{"version":3,"sources":["webpack:///webpack/universalModuleDefinition","webpack:///webpack/bootstrap 566c982fcf681ba8c641","webpack:///okta-auth-js.min.js","webpack:///./lib/util.js","webpack:///./lib/errors/AuthSdkError.js","webpack:///./lib/constants.js","webpack:///./lib/http.js","webpack:///./lib/browser/browserStorage.js","webpack:////root/okta/okta-auth-js/node_modules/@babel/runtime/helpers/typeof.js","webpack:///./lib/storageBuilder.js","webpack:////root/okta/okta-auth-js/node_modules/@babel/runtime/regenerator/index.js","webpack:////root/okta/okta-auth-js/node_modules/@babel/runtime/helpers/asyncToGenerator.js","webpack:///./lib/tx.js","webpack:///./lib/oauthUtil.js","webpack:///./lib/browser/browserIndex.js","webpack:///./lib/fetch/fetchRequest.js","webpack:////root/okta/okta-auth-js/node_modules/cross-fetch/dist/browser-ponyfill.js","webpack:////root/okta/okta-auth-js/node_modules/js-cookie/src/js.cookie.js","webpack:///./lib/browser/browser.js","webpack:////root/okta/okta-auth-js/node_modules/regenerator-runtime/runtime.js","webpack:////root/okta/okta-auth-js/node_modules/tiny-emitter/index.js","webpack:///./lib/builderUtil.js","webpack:///./lib/errors/AuthApiError.js","webpack:///./lib/errors/AuthPollStopError.js","webpack:///./lib/session.js","webpack:///./lib/token.js","webpack:///./lib/crypto.js","webpack:///./lib/errors/OAuthError.js","webpack:///./lib/pkce.js","webpack:///./lib/TokenManager.js","webpack:///./lib/clock.js"],"names":["root","factory","exports","module","define","amd","self","this","__webpack_require__","moduleId","installedModules","i","l","modules","call","m","c","d","name","getter","o","Object","defineProperty","configurable","enumerable","get","n","__esModule","object","property","prototype","hasOwnProperty","p","s","util","stringToBase64Url","str","b64","btoa","base64ToBase64Url","replace","base64UrlToBase64","b64u","base64UrlToString","length","utf8","atob","decodeURIComponent","escape","e","stringToBuffer","buffer","Uint8Array","charCodeAt","base64UrlDecode","bind","fn","ctx","additionalArgs","Array","slice","arguments","args","concat","apply","isAbsoluteUrl","url","test","isString","obj","toString","isObject","isNumber","isoToUTCString","parts","match","isoTime","Date","UTC","toUTCString","toQueryParams","key","undefined","push","encodeURIComponent","join","genRandomString","randomCharset","random","cl","Math","floor","extend","obj1","forEach","prop","removeNils","cleaned","value","clone","JSON","stringify","parse","omit","props","newobj","indexOf","find","collection","searchParams","item","found","getLink","linkName","altName","_links","link","getNativeConsole","window","console","getConsole","nativeConsole","log","warn","text","deprecate","deprecateWrap","removeTrailingSlash","path","trimmed","isIE11OrLess","document","documentMode","isFunction","delay","ms","Promise","resolve","setTimeout","AuthSdkError","msg","xhr","message","errorCode","errorSummary","errorLink","errorId","errorCauses","Error","httpRequest","sdk","options","method","saveAuthnState","accessToken","withCredentials","storageUtil","storage","httpCache","getHttpCache","cookies","cacheResponse","cacheContents","getStorage","cachedResponse","now","expiresAt","response","headers","userAgent","err","res","ajaxOptions","data","httpRequestClient","then","resp","responseText","stateToken","delete","constants","STATE_TOKEN_KEY_NAME","set","updateStorage","DEFAULT_CACHE_DURATION","catch","serverErr","status","transformErrorXHR","AuthApiError","getIssuerOrigin","getOptions","post","postOptions","require","Cookies","storageBuilder","browserHasLocalStorage","getLocalStorage","testStorage","browserHasSessionStorage","getSessionStorage","getPKCEStorage","PKCE_STORAGE_NAME","getCookieStorage","CACHE_STORAGE_NAME","localStorage","sessionStorage","secure","sameSite","getItem","setItem","getInMemoryStorage","store","removeItem","cookieOptions","expires","remove","_typeof","Symbol","iterator","constructor","webstorage","storageName","storageString","setStorage","clearStorage","asyncGeneratorStep","gen","reject","_next","_throw","arg","info","error","done","_asyncToGenerator","addStateToken","builtArgs","getStateToken","transactionStatus","http","resumeTransaction","tx","exists","_get","AuthTransaction","introspect","transactionStep","transactionExists","postToTransaction","getPollFn","ref","pollFn","opts","autoPush","rememberDevice","href","pollLink","transactionCallBack","DEFAULT_POLLING_DELAY","isPolling","retryCount","recursivePoll","pollRes","factorResult","AuthPollStopError","delayLength","pow","link2fn","isArray","lk","hints","allow","factorType","provider","params","profile","updatePhone","links2fns","fns","type","poll","flattenEmbedded","objArr","ol","embedded","_embedded","cancel","generateState","generateNonce","isToken","idToken","scopes","addListener","eventTarget","addEventListener","attachEvent","removeListener","removeEventListener","detachEvent","loadFrame","src","iframe","createElement","style","display","body","appendChild","loadPopup","title","popupTitle","appearance","winEl","open","location","getWellKnown","issuer","authServerUri","getKey","kid","wellKnown","jwksUri","cachedKey","keys","validateClaims","claims","validationParams","aud","clientId","iss","nonce","iat","exp","maxClockSkew","getOAuthUrls","authorizeUrl","userinfoUrl","tokenUrl","logoutUrl","revokeUrl","baseUrl","urlParamsToObject","hashOrSearch","plus2space","paramSplit","fragment","charAt","substring","param","exec","fetchRequest","readData","toLowerCase","json","formatResult","result","responseType","responseJSON","fetch","credentials","ok","__self__","F","DOMException","isDataView","DataView","isPrototypeOf","normalizeName","String","TypeError","normalizeValue","iteratorFor","items","next","shift","support","iterable","Headers","map","append","header","getOwnPropertyNames","consumed","bodyUsed","fileReaderReady","reader","onload","onerror","readBlobAsArrayBuffer","blob","FileReader","promise","readAsArrayBuffer","readBlobAsText","readAsText","readArrayBufferAsText","buf","view","chars","fromCharCode","bufferClone","byteLength","Body","_initBody","_bodyInit","_bodyText","Blob","_bodyBlob","formData","FormData","_bodyFormData","URLSearchParams","arrayBuffer","_bodyArrayBuffer","ArrayBuffer","isArrayBufferView","rejected","decode","normalizeMethod","upcased","toUpperCase","methods","Request","input","mode","signal","referrer","form","trim","split","bytes","parseHeaders","rawHeaders","line","Response","bodyInit","statusText","init","abortXhr","abort","request","aborted","XMLHttpRequest","getAllResponseHeaders","responseURL","ontimeout","onabort","setRequestHeader","onreadystatechange","readyState","send","viewClasses","isView","oldValue","has","callback","thisArg","values","entries","redirectStatuses","redirect","RangeError","stack","create","polyfill","default","registeredInModuleLoader","OldCookies","api","noConflict","attributes","converter","defaults","setMilliseconds","getMilliseconds","write","stringifiedAttributes","attributeName","cookie","rdecode","read","getJSON","withConverter","OktaAuthBuilder","builderUtil","assertValidConfig","cookieSettings","features","isLocalhost","isHTTPS","pkce","redirectUri","postLogoutRedirectUri","responseMode","onSessionExpired","getUserAgent","SDK_VERSION","DEFAULT_MAX_CLOCK_SKEW","ignoreSignature","session","close","closeSession","sessionExists","getSession","refresh","refreshSession","setCookieAndRedirect","resume","authorize","_getLocationHref","token","getWithoutPrompt","getWithPopup","getWithRedirect","parseFromUrl","decodeToken","revoke","revokeToken","renew","renewToken","getUserInfo","verify","verifyToken","_setLocation","_getHistory","history","_getLocation","_getDocument","fingerprint","_getUserAgent","navigator","isWindowsPhone","isFingerprintSupported","agent","emitter","Emitter","tokenManager","TokenManager","on","_onTokenManagerError","_regeneratorRuntime","oauthUtil","proto","isPopupPostMessageSupported","isIE8or9","postMessage","isTokenVerifySupported","crypto","subtle","hasTextEncoder","TextEncoder","isPKCESupported","protocol","hostname","signIn","sendFingerprint","clear","revokeAccessToken","signOut","defaultUri","origin","reload","assign","state","idTokenHint","logoutUri","addSharedPrototypes","webfinger","timeout","listener","source","finally","clearTimeout","contains","parentElement","removeChild","buildOktaAuth","runtime","wrap","innerFn","outerFn","tryLocsList","protoGenerator","Generator","generator","context","Context","_invoke","makeInvokeMethod","tryCatch","GeneratorFunction","GeneratorFunctionPrototype","defineIteratorMethods","AsyncIterator","invoke","record","hasOwn","__await","unwrapped","enqueue","callInvokeWithMethodAndArg","previousPromise","GenStateSuspendedStart","GenStateExecuting","GenStateCompleted","doneResult","delegate","delegateResult","maybeInvokeDelegate","ContinueSentinel","sent","_sent","dispatchException","abrupt","GenStateSuspendedYield","resultName","nextLoc","pushTryEntry","locs","entry","tryLoc","catchLoc","finallyLoc","afterLoc","tryEntries","resetTryEntry","completion","reset","iteratorMethod","iteratorSymbol","isNaN","Op","$Symbol","asyncIteratorSymbol","asyncIterator","toStringTagSymbol","toStringTag","IteratorPrototype","getProto","getPrototypeOf","NativeIteratorPrototype","Gp","displayName","isGeneratorFunction","genFun","ctor","mark","setPrototypeOf","__proto__","awrap","async","iter","reverse","pop","skipTempReset","prev","stop","rootEntry","rootRecord","rval","exception","handle","loc","caught","hasCatch","hasFinally","finallyEntry","complete","finish","thrown","delegateYield","regeneratorRuntime","accidentalStrictMode","Function","E","once","off","_","emit","evtArr","len","evts","liveEvents","RegExp","template","forgotPassword","unlockAccount","verifyRecoveryToken","OktaAuth","ajaxRequest","sdkVersion","user","sessionToken","redirectUrl","checkAccountSetupComplete","token_type_hint","creds","decodedToken","jwt","payload","signature","validationOptions","sdkCrypto","valid","at_hash","getOidcHash","hash","addPostMessageListener","responseHandler","timeoutId","addFragmentListener","windowEl","hashChangeHandler","hashToObject","closed","exchangeCodeForToken","oauthParams","authorizationCode","urls","meta","PKCE","loadMeta","getTokenParams","codeVerifier","getToken","validateResponse","clearMeta","OAuthError","handleOAuthResponse","code","tokenDict","expiresIn","expires_in","tokenType","token_type","access_token","id_token","Number","idTokenObj","tokens","getDefaultOAuthParams","convertOAuthParamsToQueryParams","oauthQueryParams","codeChallenge","codeChallengeMethod","idp","idpScope","loginHint","maxAge","prompt","mayBeArray","scope","buildAuthorizeParams","prepareOauthParams","getOrigin","sessionTokenOverrides","idpOverrides","requestUrl","endpoint","iframePromise","iframeEl","oauthPromise","windowOptions","windowOrigin","redirectUriOrigin","closePoller","setInterval","clearInterval","errorMessage","DEFAULT_CODE_CHALLENGE_METHOD","generateVerifier","saveMeta","computeChallenge","clonedParams","REDIRECT_OAUTH_PARAMS_COOKIE_NAME","REDIRECT_NONCE_COOKIE_NAME","REDIRECT_STATE_COOKIE_NAME","removeHash","nativeHistory","nativeDoc","nativeLoc","replaceState","pathname","search","removeSearch","paramStr","defaultResponseMode","oauthParamsCookie","_getUserInfo","accessTokenObject","idTokenObject","userInfo","sub","authenticateHeader","getResponseHeader","errorMatches","errorDescriptionMatches","errorDescription","encode","digest","intBuffer","firstHalf","algo","usages","use","importKey","cryptoKey","b64Signature","summary","dec2hex","dec","substr","getRandomString","a","ceil","getRandomValues","from","prefix","verifier","MIN_VERIFIER_LENGTH","MAX_VERIFIER_LENGTH","validateOptions","oauthOptions","getPostData","getExpireTime","tokenMgmtRef","expireEarlySeconds","hasExpired","clock","emitExpired","emitError","clearExpireEventTimeout","expireTimeouts","renewPromise","clearExpireEventTimeoutAll","setExpireEventTimeout","expireTime","expireEventWait","max","expireEventTimeout","setExpireEventTimeoutAll","tokenStorage","add","getAsync","autoRenew","existingPromise","freshToken","oldToken","tokenKey","DEFAULT_OPTIONS","storageProvider","storageKey","TOKEN_STORAGE_NAME","SdkClock","localOffset","parseInt"],"mappings":";;;;;;;;;;;;CAAA,SAA2CA,EAAMC,GAC1B,gBAAZC,UAA0C,gBAAXC,QACxCA,OAAOD,QAAUD,IACQ,kBAAXG,SAAyBA,OAAOC,IAC9CD,UAAWH,GACe,gBAAZC,SACdA,QAAkB,SAAID,IAEtBD,EAAe,SAAIC,KACF,mBAATK,MAAuBA,KAAOC,KAAM,WAC9C,M,aCNE,QAASC,GAAoBC,GAG5B,GAAGC,EAAiBD,GACnB,MAAOC,GAAiBD,GAAUP,OAGnC,IAAIC,GAASO,EAAiBD,IAC7BE,EAAGF,EACHG,GAAG,EACHV,WAUD,OANAW,GAAQJ,GAAUK,KAAKX,EAAOD,QAASC,EAAQA,EAAOD,QAASM,GAG/DL,EAAOS,GAAI,EAGJT,EAAOD,QAvBf,GAAIQ,KA4DJ,OAhCAF,GAAoBO,EAAIF,EAGxBL,EAAoBQ,EAAIN,EAGxBF,EAAoBS,EAAI,SAASf,EAASgB,EAAMC,GAC3CX,EAAoBY,EAAElB,EAASgB,IAClCG,OAAOC,eAAepB,EAASgB,GAC9BK,cAAc,EACdC,YAAY,EACZC,IAAKN,KAMRX,EAAoBkB,EAAI,SAASvB,GAChC,GAAIgB,GAAShB,GAAUA,EAAOwB,WAC7B,WAAwB,MAAOxB,GAAgB,SAC/C,WAA8B,MAAOA,GAEtC,OADAK,GAAoBS,EAAEE,EAAQ,IAAKA,GAC5BA,GAIRX,EAAoBY,EAAI,SAASQ,EAAQC,GAAY,MAAOR,QAAOS,UAAUC,eAAejB,KAAKc,EAAQC,IAGzGrB,EAAoBwB,EAAI,GAGjBxB,EAAoBA,EAAoByB,EAAI,MCgB/C,SAAU9B,EAAQD,GChExB,GAAIgC,GAAO/B,EAAOD,OAGlBgC,GAAKC,kBAAoB,SAASC,GAChC,GAAIC,GAAMC,KAAKF,EACf,OAAOF,GAAKK,kBAAkBF,IAIhCH,EAAKK,kBAAoB,SAASF,GAChC,MAAOA,GAAIG,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAAKA,QAAQ,MAAO,KAIpEN,EAAKO,kBAAoB,SAASC,GAChC,MAAOA,GAAKF,QAAQ,KAAM,KAAKA,QAAQ,KAAM,MAG/CN,EAAKS,kBAAoB,SAASD,GAChC,GAAIL,GAAMH,EAAKO,kBAAkBC,EACjC,QAAQL,EAAIO,OAAS,GACnB,IAAK,GACH,KACF,KAAK,GACHP,GAAO,IACP,MACF,KAAK,GACHA,GAAO,GACP,MACF,SACE,KAAM,wBAEV,GAAIQ,GAAOC,KAAKT,EAChB,KACE,MAAOU,oBAAmBC,OAAOH,IACjC,MAAOI,GACP,MAAOJ,KAIXX,EAAKgB,eAAiB,SAASd,GAE7B,IAAK,GADDe,GAAS,GAAIC,YAAWhB,EAAIQ,QACvBjC,EAAI,EAAGA,EAAIyB,EAAIQ,OAAQjC,IAC9BwC,EAAOxC,GAAKyB,EAAIiB,WAAW1C,EAE7B,OAAOwC,IAGTjB,EAAKoB,gBAAkB,SAASlB,GAC9B,MAAOU,MAAKZ,EAAKO,kBAAkBL,KAGrCF,EAAKqB,KAAO,SAASC,EAAIC,GACvB,GAAIC,GAAiBC,MAAM7B,UAAU8B,MAAM9C,KAAK+C,UAAW,EAC3D,OAAO,YACL,GAAIC,GAAOH,MAAM7B,UAAU8B,MAAM9C,KAAK+C,UAEtC,OADAC,GAAOJ,EAAeK,OAAOD,GACtBN,EAAGQ,MAAMP,EAAKK,KAIzB5B,EAAK+B,cAAgB,SAASC,GAC5B,MAAO,qBAAqBC,KAAKD,IAGnChC,EAAKkC,SAAW,SAASC,GACvB,MAA+C,oBAAxChD,OAAOS,UAAUwC,SAASxD,KAAKuD,IAGxCnC,EAAKqC,SAAW,SAASF,GACvB,MAA+C,oBAAxChD,OAAOS,UAAUwC,SAASxD,KAAKuD,IAGxCnC,EAAKsC,SAAW,SAASH,GACvB,MAA+C,oBAAxChD,OAAOS,UAAUwC,SAASxD,KAAKuD,IAGxCnC,EAAKuC,eAAiB,SAASrC,GAC7B,GAAIsC,GAAQtC,EAAIuC,MAAM,QAClBC,EAAUC,KAAKC,IAAIJ,EAAM,GAAIA,EAAM,GAAK,EAAGA,EAAM,GAAIA,EAAM,GAAIA,EAAM,GAAIA,EAAM,GAGnF,OAFc,IAAIG,MAAKD,GAERG,eAGjB7C,EAAK8C,cAAgB,SAASX,GAC5B,GAAIjC,KACJ,IAAY,OAARiC,EACF,IAAK,GAAIY,KAAOZ,GACVA,EAAItC,eAAekD,QACNC,KAAbb,EAAIY,IACS,OAAbZ,EAAIY,IACN7C,EAAI+C,KAAKF,EAAM,IAAMG,mBAAmBf,EAAIY,IAIlD,OAAI7C,GAAIQ,OACC,IAAMR,EAAIiD,KAAK,KAEf,IAIXnD,EAAKoD,gBAAkB,SAAS1C,GAG9B,IAAK,GAFD2C,GAAgB,gEAChBC,EAAS,GACJxE,EAAI,EAAGyE,EAAKF,EAAc3C,OAAQ5B,EAAI4B,IAAU5B,EACvDwE,GAAUD,EAAcG,KAAKC,MAAMD,KAAKF,SAAWC,GAErD,OAAOD,IAGTtD,EAAK0D,OAAS,WAEZ,GAAIC,GAAOhC,UAAU,EAWrB,UATkBD,MAAM9C,KAAK+C,UAAW,GAC/BiC,QAAQ,SAASzB,GACxB,IAAK,GAAI0B,KAAQ1B,GAEXA,EAAItC,eAAegE,QAAuBb,KAAdb,EAAI0B,KAClCF,EAAKE,GAAQ1B,EAAI0B,MAIhBF,GAGT3D,EAAK8D,WAAa,SAAS3B,GACzB,GAAI4B,KACJ,KAAK,GAAIF,KAAQ1B,GACf,GAAIA,EAAItC,eAAegE,GAAO,CAC5B,GAAIG,GAAQ7B,EAAI0B,EACF,QAAVG,OAA4BhB,KAAVgB,IACpBD,EAAQF,GAAQG,GAItB,MAAOD,IAGT/D,EAAKiE,MAAQ,SAAS9B,GACpB,GAAIA,EAAK,CACP,GAAIjC,GAAMgE,KAAKC,UAAUhC,EACzB,IAAIjC,EACF,MAAOgE,MAAKE,MAAMlE,GAGtB,MAAOiC,IAITnC,EAAKqE,KAAO,SAASlC,GACnB,GAAImC,GAAQ7C,MAAM7B,UAAU8B,MAAM9C,KAAK+C,UAAW,GAC9C4C,IACJ,KAAK,GAAIzE,KAAKqC,GACRA,EAAItC,eAAeC,KAA2B,GAArBwE,EAAME,QAAQ1E,KACzCyE,EAAOzE,GAAKqC,EAAIrC,GAGpB,OAAOE,GAAKiE,MAAMM,IAGpBvE,EAAKyE,KAAO,SAASC,EAAYC,GAE/B,IADA,GAAI7F,GAAI4F,EAAWhE,OACZ5B,KAAK,CACV,GAAI8F,GAAOF,EAAW5F,GAClB+F,GAAQ,CACZ,KAAK,GAAIhB,KAAQc,GACf,GAAKA,EAAa9E,eAAegE,IAG7Be,EAAKf,KAAUc,EAAad,GAAO,CACrCgB,GAAQ,CACR,OAGJ,GAAIA,EACF,MAAOD,KAKb5E,EAAK8E,QAAU,SAAS3C,EAAK4C,EAAUC,GACrC,GAAK7C,GAAQA,EAAI8C,OAAjB,CAIA,GAAIC,GAAOlF,EAAKiE,MAAM9B,EAAI8C,OAAOF,GAGjC,OAAIG,IAAQA,EAAKlG,MAAQgG,EACnBE,EAAKlG,OAASgG,EACTE,MADT,GAIOA,IAIXlF,EAAKmF,iBAAmB,WACtB,MAAsB,mBAAXC,QACFA,OAAOC,QACc,mBAAZA,SACTA,YAEP,IAIJrF,EAAKsF,WAAa,WAChB,GAAIC,GAAgBvF,EAAKmF,kBACzB,OAAII,IAAiBA,EAAcC,IAC1BD,GAGPC,IAAK,eAITxF,EAAKyF,KAAO,SAASC,GAEnB1F,EAAKsF,aAAaE,IAAI,yBAA2BE,IAInD1F,EAAK2F,UAAY,SAASD,GAExB1F,EAAKsF,aAAaE,IAAI,gCAAkCE,IAI1D1F,EAAK4F,cAAgB,SAASF,EAAMpE,GAClC,MAAO,YAEL,MADAtB,GAAK2F,UAAUD,GACRpE,EAAGQ,MAAM,KAAMH,aAI1B3B,EAAK6F,oBAAsB,SAASC,GAClC,GAAKA,EAAL,CAIA,GAAIC,GAAUD,EAAKxF,QAAQ,cAAc,GAIzC,OAFAyF,GAAUA,EAAQzF,QAAQ,OAAQ,MAKpCN,EAAKgG,aAAe,WAClB,QAASC,SAASC,cAAgBD,SAASC,cAAgB,IAG7DlG,EAAKmG,WAAa,SAAS7E,GACzB,QAASA,GAA+B,yBAAtBc,SAASxD,KAAK0C,IAGlCtB,EAAKoG,MAAQ,SAASC,GACpB,MAAO,IAAIC,SAAQ,SAASC,GAC1BC,WAAWD,EAASF,ODyGlB,SAAUpI,EAAQD,GE/WxB,QAASyI,GAAaC,EAAKC,GACzBtI,KAAKW,KAAO,eACZX,KAAKuI,QAAUF,EAEfrI,KAAKwI,UAAY,WACjBxI,KAAKyI,aAAeJ,EACpBrI,KAAK0I,UAAY,WACjB1I,KAAK2I,QAAU,WACf3I,KAAK4I,eACDN,IACFtI,KAAKsI,IAAMA,GAGfF,EAAa7G,UAAY,GAAIsH,OAE7BjJ,EAAOD,QAAUyI,GFgYX,SAAUxI,EAAQD,GG3ZxBC,EAAOD,SACL,qBAAwB,iBACxB,sBAAyB,IACzB,uBAA0B,IAC1B,uBAA0B,MAC1B,kCAAqC,6BACrC,2BAA8B,mBAC9B,2BAA8B,mBAC9B,mBAAsB,qBACtB,mBAAsB,qBACtB,kBAAqB,sBHkajB,SAAUC,EAAQD,EAASM,GI1ZjC,QAAS6I,GAAYC,EAAKC,GACxBA,EAAUA,KACV,IAAIrF,GAAMqF,EAAQrF,IACdsF,EAASD,EAAQC,OACjB1F,EAAOyF,EAAQzF,KACf2F,EAAiBF,EAAQE,eACzBC,EAAcH,EAAQG,YACtBC,GAA8C,IAA5BJ,EAAQI,gBAC1BC,EAAcN,EAAIC,QAAQK,YAC1BC,EAAUD,EAAYC,QACtBC,EAAYF,EAAYG,aAAaT,EAAIC,QAAQS,QAErD,IAAIT,EAAQU,cAAe,CACzB,GAAIC,GAAgBJ,EAAUK,aAC1BC,EAAiBF,EAAchG,EACnC,IAAIkG,GAAkBvF,KAAKwF,MAAM,IAAOD,EAAeE,UACrD,MAAO9B,SAAQC,QAAQ2B,EAAeG,UAI1C,GAAIC,IACF,OAAU,mBACV,eAAgB,mBAChB,6BAA8BlB,EAAImB,UAEpCvI,GAAK0D,OAAO4E,EAASlB,EAAIC,QAAQiB,QAASjB,EAAQiB,SAE9Cd,GAAexH,EAAKkC,SAASsF,KAC/Bc,EAAO,cAAoB,UAAYd,EAGzC,IAMIgB,GAAKC,EANLC,GACFJ,QAASA,EACTK,KAAM/G,OAAQoB,GACdyE,gBAAiBA,EAInB,OAAOL,GAAIC,QAAQuB,kBAAkBtB,EAAQtF,EAAK0G,GAC/CG,KAAK,SAASC,GAuBb,MAtBAL,GAAMK,EAAKC,aACPN,GAAOzI,EAAKkC,SAASuG,KACvBA,EAAMvE,KAAKE,MAAMqE,IAGflB,IACGkB,EAAIO,YACPrB,EAAQsB,OAAOC,EAAUC,uBAIzBV,GAAOA,EAAIO,YAAcP,EAAIL,WAC/BT,EAAQyB,IAAIF,EAAUC,qBAAsBV,EAAIO,WAAYP,EAAIL,UAAWhB,EAAIC,QAAQS,SAGrFW,GAAOpB,EAAQU,eACjBH,EAAUyB,cAAcrH,GACtBoG,UAAW5E,KAAKC,MAAMd,KAAKwF,MAAM,KAAQe,EAAUI,uBACnDjB,SAAUI,IAIPA,IAERc,MAAM,SAAST,GACd,GAAIU,GAAYV,EAAKC,gBACrB,IAAI/I,EAAKkC,SAASsH,GAChB,IACEA,EAAYtF,KAAKE,MAAMoF,GACvB,MAAOzI,GACPyI,GACE1C,aAAc,iBAmBpB,KAdIgC,GAAKW,QAAU,MACjBD,EAAU1C,aAAe,iBAGvBM,EAAIC,QAAQqC,oBACdZ,EAAO1B,EAAIC,QAAQqC,kBAAkB1J,EAAKiE,MAAM6E,KAGlDN,EAAM,GAAImB,GAAaH,EAAWV,GAEZ,aAAlBN,EAAI3B,WACNc,EAAQsB,OAAOC,EAAUC,sBAGrBX,IAIZ,QAASjJ,GAAI6H,EAAKpF,EAAKqF,GACrBrF,EAAMhC,EAAK+B,cAAcC,GAAOA,EAAMoF,EAAIwC,kBAAoB5H,CAC9D,IAAI6H,IACF7H,IAAKA,EACLsF,OAAQ,MAGV,OADAtH,GAAK0D,OAAOmG,EAAYxC,GACjBF,EAAYC,EAAKyC,GAG1B,QAASC,GAAK1C,EAAKpF,EAAKJ,EAAMyF,GAC5BrF,EAAMhC,EAAK+B,cAAcC,GAAOA,EAAMoF,EAAIwC,kBAAoB5H,CAC9D,IAAI+H,IACF/H,IAAKA,EACLsF,OAAQ,OACR1F,KAAMA,EACN2F,gBAAgB,EAGlB,OADAvH,GAAK0D,OAAOqG,EAAa1C,GAClBF,EAAYC,EAAK2C,GArH1B,GAAI/J,GAAOgK,EAAQ,GACfL,EAAeK,EAAQ,IACvBd,EAAYc,EAAQ,EAsHxB/L,GAAOD,SACLuB,IAAKA,EACLuK,KAAMA,EACN3C,YAAaA,IJsbT,SAAUlJ,EAAQD,EAASM,GKljBjC,GAAI2L,GAAUD,EAAQ,IAClBE,EAAiBF,EAAQ,GACzBd,EAAYc,EAAQ,GACpBvD,EAAeuD,EAAQ,GAGvBtC,IAIJA,GAAYyC,uBAAyB,WACnC,IACE,GAAIxC,GAAUD,EAAY0C,iBAC1B,OAAO1C,GAAY2C,YAAY1C,GAC/B,MAAO5G,GACP,OAAO,IAIX2G,EAAY4C,yBAA2B,WACrC,IACE,GAAI3C,GAAUD,EAAY6C,mBAC1B,OAAO7C,GAAY2C,YAAY1C,GAC/B,MAAO5G,GACP,OAAO,IAIX2G,EAAY8C,eAAiB,SAASnD,GACpC,MAAIK,GAAYyC,yBACPD,EAAexC,EAAY0C,kBAAmBlB,EAAUuB,mBACtD/C,EAAY4C,2BACdJ,EAAexC,EAAY6C,oBAAqBrB,EAAUuB,mBAE1DP,EAAexC,EAAYgD,iBAAiBrD,GAAU6B,EAAUuB,oBAI3E/C,EAAYG,aAAe,SAASR,GAClC,MAAIK,GAAYyC,yBACPD,EAAexC,EAAY0C,kBAAmBlB,EAAUyB,oBACtDjD,EAAY4C,2BACdJ,EAAexC,EAAY6C,oBAAqBrB,EAAUyB,oBAE1DT,EAAexC,EAAYgD,iBAAiBrD,GAAU6B,EAAUyB,qBAI3EjD,EAAY0C,gBAAkB,WAC5B,MAAOQ,eAGTlD,EAAY6C,kBAAoB,WAC9B,MAAOM,iBAITnD,EAAYgD,iBAAmB,SAASrD,GACtC,GAAMyD,GAASzD,EAAQyD,OACjBC,EAAW1D,EAAQ0D,QACzB,QAAsB,KAAXD,OAA8C,KAAbC,EAC1C,KAAM,IAAItE,GAAa,qEAEzB,QACEuE,QAAStD,EAAYC,QAAQpI,IAC7B0L,QAAS,SAASlI,EAAKiB,GAErB0D,EAAYC,QAAQyB,IAAIrG,EAAKiB,EAAO,4BAClC8G,OAAQA,EACRC,SAAUA,OAOlBrD,EAAYwD,mBAAqB,WAC/B,GAAIC,KACJ,QACEH,QAAS,SAASjI,GAChB,MAAOoI,GAAMpI,IAEfkI,QAAS,SAASlI,EAAKiB,GACrBmH,EAAMpI,GAAOiB,KAKnB0D,EAAY2C,YAAc,SAAS1C,GACjC,GAAI5E,GAAM,mBACV,KAGE,MAFA4E,GAAQsD,QAAQlI,EAAKA,GACrB4E,EAAQyD,WAAWrI,IACZ,EACP,MAAOhC,GACP,OAAO,IAIX2G,EAAYC,SACVyB,IAAK,SAASpK,EAAMgF,EAAOoE,EAAWf,GACpC,GAAMyD,GAASzD,EAAQyD,OACjBC,EAAW1D,EAAQ0D,QACzB,QAAsB,KAAXD,OAA8C,KAAbC,EAC1C,KAAM,IAAItE,GAAa,gEAEzB,IAAI4E,IACFvF,KAAMuB,EAAQvB,MAAQ,IACtBgF,SACAC,WAaF,OATOpI,MAAKyB,MAAMgE,KAKhBiD,EAAcC,QAAU,GAAI3I,MAAKyF,IAGnC6B,EAAQb,IAAIpK,EAAMgF,EAAOqH,GAClB3D,EAAYC,QAAQpI,IAAIP,IAGjCO,IAAK,SAASP,GACZ,MAAOiL,GAAQ1K,IAAIP,IAGrBiK,OAAQ,SAASjK,GACf,MAAOiL,GAAQsB,OAAOvM,GAAQ8G,KAAM,QAIxC7H,EAAOD,QAAU0J,GL2kBX,SAAUzJ,EAAQD,GM9tBxB,QAASwN,GAAQrJ,GAWf,MAVsB,kBAAXsJ,SAAoD,gBAApBA,QAAOC,SAChDzN,EAAOD,QAAUwN,EAAU,SAAiBrJ,GAC1C,aAAcA,IAGhBlE,EAAOD,QAAUwN,EAAU,SAAiBrJ,GAC1C,MAAOA,IAAyB,kBAAXsJ,SAAyBtJ,EAAIwJ,cAAgBF,QAAUtJ,IAAQsJ,OAAO7L,UAAY,eAAkBuC,IAItHqJ,EAAQrJ,GAGjBlE,EAAOD,QAAUwN,GNouBX,SAAUvN,EAAQD,EAASM,GOluBjC,QAAS4L,GAAe0B,EAAYC,GAKlC,QAAS5D,KACP,GAAI6D,GAAgBF,EAAWZ,QAAQa,EACvCC,GAAgBA,GAAiB,IACjC,KACE,MAAO5H,MAAKE,MAAM0H,GAClB,MAAM/K,GACN,KAAM,IAAI0F,GAAa,mCAAqCoF,IAIhE,QAASE,GAAWpE,GAClB,IACE,GAAImE,GAAgB5H,KAAKC,UAAUwD,EACnCiE,GAAWX,QAAQY,EAAaC,GAChC,MAAM/K,GACN,KAAM,IAAI0F,GAAa,0BAA4BoF,IAIvD,QAASG,GAAajJ,GACpB,IAAKA,EACH,MAAOgJ,MAET,IAAIpE,GAAUM,UACPN,GAAQ5E,GACfgJ,EAAWpE,GAGb,QAAS0B,GAActG,EAAKiB,GAC1B,GAAI2D,GAAUM,GACdN,GAAQ5E,GAAOiB,EACf+H,EAAWpE,GAnCb,GAA2B,gBAAhBkE,KAA6BA,EAAYnL,OAClD,KAAM,IAAI+F,GAAa,4BAqCzB,QACEwB,WAAYA,EACZ8D,WAAYA,EACZC,aAAcA,EACd3C,cAAeA,GA9CnB,GAAI5C,GAAeuD,EAAQ,EAkD3B/L,GAAOD,QAAUkM,GPyvBX,SAAUjM,EAAQD,EAASM,GQxzBjCL,EAAOD,QAAU,EAAQ,KR+zBnB,SAAUC,EAAQD,GS/zBxB,QAASiO,GAAmBC,EAAK3F,EAAS4F,EAAQC,EAAOC,EAAQtJ,EAAKuJ,GACpE,IACE,GAAIC,GAAOL,EAAInJ,GAAKuJ,GAChBtI,EAAQuI,EAAKvI,MACjB,MAAOwI,GAEP,WADAL,GAAOK,GAILD,EAAKE,KACPlG,EAAQvC,GAERsC,QAAQC,QAAQvC,GAAO6E,KAAKuD,EAAOC,GAIvC,QAASK,GAAkBpL,GACzB,MAAO,YACL,GAAIlD,GAAOC,KACPuD,EAAOD,SACX,OAAO,IAAI2E,SAAQ,SAAUC,EAAS4F,GAGpC,QAASC,GAAMpI,GACbiI,EAAmBC,EAAK3F,EAAS4F,EAAQC,EAAOC,EAAQ,OAAQrI,GAGlE,QAASqI,GAAO7D,GACdyD,EAAmBC,EAAK3F,EAAS4F,EAAQC,EAAOC,EAAQ,QAAS7D,GAPnE,GAAI0D,GAAM5K,EAAGQ,MAAM1D,EAAMwD,EAUzBwK,OAAMpJ,OAKZ/E,EAAOD,QAAU0O,GTq0BX,SAAUzO,EAAQD,EAASM,GUr1BjC,QAASqO,GAAclE,EAAKpB,GAC1B,GAAIuF,KAQJ,OAPA5M,GAAK0D,OAAOkJ,EAAWvF,IAGlBuF,EAAU5D,YAAcP,EAAIO,aAC/B4D,EAAU5D,WAAaP,EAAIO,YAGtB4D,EAGT,QAASC,GAAcpE,GACrB,MAAOkE,GAAclE,GAGvB,QAASqE,GAAkB1F,EAAKxF,GAE9B,MADAA,GAAO+K,EAAcvF,EAAKxF,GACnBmL,EAAKjD,KAAK1C,EAAKA,EAAIwC,kBAAoB,gBAAiBhI,GAGjE,QAASoL,GAAkB5F,EAAKxF,GAC9B,IAAKA,IAASA,EAAKoH,WAAY,CAC7B,GAAIA,GAAa5B,EAAI6F,GAAGC,OAAOC,KAAKjE,EAAUC,qBAC9C,KAAIH,EAKF,MAAO1C,SAAQ6F,OAAO,GAAI1F,GAAa,4BAJvC7E,IACEoH,WAAYA,GAMlB,MAAO5B,GAAI6F,GAAGxD,OAAO7H,GAClBiH,KAAK,SAASJ,GACb,MAAO,IAAI2E,GAAgBhG,EAAKqB,KAItC,QAAS4E,GAAYjG,EAAKxF,GACxB,IAAKA,IAASA,EAAKoH,WAAY,CAC7B,GAAIA,GAAa5B,EAAI6F,GAAGC,OAAOC,KAAKjE,EAAUC,qBAC9C,KAAIH,EAKF,MAAO1C,SAAQ6F,OAAO,GAAI1F,GAAa,8BAJvC7E,IACEoH,WAAYA,GAMlB,MAAOsE,GAAgBlG,EAAKxF,GACzBiH,KAAK,SAAUJ,GACd,MAAO,IAAI2E,GAAgBhG,EAAKqB,KAItC,QAAS6E,GAAgBlG,EAAKxF,GAG5B,MAFAA,GAAO+K,EAAcvF,EAAKxF,GAEnBmL,EAAKjD,KAAK1C,EAAKA,EAAIwC,kBAAoB,2BAA4BhI,GAG5E,QAAS2L,GAAkBnG,GAEzB,QAASA,EAAI6F,GAAGC,OAAOC,KAAKjE,EAAUC,sBAGxC,QAASqE,GAAkBpG,EAAKpF,EAAKJ,EAAMyF,GACzC,MAAO0F,GAAKjD,KAAK1C,EAAKpF,EAAKJ,EAAMyF,GAC9BwB,KAAK,SAASJ,GACb,MAAO,IAAI2E,GAAgBhG,EAAKqB,KAItC,QAASgF,GAAUrG,EAAKqB,EAAKiF,GAC3B,MAAO,UAAUrG,GAqBf,QAASsG,KACP,GAAIC,KACJ,IAAwB,kBAAbC,GACT,IACED,EAAKC,WAAaA,IAEpB,MAAO9M,GACL,MAAOuF,SAAQ6F,OAAO,GAAI1F,GAAa,4CAGrBzD,KAAb6K,GAAuC,OAAbA,IACjCD,EAAKC,WAAaA,EAEpB,IAA8B,kBAAnBC,GACT,IACEF,EAAKE,iBAAmBA,IAE1B,MAAO/M,GACL,MAAOuF,SAAQ6F,OAAO,GAAI1F,GAAa,kDAGfzD,KAAnB8K,GAAmD,OAAnBA,IACvCF,EAAKE,iBAAmBA,EAG1B,IAAIC,GAAOC,EAASD,KAAO/N,EAAK8C,cAAc8K,EAC9C,OAAOb,GAAKjD,KAAK1C,EAAK2G,EAAMlB,EAAcpE,IACxClB,gBAAgB,IA/CpB,GAAInB,GACA0H,EACAD,EACAI,CAEAjO,GAAKsC,SAAS+E,GAChBjB,EAAQiB,EACCrH,EAAKqC,SAASgF,KACvBjB,EAAQiB,EAAQjB,MAChB0H,EAAiBzG,EAAQyG,eACzBD,EAAWxG,EAAQwG,SACnBI,EAAsB5G,EAAQ4G,qBAG3B7H,GAAmB,IAAVA,IACZA,EAAQ8C,EAAUgF,sBAIpB,IAAIF,GAAWhO,EAAK8E,QAAQ2D,EAAK,OAAQ,OAgCzCiF,GAAIS,WAAY,CAEhB,IAAIC,GAAa,CA8CjB,OA7CoB,SAAhBC,KAEF,MAAKX,GAAIS,UAGFR,IACJ9E,KAAK,SAAUyF,GAKd,GAHAF,EAAa,EAGTE,EAAQC,cAAyC,YAAzBD,EAAQC,aAA4B,CAG9D,IAAKb,EAAIS,UACP,KAAM,IAAIK,EAQZ,OALmC,kBAAxBP,IACTA,EAAoBK,GAIftO,EAAKoG,MAAMA,GAAOyC,KAAKwF,GAM9B,MADAX,GAAIS,WAAY,EACT,GAAIf,GAAgBhG,EAAKkH,KAGnC/E,MAAM,SAASf,GAEd,GAAIA,EAAI7B,MACgB,IAAnB6B,EAAI7B,IAAI8C,QAAmC,MAAnBjB,EAAI7B,IAAI8C,SACjC2E,GAAc,EAAG,CACnB,GAAIK,GAAwC,IAA1BjL,KAAKkL,IAAI,EAAGN,EAE9B,OADAA,KACOpO,EAAKoG,MAAMqI,GACf5F,KAAKwF,GAEV,KAAM7F,KAvCDlC,QAAQ6F,OAAO,GAAIqC,OA2C3BjF,MAAM,SAASf,GAEd,KADAkF,GAAIS,WAAY,EACV3F,KAKd,QAASmG,GAAQvH,EAAKqB,EAAKtG,EAAK+C,EAAMwI,GACpC,GAAIjM,MAAMmN,QAAQ1J,GAChB,MAAO,UAASlG,EAAM4O,GACpB,IAAK5O,EACH,KAAM,IAAIyH,GAAa,2BAGzB,IAAIoI,GAAK7O,EAAKyE,KAAKS,GAAOlG,KAAMA,GAChC,KAAK6P,EACH,KAAM,IAAIpI,GAAa,8BAGzB,OAAOkI,GAAQvH,EAAKqB,EAAKtG,EAAK0M,EAAInB,GAAKE,GAGpC,IAAI1I,EAAK4J,OACZ5J,EAAK4J,MAAMC,OACiB,IAA5B7J,EAAK4J,MAAMC,MAAMrO,OAAc,CAEjC,OADawE,EAAK4J,MAAMC,MAAM,IAG5B,IAAK,MACH,MAAO,YACL,MAAOhC,GAAKxN,IAAI6H,EAAKlC,EAAK6I,MAG9B,KAAK,OACH,MAAO,UAASH,GACVF,GAAOA,EAAIS,YACbT,EAAIS,WAAY,EAGlB,IAAIxF,GAAOgE,EAAclE,EAAKmF,EAEX,gBAAfnF,EAAIgB,QAA0C,kBAAfhB,EAAIgB,QAErCzJ,EAAK0D,OAAOiF,GACVqG,WAAY7M,EAAI6M,WAChBC,SAAU9M,EAAI8M,UAIlB,IAAIC,MACArB,EAAWlF,EAAKkF,QACpB,QAAiB7K,KAAb6K,EAAwB,CAC1B,GAAwB,kBAAbA,GACT,IACEqB,EAAOrB,WAAaA,IAEtB,MAAO9M,GACL,MAAOuF,SAAQ6F,OAAO,GAAI1F,GAAa,uCAGrB,QAAboH,IACPqB,EAAOrB,WAAaA,EAEtBlF,GAAO3I,EAAKqE,KAAKsE,EAAM,YAGzB,GAAImF,GAAiBnF,EAAKmF,cAC1B,QAAuB9K,KAAnB8K,EAA8B,CAChC,GAA8B,kBAAnBA,GACT,IACEoB,EAAOpB,iBAAmBA,IAE5B,MAAO/M,GACL,MAAOuF,SAAQ6F,OAAO,GAAI1F,GAAa,6CAGf,QAAnBqH,IACPoB,EAAOpB,iBAAmBA,EAE5BnF,GAAO3I,EAAKqE,KAAKsE,EAAM,sBAEdA,GAAKwG,aACuBnM,KAA7B2F,EAAKwG,QAAQC,cACjBzG,EAAKwG,QAAQC,cACfF,EAAOE,aAAc,GAEvBzG,EAAKwG,QAAUnP,EAAKqE,KAAKsE,EAAKwG,QAAS,eAEzC,IAAIpB,GAAO7I,EAAK6I,KAAO/N,EAAK8C,cAAcoM,EAC1C,OAAO1B,GAAkBpG,EAAK2G,EAAMpF,MAM9C,QAAS0G,GAAUjI,EAAKqB,EAAKtG,EAAKuL,GAChC,GAAI4B,KACJ,KAAK,GAAIvK,KAAY5C,GAAI8C,OACvB,GAAK9C,EAAI8C,OAAOpF,eAAekF,GAA/B,CAIA,GAAIG,GAAO/C,EAAI8C,OAAOF,EAMtB,IAJiB,SAAbA,IACFA,EAAWG,EAAKlG,MAGdkG,EAAKqK,KACPD,EAAIvK,GAAYG,MAIlB,QAAQH,GAGN,IAAK,OACHuK,EAAIE,KAAO/B,EAAUrG,EAAKqB,EAAKiF,EAC/B,MAEF,SACE,GAAIpM,GAAKqN,EAAQvH,EAAKqB,EAAKtG,EAAK+C,EAAMwI,EAClCpM,KACFgO,EAAIvK,GAAYzD,IAIxB,MAAOgO,GAGT,QAASG,GAAgBrI,EAAKqB,EAAKtG,EAAKuL,GAItC,GAHAvL,EAAMA,GAAOsG,EACbtG,EAAMnC,EAAKiE,MAAM9B,GAEbV,MAAMmN,QAAQzM,GAAM,CAEtB,IAAK,GADDuN,MACKxQ,EAAI,EAAGyQ,EAAKxN,EAAIzB,OAAQxB,EAAIyQ,EAAIzQ,IACvCwQ,EAAOzM,KAAKwM,EAAgBrI,EAAKqB,EAAKtG,EAAIjD,GAAIwO,GAEhD,OAAOgC,GAGT,GAAIE,GAAWzN,EAAI0N,aAEnB,KAAK,GAAI9M,KAAO6M,GACTA,EAAS/P,eAAekD,KAKzB/C,EAAKqC,SAASuN,EAAS7M,KAAStB,MAAMmN,QAAQgB,EAAS7M,OACzD6M,EAAS7M,GAAO0M,EAAgBrI,EAAKqB,EAAKmH,EAAS7M,GAAM2K,GAK7D,IAAI4B,GAAMD,EAAUjI,EAAKqB,EAAKtG,EAAKuL,EAKnC,OAJA1N,GAAK0D,OAAOkM,EAAUN,GAEtBnN,EAAMnC,EAAKqE,KAAKlC,EAAK,YAAa,UAClCnC,EAAK0D,OAAOvB,EAAKyN,GACVzN,EAGT,QAASiL,GAAgBhG,EAAKqB,GACxBA,IACFpK,KAAKsK,KAAOF,EACZzI,EAAK0D,OAAOrF,KAAMoR,EAAgBrI,EAAKqB,EAAKA,aACrCpK,MAAK2K,WAMO,uBAAfP,EAAIgB,QAAoChB,EAAIxD,SAC9C5G,KAAKyR,OAAS,WACZ,MAAOxJ,SAAQC,QAAQ,GAAI6G,GAAgBhG,OArWnD,GAAI2F,GAAoB/C,EAAQ,GAC5BhK,EAAoBgK,EAAQ,GAC5BvD,EAAoBuD,EAAQ,GAC5BwE,EAAoBxE,EAAQ,IAC5Bd,EAAoBc,EAAQ,EAuWhC/L,GAAOD,SACL8O,kBAAmBA,EACnBE,kBAAmBA,EACnBO,kBAAmBA,EACnBC,kBAAmBA,EACnBH,WAAYA,IVi3BR,SAAUpP,EAAQD,EAASM,GW5tCjC,QAASyR,KACP,MAAO/P,GAAKoD,gBAAgB,IAG9B,QAAS4M,KACP,MAAOhQ,GAAKoD,gBAAgB,IAG9B,QAAS6M,GAAQ9N,GACf,SAAIA,IACCA,EAAIqF,cAAerF,EAAI+N,UACxBzO,MAAMmN,QAAQzM,EAAIgO,SAMxB,QAASC,GAAYC,EAAarR,EAAMsC,GAClC+O,EAAYC,iBACdD,EAAYC,iBAAiBtR,EAAMsC,GAEnC+O,EAAYE,YAAY,KAAOvR,EAAMsC,GAIzC,QAASkP,GAAeH,EAAarR,EAAMsC,GACrC+O,EAAYI,oBACdJ,EAAYI,oBAAoBzR,EAAMsC,GAEtC+O,EAAYK,YAAY,KAAO1R,EAAMsC,GAIzC,QAASqP,GAAUC,GACjB,GAAIC,GAAS5K,SAAS6K,cAAc,SAIpC,OAHAD,GAAOE,MAAMC,QAAU,OACvBH,EAAOD,IAAMA,EAEN3K,SAASgL,KAAKC,YAAYL,GAGnC,QAASM,GAAUP,EAAKvJ,GACtB,GAAI+J,GAAQ/J,EAAQgK,YAAc,iDAC9BC,EAAa,qFAGjB,IAAItR,EAAKgG,eAAgB,CAIvB,GAAIuL,GAAQnM,OAAOoM,KAAK,IAAKJ,EAAOE,EAEpC,OADAC,GAAME,SAAS1D,KAAO6C,EACfW,EAEP,MAAOnM,QAAOoM,KAAKZ,EAAKQ,EAAOE,GAInC,QAASI,GAAatK,EAAKuK,GACzB,GAAIC,GAAiBD,GAAUvK,EAAIC,QAAQsK,MAC3C,OAAO5E,GAAKxN,IAAI6H,EAAKwK,EAAgB,qCACnC7J,eAAe,IAInB,QAAS8J,GAAOzK,EAAKuK,EAAQG,GAC3B,GAAIlK,GAAYF,EAAYG,aAAaT,EAAIC,QAAQS,QAErD,OAAO4J,GAAatK,EAAKuK,GACxB9I,KAAK,SAASkJ,GACb,GAAIC,GAAUD,EAAS,SAGnB/J,EAAgBJ,EAAUK,aAC1BC,EAAiBF,EAAcgK,EACnC,IAAI9J,GAAkBvF,KAAKwF,MAAM,IAAOD,EAAeE,UAAW,CAChE,GAAI6J,GAAYjS,EAAKyE,KAAKyD,EAAeG,SAAS6J,MAChDJ,IAAKA,GAGP,IAAIG,EACF,MAAOA,GAQX,MAHArK,GAAUoE,aAAagG,GAGhBjF,EAAKxN,IAAI6H,EAAK4K,GACnBjK,eAAe,IAEhBc,KAAK,SAASJ,GACb,GAAI1F,GAAM/C,EAAKyE,KAAKgE,EAAIyJ,MACtBJ,IAAKA,GAGP,IAAI/O,EACF,MAAOA,EAGT,MAAM,IAAI0D,GAAa,eAAiBqL,EAAM,4CAKpD,QAASK,GAAe/K,EAAKgL,EAAQC,GACnC,GAAIC,GAAMD,EAAiBE,SACvBC,EAAMH,EAAiBV,OACvBc,EAAQJ,EAAiBI,KAE7B,KAAKL,IAAWI,IAAQF,EACtB,KAAM,IAAI7L,GAAa,mDAGzB,IAAIgM,GAASL,EAAOK,QAAUA,EAC5B,KAAM,IAAIhM,GAAa,wDAGzB,IAAI0B,GAAM3E,KAAKC,MAAMd,KAAKwF,MAAM,IAEhC,IAAIiK,EAAOI,MAAQA,EACjB,KAAM,IAAI/L,GAAa,eAAiB2L,EAAOI,IAAM,qBAC9BA,EAAM,IAG/B,IAAIJ,EAAOE,MAAQA,EACjB,KAAM,IAAI7L,GAAa,iBAAmB2L,EAAOE,IAAM,qBAChCA,EAAM,IAG/B,IAAIF,EAAOM,IAAMN,EAAOO,IACtB,KAAM,IAAIlM,GAAa,uCAGzB,IAAK0B,EAAMf,EAAIC,QAAQuL,aAAgBR,EAAOO,IAC5C,KAAM,IAAIlM,GAAa,yCAGzB,IAAI2L,EAAOM,IAAOvK,EAAMf,EAAIC,QAAQuL,aAClC,KAAM,IAAInM,GAAa,oCAI3B,QAASoM,GAAazL,EAAKC,GACzB,GAAI1F,UAAUjB,OAAS,EACrB,KAAM,IAAI+F,GAAa,uEAEzBY,GAAUA,KAGV,IAAIyL,GAAe9S,EAAK6F,oBAAoBwB,EAAQyL,eAAiB1L,EAAIC,QAAQyL,aAC7EnB,EAAS3R,EAAK6F,oBAAoBwB,EAAQsK,SAAWvK,EAAIC,QAAQsK,OACjEoB,EAAc/S,EAAK6F,oBAAoBwB,EAAQ0L,cAAgB3L,EAAIC,QAAQ0L,YAC3EC,EAAWhT,EAAK6F,oBAAoBwB,EAAQ2L,WAAa5L,EAAIC,QAAQ2L,SACrEC,EAAYjT,EAAK6F,oBAAoBwB,EAAQ4L,YAAc7L,EAAIC,QAAQ4L,UACvEC,EAAYlT,EAAK6F,oBAAoBwB,EAAQ6L,YAAc9L,EAAIC,QAAQ6L,UAEvEC,EAAUxB,EAAOnN,QAAQ,WAAa,EAAImN,EAASA,EAAS,SAQhE,OANAmB,GAAeA,GAAgBK,EAAU,gBACzCJ,EAAcA,GAAeI,EAAU,eACvCH,EAAWA,GAAYG,EAAU,YACjCD,EAAYA,GAAaC,EAAU,aACnCF,EAAYA,GAAaE,EAAU,cAGjCxB,OAAQA,EACRmB,aAAcA,EACdC,YAAaA,EACbC,SAAUA,EACVE,UAAWA,EACXD,UAAWA,GAIf,QAASG,GAAkBC,GAEzB,GAAIC,GAAa,MACbC,EAAa,qBACbC,EAAWH,CAGY,OAAvBG,EAASC,OAAO,IAAqC,MAAvBD,EAASC,OAAO,KAChDD,EAAWA,EAASE,UAAU,IAIL,MAAvBF,EAASC,OAAO,IAAqC,MAAvBD,EAASC,OAAO,KAChDD,EAAWA,EAASE,UAAU,GAQhC,KAJA,GAGIC,GAHAxR,OAIS,CAEX,KADAwR,EAAQJ,EAAWK,KAAKJ,IACV,KAEd,IAAIzQ,GAAM4Q,EAAM,GACZ3P,EAAQ2P,EAAM,EAIhBxR,GAAIY,GADM,aAARA,GAA8B,iBAARA,GAAkC,SAARA,EACvCiB,EAEAnD,mBAAmBmD,EAAM1D,QAAQgT,EAAY,MAG5D,MAAOnR,GAxNT,GAAI4K,GAAO/C,EAAQ,GACfhK,EAAOgK,EAAQ,GACftC,EAAcsC,EAAQ,GACtBvD,EAAeuD,EAAQ,EAwN3B/L,GAAOD,SACL+R,cAAeA,EACfC,cAAeA,EACf0B,aAAcA,EACdG,OAAQA,EACRM,eAAgBA,EAChBU,aAAcA,EACdlC,UAAWA,EACXQ,UAAWA,EACXiC,kBAAmBA,EACnBnD,QAASA,EACTG,YAAaA,EACbI,eAAgBA,IXivCZ,SAAUvS,EAAQD,EAASM,GYz9CjC,GAAIuV,GAAe7J,EAAQ,IACvBtC,EAAcsC,EAAQ,EAE1B/L,GAAOD,QAAUgM,EAAQ,IAAatC,EAAamM,IZ4+C7C,SAAU5V,EAAQD,EAASM,Ga7+CjC,QAASwV,GAASzL,GAChB,MAAIA,GAASC,QAAQ/I,IAAI,iBACvB8I,EAASC,QAAQ/I,IAAI,gBAAgBwU,cAAcvP,QAAQ,qBAAuB,EAC7E6D,EAAS2L,OAEbzK,MAAM,SAAAxI,GACL,OACEyL,MAAOzL,EACP+F,aAAc,qCAIXuB,EAAS3C,OAIpB,QAASuO,GAAaxK,EAAQd,GAC5B,GAAMtG,GAA2B,WAAhB,EAAOsG,GAClBuL,GACJnL,aAAc1G,EAAW6B,KAAKC,UAAUwE,GAAQA,EAChDc,OAAQA,EAMV,OAJIpH,KACF6R,EAAOC,aAAe,OACtBD,EAAOE,aAAezL,GAEjBuL,EAIT,QAASL,GAAavM,EAAQtF,EAAKJ,GACjC,GAAIqP,GAAOrP,EAAK+G,KACZL,EAAU1G,EAAK0G,WA6BnB,OAzBoB,sBAHDA,EAAQ,iBAAmBA,EAAQ,iBAAmB,KAG/B2I,GAAwB,gBAATA,KACvDA,EAAO/M,KAAKC,UAAU8M,IAGLoD,EAAMrS,GACvBsF,OAAQA,EACRgB,QAAS1G,EAAK0G,QACd2I,KAAMA,EACNqD,YAAa1S,EAAK6F,gBAAkB,UAAY,SAEjDoB,KAAK,SAASR,GACb,GAAImE,IAASnE,EAASkM,GAClB9K,EAASpB,EAASoB,MACtB,OAAOqK,GAASzL,GACbQ,KAAK,SAAAF,GACJ,MAAOsL,GAAaxK,EAAQd,KAE7BE,KAAK,SAAAqL,GACJ,GAAI1H,EAEF,KAAM0H,EAER,OAAOA,Obq7Cf,GAAI1I,GAAUlN,EAAoB,Gal/C9B+V,EAAQrK,EAAQ,GAmEpB/L,GAAOD,QAAU6V,GbggDX,SAAU5V,EAAQD,Gc/kDxB,GAAIwW,GAAW,SAAW1W,GAC1B,QAAS2W,KACTpW,KAAKgW,OAAQ,EACbhW,KAAKqW,aAAe5W,EAAK4W,aAGzB,MADAD,GAAE7U,UAAY9B,EACP,GAAI2W,IACQ,mBAATrW,MAAuBA,KAAOC,OACxC,SAAUD,IAEQ,SAAUJ,GAmB1B,QAAS2W,GAAWxS,GAClB,MAAOA,IAAOyS,SAAShV,UAAUiV,cAAc1S,GAuBjD,QAAS2S,GAAc9V