransactionAPI(this);\n      \n      // Fingerprint API\n      this.fingerprint = fingerprint.bind(null, this);\n    }\n\n    // Authn  V1\n    async signIn(opts: SigninOptions): Promise<AuthnTransaction> {\n      opts = clone(opts || {});\n      const _postToTransaction = (options?) => {\n        delete opts.sendFingerprint;\n        return this.tx.postToTransaction('/api/v1/authn', opts, options);\n      };\n      if (!opts.sendFingerprint) {\n        return _postToTransaction();\n      }\n      return this.fingerprint()\n      .then(function(fingerprint) {\n        return _postToTransaction({\n          headers: {\n            'X-Device-Fingerprint': fingerprint\n          }\n        });\n      });\n    }\n\n    // Authn  V1\n    async signInWithCredentials(opts: SigninWithCredentialsOptions): Promise<AuthnTransaction> {\n      return this.signIn(opts);\n    }\n\n    // { username, (relayState) }\n    forgotPassword(opts): Promise<AuthnTransaction> {\n      return this.tx.postToTransaction('/api/v1/authn/recovery/password', opts);\n    }\n\n    // { username, (relayState) }\n    unlockAccount(opts: ForgotPasswordOptions): Promise<AuthnTransaction> {\n      return this.tx.postToTransaction('/api/v1/authn/recovery/unlock', opts);\n    }\n\n    // { recoveryToken }\n    verifyRecoveryToken(opts: VerifyRecoveryTokenOptions): Promise<AuthnTransaction> {\n      return this.tx.postToTransaction('/api/v1/authn/recovery/token', opts);\n    }\n\n  };\n}\n","import { StorageManagerConstructor } from '../../storage/types';\nimport { OktaAuthConstructor, OktaAuthOptionsConstructor } from '../../base/types';\n\nimport { createOktaAuthBase } from '../../base';\nimport { mixinStorage } from '../../storage/mixin';\nimport { mixinSession } from '../../session/mixin';\nimport { mixinHttp } from '../../http/mixin';\nimport { mixinOAuth } from '../mixin';\nimport {\n  OAuthTransactionMeta,\n  OktaAuthOAuthInterface,\n  OktaAuthOAuthOptions,\n  OAuthStorageManagerInterface,\n  PKCETransactionMeta,\n  TransactionManagerConstructor,\n  TransactionManagerInterface\n} from '../types';\n\nexport function createOktaAuthOAuth\n<\n  M extends OAuthTransactionMeta = PKCETransactionMeta,\n  S extends OAuthStorageManagerInterface<M> = OAuthStorageManagerInterface<M>,\n  O extends OktaAuthOAuthOptions = OktaAuthOAuthOptions,\n  TM extends TransactionManagerInterface = TransactionManagerInterface\n>\n(\n  StorageManagerConstructor: StorageManagerConstructor<S>,\n  OptionsConstructor: OktaAuthOptionsConstructor<O>,\n  TransactionManagerConstructor: TransactionManagerConstructor<TM>\n):  OktaAuthConstructor<OktaAuthOAuthInterface<M, S, O, TM>>\n{\n  const Base = createOktaAuthBase(OptionsConstructor);\n  const WithStorage = mixinStorage<S, O>(Base, StorageManagerConstructor);\n  const WithHttp = mixinHttp<S, O>(WithStorage);\n  const WithSession = mixinSession<S, O>(WithHttp);\n  const WithOAuth = mixinOAuth<M, S, O, TM>(WithSession, TransactionManagerConstructor);\n  return WithOAuth;\n}\n","import {\n  OktaAuthOptionsConstructor,\n} from '../base';\n\nimport {\n  IdxStorageManagerConstructor,\n  IdxTransactionManagerConstructor,\n  OktaAuthIdxOptions,\n  createIdxTransactionManager,\n  createOktaAuthIdx,\n  createIdxStorageManager,\n  createIdxOptionsConstructor\n} from '../idx';\n\nimport { mixinMyAccount } from '../myaccount';\nimport { mixinAuthn } from '../authn';\n\n\n// eslint-disable-next-line @typescript-eslint/no-empty-interface\nexport interface OktaAuthOptions extends OktaAuthIdxOptions {}\n\nconst OptionsConstructor: OktaAuthOptionsConstructor<OktaAuthOptions> = createIdxOptionsConstructor();\nconst StorageManager: IdxStorageManagerConstructor = createIdxStorageManager();\nconst TransactionManager: IdxTransactionManagerConstructor = createIdxTransactionManager();\n\n// Default bundle includes everything\nconst WithIdx = createOktaAuthIdx(StorageManager, OptionsConstructor, TransactionManager);\nconst WithMyAccount = mixinMyAccount(WithIdx);\nconst WithAuthn = mixinAuthn(WithMyAccount);\n\nclass OktaAuth extends WithAuthn {\n  constructor(options: OktaAuthOptions) {\n    super(options);\n  }\n}\n\nexport default OktaAuth;\nexport { OktaAuth };\nexport * from './common';\nexport * from '../idx';\nexport * from '../myaccount';\nexport * from '../authn';\n"],"names":["global","self","this","__self__","F","fetch","DOMException","prototype","exports","support","Symbol","Blob","e","viewClasses","isArrayBufferView","ArrayBuffer","isView","obj","indexOf","Object","toString","call","normalizeName","name","String","test","TypeError","toLowerCase","normalizeValue","value","iteratorFor","items","iterator","next","shift","done","undefined","Headers","headers","map","forEach","append","Array","isArray","header","getOwnPropertyNames","consumed","body","bodyUsed","Promise","reject","fileReaderReady","reader","resolve","onload","result","onerror","error","readBlobAsArrayBuffer","blob","FileReader","promise","readAsArrayBuffer","bufferClone","buf","slice","view","Uint8Array","byteLength","set","buffer","Body","_initBody","_bodyInit","_bodyText","isPrototypeOf","_bodyBlob","FormData","_bodyFormData","URLSearchParams","DataView","_bodyArrayBuffer","get","type","rejected","Error","arrayBuffer","then","text","readAsText","chars","length","i","fromCharCode","join","readArrayBufferAsText","formData","decode","json","JSON","parse","oldValue","has","hasOwnProperty","callback","thisArg","keys","push","values","entries","methods","Request","input","options","method","upcased","url","credentials","mode","signal","toUpperCase","referrer","form","trim","split","bytes","replace","decodeURIComponent","Response","bodyInit","status","ok","statusText","clone","response","redirectStatuses","redirect","RangeError","location","err","message","stack","create","constructor","init","request","aborted","xhr","XMLHttpRequest","abortXhr","abort","rawHeaders","getAllResponseHeaders","line","parts","key","responseURL","responseText","ontimeout","onabort","open","withCredentials","responseType","setRequestHeader","addEventListener","onreadystatechange","readyState","removeEventListener","send","polyfill","defineProperty","ponyfill","ctx","module","IdxStatus","AuthenticatorKey","IdxFeature","isAuthenticator","id","getNativeConsole","window","console","getConsole","nativeConsole","log","warn","group","groupEnd","deprecate","deprecateWrap","fn","apply","arguments","bind","additionalArgs","args","concat","extend","obj1","prop","removeNils","cleaned","str","stringify","omit","props","newobj","p","find","collection","searchParams","c","item","found","getLink","linkName","altName","_links","link","isoToUTCString","match","isoTime","Date","UTC","toUTCString","genRandomString","random","Math","floor","randomCharset","delay","ms","setTimeout","split2","delim","splice","isAbsoluteUrl","toAbsoluteUrl","baseUrl","removeTrailingSlash","toRelativeUrl","substring","toQueryString","encodeURIComponent","path","trimmed","CustomError","super","setPrototypeOf","AuthSdkError","msg","errorCode","errorSummary","errorLink","errorId","errorCauses","generateState","generateNonce","getIssuer","sdk","issuer","getOAuthBaseUrl","getOAuthDomain","getOAuthUrls","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl","createOAuthMeta","tokenParams","oauthMeta","urls","clientId","redirectUri","responseMode","scopes","state","nonce","ignoreSignature","acrValues","pkce","codeVerifier","codeChallengeMethod","codeChallenge","TokenKind","isToken","accessToken","idToken","refreshToken","isAccessToken","isIDToken","isRefreshToken","async","createTransactionMeta