,GAIrB,GAHoB,gBAATA,KACTA,EAAO+V,OAAO/V,IAEZ,4BAA4BiD,KAAKjD,GACnC,KAAM,IAAIgW,WAAU,yCAEtB,OAAOhW,GAAK+U,cAGd,QAASkB,GAAejR,GAItB,MAHqB,gBAAVA,KACTA,EAAQ+Q,OAAO/Q,IAEVA,EAIT,QAASkR,GAAYC,GACnB,GAAIzJ,IACF0J,KAAM,WACJ,GAAIpR,GAAQmR,EAAME,OAClB,QAAQ5I,SAAgBzJ,KAAVgB,EAAqBA,MAAOA,IAU9C,OANIsR,GAAQC,WACV7J,EAASD,OAAOC,UAAY,WAC1B,MAAOA,KAIJA,EAGT,QAAS8J,GAAQlN,GACfjK,KAAKoX,OAEDnN,YAAmBkN,GACrBlN,EAAQ1E,QAAQ,SAASI,EAAOhF,GAC9BX,KAAKqX,OAAO1W,EAAMgF,IACjB3F,MACMoD,MAAMmN,QAAQtG,GACvBA,EAAQ1E,QAAQ,SAAS+R,GACvBtX,KAAKqX,OAAOC,EAAO,GAAIA,EAAO,KAC7BtX,MACMiK,GACTnJ,OAAOyW,oBAAoBtN,GAAS1E,QAAQ,SAAS5E,GACnDX,KAAKqX,OAAO1W,EAAMsJ,EAAQtJ,KACzBX,MAgEP,QAASwX,GAAS5E,GAChB,GAAIA,EAAK6E,SACP,MAAOxP,SAAQ6F,OAAO,GAAI6I,WAAU,gBAEtC/D,GAAK6E,UAAW,EAGlB,QAASC,GAAgBC,GACvB,MAAO,IAAI1P,SAAQ,SAASC,EAAS4F,GACnC6J,EAAOC,OAAS,WACd1P,EAAQyP,EAAO9B,SAEjB8B,EAAOE,QAAU,WACf/J,EAAO6J,EAAOxJ,UAKpB,QAAS2J,GAAsBC,GAC7B,GAAIJ,GAAS,GAAIK,YACbC,EAAUP,EAAgBC,EAE9B,OADAA,GAAOO,kBAAkBH,GAClBE,EAGT,QAASE,GAAeJ,GACtB,GAAIJ,GAAS,GAAIK,YACbC,EAAUP,EAAgBC,EAE9B,OADAA,GAAOS,WAAWL,GACXE,EAGT,QAASI,GAAsBC,GAI7B,IAAK,GAHDC,GAAO,GAAI1V,YAAWyV,GACtBE,EAAQ,GAAIpV,OAAMmV,EAAKlW,QAElBjC,EAAI,EAAGA,EAAImY,EAAKlW,OAAQjC,IAC/BoY,EAAMpY,GAAKsW,OAAO+B,aAAaF,EAAKnY,GAEtC,OAAOoY,GAAM1T,KAAK,IAGpB,QAAS4T,GAAYJ,GACnB,GAAIA,EAAIjV,MACN,MAAOiV,GAAIjV,MAAM,EAEjB,IAAIkV,GAAO,GAAI1V,YAAWyV,EAAIK,WAE9B,OADAJ,GAAKxN,IAAI,GAAIlI,YAAWyV,IACjBC,EAAK3V,OAIhB,QAASgW,KA0FP,MAzFA5Y,MAAKyX,UAAW,EAEhBzX,KAAK6Y,UAAY,SAASjG,GACxB5S,KAAK8Y,UAAYlG,EACZA,EAEsB,gBAATA,GAChB5S,KAAK+Y,UAAYnG,EACRqE,EAAQc,MAAQiB,KAAKzX,UAAUiV,cAAc5D,GACtD5S,KAAKiZ,UAAYrG,EACRqE,EAAQiC,UAAYC,SAAS5X,UAAUiV,cAAc5D,GAC9D5S,KAAKoZ,cAAgBxG,EACZqE,EAAQ3Q,cAAgB+S,gBAAgB9X,UAAUiV,cAAc5D,GACzE5S,KAAK+Y,UAAYnG,EAAK7O,WACbkT,EAAQqC,aAAerC,EAAQc,MAAQzB,EAAW1D,IAC3D5S,KAAKuZ,iBAAmBb,EAAY9F,EAAKhQ,QAEzC5C,KAAK8Y,UAAY,GAAIE,OAAMhZ,KAAKuZ,oBACvBtC,EAAQqC,cAAgBE,YAAYjY,UAAUiV,cAAc5D,IAAS6G,EAAkB7G,IAChG5S,KAAKuZ,iBAAmBb,EAAY9F,GAEpC5S,KAAK+Y,UAAYnG,EAAO9R,OAAOS,UAAUwC,SAASxD,KAAKqS,GAhBvD5S,KAAK+Y,UAAY,GAmBd/Y,KAAKiK,QAAQ/I,IAAI,kBACA,gBAAT0R,GACT5S,KAAKiK,QAAQc,IAAI,eAAgB,4BACxB/K,KAAKiZ,WAAajZ,KAAKiZ,UAAU/H,KAC1ClR,KAAKiK,QAAQc,IAAI,eAAgB/K,KAAKiZ,UAAU/H,MACvC+F,EAAQ3Q,cAAgB+S,gBAAgB9X,UAAUiV,cAAc5D,IACzE5S,KAAKiK,QAAQc,IAAI,eAAgB,qDAKnCkM,EAAQc,OACV/X,KAAK+X,KAAO,WACV,GAAI2B,GAAWlC,EAASxX,KACxB,IAAI0Z,EACF,MAAOA,EAGT,IAAI1Z,KAAKiZ,UACP,MAAOhR,SAAQC,QAAQlI,KAAKiZ,UACvB,IAAIjZ,KAAKuZ,iBACd,MAAOtR,SAAQC,QAAQ,GAAI8Q,OAAMhZ,KAAKuZ,mBACjC,IAAIvZ,KAAKoZ,cACd,KAAM,IAAIvQ,OAAM,uCAEhB,OAAOZ,SAAQC,QAAQ,GAAI8Q,OAAMhZ,KAAK+Y,cAI1C/Y,KAAKsZ,YAAc,WACjB,MAAItZ,MAAKuZ,iBACA/B,EAASxX,OAASiI,QAAQC,QAAQlI,KAAKuZ,kBAEvCvZ,KAAK+X,OAAOvN,KAAKsN,KAK9B9X,KAAKqH,KAAO,WACV,GAAIqS,GAAWlC,EAASxX,KACxB,IAAI0Z,EACF,MAAOA,EAGT,IAAI1Z,KAAKiZ,UACP,MAAOd,GAAenY,KAAKiZ,UACtB,IAAIjZ,KAAKuZ,iBACd,MAAOtR,SAAQC,QAAQmQ,EAAsBrY,KAAKuZ,kBAC7C,IAAIvZ,KAAKoZ,cACd,KAAM,IAAIvQ,OAAM,uCAEhB,OAAOZ,SAAQC,QAAQlI,KAAK+Y,YAI5B9B,EAAQiC,WACVlZ,KAAKkZ,SAAW,WACd,MAAOlZ,MAAKqH,OAAOmD,KAAKmP,KAI5B3Z,KAAK2V,KAAO,WACV,MAAO3V,MAAKqH,OAAOmD,KAAK3E,KAAKE,QAGxB/F,KAMT,QAAS4Z,GAAgB3Q,GACvB,GAAI4Q,GAAU5Q,EAAO6Q,aACrB,OAAOC,GAAQ5T,QAAQ0T,IAAY,EAAIA,EAAU5Q,EAGnD,QAAS+Q,GAAQC,EAAOjR,GACtBA,EAAUA,KACV,IAAI4J,GAAO5J,EAAQ4J,IAEnB,IAAIqH,YAAiBD,GAAS,CAC5B,GAAIC,EAAMxC,SACR,KAAM,IAAId,WAAU,eAEtB3W,MAAK2D,IAAMsW,EAAMtW,IACjB3D,KAAKiW,YAAcgE,EAAMhE,YACpBjN,EAAQiB,UACXjK,KAAKiK,QAAU,GAAIkN,GAAQ8C,EAAMhQ,UAEnCjK,KAAKiJ,OAASgR,EAAMhR,OACpBjJ,KAAKka,KAAOD,EAAMC,KAClBla,KAAKma,OAASF,EAAME,OACfvH,GAA2B,MAAnBqH,EAAMnB,YACjBlG,EAAOqH,EAAMnB,UACbmB,EAAMxC,UAAW,OAGnBzX,MAAK2D,IAAM+S,OAAOuD,EAYpB,IATAja,KAAKiW,YAAcjN,EAAQiN,aAAejW,KAAKiW,aAAe,eAC1DjN,EAAQiB,SAAYjK,KAAKiK,UAC3BjK,KAAKiK,QAAU,GAAIkN,GAAQnO,EAAQiB,UAErCjK,KAAKiJ,OAAS2Q,EAAgB5Q,EAAQC,QAAUjJ,KAAKiJ,QAAU,OAC/DjJ,KAAKka,KAAOlR,EAAQkR,MAAQla,KAAKka,MAAQ,KACzCla,KAAKma,OAASnR,EAAQmR,QAAUna,KAAKma,OACrCna,KAAKoa,SAAW,MAEK,QAAhBpa,KAAKiJ,QAAoC,SAAhBjJ,KAAKiJ,SAAsB2J,EACvD,KAAM,IAAI+D,WAAU,4CAEtB3W,MAAK6Y,UAAUjG,GAOjB,QAAS+G,GAAO/G,GACd,GAAIyH,GAAO,GAAIlB,SAYf,OAXAvG,GACG0H,OACAC,MAAM,KACNhV,QAAQ,SAASiV,GAChB,GAAIA,EAAO,CACT,GAAID,GAAQC,EAAMD,MAAM,KACpB5Z,EAAO4Z,EAAMvD,QAAQ/U,QAAQ,MAAO,KACpC0D,EAAQ4U,EAAMzV,KAAK,KAAK7C,QAAQ,MAAO,IAC3CoY,GAAKhD,OAAO7U,mBAAmB7B,GAAO6B,mBAAmBmD,OAGxD0U,EAGT,QAASI,GAAaC,GACpB,GAAIzQ,GAAU,GAAIkN,EAYlB,OAT0BuD,GAAWzY,QAAQ,eAAgB,KACzCsY,MAAM,SAAShV,QAAQ,SAASoV,GAClD,GAAIxW,GAAQwW,EAAKJ,MAAM,KACnB7V,EAAMP,EAAM6S,QAAQsD,MACxB,IAAI5V,EAAK,CACP,GAAIiB,GAAQxB,EAAMW,KAAK,KAAKwV,MAC5BrQ,GAAQoN,OAAO3S,EAAKiB,MAGjBsE,EAKT,QAAS2Q,GAASC,EAAU7R,GACrBA,IACHA,MAGFhJ,KAAKkR,KAAO,UACZlR,KAAKoL,WAA4BzG,KAAnBqE,EAAQoC,OAAuB,IAAMpC,EAAQoC,OAC3DpL,KAAKkW,GAAKlW,KAAKoL,QAAU,KAAOpL,KAAKoL,OAAS,IAC9CpL,KAAK8a,WAAa,cAAgB9R,GAAUA,EAAQ8R,WAAa,KACjE9a,KAAKiK,QAAU,GAAIkN,GAAQnO,EAAQiB,SACnCjK,KAAK2D,IAAMqF,EAAQrF,KAAO,GAC1B3D,KAAK6Y,UAAUgC,GA4CjB,QAAS7E,GAAMiE,EAAOc,GACpB,MAAO,IAAI9S,SAAQ,SAASC,EAAS4F,GASnC,QAASkN,KACP1S,EAAI2S,QATN,GAAIC,GAAU,GAAIlB,GAAQC,EAAOc,EAEjC,IAAIG,EAAQf,QAAUe,EAAQf,OAAOgB,QACnC,MAAOrN,GAAO,GAAInO,GAAQ0W,aAAa,UAAW,cAGpD,IAAI/N,GAAM,GAAI8S,eAMd9S,GAAIsP,OAAS,WACX,GAAI5O,IACFoC,OAAQ9C,EAAI8C,OACZ0P,WAAYxS,EAAIwS,WAChB7Q,QAASwQ,EAAanS,EAAI+S,yBAA2B,IAEvDrS,GAAQrF,IAAM,eAAiB2E,GAAMA,EAAIgT,YAActS,EAAQiB,QAAQ/I,IAAI,gBAC3E,IAAI0R,GAAO,YAActK,GAAMA,EAAI0B,SAAW1B,EAAIoC,YAClDxC,GAAQ,GAAI0S,GAAShI,EAAM5J,KAG7BV,EAAIuP,QAAU,WACZ/J,EAAO,GAAI6I,WAAU,4BAGvBrO,EAAIiT,UAAY,WACdzN,EAAO,GAAI6I,WAAU,4BAGvBrO,EAAIkT,QAAU,WACZ1N,EAAO,GAAInO,GAAQ0W,aAAa,UAAW,gBAG7C/N,EAAI6K,KAAK+H,EAAQjS,OAAQiS,EAAQvX,KAAK,GAEV,YAAxBuX,EAAQjF,YACV3N,EAAIc,iBAAkB,EACW,SAAxB8R,EAAQjF,cACjB3N,EAAIc,iBAAkB,GAGpB,gBAAkBd,IAAO2O,EAAQc,OACnCzP,EAAIwN,aAAe,QAGrBoF,EAAQjR,QAAQ1E,QAAQ,SAASI,EAAOhF,GACtC2H,EAAImT,iBAAiB9a,EAAMgF,KAGzBuV,EAAQf,SACVe,EAAQf,OAAOlI,iBAAiB,QAAS+I,GAEzC1S,EAAIoT,mBAAqB,WAEA,IAAnBpT,EAAIqT,YACNT,EAAQf,OAAO/H,oBAAoB,QAAS4I,KAKlD1S,EAAIsT,SAAkC,KAAtBV,EAAQpC,UAA4B,KAAOoC,EAAQpC,aAxfvE,GAAI7B,IACF3Q,aAAc,mBAAqBvG,GACnCmX,SAAU,UAAYnX,IAAQ,YAAcqN,QAC5C2K,KACE,cAAgBhY,IAChB,QAAUA,IACV,WACE,IAEE,MADA,IAAIiZ,OACG,EACP,MAAOtW,GACP,OAAO,MAGbwW,SAAU,YAAcnZ,GACxBuZ,YAAa,eAAiBvZ,GAOhC,IAAIkX,EAAQqC,YACV,GAAIuC,IACF,qBACA,sBACA,6BACA,sBACA,uBACA,sBACA,uBACA,wBACA,yBAGEpC,EACFD,YAAYsC,QACZ,SAAShY,GACP,MAAOA,IAAO+X,EAAY1V,QAAQrF,OAAOS,UAAUwC,SAASxD,KAAKuD,KAAS,EAyDhFqT,GAAQ5V,UAAU8V,OAAS,SAAS1W,EAAMgF,GACxChF,EAAO8V,EAAc9V,GACrBgF,EAAQiR,EAAejR,EACvB,IAAIoW,GAAW/b,KAAKoX,IAAIzW,EACxBX,MAAKoX,IAAIzW,GAAQob,EAAWA,EAAW,KAAOpW,EAAQA,GAGxDwR,EAAQ5V,UAAkB,OAAI,SAASZ,SAC9BX,MAAKoX,IAAIX,EAAc9V,KAGhCwW,EAAQ5V,UAAUL,IAAM,SAASP,GAE/B,MADAA,GAAO8V,EAAc9V,GACdX,KAAKgc,IAAIrb,GAAQX,KAAKoX,IAAIzW,GAAQ,MAG3CwW,EAAQ5V,UAAUya,IAAM,SAASrb,GAC/B,MAAOX,MAAKoX,IAAI5V,eAAeiV,EAAc9V,KAG/CwW,EAAQ5V,UAAUwJ,IAAM,SAASpK,EAAMgF,GACrC3F,KAAKoX,IAAIX,EAAc9V,IAASiW,EAAejR,IAGjDwR,EAAQ5V,UAAUgE,QAAU,SAAS0W,EAAUC,GAC7C,IAAK,GAAIvb,KAAQX,MAAKoX,IAChBpX,KAAKoX,IAAI5V,eAAeb,IAC1Bsb,EAAS1b,KAAK2b,EAASlc,KAAKoX,IAAIzW,GAAOA,EAAMX,OAKnDmX,EAAQ5V,UAAUsS,KAAO,WACvB,GAAIiD,KAIJ,OAHA9W,MAAKuF,QAAQ,SAASI,EAAOhF,GAC3BmW,EAAMlS,KAAKjE,KAENkW,EAAYC,IAGrBK,EAAQ5V,UAAU4a,OAAS,WACzB,GAAIrF,KAIJ,OAHA9W,MAAKuF,QAAQ,SAASI,GACpBmR,EAAMlS,KAAKe,KAENkR,EAAYC,IAGrBK,EAAQ5V,UAAU6a,QAAU,WAC1B,GAAItF,KAIJ,OAHA9W,MAAKuF,QAAQ,SAASI,EAAOhF,GAC3BmW,EAAMlS,MAAMjE,EAAMgF,MAEbkR,EAAYC,IAGjBG,EAAQC,WACVC,EAAQ5V,UAAU6L,OAAOC,UAAY8J,EAAQ5V,UAAU6a,QAqJzD,IAAIrC,IAAW,SAAU,MAAO,OAAQ,UAAW,OAAQ,MA8C3DC,GAAQzY,UAAUqE,MAAQ,WACxB,MAAO,IAAIoU,GAAQha,MAAO4S,KAAM5S,KAAK8Y,aAmCvCF,EAAKrY,KAAKyZ,EAAQzY,WAgBlBqX,EAAKrY,KAAKqa,EAASrZ,WAEnBqZ,EAASrZ,UAAUqE,MAAQ,WACzB,MAAO,IAAIgV,GAAS5a,KAAK8Y,WACvB1N,OAAQpL,KAAKoL,OACb0P,WAAY9a,KAAK8a,WACjB7Q,QAAS,GAAIkN,GAAQnX,KAAKiK,SAC1BtG,IAAK3D,KAAK2D,OAIdiX,EAASzM,MAAQ,WACf,GAAInE,GAAW,GAAI4Q,GAAS,MAAOxP,OAAQ,EAAG0P,WAAY,IAE1D,OADA9Q,GAASkH,KAAO,QACTlH,EAGT,IAAIqS,IAAoB,IAAK,IAAK,IAAK,IAAK,IAE5CzB,GAAS0B,SAAW,SAAS3Y,EAAKyH,GAChC,IAA0C,IAAtCiR,EAAiBlW,QAAQiF,GAC3B,KAAM,IAAImR,YAAW,sBAGvB,OAAO,IAAI3B,GAAS,MAAOxP,OAAQA,EAAQnB,SAAUmJ,SAAUzP,MAGjEhE,EAAQ0W,aAAetW,EAAKsW,YAC5B,KACE,GAAI1W,GAAQ0W,aACZ,MAAOlM,GACPxK,EAAQ0W,aAAe,SAAS9N,EAAS5H,GACvCX,KAAKuI,QAAUA,EACfvI,KAAKW,KAAOA,CACZ,IAAIwN,GAAQtF,MAAMN,EAClBvI,MAAKwc,MAAQrO,EAAMqO,OAErB7c,EAAQ0W,aAAa9U,UAAYT,OAAO2b,OAAO5T,MAAMtH,WACrD5B,EAAQ0W,aAAa9U,UAAU+L,YAAc3N,EAAQ0W,aAuEvDL,EAAM0G,UAAW,EAEZ3c,EAAKiW,QACRjW,EAAKiW,MAAQA,EACbjW,EAAKoX,QAAUA,EACfpX,EAAKia,QAAUA,EACfja,EAAK6a,SAAWA,GAGlBjb,EAAQwX,QAAUA,EAClBxX,EAAQqa,QAAUA,EAClBra,EAAQib,SAAWA,EACnBjb,EAAQqW,MAAQA,QAKfG,SACIA,GAASH,MAAM0G,SACtB/c,EAAUwW,EAASH,MACnBrW,EAAQgd,QAAUxG,EAASH,MAC3BrW,EAAQqW,MAAQG,EAASH,MACzBrW,EAAQwX,QAAUhB,EAASgB,QAC3BxX,EAAQqa,QAAU7D,EAAS6D,QAC3Bra,EAAQib,SAAWzE,EAASyE,SAC5Bhb,EAAOD,QAAUA,GdslDX,SAAUC,EAAQD,EAASM,GetnEjC,SAOE,SAAUP,GACX,GAAIkd,IAA2B,CAS/B,IAPC,QAAc,+DACdA,GAA2B,EAG3Bhd,EAAOD,QAAUD,IACjBkd,GAA2B,GAEvBA,EAA0B,CAC9B,GAAIC,GAAa9V,OAAO6E,QACpBkR,EAAM/V,OAAO6E,QAAUlM,GAC3Bod,GAAIC,WAAa,WAEhB,MADAhW,QAAO6E,QAAUiR,EACVC,KAGR,WACD,QAASzX,KAGR,IAFA,GAAIjF,GAAI,EACJyV,KACGzV,EAAIkD,UAAUjB,OAAQjC,IAAK,CACjC,GAAI4c,GAAa1Z,UAAWlD,EAC5B,KAAK,GAAIsE,KAAOsY,GACfnH,EAAOnR,GAAOsY,EAAWtY,GAG3B,MAAOmR,GAGR,QAASkF,GAAMkC,GACd,QAASH,GAAKpY,EAAKiB,EAAOqX,GACzB,GAAInH,EACJ,IAAwB,mBAAbjO,UAAX,CAMA,GAAItE,UAAUjB,OAAS,EAAG,CAKzB,GAJA2a,EAAa3X,GACZoC,KAAM,KACJqV,EAAII,SAAUF,GAEiB,gBAAvBA,GAAW/P,QAAsB,CAC3C,GAAIA,GAAU,GAAI3I,KAClB2I,GAAQkQ,gBAAgBlQ,EAAQmQ,kBAAyC,MAArBJ,EAAW/P,SAC/D+P,EAAW/P,QAAUA,EAItB+P,EAAW/P,QAAU+P,EAAW/P,QAAU+P,EAAW/P,QAAQzI,cAAgB,EAE7E,KACCqR,EAAShQ,KAAKC,UAAUH,GACpB,UAAU/B,KAAKiS,KAClBlQ,EAAQkQ,GAER,MAAOnT,IAMRiD,EAJIsX,EAAUI,MAINJ,EAAUI,MAAM1X,EAAOjB,GAHvBG,mBAAmB6R,OAAO/Q,IAChC1D,QAAQ,4DAA6DO,oBAKxEkC,EAAMG,mBAAmB6R,OAAOhS,IAChCA,EAAMA,EAAIzC,QAAQ,2BAA4BO,oBAC9CkC,EAAMA,EAAIzC,QAAQ,UAAWQ,OAE7B,IAAI6a,GAAwB,EAE5B,KAAK,GAAIC,KAAiBP,GACpBA,EAAWO,KAGhBD,GAAyB,KAAOC,GACE,IAA9BP,EAAWO,KAGfD,GAAyB,IAAMN,EAAWO,IAE3C,OAAQ3V,UAAS4V,OAAS9Y,EAAM,IAAMiB,EAAQ2X,EAK1C5Y,IACJmR,KAUD,KAJA,GAAIpM,GAAU7B,SAAS4V,OAAS5V,SAAS4V,OAAOjD,MAAM,SAClDkD,EAAU,mBACVrd,EAAI,EAEDA,EAAIqJ,EAAQpH,OAAQjC,IAAK,CAC/B,GAAI+D,GAAQsF,EAAQrJ,GAAGma,MAAM,KACzBiD,EAASrZ,EAAMd,MAAM,GAAGyB,KAAK,IAE5B9E,MAAK2V,MAA6B,MAArB6H,EAAOpI,OAAO,KAC/BoI,EAASA,EAAOna,MAAM,GAAI,GAG3B,KACC,GAAI1C,GAAOwD,EAAM,GAAGlC,QAAQwb,EAASjb,mBAKrC,IAJAgb,EAASP,EAAUS,KAClBT,EAAUS,KAAKF,EAAQ7c,GAAQsc,EAAUO,EAAQ7c,IACjD6c,EAAOvb,QAAQwb,EAASjb,oBAErBxC,KAAK2V,KACR,IACC6H,EAAS3X,KAAKE,MAAMyX,GACnB,MAAO9a,IAGV,GAAIgC,IAAQ/D,EAAM,CACjBkV,EAAS2H,CACT,OAGI9Y,IACJmR,EAAOlV,GAAQ6c,GAEf,MAAO9a,KAGV,MAAOmT,IAsBR,MAnBAiH,GAAI/R,IAAM+R,EACVA,EAAI5b,IAAM,SAAUwD,GACnB,MAAOoY,GAAIvc,KAAKuc,EAAKpY,IAEtBoY,EAAIa,QAAU,WACb,MAAOb,GAAIrZ,OACVkS,MAAM,MACDtS,MAAM9C,KAAK+C,aAElBwZ,EAAII,YAEJJ,EAAI5P,OAAS,SAAUxI,EAAKsY,GAC3BF,EAAIpY,EAAK,GAAIW,EAAO2X,GACnB/P,SAAU,MAIZ6P,EAAIc,cAAgB7C,EAEb+B,EAGR,MAAO/B,GAAK,iBfkoEP,SAAUnb,EAAQD,EAASM,GgBxwEjC,QAAS4d,GAAgBta,GACvB,GAAIwF,GAAM/I,IAEV8d,GAAYC,kBAAkBxa,EAE9B,IAAIya,GAAiBrc,EAAK0D,QACxBoH,QAAQ,GACPlJ,EAAKkG,QACWV,GAAIkV,SAASC,gBAAkBnV,EAAIkV,SAASE,YAE7DH,EAAevR,QAAS,OAEa,KAA5BuR,EAAetR,WAExBsR,EAAetR,SAAWsR,EAAevR,OAAS,OAAS,OAEzDuR,EAAevR,SAAW1D,EAAIkV,SAASE,YAEzCnX,QAAQI,KACN,2LAIF4W,EAAevR,QAAS,GAG1BzM,KAAKgJ,SACHkL,SAAU3Q,EAAK2Q,SACfZ,OAAQ3R,EAAK6F,oBAAoBjE,EAAK+P,QACtCmB,aAAc9S,EAAK6F,oBAAoBjE,EAAKkR,cAC5CC,YAAa/S,EAAK6F,oBAAoBjE,EAAKmR,aAC3CC,SAAUhT,EAAK6F,oBAAoBjE,EAAKoR,UACxCE,UAAWlT,EAAK6F,oBAAoBjE,EAAKsR,WACzCD,UAAWjT,EAAK6F,oBAAoBjE,EAAKqR,WACzCwJ,MAAoB,IAAd7a,EAAK6a,KACXC,YAAa9a,EAAK8a,YAClBC,sBAAuB/a,EAAK+a,sBAC5BC,aAAchb,EAAKgb,aACnBhU,kBAAmBhH,EAAKgH,kBACxBlB,YAAa9F,EAAK8F,YAClBgC,kBAAmB9H,EAAK8H,kBACxBpB,QAAS1G,EAAK0G,QACduU,iBAAkBjb,EAAKib,iBACvB/U,QAASuU,GAGXhe,KAAKkK,UAAY4T,EAAYW,aAAalb,EAAMmb,UAAgB,qBAS3Dnb,EAAKgR,cAAsC,IAAtBhR,EAAKgR,aAG7BvU,KAAKgJ,QAAQuL,aAAehR,EAAKgR,aAFjCvU,KAAKgJ,QAAQuL,aAAe1J,EAAU8T,uBAOxC3e,KAAKgJ,QAAQ4V,kBAAoBrb,EAAKqb,gBAEtC7V,EAAI8V,SACFC,MAAOnd,EAAKqB,KAAK6b,EAAQE,aAAc,KAAMhW,GAC7C8F,OAAQlN,EAAKqB,KAAK6b,EAAQG,cAAe,KAAMjW,GAC/C7H,IAAKS,EAAKqB,KAAK6b,EAAQI,WAAY,KAAMlW,GACzCmW,QAASvd,EAAKqB,KAAK6b,EAAQM,eAAgB,KAAMpW,GACjDqW,qBAAsBzd,EAAKqB,KAAK6b,EAAQO,qBAAsB,KAAMrW,IAGtEA,EAAI6F,IACFxD,OAAQzJ,EAAKqB,KAAK4L,EAAGH,kBAAmB,KAAM1F,GAC9CsW,OAAQ1d,EAAKqB,KAAK4L,EAAGD,kBAAmB,KAAM5F,GAC9C8F,OAAQlN,EAAKqB,KAAK4L,EAAGM,kBAAmB,KAAMnG,GAC9CiG,WAAYrN,EAAKqB,KAAK4L,EAAGI,WAAY,KAAMjG,IAI7CA,EAAI6F,GAAGC,OAAOC,KAAO,SAASnO,GAC5B,MAAO8I,GAAQvI,IAAIP,IAIrBoI,EAAI8I,SACFyN,WACEC,iBAAkB,WAChB,MAAOxY,QAAOqM,SAAS1D,QAK7B3G,EAAIyW,OACFC,iBAAkB9d,EAAKqB,KAAKwc,EAAMC,iBAAkB,KAAM1W,GAC1D2W,aAAc/d,EAAKqB,KAAKwc,EAAME,aAAc,KAAM3W,GAClD4W,gBAAiBhe,EAAKqB,KAAKwc,EAAMG,gBAAiB,KAAM5W,GACxD6W,aAAcje,EAAKqB,KAAKwc,EAAMI,aAAc,KAAM7W,GAClD4Q,OAAQ6F,EAAMK,YACdC,OAAQne,EAAKqB,KAAKwc,EAAMO,YAAa,KAAMhX,GAC3CiX,MAAOre,EAAKqB,KAAKwc,EAAMS,WAAY,KAAMlX,GACzCmX,YAAave,EAAKqB,KAAKwc,EAAMU,YAAa,KAAMnX,GAChDoX,OAAQxe,EAAKqB,KAAKwc,EAAMY,YAAa,KAAMrX,IAI7CA,EAAIyW,MAAMG,gBAAgBU,aAAe,SAAS1c,GAChDoD,OAAOqM,SAAWzP,GAIpBoF,EAAIyW,MAAMI,aAAaU,YAAc,WACnC,MAAOvZ,QAAOwZ,SAIhBxX,EAAIyW,MAAMI,aAAaY,aAAe,WACpC,MAAOzZ,QAAOqM,UAIhBrK,EAAIyW,MAAMI,aAAaa,aAAe,WACpC,MAAO1Z,QAAOa,UAGhBmB,EAAI2X,YAAYC,cAAgB,WAC9B,MAAOC,WAAU1W,UAGnB,IAAI2W,GAAiB,mCACrB9X,GAAIkV,SAAS6C,uBAAyB,WACpC,GAAIC,GAAQhY,EAAI2X,YAAYC,eAC5B,OAAOI,KAAUF,EAAejd,KAAKmd,IAGvChY,EAAIiY,QAAU,GAAIC,GAClBlY,EAAImY,aAAe,GAAIC,GAAapY,EAAKxF,EAAK2d,cAC9CnY,EAAImY,aAAaE,GAAG,QAASphB,KAAKqhB,qBAAsBrhB,MhBgoE1D,GAAIshB,GAAsBrhB,EAAoB,GAE1CoO,EAAoBpO,EAAoB,GgBzxExCghB,EAAoBtV,EAAQ,IAC5BvD,EAAoBuD,EAAQ,GAC5BmS,EAAoBnS,EAAQ,IAC5Bd,EAAoBc,EAAQ,GAC5BlC,EAAoBkC,EAAQ,GAAoBrC,QAChDoF,EAAoB/C,EAAQ,GAC5B4V,EAAoB5V,EAAQ,IAC5BkT,EAAoBlT,EAAQ,IAC5B6T,EAAoB7T,EAAQ,IAC5BwV,EAAoBxV,EAAQ,IAC5BiD,EAAoBjD,EAAQ,GAC5BhK,EAAoBgK,EAAQ,GA+I5B6V,EAAQ3D,EAAgBtc,SAC5BigB,GAAMH,qBAAuB,SAASlT,GAEvB,mBADFA,EAAM3F,WACgB2F,EAAMhF,cACjCnJ,KAAKgJ,QAAQwV,iBACfxe,KAAKgJ,QAAQwV,mBAGbxX,QAAQmH,MAAM,gEAKpBqT,EAAMvD,YAENuD,EAAMvD,SAASwD,4BAA8B,WAC3C,GAAIC,GAAW9Z,SAASC,cAAgBD,SAASC,aAAe,EAChE,UAAId,OAAO4a,aAAgBD,IAM7BF,EAAMvD,SAAS2D,uBAAyB,WACtC,MAAyB,mBAAXC,SAA0BA,OAAOC,QAAgC,mBAAfjf,aAGlE2e,EAAMvD,SAAS8D,eAAiB,WAC9B,MAA8B,mBAAhBC,cAGhBR,EAAMvD,SAASgE,gBAAkB,WAC/B,MAAOT,GAAMvD,SAAS2D,0BAA4BJ,EAAMvD,SAAS8D,kBAGnEP,EAAMvD,SAASE,QAAU,WACvB,MAAoC,WAA7BpX,OAAOqM,SAAS8O,UAGzBV,EAAMvD,SAASC,YAAc,WAC3B,MAAoC,cAA7BnX,OAAOqM,SAAS+O,UAGzBX,EAAMY,OAAS,SAAU7S,GAGvB,QAASJ,GAAkBnG,GAEzB,aADOuG,GAAK8S,gBACLzT,EAAGO,kBAAkBpG,EAAK,gBAAiBwG,EAAMvG,GAJ1D,GAAID,GAAM/I,IAMV,OALAuP,GAAO5N,EAAKiE,MAAM2J,OAKbA,EAAK8S,gBAGHtZ,EAAI2X,cACVlW,KAAK,SAASkW,GACb,MAAOvR,IACLlF,SACE,uBAAwByW,OANrBvR,KAaXqS,EAAMzC,aAAe,WACnB,GAAIhW,GAAM/I,IAKV,OAFA+I,GAAImY,aAAaoB,QAEVvZ,EAAI8V,QAAQC,QAClB5T,MAAM,SAASxI,GACd,GAAe,iBAAXA,EAAE/B,MAA2C,aAAhB+B,EAAE8F,UAInC,KAAM9F,MAKV8e,EAAMe,kBAAN,mBAAyCA,GAAzC,iDAA0B,WAAiCpZ,GAAjC,uEACpBJ,EAAM/I,KACLmJ,EAFmB,gCAGFJ,EAAImY,aAAahgB,IAAI,cAHnB,QAGtBiI,EAHsB,iBAMnBA,EANmB,yCAOflB,QAAQC,UAPO,iCASjBa,EAAIyW,MAAMM,OAAO3W,GATA,8CAA1B,OAAyCoZ,MAazCf,EAAMgB,QAAN,0BAAgB,WAAgBxZ,GAAhB,yFACdA,EAAUrH,EAAK0D,UAAW2D,GAGtByZ,EAAa1b,OAAOqM,SAASsP,OAC7BpE,EAAwBtV,EAAQsV,uBAC/Bte,KAAKgJ,QAAQsV,uBACbmE,EAEDtZ,EAAcH,EAAQG,YACtBoZ,GAAkD,IAA9BvZ,EAAQuZ,kBAC5B1Q,EAAU7I,EAAQ6I,QAElB9I,EAAM/I,KACN4U,EAAY2M,EAAU/M,aAAazL,GAAK6L,cAErB,KAAZ/C,EAhBG,kCAiBI9I,EAAImY,aAAahgB,IAAI,UAjBzB,SAiBZ2Q,EAjBY,mBAoBV0Q,OAA4C,KAAhBpZ,EApBlB,kCAqBQJ,EAAImY,aAAahgB,IAAI,QArB7B,SAqBZiI,EArBY,kBAyBdJ,EAAImY,aAAaoB,SAEbC,IAAqBpZ,EA3BX,kCA4BNJ,EAAIwZ,kBAAkBpZ,EA5BhB,YAiCT0I,EAjCS,0CAkCL9I,EAAIgW,eACVvU,KAAK,WACA8T,IAA0BmE,EAC5B1b,OAAOqM,SAASuP,SAEhB5b,OAAOqM,SAASwP,OAAOtE,KAvCf,SA6CVuE,EAAQ7Z,EAAQ6Z,MAChBC,EAAcjR,EAAQA,QACtBkR,EAAYnO,EAAY,kBAAoB/P,mBAAmBie,GACjE,6BAA+Bje,mBAAmByZ,GAGhDuE,IACFE,GAAa,UAAYle,mBAAmBge,IAG9C9b,OAAOqM,SAASwP,OAAOG,EAvDT,+CAAhB,uDA0DAjF,EAAYkF,oBAAoBxB,GAGhCA,EAAMyB,UAAY,SAAU1T,GAC1B,GAAI5L,GAAM,yBAA2BhC,EAAK8C,cAAc8K,GACpDvG,GACFiB,SACE,OAAU,wBAGd,OAAOyE,GAAKxN,IAAIlB,KAAM2D,EAAKqF,IAG7BwY,EAAMd,YAAc,SAAS1X,GAC3BA,EAAUA,KACV,IAAID,GAAM/I,IACV,KAAK+I,EAAIkV,SAAS6C,yBAChB,MAAO7Y,SAAQ6F,OAAO,GAAI1F,GAAa,kDAGzC,IAAI8a,GACA1Q,EACA2Q,CAoCJ,OAnCc,IAAIlb,SAAQ,SAAUC,EAAS4F,GAC3C0E,EAAS5K,SAAS6K,cAAc,UAChCD,EAAOE,MAAMC,QAAU,OAEvBwQ,EAAW,SAAkBzgB,GAC3B,GAAKA,GAAMA,EAAE4H,MAAQ5H,EAAEggB,SAAW3Z,EAAIwC,kBAAtC,CAIA,IACE,GAAIlD,GAAMxC,KAAKE,MAAMrD,EAAE4H,MACvB,MAAOH,GACP,MAAO2D,GAAO,GAAI1F,GAAa,oCAGjC,GAAKC,EACL,MAAiB,yBAAbA,EAAI6I,KACChJ,EAAQG,EAAIqY,kBAEJ,4BAAbrY,EAAI6I,MACNxO,EAAE0gB,OAAOzB,YAAY9b,KAAKC,WACxBoL,KAAM,mBACJxO,EAAEggB,WAGVnB,EAAUxP,YAAYhL,OAAQ,UAAWoc,GAEzC3Q,EAAOD,IAAMxJ,EAAIwC,kBAAoB,mCACrC3D,SAASgL,KAAKC,YAAYL,GAE1B0Q,EAAU/a,WAAW,WACnB2F,EAAO,GAAI1F,GAAa,8BACvBY,EAAQka,SAAW,QAGTG,QAAQ,WACrBC,aAAaJ,GACb3B,EAAUpP,eAAepL,OAAQ,UAAWoc,GACxCvb,SAASgL,KAAK2Q,SAAS/Q,IACzBA,EAAOgR,cAAcC,YAAYjR,MAKvC5S,EAAOD,QAAUme,EAAY4F,cAAc7F,IhB64ErC,SAAUje,EAAQD,EAASM,GiB3wFjC,GAAI0jB,GAAW,SAAUhkB,GACvB,YAUA,SAASikB,GAAKC,EAASC,EAAS/jB,EAAMgkB,GAEpC,GAAIC,GAAiBF,GAAWA,EAAQviB,oBAAqB0iB,GAAYH,EAAUG,EAC/EC,EAAYpjB,OAAO2b,OAAOuH,EAAeziB,WACzC4iB,EAAU,GAAIC,GAAQL,MAM1B,OAFAG,GAAUG,QAAUC,EAAiBT,EAAS9jB,EAAMokB,GAE7CD,EAcT,QAASK,GAASthB,EAAIa,EAAKmK,GACzB,IACE,OAASiD,KAAM,SAAUjD,IAAKhL,EAAG1C,KAAKuD,EAAKmK,IAC3C,MAAO9D,GACP,OAAS+G,KAAM,QAASjD,IAAK9D,IAiBjC,QAAS8Z,MACT,QAASO,MACT,QAASC,MA4BT,QAASC,GAAsBnjB,IAC5B,OAAQ,QAAS,UAAUgE,QAAQ,SAAS0D,GAC3C1H,EAAU0H,GAAU,SAASgF,GAC3B,MAAOjO,MAAKqkB,QAAQpb,EAAQgF,MAoClC,QAAS0W,GAAcT,GACrB,QAASU,GAAO3b,EAAQgF,EAAK/F,EAAS4F,GACpC,GAAI+W,GAASN,EAASL,EAAUjb,GAASib,EAAWjW,EACpD,IAAoB,UAAhB4W,EAAO3T,KAEJ,CACL,GAAI2E,GAASgP,EAAO5W,IAChBtI,EAAQkQ,EAAOlQ,KACnB,OAAIA,IACiB,gBAAVA,IACPmf,EAAOvkB,KAAKoF,EAAO,WACdsC,QAAQC,QAAQvC,EAAMof,SAASva,KAAK,SAAS7E,GAClDif,EAAO,OAAQjf,EAAOuC,EAAS4F,IAC9B,SAAS3D,GACVya,EAAO,QAASza,EAAKjC,EAAS4F,KAI3B7F,QAAQC,QAAQvC,GAAO6E,KAAK,SAASwa,GAI1CnP,EAAOlQ,MAAQqf,EACf9c,EAAQ2N,IACP,SAAS1H,GAGV,MAAOyW,GAAO,QAASzW,EAAOjG,EAAS4F,KAvBzCA,EAAO+W,EAAO5W,KA8BlB,QAASgX,GAAQhc,EAAQgF,GACvB,QAASiX,KACP,MAAO,IAAIjd,SAAQ,SAASC,EAAS4F,GACnC8W,EAAO3b,EAAQgF,EAAK/F,EAAS4F,KAIjC,MAAOqX,GAaLA,EAAkBA,EAAgB3a,KAChC0a,EAGAA,GACEA,IA3BR,GAAIC,EAgCJnlB,MAAKqkB,QAAUY,EAwBjB,QAASX,GAAiBT,EAAS9jB,EAAMokB,GACvC,GAAItB,GAAQuC,CAEZ,OAAO,UAAgBnc,EAAQgF,GAC7B,GAAI4U,IAAUwC,EACZ,KAAM,IAAIxc,OAAM,+BAGlB,IAAIga,IAAUyC,EAAmB,CAC/B,GAAe,UAAXrc,EACF,KAAMgF,EAKR,OAAOsX,KAMT,IAHApB,EAAQlb,OAASA,EACjBkb,EAAQlW,IAAMA,IAED,CACX,GAAIuX,GAAWrB,EAAQqB,QACvB,IAAIA,EAAU,CACZ,GAAIC,GAAiBC,EAAoBF,EAAUrB,EACnD,IAAIsB,EAAgB,CAClB,GAAIA,IAAmBE,EAAkB,QACzC,OAAOF,IAIX,GAAuB,SAAnBtB,EAAQlb,OAGVkb,EAAQyB,KAAOzB,EAAQ0B,MAAQ1B,EAAQlW,QAElC,IAAuB,UAAnBkW,EAAQlb,OAAoB,CACrC,GAAI4Z,IAAUuC,EAEZ,KADAvC,GAAQyC,EACFnB,EAAQlW,GAGhBkW,GAAQ2B,kBAAkB3B,EAAQlW,SAEN,WAAnBkW,EAAQlb,QACjBkb,EAAQ4B,OAAO,SAAU5B,EAAQlW,IAGnC4U,GAAQwC,CAER,IAAIR,GAASN,EAASV,EAAS9jB,EAAMokB,EACrC,IAAoB,WAAhBU,EAAO3T,KAAmB,CAO5B,GAJA2R,EAAQsB,EAAQ/V,KACZkX,EACAU,EAEAnB,EAAO5W,MAAQ0X,EACjB,QAGF,QACEhgB,MAAOkf,EAAO5W,IACdG,KAAM+V,EAAQ/V,MAGS,UAAhByW,EAAO3T,OAChB2R,EAAQyC,EAGRnB,EAAQlb,OAAS,QACjBkb,EAAQlW,IAAM4W,EAAO5W,OAU7B,QAASyX,GAAoBF,EAAUrB,GACrC,GAAIlb,GAASuc,EAASnY,SAAS8W,EAAQlb,OACvC,IAAIA,IAAWtE,EAAW,CAKxB,GAFAwf,EAAQqB,SAAW,KAEI,UAAnBrB,EAAQlb,OAAoB,CAE9B,GAAIuc,EAASnY,SAAiB,SAG5B8W,EAAQlb,OAAS,SACjBkb,EAAQlW,IAAMtJ,EACd+gB,EAAoBF,EAAUrB,GAEP,UAAnBA,EAAQlb,QAGV,MAAO0c,EAIXxB,GAAQlb,OAAS,QACjBkb,EAAQlW,IAAM,GAAI0I,WAChB,kDAGJ,MAAOgP,GAGT,GAAId,GAASN,EAAStb,EAAQuc,EAASnY,SAAU8W,EAAQlW,IAEzD,IAAoB,UAAhB4W,EAAO3T,KAIT,MAHAiT,GAAQlb,OAAS,QACjBkb,EAAQlW,IAAM4W,EAAO5W,IACrBkW,EAAQqB,SAAW,KACZG,CAGT,IAAIzX,GAAO2W,EAAO5W,GAElB,OAAMC,GAOFA,EAAKE,MAGP+V,EAAQqB,EAASS,YAAc/X,EAAKvI,MAGpCwe,EAAQpN,KAAOyO,EAASU,QAQD,WAAnB/B,EAAQlb,SACVkb,EAAQlb,OAAS,OACjBkb,EAAQlW,IAAMtJ,GAUlBwf,EAAQqB,SAAW,KACZG,GANEzX,GA3BPiW,EAAQlb,OAAS,QACjBkb,EAAQlW,IAAM,GAAI0I,WAAU,oCAC5BwN,EAAQqB,SAAW,KACZG,GAoDX,QAASQ,GAAaC,GACpB,GAAIC,IAAUC,OAAQF,EAAK,GAEvB,KAAKA,KACPC,EAAME,SAAWH,EAAK,IAGpB,IAAKA,KACPC,EAAMG,WAAaJ,EAAK,GACxBC,EAAMI,SAAWL,EAAK,IAGxBpmB,KAAK0mB,WAAW9hB,KAAKyhB,GAGvB,QAASM,GAAcN,GACrB,GAAIxB,GAASwB,EAAMO,cACnB/B,GAAO3T,KAAO,eACP2T,GAAO5W,IACdoY,EAAMO,WAAa/B,EAGrB,QAAST,GAAQL,GAIf/jB,KAAK0mB,aAAgBJ,OAAQ,SAC7BvC,EAAYxe,QAAQ4gB,EAAcnmB,MAClCA,KAAK6mB,OAAM,GA8Bb,QAAS1K,GAAOjF,GACd,GAAIA,EAAU,CACZ,GAAI4P,GAAiB5P,EAAS6P,EAC9B,IAAID,EACF,MAAOA,GAAevmB,KAAK2W,EAG7B,IAA6B,kBAAlBA,GAASH,KAClB,MAAOG,EAGT,KAAK8P,MAAM9P,EAAS7U,QAAS,CAC3B,GAAIjC,IAAK,EAAG2W,EAAO,QAASA,KAC1B,OAAS3W,EAAI8W,EAAS7U,QACpB,GAAIyiB,EAAOvkB,KAAK2W,EAAU9W,GAGxB,MAFA2W,GAAKpR,MAAQuR,EAAS9W,GACtB2W,EAAK3I,MAAO,EACL2I,CAOX,OAHAA,GAAKpR,MAAQhB,EACboS,EAAK3I,MAAO,EAEL2I,EAGT,OAAOA,GAAKA,KAAOA,GAKvB,OAASA,KAAMwO,GAIjB,QAASA,KACP,OAAS5f,MAAOhB,EAAWyJ,MAAM,GArenC,GAEIzJ,GAFAsiB,EAAKnmB,OAAOS,UACZujB,EAASmC,EAAGzlB,eAEZ0lB,EAA4B,kBAAX9Z,QAAwBA,UACzC2Z,EAAiBG,EAAQ7Z,UAAY,aACrC8Z,EAAsBD,EAAQE,eAAiB,kBAC/CC,EAAoBH,EAAQI,aAAe,eAc/C3nB,GAAQikB,KAAOA,CAoBf,IAAIwB,GAAyB,iBACzBY,EAAyB,iBACzBX,EAAoB,YACpBC,EAAoB,YAIpBK,KAYA4B,IACJA,GAAkBR,GAAkB,WAClC,MAAO/mB,MAGT,IAAIwnB,GAAW1mB,OAAO2mB,eAClBC,EAA0BF,GAAYA,EAASA,EAASrL,OACxDuL,IACAA,IAA4BT,GAC5BnC,EAAOvkB,KAAKmnB,EAAyBX,KAGvCQ,EAAoBG,EAGtB,IAAIC,GAAKlD,EAA2BljB,UAClC0iB,EAAU1iB,UAAYT,OAAO2b,OAAO8K,EAymBtC,OAxmBA/C,GAAkBjjB,UAAYomB,EAAGra,YAAcmX,EAC/CA,EAA2BnX,YAAckX,EACzCC,EAA2B4C,GACzB7C,EAAkBoD,YAAc,oBAYlCjoB,EAAQkoB,oBAAsB,SAASC,GACrC,GAAIC,GAAyB,kBAAXD,IAAyBA,EAAOxa,WAClD,SAAOya,IACHA,IAASvD,GAG2B,uBAAnCuD,EAAKH,aAAeG,EAAKpnB,QAIhChB,EAAQqoB,KAAO,SAASF,GAUtB,MATIhnB,QAAOmnB,eACTnnB,OAAOmnB,eAAeH,EAAQrD,IAE9BqD,EAAOI,UAAYzD,EACb4C,IAAqBS,KACzBA,EAAOT,GAAqB,sBAGhCS,EAAOvmB,UAAYT,OAAO2b,OAAOkL,GAC1BG,GAOTnoB,EAAQwoB,MAAQ,SAASla,GACvB,OAAS8W,QAAS9W,IAsEpByW,EAAsBC,EAAcpjB,WACpCojB,EAAcpjB,UAAU4lB,GAAuB,WAC7C,MAAOnnB,OAETL,EAAQglB,cAAgBA,EAKxBhlB,EAAQyoB,MAAQ,SAASvE,EAASC,EAAS/jB,EAAMgkB,GAC/C,GAAIsE,GAAO,GAAI1D,GACbf,EAAKC,EAASC,EAAS/jB,EAAMgkB,GAG/B,OAAOpkB,GAAQkoB,oBAAoB/D,GAC/BuE,EACAA,EAAKtR,OAAOvM,KAAK,SAASqL,GACxB,MAAOA,GAAOzH,KAAOyH,EAAOlQ,MAAQ0iB,EAAKtR,UAuKjD2N,EAAsBiD,GAEtBA,EAAGN,GAAqB,YAOxBM,EAAGZ,GAAkB,WACnB,MAAO/mB,OAGT2nB,EAAG5jB,SAAW,WACZ,MAAO,sBAkCTpE,EAAQkU,KAAO,SAASxS,GACtB,GAAIwS,KACJ,KAAK,GAAInP,KAAOrD,GACdwS,EAAKjP,KAAKF,EAMZ,OAJAmP,GAAKyU,UAIE,QAASvR,KACd,KAAOlD,EAAKxR,QAAQ,CAClB,GAAIqC,GAAMmP,EAAK0U,KACf,IAAI7jB,IAAOrD,GAGT,MAFA0V,GAAKpR,MAAQjB,EACbqS,EAAK3I,MAAO,EACL2I,EAQX,MADAA,GAAK3I,MAAO,EACL2I,IAsCXpX,EAAQwc,OAASA,EAMjBiI,EAAQ7iB,WACN+L,YAAa8W,EAEbyC,MAAO,SAAS2B,GAcd,GAbAxoB,KAAKyoB,KAAO,EACZzoB,KAAK+W,KAAO,EAGZ/W,KAAK4lB,KAAO5lB,KAAK6lB,MAAQlhB,EACzB3E,KAAKoO,MAAO,EACZpO,KAAKwlB,SAAW,KAEhBxlB,KAAKiJ,OAAS,OACdjJ,KAAKiO,IAAMtJ,EAEX3E,KAAK0mB,WAAWnhB,QAAQohB,IAEnB6B,EACH,IAAK,GAAI7nB,KAAQX,MAEQ,MAAnBW,EAAKyU,OAAO,IACZ0P,EAAOvkB,KAAKP,KAAMW,KACjBqmB,OAAOrmB,EAAK0C,MAAM,MACrBrD,KAAKW,GAAQgE,IAMrB+jB,KAAM,WACJ1oB,KAAKoO,MAAO,CAEZ,IAAIua,GAAY3oB,KAAK0mB,WAAW,GAC5BkC,EAAaD,EAAU/B,UAC3B,IAAwB,UAApBgC,EAAW1X,KACb,KAAM0X,GAAW3a,GAGnB,OAAOjO,MAAK6oB,MAGd/C,kBAAmB,SAASgD,GAM1B,QAASC,GAAOC,EAAKC,GAYnB,MAXApE,GAAO3T,KAAO,QACd2T,EAAO5W,IAAM6a,EACb3E,EAAQpN,KAAOiS,EAEXC,IAGF9E,EAAQlb,OAAS,OACjBkb,EAAQlW,IAAMtJ,KAGNskB,EAjBZ,GAAIjpB,KAAKoO,KACP,KAAM0a,EAmBR,KAAK,GAhBD3E,GAAUnkB,KAgBLI,EAAIJ,KAAK0mB,WAAWrkB,OAAS,EAAGjC,GAAK,IAAKA,EAAG,CACpD,GAAIimB,GAAQrmB,KAAK0mB,WAAWtmB,GACxBykB,EAASwB,EAAMO,UAEnB,IAAqB,SAAjBP,EAAMC,OAIR,MAAOyC,GAAO,MAGhB,IAAI1C,EAAMC,QAAUtmB,KAAKyoB,KAAM,CAC7B,GAAIS,GAAWpE,EAAOvkB,KAAK8lB,EAAO,YAC9B8C,EAAarE,EAAOvkB,KAAK8lB,EAAO,aAEpC,IAAI6C,GAAYC,EAAY,CAC1B,GAAInpB,KAAKyoB,KAAOpC,EAAME,SACpB,MAAOwC,GAAO1C,EAAME,UAAU,EACzB,IAAIvmB,KAAKyoB,KAAOpC,EAAMG,WAC3B,MAAOuC,GAAO1C,EAAMG,gBAGjB,IAAI0C,GACT,GAAIlpB,KAAKyoB,KAAOpC,EAAME,SACpB,MAAOwC,GAAO1C,EAAME,UAAU,OAG3B,KAAI4C,EAMT,KAAM,IAAItgB,OAAM,yCALhB,IAAI7I,KAAKyoB,KAAOpC,EAAMG,WACpB,MAAOuC,GAAO1C,EAAMG,gBAU9BT,OAAQ,SAAS7U,EAAMjD,GACrB,IAAK,GAAI7N,GAAIJ,KAAK0mB,WAAWrkB,OAAS,EAAGjC,GAAK,IAAKA,EAAG,CACpD,GAAIimB,GAAQrmB,KAAK0mB,WAAWtmB,EAC5B,IAAIimB,EAAMC,QAAUtmB,KAAKyoB,MACrB3D,EAAOvkB,KAAK8lB,EAAO,eACnBrmB,KAAKyoB,KAAOpC,EAAMG,WAAY,CAChC,GAAI4C,GAAe/C,CACnB,QAIA+C,IACU,UAATlY,GACS,aAATA,IACDkY,EAAa9C,QAAUrY,GACvBA,GAAOmb,EAAa5C,aAGtB4C,EAAe,KAGjB,IAAIvE,GAASuE,EAAeA,EAAaxC,aAIzC,OAHA/B,GAAO3T,KAAOA,EACd2T,EAAO5W,IAAMA,EAETmb,GACFppB,KAAKiJ,OAAS,OACdjJ,KAAK+W,KAAOqS,EAAa5C,WAClBb,GAGF3lB,KAAKqpB,SAASxE,IAGvBwE,SAAU,SAASxE,EAAQ4B,GACzB,GAAoB,UAAhB5B,EAAO3T,KACT,KAAM2T,GAAO5W,GAcf,OAXoB,UAAhB4W,EAAO3T,MACS,aAAhB2T,EAAO3T,KACTlR,KAAK+W,KAAO8N,EAAO5W,IACM,WAAhB4W,EAAO3T,MAChBlR,KAAK6oB,KAAO7oB,KAAKiO,IAAM4W,EAAO5W,IAC9BjO,KAAKiJ,OAAS,SACdjJ,KAAK+W,KAAO,OACa,WAAhB8N,EAAO3T,MAAqBuV,IACrCzmB,KAAK+W,KAAO0P,GAGPd,GAGT2D,OAAQ,SAAS9C,GACf,IAAK,GAAIpmB,GAAIJ,KAAK0mB,WAAWrkB,OAAS,EAAGjC,GAAK,IAAKA,EAAG,CACpD,GAAIimB,GAAQrmB,KAAK0mB,WAAWtmB,EAC5B,IAAIimB,EAAMG,aAAeA,EAGvB,MAFAxmB,MAAKqpB,SAAShD,EAAMO,WAAYP,EAAMI,UACtCE,EAAcN,GACPV,IAKb,MAAS,SAASW,GAChB,IAAK,GAAIlmB,GAAIJ,KAAK0mB,WAAWrkB,OAAS,EAAGjC,GAAK,IAAKA,EAAG,CACpD,GAAIimB,GAAQrmB,KAAK0mB,WAAWtmB,EAC5B,IAAIimB,EAAMC,SAAWA,EAAQ,CAC3B,GAAIzB,GAASwB,EAAMO,UACnB,IAAoB,UAAhB/B,EAAO3T,KAAkB,CAC3B,GAAIqY,GAAS1E,EAAO5W,GACpB0Y,GAAcN,GAEhB,MAAOkD,IAMX,KAAM,IAAI1gB,OAAM,0BAGlB2gB,cAAe,SAAStS,EAAU+O,EAAYC,GAa5C,MAZAlmB,MAAKwlB,UACHnY,SAAU8O,EAAOjF,GACjB+O,WAAYA,EACZC,QAASA,GAGS,SAAhBlmB,KAAKiJ,SAGPjJ,KAAKiO,IAAMtJ,GAGNghB,IAQJhmB,GAOsBC,EAAOD,QAGtC,KACE8pB,mBAAqB9F,EACrB,MAAO+F,GAUPC,SAAS,IAAK,0BAA0BhG,KjB0xFpC,SAAU/jB,EAAQD,GkB9+GxB,QAASiqB,MAKTA,EAAEroB,WACA6f,GAAI,SAAUzgB,EAAMsb,EAAU/Y,GAC5B,GAAIR,GAAI1C,KAAK0C,IAAM1C,KAAK0C,KAOxB,QALCA,EAAE/B,KAAU+B,EAAE/B,QAAaiE,MAC1B3B,GAAIgZ,EACJ/Y,IAAKA,IAGAlD,MAGT6pB,KAAM,SAAUlpB,EAAMsb,EAAU/Y,GAE9B,QAASigB,KACPpjB,EAAK+pB,IAAInpB,EAAMwiB,GACflH,EAASxY,MAAMP,EAAKI,WAHtB,GAAIvD,GAAOC,IAOX,OADAmjB,GAAS4G,EAAI9N,EACNjc,KAAKohB,GAAGzgB,EAAMwiB,EAAUjgB,IAGjC8mB,KAAM,SAAUrpB,GACd,GAAI2J,MAAUjH,MAAM9C,KAAK+C,UAAW,GAChC2mB,IAAWjqB,KAAK0C,IAAM1C,KAAK0C,OAAS/B,QAAa0C,QACjDjD,EAAI,EACJ8pB,EAAMD,EAAO5nB,MAEjB,KAAKjC,EAAGA,EAAI8pB,EAAK9pB,IACf6pB,EAAO7pB,GAAG6C,GAAGQ,MAAMwmB,EAAO7pB,GAAG8C,IAAKoH,EAGpC,OAAOtK,OAGT8pB,IAAK,SAAUnpB,EAAMsb,GACnB,GAAIvZ,GAAI1C,KAAK0C,IAAM1C,KAAK0C,MACpBynB,EAAOznB,EAAE/B,GACTypB,IAEJ,IAAID,GAAQlO,EACV,IAAK,GAAI7b,GAAI,EAAG8pB,EAAMC,EAAK9nB,OAAQjC,EAAI8pB,EAAK9pB,IACtC+pB,EAAK/pB,GAAG6C,KAAOgZ,GAAYkO,EAAK/pB,GAAG6C,GAAG8mB,IAAM9N,GAC9CmO,EAAWxlB,KAAKulB,EAAK/pB,GAY3B,OAJCgqB,GAAiB,OACd1nB,EAAE/B,GAAQypB,QACH1nB,GAAE/B,GAENX,OAIXJ,EAAOD,QAAUiqB,GlBq/GX,SAAUhqB,EAAQD,EAASM,GmBpiHjC,QAAS8d,GAAkBxa,GACzB,IAAKA,EACH,KAAM,IAAI6E,GAAa,yEAIzB,IAAIkL,GAAS/P,EAAK+P,MAClB,KAAKA,EACH,KAAM,IAAIlL,GAAa,gIAKzB,KADiB,GAAIiiB,QAAO,iBACZzmB,KAAKL,EAAK+P,QACxB,KAAM,IAAIlL,GAAa,2HAIzB,KAAmC,IAA/BkL,EAAOnN,QAAQ,WACjB,KAAM,IAAIiC,GAAa,yIAIzB,IAAI8B,GAAY3G,EAAK2G,SAGrB,IADEA,GAAaA,EAAUogB,WAA6D,IAAjDpgB,EAAUogB,SAASnkB,QAAQ,iBAE9D,KAAM,IAAIiC,GAAa,0IAK3B,QAAS4a,GAAoBxB,GAC3BA,EAAMjW,gBAAkB,WAEtB,MAAOvL,MAAKgJ,QAAQsK,OAAOiH,MAAM,YAAY,IAI/CiH,EAAM+I,eAAiB,SAAUhb,GAC/B,MAAOX,GAAGO,kBAAkBnP,KAAM,kCAAmCuP,IAIvEiS,EAAMgJ,cAAgB,SAAUjb,GAC9B,MAAOX,GAAGO,kBAAkBnP,KAAM,gCAAiCuP,IAIrEiS,EAAMiJ,oBAAsB,SAAUlb,GACpC,MAAOX,GAAGO,kBAAkBnP,KAAM,+BAAgCuP,IAItE,QAASmU,GAAc7F,GACrB,MAAO,UAASxU,EAAakB,GAC3B,QAASmgB,GAASnnB,GAChB,KAAMvD,eAAgB0qB,IACpB,MAAO,IAAIA,GAASnnB,EAGlBA,KACFA,EAAK8F,YAAcA,EAEf9F,EAAKonB,aACPhpB,EAAK2F,UAAU,6EACf/D,EAAKgH,kBAAoBhH,EAAKonB,aACpBpnB,EAAKgH,oBACfhH,EAAKgH,kBAAoBA,IAI7B5I,EAAKqB,KAAK6a,EAAiB7d,MAAMuD,GAQnC,MANAmnB,GAASnpB,UAAYsc,EAAgBtc,UACrCmpB,EAASnpB,UAAU+L,YAAcod,EAGjCA,EAASzM,SAAWJ,EAAgBtc,UAAU0c,SAEvCyM,GAIX,QAASjM,GAAalb,EAAMqnB,GAC1B,GAAI1gB,GAAY3G,EAAK2G,SAErB,OAAKA,GAIDA,EAAUvE,MACLuE,EAAUvE,MAGfuE,EAAUogB,SACLpgB,EAAUogB,SAASroB,QAAQ,gBAA3B,uBAA4D2oB,IAG9D,GAXE,GA9FX,GAAIxiB,GAAeuD,EAAQ,GACvBiD,EAAKjD,EAAQ,GACbhK,EAAOgK,EAAQ,EA0GnB/L,GAAOD,SACLqjB,oBAAqBA,EACrBU,cAAeA,EACf3F,kBAAmBA,EACnBU,aAAcA,InB0jHV,SAAU7e,EAAQD,GoB1qHxB,QAAS2L,GAAanB,EAAK7B,GACzBtI,KAAKW,KAAO,eACZX,KAAKuI,QAAU4B,EAAI1B,aACnBzI,KAAKyI,aAAe0B,EAAI1B,aACxBzI,KAAKwI,UAAY2B,EAAI3B,UACrBxI,KAAK0I,UAAYyB,EAAIzB,UACrB1I,KAAK2I,QAAUwB,EAAIxB,QACnB3I,KAAK4I,YAAcuB,EAAIvB,YAEnBN,IACFtI,KAAKsI,IAAMA,GAGfgD,EAAa/J,UAAY,GAAIsH,OAE7BjJ,EAAOD,QAAU2L,GpB2rHX,SAAU1L,EAAQD,GqB1sHxB,QAASwQ,KACPnQ,KAAKW,KAAO,oBACZX,KAAKuI,QAAU,kCAEjB4H,EAAkB5O,UAAY,GAAIsH,OAElCjJ,EAAOD,QAAUwQ,GrB2tHX,SAAUvQ,EAAQD,EAASM,GsB7tHjC,QAAS+e,GAAcjW,GACrB,MAAOA,GAAI8V,QAAQ3d,MAChBsJ,KAAK,SAASJ,GACb,MAAmB,WAAfA,EAAIgB,SAKTF,MAAM,WACL,OAAO,IAIb,QAAS+T,GAAWlW,GAClB,MAAO2F,GAAKxN,IAAI6H,EAAK,uBACpByB,KAAK,SAASqU,GACb,GAAIzU,GAAMzI,EAAKqE,KAAK6Y,EAAS,SAU7B,OARAzU,GAAI8U,QAAU,WACZ,MAAOxQ,GAAKjD,KAAK1C,EAAKpH,EAAK8E,QAAQoY,EAAS,WAAWnP,OAGzDtF,EAAIygB,KAAO,WACT,MAAOnc,GAAKxN,IAAI6H,EAAKpH,EAAK8E,QAAQoY,EAAS,QAAQnP,OAG9CtF,IAERc,MAAM,WAEL,OAAQE,OAAQ,cAIpB,QAAS2T,GAAahW,GACpB,MAAO2F,GAAK5F,YAAYC,GACtBpF,IAAKoF,EAAIwC,kBAAoB,sBAC7BtC,OAAQ,WAIZ,QAASkW,GAAepW,GACtB,MAAO2F,GAAKjD,KAAK1C,EAAK,yCAGxB,QAASqW,GAAqBrW,EAAK+hB,EAAcC,GAC/CA,EAAcA,GAAehkB,OAAOqM,SAAS1D,KAC7C3I,OAAOqM,SAAWrK,EAAIwC,kBAAoB,+BACxC5J,EAAK8C,eACHumB,2BAA2B,EAC3BxL,MAAOsL,EACPC,YAAaA,IAtDnB,GAAIppB,GAAOgK,EAAQ,GACf+C,EAAO/C,EAAQ,EAyDnB/L,GAAOD,SACLqf,cAAeA,EACfC,WAAYA,EACZF,aAAcA,EACdI,eAAgBA,EAChBC,qBAAsBA,ItBovHlB,SAAUxf,EAAQD,EAASM,GuBvyHjC,QAAS8f,GAAYhX,EAAKyW,GACxB,MAAOvX,SAAQC,UACdsC,KAAK,WACJ,IAAKgV,IAAUA,EAAMrW,YACnB,KAAM,IAAIf,GAAa,0CAEzB,IAAI8L,GAAWnL,EAAIC,QAAQkL,QAC3B,KAAKA,EACH,KAAM,IAAI9L,GAAa,6EAEzB,IAAIyM,GAAY0M,EAAU/M,aAAazL,GAAK8L,UACxC1L,EAAcqW,EAAMrW,YACpB5F,EAAO5B,EAAK8C,eAEdwmB,gBAAiB,eACjBzL,MAAOrW,IACN9F,MAAM,GACL6nB,EAAQnpB,KAAKmS,EACjB,OAAOxF,GAAKjD,KAAK1C,EAAK8L,EAAWtR,GAC/B0G,SACE,eAAgB,oCAChB,cAAiB,SAAWihB,OAMpC,QAASrL,GAAYL,GACnB,GACI2L,GADAC,EAAM5L,EAAMjF,MAAM,IAGtB,KACE4Q,GACE7T,OAAQzR,KAAKE,MAAMpE,EAAKS,kBAAkBgpB,EAAI,KAC9CC,QAASxlB,KAAKE,MAAMpE,EAAKS,kBAAkBgpB,EAAI,KAC/CE,UAAWF,EAAI,IAEjB,MAAM1oB,GACN,KAAM,IAAI0F,GAAa,mBAGzB,MAAO+iB,GAIT,QAAS/K,GAAYrX,EAAKyW,EAAOxL,GAC/B,MAAO/L,SAAQC,UACdsC,KAAK,WACJ,IAAKgV,IAAUA,EAAM3N,QACnB,KAAM,IAAIzJ,GAAa,gCAGzB,IAAIgjB,GAAMvL,EAAYL,EAAM3N,SAExB0Z,GACFrX,SAAUnL,EAAIC,QAAQkL,SACtBZ,OAAQvK,EAAIC,QAAQsK,OACpBsL,gBAAiB7V,EAAIC,QAAQ4V,gBAU/B,OAPAjd,GAAK0D,OAAOkmB,EAAmBvX,GAG/BuN,EAAUzN,eAAe/K,EAAKqiB,EAAIC,QAASE,GAIF,GAArCA,EAAkB3M,iBAA4B7V,EAAIkV,SAAS2D,yBAIxDL,EAAU/N,OAAOzK,EAAKyW,EAAMlM,OAAQ8X,EAAI9T,OAAO7D,KACrDjJ,KAAK,SAAS9F,GACb,MAAO8mB,GAAUpL,YAAYZ,EAAM3N,QAASnN,KAE7C8F,KAAK,SAASihB,GACb,IAAKA,EACH,KAAM,IAAIrjB,GAAa,mCAEzB,IAAI4L,EAAiB7K,aAAeqW,EAAMzL,OAAO2X,QAC/C,MAAOF,GAAUG,YAAY3X,EAAiB7K,aAC3CqB,KAAK,SAAAohB,GACJ,GAAIA,IAASpM,EAAMzL,OAAO2X,QACxB,KAAM,IAAItjB,GAAa,sCAKhCoC,KAAK,WACJ,MAAOgV,KArBAA,IA0Bb,QAASqM,GAAuB9iB,EAAKma,EAASL,GAC5C,GAAIiJ,GACAC,CA2BJ,OA1B2B,IAAI9jB,SAAQ,SAASC,EAAS4F,GAEvDge,EAAkB,SAAyBppB,GACzC,GAAKA,EAAE4H,MAAQ5H,EAAE4H,KAAKuY,QAAUA,EAShC,MAAIngB,GAAEggB,SAAW3Z,EAAIwC,kBACZuC,EAAO,GAAI1F,GAAa,wDAGjCF,GAAQxF,EAAE4H,OAGZiX,EAAUxP,YAAYhL,OAAQ,UAAW+kB,GAEzCC,EAAY5jB,WAAW,WACrB2F,EAAO,GAAI1F,GAAa,0BACvB8a,GAAW,QAIbG,QAAQ,WACPC,aAAayI,GACbxK,EAAUpP,eAAepL,OAAQ,UAAW+kB,KAIlD,QAASE,GAAoBjjB,EAAKkjB,EAAU/I,GAC1C,GAAI6I,EA8BJ,OA7Bc,IAAI9jB,SAAQ,SAASC,EAAS4F,GAC1C,QAASoe,KAQP,IACMD,GACAA,EAAS7Y,UACT6Y,EAAS7Y,SAASwY,KACpB1jB,EAAQqZ,EAAU4K,aAAaF,EAAS7Y,SAASwY,OACxCK,IAAaA,EAASG,QAC/BjkB,WAAW+jB,EAAmB,KAEhC,MAAO/hB,GACPhC,WAAW+jB,EAAmB,MAIlCA,IAEAH,EAAY5jB,WAAW,WACrB2F,EAAO,GAAI1F,GAAa,0BACvB8a,GAAW,QAGDG,QAAQ,WACrBC,aAAayI,KAIjB,QAASM,GAAqBtjB,EAAKujB,EAAaC,EAAmBC,GAGjE,GAAIC,GAAOC,EAAKC,SAAS5jB,GACrB6jB,GACF1Y,SAAUoY,EAAYpY,SACtBqY,kBAAmBA,EACnBM,aAAcJ,EAAKI,aACnBxO,YAAaoO,EAAKpO,YAEpB,OAAOqO,GAAKI,SAAS/jB,EAAK6jB,EAAgBJ,GACzChiB,KAAK,SAASJ,GAEb,MADA2iB,GAAiB3iB,EAAKwiB,GACfxiB,IAERiZ,QAAQ,WACPqJ,EAAKM,UAAUjkB,KAInB,QAASgkB,GAAiB3iB,EAAKkiB,GAC7B,GAAIliB,EAAG,OAAaA,EAAG,kBACrB,KAAM,IAAI6iB,GAAW7iB,EAAG,MAAWA,EAAG,kBAGxC,IAAIA,EAAIyY,QAAUyJ,EAAYzJ,MAC5B,KAAM,IAAIza,GAAa,yDAI3B,QAAS8kB,GAAoBnkB,EAAKujB,EAAaliB,EAAKoiB,GAClDA,EAAOA,KAEP,IAAI1W,GAAewW,EAAYxW,YAC1B1S,OAAMmN,QAAQuF,KACjBA,GAAgBA,GAGlB,IAAIhE,GAASnQ,EAAKiE,MAAM0mB,EAAYxa,QAChCoC,EAAWoY,EAAYpY,UAAYnL,EAAIC,QAAQkL,SAC/CkK,GAA4B,IAArBrV,EAAIC,QAAQoV,IAEvB,OAAOnW,SAAQC,UACdsC,KAAK,WAMJ,MALAuiB,GAAiB3iB,EAAKkiB,GAKlBliB,EAAI+iB,MAAQ/O,GACdtI,GAAgB,QAAS,YAClBuW,EAAqBtjB,EAAKujB,EAAaliB,EAAI+iB,KAAMX,IAEnDpiB,IACNI,KAAK,SAASJ,GACf,GAAIgjB,MACAC,EAAYjjB,EAAIkjB,WAChBC,EAAYnjB,EAAIojB,WAChBrkB,EAAciB,EAAIqjB,aAClB5b,EAAUzH,EAAIsjB,QAclB,IAZIvkB,IACFikB,EAAUjkB,aACRxD,MAAOwD,EACPA,YAAaA,EACbY,UAAW4jB,OAAON,GAAaloB,KAAKC,MAAMd,KAAKwF,MAAM,KACrDyjB,UAAWA,EACXzb,OAAQA,EACR2C,aAAc+X,EAAK/X,aACnBC,YAAa8X,EAAK9X,cAIlB7C,EAAS,CACX,GAAIuZ,GAAMriB,EAAIyW,MAAM7F,OAAO9H,GAEvB+b,GACFjoB,MAAOkM,EACPA,QAASA,EACTkC,OAAQqX,EAAIC,QACZthB,UAAWqhB,EAAIC,QAAQ/W,IACvBxC,OAAQA,EACR2C,aAAc+X,EAAK/X,aACnBnB,OAAQkZ,EAAKlZ,OACbY,SAAUA,GAGRF,GACFE,SAAUA,EACVZ,OAAQkZ,EAAKlZ,OACbc,MAAOkY,EAAYlY,MACnBjL,YAAaA,EAOf,YAJoCxE,KAAhC2nB,EAAY1N,kBACd5K,EAAiB4K,gBAAkB0N,EAAY1N,iBAG1CwB,EAAYrX,EAAK6kB,EAAY5Z,GACnCxJ,KAAK,WAEJ,MADA4iB,GAAUvb,QAAU+b,EACbR,IAIX,MAAOA,KAER5iB,KAAK,SAAS4iB,GAEb,IAAuC,IAAnCtX,EAAa3P,QAAQ,WAAoBinB,EAAUjkB,YAErD,KAAM,IAAIf,GAAa,gHAEzB,KAA0C,IAAtC0N,EAAa3P,QAAQ,cAAuBinB,EAAUvb,QAExD,KAAM,IAAIzJ,GAAa,+GAGzB,QACEylB,OAAQT,EACRvK,MAAOzY,EAAIyY,MACXsK,KAAM/iB,EAAI+iB,QAKhB,QAASW,GAAsB/kB,GAC7B,OACEqV,KAAMrV,EAAIC,QAAQoV,KAClBlK,SAAUnL,EAAIC,QAAQkL,SACtBmK,YAAatV,EAAIC,QAAQqV,aAAetX,OAAOqM,SAAS1D,KACxDoG,cAAe,QAAS,YACxByI,aAAcxV,EAAIC,QAAQuV,aAC1BsE,MAAOtB,EAAU7P,gBACjB0C,MAAOmN,EAAU5P,gBACjBG,QAAS,SAAU,SACnB8M,gBAAiB7V,EAAIC,QAAQ4V,iBAIjC,QAASmP,GAAgCzB,GAEvC,IAAKA,EAAYpY,SACf,KAAM,IAAI9L,GAAa,0EAGzB,IAAIzG,EAAKkC,SAASyoB,EAAYxW,gBAA4D,IAA3CwW,EAAYxW,aAAa3P,QAAQ,KAC9E,KAAM,IAAIiC,GAAa,2DAIzB,IAAI4lB,GAAmBrsB,EAAK8D,YAC1B,UAAa6mB,EAAYpY,SACzB,eAAkBoY,EAAY2B,cAC9B,sBAAyB3B,EAAY4B,oBACrC,QAAW5B,EAAY3Z,QACvB,IAAO2Z,EAAY6B,IACnB,UAAa7B,EAAY8B,SACzB,WAAc9B,EAAY+B,UAC1B,QAAW/B,EAAYgC,OACvB,MAAShC,EAAYlY,MACrB,OAAUkY,EAAYiC,OACtB,aAAgBjC,EAAYjO,YAC5B,cAAiBiO,EAAY/N,aAC7B,cAAiB+N,EAAYxW,aAC7B,aAAgBwW,EAAYxB,aAC5B,MAASwB,EAAYzJ,OASvB,KANC,YAAa,iBAAiBtd,QAAS,SAAUipB,GAC5CprB,MAAMmN,QAAQyd,EAAiBQ,MACjCR,EAAiBQ,GAAcR,EAAiBQ,GAAY1pB,KAAK,SAIf,IAAlDwnB,EAAYxW,aAAa3P,QAAQ,cACS,IAA1CmmB,EAAYxa,OAAO3L,QAAQ,UAC7B,KAAM,IAAIiC,GAAa,oFAKzB,OAHE4lB,GAAiBS,MAAQnC,EAAYxa,OAAOhN,KAAK,KAG5CkpB,EAGT,QAASU,GAAqBpC,GAC5B,GAAI0B,GAAmBD,EAAgCzB,EACvD,OAAO3qB,GAAK8C,cAAcupB,GAqD5B,QAASlB,GAAS/jB,EAAKC,GACrB,MAAI1F,WAAUjB,OAAS,EACd4F,QAAQ6F,OAAO,GAAI1F,GAAa,sEAGzCY,EAAUA,MAEH2lB,EAAmB5lB,EAAKC,GAC9BwB,KAAK,SAAS8hB,GAuCb,QAASsC,GAAUjrB,GAGjB,MADkB,2CACC4R,KAAK5R,GAAK,GAvC/B,GAAIkrB,IACFN,OAAQ,OACRhQ,aAAc,oBACd5L,QAAS,MAGPmc,GACFnc,QAAS,QAGP3J,GAAQ8hB,aACVnpB,EAAK0D,OAAOinB,EAAauC,GAChB7lB,EAAQmlB,KACjBxsB,EAAK0D,OAAOinB,EAAawC,EAI3B,IAAIC,GACAC,EACAxC,CAGJA,GAAOjL,EAAU/M,aAAazL,EAAKujB,GACnC0C,EAAWhmB,EAAQ6jB,aAAeL,EAAK7X,SAAW6X,EAAK/X,aACvDsa,EAAaC,EAAWN,EAAqBpC,EAmB7C,QAfIA,EAAYxB,cAAwC,OAAxBwB,EAAY3Z,QAC/B,SACsB,UAAxB2Z,EAAY3Z,QACV,QAEA,YAWX,IAAK,SACH,GAAIsc,GAAgBpD,EAAuB9iB,EAAKC,EAAQka,QAASoJ,EAAYzJ,OACzEqM,EAAW3N,EAAUjP,UAAUyc,EACnC,OAAOE,GACJzkB,KAAK,SAASJ,GACb,MAAO8iB,GAAoBnkB,EAAKujB,EAAaliB,EAAKoiB,KAEnDnJ,QAAQ,WACHzb,SAASgL,KAAK2Q,SAAS2L,IACzBA,EAAS1L,cAAcC,YAAYyL,IAI3C,KAAK,QACH,GAAIC,EAIJ,IAAiC,sBAA7B7C,EAAY/N,aAAsC,CACpD,IAAKxV,EAAIkV,SAASwD,8BAChB,KAAM,IAAIrZ,GAAa,qDAEzB+mB,GAAetD,EAAuB9iB,EAAKC,EAAQka,QAASoJ,EAAYzJ,OAI1E,GAAIuM,IACFpc,WAAYhK,EAAQgK,YAElBiZ,EAAW1K,EAAUzO,UAAUic,EAAYK,EAG/C,IAAiC,aAA7B9C,EAAY/N,aAA6B,CAC3C,GAAI8Q,GAAeT,EAAU7lB,EAAI8I,QAAQyN,UAAUC,oBAC/C+P,EAAoBV,EAAUtC,EAAYjO,YAC9C,IAAIgR,IAAiBC,EACnB,KAAM,IAAIlnB,GAAa,2CAA6CknB,EAClE,yCAA2CD,EAAe,IAE9DF,GAAenD,EAAoBjjB,EAAKkjB,EAAUjjB,EAAQka,SAwB5D,MApBmB,IAAIjb,SAAQ,SAASC,EAAS4F,GAC/C,GAAIyhB,GAAcC,YAAY,WACvBvD,IAAYA,EAASG,SACxBqD,cAAcF,GACdzhB,EAAO,GAAI1F,GAAa,0CAEzB,IAGH+mB,GACC3kB,KAAK,SAASJ,GACbqlB,cAAcF,GACdrnB,EAAQkC,KAETc,MAAM,SAASf,GACdslB,cAAcF,GACdzhB,EAAO3D,OAKRK,KAAK,SAASJ,GACb,MAAO8iB,GAAoBnkB,EAAKujB,EAAaliB,EAAKoiB,KAEnDnJ,QAAQ,WACH4I,IAAaA,EAASG,QACxBH,EAASnN,SAIjB,SACE,KAAM,IAAI1W,GAAa,oDAK/B,QAASqX,GAAiB1W,EAAKC,GAC7B,MAAI1F,WAAUjB,OAAS,EACd4F,QAAQ6F,OAAO,GAAI1F,GAAa,8EAEzCY,EAAUrH,EAAKiE,MAAMoD,OACrBrH,EAAK0D,OAAO2D,GACVulB,OAAQ,OACRhQ,aAAc,oBACd5L,QAAS,OAEJma,EAAS/jB,EAAKC,IAGvB,QAAS0W,GAAa3W,EAAKC,GACzB,MAAI1F,WAAUjB,OAAS,EACd4F,QAAQ6F,OAAO,GAAI1F,GAAa,0EAEzCY,EAAUrH,EAAKiE,MAAMoD,OACrBrH,EAAK0D,OAAO2D,GACV2J,QAAS,QACT4L,aAAc,sBAETuO,EAAS/jB,EAAKC,IAGvB,QAAS2lB,GAAmB5lB,EAAKC,GAE/BA,EAAUrH,EAAKiE,MAAMoD,MAGrB,IAAIsjB,GAAcwB,EAAsB/kB,EAGxC,IAFApH,EAAK0D,OAAOinB,EAAatjB,IAEA,IAArBsjB,EAAYlO,KACd,MAAOnW,SAAQC,QAAQokB,EAIzB,KAAKvjB,EAAIkV,SAASgE,kBAAmB,CACnC,GAAIyN,GAAe,qFASnB,OARK3mB,GAAIkV,SAASE,YAEhBuR,GAAgB,oGAEb3mB,EAAIkV,SAAS8D,mBAEhB2N,GAAgB,0GAEXznB,QAAQ6F,OAAO,GAAI1F,GAAasnB,IAWzC,MAPKpD,GAAY4B,sBACf5B,EAAY4B,oBAAsBxB,EAAKiD,+BAIzCrD,EAAYxW,aAAe,OAEpByL,EAAUlO,aAAatK,EAAK,MAChCyB,KAAK,SAASJ,GAEb,IAA0D,KAD5CA,EAAG,sCACLjE,QAAQmmB,EAAY4B,qBAC9B,KAAM,IAAI9lB,GAAa,mCAG1BoC,KAAK,WAEJ,GAAIqiB,GAAeH,EAAKkD,iBAAiBtD,EAAYO,cAGjDJ,GACFI,aAAcA,EACdxO,YAAaiO,EAAYjO,YAI3B,OAFAqO,GAAKmD,SAAS9mB,EAAK0jB,GAEZC,EAAKoD,iBAAiBjD,KAE9BriB,KAAK,SAASyjB,GAGb,GAAI8B,GAAepuB,EAAKiE,MAAM0mB,MAI9B,OAHA3qB,GAAK0D,OAAO0qB,EAAczD,GACxB2B,cAAeA,IAEV8B,IAIb,QAASpQ,GAAgB5W,EAAKC,GAC5B,MAAI1F,WAAUjB,OAAS,EACd4F,QAAQ6F,OAAO,GAAI1F,GAAa,6EAEzCY,EAAUrH,EAAKiE,MAAMoD,OAEd2lB,EAAmB5lB,EAAKC,GAC5BwB,KAAK,SAAS8hB,GACb,GAAIE,GAAOjL,EAAU/M,aAAazL,EAAKC,GACnC+lB,EAAavC,EAAK/X,aAAeia,EAAqBpC,EAG1D7iB,GAAQsB,IAAIF,EAAUmlB,kCAAmCnqB,KAAKC,WAC5DgQ,aAAcwW,EAAYxW,aAC1B+M,MAAOyJ,EAAYzJ,MACnBzO,MAAOkY,EAAYlY,MACnBtC,OAAQwa,EAAYxa,OACpBoC,SAAUoY,EAAYpY,SACtBsY,KAAMA,EACN5N,gBAAiB0N,EAAY1N,kBAC3B,KAAM7V,EAAIC,QAAQS,SAGtBA,EAAQsB,IAAIF,EAAUolB,2BAA4B3D,EAAYlY,MAAO,KAAMrL,EAAIC,QAAQS,SAGvFA,EAAQsB,IAAIF,EAAUqlB,2BAA4B5D,EAAYzJ,MAAO,KAAM9Z,EAAIC,QAAQS,SAEvFV,EAAIyW,MAAMG,gBAAgBU,aAAa0O,MAI7C,QAAS9O,GAAWlX,EAAKyW,GACvB,IAAK+B,EAAU3P,QAAQ4N,GACrB,MAAOvX,SAAQ6F,OAAO,GAAI1F,GAAa,sFAIzC,IAAI0N,EASJ,OAPEA,GADE/M,EAAIC,QAAQoV,KACC,OACNoB,EAAMrW,YACA,QAEA,WAGVJ,EAAIyW,MAAMC,kBACf3J,aAAcA,EACdhE,OAAQ0N,EAAM1N,OACd2C,aAAc+K,EAAM/K,aACpBC,YAAa8K,EAAM9K,YACnBpB,OAAQkM,EAAMlM,SAEf9I,KAAK,SAASJ,GAEb,GAAIyjB,GAASzjB,EAAIyjB,MACjB,OAAOrO,GAAM3N,QAAUgc,EAAOhc,QAAUgc,EAAO1kB,cAInD,QAASgnB,GAAWpnB,GAClB,GAAIqnB,GAAgBrnB,EAAIyW,MAAMI,aAAaU,cACvC+P,EAAYtnB,EAAIyW,MAAMI,aAAaa,eACnC6P,EAAYvnB,EAAIyW,MAAMI,aAAaY,cACnC4P,IAAiBA,EAAcG,aACjCH,EAAcG,aAAa,KAAMF,EAAUtd,MAAOud,EAAUE,SAAWF,EAAUG,QAEjFH,EAAU1E,KAAO,GAIrB,QAAS8E,GAAa3nB,GACpB,GAAIqnB,GAAgBrnB,EAAIyW,MAAMI,aAAaU,cACvC+P,EAAYtnB,EAAIyW,MAAMI,aAAaa,eACnC6P,EAAYvnB,EAAIyW,MAAMI,aAAaY,cACnC4P,IAAiBA,EAAcG,aACjCH,EAAcG,aAAa,KAAMF,EAAUtd,MAAOud,EAAUE,SAAWF,EAAU1E,MAEjF0E,EAAUG,OAAS,GAIvB,QAAS7Q,GAAa7W,EAAKC,GACzBA,EAAUA,MACNrH,EAAKkC,SAASmF,KAChBA,GAAYrF,IAAKqF,GAInB,IAKI2nB,GALAC,EAAsB7nB,EAAIC,QAAQoV,KAAO,QAAU,WAEnDza,EAAMqF,EAAQrF,IACd4a,EAAevV,EAAQuV,cAAgBxV,EAAIC,QAAQuV,cAAgBqS,EACnEN,EAAYvnB,EAAIyW,MAAMI,aAAaY,cASvC,MALEmQ,EADmB,UAAjBpS,EACS5a,EAAMA,EAAI0R,UAAU1R,EAAIwC,QAAQ,MAAQmqB,EAAUG,OAElD9sB,EAAMA,EAAI0R,UAAU1R,EAAIwC,QAAQ,MAAQmqB,EAAU1E,MAI7D,MAAO3jB,SAAQ6F,OAAO,GAAI1F,GAAa,wCAGzC,IAAIyoB,GAAoBpnB,EAAQvI,IAAI2J,EAAUmlB,kCAC9C,KAAKa,EACH,MAAO5oB,SAAQ6F,OAAO,GAAI1F,GAAa,mDAGzC,KACE,GAAIkkB,GAAczmB,KAAKE,MAAM8qB,GACzBrE,EAAOF,EAAYE,WAChBF,GAAYE,KACnB/iB,EAAQmB,OAAOC,EAAUmlB,mCACzB,MAAMttB,GACN,MAAOuF,SAAQ6F,OAAO,GAAI1F,GAAa,uBACvCyC,EAAUmlB,kCAAoC,YAActtB,EAAE6F,UAGhE,MAAON,SAAQC,QAAQqZ,EAAUxM,kBAAkB4b,IAChDnmB,KAAK,SAASJ,GAKb,MAJKzG,KAEc,UAAjB4a,EAA2BmS,EAAa3nB,GAAOonB,EAAWpnB,IAErDmkB,EAAoBnkB,EAAKujB,EAAaliB,EAAKoiB,KvBozHxD,QuBhzHetM,G,OvBizHb,MAAO4Q,GAAartB,MAAMzD,KAAMsD,WAGlC,QAASwtB,KA2FP,MA1FAA,GAAeziB,EAEfiT,EAAoB0G,KuBvzHtB,WAA2Bjf,EAAKgoB,EAAmBC,GAAnD,iEAEOD,EAFP,gCAG8BhoB,EAAImY,aAAahgB,IAAI,cAHnD,QAGI6vB,EAHJ,iBAKOC,EALP,gCAM0BjoB,EAAImY,aAAahgB,IAAI,UAN/C,QAMI8vB,EANJ,iBASOD,IACCxP,EAAU3P,QAAQmf,IAAuBA,EAAkB5nB,aAAgB4nB,EAAkBrc,aAVrG,0CAWWzM,QAAQ6F,OAAO,GAAI1F,GAAa,gDAX3C,YAcO4oB,IACDzP,EAAU3P,QAAQof,IAAmBA,EAAcnf,SAfzD,0CAgBW5J,QAAQ6F,OAAO,GAAI1F,GAAa,4CAhB3C,kCAmBSsG,EAAK5F,YAAYC,GACtBpF,IAAKotB,EAAkBrc,YACvBzL,OAAQ,MACRE,YAAa4nB,EAAkB5nB,cAEhCqB,KAAK,SAAAymB,GAEJ,MAAIA,GAASC,MAAQF,EAAcjd,OAAOmd,IACjCD,EAEFhpB,QAAQ6F,OAAO,GAAI1F,GAAa,6DAExC8C,MAAM,SAASf,GACd,GAAIA,EAAI7B,MAA2B,MAAnB6B,EAAI7B,IAAI8C,QAAqC,MAAnBjB,EAAI7B,IAAI8C,QAAiB,CACjE,GAAI+lB,EAMJ,IALIhnB,EAAI7B,IAAI2B,SAAWtI,EAAKmG,WAAWqC,EAAI7B,IAAI2B,QAAQ/I,MAAQiJ,EAAI7B,IAAI2B,QAAQ/I,IAAI,oBACjFiwB,EAAqBhnB,EAAI7B,IAAI2B,QAAQ/I,IAAI,oBAChCS,EAAKmG,WAAWqC,EAAI7B,IAAI8oB,qBACjCD,EAAqBhnB,EAAI7B,IAAI8oB,kBAAkB,qBAE7CD,EAAoB,CACtB,GAAIE,GAAeF,EAAmB/sB,MAAM,qBACxCktB,EAA0BH,EAAmB/sB,MAAM,iCACnD+J,EAAQkjB,EAAa,GACrBE,EAAmBD,EAAwB,EAC3CnjB,IAASojB,IACXpnB,EAAM,GAAI8iB,GAAW9e,EAAOojB,KAIlC,KAAMpnB,KAjDV,2CvB+4HS2mB,EAAartB,MAAMzD,KAAMsD,WAh2BlC,GAAIge,GAAsBrhB,EAAoB,GAE1CoO,EAAoBpO,EAAoB,GuBtzHxCyO,EAAgB/C,EAAQ,GACxBhK,EAAgBgK,EAAQ,GACxB4V,EAAgB5V,EAAQ,IACxB6f,EAAgB7f,EAAQ,IACxBvD,EAAgBuD,EAAQ,GACxBshB,EAAgBthB,EAAQ,IACxBd,EAAgBc,EAAQ,GACxBlC,EAAgBkC,EAAQ,GAA4BrC,QACpDojB,EAAgB/gB,EAAQ,GAkzB5B/L,GAAOD,SACLogB,YAAaA,EACb+M,SAAUA,EACVrN,iBAAkBA,EAClBC,aAAcA,EACdC,gBAAiBA,EACjBC,aAAcA,EACdC,YAAaA,EACbI,WAAYA,EACZC,YAAaA,EACbE,YAAaA,EACb8M,oBAAqBA,EACrByB,mBAAoBA,IvBk2HhB,SAAU/uB,EAAQD,EAASM,GwBxqJjC,QAAS0rB,GAAY9pB,GACnB,GAAIe,IAAS,GAAIof,cAAcwP,OAAO3vB,EACtC,OAAOggB,QAAOC,OAAO2P,OAAO,UAAW7uB,GAAQ4H,KAAK,SAAS8O,GAC3D,GAAIoY,GAAY,GAAI7uB,YAAWyW,GAC3BqY,EAAYD,EAAUruB,MAAM,EAAG,IAC/BuoB,EAAOlV,OAAO+B,aAAahV,MAAM,KAAMkuB,EAE3C,OADWhwB,GAAKC,kBAAkBgqB,KAKtC,QAASxL,GAAYvO,EAASnN,GAC5BA,EAAM/C,EAAKiE,MAAMlB,EAEjB,IACIktB,IACFjxB,KAAM,oBACNirB,MAAQjrB,KAAM,YAGZkxB,GAAU,SAOd,cAFOntB,GAAIotB,IAEJjQ,OAAOC,OAAOiQ,UAbR,MAeXrtB,EACAktB,GAXgB,EAahBC,GAEDrnB,KAAK,SAASwnB,GACb,GAAI5G,GAAMvZ,EAAQ0I,MAAM,KACpB8Q,EAAU1pB,EAAKgB,eAAeyoB,EAAI,GAAK,IAAMA,EAAI,IACjD6G,EAAetwB,EAAKoB,gBAAgBqoB,EAAI,IACxCE,EAAY3pB,EAAKgB,eAAesvB,EAEpC,OAAOpQ,QAAOC,OAAO3B,OACnByR,EACAI,EACA1G,EACAD,KA9CN,GAAI1pB,GAAOgK,EAAQ,EAmDnB/L,GAAOD,SACLgsB,YAAaA,EACbvL,YAAaA,IxBirJT,SAAUxgB,EAAQD,GyBtuJxB,QAASstB,GAAWzkB,EAAW0pB,GAC7BlyB,KAAKW,KAAO,aACZX,KAAKuI,QAAU2pB,EAEflyB,KAAKwI,UAAYA,EACjBxI,KAAKyI,aAAeypB,EAEtBjF,EAAW1rB,UAAY,GAAIsH,OAE3BjJ,EAAOD,QAAUstB,GzBsvJX,SAAUrtB,EAAQD,EAASM,G0BnvJjC,QAASkyB,GAASC,GAChB,OAAQ,IAAMA,EAAIruB,SAAS,KAAKsuB,QAAQ,GAG1C,QAASC,GAAgBjwB,GACvB,GAAIkwB,GAAI,GAAI1vB,YAAWsC,KAAKqtB,KAAKnwB,EAAS,GAG1C,OAFAwf,QAAO4Q,gBAAgBF,GACbnvB,MAAMsvB,KAAKH,EAAGJ,GAASrtB,KAAK,IAC3BzB,MAAM,EAAGhB,GAGtB,QAASutB,GAAiB+C,GACxB,GAAIC,GAAWD,GAAU,EAIzB,OAHIC,GAASvwB,OAASwwB,IACpBD,GAAsBN,EAAgBO,EAAsBD,EAASvwB,SAEhEwC,mBAAmB+tB,GAAUvvB,MAAM,EAAGyvB,GAG/C,QAASlpB,GAAWb,GAClB,MAAOA,GAAIC,QAAQK,YAAY8C,eAAepD,EAAIC,QAAQS,SAG5D,QAASomB,GAAS9mB,EAAK0jB,GACP7iB,EAAWb,GACjB2E,WAAW+e,GAGrB,QAASE,GAAS5jB,GAGhB,MAFca,GAAWb,GACPa,aAIpB,QAASojB,GAAUjkB,GACHa,EAAWb,GACjB4E,eAIV,QAASmiB,GAAiBjuB,GACxB,GAAIe,IAAS,GAAIof,cAAcwP,OAAO3vB,EACtC,OAAOggB,QAAOC,OAAO2P,OAAO,UAAW7uB,GAAQ4H,KAAK,SAAS8O,GAC3D,GAAIsS,GAAOlV,OAAO+B,aAAahV,MAAM,KAAM,GAAIZ,YAAWyW,GAE1D,OADW3X,GAAKC,kBAAkBgqB,KAMtC,QAASmH,GAAgBC,GAEvB,IAAKA,EAAa9e,SAChB,KAAM,IAAI9L,GAAa,0EAGzB,KAAK4qB,EAAa3U,YAChB,KAAM,IAAIjW,GAAa,qEAGzB,KAAK4qB,EAAazG,kBAChB,KAAM,IAAInkB,GAAa,4EAGzB,KAAK4qB,EAAanG,aAChB,KAAM,IAAIzkB,GAAa,iFAI3B,QAAS6qB,GAAYjqB,GAEnB,GAAI6H,GAASlP,EAAK8D,YAChB,UAAauD,EAAQkL,SACrB,aAAgBlL,EAAQqV,YACxB,WAAc,qBACd,KAAQrV,EAAQujB,kBAChB,cAAiBvjB,EAAQ6jB,cAG3B,OAAOlrB,GAAK8C,cAAcoM,GAAQxN,MAAM,GAI1C,QAASypB,GAAS/jB,EAAKiqB,EAAcxG,GACnCuG,EAAgBC,EAChB,IAAI1oB,GAAO2oB,EAAYD,EAEvB,OAAOtkB,GAAK5F,YAAYC,GACtBpF,IAAK6oB,EAAK7X,SACV1L,OAAQ,OACR1F,KAAM+G,EACNlB,iBAAiB,EACjBa,SACE,eAAgB,uCAvGtB,GAAI7B,GAAgBuD,EAAQ,GACxB+C,EAAgB/C,EAAQ,GACxBhK,EAAgBgK,EAAQ,GAIxBknB,EAAsB,GACtBC,EAAsB,GAqG1BlzB,GAAOD,SACLgwB,8BArGkC,OAsGlCC,iBAAkBA,EAClB5C,UAAWA,EACX6C,SAAUA,EACVlD,SAAUA,EACVmD,iBAAkBA,EAClBhD,SAAUA,I1BwxJN,SAAUltB,EAAQD,EAASM,G2B93JjC,QAASizB,GAAcC,EAAc3T,GAEnC,MADiBA,GAAMzV,UAAYopB,EAAanqB,QAAQoqB,mBAI1D,QAASC,GAAWF,EAAc3T,GAEhC,MADiB0T,GAAcC,EAAc3T,IACxB2T,EAAaG,MAAMxpB,MAG1C,QAASypB,GAAYJ,EAAczuB,EAAK8a,GACtC2T,EAAanS,QAAQgJ,KAAK,UAAWtlB,EAAK8a,GAG5C,QAASgU,GAAUL,EAAchlB,GAC/BglB,EAAanS,QAAQgJ,KAAK,QAAS7b,GAGrC,QAASslB,GAAwBN,EAAczuB,GAC7C4e,aAAa6P,EAAaO,eAAehvB,UAClCyuB,GAAaO,eAAehvB,SAG5ByuB,GAAaQ,aAAajvB,GAGnC,QAASkvB,GAA2BT,GAClC,GAAIO,GAAiBP,EAAaO,cAClC,KAAK,GAAIhvB,KAAOgvB,GACTA,EAAelyB,eAAekD,IAGnC+uB,EAAwBN,EAAczuB,GAI1C,QAASmvB,GAAsB9qB,EAAKoqB,EAAczuB,EAAK8a,GACrD,GAAIsU,GAAaZ,EAAcC,EAAc3T,GACzCuU,EAAuE,IAArD5uB,KAAK6uB,IAAIF,EAAaX,EAAaG,MAAMxpB,MAAO,EAGtE2pB,GAAwBN,EAAczuB,EAEtC,IAAIuvB,GAAqB9rB,WAAW,WAClCorB,EAAYJ,EAAczuB,EAAK8a,IAC9BuU,EAGHZ,GAAaO,eAAehvB,GAAOuvB,EAGrC,QAASC,GAAyBnrB,EAAKoqB,EAAc7pB,GACnD,IACE,GAAI6qB,GAAe7qB,EAAQM,aAC3B,MAAMlH,GAIN,WADA8wB,GAAUL,EAAczwB,GAI1B,IAAI,GAAIgC,KAAOyvB,GACb,GAAKA,EAAa3yB,eAAekD,GAAjC,CAGA,GAAI8a,GAAQ2U,EAAazvB,EACzBmvB,GAAsB9qB,EAAKoqB,EAAczuB,EAAK8a,IAIlD,QAAS4U,GAAIrrB,EAAKoqB,EAAc7pB,EAAS5E,EAAK8a,GAC5C,GAAI2U,GAAe7qB,EAAQM,YAC3B,KAAKjI,EAAKqC,SAASwb,KACdA,EAAM1N,SACL0N,EAAMzV,WAAiC,IAApByV,EAAMzV,YACzByV,EAAM3N,UAAY2N,EAAMrW,YAC5B,KAAM,IAAIf,GAAa,2FAEzB+rB,GAAazvB,GAAO8a,EACpBlW,EAAQoE,WAAWymB,GACnBN,EAAsB9qB,EAAKoqB,EAAczuB,EAAK8a,GAGhD,QAASte,GAAIoI,EAAS5E,GAEpB,MADmB4E,GAAQM,aACPlF,GAGtB,QAAS2vB,GAAStrB,EAAKoqB,EAAc7pB,EAAS5E,GAC5C,MAAO,IAAIuD,SAAQ,SAASC,GAC1B,GAAIsX,GAAQte,EAAIoI,EAAS5E,EACzB,OAQOwD,GARFsX,GAAU6T,EAAWF,EAAc3T,GAIrB2T,EAAanqB,QAAQsrB,UACpCtU,EAAMjX,EAAKoqB,EAAc7pB,EAAS5E,GAClCwI,EAAOimB,EAAc7pB,EAAS5E,GALjB8a,KAWrB,QAAStS,GAAOimB,EAAc7pB,EAAS5E,GAErC+uB,EAAwBN,EAAczuB,EAGtC,IAAIyvB,GAAe7qB,EAAQM,mBACpBuqB,GAAazvB,GACpB4E,EAAQoE,WAAWymB,GAGrB,QAASnU,GAAMjX,EAAKoqB,EAAc7pB,EAAS5E,GAEzC,GAAI6vB,GAAkBpB,EAAaQ,aAAajvB,EAChD,IAAI6vB,EACF,MAAOA,EAGT,KACE,GAAI/U,GAAQte,EAAIoI,EAAS5E,EACzB,KAAK8a,EACH,KAAM,IAAIpX,GAAa,8CAAgD1D,GAEzE,MAAOhC,GACP,MAAOuF,SAAQ6F,OAAOpL,GAkCxB,MA9BA+wB,GAAwBN,EAAczuB,GAGtCyuB,EAAaQ,aAAajvB,GAAOqE,EAAIyW,MAAMQ,MAAMR,GAC9ChV,KAAK,SAASgqB,GACb,GAAIC,GAAWvzB,EAAIoI,EAAS5E,EAC5B,IAAK+vB,EAQL,MAFAL,GAAIrrB,EAAKoqB,EAAc7pB,EAAS5E,EAAK8vB,GACrCrB,EAAanS,QAAQgJ,KAAK,UAAWtlB,EAAK8vB,EAAYC,GAC/CD,IAERtpB,MAAM,SAASf,GAOd,KANiB,eAAbA,EAAIxJ,MAAsC,iBAAbwJ,EAAIxJ,OACnCuM,EAAOimB,EAAc7pB,EAAS5E,GAC9ByF,EAAIuqB,SAAWhwB,EACfyF,EAAIhB,cAAgBqW,EAAMrW,YAC1BqqB,EAAUL,EAAchpB,IAEpBA,IAEPkZ,QAAQ,iBAEA8P,GAAaQ,aAAajvB,KAG9ByuB,EAAaQ,aAAajvB,GAGnC,QAAS4d,GAAM6Q,EAAc7pB,GAC3BsqB,EAA2BT,GAC3B7pB,EAAQqE,eAGV,QAASwT,GAAapY,EAAKC,GACzBA,EAAUrH,EAAK0D,UAAWsvB,EAAiBhzB,EAAK8D,WAAWuD,IAEnC,iBAApBA,EAAQM,SAA+BD,EAAYyC,2BACrDnK,EAAKyF,KAAK,2EACV4B,EAAQM,QAAU,kBAGI,mBAApBN,EAAQM,SAAiCD,EAAY4C,6BACvDtK,EAAKyF,KAAK,mFACV4B,EAAQM,QAAU,SAGpB,IAAIsrB,EACJ,IAA+B,WAA3B,EAAO5rB,EAAQM,SAEjBsrB,EAAkB5rB,EAAQM,YAE1B,QAAON,EAAQM,SACb,IAAK,eACHsrB,EAAkBroB,YAClB,MACF,KAAK,iBACHqoB,EAAkBpoB,cAClB,MACF,KAAK,SACHooB,EAAkBvrB,EAAYgD,iBAAiBtD,EAAIC,QAAQS,QAC3D,MACF,KAAK,SACHmrB,EAAkBvrB,EAAYwD,oBAC9B,MACF,SACE,KAAM,IAAIzE,GAAa,+BAG7B,GAAIysB,GAAa7rB,EAAQ6rB,YAAchqB,EAAUiqB,mBAC7CxrB,EAAUuC,EAAe+oB,EAAiBC,GAC1CvB,EAAQyB,EAAStY,OAAO1T,EAAKC,GAC7BmqB,GACFG,MAAOA,EACPtqB,QAASA,EACTgY,QAASjY,EAAIiY,QACb0S,kBACAC,gBAGF3zB,MAAKo0B,IAAMzyB,EAAKqB,KAAKoxB,EAAKp0B,KAAM+I,EAAKoqB,EAAc7pB,GACnDtJ,KAAKkB,IAAMS,EAAKqB,KAAKqxB,EAAUr0B,KAAM+I,EAAKoqB,EAAc7pB,GACxDtJ,KAAKkN,OAASvL,EAAKqB,KAAKkK,EAAQlN,KAAMmzB,EAAc7pB,GACpDtJ,KAAKsiB,MAAQ3gB,EAAKqB,KAAKsf,EAAOtiB,KAAMmzB,EAAc7pB,GAClDtJ,KAAKggB,MAAQre,EAAKqB,KAAKgd,EAAOhgB,KAAM+I,EAAKoqB,EAAc7pB,GACvDtJ,KAAKohB,GAAKzf,EAAKqB,KAAKmwB,EAAanS,QAAQI,GAAI+R,EAAanS,SAC1DhhB,KAAK8pB,IAAMnoB,EAAKqB,KAAKmwB,EAAanS,QAAQ8I,IAAKqJ,EAAanS,SAE5DkT,EAAyBnrB,EAAKoqB,EAAc7pB,G3BkqJ9C,GAAI6D,GAAUlN,EAAoB,G2B74J9B0B,EAAOgK,EAAQ,GACfvD,EAAeuD,EAAQ,GACvBtC,EAAcsC,EAAQ,GACtBd,EAAYc,EAAQ,GACpBE,EAAiBF,EAAQ,GACzBopB,EAAWppB,EAAQ,IAEnBgpB,GACFL,WAAW,EACXhrB,QAAS,eACT8pB,mBAAoB,GAoOtBxzB,GAAOD,QAAUwhB,G3Bu6JX,SAAUvhB,EAAQD,EAASM,G4BjqKjC,QAAS80B,GAASC,GAEhBh1B,KAAKg1B,YAAcC,SAASD,GAAe,GAJlCrpB,EAAQ,GAOdtG,OAAO0vB,EAASxzB,WAEnBuI,IAAK,WAEH,OADWxF,KAAKwF,MAAQ9J,KAAKg1B,aAAe,OAMhDD,EAAStY,OAAS,WAGhB,MAAO,IAAIsY,GADO,IAIpBn1B,EAAOD,QAAUo1B","file":"okta-auth-js.min.js","sourcesContent":["(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory();\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine([], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"OktaAuth\"] = factory();\n\telse\n\t\troot[\"OktaAuth\"] = factory();\n})(typeof self !== 'undefined' ? self : this, function() {\nreturn \n\n\n// WEBPACK FOOTER //\n// webpack/universalModuleDefinition"," \t// The module cache\n \tvar installedModules = {};\n\n \t// The require function\n \tfunction __webpack_require__(moduleId) {\n\n \t\t// Check if module is in cache\n \t\tif(installedModules[moduleId]) {\n \t\t\treturn installedModules[moduleId].exports;\n \t\t}\n \t\t// Create a new module (and put it into the cache)\n \t\tvar module = installedModules[moduleId] = {\n \t\t\ti: moduleId,\n \t\t\tl: false,\n \t\t\texports: {}\n \t\t};\n\n \t\t// Execute the module function\n \t\tmodules[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\n \t\t// Flag the module as loaded\n \t\tmodule.l = true;\n\n \t\t// Return the exports of the module\n \t\treturn module.exports;\n \t}\n\n\n \t// expose the modules object (__webpack_modules__)\n \t__webpack_require__.m = modules;\n\n \t// expose the module cache\n \t__webpack_require__.c = installedModules;\n\n \t// define getter function for harmony exports\n \t__webpack_require__.d = function(exports, name, getter) {\n \t\tif(!__webpack_require__.o(exports, name)) {\n \t\t\tObject.defineProperty(exports, name, {\n \t\t\t\tconfigurable: false,\n \t\t\t\tenumerable: true,\n \t\t\t\tget: getter\n \t\t\t});\n \t\t}\n \t};\n\n \t// getDefaultExport function for compatibility with non-harmony modules\n \t__webpack_require__.n = function(module) {\n \t\tvar getter = module && module.__esModule ?\n \t\t\tfunction getDefault() { return module['default']; } :\n \t\t\tfunction getModuleExports() { return module; };\n \t\t__webpack_require__.d(getter, 'a', getter);\n \t\treturn getter;\n \t};\n\n \t// Object.prototype.hasOwnProperty.call\n \t__webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };\n\n \t// __webpack_public_path__\n \t__webpack_require__.p = \"\";\n\n \t// Load entry module and return exports\n \treturn __webpack_require__(__webpack_require__.s = 11);\n\n\n\n// WEBPACK FOOTER //\n// webpack/bootstrap 566c982fcf681ba8c641","(function webpackUniversalModuleDefinition(root, factory) {\n\tif(typeof exports === 'object' && typeof module === 'object')\n\t\tmodule.exports = factory();\n\telse if(typeof define === 'function' && define.amd)\n\t\tdefine([], factory);\n\telse if(typeof exports === 'object')\n\t\texports[\"OktaAuth\"] = factory();\n\telse\n\t\troot[\"OktaAuth\"] = factory();\n})(typeof self !== 'undefined' ? self : this, function() {\nreturn /******/ (function(modules) { // webpackBootstrap\n/******/ \t// The module cache\n/******/ \tvar installedModules = {};\n/******/\n/******/ \t// The require function\n/******/ \tfunction __webpack_require__(moduleId) {\n/******/\n/******/ \t\t// Check if module is in cache\n/******/ \t\tif(installedModules[moduleId]) {\n/******/ \t\t\treturn installedModules[moduleId].exports;\n/******/ \t\t}\n/******/ \t\t// Create a new module (and put it into the cache)\n/******/ \t\tvar module = installedModules[moduleId] = {\n/******/ \t\t\ti: moduleId,\n/******/ \t\t\tl: false,\n/******/ \t\t\texports: {}\n/******/ \t\t};\n/******/\n/******/ \t\t// Execute the module function\n/******/ \t\tmodules[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n/******/\n/******/ \t\t// Flag the module as loaded\n/******/ \t\tmodule.l = true;\n/******/\n/******/ \t\t// Return the exports of the module\n/******/ \t\treturn module.exports;\n/******/ \t}\n/******/\n/******/\n/******/ \t// expose the modules object (__webpack_modules__)\n/******/ \t__webpack_require__.m = modules;\n/******/\n/******/ \t// expose the module cache\n/******/ \t__webpack_require__.c = installedModules;\n/******/\n/******/ \t// define getter function for harmony exports\n/******/ \t__webpack_require__.d = function(exports, name, getter) {\n/******/ \t\tif(!__webpack_require__.o(exports, name)) {\n/******/ \t\t\tObject.defineProperty(exports, name, {\n/******/ \t\t\t\tconfigurable: false,\n/******/ \t\t\t\tenumerable: true,\n/******/ \t\t\t\tget: getter\n/******/ \t\t\t});\n/******/ \t\t}\n/******/ \t};\n/******/\n/******/ \t// getDefaultExport function for compatibility with non-harmony modules\n/******/ \t__webpack_require__.n = function(module) {\n/******/ \t\tvar getter = module && module.__esModule ?\n/******/ \t\t\tfunction getDefault() { return module['default']; } :\n/******/ \t\t\tfunction getModuleExports() { return module; };\n/******/ \t\t__webpack_require__.d(getter, 'a', getter);\n/******/ \t\treturn getter;\n/******/ \t};\n/******/\n/******/ \t// Object.prototype.hasOwnProperty.call\n/******/ \t__webpack_require__.o = function(object, property) { return Object.prototype.hasOwnProperty.call(object, property); };\n/******/\n/******/ \t// __webpack_public_path__\n/******/ \t__webpack_require__.p = \"\";\n/******/\n/******/ \t// Load entry module and return exports\n/******/ \treturn __webpack_require__(__webpack_require__.s = 11);\n/******/ })\n/************************************************************************/\n/******/ ([\n/* 0 */\n/***/ (function(module, exports) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* global window, document, btoa, atob, Uint8Array */\nvar util = module.exports; // converts a string to base64 (url/filename safe variant)\n\nutil.stringToBase64Url = function (str) {\n  var b64 = btoa(str);\n  return util.base64ToBase64Url(b64);\n}; // converts a standard base64-encoded string to a \"url/filename safe\" variant\n\n\nutil.base64ToBase64Url = function (b64) {\n  return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}; // converts a \"url/filename safe\" base64 string to a \"standard\" base64 string\n\n\nutil.base64UrlToBase64 = function (b64u) {\n  return b64u.replace(/-/g, '+').replace(/_/g, '/');\n};\n\nutil.base64UrlToString = function (b64u) {\n  var b64 = util.base64UrlToBase64(b64u);\n\n  switch (b64.length % 4) {\n    case 0:\n      break;\n\n    case 2:\n      b64 += '==';\n      break;\n\n    case 3:\n      b64 += '=';\n      break;\n\n    default:\n      throw 'Not a valid Base64Url';\n  }\n\n  var utf8 = atob(b64);\n\n  try {\n    return decodeURIComponent(escape(utf8));\n  } catch (e) {\n    return utf8;\n  }\n};\n\nutil.stringToBuffer = function (str) {\n  var buffer = new Uint8Array(str.length);\n\n  for (var i = 0; i < str.length; i++) {\n    buffer[i] = str.charCodeAt(i);\n  }\n\n  return buffer;\n};\n\nutil.base64UrlDecode = function (str) {\n  return atob(util.base64UrlToBase64(str));\n};\n\nutil.bind = function (fn, ctx) {\n  var additionalArgs = Array.prototype.slice.call(arguments, 2);\n  return function () {\n    var args = Array.prototype.slice.call(arguments);\n    args = additionalArgs.concat(args);\n    return fn.apply(ctx, args);\n  };\n};\n\nutil.isAbsoluteUrl = function (url) {\n  return /^(?:[a-z]+:)?\\/\\//i.test(url);\n};\n\nutil.isString = function (obj) {\n  return Object.prototype.toString.call(obj) === '[object String]';\n};\n\nutil.isObject = function (obj) {\n  return Object.prototype.toString.call(obj) === '[object Object]';\n};\n\nutil.isNumber = function (obj) {\n  return Object.prototype.toString.call(obj) === '[object Number]';\n};\n\nutil.isoToUTCString = function (str) {\n  var parts = str.match(/\\d+/g),\n      isoTime = Date.UTC(parts[0], parts[1] - 1, parts[2], parts[3], parts[4], parts[5]),\n      isoDate = new Date(isoTime);\n  return isoDate.toUTCString();\n};\n\nutil.toQueryParams = function (obj) {\n  var str = [];\n\n  if (obj !== null) {\n    for (var key in obj) {\n      if (obj.hasOwnProperty(key) && obj[key] !== undefined && obj[key] !== null) {\n        str.push(key + '=' + encodeURIComponent(obj[key]));\n      }\n    }\n  }\n\n  if (str.length) {\n    return '?' + str.join('&');\n  } else {\n    return '';\n  }\n};\n\nutil.genRandomString = function (length) {\n  var randomCharset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';\n  var random = '';\n\n  for (var c = 0, cl = randomCharset.length; c < length; ++c) {\n    random += randomCharset[Math.floor(Math.random() * cl)];\n  }\n\n  return random;\n};\n\nutil.extend = function () {\n  // First object will be modified!\n  var obj1 = arguments[0]; // Properties from other objects will be copied over\n\n  var objArray = [].slice.call(arguments, 1);\n  objArray.forEach(function (obj) {\n    for (var prop in obj) {\n      // copy over all properties with defined values\n      if (obj.hasOwnProperty(prop) && obj[prop] !== undefined) {\n        obj1[prop] = obj[prop];\n      }\n    }\n  });\n  return obj1; // return the modified object\n};\n\nutil.removeNils = function (obj) {\n  var cleaned = {};\n\n  for (var prop in obj) {\n    if (obj.hasOwnProperty(prop)) {\n      var value = obj[prop];\n\n      if (value !== null && value !== undefined) {\n        cleaned[prop] = value;\n      }\n    }\n  }\n\n  return cleaned;\n};\n\nutil.clone = function (obj) {\n  if (obj) {\n    var str = JSON.stringify(obj);\n\n    if (str) {\n      return JSON.parse(str);\n    }\n  }\n\n  return obj;\n}; // Analogous to _.omit\n\n\nutil.omit = function (obj) {\n  var props = Array.prototype.slice.call(arguments, 1);\n  var newobj = {};\n\n  for (var p in obj) {\n    if (obj.hasOwnProperty(p) && props.indexOf(p) == -1) {\n      newobj[p] = obj[p];\n    }\n  }\n\n  return util.clone(newobj);\n};\n\nutil.find = function (collection, searchParams) {\n  var c = collection.length;\n\n  while (c--) {\n    var item = collection[c];\n    var found = true;\n\n    for (var prop in searchParams) {\n      if (!searchParams.hasOwnProperty(prop)) {\n        continue;\n      }\n\n      if (item[prop] !== searchParams[prop]) {\n        found = false;\n        break;\n      }\n    }\n\n    if (found) {\n      return item;\n    }\n  }\n};\n\nutil.getLink = function (obj, linkName, altName) {\n  if (!obj || !obj._links) {\n    return;\n  }\n\n  var link = util.clone(obj._links[linkName]); // If a link has a name and we have an altName, return if they match\n\n  if (link && link.name && altName) {\n    if (link.name === altName) {\n      return link;\n    }\n  } else {\n    return link;\n  }\n};\n\nutil.getNativeConsole = function () {\n  if (typeof window !== 'undefined') {\n    return window.console;\n  } else if (typeof console !== 'undefined') {\n    return console;\n  } else {\n    return undefined;\n  }\n};\n\nutil.getConsole = function () {\n  var nativeConsole = util.getNativeConsole();\n\n  if (nativeConsole && nativeConsole.log) {\n    return nativeConsole;\n  }\n\n  return {\n    log: function log() {}\n  };\n};\n\nutil.warn = function (text) {\n  /* eslint-disable no-console */\n  util.getConsole().log('[okta-auth-sdk] WARN: ' + text);\n  /* eslint-enable */\n};\n\nutil.deprecate = function (text) {\n  /* eslint-disable no-console */\n  util.getConsole().log('[okta-auth-sdk] DEPRECATION: ' + text);\n  /* eslint-enable */\n};\n\nutil.deprecateWrap = function (text, fn) {\n  return function () {\n    util.deprecate(text);\n    return fn.apply(null, arguments);\n  };\n};\n\nutil.removeTrailingSlash = function (path) {\n  if (!path) {\n    return;\n  } // Remove any whitespace before or after string\n\n\n  var trimmed = path.replace(/^\\s+|\\s+$/gm, ''); // Remove trailing slash(es)\n\n  trimmed = trimmed.replace(/\\/+$/, '');\n  return trimmed;\n};\n\nutil.isIE11OrLess = function () {\n  return !!document.documentMode && document.documentMode <= 11;\n};\n\nutil.isFunction = function (fn) {\n  return !!fn && {}.toString.call(fn) === '[object Function]';\n};\n\nutil.delay = function (ms) {\n  return new Promise(function (resolve) {\n    setTimeout(resolve, ms);\n  });\n};\n\n/***/ }),\n/* 1 */\n/***/ (function(module, exports) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\nfunction AuthSdkError(msg, xhr) {\n  this.name = 'AuthSdkError';\n  this.message = msg;\n  this.errorCode = 'INTERNAL';\n  this.errorSummary = msg;\n  this.errorLink = 'INTERNAL';\n  this.errorId = 'INTERNAL';\n  this.errorCauses = [];\n\n  if (xhr) {\n    this.xhr = xhr;\n  }\n}\n\nAuthSdkError.prototype = new Error();\nmodule.exports = AuthSdkError;\n\n/***/ }),\n/* 2 */\n/***/ (function(module, exports) {\n\nmodule.exports = {\n  'STATE_TOKEN_KEY_NAME': 'oktaStateToken',\n  'DEFAULT_POLLING_DELAY': 500,\n  'DEFAULT_MAX_CLOCK_SKEW': 300,\n  'DEFAULT_CACHE_DURATION': 86400,\n  'REDIRECT_OAUTH_PARAMS_COOKIE_NAME': 'okta-oauth-redirect-params',\n  'REDIRECT_STATE_COOKIE_NAME': 'okta-oauth-state',\n  'REDIRECT_NONCE_COOKIE_NAME': 'okta-oauth-nonce',\n  'TOKEN_STORAGE_NAME': 'okta-token-storage',\n  'CACHE_STORAGE_NAME': 'okta-cache-storage',\n  'PKCE_STORAGE_NAME': 'okta-pkce-storage'\n};\n\n/***/ }),\n/* 3 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nvar util = __webpack_require__(0);\n\nvar AuthApiError = __webpack_require__(19);\n\nvar constants = __webpack_require__(2);\n\nfunction httpRequest(sdk, options) {\n  options = options || {};\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials !== false,\n      // default value is true\n  storageUtil = sdk.options.storageUtil,\n      storage = storageUtil.storage,\n      httpCache = storageUtil.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url];\n\n    if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var headers = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    'X-Okta-User-Agent-Extended': sdk.userAgent\n  };\n  util.extend(headers, sdk.options.headers, options.headers);\n\n  if (accessToken && util.isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions = {\n    headers: headers,\n    data: args || undefined,\n    withCredentials: withCredentials\n  };\n  var err, res;\n  return sdk.options.httpRequestClient(method, url, ajaxOptions).then(function (resp) {\n    res = resp.responseText;\n\n    if (res && util.isString(res)) {\n      res = JSON.parse(res);\n    }\n\n    if (saveAuthnState) {\n      if (!res.stateToken) {\n        storage.delete(constants.STATE_TOKEN_KEY_NAME);\n      }\n    }\n\n    if (res && res.stateToken && res.expiresAt) {\n      storage.set(constants.STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies);\n    }\n\n    if (res && options.cacheResponse) {\n      httpCache.updateStorage(url, {\n        expiresAt: Math.floor(Date.now() / 1000) + constants.DEFAULT_CACHE_DURATION,\n        response: res\n      });\n    }\n\n    return res;\n  }).catch(function (resp) {\n    var serverErr = resp.responseText || {};\n\n    if (util.isString(serverErr)) {\n      try {\n        serverErr = JSON.parse(serverErr);\n      } catch (e) {\n        serverErr = {\n          errorSummary: 'Unknown error'\n        };\n      }\n    }\n\n    if (resp.status >= 500) {\n      serverErr.errorSummary = 'Unknown error';\n    }\n\n    if (sdk.options.transformErrorXHR) {\n      resp = sdk.options.transformErrorXHR(util.clone(resp));\n    }\n\n    err = new AuthApiError(serverErr, resp);\n\n    if (err.errorCode === 'E0000011') {\n      storage.delete(constants.STATE_TOKEN_KEY_NAME);\n    }\n\n    throw err;\n  });\n}\n\nfunction get(sdk, url, options) {\n  url = util.isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  util.extend(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nfunction post(sdk, url, args, options) {\n  url = util.isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  util.extend(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n\nmodule.exports = {\n  get: get,\n  post: post,\n  httpRequest: httpRequest\n};\n\n/***/ }),\n/* 4 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global localStorage, sessionStorage */\nvar Cookies = __webpack_require__(14);\n\nvar storageBuilder = __webpack_require__(6);\n\nvar constants = __webpack_require__(2);\n\nvar AuthSdkError = __webpack_require__(1); // Building this as an object allows us to mock the functions in our tests\n\n\nvar storageUtil = {}; // IE11 bug that Microsoft doesn't plan to fix\n// https://connect.microsoft.com/IE/Feedback/Details/1496040\n\nstorageUtil.browserHasLocalStorage = function () {\n  try {\n    var storage = storageUtil.getLocalStorage();\n    return storageUtil.testStorage(storage);\n  } catch (e) {\n    return false;\n  }\n};\n\nstorageUtil.browserHasSessionStorage = function () {\n  try {\n    var storage = storageUtil.getSessionStorage();\n    return storageUtil.testStorage(storage);\n  } catch (e) {\n    return false;\n  }\n};\n\nstorageUtil.getPKCEStorage = function (options) {\n  if (storageUtil.browserHasLocalStorage()) {\n    return storageBuilder(storageUtil.getLocalStorage(), constants.PKCE_STORAGE_NAME);\n  } else if (storageUtil.browserHasSessionStorage()) {\n    return storageBuilder(storageUtil.getSessionStorage(), constants.PKCE_STORAGE_NAME);\n  } else {\n    return storageBuilder(storageUtil.getCookieStorage(options), constants.PKCE_STORAGE_NAME);\n  }\n};\n\nstorageUtil.getHttpCache = function (options) {\n  if (storageUtil.browserHasLocalStorage()) {\n    return storageBuilder(storageUtil.getLocalStorage(), constants.CACHE_STORAGE_NAME);\n  } else if (storageUtil.browserHasSessionStorage()) {\n    return storageBuilder(storageUtil.getSessionStorage(), constants.CACHE_STORAGE_NAME);\n  } else {\n    return storageBuilder(storageUtil.getCookieStorage(options), constants.CACHE_STORAGE_NAME);\n  }\n};\n\nstorageUtil.getLocalStorage = function () {\n  return localStorage;\n};\n\nstorageUtil.getSessionStorage = function () {\n  return sessionStorage;\n}; // Provides webStorage-like interface for cookies\n\n\nstorageUtil.getCookieStorage = function (options) {\n  var secure = options.secure;\n  var sameSite = options.sameSite;\n\n  if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n    throw new AuthSdkError('getCookieStorage: \"secure\" and \"sameSite\" options must be provided');\n  }\n\n  return {\n    getItem: storageUtil.storage.get,\n    setItem: function setItem(key, value) {\n      // Cookie shouldn't expire\n      storageUtil.storage.set(key, value, '2200-01-01T00:00:00.000Z', {\n        secure: secure,\n        sameSite: sameSite\n      });\n    }\n  };\n}; // Provides an in-memory solution\n\n\nstorageUtil.getInMemoryStorage = function () {\n  var store = {};\n  return {\n    getItem: function getItem(key) {\n      return store[key];\n    },\n    setItem: function setItem(key, value) {\n      store[key] = value;\n    }\n  };\n};\n\nstorageUtil.testStorage = function (storage) {\n  var key = 'okta-test-storage';\n\n  try {\n    storage.setItem(key, key);\n    storage.removeItem(key);\n    return true;\n  } catch (e) {\n    return false;\n  }\n};\n\nstorageUtil.storage = {\n  set: function set(name, value, expiresAt, options) {\n    var secure = options.secure;\n    var sameSite = options.sameSite;\n\n    if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n      throw new AuthSdkError('storage.set: \"secure\" and \"sameSite\" options must be provided');\n    }\n\n    var cookieOptions = {\n      path: options.path || '/',\n      secure: secure,\n      sameSite: sameSite\n    }; // eslint-disable-next-line no-extra-boolean-cast\n\n    if (!!Date.parse(expiresAt)) {\n      // Expires value can be converted to a Date object.