","authClient","token","prepareTokenParams","pkceMeta","flow","activationToken","recoveryToken","maxAge","hasSavedInteractionHandle","savedMeta","getSavedTransactionMeta","interactionHandle","transactionManager","load","isTransactionMetaValid","getTransactionMeta","saveTransactionMeta","meta","save","muteWarning","clearTransactionMeta","clear","isTransactionMetaValidForOptions","isTransactionMetaValidForFlow","some","isString","isObject","isNumber","isFunction","isPromise","finally","STATE_TOKEN_KEY_NAME","DEFAULT_POLLING_DELAY","DEFAULT_MAX_CLOCK_SKEW","DEFAULT_CACHE_DURATION","TOKEN_STORAGE_NAME","CACHE_STORAGE_NAME","PKCE_STORAGE_NAME","TRANSACTION_STORAGE_NAME","SHARED_TRANSACTION_STORAGE_NAME","ORIGINAL_URI_STORAGE_NAME","IDX_RESPONSE_STORAGE_NAME","ACCESS_TOKEN_STORAGE_KEY","ID_TOKEN_STORAGE_KEY","REFRESH_TOKEN_STORAGE_KEY","REFERRER_PATH_STORAGE_KEY","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","DEFAULT_CODE_CHALLENGE_METHOD","IDX_API_VERSION","AuthApiError","OAuthError","summary","error_description","formatError","resp","serverErr","transformErrorXHR","max_age","acr_values","part","reduce","acc","curr","parseInsufficientAuthenticationError","httpRequest","httpRequestInterceptors","interceptor","saveAuthnState","storage","storageUtil","httpCache","storageManager","getHttpCache","cookies","cacheResponse","cachedResponse","getStorage","now","expiresAt","oktaUserAgentHeader","_oktaUserAgent","getHttpHeader","assign","res","ajaxOptions","data","httpRequestClient","stateToken","delete","updateStorage","catch","getOptions","getIssuerOrigin","post","postOptions","getResponse","interact","clientSecret","params","client_id","scope","redirect_uri","code_challenge","code_challenge_method","activation_token","recovery_token","client_secret","interaction_handle","newMeta","isFieldMutable","field","mutable","divideSingleActionParamsByMutability","action","defaultParamsForAction","neededParamsForAction","immutableParamsForAction","generateDirectFetch","actionDefinition","toPersist","target","href","accepts","idx","makeIdxResponse","payload","responseJSON","wwwAuthHeader","idxResponse","stepUp","generateIdxAction","generator","defaultParams","neededParams","immutableParams","actionList","divideActionParamsByMutability","SKIP_FIELDS","fromEntries","expandRelatesTo","k","query","preventEval","innerValue","parseIdxResponse","remediationData","remediation","relatesTo","authenticatorChallenge","remediations","rel","remediationActions","remediationValue","generateRemediationFunctions","actionFn","convertRemediationAction","context","actions","filter","fieldValue","info","subField","parseNonRemediations","makeIdxState","requestDidSucceed","rawIdxResponse","proceed","remediationChoice","paramsFromUser","remediationChoiceObject","neededToProceed","rawIdxState","interactionCode","successWithInteractionCode","parsersForVersion","version","v1","validateVersionConfig","isRawIdxResponse","isAuthApiError","isOAuthError","introspect","savedIdxResponse","loadIdxResponse","domain","stateHandle","Accept","titleCase","charAt","getAuthenticatorFromRemediation","formatAuthenticator","incoming","authenticator","compareAuthenticators","auth1","auth2","Remediator","formatAuthenticators","authenticators","existing","authenticatorsData","getName","canRemediate","idxRemediation","required","cur","hasData","getData","r","val","entry","getNextStep","_authClient","_context","inputs","getInputs","getAuthenticator","inputFromRemediation","visible","messages","alias","aliases","includes","getMessages","getValuesAfterProceed","authenticatorFromRemediation","enrollmentId","Authenticator","VerificationCodeAuthenticator","canVerify","verificationCode","otp","mapCredentials","passcode","idxRemediationValue","OktaVerifyTotp","totp","OktaPassword","password","SecurityQuestionEnrollment","questionKey","answer","question","label","SecurityQuestionVerification","contextualData","enrolledQuestion","WebauthnEnrollment","clientData","attestation","WebauthnVerification","authenticatorData","signatureData","VerifyAuthenticator","OKTA_PASSWORD","SECURITY_QUESTION","OKTA_VERIFY","WEBAUTHN","challengeData","nextStep","authenticatorEnrollments","getInputCredentials","valueKey","EnrollAuthenticator","EnrollPoll","startPolling","step","common","currentAuthenticator","poll","refresh","SelectEnrollmentChannel","channel","filterKey","EnrollmentChannelData","getInputEmail","getInputPhoneNumber","Boolean","email","phoneNumber","ChallengeAuthenticator","ChallengePoll","ResetAuthenticator","EnrollProfile","getCredentialsFromRemediation","userProfileFromValues","userProfile","mapUserProfile","profileAttributes","attributeValues","attributeName","getInputUserProfile","getErrorMessages","errorRemediation","errors","Identify","identifier","ReEnrollAuthenticator","newPassword","RedirectIdp","idp","SelectAuthenticator","findMatchedOption","option","matchedOption","isCurrentAuthenticator","isCurrentAuthenticatorEnrollment","currentAuthenticatorEnrollment","mapAuthenticator","selectedAuthenticator","selectedOption","getInputAuthenticator","SelectAuthenticatorAuthenticate","isRecoveryFlow","SelectAuthenticatorEnroll","SelectAuthenticatorUnlockAccount","authenticatorMap","methodTypeOption","methodTypeValue","methodType","getInputUsername","SelectEnrollProfile","AuthenticatorData","formatAuthenticatorData","getAuthenticatorData","mapAuthenticatorDataFromValues","AuthenticatorVerificationData","AuthenticatorEnrollmentData","Skip","skip","unwrapFormValue","formKeys","unwrappedForm","GenericRemediator","endsWith","produces","rest","isTerminalResponse","getMessagesFromIdxRemediationValue","messagesFromForm","optionValues","messagesFromOptions","getMessagesFromResponse","globalMessages","useGenericRemediator","fieldMessages","seen","filtered","i18n","getRemediatorClass","remediators","getRemediator","idxRemediations","remediator","T","remediatorCandidates","canSkip","canSkipFn","canResend","actionName","canResendFn","handleFailedResponse","terminal","removeActionFromValues","resend","removeActionFromOptions","remediate","actionFromValues","getActionFromValues","valuesWithoutExecutedAction","optionsWithoutExecutedAction","canceled","remediationAction","remediationName","filterValuesForRemediation","AuthenticationFlow","PasswordRecoveryFlow","RegistrationFlow","AccountUnlockFlow","getFlowSpecification","oktaAuth","initializeValues","run","PENDING","getFlow","setFlow","flowSpec","initializeData","interactResponse","getDataFromIntrospect","autoRemediate","idxResponseFromRemediation","getDataFromRemediate","exchangeCodeForTokens","tokens","enabledFeatures","availableSteps","shouldSaveResponse","shouldClearTransaction","clearSharedStorage","PASSWORD_RECOVERY","REGISTRATION","SOCIAL_IDP","ACCOUNT_UNLOCK","getEnabledFeatures","remediatorMap","remediatorClass","stepObj","startsWith","part1","part2","actionObj","getAvailableSteps","TERMINAL","hasActions","hasErrors","class","CANCELED","SUCCESS","getTokens","finalizeData","saveIdxResponse","authenticate","cancel","urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","param","exec","EmailVerifyCallbackError","isEmailVerifyCallbackError","isEmailVerifyCallback","urlPath","parseEmailVerifyCallback","handleEmailVerifyCallback","search","canProceed","transaction","availablePollingRemeditaions","Number","isInteger","startTransaction","register","recoverPassword","handleInteractionCodeRedirect","savedState","URL","tokenManager","setTokens","unlockAccount","isInteractionRequiredError","isAuthorizationCodeError","errorResponse","isRefreshTokenInvalidError","hasTokensInHash","hash","hasAuthorizationCode","hasInteractionCode","hasErrorInUrl","isRedirectUri","uri","authParams","isCodeFlow","getHashOrSearch","isLoginRedirect","codeFlow","isInteractionRequired","createIdxAPI","boundStartTransaction","start","a","atob","b","btoa","crypto","isWindowsPhone","isBrowser","document","isIE11OrLess","documentMode","getUserAgent","navigator","userAgent","isFingerprintSupported","agent","isPopupPostMessageSupported","isIE8or9","postMessage","isTokenVerifySupported","webcrypto","subtle","hasTextEncoder","TextEncoder","isPKCESupported","isHTTPS","protocol","isLocalhost","hostname","createOktaAuthBase","OptionsConstructor","OktaAuthBase","emitter","features","constants","mixinStorage","Base","StorageManager","clearStorage","OktaUserAgent","environments","maybeAddNodeEnvironment","addEnvironment","env","getVersion","process","versions","node","headerName","headerValue","mixinHttp","http","setHeaders","webfinger","opts","stringToBase64Url","base64ToBase64Url","b64","base64UrlToBase64","b64u","base64UrlToString","utf8","escape","stringToBuffer","charCodeAt","base64UrlDecode","base64UrlToBuffer","from","bufferToBase64Url","bin","s","byte","getOidcHash","encode","digest","firstHalf","verifyToken","algo","use","importKey","cryptoKey","jwt","signature","verify","PromiseQueue","quiet","queue","running","thisObject","queueItem","dec2hex","dec","substr","generateVerifier","prefix","verifier","ceil","getRandomValues","getRandomString","computeChallenge","decodeToken","decodedToken","getDefaultTokenParams","defaultRedirectUri","postToTokenEndpoint","authorizationCode","validateOptions","code","getPostData","postRefreshToken","grant_type","refresh_token","getWellKnown","getKey","kid","wellKnown","jwksUri","cachedKey","validateClaims","claims","validationParams","aud","iss","acr","iat","exp","ignoreLifetime","maxClockSkew","configuredIssuer","validationOptions","sdkCrypto.verifyToken","at_hash","sdkCrypto.getOidcHash","handleOAuthResponse","interaction_code","oauthParams","validateResponse","tokenDict","expiresIn","expires_in","tokenType","token_type","access_token","id_token","accessJwt","idJwt","idTokenObj","getUserInfo","accessTokenObject","idTokenObject","userInfo","sub","authenticateHeader","getResponseHeader","errorMatches","errorDescriptionMatches","errorDescription","addListener","eventTarget","attachEvent","removeListener","detachEvent","loadFrame","src","iframe","createElement","style","display","appendChild","loadPopup","title","popupTitle","addPostMessageListener","timeout","responseHandler","timeoutId","origin","clearTimeout","assertPKCESupport","errorMessage","validateCodeChallengeMethod","preparePKCE","PKCE","defaults","convertTokenParamsToOAuthParams","idpScope","loginHint","prompt","sessionToken","enrollAmrValues","mayBeArray","buildAuthorizeParams","oauthQueryParams","extraParams","getToken","popupWindow","requestUrl","iframePromise","iframeEl","contains","parentElement","removeChild","oauthPromise","closePoller","setInterval","closed","clearInterval","close","getWithoutPrompt","getWithPopup","getWithRedirect","setLocation","getResponseMode","defaultResponseMode","parseOAuthResponseFromUrl","paramStr","nativeLoc","parseFromUrl","_getLocation","nativeHistory","_getHistory","nativeDoc","_getDocument","replaceState","pathname","removeSearch","removeHash","cleanOAuthResponseFromUrl","isSameRefreshToken","isRefreshTokenError","renewTokensWithRefresh","refreshTokenObject","renewTokenParams","tokenResponse","updateRefreshToken","removeRefreshToken","throwInvalidTokenError","getSingleToken","originalToken","renewToken","getTokensSync","renewTokens","revokeToken","token_type_hint","hintMap","oidcIntrospect","kind","ACCESS","introspection_endpoint","introspectUrl","authHeader","createEnrollAuthenticatorMeta","getDefaultEnrollAuthenticatorParams","prepareEnrollAuthenticatorParams","prepareParams","enrollAuthenticator","createTokenAPI","useQueue","getWithRedirectFn","parseFromUrlFn","parseFromUrlApi","history","revoke","renew","createEndpoints","authorize","validateToken","SdkClock","localOffset","parseInt","EVENT_EXPIRED","EVENT_RENEWED","EVENT_ADDED","EVENT_REMOVED","EVENT_ERROR","EVENT_SET_STORAGE","DEFAULT_OPTIONS","autoRenew","autoRemove","syncStorage","clearPendingRemoveTokens","expireEarlySeconds","storageKey","TokenManager","storageOptions","secure","storageProvider","storageType","getTokenStorage","useSeparateCookies","clock","expireTimeouts","renewPromise","on","event","handler","off","setExpireEventTimeoutAll","started","stop","clearExpireEventTimeoutAll","isStarted","getExpireTime","hasExpired","emitExpired","emit","emitRenewed","freshToken","oldToken","emitAdded","emitRemoved","emitError","clearExpireEventTimeout","setExpireEventTimeout","expireTime","expireEventWait","max","expireEventTimeout","tokenStorage","resetExpireEventTimeoutAll","add","setStorage","emitSetStorageEvent","getSync","getStorageKeyByType","getTokenType","accessTokenCb","idTokenCb","refreshTokenCb","handleTokenCallback","handleAdded","handleRenewed","handleRemoved","types","existingTokens","newToken","existingToken","remove","removedToken","tokenKey","removedTokens","pendingRemove","addPendingRemoveFlags","browserHasLocalStorage","getLocalStorage","testStorage","browserHasSessionStorage","getSessionStorage","testStorageType","supported","getStorageByType","getCookieStorage","getInMemoryStorage","findStorageType","curType","nextType","onstorage","localStorage","sessionStorage","sameSite","sessionCookie","getItem","setItem","removeItem","existingValues","valueToStore","inMemoryStore","cookieOptions","expires","mixinOAuth","TransactionManagerConstructor","WithOriginalUri","BaseClass","setOriginalUri","originalUri","browserStorage","getOriginalUriStorage","getOriginalUri","removeOriginalUri","sharedStorage","_pending","handleLogin","_tokenQueue","endpoints","isAuthenticated","shouldRenew","onExpiredToken","shouldRemove","signInWithRedirect","additionalParams","getUser","getIdToken","getAccessToken","getRefreshToken","storeTokensFromRedirect","isPKCE","hasResponseType","isAuthorizationCodeFlow","invokeApiMethod","revokeAccessToken","accessTokenKey","revokeRefreshToken","refreshTokenKey","getSignOutRedirectUrl","postLogoutRedirectUri","idTokenHint","logoutUri","signOut","defaultUri","currentUri","clearTokensBeforeRedirect","sessionClosed","closeSession","INITIAL_AUTH_STATE","DEFAULT_PENDING","updateAuthStatePromise","canceledTimes","EVENT_AUTH_STATE_CHANGE","AuthStateManager","_sdk","_authState","_logOptions","_prevAuthState","_transformQueue","_setLogOptions","updateAuthState","getAuthState","getPreviousAuthState","transformAuthState","devMode","emitAuthStateChange","authState","prevState","finalPromise","origPromise","curPromise","cancelablePromise","_","onCancel","shouldReject","emitAndResolve","isCanceled","subscribe","unsubscribe","AutoRenewService","renewTimeQueue","onTokenExpiredHandler","shouldThrottleRenew","firstTime","requiresLeadership","processExpiredTokens","canStart","SyncStorageService","onTokenAddedHandler","onTokenRemovedHandler","onTokenRenewedHandler","onSetStorageHandler","onSyncMessageHandler","syncChannelName","enablePostMessage","LeaderElectionService","onLeaderDuplicate","onLeader","isLeader","elector","hasLeader","electionChannelName","onduplicate","awaitLeadership","die","postInternal","AUTO_RENEW","SYNC_STORAGE","LEADER_ELECTION","ServiceManager","broadcastChannelName","defaultOptions","services","Map","knownServices","svc","createService","startServices","getService","isLeaderRequired","srv","stopServices","canStartService","service","mixinCore","authStateManager","serviceManager","handleRedirect","handleLoginRedirect","restoreOriginalUri","sessionExists","session","getSession","user","refreshSession","setCookieAndRedirect","redirectUrl","checkAccountSetupComplete","createSessionApi","exists","mixinSession","createOktaAuthCore","StorageManagerConstructor","getEnrolledCredentials","enrollement","credentialId","buildCredentialCreationOptions","activationData","publicKey","rp","displayName","challenge","pubKeyCredParams","authenticatorSelection","excludeCredentials","buildCredentialRequestOptions","userVerification","allowCredentials","getAttestation","credential","clientDataJSON","attestationObject","getAssertion","mixinIdx","webauthn","createOktaAuthIdx","createBaseOptionsConstructor","STORAGE_MANAGER_OPTIONS","storageTypes","cache","createStorageOptionsConstructor","BaseOptionsConstructor","cookieSettings","getCookieSettings","appJsonContentTypeRegex","fetchRequest","contentType","fetchPromise","readData","pair","formatResult","createHttpOptionsConstructor","StorageOptionsConstructor","enableSharedStorage","createOAuthOptionsConstructor","HttpOptionsConstructor","RegExp","assertValidConfig","createCoreOptionsConstructor","OAuthOptionsConstructor","createIdxOptionsConstructor","CoreOptionsConstructor","SavedObject","storageName","storageString","logServerSideMemoryStorageWarning","BaseStorageManager","storageManagerOptions","getOptionsForSection","sectionName","overrideOptions","createOAuthStorageManager","getTransactionStorage","getSharedTansactionStorage","createCoreStorageManager","createIdxStorageManager","CoreStorageManager","getIdxResponseStorage","transactionStorage","isObjectWithProperties","isOAuthTransactionMeta","isPKCETransactionMeta","isIdxTransactionMeta","isCustomAuthTransactionMeta","isTransactionMeta","MAX_ENTRY_LIFETIME","createTransactionManager","saveLastResponse","clearTransactionFromSharedStorage","dateCreated","saveTransactionToSharedStorage","pruneSharedStorage","loadTransactionFromSharedStorage","createIdxTransactionManager","TransactionManager","clearIdxResponse","storedValue","BaseTransaction","ProfileTransaction","createdAt","modifiedAt","profile","ProfileSchemaTransaction","properties","EmailTransaction","roles","generateRequestFnFromLinks","methodName","links","transactionClassName","EmailStatusTransaction","EmailChallengeTransaction","PhoneTransaction","EmailRole","Status","PasswordStatus","PasswordTransaction","created","lastUpdated","NOT_ENROLLED","enroll","update","sendRequest","accessTokenObj","TransactionClass","hints","allow","getProfile","updateProfile","getProfileSchema","getEmails","getEmail","addEmail","deleteEmail","sendEmailChallenge","getEmailChallenge","emailId","challengeId","verifyEmailChallenge","getPhones","getPhone","addPhone","deletePhone","sendPhoneChallenge","verifyPhoneChallenge","getPassword","enrollPassword","updatePassword","deletePassword","mixinMyAccount","myaccount","MyAccountMethods","createOktaAuthMyAccount","addStateToken","builtArgs","transactionStatus","transactionExists","getSavedStateToken","postToTransaction","tx","createTransaction","link2fn","ref","lk","isPolling","factorType","provider","autoPush","rememberDevice","updatePhone","AuthPollStopError","getPollFn","transactionCallBack","pollLink","retryCount","recursivePoll","getStateToken","pollFn","pollRes","factorResult","delayFn","delayLength","pow","flattenEmbedded","objArr","o","ol","embedded","_embedded","fns","links2fns","AuthnTransactionImpl","createAuthnTransactionAPI","resume","resumeTransaction","transactionStep","introspectAuthn","fingerprint","listener","source","mixinAuthn","authn","signIn","_postToTransaction","sendFingerprint","signInWithCredentials","forgotPassword","verifyRecoveryToken","createOktaAuthOAuth","WithAuthn","OktaAuth"],"sourceRoot":""}