\n      //\n      // If the 'expiresAt' value is not provided, or the value cannot be\n      // parsed as a Date object, the cookie will set as a session cookie.\n      cookieOptions.expires = new Date(expiresAt);\n    }\n\n    Cookies.set(name, value, cookieOptions);\n    return storageUtil.storage.get(name);\n  },\n  get: function get(name) {\n    return Cookies.get(name);\n  },\n  delete: function _delete(name) {\n    return Cookies.remove(name, {\n      path: '/'\n    });\n  }\n};\nmodule.exports = storageUtil;\n\n/***/ }),\n/* 5 */\n/***/ (function(module, exports) {\n\nfunction _typeof(obj) {\n  if (typeof Symbol === \"function\" && typeof Symbol.iterator === \"symbol\") {\n    module.exports = _typeof = function _typeof(obj) {\n      return typeof obj;\n    };\n  } else {\n    module.exports = _typeof = function _typeof(obj) {\n      return obj && typeof Symbol === \"function\" && obj.constructor === Symbol && obj !== Symbol.prototype ? \"symbol\" : typeof obj;\n    };\n  }\n\n  return _typeof(obj);\n}\n\nmodule.exports = _typeof;\n\n/***/ }),\n/* 6 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nvar AuthSdkError = __webpack_require__(1); // storage must have getItem and setItem\n\n\nfunction storageBuilder(webstorage, storageName) {\n  if (typeof storageName !== 'string' || !storageName.length) {\n    throw new AuthSdkError('\"storageName\" is required');\n  }\n\n  function getStorage() {\n    var storageString = webstorage.getItem(storageName);\n    storageString = storageString || '{}';\n\n    try {\n      return JSON.parse(storageString);\n    } catch (e) {\n      throw new AuthSdkError('Unable to parse storage string: ' + storageName);\n    }\n  }\n\n  function setStorage(storage) {\n    try {\n      var storageString = JSON.stringify(storage);\n      webstorage.setItem(storageName, storageString);\n    } catch (e) {\n      throw new AuthSdkError('Unable to set storage: ' + storageName);\n    }\n  }\n\n  function clearStorage(key) {\n    if (!key) {\n      return setStorage({});\n    }\n\n    var storage = getStorage();\n    delete storage[key];\n    setStorage(storage);\n  }\n\n  function updateStorage(key, value) {\n    var storage = getStorage();\n    storage[key] = value;\n    setStorage(storage);\n  }\n\n  return {\n    getStorage: getStorage,\n    setStorage: setStorage,\n    clearStorage: clearStorage,\n    updateStorage: updateStorage\n  };\n}\n\nmodule.exports = storageBuilder;\n\n/***/ }),\n/* 7 */\n/***/ (function(module, exports, __webpack_require__) {\n\nmodule.exports = __webpack_require__(16);\n\n\n/***/ }),\n/* 8 */\n/***/ (function(module, exports) {\n\nfunction asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {\n  try {\n    var info = gen[key](arg);\n    var value = info.value;\n  } catch (error) {\n    reject(error);\n    return;\n  }\n\n  if (info.done) {\n    resolve(value);\n  } else {\n    Promise.resolve(value).then(_next, _throw);\n  }\n}\n\nfunction _asyncToGenerator(fn) {\n  return function () {\n    var self = this,\n        args = arguments;\n    return new Promise(function (resolve, reject) {\n      var gen = fn.apply(self, args);\n\n      function _next(value) {\n        asyncGeneratorStep(gen, resolve, reject, _next, _throw, \"next\", value);\n      }\n\n      function _throw(err) {\n        asyncGeneratorStep(gen, resolve, reject, _next, _throw, \"throw\", err);\n      }\n\n      _next(undefined);\n    });\n  };\n}\n\nmodule.exports = _asyncToGenerator;\n\n/***/ }),\n/* 9 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nvar http = __webpack_require__(3);\n\nvar util = __webpack_require__(0);\n\nvar AuthSdkError = __webpack_require__(1);\n\nvar AuthPollStopError = __webpack_require__(20);\n\nvar constants = __webpack_require__(2);\n\nfunction addStateToken(res, options) {\n  var builtArgs = {};\n  util.extend(builtArgs, options); // Add the stateToken if one isn't passed and we have one\n\n  if (!builtArgs.stateToken && res.stateToken) {\n    builtArgs.stateToken = res.stateToken;\n  }\n\n  return builtArgs;\n}\n\nfunction getStateToken(res) {\n  return addStateToken(res);\n}\n\nfunction transactionStatus(sdk, args) {\n  args = addStateToken(sdk, args);\n  return http.post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args);\n}\n\nfunction resumeTransaction(sdk, args) {\n  if (!args || !args.stateToken) {\n    var stateToken = sdk.tx.exists._get(constants.STATE_TOKEN_KEY_NAME);\n\n    if (stateToken) {\n      args = {\n        stateToken: stateToken\n      };\n    } else {\n      return Promise.reject(new AuthSdkError('No transaction to resume'));\n    }\n  }\n\n  return sdk.tx.status(args).then(function (res) {\n    return new AuthTransaction(sdk, res);\n  });\n}\n\nfunction introspect(sdk, args) {\n  if (!args || !args.stateToken) {\n    var stateToken = sdk.tx.exists._get(constants.STATE_TOKEN_KEY_NAME);\n\n    if (stateToken) {\n      args = {\n        stateToken: stateToken\n      };\n    } else {\n      return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n    }\n  }\n\n  return transactionStep(sdk, args).then(function (res) {\n    return new AuthTransaction(sdk, res);\n  });\n}\n\nfunction transactionStep(sdk, args) {\n  args = addStateToken(sdk, args); // v1 pipeline introspect API\n\n  return http.post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args);\n}\n\nfunction transactionExists(sdk) {\n  // We have a cookie state token\n  return !!sdk.tx.exists._get(constants.STATE_TOKEN_KEY_NAME);\n}\n\nfunction postToTransaction(sdk, url, args, options) {\n  return http.post(sdk, url, args, options).then(function (res) {\n    return new AuthTransaction(sdk, res);\n  });\n}\n\nfunction getPollFn(sdk, res, ref) {\n  return function (options) {\n    var delay;\n    var rememberDevice;\n    var autoPush;\n    var transactionCallBack;\n\n    if (util.isNumber(options)) {\n      delay = options;\n    } else if (util.isObject(options)) {\n      delay = options.delay;\n      rememberDevice = options.rememberDevice;\n      autoPush = options.autoPush;\n      transactionCallBack = options.transactionCallBack;\n    }\n\n    if (!delay && delay !== 0) {\n      delay = constants.DEFAULT_POLLING_DELAY;\n    } // Get the poll function\n\n\n    var pollLink = util.getLink(res, 'next', 'poll');\n\n    function pollFn() {\n      var opts = {};\n\n      if (typeof autoPush === 'function') {\n        try {\n          opts.autoPush = !!autoPush();\n        } catch (e) {\n          return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n        }\n      } else if (autoPush !== undefined && autoPush !== null) {\n        opts.autoPush = !!autoPush;\n      }\n\n      if (typeof rememberDevice === 'function') {\n        try {\n          opts.rememberDevice = !!rememberDevice();\n        } catch (e) {\n          return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n        }\n      } else if (rememberDevice !== undefined && rememberDevice !== null) {\n        opts.rememberDevice = !!rememberDevice;\n      }\n\n      var href = pollLink.href + util.toQueryParams(opts);\n      return http.post(sdk, href, getStateToken(res), {\n        saveAuthnState: false\n      });\n    }\n\n    ref.isPolling = true;\n    var retryCount = 0;\n\n    var recursivePoll = function recursivePoll() {\n      // If the poll was manually stopped during the delay\n      if (!ref.isPolling) {\n        return Promise.reject(new AuthPollStopError());\n      }\n\n      return pollFn().then(function (pollRes) {\n        // Reset our retry counter on success\n        retryCount = 0; // If we're still waiting\n\n        if (pollRes.factorResult && pollRes.factorResult === 'WAITING') {\n          // If the poll was manually stopped while the pollFn was called\n          if (!ref.isPolling) {\n            throw new AuthPollStopError();\n          }\n\n          if (typeof transactionCallBack === 'function') {\n            transactionCallBack(pollRes);\n          } // Continue poll\n\n\n          return util.delay(delay).then(recursivePoll);\n        } else {\n          // Any non-waiting result, even if polling was stopped\n          // during a request, will return\n          ref.isPolling = false;\n          return new AuthTransaction(sdk, pollRes);\n        }\n      }).catch(function (err) {\n        // Exponential backoff, up to 16 seconds\n        if (err.xhr && (err.xhr.status === 0 || err.xhr.status === 429) && retryCount <= 4) {\n          var delayLength = Math.pow(2, retryCount) * 1000;\n          retryCount++;\n          return util.delay(delayLength).then(recursivePoll);\n        }\n\n        throw err;\n      });\n    };\n\n    return recursivePoll().catch(function (err) {\n      ref.isPolling = false;\n      throw err;\n    });\n  };\n}\n\nfunction link2fn(sdk, res, obj, link, ref) {\n  if (Array.isArray(link)) {\n    return function (name, opts) {\n      if (!name) {\n        throw new AuthSdkError('Must provide a link name');\n      }\n\n      var lk = util.find(link, {\n        name: name\n      });\n\n      if (!lk) {\n        throw new AuthSdkError('No link found for that name');\n      }\n\n      return link2fn(sdk, res, obj, lk, ref)(opts);\n    };\n  } else if (link.hints && link.hints.allow && link.hints.allow.length === 1) {\n    var method = link.hints.allow[0];\n\n    switch (method) {\n      case 'GET':\n        return function () {\n          return http.get(sdk, link.href);\n        };\n\n      case 'POST':\n        return function (opts) {\n          if (ref && ref.isPolling) {\n            ref.isPolling = false;\n          }\n\n          var data = addStateToken(res, opts);\n\n          if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n            // Add factorType and provider\n            util.extend(data, {\n              factorType: obj.factorType,\n              provider: obj.provider\n            });\n          }\n\n          var params = {};\n          var autoPush = data.autoPush;\n\n          if (autoPush !== undefined) {\n            if (typeof autoPush === 'function') {\n              try {\n                params.autoPush = !!autoPush();\n              } catch (e) {\n                return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n              }\n            } else if (autoPush !== null) {\n              params.autoPush = !!autoPush;\n            }\n\n            data = util.omit(data, 'autoPush');\n          }\n\n          var rememberDevice = data.rememberDevice;\n\n          if (rememberDevice !== undefined) {\n            if (typeof rememberDevice === 'function') {\n              try {\n                params.rememberDevice = !!rememberDevice();\n              } catch (e) {\n                return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n              }\n            } else if (rememberDevice !== null) {\n              params.rememberDevice = !!rememberDevice;\n            }\n\n            data = util.omit(data, 'rememberDevice');\n          } else if (data.profile && data.profile.updatePhone !== undefined) {\n            if (data.profile.updatePhone) {\n              params.updatePhone = true;\n            }\n\n            data.profile = util.omit(data.profile, 'updatePhone');\n          }\n\n          var href = link.href + util.toQueryParams(params);\n          return postToTransaction(sdk, href, data);\n        };\n    }\n  }\n}\n\nfunction links2fns(sdk, res, obj, ref) {\n  var fns = {};\n\n  for (var linkName in obj._links) {\n    if (!obj._links.hasOwnProperty(linkName)) {\n      continue;\n    }\n\n    var link = obj._links[linkName];\n\n    if (linkName === 'next') {\n      linkName = link.name;\n    }\n\n    if (link.type) {\n      fns[linkName] = link;\n      continue;\n    }\n\n    switch (linkName) {\n      // poll is only found at the transaction\n      // level, so we don't need to pass the link\n      case 'poll':\n        fns.poll = getPollFn(sdk, res, ref);\n        break;\n\n      default:\n        var fn = link2fn(sdk, res, obj, link, ref);\n\n        if (fn) {\n          fns[linkName] = fn;\n        }\n\n    }\n  }\n\n  return fns;\n}\n\nfunction flattenEmbedded(sdk, res, obj, ref) {\n  obj = obj || res;\n  obj = util.clone(obj);\n\n  if (Array.isArray(obj)) {\n    var objArr = [];\n\n    for (var o = 0, ol = obj.length; o < ol; o++) {\n      objArr.push(flattenEmbedded(sdk, res, obj[o], ref));\n    }\n\n    return objArr;\n  }\n\n  var embedded = obj._embedded || {};\n\n  for (var key in embedded) {\n    if (!embedded.hasOwnProperty(key)) {\n      continue;\n    } // Flatten any nested _embedded objects\n\n\n    if (util.isObject(embedded[key]) || Array.isArray(embedded[key])) {\n      embedded[key] = flattenEmbedded(sdk, res, embedded[key], ref);\n    }\n  } // Convert any links on the embedded object\n\n\n  var fns = links2fns(sdk, res, obj, ref);\n  util.extend(embedded, fns);\n  obj = util.omit(obj, '_embedded', '_links');\n  util.extend(obj, embedded);\n  return obj;\n}\n\nfunction AuthTransaction(sdk, res) {\n  if (res) {\n    this.data = res;\n    util.extend(this, flattenEmbedded(sdk, res, res, {}));\n    delete this.stateToken; // RECOVERY_CHALLENGE has some responses without _links.\n    // Without _links, we emulate cancel to make it intuitive\n    // to return to the starting state. We may remove this\n    // when OKTA-75434 is resolved\n\n    if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n      this.cancel = function () {\n        return Promise.resolve(new AuthTransaction(sdk));\n      };\n    }\n  }\n}\n\nmodule.exports = {\n  transactionStatus: transactionStatus,\n  resumeTransaction: resumeTransaction,\n  transactionExists: transactionExists,\n  postToTransaction: postToTransaction,\n  introspect: introspect\n};\n\n/***/ }),\n/* 10 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global window, document */\n\n/* eslint-disable complexity, max-statements */\nvar http = __webpack_require__(3);\n\nvar util = __webpack_require__(0);\n\nvar storageUtil = __webpack_require__(4);\n\nvar AuthSdkError = __webpack_require__(1);\n\nfunction generateState() {\n  return util.genRandomString(64);\n}\n\nfunction generateNonce() {\n  return util.genRandomString(64);\n}\n\nfunction isToken(obj) {\n  if (obj && (obj.accessToken || obj.idToken) && Array.isArray(obj.scopes)) {\n    return true;\n  }\n\n  return false;\n}\n\nfunction addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nfunction removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nfunction loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n  return document.body.appendChild(iframe);\n}\n\nfunction loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' + 'top=100, left=500, width=600, height=600';\n\n  if (util.isIE11OrLess()) {\n    // IE<=11 doesn't fully support postMessage at time of writting.\n    // the following simple solution happened to solve the issue\n    // without adding another proxy layer which makes flow more complecated.\n    var winEl = window.open('/', title, appearance);\n    winEl.location.href = src;\n    return winEl;\n  } else {\n    return window.open(src, title, appearance);\n  }\n}\n\nfunction getWellKnown(sdk, issuer) {\n  var authServerUri = issuer || sdk.options.issuer;\n  return http.get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nfunction getKey(sdk, issuer, kid) {\n  var httpCache = storageUtil.getHttpCache(sdk.options.cookies);\n  return getWellKnown(sdk, issuer).then(function (wellKnown) {\n    var jwksUri = wellKnown['jwks_uri']; // Check our kid against the cached version (if it exists and isn't expired)\n\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n\n    if (cachedResponse && Date.now() / 1000 < cachedResponse.expiresAt) {\n      var cachedKey = util.find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    } // Remove cache for the key\n\n\n    httpCache.clearStorage(jwksUri); // Pull the latest keys if the key wasn't in the cache\n\n    return http.get(sdk, jwksUri, {\n      cacheResponse: true\n    }).then(function (res) {\n      var key = util.find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n\nfunction validateClaims(sdk, claims, validationParams) {\n  var aud = validationParams.clientId;\n  var iss = validationParams.issuer;\n  var nonce = validationParams.nonce;\n\n  if (!claims || !iss || !aud) {\n    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n  }\n\n  if (nonce && claims.nonce !== nonce) {\n    throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n  }\n\n  var now = Math.floor(Date.now() / 1000);\n\n  if (claims.iss !== iss) {\n    throw new AuthSdkError('The issuer [' + claims.iss + '] ' + 'does not match [' + iss + ']');\n  }\n\n  if (claims.aud !== aud) {\n    throw new AuthSdkError('The audience [' + claims.aud + '] ' + 'does not match [' + aud + ']');\n  }\n\n  if (claims.iat > claims.exp) {\n    throw new AuthSdkError('The JWT expired before it was issued');\n  }\n\n  if (now - sdk.options.maxClockSkew > claims.exp) {\n    throw new AuthSdkError('The JWT expired and is no longer valid');\n  }\n\n  if (claims.iat > now + sdk.options.maxClockSkew) {\n    throw new AuthSdkError('The JWT was issued in the future');\n  }\n}\n\nfunction getOAuthUrls(sdk, options) {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n\n  options = options || {}; // Get user-supplied arguments\n\n  var authorizeUrl = util.removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = util.removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  var userinfoUrl = util.removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = util.removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = util.removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = util.removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n  var baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n\nfunction urlParamsToObject(hashOrSearch) {\n  // Predefine regexs for parsing hash\n  var plus2space = /\\+/g;\n  var paramSplit = /([^&=]+)=?([^&]*)/g;\n  var fragment = hashOrSearch; // Some hash based routers will automatically add a / character after the hash\n\n  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n    fragment = fragment.substring(2);\n  } // Remove the leading # or ?\n\n\n  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n    fragment = fragment.substring(1);\n  }\n\n  var obj = {}; // Loop until we have no more params\n\n  var param;\n\n  while (true) {\n    // eslint-disable-line no-constant-condition\n    param = paramSplit.exec(fragment);\n\n    if (!param) {\n      break;\n    }\n\n    var key = param[1];\n    var value = param[2]; // id_token should remain base64url encoded\n\n    if (key === 'id_token' || key === 'access_token' || key === 'code') {\n      obj[key] = value;\n    } else {\n      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n    }\n  }\n\n  return obj;\n}\n\nmodule.exports = {\n  generateState: generateState,\n  generateNonce: generateNonce,\n  getWellKnown: getWellKnown,\n  getKey: getKey,\n  validateClaims: validateClaims,\n  getOAuthUrls: getOAuthUrls,\n  loadFrame: loadFrame,\n  loadPopup: loadPopup,\n  urlParamsToObject: urlParamsToObject,\n  isToken: isToken,\n  addListener: addListener,\n  removeListener: removeListener\n};\n\n/***/ }),\n/* 11 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\nvar fetchRequest = __webpack_require__(12);\n\nvar storageUtil = __webpack_require__(4);\n\nmodule.exports = __webpack_require__(15)(storageUtil, fetchRequest);\n\n/***/ }),\n/* 12 */\n/***/ (function(module, exports, __webpack_require__) {\n\nvar _typeof = __webpack_require__(5);\n\n/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\nvar fetch = __webpack_require__(13);\n\nfunction readData(response) {\n  if (response.headers.get('Content-Type') && response.headers.get('Content-Type').toLowerCase().indexOf('application/json') >= 0) {\n    return response.json() // JSON parse can fail if response is not a valid object\n    .catch(function (e) {\n      return {\n        error: e,\n        errorSummary: 'Could not parse server response'\n      };\n    });\n  } else {\n    return response.text();\n  }\n}\n\nfunction formatResult(status, data) {\n  var isObject = _typeof(data) === 'object';\n  var result = {\n    responseText: isObject ? JSON.stringify(data) : data,\n    status: status\n  };\n\n  if (isObject) {\n    result.responseType = 'json';\n    result.responseJSON = data;\n  }\n\n  return result;\n}\n/* eslint-disable complexity */\n\n\nfunction fetchRequest(method, url, args) {\n  var body = args.data;\n  var headers = args.headers || {};\n  var contentType = headers['Content-Type'] || headers['content-type'] || ''; // JSON encode body (if appropriate)\n\n  if (contentType === 'application/json' && body && typeof body !== 'string') {\n    body = JSON.stringify(body);\n  }\n\n  var fetchPromise = fetch(url, {\n    method: method,\n    headers: args.headers,\n    body: body,\n    credentials: args.withCredentials ? 'include' : 'omit'\n  }).then(function (response) {\n    var error = !response.ok;\n    var status = response.status;\n    return readData(response).then(function (data) {\n      return formatResult(status, data);\n    }).then(function (result) {\n      if (error) {\n        // Throwing result object since error handling is done in http.js\n        throw result;\n      }\n\n      return result;\n    });\n  });\n  return fetchPromise;\n}\n\nmodule.exports = fetchRequest;\n\n/***/ }),\n/* 13 */\n/***/ (function(module, exports) {\n\nvar __self__ = (function (root) {\nfunction F() {\nthis.fetch = false;\nthis.DOMException = root.DOMException\n}\nF.prototype = root;\nreturn new F();\n})(typeof self !== 'undefined' ? self : this);\n(function(self) {\n\nvar irrelevant = (function (exports) {\n  var support = {\n    searchParams: 'URLSearchParams' in self,\n    iterable: 'Symbol' in self && 'iterator' in Symbol,\n    blob:\n      'FileReader' in self &&\n      'Blob' in self &&\n      (function() {\n        try {\n          new Blob();\n          return true\n        } catch (e) {\n          return false\n        }\n      })(),\n    formData: 'FormData' in self,\n    arrayBuffer: 'ArrayBuffer' in self\n  };\n\n  function isDataView(obj) {\n    return obj && DataView.prototype.isPrototypeOf(obj)\n  }\n\n  if (support.arrayBuffer) {\n    var viewClasses = [\n      '[object Int8Array]',\n      '[object Uint8Array]',\n      '[object Uint8ClampedArray]',\n      '[object Int16Array]',\n      '[object Uint16Array]',\n      '[object Int32Array]',\n      '[object Uint32Array]',\n      '[object Float32Array]',\n      '[object Float64Array]'\n    ];\n\n    var isArrayBufferView =\n      ArrayBuffer.isView ||\n      function(obj) {\n        return obj && viewClasses.indexOf(Object.prototype.toString.call(obj)) > -1\n      };\n  }\n\n  function normalizeName(name) {\n    if (typeof name !== 'string') {\n      name = String(name);\n    }\n    if (/[^a-z0-9\\-#$%&'*+.^_`|~]/i.test(name)) {\n      throw new TypeError('Invalid character in header field name')\n    }\n    return name.toLowerCase()\n  }\n\n  function normalizeValue(value) {\n    if (typeof value !== 'string') {\n      value = String(value);\n    }\n    return value\n  }\n\n  // Build a destructive iterator for the value list\n  function iteratorFor(items) {\n    var iterator = {\n      next: function() {\n        var value = items.shift();\n        return {done: value === undefined, value: value}\n      }\n    };\n\n    if (support.iterable) {\n      iterator[Symbol.iterator] = function() {\n        return iterator\n      };\n    }\n\n    return iterator\n  }\n\n  function Headers(headers) {\n    this.map = {};\n\n    if (headers instanceof Headers) {\n      headers.forEach(function(value, name) {\n        this.append(name, value);\n      }, this);\n    } else if (Array.isArray(headers)) {\n      headers.forEach(function(header) {\n        this.append(header[0], header[1]);\n      }, this);\n    } else if (headers) {\n      Object.getOwnPropertyNames(headers).forEach(function(name) {\n        this.append(name, headers[name]);\n      }, this);\n    }\n  }\n\n  Headers.prototype.append = function(name, value) {\n    name = normalizeName(name);\n    value = normalizeValue(value);\n    var oldValue = this.map[name];\n    this.map[name] = oldValue ? oldValue + ', ' + value : value;\n  };\n\n  Headers.prototype['delete'] = function(name) {\n    delete this.map[normalizeName(name)];\n  };\n\n  Headers.prototype.get = function(name) {\n    name = normalizeName(name);\n    return this.has(name) ? this.map[name] : null\n  };\n\n  Headers.prototype.has = function(name) {\n    return this.map.hasOwnProperty(normalizeName(name))\n  };\n\n  Headers.prototype.set = function(name, value) {\n    this.map[normalizeName(name)] = normalizeValue(value);\n  };\n\n  Headers.prototype.forEach = function(callback, thisArg) {\n    for (var name in this.map) {\n      if (this.map.hasOwnProperty(name)) {\n        callback.call(thisArg, this.map[name], name, this);\n      }\n    }\n  };\n\n  Headers.prototype.keys = function() {\n    var items = [];\n    this.forEach(function(value, name) {\n      items.push(name);\n    });\n    return iteratorFor(items)\n  };\n\n  Headers.prototype.values = function() {\n    var items = [];\n    this.forEach(function(value) {\n      items.push(value);\n    });\n    return iteratorFor(items)\n  };\n\n  Headers.prototype.entries = function() {\n    var items = [];\n    this.forEach(function(value, name) {\n      items.push([name, value]);\n    });\n    return iteratorFor(items)\n  };\n\n  if (support.iterable) {\n    Headers.prototype[Symbol.iterator] = Headers.prototype.entries;\n  }\n\n  function consumed(body) {\n    if (body.bodyUsed) {\n      return Promise.reject(new TypeError('Already read'))\n    }\n    body.bodyUsed = true;\n  }\n\n  function fileReaderReady(reader) {\n    return new Promise(function(resolve, reject) {\n      reader.onload = function() {\n        resolve(reader.result);\n      };\n      reader.onerror = function() {\n        reject(reader.error);\n      };\n    })\n  }\n\n  function readBlobAsArrayBuffer(blob) {\n    var reader = new FileReader();\n    var promise = fileReaderReady(reader);\n    reader.readAsArrayBuffer(blob);\n    return promise\n  }\n\n  function readBlobAsText(blob) {\n    var reader = new FileReader();\n    var promise = fileReaderReady(reader);\n    reader.readAsText(blob);\n    return promise\n  }\n\n  function readArrayBufferAsText(buf) {\n    var view = new Uint8Array(buf);\n    var chars = new Array(view.length);\n\n    for (var i = 0; i < view.length; i++) {\n      chars[i] = String.fromCharCode(view[i]);\n    }\n    return chars.join('')\n  }\n\n  function bufferClone(buf) {\n    if (buf.slice) {\n      return buf.slice(0)\n    } else {\n      var view = new Uint8Array(buf.byteLength);\n      view.set(new Uint8Array(buf));\n      return view.buffer\n    }\n  }\n\n  function Body() {\n    this.bodyUsed = false;\n\n    this._initBody = function(body) {\n      this._bodyInit = body;\n      if (!body) {\n        this._bodyText = '';\n      } else if (typeof body === 'string') {\n        this._bodyText = body;\n      } else if (support.blob && Blob.prototype.isPrototypeOf(body)) {\n        this._bodyBlob = body;\n      } else if (support.formData && FormData.prototype.isPrototypeOf(body)) {\n        this._bodyFormData = body;\n      } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n        this._bodyText = body.toString();\n      } else if (support.arrayBuffer && support.blob && isDataView(body)) {\n        this._bodyArrayBuffer = bufferClone(body.buffer);\n        // IE 10-11 can't handle a DataView body.\n        this._bodyInit = new Blob([this._bodyArrayBuffer]);\n      } else if (support.arrayBuffer && (ArrayBuffer.prototype.isPrototypeOf(body) || isArrayBufferView(body))) {\n        this._bodyArrayBuffer = bufferClone(body);\n      } else {\n        this._bodyText = body = Object.prototype.toString.call(body);\n      }\n\n      if (!this.headers.get('content-type')) {\n        if (typeof body === 'string') {\n          this.headers.set('content-type', 'text/plain;charset=UTF-8');\n        } else if (this._bodyBlob && this._bodyBlob.type) {\n          this.headers.set('content-type', this._bodyBlob.type);\n        } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n          this.headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n        }\n      }\n    };\n\n    if (support.blob) {\n      this.blob = function() {\n        var rejected = consumed(this);\n        if (rejected) {\n          return rejected\n        }\n\n        if (this._bodyBlob) {\n          return Promise.resolve(this._bodyBlob)\n        } else if (this._bodyArrayBuffer) {\n          return Promise.resolve(new Blob([this._bodyArrayBuffer]))\n        } else if (this._bodyFormData) {\n          throw new Error('could not read FormData body as blob')\n        } else {\n          return Promise.resolve(new Blob([this._bodyText]))\n        }\n      };\n\n      this.arrayBuffer = function() {\n        if (this._bodyArrayBuffer) {\n          return consumed(this) || Promise.resolve(this._bodyArrayBuffer)\n        } else {\n          return this.blob().then(readBlobAsArrayBuffer)\n        }\n      };\n    }\n\n    this.text = function() {\n      var rejected = consumed(this);\n      if (rejected) {\n        return rejected\n      }\n\n      if (this._bodyBlob) {\n        return readBlobAsText(this._bodyBlob)\n      } else if (this._bodyArrayBuffer) {\n        return Promise.resolve(readArrayBufferAsText(this._bodyArrayBuffer))\n      } else if (this._bodyFormData) {\n        throw new Error('could not read FormData body as text')\n      } else {\n        return Promise.resolve(this._bodyText)\n      }\n    };\n\n    if (support.formData) {\n      this.formData = function() {\n        return this.text().then(decode)\n      };\n    }\n\n    this.json = function() {\n      return this.text().then(JSON.parse)\n    };\n\n    return this\n  }\n\n  // HTTP methods whose capitalization should be normalized\n  var methods = ['DELETE', 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT'];\n\n  function normalizeMethod(method) {\n    var upcased = method.toUpperCase();\n    return methods.indexOf(upcased) > -1 ? upcased : method\n  }\n\n  function Request(input, options) {\n    options = options || {};\n    var body = options.body;\n\n    if (input instanceof Request) {\n      if (input.bodyUsed) {\n        throw new TypeError('Already read')\n      }\n      this.url = input.url;\n      this.credentials = input.credentials;\n      if (!options.headers) {\n        this.headers = new Headers(input.headers);\n      }\n      this.method = input.method;\n      this.mode = input.mode;\n      this.signal = input.signal;\n      if (!body && input._bodyInit != null) {\n        body = input._bodyInit;\n        input.bodyUsed = true;\n      }\n    } else {\n      this.url = String(input);\n    }\n\n    this.credentials = options.credentials || this.credentials || 'same-origin';\n    if (options.headers || !this.headers) {\n      this.headers = new Headers(options.headers);\n    }\n    this.method = normalizeMethod(options.method || this.method || 'GET');\n    this.mode = options.mode || this.mode || null;\n    this.signal = options.signal || this.signal;\n    this.referrer = null;\n\n    if ((this.method === 'GET' || this.method === 'HEAD') && body) {\n      throw new TypeError('Body not allowed for GET or HEAD requests')\n    }\n    this._initBody(body);\n  }\n\n  Request.prototype.clone = function() {\n    return new Request(this, {body: this._bodyInit})\n  };\n\n  function decode(body) {\n    var form = new FormData();\n    body\n      .trim()\n      .split('&')\n      .forEach(function(bytes) {\n        if (bytes) {\n          var split = bytes.split('=');\n          var name = split.shift().replace(/\\+/g, ' ');\n          var value = split.join('=').replace(/\\+/g, ' ');\n          form.append(decodeURIComponent(name), decodeURIComponent(value));\n        }\n      });\n    return form\n  }\n\n  function parseHeaders(rawHeaders) {\n    var headers = new Headers();\n    // Replace instances of \\r\\n and \\n followed by at least one space or horizontal tab with a space\n    // https://tools.ietf.org/html/rfc7230#section-3.2\n    var preProcessedHeaders = rawHeaders.replace(/\\r?\\n[\\t ]+/g, ' ');\n    preProcessedHeaders.split(/\\r?\\n/).forEach(function(line) {\n      var parts = line.split(':');\n      var key = parts.shift().trim();\n      if (key) {\n        var value = parts.join(':').trim();\n        headers.append(key, value);\n      }\n    });\n    return headers\n  }\n\n  Body.call(Request.prototype);\n\n  function Response(bodyInit, options) {\n    if (!options) {\n      options = {};\n    }\n\n    this.type = 'default';\n    this.status = options.status === undefined ? 200 : options.status;\n    this.ok = this.status >= 200 && this.status < 300;\n    this.statusText = 'statusText' in options ? options.statusText : 'OK';\n    this.headers = new Headers(options.headers);\n    this.url = options.url || '';\n    this._initBody(bodyInit);\n  }\n\n  Body.call(Response.prototype);\n\n  Response.prototype.clone = function() {\n    return new Response(this._bodyInit, {\n      status: this.status,\n      statusText: this.statusText,\n      headers: new Headers(this.headers),\n      url: this.url\n    })\n  };\n\n  Response.error = function() {\n    var response = new Response(null, {status: 0, statusText: ''});\n    response.type = 'error';\n    return response\n  };\n\n  var redirectStatuses = [301, 302, 303, 307, 308];\n\n  Response.redirect = function(url, status) {\n    if (redirectStatuses.indexOf(status) === -1) {\n      throw new RangeError('Invalid status code')\n    }\n\n    return new Response(null, {status: status, headers: {location: url}})\n  };\n\n  exports.DOMException = self.DOMException;\n  try {\n    new exports.DOMException();\n  } catch (err) {\n    exports.DOMException = function(message, name) {\n      this.message = message;\n      this.name = name;\n      var error = Error(message);\n      this.stack = error.stack;\n    };\n    exports.DOMException.prototype = Object.create(Error.prototype);\n    exports.DOMException.prototype.constructor = exports.DOMException;\n  }\n\n  function fetch(input, init) {\n    return new Promise(function(resolve, reject) {\n      var request = new Request(input, init);\n\n      if (request.signal && request.signal.aborted) {\n        return reject(new exports.DOMException('Aborted', 'AbortError'))\n      }\n\n      var xhr = new XMLHttpRequest();\n\n      function abortXhr() {\n        xhr.abort();\n      }\n\n      xhr.onload = function() {\n        var options = {\n          status: xhr.status,\n          statusText: xhr.statusText,\n          headers: parseHeaders(xhr.getAllResponseHeaders() || '')\n        };\n        options.url = 'responseURL' in xhr ? xhr.responseURL : options.headers.get('X-Request-URL');\n        var body = 'response' in xhr ? xhr.response : xhr.responseText;\n        resolve(new Response(body, options));\n      };\n\n      xhr.onerror = function() {\n        reject(new TypeError('Network request failed'));\n      };\n\n      xhr.ontimeout = function() {\n        reject(new TypeError('Network request failed'));\n      };\n\n      xhr.onabort = function() {\n        reject(new exports.DOMException('Aborted', 'AbortError'));\n      };\n\n      xhr.open(request.method, request.url, true);\n\n      if (request.credentials === 'include') {\n        xhr.withCredentials = true;\n      } else if (request.credentials === 'omit') {\n        xhr.withCredentials = false;\n      }\n\n      if ('responseType' in xhr && support.blob) {\n        xhr.responseType = 'blob';\n      }\n\n      request.headers.forEach(function(value, name) {\n        xhr.setRequestHeader(name, value);\n      });\n\n      if (request.signal) {\n        request.signal.addEventListener('abort', abortXhr);\n\n        xhr.onreadystatechange = function() {\n          // DONE (success or failure)\n          if (xhr.readyState === 4) {\n            request.signal.removeEventListener('abort', abortXhr);\n          }\n        };\n      }\n\n      xhr.send(typeof request._bodyInit === 'undefined' ? null : request._bodyInit);\n    })\n  }\n\n  fetch.polyfill = true;\n\n  if (!self.fetch) {\n    self.fetch = fetch;\n    self.Headers = Headers;\n    self.Request = Request;\n    self.Response = Response;\n  }\n\n  exports.Headers = Headers;\n  exports.Request = Request;\n  exports.Response = Response;\n  exports.fetch = fetch;\n\n  return exports;\n\n}({}));\n})(__self__);\ndelete __self__.fetch.polyfill\nexports = __self__.fetch // To enable: import fetch from 'cross-fetch'\nexports.default = __self__.fetch // For TypeScript consumers without esModuleInterop.\nexports.fetch = __self__.fetch // To enable: import {fetch} from 'cross-fetch'\nexports.Headers = __self__.Headers\nexports.Request = __self__.Request\nexports.Response = __self__.Response\nmodule.exports = exports\n\n\n/***/ }),\n/* 14 */\n/***/ (function(module, exports, __webpack_require__) {\n\nvar __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_RESULT__;/*!\n * JavaScript Cookie v2.2.0\n * https://github.com/js-cookie/js-cookie\n *\n * Copyright 2006, 2015 Klaus Hartl & Fagner Brack\n * Released under the MIT license\n */\n;(function (factory) {\n\tvar registeredInModuleLoader = false;\n\tif (true) {\n\t\t!(__WEBPACK_AMD_DEFINE_FACTORY__ = (factory),\n\t\t\t\t__WEBPACK_AMD_DEFINE_RESULT__ = (typeof __WEBPACK_AMD_DEFINE_FACTORY__ === 'function' ?\n\t\t\t\t(__WEBPACK_AMD_DEFINE_FACTORY__.call(exports, __webpack_require__, exports, module)) :\n\t\t\t\t__WEBPACK_AMD_DEFINE_FACTORY__),\n\t\t\t\t__WEBPACK_AMD_DEFINE_RESULT__ !== undefined && (module.exports = __WEBPACK_AMD_DEFINE_RESULT__));\n\t\tregisteredInModuleLoader = true;\n\t}\n\tif (true) {\n\t\tmodule.exports = factory();\n\t\tregisteredInModuleLoader = true;\n\t}\n\tif (!registeredInModuleLoader) {\n\t\tvar OldCookies = window.Cookies;\n\t\tvar api = window.Cookies = factory();\n\t\tapi.noConflict = function () {\n\t\t\twindow.Cookies = OldCookies;\n\t\t\treturn api;\n\t\t};\n\t}\n}(function () {\n\tfunction extend () {\n\t\tvar i = 0;\n\t\tvar result = {};\n\t\tfor (; i < arguments.length; i++) {\n\t\t\tvar attributes = arguments[ i ];\n\t\t\tfor (var key in attributes) {\n\t\t\t\tresult[key] = attributes[key];\n\t\t\t}\n\t\t}\n\t\treturn result;\n\t}\n\n\tfunction init (converter) {\n\t\tfunction api (key, value, attributes) {\n\t\t\tvar result;\n\t\t\tif (typeof document === 'undefined') {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// Write\n\n\t\t\tif (arguments.length > 1) {\n\t\t\t\tattributes = extend({\n\t\t\t\t\tpath: '/'\n\t\t\t\t}, api.defaults, attributes);\n\n\t\t\t\tif (typeof attributes.expires === 'number') {\n\t\t\t\t\tvar expires = new Date();\n\t\t\t\t\texpires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5);\n\t\t\t\t\tattributes.expires = expires;\n\t\t\t\t}\n\n\t\t\t\t// We're using \"expires\" because \"max-age\" is not supported by IE\n\t\t\t\tattributes.expires = attributes.expires ? attributes.expires.toUTCString() : '';\n\n\t\t\t\ttry {\n\t\t\t\t\tresult = JSON.stringify(value);\n\t\t\t\t\tif (/^[\\{\\[]/.test(result)) {\n\t\t\t\t\t\tvalue = result;\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {}\n\n\t\t\t\tif (!converter.write) {\n\t\t\t\t\tvalue = encodeURIComponent(String(value))\n\t\t\t\t\t\t.replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);\n\t\t\t\t} else {\n\t\t\t\t\tvalue = converter.write(value, key);\n\t\t\t\t}\n\n\t\t\t\tkey = encodeURIComponent(String(key));\n\t\t\t\tkey = key.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent);\n\t\t\t\tkey = key.replace(/[\\(\\)]/g, escape);\n\n\t\t\t\tvar stringifiedAttributes = '';\n\n\t\t\t\tfor (var attributeName in attributes) {\n\t\t\t\t\tif (!attributes[attributeName]) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tstringifiedAttributes += '; ' + attributeName;\n\t\t\t\t\tif (attributes[attributeName] === true) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tstringifiedAttributes += '=' + attributes[attributeName];\n\t\t\t\t}\n\t\t\t\treturn (document.cookie = key + '=' + value + stringifiedAttributes);\n\t\t\t}\n\n\t\t\t// Read\n\n\t\t\tif (!key) {\n\t\t\t\tresult = {};\n\t\t\t}\n\n\t\t\t// To prevent the for loop in the first place assign an empty array\n\t\t\t// in case there are no cookies at all. Also prevents odd result when\n\t\t\t// calling \"get()\"\n\t\t\tvar cookies = document.cookie ? document.cookie.split('; ') : [];\n\t\t\tvar rdecode = /(%[0-9A-Z]{2})+/g;\n\t\t\tvar i = 0;\n\n\t\t\tfor (; i < cookies.length; i++) {\n\t\t\t\tvar parts = cookies[i].split('=');\n\t\t\t\tvar cookie = parts.slice(1).join('=');\n\n\t\t\t\tif (!this.json && cookie.charAt(0) === '\"') {\n\t\t\t\t\tcookie = cookie.slice(1, -1);\n\t\t\t\t}\n\n\t\t\t\ttry {\n\t\t\t\t\tvar name = parts[0].replace(rdecode, decodeURIComponent);\n\t\t\t\t\tcookie = converter.read ?\n\t\t\t\t\t\tconverter.read(cookie, name) : converter(cookie, name) ||\n\t\t\t\t\t\tcookie.replace(rdecode, decodeURIComponent);\n\n\t\t\t\t\tif (this.json) {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tcookie = JSON.parse(cookie);\n\t\t\t\t\t\t} catch (e) {}\n\t\t\t\t\t}\n\n\t\t\t\t\tif (key === name) {\n\t\t\t\t\t\tresult = cookie;\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!key) {\n\t\t\t\t\t\tresult[name] = cookie;\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {}\n\t\t\t}\n\n\t\t\treturn result;\n\t\t}\n\n\t\tapi.set = api;\n\t\tapi.get = function (key) {\n\t\t\treturn api.call(api, key);\n\t\t};\n\t\tapi.getJSON = function () {\n\t\t\treturn api.apply({\n\t\t\t\tjson: true\n\t\t\t}, [].slice.call(arguments));\n\t\t};\n\t\tapi.defaults = {};\n\n\t\tapi.remove = function (key, attributes) {\n\t\t\tapi(key, '', extend(attributes, {\n\t\t\t\texpires: -1\n\t\t\t}));\n\t\t};\n\n\t\tapi.withConverter = init;\n\n\t\treturn api;\n\t}\n\n\treturn init(function () {});\n}));\n\n\n/***/ }),\n/* 15 */\n/***/ (function(module, exports, __webpack_require__) {\n\nvar _regeneratorRuntime = __webpack_require__(7);\n\nvar _asyncToGenerator = __webpack_require__(8);\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* eslint-disable complexity */\n\n/* eslint-disable max-statements */\n\n/* SDK_VERSION is defined in webpack config */\n\n/* global SDK_VERSION */\n\n/* global window, navigator, document, crypto */\nvar Emitter = __webpack_require__(17);\n\nvar AuthSdkError = __webpack_require__(1);\n\nvar builderUtil = __webpack_require__(18);\n\nvar constants = __webpack_require__(2);\n\nvar cookies = __webpack_require__(4).storage;\n\nvar http = __webpack_require__(3);\n\nvar oauthUtil = __webpack_require__(10);\n\nvar session = __webpack_require__(21);\n\nvar token = __webpack_require__(22);\n\nvar TokenManager = __webpack_require__(26);\n\nvar tx = __webpack_require__(9);\n\nvar util = __webpack_require__(0);\n\nfunction OktaAuthBuilder(args) {\n  var sdk = this;\n  builderUtil.assertValidConfig(args);\n  var cookieSettings = util.extend({\n    secure: true\n  }, args.cookies);\n  var isLocalhost = sdk.features.isLocalhost() && !sdk.features.isHTTPS();\n\n  if (isLocalhost) {\n    cookieSettings.secure = false; // Force secure=false if running on http://localhost\n  }\n\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n\n  if (cookieSettings.secure && !sdk.features.isHTTPS()) {\n    // eslint-disable-next-line no-console\n    console.warn('The current page is not being served with the HTTPS protocol.\\n' + 'For security reasons, we strongly recommend using HTTPS.\\n' + 'If you cannot use HTTPS, set \"cookies.secure\" option to false.');\n    cookieSettings.secure = false;\n  }\n\n  this.options = {\n    clientId: args.clientId,\n    issuer: util.removeTrailingSlash(args.issuer),\n    authorizeUrl: util.removeTrailingSlash(args.authorizeUrl),\n    userinfoUrl: util.removeTrailingSlash(args.userinfoUrl),\n    tokenUrl: util.removeTrailingSlash(args.tokenUrl),\n    revokeUrl: util.removeTrailingSlash(args.revokeUrl),\n    logoutUrl: util.removeTrailingSlash(args.logoutUrl),\n    pkce: args.pkce === false ? false : true,\n    redirectUri: args.redirectUri,\n    postLogoutRedirectUri: args.postLogoutRedirectUri,\n    responseMode: args.responseMode,\n    httpRequestClient: args.httpRequestClient,\n    storageUtil: args.storageUtil,\n    transformErrorXHR: args.transformErrorXHR,\n    headers: args.headers,\n    onSessionExpired: args.onSessionExpired,\n    cookies: cookieSettings\n  };\n  this.userAgent = builderUtil.getUserAgent(args, \"3.1.1\") || 'okta-auth-js-' + \"3.1.1\"; // Digital clocks will drift over time, so the server\n  // can misalign with the time reported by the browser.\n  // The maxClockSkew allows relaxing the time-based\n  // validation of tokens (in seconds, not milliseconds).\n  // It currently defaults to 300, because 5 min is the\n  // default maximum tolerance allowed by Kerberos.\n  // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n\n  if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n    this.options.maxClockSkew = constants.DEFAULT_MAX_CLOCK_SKEW;\n  } else {\n    this.options.maxClockSkew = args.maxClockSkew;\n  } // Give the developer the ability to disable token signature\n  // validation.\n\n\n  this.options.ignoreSignature = !!args.ignoreSignature;\n  sdk.session = {\n    close: util.bind(session.closeSession, null, sdk),\n    exists: util.bind(session.sessionExists, null, sdk),\n    get: util.bind(session.getSession, null, sdk),\n    refresh: util.bind(session.refreshSession, null, sdk),\n    setCookieAndRedirect: util.bind(session.setCookieAndRedirect, null, sdk)\n  };\n  sdk.tx = {\n    status: util.bind(tx.transactionStatus, null, sdk),\n    resume: util.bind(tx.resumeTransaction, null, sdk),\n    exists: util.bind(tx.transactionExists, null, sdk),\n    introspect: util.bind(tx.introspect, null, sdk)\n  }; // This is exposed so we can mock document.cookie in our tests\n\n  sdk.tx.exists._get = function (name) {\n    return cookies.get(name);\n  }; // This is exposed so we can mock window.location.href in our tests\n\n\n  sdk.idToken = {\n    authorize: {\n      _getLocationHref: function _getLocationHref() {\n        return window.location.href;\n      }\n    }\n  };\n  sdk.token = {\n    getWithoutPrompt: util.bind(token.getWithoutPrompt, null, sdk),\n    getWithPopup: util.bind(token.getWithPopup, null, sdk),\n    getWithRedirect: util.bind(token.getWithRedirect, null, sdk),\n    parseFromUrl: util.bind(token.parseFromUrl, null, sdk),\n    decode: token.decodeToken,\n    revoke: util.bind(token.revokeToken, null, sdk),\n    renew: util.bind(token.renewToken, null, sdk),\n    getUserInfo: util.bind(token.getUserInfo, null, sdk),\n    verify: util.bind(token.verifyToken, null, sdk)\n  }; // This is exposed so we can set window.location in our tests\n\n  sdk.token.getWithRedirect._setLocation = function (url) {\n    window.location = url;\n  }; // This is exposed so we can mock getting window.history in our tests\n\n\n  sdk.token.parseFromUrl._getHistory = function () {\n    return window.history;\n  }; // This is exposed so we can mock getting window.location in our tests\n\n\n  sdk.token.parseFromUrl._getLocation = function () {\n    return window.location;\n  }; // This is exposed so we can mock getting window.document in our tests\n\n\n  sdk.token.parseFromUrl._getDocument = function () {\n    return window.document;\n  };\n\n  sdk.fingerprint._getUserAgent = function () {\n    return navigator.userAgent;\n  };\n\n  var isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\n\n  sdk.features.isFingerprintSupported = function () {\n    var agent = sdk.fingerprint._getUserAgent();\n\n    return agent && !isWindowsPhone.test(agent);\n  };\n\n  sdk.emitter = new Emitter();\n  sdk.tokenManager = new TokenManager(sdk, args.tokenManager);\n  sdk.tokenManager.on('error', this._onTokenManagerError, this);\n}\n\nvar proto = OktaAuthBuilder.prototype;\n\nproto._onTokenManagerError = function (error) {\n  var code = error.errorCode;\n\n  if (code === 'login_required' && error.accessToken) {\n    if (this.options.onSessionExpired) {\n      this.options.onSessionExpired();\n    } else {\n      // eslint-disable-next-line no-console\n      console.error('Session has expired or was closed outside the application.');\n    }\n  }\n};\n\nproto.features = {};\n\nproto.features.isPopupPostMessageSupported = function () {\n  var isIE8or9 = document.documentMode && document.documentMode < 10;\n\n  if (window.postMessage && !isIE8or9) {\n    return true;\n  }\n\n  return false;\n};\n\nproto.features.isTokenVerifySupported = function () {\n  return typeof crypto !== 'undefined' && crypto.subtle && typeof Uint8Array !== 'undefined';\n};\n\nproto.features.hasTextEncoder = function () {\n  return typeof TextEncoder !== 'undefined';\n};\n\nproto.features.isPKCESupported = function () {\n  return proto.features.isTokenVerifySupported() && proto.features.hasTextEncoder();\n};\n\nproto.features.isHTTPS = function () {\n  return window.location.protocol === 'https:';\n};\n\nproto.features.isLocalhost = function () {\n  return window.location.hostname === 'localhost';\n}; // { username, password, (relayState), (context) }\n\n\nproto.signIn = function (opts) {\n  var sdk = this;\n  opts = util.clone(opts || {});\n\n  function postToTransaction(options) {\n    delete opts.sendFingerprint;\n    return tx.postToTransaction(sdk, '/api/v1/authn', opts, options);\n  }\n\n  if (!opts.sendFingerprint) {\n    return postToTransaction();\n  }\n\n  return sdk.fingerprint().then(function (fingerprint) {\n    return postToTransaction({\n      headers: {\n        'X-Device-Fingerprint': fingerprint\n      }\n    });\n  });\n}; // Ends the current Okta SSO session without redirecting to Okta.\n\n\nproto.closeSession = function closeSession() {\n  var sdk = this; // Clear all local tokens\n\n  sdk.tokenManager.clear();\n  return sdk.session.close() // DELETE /api/v1/sessions/me\n  .catch(function (e) {\n    if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n      // Session does not exist or has already been closed\n      return;\n    }\n\n    throw e;\n  });\n}; // Revokes the access token for the application session\n\n\nproto.revokeAccessToken =\n/*#__PURE__*/\nfunction () {\n  var _revokeAccessToken = _asyncToGenerator(\n  /*#__PURE__*/\n  _regeneratorRuntime.mark(function _callee(accessToken) {\n    var sdk;\n    return _regeneratorRuntime.wrap(function _callee$(_context) {\n      while (1) {\n        switch (_context.prev = _context.next) {\n          case 0:\n            sdk = this;\n\n            if (accessToken) {\n              _context.next = 5;\n              break;\n            }\n\n            _context.next = 4;\n            return sdk.tokenManager.get('accessToken');\n\n          case 4:\n            accessToken = _context.sent;\n\n          case 5:\n            if (accessToken) {\n              _context.next = 7;\n              break;\n            }\n\n            return _context.abrupt(\"return\", Promise.resolve());\n\n          case 7:\n            return _context.abrupt(\"return\", sdk.token.revoke(accessToken));\n\n          case 8:\n          case \"end\":\n            return _context.stop();\n        }\n      }\n    }, _callee, this);\n  }));\n\n  function revokeAccessToken(_x) {\n    return _revokeAccessToken.apply(this, arguments);\n  }\n\n  return revokeAccessToken;\n}(); // Revokes accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\n\n\nproto.signOut =\n/*#__PURE__*/\nfunction () {\n  var _ref = _asyncToGenerator(\n  /*#__PURE__*/\n  _regeneratorRuntime.mark(function _callee2(options) {\n    var defaultUri, postLogoutRedirectUri, accessToken, revokeAccessToken, idToken, sdk, logoutUrl, state, idTokenHint, logoutUri;\n    return _regeneratorRuntime.wrap(function _callee2$(_context2) {\n      while (1) {\n        switch (_context2.prev = _context2.next) {\n          case 0:\n            options = util.extend({}, options); // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n\n            defaultUri = window.location.origin;\n            postLogoutRedirectUri = options.postLogoutRedirectUri || this.options.postLogoutRedirectUri || defaultUri;\n            accessToken = options.accessToken;\n            revokeAccessToken = options.revokeAccessToken !== false;\n            idToken = options.idToken;\n            sdk = this;\n            logoutUrl = oauthUtil.getOAuthUrls(sdk).logoutUrl;\n\n            if (!(typeof idToken === 'undefined')) {\n              _context2.next = 12;\n              break;\n            }\n\n            _context2.next = 11;\n            return sdk.tokenManager.get('idToken');\n\n          case 11:\n            idToken = _context2.sent;\n\n          case 12:\n            if (!(revokeAccessToken && typeof accessToken === 'undefined')) {\n              _context2.next = 16;\n              break;\n            }\n\n            _context2.next = 15;\n            return sdk.tokenManager.get('token');\n\n          case 15:\n            accessToken = _context2.sent;\n\n          case 16:\n            // Clear all local tokens\n            sdk.tokenManager.clear();\n\n            if (!(revokeAccessToken && accessToken)) {\n              _context2.next = 20;\n              break;\n            }\n\n            _context2.next = 20;\n            return sdk.revokeAccessToken(accessToken);\n\n          case 20:\n            if (idToken) {\n              _context2.next = 22;\n              break;\n            }\n\n            return _context2.abrupt(\"return\", sdk.closeSession() // can throw if the user cannot be signed out\n            .then(function () {\n              if (postLogoutRedirectUri === defaultUri) {\n                window.location.reload();\n              } else {\n                window.location.assign(postLogoutRedirectUri);\n              }\n            }));\n\n          case 22:\n            // logout redirect using the idToken.\n            state = options.state;\n            idTokenHint = idToken.idToken; // a string\n\n            logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint) + '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri); // State allows option parameters to be passed to logout redirect uri\n\n            if (state) {\n              logoutUri += '&state=' + encodeURIComponent(state);\n            }\n\n            window.location.assign(logoutUri);\n\n          case 27:\n          case \"end\":\n            return _context2.stop();\n        }\n      }\n    }, _callee2, this);\n  }));\n\n  return function (_x2) {\n    return _ref.apply(this, arguments);\n  };\n}();\n\nbuilderUtil.addSharedPrototypes(proto); // { resource, (rel), (requestContext)}\n\nproto.webfinger = function (opts) {\n  var url = '/.well-known/webfinger' + util.toQueryParams(opts);\n  var options = {\n    headers: {\n      'Accept': 'application/jrd+json'\n    }\n  };\n  return http.get(this, url, options);\n};\n\nproto.fingerprint = function (options) {\n  options = options || {};\n  var sdk = this;\n\n  if (!sdk.features.isFingerprintSupported()) {\n    return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n  }\n\n  var timeout;\n  var iframe;\n  var listener;\n  var promise = new Promise(function (resolve, reject) {\n    iframe = document.createElement('iframe');\n    iframe.style.display = 'none';\n\n    listener = function listener(e) {\n      if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n        return;\n      }\n\n      try {\n        var msg = JSON.parse(e.data);\n      } catch (err) {\n        return reject(new AuthSdkError('Unable to parse iframe response'));\n      }\n\n      if (!msg) {\n        return;\n      }\n\n      if (msg.type === 'FingerprintAvailable') {\n        return resolve(msg.fingerprint);\n      }\n\n      if (msg.type === 'FingerprintServiceReady') {\n        e.source.postMessage(JSON.stringify({\n          type: 'GetFingerprint'\n        }), e.origin);\n      }\n    };\n\n    oauthUtil.addListener(window, 'message', listener);\n    iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n    document.body.appendChild(iframe);\n    timeout = setTimeout(function () {\n      reject(new AuthSdkError('Fingerprinting timed out'));\n    }, options.timeout || 15000);\n  });\n  return promise.finally(function () {\n    clearTimeout(timeout);\n    oauthUtil.removeListener(window, 'message', listener);\n\n    if (document.body.contains(iframe)) {\n      iframe.parentElement.removeChild(iframe);\n    }\n  });\n};\n\nmodule.exports = builderUtil.buildOktaAuth(OktaAuthBuilder);\n\n/***/ }),\n/* 16 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/**\n * Copyright (c) 2014-present, Facebook, Inc.\n *\n * This source code is licensed under the MIT license found in the\n * LICENSE file in the root directory of this source tree.\n */\n\nvar runtime = (function (exports) {\n  \"use strict\";\n\n  var Op = Object.prototype;\n  var hasOwn = Op.hasOwnProperty;\n  var undefined; // More compressible than void 0.\n  var $Symbol = typeof Symbol === \"function\" ? Symbol : {};\n  var iteratorSymbol = $Symbol.iterator || \"@@iterator\";\n  var asyncIteratorSymbol = $Symbol.asyncIterator || \"@@asyncIterator\";\n  var toStringTagSymbol = $Symbol.toStringTag || \"@@toStringTag\";\n\n  function wrap(innerFn, outerFn, self, tryLocsList) {\n    // If outerFn provided and outerFn.prototype is a Generator, then outerFn.prototype instanceof Generator.\n    var protoGenerator = outerFn && outerFn.prototype instanceof Generator ? outerFn : Generator;\n    var generator = Object.create(protoGenerator.prototype);\n    var context = new Context(tryLocsList || []);\n\n    // The ._invoke method unifies the implementations of the .next,\n    // .throw, and .return methods.\n    generator._invoke = makeInvokeMethod(innerFn, self, context);\n\n    return generator;\n  }\n  exports.wrap = wrap;\n\n  // Try/catch helper to minimize deoptimizations. Returns a completion\n  // record like context.tryEntries[i].completion. This interface could\n  // have been (and was previously) designed to take a closure to be\n  // invoked without arguments, but in all the cases we care about we\n  // already have an existing method we want to call, so there's no need\n  // to create a new function object. We can even get away with assuming\n  // the method takes exactly one argument, since that happens to be true\n  // in every case, so we don't have to touch the arguments object. The\n  // only additional allocation required is the completion record, which\n  // has a stable shape and so hopefully should be cheap to allocate.\n  function tryCatch(fn, obj, arg) {\n    try {\n      return { type: \"normal\", arg: fn.call(obj, arg) };\n    } catch (err) {\n      return { type: \"throw\", arg: err };\n    }\n  }\n\n  var GenStateSuspendedStart = \"suspendedStart\";\n  var GenStateSuspendedYield = \"suspendedYield\";\n  var GenStateExecuting = \"executing\";\n  var GenStateCompleted = \"completed\";\n\n  // Returning this object from the innerFn has the same effect as\n  // breaking out of the dispatch switch statement.\n  var ContinueSentinel = {};\n\n  // Dummy constructor functions that we use as the .constructor and\n  // .constructor.prototype properties for functions that return Generator\n  // objects. For full spec compliance, you may wish to configure your\n  // minifier not to mangle the names of these two functions.\n  function Generator() {}\n  function GeneratorFunction() {}\n  function GeneratorFunctionPrototype() {}\n\n  // This is a polyfill for %IteratorPrototype% for environments that\n  // don't natively support it.\n  var IteratorPrototype = {};\n  IteratorPrototype[iteratorSymbol] = function () {\n    return this;\n  };\n\n  var getProto = Object.getPrototypeOf;\n  var NativeIteratorPrototype = getProto && getProto(getProto(values([])));\n  if (NativeIteratorPrototype &&\n      NativeIteratorPrototype !== Op &&\n      hasOwn.call(NativeIteratorPrototype, iteratorSymbol)) {\n    // This environment has a native %IteratorPrototype%; use it instead\n    // of the polyfill.\n    IteratorPrototype = NativeIteratorPrototype;\n  }\n\n  var Gp = GeneratorFunctionPrototype.prototype =\n    Generator.prototype = Object.create(IteratorPrototype);\n  GeneratorFunction.prototype = Gp.constructor = GeneratorFunctionPrototype;\n  GeneratorFunctionPrototype.constructor = GeneratorFunction;\n  GeneratorFunctionPrototype[toStringTagSymbol] =\n    GeneratorFunction.displayName = \"GeneratorFunction\";\n\n  // Helper for defining the .next, .throw, and .return methods of the\n  // Iterator interface in terms of a single ._invoke method.\n  function defineIteratorMethods(prototype) {\n    [\"next\", \"throw\", \"return\"].forEach(function(method) {\n      prototype[method] = function(arg) {\n        return this._invoke(method, arg);\n      };\n    });\n  }\n\n  exports.isGeneratorFunction = function(genFun) {\n    var ctor = typeof genFun === \"function\" && genFun.constructor;\n    return ctor\n      ? ctor === GeneratorFunction ||\n        // For the native GeneratorFunction constructor, the best we can\n        // do is to check its .name property.\n        (ctor.displayName || ctor.name) === \"GeneratorFunction\"\n      : false;\n  };\n\n  exports.mark = function(genFun) {\n    if (Object.setPrototypeOf) {\n      Object.setPrototypeOf(genFun, GeneratorFunctionPrototype);\n    } else {\n      genFun.__proto__ = GeneratorFunctionPrototype;\n      if (!(toStringTagSymbol in genFun)) {\n        genFun[toStringTagSymbol] = \"GeneratorFunction\";\n      }\n    }\n    genFun.prototype = Object.create(Gp);\n    return genFun;\n  };\n\n  // Within the body of any async function, `await x` is transformed to\n  // `yield regeneratorRuntime.awrap(x)`, so that the runtime can test\n  // `hasOwn.call(value, \"__await\")` to determine if the yielded value is\n  // meant to be awaited.\n  exports.awrap = function(arg) {\n    return { __await: arg };\n  };\n\n  function AsyncIterator(generator) {\n    function invoke(method, arg, resolve, reject) {\n      var record = tryCatch(generator[method], generator, arg);\n      if (record.type === \"throw\") {\n        reject(record.arg);\n      } else {\n        var result = record.arg;\n        var value = result.value;\n        if (value &&\n            typeof value === \"object\" &&\n            hasOwn.call(value, \"__await\")) {\n          return Promise.resolve(value.__await).then(function(value) {\n            invoke(\"next\", value, resolve, reject);\n          }, function(err) {\n            invoke(\"throw\", err, resolve, reject);\n          });\n        }\n\n        return Promise.resolve(value).then(function(unwrapped) {\n          // When a yielded Promise is resolved, its final value becomes\n          // the .value of the Promise<{value,done}> result for the\n          // current iteration.\n          result.value = unwrapped;\n          resolve(result);\n        }, function(error) {\n          // If a rejected Promise was yielded, throw the rejection back\n          // into the async generator function so it can be handled there.\n          return invoke(\"throw\", error, resolve, reject);\n        });\n      }\n    }\n\n    var previousPromise;\n\n    function enqueue(method, arg) {\n      function callInvokeWithMethodAndArg() {\n        return new Promise(function(resolve, reject) {\n          invoke(method, arg, resolve, reject);\n        });\n      }\n\n      return previousPromise =\n        // If enqueue has been called before, then we want to wait until\n        // all previous Promises have been resolved before calling invoke,\n        // so that results are always delivered in the correct order. If\n        // enqueue has not been called before, then it is important to\n        // call invoke immediately, without waiting on a callback to fire,\n        // so that the async generator function has the opportunity to do\n        // any necessary setup in a predictable way. This predictability\n        // is why the Promise constructor synchronously invokes its\n        // executor callback, and why async functions synchronously\n        // execute code before the first await. Since we implement simple\n        // async functions in terms of async generators, it is especially\n        // important to get this right, even though it requires care.\n        previousPromise ? previousPromise.then(\n          callInvokeWithMethodAndArg,\n          // Avoid propagating failures to Promises returned by later\n          // invocations of the iterator.\n          callInvokeWithMethodAndArg\n        ) : callInvokeWithMethodAndArg();\n    }\n\n    // Define the unified helper method that is used to implement .next,\n    // .throw, and .return (see defineIteratorMethods).\n    this._invoke = enqueue;\n  }\n\n  defineIteratorMethods(AsyncIterator.prototype);\n  AsyncIterator.prototype[asyncIteratorSymbol] = function () {\n    return this;\n  };\n  exports.AsyncIterator = AsyncIterator;\n\n  // Note that simple async functions are implemented on top of\n  // AsyncIterator objects; they just return a Promise for the value of\n  // the final result produced by the iterator.\n  exports.async = function(innerFn, outerFn, self, tryLocsList) {\n    var iter = new AsyncIterator(\n      wrap(innerFn, outerFn, self, tryLocsList)\n    );\n\n    return exports.isGeneratorFunction(outerFn)\n      ? iter // If outerFn is a generator, return the full iterator.\n      : iter.next().then(function(result) {\n          return result.done ? result.value : iter.next();\n        });\n  };\n\n  function makeInvokeMethod(innerFn, self, context) {\n    var state = GenStateSuspendedStart;\n\n    return function invoke(method, arg) {\n      if (state === GenStateExecuting) {\n        throw new Error(\"Generator is already running\");\n      }\n\n      if (state === GenStateCompleted) {\n        if (method === \"throw\") {\n          throw arg;\n        }\n\n        // Be forgiving, per 25.3.3.3.3 of the spec:\n        // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume\n        return doneResult();\n      }\n\n      context.method = method;\n      context.arg = arg;\n\n      while (true) {\n        var delegate = context.delegate;\n        if (delegate) {\n          var delegateResult = maybeInvokeDelegate(delegate, context);\n          if (delegateResult) {\n            if (delegateResult === ContinueSentinel) continue;\n            return delegateResult;\n          }\n        }\n\n        if (context.method === \"next\") {\n          // Setting context._sent for legacy support of Babel's\n          // function.sent implementation.\n          context.sent = context._sent = context.arg;\n\n        } else if (context.method === \"throw\") {\n          if (state === GenStateSuspendedStart) {\n            state = GenStateCompleted;\n            throw context.arg;\n          }\n\n          context.dispatchException(context.arg);\n\n        } else if (context.method === \"return\") {\n          context.abrupt(\"return\", context.arg);\n        }\n\n        state = GenStateExecuting;\n\n        var record = tryCatch(innerFn, self, context);\n        if (record.type === \"normal\") {\n          // If an exception is thrown from innerFn, we leave state ===\n          // GenStateExecuting and loop back for another invocation.\n          state = context.done\n            ? GenStateCompleted\n            : GenStateSuspendedYield;\n\n          if (record.arg === ContinueSentinel) {\n            continue;\n          }\n\n          return {\n            value: record.arg,\n            done: context.done\n          };\n\n        } else if (record.type === \"throw\") {\n          state = GenStateCompleted;\n          // Dispatch the exception by looping back around to the\n          // context.dispatchException(context.arg) call above.\n          context.method = \"throw\";\n          context.arg = record.arg;\n        }\n      }\n    };\n  }\n\n  // Call delegate.iterator[context.method](context.arg) and handle the\n  // result, either by returning a { value, done } result from the\n  // delegate iterator, or by modifying context.method and context.arg,\n  // setting context.delegate to null, and returning the ContinueSentinel.\n  function maybeInvokeDelegate(delegate, context) {\n    var method = delegate.iterator[context.method];\n    if (method === undefined) {\n      // A .throw or .return when the delegate iterator has no .throw\n      // method always terminates the yield* loop.\n      context.delegate = null;\n\n      if (context.method === \"throw\") {\n        // Note: [\"return\"] must be used for ES3 parsing compatibility.\n        if (delegate.iterator[\"return\"]) {\n          // If the delegate iterator has a return method, give it a\n          // chance to clean up.\n          context.method = \"return\";\n          context.arg = undefined;\n          maybeInvokeDelegate(delegate, context);\n\n          if (context.method === \"throw\") {\n            // If maybeInvokeDelegate(context) changed context.method from\n            // \"return\" to \"throw\", let that override the TypeError below.\n            return ContinueSentinel;\n          }\n        }\n\n        context.method = \"throw\";\n        context.arg = new TypeError(\n          \"The iterator does not provide a 'throw' method\");\n      }\n\n      return ContinueSentinel;\n    }\n\n    var record = tryCatch(method, delegate.iterator, context.arg);\n\n    if (record.type === \"throw\") {\n      context.method = \"throw\";\n      context.arg = record.arg;\n      context.delegate = null;\n      return ContinueSentinel;\n    }\n\n    var info = record.arg;\n\n    if (! info) {\n      context.method = \"throw\";\n      context.arg = new TypeError(\"iterator result is not an object\");\n      context.delegate = null;\n      return ContinueSentinel;\n    }\n\n    if (info.done) {\n      // Assign the result of the finished delegate to the temporary\n      // variable specified by delegate.resultName (see delegateYield).\n      context[delegate.resultName] = info.value;\n\n      // Resume execution at the desired location (see delegateYield).\n      context.next = delegate.nextLoc;\n\n      // If context.method was \"throw\" but the delegate handled the\n      // exception, let the outer generator proceed normally. If\n      // context.method was \"next\", forget context.arg since it has been\n      // \"consumed\" by the delegate iterator. If context.method was\n      // \"return\", allow the original .return call to continue in the\n      // outer generator.\n      if (context.method !== \"return\") {\n        context.method = \"next\";\n        context.arg = undefined;\n      }\n\n    } else {\n      // Re-yield the result returned by the delegate method.\n      return info;\n    }\n\n    // The delegate iterator is finished, so forget it and continue with\n    // the outer generator.\n    context.delegate = null;\n    return ContinueSentinel;\n  }\n\n  // Define Generator.prototype.{next,throw,return} in terms of the\n  // unified ._invoke helper method.\n  defineIteratorMethods(Gp);\n\n  Gp[toStringTagSymbol] = \"Generator\";\n\n  // A Generator should always return itself as the iterator object when the\n  // @@iterator function is called on it. Some browsers' implementations of the\n  // iterator prototype chain incorrectly implement this, causing the Generator\n  // object to not be returned from this call. This ensures that doesn't happen.\n  // See https://github.com/facebook/regenerator/issues/274 for more details.\n  Gp[iteratorSymbol] = function() {\n    return this;\n  };\n\n  Gp.toString = function() {\n    return \"[object Generator]\";\n  };\n\n  function pushTryEntry(locs) {\n    var entry = { tryLoc: locs[0] };\n\n    if (1 in locs) {\n      entry.catchLoc = locs[1];\n    }\n\n    if (2 in locs) {\n      entry.finallyLoc = locs[2];\n      entry.afterLoc = locs[3];\n    }\n\n    this.tryEntries.push(entry);\n  }\n\n  function resetTryEntry(entry) {\n    var record = entry.completion || {};\n    record.type = \"normal\";\n    delete record.arg;\n    entry.completion = record;\n  }\n\n  function Context(tryLocsList) {\n    // The root entry object (effectively a try statement without a catch\n    // or a finally block) gives us a place to store values thrown from\n    // locations where there is no enclosing try statement.\n    this.tryEntries = [{ tryLoc: \"root\" }];\n    tryLocsList.forEach(pushTryEntry, this);\n    this.reset(true);\n  }\n\n  exports.keys = function(object) {\n    var keys = [];\n    for (var key in object) {\n      keys.push(key);\n    }\n    keys.reverse();\n\n    // Rather than returning an object with a next method, we keep\n    // things simple and return the next function itself.\n    return function next() {\n      while (keys.length) {\n        var key = keys.pop();\n        if (key in object) {\n          next.value = key;\n          next.done = false;\n          return next;\n        }\n      }\n\n      // To avoid creating an additional object, we just hang the .value\n      // and .done properties off the next function object itself. This\n      // also ensures that the minifier will not anonymize the function.\n      next.done = true;\n      return next;\n    };\n  };\n\n  function values(iterable) {\n    if (iterable) {\n      var iteratorMethod = iterable[iteratorSymbol];\n      if (iteratorMethod) {\n        return iteratorMethod.call(iterable);\n      }\n\n      if (typeof iterable.next === \"function\") {\n        return iterable;\n      }\n\n      if (!isNaN(iterable.length)) {\n        var i = -1, next = function next() {\n          while (++i < iterable.length) {\n            if (hasOwn.call(iterable, i)) {\n              next.value = iterable[i];\n              next.done = false;\n              return next;\n            }\n          }\n\n          next.value = undefined;\n          next.done = true;\n\n          return next;\n        };\n\n        return next.next = next;\n      }\n    }\n\n    // Return an iterator with no values.\n    return { next: doneResult };\n  }\n  exports.values = values;\n\n  function doneResult() {\n    return { value: undefined, done: true };\n  }\n\n  Context.prototype = {\n    constructor: Context,\n\n    reset: function(skipTempReset) {\n      this.prev = 0;\n      this.next = 0;\n      // Resetting context._sent for legacy support of Babel's\n      // function.sent implementation.\n      this.sent = this._sent = undefined;\n      this.done = false;\n      this.delegate = null;\n\n      this.method = \"next\";\n      this.arg = undefined;\n\n      this.tryEntries.forEach(resetTryEntry);\n\n      if (!skipTempReset) {\n        for (var name in this) {\n          // Not sure about the optimal order of these conditions:\n          if (name.charAt(0) === \"t\" &&\n              hasOwn.call(this, name) &&\n              !isNaN(+name.slice(1))) {\n            this[name] = undefined;\n          }\n        }\n      }\n    },\n\n    stop: function() {\n      this.done = true;\n\n      var rootEntry = this.tryEntries[0];\n      var rootRecord = rootEntry.completion;\n      if (rootRecord.type === \"throw\") {\n        throw rootRecord.arg;\n      }\n\n      return this.rval;\n    },\n\n    dispatchException: function(exception) {\n      if (this.done) {\n        throw exception;\n      }\n\n      var context = this;\n      function handle(loc, caught) {\n        record.type = \"throw\";\n        record.arg = exception;\n        context.next = loc;\n\n        if (caught) {\n          // If the dispatched exception was caught by a catch block,\n          // then let that catch block handle the exception normally.\n          context.method = \"next\";\n          context.arg = undefined;\n        }\n\n        return !! caught;\n      }\n\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        var record = entry.completion;\n\n        if (entry.tryLoc === \"root\") {\n          // Exception thrown outside of any try block that could handle\n          // it, so set the completion value of the entire function to\n          // throw the exception.\n          return handle(\"end\");\n        }\n\n        if (entry.tryLoc <= this.prev) {\n          var hasCatch = hasOwn.call(entry, \"catchLoc\");\n          var hasFinally = hasOwn.call(entry, \"finallyLoc\");\n\n          if (hasCatch && hasFinally) {\n            if (this.prev < entry.catchLoc) {\n              return handle(entry.catchLoc, true);\n            } else if (this.prev < entry.finallyLoc) {\n              return handle(entry.finallyLoc);\n            }\n\n          } else if (hasCatch) {\n            if (this.prev < entry.catchLoc) {\n              return handle(entry.catchLoc, true);\n            }\n\n          } else if (hasFinally) {\n            if (this.prev < entry.finallyLoc) {\n              return handle(entry.finallyLoc);\n            }\n\n          } else {\n            throw new Error(\"try statement without catch or finally\");\n          }\n        }\n      }\n    },\n\n    abrupt: function(type, arg) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.tryLoc <= this.prev &&\n            hasOwn.call(entry, \"finallyLoc\") &&\n            this.prev < entry.finallyLoc) {\n          var finallyEntry = entry;\n          break;\n        }\n      }\n\n      if (finallyEntry &&\n          (type === \"break\" ||\n           type === \"continue\") &&\n          finallyEntry.tryLoc <= arg &&\n          arg <= finallyEntry.finallyLoc) {\n        // Ignore the finally entry if control is not jumping to a\n        // location outside the try/catch block.\n        finallyEntry = null;\n      }\n\n      var record = finallyEntry ? finallyEntry.completion : {};\n      record.type = type;\n      record.arg = arg;\n\n      if (finallyEntry) {\n        this.method = \"next\";\n        this.next = finallyEntry.finallyLoc;\n        return ContinueSentinel;\n      }\n\n      return this.complete(record);\n    },\n\n    complete: function(record, afterLoc) {\n      if (record.type === \"throw\") {\n        throw record.arg;\n      }\n\n      if (record.type === \"break\" ||\n          record.type === \"continue\") {\n        this.next = record.arg;\n      } else if (record.type === \"return\") {\n        this.rval = this.arg = record.arg;\n        this.method = \"return\";\n        this.next = \"end\";\n      } else if (record.type === \"normal\" && afterLoc) {\n        this.next = afterLoc;\n      }\n\n      return ContinueSentinel;\n    },\n\n    finish: function(finallyLoc) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.finallyLoc === finallyLoc) {\n          this.complete(entry.completion, entry.afterLoc);\n          resetTryEntry(entry);\n          return ContinueSentinel;\n        }\n      }\n    },\n\n    \"catch\": function(tryLoc) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.tryLoc === tryLoc) {\n          var record = entry.completion;\n          if (record.type === \"throw\") {\n            var thrown = record.arg;\n            resetTryEntry(entry);\n          }\n          return thrown;\n        }\n      }\n\n      // The context.catch method must only be called with a location\n      // argument that corresponds to a known catch block.\n      throw new Error(\"illegal catch attempt\");\n    },\n\n    delegateYield: function(iterable, resultName, nextLoc) {\n      this.delegate = {\n        iterator: values(iterable),\n        resultName: resultName,\n        nextLoc: nextLoc\n      };\n\n      if (this.method === \"next\") {\n        // Deliberately forget the last sent value so that we don't\n        // accidentally pass it on to the delegate.\n        this.arg = undefined;\n      }\n\n      return ContinueSentinel;\n    }\n  };\n\n  // Regardless of whether this script is executing as a CommonJS module\n  // or not, return the runtime object so that we can declare the variable\n  // regeneratorRuntime in the outer scope, which allows this module to be\n  // injected easily by `bin/regenerator --include-runtime script.js`.\n  return exports;\n\n}(\n  // If this script is executing as a CommonJS module, use module.exports\n  // as the regeneratorRuntime namespace. Otherwise create a new empty\n  // object. Either way, the resulting object will be used to initialize\n  // the regeneratorRuntime variable at the top of this file.\n   true ? module.exports : {}\n));\n\ntry {\n  regeneratorRuntime = runtime;\n} catch (accidentalStrictMode) {\n  // This module should not be running in strict mode, so the above\n  // assignment should always work unless something is misconfigured. Just\n  // in case runtime.js accidentally runs in strict mode, we can escape\n  // strict mode using a global Function call. This could conceivably fail\n  // if a Content Security Policy forbids using Function, but in that case\n  // the proper solution is to fix the accidental strict mode problem. If\n  // you've misconfigured your bundler to force strict mode and applied a\n  // CSP to forbid Function, and you're not willing to fix either of those\n  // problems, please detail your unique predicament in a GitHub issue.\n  Function(\"r\", \"regeneratorRuntime = r\")(runtime);\n}\n\n\n/***/ }),\n/* 17 */\n/***/ (function(module, exports) {\n\nfunction E () {\n  // Keep this empty so it's easier to inherit from\n  // (via https://github.com/lipsmack from https://github.com/scottcorgan/tiny-emitter/issues/3)\n}\n\nE.prototype = {\n  on: function (name, callback, ctx) {\n    var e = this.e || (this.e = {});\n\n    (e[name] || (e[name] = [])).push({\n      fn: callback,\n      ctx: ctx\n    });\n\n    return this;\n  },\n\n  once: function (name, callback, ctx) {\n    var self = this;\n    function listener () {\n      self.off(name, listener);\n      callback.apply(ctx, arguments);\n    };\n\n    listener._ = callback\n    return this.on(name, listener, ctx);\n  },\n\n  emit: function (name) {\n    var data = [].slice.call(arguments, 1);\n    var evtArr = ((this.e || (this.e = {}))[name] || []).slice();\n    var i = 0;\n    var len = evtArr.length;\n\n    for (i; i < len; i++) {\n      evtArr[i].fn.apply(evtArr[i].ctx, data);\n    }\n\n    return this;\n  },\n\n  off: function (name, callback) {\n    var e = this.e || (this.e = {});\n    var evts = e[name];\n    var liveEvents = [];\n\n    if (evts && callback) {\n      for (var i = 0, len = evts.length; i < len; i++) {\n        if (evts[i].fn !== callback && evts[i].fn._ !== callback)\n          liveEvents.push(evts[i]);\n      }\n    }\n\n    // Remove event from queue to prevent memory leak\n    // Suggested by https://github.com/lazd\n    // Ref: https://github.com/scottcorgan/tiny-emitter/commit/c6ebfaa9bc973b33d110a84a307742b7cf94c953#commitcomment-5024910\n\n    (liveEvents.length)\n      ? e[name] = liveEvents\n      : delete e[name];\n\n    return this;\n  }\n};\n\nmodule.exports = E;\n\n\n/***/ }),\n/* 18 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\nvar AuthSdkError = __webpack_require__(1);\n\nvar tx = __webpack_require__(9);\n\nvar util = __webpack_require__(0); // TODO: use @okta/configuration-validation (move module to this monorepo?)\n// eslint-disable-next-line complexity\n\n\nfunction assertValidConfig(args) {\n  if (!args) {\n    throw new AuthSdkError('No arguments passed to constructor. ' + 'Required usage: new OktaAuth(args)');\n  }\n\n  var issuer = args.issuer;\n\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n\n  if (!isUrlRegex.test(args.issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' + 'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n\n  var userAgent = args.userAgent;\n  var userAgentTemplateWithNoPlaceholder = userAgent && userAgent.template && userAgent.template.indexOf('$OKTA_AUTH_JS') === -1;\n\n  if (userAgentTemplateWithNoPlaceholder) {\n    throw new AuthSdkError('UserAgentTemplate must include \"$OKTA_AUTH_JS\" placeholder. ' + 'Required usage: new OktaAuth({userAgentTemplate: \"xxx $OKTA_AUTH_JS xxx\"})');\n  }\n}\n\nfunction addSharedPrototypes(proto) {\n  proto.getIssuerOrigin = function () {\n    // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n    return this.options.issuer.split('/oauth2/')[0];\n  }; // { username, (relayState) }\n\n\n  proto.forgotPassword = function (opts) {\n    return tx.postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n  }; // { username, (relayState) }\n\n\n  proto.unlockAccount = function (opts) {\n    return tx.postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n  }; // { recoveryToken }\n\n\n  proto.verifyRecoveryToken = function (opts) {\n    return tx.postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n  };\n}\n\nfunction buildOktaAuth(OktaAuthBuilder) {\n  return function (storageUtil, httpRequestClient) {\n    function OktaAuth(args) {\n      if (!(this instanceof OktaAuth)) {\n        return new OktaAuth(args);\n      }\n\n      if (args) {\n        args.storageUtil = storageUtil;\n\n        if (args.ajaxRequest) {\n          util.deprecate('ajaxRequest is being deprecated, use httpRequestClient attribute instead.');\n          args.httpRequestClient = args.ajaxRequest;\n        } else if (!args.httpRequestClient) {\n          args.httpRequestClient = httpRequestClient;\n        }\n      }\n\n      util.bind(OktaAuthBuilder, this)(args);\n    }\n\n    OktaAuth.prototype = OktaAuthBuilder.prototype;\n    OktaAuth.prototype.constructor = OktaAuth; // Hoist feature detection functions to static type\n\n    OktaAuth.features = OktaAuthBuilder.prototype.features;\n    return OktaAuth;\n  };\n}\n\nfunction getUserAgent(args, sdkVersion) {\n  var userAgent = args.userAgent;\n\n  if (!userAgent) {\n    return '';\n  }\n\n  if (userAgent.value) {\n    return userAgent.value;\n  }\n\n  if (userAgent.template) {\n    return userAgent.template.replace('$OKTA_AUTH_JS', \"okta-auth-js/\".concat(sdkVersion));\n  }\n\n  return '';\n}\n\nmodule.exports = {\n  addSharedPrototypes: addSharedPrototypes,\n  buildOktaAuth: buildOktaAuth,\n  assertValidConfig: assertValidConfig,\n  getUserAgent: getUserAgent\n};\n\n/***/ }),\n/* 19 */\n/***/ (function(module, exports) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\nfunction AuthApiError(err, xhr) {\n  this.name = 'AuthApiError';\n  this.message = err.errorSummary;\n  this.errorSummary = err.errorSummary;\n  this.errorCode = err.errorCode;\n  this.errorLink = err.errorLink;\n  this.errorId = err.errorId;\n  this.errorCauses = err.errorCauses;\n\n  if (xhr) {\n    this.xhr = xhr;\n  }\n}\n\nAuthApiError.prototype = new Error();\nmodule.exports = AuthApiError;\n\n/***/ }),\n/* 20 */\n/***/ (function(module, exports) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\nfunction AuthPollStopError() {\n  this.name = 'AuthPollStopError';\n  this.message = 'The poll was stopped by the sdk';\n}\n\nAuthPollStopError.prototype = new Error();\nmodule.exports = AuthPollStopError;\n\n/***/ }),\n/* 21 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global window */\nvar util = __webpack_require__(0);\n\nvar http = __webpack_require__(3);\n\nfunction sessionExists(sdk) {\n  return sdk.session.get().then(function (res) {\n    if (res.status === 'ACTIVE') {\n      return true;\n    }\n\n    return false;\n  }).catch(function () {\n    return false;\n  });\n}\n\nfunction getSession(sdk) {\n  return http.get(sdk, '/api/v1/sessions/me').then(function (session) {\n    var res = util.omit(session, '_links');\n\n    res.refresh = function () {\n      return http.post(sdk, util.getLink(session, 'refresh').href);\n    };\n\n    res.user = function () {\n      return http.get(sdk, util.getLink(session, 'user').href);\n    };\n\n    return res;\n  }).catch(function () {\n    // Return INACTIVE status on failure\n    return {\n      status: 'INACTIVE'\n    };\n  });\n}\n\nfunction closeSession(sdk) {\n  return http.httpRequest(sdk, {\n    url: sdk.getIssuerOrigin() + '/api/v1/sessions/me',\n    method: 'DELETE'\n  });\n}\n\nfunction refreshSession(sdk) {\n  return http.post(sdk, '/api/v1/sessions/me/lifecycle/refresh');\n}\n\nfunction setCookieAndRedirect(sdk, sessionToken, redirectUrl) {\n  redirectUrl = redirectUrl || window.location.href;\n  window.location = sdk.getIssuerOrigin() + '/login/sessionCookieRedirect' + util.toQueryParams({\n    checkAccountSetupComplete: true,\n    token: sessionToken,\n    redirectUrl: redirectUrl\n  });\n}\n\nmodule.exports = {\n  sessionExists: sessionExists,\n  getSession: getSession,\n  closeSession: closeSession,\n  refreshSession: refreshSession,\n  setCookieAndRedirect: setCookieAndRedirect\n};\n\n/***/ }),\n/* 22 */\n/***/ (function(module, exports, __webpack_require__) {\n\nvar _regeneratorRuntime = __webpack_require__(7);\n\nvar _asyncToGenerator = __webpack_require__(8);\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global window, document, btoa */\n\n/* eslint-disable complexity, max-statements */\nvar http = __webpack_require__(3);\n\nvar util = __webpack_require__(0);\n\nvar oauthUtil = __webpack_require__(10);\n\nvar sdkCrypto = __webpack_require__(23);\n\nvar AuthSdkError = __webpack_require__(1);\n\nvar OAuthError = __webpack_require__(24);\n\nvar constants = __webpack_require__(2);\n\nvar cookies = __webpack_require__(4).storage;\n\nvar PKCE = __webpack_require__(25); // Only the access token can be revoked in SPA applications\n\n\nfunction revokeToken(sdk, token) {\n  return Promise.resolve().then(function () {\n    if (!token || !token.accessToken) {\n      throw new AuthSdkError('A valid access token object is required');\n    }\n\n    var clientId = sdk.options.clientId;\n\n    if (!clientId) {\n      throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n    }\n\n    var revokeUrl = oauthUtil.getOAuthUrls(sdk).revokeUrl;\n    var accessToken = token.accessToken;\n    var args = util.toQueryParams({\n      // eslint-disable-next-line camelcase\n      token_type_hint: 'access_token',\n      token: accessToken\n    }).slice(1);\n    var creds = btoa(clientId);\n    return http.post(sdk, revokeUrl, args, {\n      headers: {\n        'Content-Type': 'application/x-www-form-urlencoded',\n        'Authorization': 'Basic ' + creds\n      }\n    });\n  });\n}\n\nfunction decodeToken(token) {\n  var jwt = token.split('.');\n  var decodedToken;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(util.base64UrlToString(jwt[0])),\n      payload: JSON.parse(util.base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch (e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n} // Verify the id token\n\n\nfunction verifyToken(sdk, token, validationParams) {\n  return Promise.resolve().then(function () {\n    if (!token || !token.idToken) {\n      throw new AuthSdkError('Only idTokens may be verified');\n    }\n\n    var jwt = decodeToken(token.idToken);\n    var validationOptions = {\n      clientId: sdk.options.clientId,\n      issuer: sdk.options.issuer,\n      ignoreSignature: sdk.options.ignoreSignature\n    };\n    util.extend(validationOptions, validationParams); // Standard claim validation\n\n    oauthUtil.validateClaims(sdk, jwt.payload, validationOptions); // If the browser doesn't support native crypto or we choose not\n    // to verify the signature, bail early\n\n    if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n      return token;\n    }\n\n    return oauthUtil.getKey(sdk, token.issuer, jwt.header.kid).then(function (key) {\n      return sdkCrypto.verifyToken(token.idToken, key);\n    }).then(function (valid) {\n      if (!valid) {\n        throw new AuthSdkError('The token signature is not valid');\n      }\n\n      if (validationParams.accessToken && token.claims.at_hash) {\n        return sdkCrypto.getOidcHash(validationParams.accessToken).then(function (hash) {\n          if (hash !== token.claims.at_hash) {\n            throw new AuthSdkError('Token hash verification failed');\n          }\n        });\n      }\n    }).then(function () {\n      return token;\n    });\n  });\n}\n\nfunction addPostMessageListener(sdk, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function (resolve, reject) {\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      } // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n\n\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n\n      resolve(e.data);\n    };\n\n    oauthUtil.addListener(window, 'message', responseHandler);\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n  return msgReceivedOrTimeout.finally(function () {\n    clearTimeout(timeoutId);\n    oauthUtil.removeListener(window, 'message', responseHandler);\n  });\n}\n\nfunction addFragmentListener(sdk, windowEl, timeout) {\n  var timeoutId;\n  var promise = new Promise(function (resolve, reject) {\n    function hashChangeHandler() {\n      /*\n        We are only able to access window.location.hash on a window\n        that has the same domain. A try/catch is necessary because\n        there's no other way to determine that the popup is in\n        another domain. When we try to access a window on another\n        domain, an error is thrown.\n      */\n      try {\n        if (windowEl && windowEl.location && windowEl.location.hash) {\n          resolve(oauthUtil.hashToObject(windowEl.location.hash));\n        } else if (windowEl && !windowEl.closed) {\n          setTimeout(hashChangeHandler, 500);\n        }\n      } catch (err) {\n        setTimeout(hashChangeHandler, 500);\n      }\n    }\n\n    hashChangeHandler();\n    timeoutId = setTimeout(function () {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n  return promise.finally(function () {\n    clearTimeout(timeoutId);\n  });\n}\n\nfunction exchangeCodeForToken(sdk, oauthParams, authorizationCode, urls) {\n  // PKCE authorization_code flow\n  // Retrieve saved values and build oauthParams for call to /token\n  var meta = PKCE.loadMeta(sdk);\n  var getTokenParams = {\n    clientId: oauthParams.clientId,\n    authorizationCode: authorizationCode,\n    codeVerifier: meta.codeVerifier,\n    redirectUri: meta.redirectUri\n  };\n  return PKCE.getToken(sdk, getTokenParams, urls).then(function (res) {\n    validateResponse(res, getTokenParams);\n    return res;\n  }).finally(function () {\n    PKCE.clearMeta(sdk);\n  });\n}\n\nfunction validateResponse(res, oauthParams) {\n  if (res['error'] || res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nfunction handleOAuthResponse(sdk, oauthParams, res, urls) {\n  urls = urls || {};\n  var responseType = oauthParams.responseType;\n\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes = util.clone(oauthParams.scopes);\n  var clientId = oauthParams.clientId || sdk.options.clientId;\n  var pkce = sdk.options.pkce !== false;\n  return Promise.resolve().then(function () {\n    validateResponse(res, oauthParams); // PKCE flow\n    // We do not support \"hybrid\" scenarios where the response includes both a code and a token.\n    // If the response contains a code it is used immediately to obtain new tokens.\n\n    if (res.code && pkce) {\n      responseType = ['token', 'id_token']; // what we expect the code to provide us\n\n      return exchangeCodeForToken(sdk, oauthParams, res.code, urls);\n    }\n\n    return res;\n  }).then(function (res) {\n    var tokenDict = {};\n    var expiresIn = res.expires_in;\n    var tokenType = res.token_type;\n    var accessToken = res.access_token;\n    var idToken = res.id_token;\n\n    if (accessToken) {\n      tokenDict.accessToken = {\n        value: accessToken,\n        accessToken: accessToken,\n        expiresAt: Number(expiresIn) + Math.floor(Date.now() / 1000),\n        tokenType: tokenType,\n        scopes: scopes,\n        authorizeUrl: urls.authorizeUrl,\n        userinfoUrl: urls.userinfoUrl\n      };\n    }\n\n    if (idToken) {\n      var jwt = sdk.token.decode(idToken);\n      var idTokenObj = {\n        value: idToken,\n        idToken: idToken,\n        claims: jwt.payload,\n        expiresAt: jwt.payload.exp,\n        scopes: scopes,\n        authorizeUrl: urls.authorizeUrl,\n        issuer: urls.issuer,\n        clientId: clientId\n      };\n      var validationParams = {\n        clientId: clientId,\n        issuer: urls.issuer,\n        nonce: oauthParams.nonce,\n        accessToken: accessToken\n      };\n\n      if (oauthParams.ignoreSignature !== undefined) {\n        validationParams.ignoreSignature = oauthParams.ignoreSignature;\n      }\n\n      return verifyToken(sdk, idTokenObj, validationParams).then(function () {\n        tokenDict.idToken = idTokenObj;\n        return tokenDict;\n      });\n    }\n\n    return tokenDict;\n  }).then(function (tokenDict) {\n    // Validate received tokens against requested response types \n    if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n    }\n\n    if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n    }\n\n    return {\n      tokens: tokenDict,\n      state: res.state,\n      code: res.code\n    };\n  });\n}\n\nfunction getDefaultOAuthParams(sdk) {\n  return {\n    pkce: sdk.options.pkce,\n    clientId: sdk.options.clientId,\n    redirectUri: sdk.options.redirectUri || window.location.href,\n    responseType: ['token', 'id_token'],\n    responseMode: sdk.options.responseMode,\n    state: oauthUtil.generateState(),\n    nonce: oauthUtil.generateNonce(),\n    scopes: ['openid', 'email'],\n    ignoreSignature: sdk.options.ignoreSignature\n  };\n}\n\nfunction convertOAuthParamsToQueryParams(oauthParams) {\n  // Quick validation\n  if (!oauthParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (util.isString(oauthParams.responseType) && oauthParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  } // Convert our params to their actual OAuth equivalents\n\n\n  var oauthQueryParams = util.removeNils({\n    'client_id': oauthParams.clientId,\n    'code_challenge': oauthParams.codeChallenge,\n    'code_challenge_method': oauthParams.codeChallengeMethod,\n    'display': oauthParams.display,\n    'idp': oauthParams.idp,\n    'idp_scope': oauthParams.idpScope,\n    'login_hint': oauthParams.loginHint,\n    'max_age': oauthParams.maxAge,\n    'nonce': oauthParams.nonce,\n    'prompt': oauthParams.prompt,\n    'redirect_uri': oauthParams.redirectUri,\n    'response_mode': oauthParams.responseMode,\n    'response_type': oauthParams.responseType,\n    'sessionToken': oauthParams.sessionToken,\n    'state': oauthParams.state\n  });\n  ['idp_scope', 'response_type'].forEach(function (mayBeArray) {\n    if (Array.isArray(oauthQueryParams[mayBeArray])) {\n      oauthQueryParams[mayBeArray] = oauthQueryParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (oauthParams.responseType.indexOf('id_token') !== -1 && oauthParams.scopes.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthQueryParams.scope = oauthParams.scopes.join(' ');\n  }\n\n  return oauthQueryParams;\n}\n\nfunction buildAuthorizeParams(oauthParams) {\n  var oauthQueryParams = convertOAuthParamsToQueryParams(oauthParams);\n  return util.toQueryParams(oauthQueryParams);\n}\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\n\n\nfunction getToken(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n\n  options = options || {};\n  return prepareOauthParams(sdk, options).then(function (oauthParams) {\n    // Start overriding any options that don't make sense\n    var sessionTokenOverrides = {\n      prompt: 'none',\n      responseMode: 'okta_post_message',\n      display: null\n    };\n    var idpOverrides = {\n      display: 'popup'\n    };\n\n    if (options.sessionToken) {\n      util.extend(oauthParams, sessionTokenOverrides);\n    } else if (options.idp) {\n      util.extend(oauthParams, idpOverrides);\n    } // Use the query params to build the authorize url\n\n\n    var requestUrl, endpoint, urls; // Get authorizeUrl and issuer\n\n    urls = oauthUtil.getOAuthUrls(sdk, oauthParams);\n    endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n    requestUrl = endpoint + buildAuthorizeParams(oauthParams); // Determine the flow type\n\n    var flowType;\n\n    if (oauthParams.sessionToken || oauthParams.display === null) {\n      flowType = 'IFRAME';\n    } else if (oauthParams.display === 'popup') {\n      flowType = 'POPUP';\n    } else {\n      flowType = 'IMPLICIT';\n    }\n\n    function getOrigin(url) {\n      /* eslint-disable-next-line no-useless-escape */\n      var originRegex = /^(https?\\:\\/\\/)?([^:\\/?#]*(?:\\:[0-9]+)?)/;\n      return originRegex.exec(url)[0];\n    } // Execute the flow type\n\n\n    switch (flowType) {\n      case 'IFRAME':\n        var iframePromise = addPostMessageListener(sdk, options.timeout, oauthParams.state);\n        var iframeEl = oauthUtil.loadFrame(requestUrl);\n        return iframePromise.then(function (res) {\n          return handleOAuthResponse(sdk, oauthParams, res, urls);\n        }).finally(function () {\n          if (document.body.contains(iframeEl)) {\n            iframeEl.parentElement.removeChild(iframeEl);\n          }\n        });\n\n      case 'POPUP':\n        var oauthPromise; // resolves with OAuth response\n        // Add listener on postMessage before window creation, so\n        // postMessage isn't triggered before we're listening\n\n        if (oauthParams.responseMode === 'okta_post_message') {\n          if (!sdk.features.isPopupPostMessageSupported()) {\n            throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n          }\n\n          oauthPromise = addPostMessageListener(sdk, options.timeout, oauthParams.state);\n        } // Create the window\n\n\n        var windowOptions = {\n          popupTitle: options.popupTitle\n        };\n        var windowEl = oauthUtil.loadPopup(requestUrl, windowOptions); // Poll until we get a valid hash fragment\n\n        if (oauthParams.responseMode === 'fragment') {\n          var windowOrigin = getOrigin(sdk.idToken.authorize._getLocationHref());\n          var redirectUriOrigin = getOrigin(oauthParams.redirectUri);\n\n          if (windowOrigin !== redirectUriOrigin) {\n            throw new AuthSdkError('Using fragment, the redirectUri origin (' + redirectUriOrigin + ') must match the origin of this page (' + windowOrigin + ')');\n          }\n\n          oauthPromise = addFragmentListener(sdk, windowEl, options.timeout);\n        } // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n\n\n        var popupPromise = new Promise(function (resolve, reject) {\n          var closePoller = setInterval(function () {\n            if (!windowEl || windowEl.closed) {\n              clearInterval(closePoller);\n              reject(new AuthSdkError('Unable to parse OAuth flow response'));\n            }\n          }, 100); // Proxy the OAuth promise results\n\n          oauthPromise.then(function (res) {\n            clearInterval(closePoller);\n            resolve(res);\n          }).catch(function (err) {\n            clearInterval(closePoller);\n            reject(err);\n          });\n        });\n        return popupPromise.then(function (res) {\n          return handleOAuthResponse(sdk, oauthParams, res, urls);\n        }).finally(function () {\n          if (windowEl && !windowEl.closed) {\n            windowEl.close();\n          }\n        });\n\n      default:\n        throw new AuthSdkError('The full page redirect flow is not supported');\n    }\n  });\n}\n\nfunction getWithoutPrompt(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n\n  options = util.clone(options) || {};\n  util.extend(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\nfunction getWithPopup(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n\n  options = util.clone(options) || {};\n  util.extend(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message'\n  });\n  return getToken(sdk, options);\n}\n\nfunction prepareOauthParams(sdk, options) {\n  // clone and prepare options\n  options = util.clone(options) || {}; // build params using defaults + options\n\n  var oauthParams = getDefaultOAuthParams(sdk);\n  util.extend(oauthParams, options);\n\n  if (oauthParams.pkce === false) {\n    return Promise.resolve(oauthParams);\n  } // PKCE flow\n\n\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n\n    return Promise.reject(new AuthSdkError(errorMessage));\n  } // set default code challenge method, if none provided\n\n\n  if (!oauthParams.codeChallengeMethod) {\n    oauthParams.codeChallengeMethod = PKCE.DEFAULT_CODE_CHALLENGE_METHOD;\n  } // responseType is forced\n\n\n  oauthParams.responseType = 'code';\n  return oauthUtil.getWellKnown(sdk, null).then(function (res) {\n    var methods = res['code_challenge_methods_supported'] || [];\n\n    if (methods.indexOf(oauthParams.codeChallengeMethod) === -1) {\n      throw new AuthSdkError('Invalid code_challenge_method');\n    }\n  }).then(function () {\n    // PKCE authorization_code flow\n    var codeVerifier = PKCE.generateVerifier(oauthParams.codeVerifier); // We will need these values after redirect when we call /token\n\n    var meta = {\n      codeVerifier: codeVerifier,\n      redirectUri: oauthParams.redirectUri\n    };\n    PKCE.saveMeta(sdk, meta);\n    return PKCE.computeChallenge(codeVerifier);\n  }).then(function (codeChallenge) {\n    // Clone/copy the params. Set codeChallenge\n    var clonedParams = util.clone(oauthParams) || {};\n    util.extend(clonedParams, oauthParams, {\n      codeChallenge: codeChallenge\n    });\n    return clonedParams;\n  });\n}\n\nfunction getWithRedirect(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n\n  options = util.clone(options) || {};\n  return prepareOauthParams(sdk, options).then(function (oauthParams) {\n    var urls = oauthUtil.getOAuthUrls(sdk, options);\n    var requestUrl = urls.authorizeUrl + buildAuthorizeParams(oauthParams); // Set session cookie to store the oauthParams\n\n    cookies.set(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME, JSON.stringify({\n      responseType: oauthParams.responseType,\n      state: oauthParams.state,\n      nonce: oauthParams.nonce,\n      scopes: oauthParams.scopes,\n      clientId: oauthParams.clientId,\n      urls: urls,\n      ignoreSignature: oauthParams.ignoreSignature\n    }), null, sdk.options.cookies); // Set nonce cookie for servers to validate nonce in id_token\n\n    cookies.set(constants.REDIRECT_NONCE_COOKIE_NAME, oauthParams.nonce, null, sdk.options.cookies); // Set state cookie for servers to validate state\n\n    cookies.set(constants.REDIRECT_STATE_COOKIE_NAME, oauthParams.state, null, sdk.options.cookies);\n\n    sdk.token.getWithRedirect._setLocation(requestUrl);\n  });\n}\n\nfunction renewToken(sdk, token) {\n  if (!oauthUtil.isToken(token)) {\n    return Promise.reject(new AuthSdkError('Renew must be passed a token with ' + 'an array of scopes and an accessToken or idToken'));\n  }\n\n  var responseType;\n\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (token.accessToken) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  return sdk.token.getWithoutPrompt({\n    responseType: responseType,\n    scopes: token.scopes,\n    authorizeUrl: token.authorizeUrl,\n    userinfoUrl: token.userinfoUrl,\n    issuer: token.issuer\n  }).then(function (res) {\n    // Multiple tokens may have come back. Return only the token which was requested.\n    var tokens = res.tokens;\n    return token.idToken ? tokens.idToken : tokens.accessToken;\n  });\n}\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nfunction parseFromUrl(sdk, options) {\n  options = options || {};\n\n  if (util.isString(options)) {\n    options = {\n      url: options\n    };\n  } // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n\n\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n  var url = options.url;\n  var responseMode = options.responseMode || sdk.options.responseMode || defaultResponseMode;\n\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    return Promise.reject(new AuthSdkError('Unable to parse a token from the url'));\n  }\n\n  var oauthParamsCookie = cookies.get(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME);\n\n  if (!oauthParamsCookie) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params cookie'));\n  }\n\n  try {\n    var oauthParams = JSON.parse(oauthParamsCookie);\n    var urls = oauthParams.urls;\n    delete oauthParams.urls;\n    cookies.delete(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME);\n  } catch (e) {\n    return Promise.reject(new AuthSdkError('Unable to parse the ' + constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME + ' cookie: ' + e.message));\n  }\n\n  return Promise.resolve(oauthUtil.urlParamsToObject(paramStr)).then(function (res) {\n    if (!url) {\n      // Clean hash or search from the url\n      responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n    }\n\n    return handleOAuthResponse(sdk, oauthParams, res, urls);\n  });\n}\n\nfunction getUserInfo(_x, _x2, _x3) {\n  return _getUserInfo.apply(this, arguments);\n}\n\nfunction _getUserInfo() {\n  _getUserInfo = _asyncToGenerator(\n  /*#__PURE__*/\n  _regeneratorRuntime.mark(function _callee(sdk, accessTokenObject, idTokenObject) {\n    return _regeneratorRuntime.wrap(function _callee$(_context) {\n      while (1) {\n        switch (_context.prev = _context.next) {\n          case 0:\n            if (accessTokenObject) {\n              _context.next = 4;\n              break;\n            }\n\n            _context.next = 3;\n            return sdk.tokenManager.get('accessToken');\n\n          case 3:\n            accessTokenObject = _context.sent;\n\n          case 4:\n            if (idTokenObject) {\n              _context.next = 8;\n              break;\n            }\n\n            _context.next = 7;\n            return sdk.tokenManager.get('idToken');\n\n          case 7:\n            idTokenObject = _context.sent;\n\n          case 8:\n            if (!(!accessTokenObject || !oauthUtil.isToken(accessTokenObject) && !accessTokenObject.accessToken && !accessTokenObject.userinfoUrl)) {\n              _context.next = 10;\n              break;\n            }\n\n            return _context.abrupt(\"return\", Promise.reject(new AuthSdkError('getUserInfo requires an access token object')));\n\n          case 10:\n            if (!(!idTokenObject || !oauthUtil.isToken(idTokenObject) && !idTokenObject.idToken)) {\n              _context.next = 12;\n              break;\n            }\n\n            return _context.abrupt(\"return\", Promise.reject(new AuthSdkError('getUserInfo requires an ID token object')));\n\n          case 12:\n            return _context.abrupt(\"return\", http.httpRequest(sdk, {\n              url: accessTokenObject.userinfoUrl,\n              method: 'GET',\n              accessToken: accessTokenObject.accessToken\n            }).then(function (userInfo) {\n              // Only return the userinfo response if subjects match to mitigate token substitution attacks\n              if (userInfo.sub === idTokenObject.claims.sub) {\n                return userInfo;\n              }\n\n              return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n            }).catch(function (err) {\n              if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n                var authenticateHeader;\n\n                if (err.xhr.headers && util.isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n                  authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n                } else if (util.isFunction(err.xhr.getResponseHeader)) {\n                  authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n                }\n\n                if (authenticateHeader) {\n                  var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n                  var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n                  var error = errorMatches[1];\n                  var errorDescription = errorDescriptionMatches[1];\n\n                  if (error && errorDescription) {\n                    err = new OAuthError(error, errorDescription);\n                  }\n                }\n              }\n\n              throw err;\n            }));\n\n          case 13:\n          case \"end\":\n            return _context.stop();\n        }\n      }\n    }, _callee);\n  }));\n  return _getUserInfo.apply(this, arguments);\n}\n\nmodule.exports = {\n  revokeToken: revokeToken,\n  getToken: getToken,\n  getWithoutPrompt: getWithoutPrompt,\n  getWithPopup: getWithPopup,\n  getWithRedirect: getWithRedirect,\n  parseFromUrl: parseFromUrl,\n  decodeToken: decodeToken,\n  renewToken: renewToken,\n  getUserInfo: getUserInfo,\n  verifyToken: verifyToken,\n  handleOAuthResponse: handleOAuthResponse,\n  prepareOauthParams: prepareOauthParams\n};\n\n/***/ }),\n/* 23 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\n/* global crypto, Uint8Array, TextEncoder */\nvar util = __webpack_require__(0);\n\nfunction getOidcHash(str) {\n  var buffer = new TextEncoder().encode(str);\n  return crypto.subtle.digest('SHA-256', buffer).then(function (arrayBuffer) {\n    var intBuffer = new Uint8Array(arrayBuffer);\n    var firstHalf = intBuffer.slice(0, 16);\n    var hash = String.fromCharCode.apply(null, firstHalf);\n    var b64u = util.stringToBase64Url(hash); // url-safe base64 variant\n\n    return b64u;\n  });\n}\n\nfunction verifyToken(idToken, key) {\n  key = util.clone(key);\n  var format = 'jwk';\n  var algo = {\n    name: 'RSASSA-PKCS1-v1_5',\n    hash: {\n      name: 'SHA-256'\n    }\n  };\n  var extractable = true;\n  var usages = ['verify']; // https://connect.microsoft.com/IE/feedback/details/2242108/webcryptoapi-importing-jwk-with-use-field-fails\n  // This is a metadata tag that specifies the intent of how the key should be used.\n  // It's not necessary to properly verify the jwt's signature.\n\n  delete key.use;\n  return crypto.subtle.importKey(format, key, algo, extractable, usages).then(function (cryptoKey) {\n    var jwt = idToken.split('.');\n    var payload = util.stringToBuffer(jwt[0] + '.' + jwt[1]);\n    var b64Signature = util.base64UrlDecode(jwt[2]);\n    var signature = util.stringToBuffer(b64Signature);\n    return crypto.subtle.verify(algo, cryptoKey, signature, payload);\n  });\n}\n\nmodule.exports = {\n  getOidcHash: getOidcHash,\n  verifyToken: verifyToken\n};\n\n/***/ }),\n/* 24 */\n/***/ (function(module, exports) {\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\nfunction OAuthError(errorCode, summary) {\n  this.name = 'OAuthError';\n  this.message = summary;\n  this.errorCode = errorCode;\n  this.errorSummary = summary;\n}\n\nOAuthError.prototype = new Error();\nmodule.exports = OAuthError;\n\n/***/ }),\n/* 25 */\n/***/ (function(module, exports, __webpack_require__) {\n\n/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global crypto */\n\n/* eslint-disable complexity, max-statements */\nvar AuthSdkError = __webpack_require__(1);\n\nvar http = __webpack_require__(3);\n\nvar util = __webpack_require__(0); // Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\n\n\nvar MIN_VERIFIER_LENGTH = 43;\nvar MAX_VERIFIER_LENGTH = 128;\nvar DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nfunction dec2hex(dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  crypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix) {\n  var verifier = prefix || '';\n\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction getStorage(sdk) {\n  return sdk.options.storageUtil.getPKCEStorage(sdk.options.cookies);\n}\n\nfunction saveMeta(sdk, meta) {\n  var storage = getStorage(sdk);\n  storage.setStorage(meta);\n}\n\nfunction loadMeta(sdk) {\n  var storage = getStorage(sdk);\n  var obj = storage.getStorage();\n  return obj;\n}\n\nfunction clearMeta(sdk) {\n  var storage = getStorage(sdk);\n  storage.clearStorage();\n}\n/* global Uint8Array, TextEncoder */\n\n\nfunction computeChallenge(str) {\n  var buffer = new TextEncoder().encode(str);\n  return crypto.subtle.digest('SHA-256', buffer).then(function (arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));\n    var b64u = util.stringToBase64Url(hash); // url-safe base64 variant\n\n    return b64u;\n  });\n}\n\nfunction validateOptions(oauthOptions) {\n  // Quick validation\n  if (!oauthOptions.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!oauthOptions.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!oauthOptions.authorizationCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!oauthOptions.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(options) {\n  // Convert options to OAuth params\n  var params = util.removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': 'authorization_code',\n    'code': options.authorizationCode,\n    'code_verifier': options.codeVerifier\n  }); // Encode as URL string\n\n  return util.toQueryParams(params).slice(1);\n} // exchange authorization code for an access token\n\n\nfunction getToken(sdk, oauthOptions, urls) {\n  validateOptions(oauthOptions);\n  var data = getPostData(oauthOptions);\n  return http.httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    withCredentials: false,\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded'\n    }\n  });\n}\n\nmodule.exports = {\n  DEFAULT_CODE_CHALLENGE_METHOD: DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier: generateVerifier,\n  clearMeta: clearMeta,\n  saveMeta: saveMeta,\n  loadMeta: loadMeta,\n  computeChallenge: computeChallenge,\n  getToken: getToken\n};\n\n/***/ }),\n/* 26 */\n/***/ (function(module, exports, __webpack_require__) {\n\nvar _typeof = __webpack_require__(5);\n\n/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* global localStorage, sessionStorage */\n\n/* eslint complexity:[0,8] max-statements:[0,21] */\nvar util = __webpack_require__(0);\n\nvar AuthSdkError = __webpack_require__(1);\n\nvar storageUtil = __webpack_require__(4);\n\nvar constants = __webpack_require__(2);\n\nvar storageBuilder = __webpack_require__(6);\n\nvar SdkClock = __webpack_require__(27);\n\nvar DEFAULT_OPTIONS = {\n  autoRenew: true,\n  storage: 'localStorage',\n  expireEarlySeconds: 30\n};\n\nfunction getExpireTime(tokenMgmtRef, token) {\n  var expireTime = token.expiresAt - tokenMgmtRef.options.expireEarlySeconds;\n  return expireTime;\n}\n\nfunction hasExpired(tokenMgmtRef, token) {\n  var expireTime = getExpireTime(tokenMgmtRef, token);\n  return expireTime <= tokenMgmtRef.clock.now();\n}\n\nfunction emitExpired(tokenMgmtRef, key, token) {\n  tokenMgmtRef.emitter.emit('expired', key, token);\n}\n\nfunction emitError(tokenMgmtRef, error) {\n  tokenMgmtRef.emitter.emit('error', error);\n}\n\nfunction clearExpireEventTimeout(tokenMgmtRef, key) {\n  clearTimeout(tokenMgmtRef.expireTimeouts[key]);\n  delete tokenMgmtRef.expireTimeouts[key]; // Remove the renew promise (if it exists)\n\n  delete tokenMgmtRef.renewPromise[key];\n}\n\nfunction clearExpireEventTimeoutAll(tokenMgmtRef) {\n  var expireTimeouts = tokenMgmtRef.expireTimeouts;\n\n  for (var key in expireTimeouts) {\n    if (!expireTimeouts.hasOwnProperty(key)) {\n      continue;\n    }\n\n    clearExpireEventTimeout(tokenMgmtRef, key);\n  }\n}\n\nfunction setExpireEventTimeout(sdk, tokenMgmtRef, key, token) {\n  var expireTime = getExpireTime(tokenMgmtRef, token);\n  var expireEventWait = Math.max(expireTime - tokenMgmtRef.clock.now(), 0) * 1000; // Clear any existing timeout\n\n  clearExpireEventTimeout(tokenMgmtRef, key);\n  var expireEventTimeout = setTimeout(function () {\n    emitExpired(tokenMgmtRef, key, token);\n  }, expireEventWait); // Add a new timeout\n\n  tokenMgmtRef.expireTimeouts[key] = expireEventTimeout;\n}\n\nfunction setExpireEventTimeoutAll(sdk, tokenMgmtRef, storage) {\n  try {\n    var tokenStorage = storage.getStorage();\n  } catch (e) {\n    // Any errors thrown on instantiation will not be caught,\n    // because there are no listeners yet\n    emitError(tokenMgmtRef, e);\n    return;\n  }\n\n  for (var key in tokenStorage) {\n    if (!tokenStorage.hasOwnProperty(key)) {\n      continue;\n    }\n\n    var token = tokenStorage[key];\n    setExpireEventTimeout(sdk, tokenMgmtRef, key, token);\n  }\n}\n\nfunction add(sdk, tokenMgmtRef, storage, key, token) {\n  var tokenStorage = storage.getStorage();\n\n  if (!util.isObject(token) || !token.scopes || !token.expiresAt && token.expiresAt !== 0 || !token.idToken && !token.accessToken) {\n    throw new AuthSdkError('Token must be an Object with scopes, expiresAt, and an idToken or accessToken properties');\n  }\n\n  tokenStorage[key] = token;\n  storage.setStorage(tokenStorage);\n  setExpireEventTimeout(sdk, tokenMgmtRef, key, token);\n}\n\nfunction get(storage, key) {\n  var tokenStorage = storage.getStorage();\n  return tokenStorage[key];\n}\n\nfunction getAsync(sdk, tokenMgmtRef, storage, key) {\n  return new Promise(function (resolve) {\n    var token = get(storage, key);\n\n    if (!token || !hasExpired(tokenMgmtRef, token)) {\n      return resolve(token);\n    }\n\n    var tokenPromise = tokenMgmtRef.options.autoRenew ? renew(sdk, tokenMgmtRef, storage, key) : remove(tokenMgmtRef, storage, key);\n    return resolve(tokenPromise);\n  });\n}\n\nfunction remove(tokenMgmtRef, storage, key) {\n  // Clear any listener for this token\n  clearExpireEventTimeout(tokenMgmtRef, key); // Remove it from storage\n\n  var tokenStorage = storage.getStorage();\n  delete tokenStorage[key];\n  storage.setStorage(tokenStorage);\n}\n\nfunction renew(sdk, tokenMgmtRef, storage, key) {\n  // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n  var existingPromise = tokenMgmtRef.renewPromise[key];\n\n  if (existingPromise) {\n    return existingPromise;\n  }\n\n  try {\n    var token = get(storage, key);\n\n    if (!token) {\n      throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n    }\n  } catch (e) {\n    return Promise.reject(e);\n  } // Remove existing autoRenew timeout for this key\n\n\n  clearExpireEventTimeout(tokenMgmtRef, key); // Store the renew promise state, to avoid renewing again\n\n  tokenMgmtRef.renewPromise[key] = sdk.token.renew(token).then(function (freshToken) {\n    var oldToken = get(storage, key);\n\n    if (!oldToken) {\n      // It is possible to enter a state where the tokens have been cleared\n      // after a renewal request was triggered. To ensure we do not store a\n      // renewed token, we verify the promise key doesn't exist and return.\n      return;\n    }\n\n    add(sdk, tokenMgmtRef, storage, key, freshToken);\n    tokenMgmtRef.emitter.emit('renewed', key, freshToken, oldToken);\n    return freshToken;\n  }).catch(function (err) {\n    if (err.name === 'OAuthError' || err.name === 'AuthSdkError') {\n      remove(tokenMgmtRef, storage, key);\n      err.tokenKey = key;\n      err.accessToken = !!token.accessToken;\n      emitError(tokenMgmtRef, err);\n    }\n\n    throw err;\n  }).finally(function () {\n    // Remove existing promise key\n    delete tokenMgmtRef.renewPromise[key];\n  });\n  return tokenMgmtRef.renewPromise[key];\n}\n\nfunction clear(tokenMgmtRef, storage) {\n  clearExpireEventTimeoutAll(tokenMgmtRef);\n  storage.clearStorage();\n}\n\nfunction TokenManager(sdk, options) {\n  options = util.extend({}, DEFAULT_OPTIONS, util.removeNils(options));\n\n  if (options.storage === 'localStorage' && !storageUtil.browserHasLocalStorage()) {\n    util.warn('This browser doesn\\'t support localStorage. Switching to sessionStorage.');\n    options.storage = 'sessionStorage';\n  }\n\n  if (options.storage === 'sessionStorage' && !storageUtil.browserHasSessionStorage()) {\n    util.warn('This browser doesn\\'t support sessionStorage. Switching to cookie-based storage.');\n    options.storage = 'cookie';\n  }\n\n  var storageProvider;\n\n  if (_typeof(options.storage) === 'object') {\n    // A custom storage provider must implement getItem(key) and setItem(key, val)\n    storageProvider = options.storage;\n  } else {\n    switch (options.storage) {\n      case 'localStorage':\n        storageProvider = localStorage;\n        break;\n\n      case 'sessionStorage':\n        storageProvider = sessionStorage;\n        break;\n\n      case 'cookie':\n        storageProvider = storageUtil.getCookieStorage(sdk.options.cookies);\n        break;\n\n      case 'memory':\n        storageProvider = storageUtil.getInMemoryStorage();\n        break;\n\n      default:\n        throw new AuthSdkError('Unrecognized storage option');\n    }\n  }\n\n  var storageKey = options.storageKey || constants.TOKEN_STORAGE_NAME;\n  var storage = storageBuilder(storageProvider, storageKey);\n  var clock = SdkClock.create(sdk, options);\n  var tokenMgmtRef = {\n    clock: clock,\n    options: options,\n    emitter: sdk.emitter,\n    expireTimeouts: {},\n    renewPromise: {}\n  };\n  this.add = util.bind(add, this, sdk, tokenMgmtRef, storage);\n  this.get = util.bind(getAsync, this, sdk, tokenMgmtRef, storage);\n  this.remove = util.bind(remove, this, tokenMgmtRef, storage);\n  this.clear = util.bind(clear, this, tokenMgmtRef, storage);\n  this.renew = util.bind(renew, this, sdk, tokenMgmtRef, storage);\n  this.on = util.bind(tokenMgmtRef.emitter.on, tokenMgmtRef.emitter);\n  this.off = util.bind(tokenMgmtRef.emitter.off, tokenMgmtRef.emitter);\n  setExpireEventTimeoutAll(sdk, tokenMgmtRef, storage);\n}\n\nmodule.exports = TokenManager;\n\n/***/ }),\n/* 27 */\n/***/ (function(module, exports, __webpack_require__) {\n\nvar util = __webpack_require__(0);\n\nfunction SdkClock(localOffset) {\n  // Calculated local clock offset from server time (in milliseconds). Can be positive or negative.\n  this.localOffset = parseInt(localOffset || 0);\n}\n\nutil.extend(SdkClock.prototype, {\n  // Return the current time (in seconds)\n  now: function now() {\n    var now = (Date.now() + this.localOffset) / 1000;\n    return now;\n  }\n}); // factory method. Create an instance of a clock from current context.\n\nSdkClock.create = function ()\n/* sdk, options */\n{\n  // TODO: calculate localOffset\n  var localOffset = 0;\n  return new SdkClock(localOffset);\n};\n\nmodule.exports = SdkClock;\n\n/***/ })\n/******/ ]);\n});\n\n\n// WEBPACK FOOTER //\n// okta-auth-js.min.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global window, document, btoa, atob, Uint8Array */\n\nvar util = module.exports;\n\n// converts a string to base64 (url/filename safe variant)\nutil.stringToBase64Url = function(str) {\n  var b64 = btoa(str);\n  return util.base64ToBase64Url(b64);\n};\n\n// converts a standard base64-encoded string to a \"url/filename safe\" variant\nutil.base64ToBase64Url = function(b64) {\n  return b64.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n};\n\n// converts a \"url/filename safe\" base64 string to a \"standard\" base64 string\nutil.base64UrlToBase64 = function(b64u) {\n  return b64u.replace(/-/g, '+').replace(/_/g, '/');\n};\n\nutil.base64UrlToString = function(b64u) {\n  var b64 = util.base64UrlToBase64(b64u);\n  switch (b64.length % 4) {\n    case 0:\n      break;\n    case 2:\n      b64 += '==';\n      break;\n    case 3:\n      b64 += '=';\n      break;\n    default:\n      throw 'Not a valid Base64Url';\n  }\n  var utf8 = atob(b64);\n  try {\n    return decodeURIComponent(escape(utf8));\n  } catch (e) {\n    return utf8;\n  }\n};\n\nutil.stringToBuffer = function(str) {\n  var buffer = new Uint8Array(str.length);\n  for (var i = 0; i < str.length; i++) {\n    buffer[i] = str.charCodeAt(i);\n  }\n  return buffer;\n};\n\nutil.base64UrlDecode = function(str) {\n  return atob(util.base64UrlToBase64(str));\n};\n\nutil.bind = function(fn, ctx) {\n  var additionalArgs = Array.prototype.slice.call(arguments, 2);\n  return function() {\n    var args = Array.prototype.slice.call(arguments);\n    args = additionalArgs.concat(args);\n    return fn.apply(ctx, args);\n  };\n};\n\nutil.isAbsoluteUrl = function(url) {\n  return /^(?:[a-z]+:)?\\/\\//i.test(url);\n};\n\nutil.isString = function(obj) {\n  return Object.prototype.toString.call(obj) === '[object String]';\n};\n\nutil.isObject = function(obj) {\n  return Object.prototype.toString.call(obj) === '[object Object]';\n};\n\nutil.isNumber = function(obj) {\n  return Object.prototype.toString.call(obj) === '[object Number]';\n};\n\nutil.isoToUTCString = function(str) {\n  var parts = str.match(/\\d+/g),\n      isoTime = Date.UTC(parts[0], parts[1] - 1, parts[2], parts[3], parts[4], parts[5]),\n      isoDate = new Date(isoTime);\n\n  return isoDate.toUTCString();\n};\n\nutil.toQueryParams = function(obj) {\n  var str = [];\n  if (obj !== null) {\n    for (var key in obj) {\n      if (obj.hasOwnProperty(key) &&\n          obj[key] !== undefined &&\n          obj[key] !== null) {\n        str.push(key + '=' + encodeURIComponent(obj[key]));\n      }\n    }\n  }\n  if (str.length) {\n    return '?' + str.join('&');\n  } else {\n    return '';\n  }\n};\n\nutil.genRandomString = function(length) {\n  var randomCharset = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';\n  var random = '';\n  for (var c = 0, cl = randomCharset.length; c < length; ++c) {\n    random += randomCharset[Math.floor(Math.random() * cl)];\n  }\n  return random;\n};\n\nutil.extend = function() {\n  // First object will be modified!\n  var obj1 = arguments[0];\n  // Properties from other objects will be copied over\n  var objArray = [].slice.call(arguments, 1);\n  objArray.forEach(function(obj) {\n    for (var prop in obj) {\n      // copy over all properties with defined values\n      if (obj.hasOwnProperty(prop) && obj[prop] !== undefined) {\n        obj1[prop] = obj[prop];\n      }\n    }\n  });\n  return obj1; // return the modified object\n};\n\nutil.removeNils = function(obj) {\n  var cleaned = {};\n  for (var prop in obj) {\n    if (obj.hasOwnProperty(prop)) {\n      var value = obj[prop];\n      if (value !== null && value !== undefined) {\n        cleaned[prop] = value;\n      }\n    }\n  }\n  return cleaned;\n};\n\nutil.clone = function(obj) {\n  if (obj) {\n    var str = JSON.stringify(obj);\n    if (str) {\n      return JSON.parse(str);\n    }\n  }\n  return obj;\n};\n\n// Analogous to _.omit\nutil.omit = function(obj) {\n  var props = Array.prototype.slice.call(arguments, 1);\n  var newobj = {};\n  for (var p in obj) {\n    if (obj.hasOwnProperty(p) && props.indexOf(p) == -1) {\n      newobj[p] = obj[p];\n    }\n  }\n  return util.clone(newobj);\n};\n\nutil.find = function(collection, searchParams) {\n  var c = collection.length;\n  while (c--) {\n    var item = collection[c];\n    var found = true;\n    for (var prop in searchParams) {\n      if (!searchParams.hasOwnProperty(prop)) {\n        continue;\n      }\n      if (item[prop] !== searchParams[prop]) {\n        found = false;\n        break;\n      }\n    }\n    if (found) {\n      return item;\n    }\n  }\n};\n\nutil.getLink = function(obj, linkName, altName) {\n  if (!obj || !obj._links) {\n    return;\n  }\n\n  var link = util.clone(obj._links[linkName]);\n\n  // If a link has a name and we have an altName, return if they match\n  if (link && link.name && altName) {\n    if (link.name === altName) {\n      return link;\n    }\n  } else {\n    return link;\n  }\n};\n\nutil.getNativeConsole = function() {\n  if (typeof window !== 'undefined') {\n    return window.console;\n  } else if (typeof console !== 'undefined') {\n    return console;\n  } else {\n    return undefined;\n  }\n};\n\nutil.getConsole = function() {\n  var nativeConsole = util.getNativeConsole();\n  if (nativeConsole && nativeConsole.log) {\n    return nativeConsole;\n  }\n  return {\n    log: function() {}\n  };\n};\n\nutil.warn = function(text) {\n  /* eslint-disable no-console */\n  util.getConsole().log('[okta-auth-sdk] WARN: ' + text);\n  /* eslint-enable */\n};\n\nutil.deprecate = function(text) {\n  /* eslint-disable no-console */\n  util.getConsole().log('[okta-auth-sdk] DEPRECATION: ' + text);\n  /* eslint-enable */\n};\n\nutil.deprecateWrap = function(text, fn) {\n  return function() {\n    util.deprecate(text);\n    return fn.apply(null, arguments);\n  };\n};\n\nutil.removeTrailingSlash = function(path) {\n  if (!path) {\n    return;\n  }\n  // Remove any whitespace before or after string\n  var trimmed = path.replace(/^\\s+|\\s+$/gm,'');\n  // Remove trailing slash(es)\n  trimmed = trimmed.replace(/\\/+$/, '');\n\n  return trimmed;\n};\n\nutil.isIE11OrLess = function() {\n  return !!document.documentMode && document.documentMode <= 11;\n};\n\nutil.isFunction = function(fn) {\n  return !!fn && {}.toString.call(fn) === '[object Function]';\n};\n\nutil.delay = function(ms) {\n  return new Promise(function(resolve) {\n    setTimeout(resolve, ms);\n  });\n};\n\n\n// WEBPACK FOOTER //\n// ./lib/util.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nfunction AuthSdkError(msg, xhr) {\n  this.name = 'AuthSdkError';\n  this.message = msg;\n\n  this.errorCode = 'INTERNAL';\n  this.errorSummary = msg;\n  this.errorLink = 'INTERNAL';\n  this.errorId = 'INTERNAL';\n  this.errorCauses = [];\n  if (xhr) {\n    this.xhr = xhr;\n  }\n}\nAuthSdkError.prototype = new Error();\n\nmodule.exports = AuthSdkError;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/errors/AuthSdkError.js","module.exports = {\n  'STATE_TOKEN_KEY_NAME': 'oktaStateToken',\n  'DEFAULT_POLLING_DELAY': 500,\n  'DEFAULT_MAX_CLOCK_SKEW': 300,\n  'DEFAULT_CACHE_DURATION': 86400,\n  'REDIRECT_OAUTH_PARAMS_COOKIE_NAME': 'okta-oauth-redirect-params',\n  'REDIRECT_STATE_COOKIE_NAME': 'okta-oauth-state',\n  'REDIRECT_NONCE_COOKIE_NAME': 'okta-oauth-nonce',\n  'TOKEN_STORAGE_NAME': 'okta-token-storage',\n  'CACHE_STORAGE_NAME': 'okta-cache-storage',\n  'PKCE_STORAGE_NAME': 'okta-pkce-storage'\n};\n\n\n// WEBPACK FOOTER //\n// ./lib/constants.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity */\nvar util = require('./util');\nvar AuthApiError = require('./errors/AuthApiError');\nvar constants = require('./constants');\n\nfunction httpRequest(sdk, options) {\n  options = options || {};\n  var url = options.url,\n      method = options.method,\n      args = options.args,\n      saveAuthnState = options.saveAuthnState,\n      accessToken = options.accessToken,\n      withCredentials = options.withCredentials !== false, // default value is true\n      storageUtil = sdk.options.storageUtil,\n      storage = storageUtil.storage,\n      httpCache = storageUtil.getHttpCache(sdk.options.cookies);\n\n  if (options.cacheResponse) {\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[url];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      return Promise.resolve(cachedResponse.response);\n    }\n  }\n\n  var headers = {\n    'Accept': 'application/json',\n    'Content-Type': 'application/json',\n    'X-Okta-User-Agent-Extended': sdk.userAgent\n  };\n  util.extend(headers, sdk.options.headers, options.headers);\n\n  if (accessToken && util.isString(accessToken)) {\n    headers['Authorization'] = 'Bearer ' + accessToken;\n  }\n\n  var ajaxOptions = {\n    headers: headers,\n    data: args || undefined,\n    withCredentials: withCredentials\n  };\n\n  var err, res;\n  return sdk.options.httpRequestClient(method, url, ajaxOptions)\n    .then(function(resp) {\n      res = resp.responseText;\n      if (res && util.isString(res)) {\n        res = JSON.parse(res);\n      }\n\n      if (saveAuthnState) {\n        if (!res.stateToken) {\n          storage.delete(constants.STATE_TOKEN_KEY_NAME);\n        }\n      }\n\n      if (res && res.stateToken && res.expiresAt) {\n        storage.set(constants.STATE_TOKEN_KEY_NAME, res.stateToken, res.expiresAt, sdk.options.cookies);\n      }\n\n      if (res && options.cacheResponse) {\n        httpCache.updateStorage(url, {\n          expiresAt: Math.floor(Date.now()/1000) + constants.DEFAULT_CACHE_DURATION,\n          response: res\n        });\n      }\n\n      return res;\n    })\n    .catch(function(resp) {\n      var serverErr = resp.responseText || {};\n      if (util.isString(serverErr)) {\n        try {\n          serverErr = JSON.parse(serverErr);\n        } catch (e) {\n          serverErr = {\n            errorSummary: 'Unknown error'\n          };\n        }\n      }\n\n      if (resp.status >= 500) {\n        serverErr.errorSummary = 'Unknown error';\n      }\n\n      if (sdk.options.transformErrorXHR) {\n        resp = sdk.options.transformErrorXHR(util.clone(resp));\n      }\n\n      err = new AuthApiError(serverErr, resp);\n\n      if (err.errorCode === 'E0000011') {\n        storage.delete(constants.STATE_TOKEN_KEY_NAME);\n      }\n\n      throw err;\n    });\n}\n\nfunction get(sdk, url, options) {\n  url = util.isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var getOptions = {\n    url: url,\n    method: 'GET'\n  };\n  util.extend(getOptions, options);\n  return httpRequest(sdk, getOptions);\n}\n\nfunction post(sdk, url, args, options) {\n  url = util.isAbsoluteUrl(url) ? url : sdk.getIssuerOrigin() + url;\n  var postOptions = {\n    url: url,\n    method: 'POST',\n    args: args,\n    saveAuthnState: true\n  };\n  util.extend(postOptions, options);\n  return httpRequest(sdk, postOptions);\n}\n\nmodule.exports = {\n  get: get,\n  post: post,\n  httpRequest: httpRequest\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/http.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global localStorage, sessionStorage */\nvar Cookies = require('js-cookie');\nvar storageBuilder = require('../storageBuilder');\nvar constants = require('../constants');\nvar AuthSdkError = require('../errors/AuthSdkError');\n\n// Building this as an object allows us to mock the functions in our tests\nvar storageUtil = {};\n\n// IE11 bug that Microsoft doesn't plan to fix\n// https://connect.microsoft.com/IE/Feedback/Details/1496040\nstorageUtil.browserHasLocalStorage = function() {\n  try {\n    var storage = storageUtil.getLocalStorage();\n    return storageUtil.testStorage(storage);\n  } catch (e) {\n    return false;\n  }\n};\n\nstorageUtil.browserHasSessionStorage = function() {\n  try {\n    var storage = storageUtil.getSessionStorage();\n    return storageUtil.testStorage(storage);\n  } catch (e) {\n    return false;\n  }\n};\n\nstorageUtil.getPKCEStorage = function(options) {\n  if (storageUtil.browserHasLocalStorage()) {\n    return storageBuilder(storageUtil.getLocalStorage(), constants.PKCE_STORAGE_NAME);\n  } else if (storageUtil.browserHasSessionStorage()) {\n    return storageBuilder(storageUtil.getSessionStorage(), constants.PKCE_STORAGE_NAME);\n  } else {\n    return storageBuilder(storageUtil.getCookieStorage(options), constants.PKCE_STORAGE_NAME);\n  }\n};\n\nstorageUtil.getHttpCache = function(options) {\n  if (storageUtil.browserHasLocalStorage()) {\n    return storageBuilder(storageUtil.getLocalStorage(), constants.CACHE_STORAGE_NAME);\n  } else if (storageUtil.browserHasSessionStorage()) {\n    return storageBuilder(storageUtil.getSessionStorage(), constants.CACHE_STORAGE_NAME);\n  } else {\n    return storageBuilder(storageUtil.getCookieStorage(options), constants.CACHE_STORAGE_NAME);\n  }\n};\n\nstorageUtil.getLocalStorage = function() {\n  return localStorage;\n};\n\nstorageUtil.getSessionStorage = function() {\n  return sessionStorage;\n};\n\n// Provides webStorage-like interface for cookies\nstorageUtil.getCookieStorage = function(options) {\n  const secure = options.secure;\n  const sameSite = options.sameSite;\n  if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n    throw new AuthSdkError('getCookieStorage: \"secure\" and \"sameSite\" options must be provided');\n  }\n  return {\n    getItem: storageUtil.storage.get,\n    setItem: function(key, value) {\n      // Cookie shouldn't expire\n      storageUtil.storage.set(key, value, '2200-01-01T00:00:00.000Z', {\n        secure: secure, \n        sameSite: sameSite\n      });\n    }\n  };\n};\n\n// Provides an in-memory solution\nstorageUtil.getInMemoryStorage = function() {\n  var store = {};\n  return {\n    getItem: function(key) {\n      return store[key];\n    },\n    setItem: function(key, value) {\n      store[key] = value;\n    }\n  };\n};\n\nstorageUtil.testStorage = function(storage) {\n  var key = 'okta-test-storage';\n  try {\n    storage.setItem(key, key);\n    storage.removeItem(key);\n    return true;\n  } catch (e) {\n    return false;\n  }\n};\n\nstorageUtil.storage = {\n  set: function(name, value, expiresAt, options) {\n    const secure = options.secure;\n    const sameSite = options.sameSite;\n    if (typeof secure === 'undefined' || typeof sameSite === 'undefined') {\n      throw new AuthSdkError('storage.set: \"secure\" and \"sameSite\" options must be provided');\n    }\n    var cookieOptions = {\n      path: options.path || '/',\n      secure,\n      sameSite\n    };\n\n    // eslint-disable-next-line no-extra-boolean-cast\n    if (!!(Date.parse(expiresAt))) {\n      // Expires value can be converted to a Date object.\n      //\n      // If the 'expiresAt' value is not provided, or the value cannot be\n      // parsed as a Date object, the cookie will set as a session cookie.\n      cookieOptions.expires = new Date(expiresAt);\n    }\n\n    Cookies.set(name, value, cookieOptions);\n    return storageUtil.storage.get(name);\n  },\n\n  get: function(name) {\n    return Cookies.get(name);\n  },\n\n  delete: function(name) {\n    return Cookies.remove(name, { path: '/' });\n  }\n};\n\nmodule.exports = storageUtil;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/browser/browserStorage.js","function _typeof(obj) {\n  if (typeof Symbol === \"function\" && typeof Symbol.iterator === \"symbol\") {\n    module.exports = _typeof = function _typeof(obj) {\n      return typeof obj;\n    };\n  } else {\n    module.exports = _typeof = function _typeof(obj) {\n      return obj && typeof Symbol === \"function\" && obj.constructor === Symbol && obj !== Symbol.prototype ? \"symbol\" : typeof obj;\n    };\n  }\n\n  return _typeof(obj);\n}\n\nmodule.exports = _typeof;\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/@babel/runtime/helpers/typeof.js\n// module id = 5\n// module chunks = 0","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nvar AuthSdkError = require('./errors/AuthSdkError');\n\n// storage must have getItem and setItem\nfunction storageBuilder(webstorage, storageName) {\n  if (typeof storageName !== 'string' || !storageName.length) {\n    throw new AuthSdkError('\"storageName\" is required');\n  }\n\n  function getStorage() {\n    var storageString = webstorage.getItem(storageName);\n    storageString = storageString || '{}';\n    try {\n      return JSON.parse(storageString);\n    } catch(e) {\n      throw new AuthSdkError('Unable to parse storage string: ' + storageName);\n    }\n  }\n\n  function setStorage(storage) {\n    try {\n      var storageString = JSON.stringify(storage);\n      webstorage.setItem(storageName, storageString);\n    } catch(e) {\n      throw new AuthSdkError('Unable to set storage: ' + storageName);\n    }\n  }\n\n  function clearStorage(key) {\n    if (!key) {\n      return setStorage({});\n    }\n    var storage = getStorage();\n    delete storage[key];\n    setStorage(storage);\n  }\n\n  function updateStorage(key, value) {\n    var storage = getStorage();\n    storage[key] = value;\n    setStorage(storage);\n  }\n\n  return {\n    getStorage: getStorage,\n    setStorage: setStorage,\n    clearStorage: clearStorage,\n    updateStorage: updateStorage\n  };\n}\n\nmodule.exports = storageBuilder;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/storageBuilder.js","module.exports = require(\"regenerator-runtime\");\n\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/@babel/runtime/regenerator/index.js\n// module id = 7\n// module chunks = 0","function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {\n  try {\n    var info = gen[key](arg);\n    var value = info.value;\n  } catch (error) {\n    reject(error);\n    return;\n  }\n\n  if (info.done) {\n    resolve(value);\n  } else {\n    Promise.resolve(value).then(_next, _throw);\n  }\n}\n\nfunction _asyncToGenerator(fn) {\n  return function () {\n    var self = this,\n        args = arguments;\n    return new Promise(function (resolve, reject) {\n      var gen = fn.apply(self, args);\n\n      function _next(value) {\n        asyncGeneratorStep(gen, resolve, reject, _next, _throw, \"next\", value);\n      }\n\n      function _throw(err) {\n        asyncGeneratorStep(gen, resolve, reject, _next, _throw, \"throw\", err);\n      }\n\n      _next(undefined);\n    });\n  };\n}\n\nmodule.exports = _asyncToGenerator;\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/@babel/runtime/helpers/asyncToGenerator.js\n// module id = 8\n// module chunks = 0","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\n/* eslint-disable complexity, max-statements */\nvar http              = require('./http');\nvar util              = require('./util');\nvar AuthSdkError      = require('./errors/AuthSdkError');\nvar AuthPollStopError = require('./errors/AuthPollStopError');\nvar constants         = require('./constants');\n\nfunction addStateToken(res, options) {\n  var builtArgs = {};\n  util.extend(builtArgs, options);\n\n  // Add the stateToken if one isn't passed and we have one\n  if (!builtArgs.stateToken && res.stateToken) {\n    builtArgs.stateToken = res.stateToken;\n  }\n\n  return builtArgs;\n}\n\nfunction getStateToken(res) {\n  return addStateToken(res);\n}\n\nfunction transactionStatus(sdk, args) {\n  args = addStateToken(sdk, args);\n  return http.post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn', args);\n}\n\nfunction resumeTransaction(sdk, args) {\n  if (!args || !args.stateToken) {\n    var stateToken = sdk.tx.exists._get(constants.STATE_TOKEN_KEY_NAME);\n    if (stateToken) {\n      args = {\n        stateToken: stateToken\n      };\n    } else {\n      return Promise.reject(new AuthSdkError('No transaction to resume'));\n    }\n  }\n  return sdk.tx.status(args)\n    .then(function(res) {\n      return new AuthTransaction(sdk, res);\n    });\n}\n\nfunction introspect (sdk, args) {\n  if (!args || !args.stateToken) {\n    var stateToken = sdk.tx.exists._get(constants.STATE_TOKEN_KEY_NAME);\n    if (stateToken) {\n      args = {\n        stateToken: stateToken\n      };\n    } else {\n      return Promise.reject(new AuthSdkError('No transaction to evaluate'));\n    }\n  }\n  return transactionStep(sdk, args)\n    .then(function (res) {\n      return new AuthTransaction(sdk, res);\n    });\n}\n\nfunction transactionStep(sdk, args) {\n  args = addStateToken(sdk, args);\n  // v1 pipeline introspect API\n  return http.post(sdk, sdk.getIssuerOrigin() + '/api/v1/authn/introspect', args);\n}\n\nfunction transactionExists(sdk) {\n  // We have a cookie state token\n  return !!sdk.tx.exists._get(constants.STATE_TOKEN_KEY_NAME);\n}\n\nfunction postToTransaction(sdk, url, args, options) {\n  return http.post(sdk, url, args, options)\n    .then(function(res) {\n      return new AuthTransaction(sdk, res);\n    });\n}\n\nfunction getPollFn(sdk, res, ref) {\n  return function (options) {\n    var delay;\n    var rememberDevice;\n    var autoPush;\n    var transactionCallBack;\n\n    if (util.isNumber(options)) {\n      delay = options;\n    } else if (util.isObject(options)) {\n      delay = options.delay;\n      rememberDevice = options.rememberDevice;\n      autoPush = options.autoPush;\n      transactionCallBack = options.transactionCallBack;\n    }\n\n    if (!delay && delay !== 0) {\n      delay = constants.DEFAULT_POLLING_DELAY;\n    }\n\n    // Get the poll function\n    var pollLink = util.getLink(res, 'next', 'poll');\n    function pollFn() {\n      var opts = {};\n      if (typeof autoPush === 'function') {\n        try {\n          opts.autoPush = !!autoPush();\n        }\n        catch (e) {\n          return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n        }\n      }\n      else if (autoPush !== undefined && autoPush !== null) {\n        opts.autoPush = !!autoPush;\n      }\n      if (typeof rememberDevice === 'function') {\n        try {\n          opts.rememberDevice = !!rememberDevice();\n        }\n        catch (e) {\n          return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n        }\n      }\n      else if (rememberDevice !== undefined && rememberDevice !== null) {\n        opts.rememberDevice = !!rememberDevice;\n      }\n\n      var href = pollLink.href + util.toQueryParams(opts);\n      return http.post(sdk, href, getStateToken(res), {\n        saveAuthnState: false  \n      });\n    }\n\n    ref.isPolling = true;\n\n    var retryCount = 0;\n    var recursivePoll = function () {\n      // If the poll was manually stopped during the delay\n      if (!ref.isPolling) {\n        return Promise.reject(new AuthPollStopError());\n      }\n      return pollFn()\n        .then(function (pollRes) {\n          // Reset our retry counter on success\n          retryCount = 0;\n\n          // If we're still waiting\n          if (pollRes.factorResult && pollRes.factorResult === 'WAITING') {\n\n            // If the poll was manually stopped while the pollFn was called\n            if (!ref.isPolling) {\n              throw new AuthPollStopError();\n            }\n\n            if (typeof transactionCallBack === 'function') {\n              transactionCallBack(pollRes);\n            }\n\n            // Continue poll\n            return util.delay(delay).then(recursivePoll);\n\n          } else {\n            // Any non-waiting result, even if polling was stopped\n            // during a request, will return\n            ref.isPolling = false;\n            return new AuthTransaction(sdk, pollRes);\n          }\n        })\n        .catch(function(err) {\n          // Exponential backoff, up to 16 seconds\n          if (err.xhr &&\n              (err.xhr.status === 0 || err.xhr.status === 429) &&\n              retryCount <= 4) {\n            var delayLength = Math.pow(2, retryCount) * 1000;\n            retryCount++;\n            return util.delay(delayLength)\n              .then(recursivePoll);\n          }\n          throw err;\n        });\n    };\n    return recursivePoll()\n      .catch(function(err) {\n        ref.isPolling = false;\n        throw err;\n      });\n  };\n}\n\nfunction link2fn(sdk, res, obj, link, ref) {\n  if (Array.isArray(link)) {\n    return function(name, opts) {\n      if (!name) {\n        throw new AuthSdkError('Must provide a link name');\n      }\n\n      var lk = util.find(link, {name: name});\n      if (!lk) {\n        throw new AuthSdkError('No link found for that name');\n      }\n\n      return link2fn(sdk, res, obj, lk, ref)(opts);\n    };\n\n  } else if (link.hints &&\n      link.hints.allow &&\n      link.hints.allow.length === 1) {\n    var method = link.hints.allow[0];\n    switch (method) {\n\n      case 'GET':\n        return function() {\n          return http.get(sdk, link.href);\n        };\n\n      case 'POST':\n        return function(opts) {\n          if (ref && ref.isPolling) {\n            ref.isPolling = false;\n          }\n\n          var data = addStateToken(res, opts);\n\n          if (res.status === 'MFA_ENROLL' || res.status === 'FACTOR_ENROLL') {\n            // Add factorType and provider\n            util.extend(data, {\n              factorType: obj.factorType,\n              provider: obj.provider\n            });\n          }\n\n          var params = {};\n          var autoPush = data.autoPush;\n          if (autoPush !== undefined) {\n            if (typeof autoPush === 'function') {\n              try {\n                params.autoPush = !!autoPush();\n              }\n              catch (e) {\n                return Promise.reject(new AuthSdkError('AutoPush resulted in an error.'));\n              }\n            }\n            else if (autoPush !== null) {\n              params.autoPush = !!autoPush;\n            }\n            data = util.omit(data, 'autoPush');\n          }\n\n          var rememberDevice = data.rememberDevice;\n          if (rememberDevice !== undefined) {\n            if (typeof rememberDevice === 'function') {\n              try {\n                params.rememberDevice = !!rememberDevice();\n              }\n              catch (e) {\n                return Promise.reject(new AuthSdkError('RememberDevice resulted in an error.'));\n              }\n            }\n            else if (rememberDevice !== null) {\n              params.rememberDevice = !!rememberDevice;\n            }\n            data = util.omit(data, 'rememberDevice');\n\n          } else if (data.profile &&\n                    data.profile.updatePhone !== undefined) {\n            if (data.profile.updatePhone) {\n              params.updatePhone = true;\n            }\n            data.profile = util.omit(data.profile, 'updatePhone');\n          }\n          var href = link.href + util.toQueryParams(params);\n          return postToTransaction(sdk, href, data);\n        };\n    }\n  }\n}\n\nfunction links2fns(sdk, res, obj, ref) {\n  var fns = {};\n  for (var linkName in obj._links) {\n    if (!obj._links.hasOwnProperty(linkName)) {\n      continue;\n    }\n\n    var link = obj._links[linkName];\n    \n    if (linkName === 'next') {\n      linkName = link.name;\n    }\n\n    if (link.type) {\n      fns[linkName] = link;\n      continue;\n    }\n\n    switch (linkName) {\n      // poll is only found at the transaction\n      // level, so we don't need to pass the link\n      case 'poll':\n        fns.poll = getPollFn(sdk, res, ref);\n        break;\n\n      default:\n        var fn = link2fn(sdk, res, obj, link, ref);\n        if (fn) {\n          fns[linkName] = fn;\n        }\n    }\n  }\n  return fns;\n}\n\nfunction flattenEmbedded(sdk, res, obj, ref) {\n  obj = obj || res;\n  obj = util.clone(obj);\n\n  if (Array.isArray(obj)) {\n    var objArr = [];\n    for (var o = 0, ol = obj.length; o < ol; o++) {\n      objArr.push(flattenEmbedded(sdk, res, obj[o], ref));\n    }\n    return objArr;\n  }\n\n  var embedded = obj._embedded || {};\n\n  for (var key in embedded) {\n    if (!embedded.hasOwnProperty(key)) {\n      continue;\n    }\n\n    // Flatten any nested _embedded objects\n    if (util.isObject(embedded[key]) || Array.isArray(embedded[key])) {\n      embedded[key] = flattenEmbedded(sdk, res, embedded[key], ref);\n    }\n  }\n\n  // Convert any links on the embedded object\n  var fns = links2fns(sdk, res, obj, ref);\n  util.extend(embedded, fns);\n\n  obj = util.omit(obj, '_embedded', '_links');\n  util.extend(obj, embedded);\n  return obj;\n}\n\nfunction AuthTransaction(sdk, res) {\n  if (res) {\n    this.data = res;\n    util.extend(this, flattenEmbedded(sdk, res, res, {}));\n    delete this.stateToken;\n\n    // RECOVERY_CHALLENGE has some responses without _links.\n    // Without _links, we emulate cancel to make it intuitive\n    // to return to the starting state. We may remove this\n    // when OKTA-75434 is resolved\n    if (res.status === 'RECOVERY_CHALLENGE' && !res._links) {\n      this.cancel = function() {\n        return Promise.resolve(new AuthTransaction(sdk));\n      };\n    }\n  }\n}\n\nmodule.exports = {\n  transactionStatus: transactionStatus,\n  resumeTransaction: resumeTransaction,\n  transactionExists: transactionExists,\n  postToTransaction: postToTransaction,\n  introspect: introspect,\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/tx.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document */\n/* eslint-disable complexity, max-statements */\nvar http = require('./http');\nvar util = require('./util');\nvar storageUtil = require('./browser/browserStorage');\nvar AuthSdkError = require('./errors/AuthSdkError');\n\nfunction generateState() {\n  return util.genRandomString(64);\n}\n\nfunction generateNonce() {\n  return util.genRandomString(64);\n}\n\nfunction isToken(obj) {\n  if (obj &&\n      (obj.accessToken || obj.idToken) &&\n      Array.isArray(obj.scopes)) {\n    return true;\n  }\n  return false;\n}\n\nfunction addListener(eventTarget, name, fn) {\n  if (eventTarget.addEventListener) {\n    eventTarget.addEventListener(name, fn);\n  } else {\n    eventTarget.attachEvent('on' + name, fn);\n  }\n}\n\nfunction removeListener(eventTarget, name, fn) {\n  if (eventTarget.removeEventListener) {\n    eventTarget.removeEventListener(name, fn);\n  } else {\n    eventTarget.detachEvent('on' + name, fn);\n  }\n}\n\nfunction loadFrame(src) {\n  var iframe = document.createElement('iframe');\n  iframe.style.display = 'none';\n  iframe.src = src;\n\n  return document.body.appendChild(iframe);\n}\n\nfunction loadPopup(src, options) {\n  var title = options.popupTitle || 'External Identity Provider User Authentication';\n  var appearance = 'toolbar=no, scrollbars=yes, resizable=yes, ' +\n    'top=100, left=500, width=600, height=600';\n\n  if (util.isIE11OrLess()) {\n    // IE<=11 doesn't fully support postMessage at time of writting.\n    // the following simple solution happened to solve the issue\n    // without adding another proxy layer which makes flow more complecated.\n    var winEl = window.open('/', title, appearance);\n    winEl.location.href = src;\n    return winEl;\n  } else {\n    return window.open(src, title, appearance);\n  }\n}\n\nfunction getWellKnown(sdk, issuer) {\n  var authServerUri = (issuer || sdk.options.issuer);\n  return http.get(sdk, authServerUri + '/.well-known/openid-configuration', {\n    cacheResponse: true\n  });\n}\n\nfunction getKey(sdk, issuer, kid) {\n  var httpCache = storageUtil.getHttpCache(sdk.options.cookies);\n\n  return getWellKnown(sdk, issuer)\n  .then(function(wellKnown) {\n    var jwksUri = wellKnown['jwks_uri'];\n\n    // Check our kid against the cached version (if it exists and isn't expired)\n    var cacheContents = httpCache.getStorage();\n    var cachedResponse = cacheContents[jwksUri];\n    if (cachedResponse && Date.now()/1000 < cachedResponse.expiresAt) {\n      var cachedKey = util.find(cachedResponse.response.keys, {\n        kid: kid\n      });\n\n      if (cachedKey) {\n        return cachedKey;\n      }\n    }\n\n    // Remove cache for the key\n    httpCache.clearStorage(jwksUri);\n\n    // Pull the latest keys if the key wasn't in the cache\n    return http.get(sdk, jwksUri, {\n      cacheResponse: true\n    })\n    .then(function(res) {\n      var key = util.find(res.keys, {\n        kid: kid\n      });\n\n      if (key) {\n        return key;\n      }\n\n      throw new AuthSdkError('The key id, ' + kid + ', was not found in the server\\'s keys');\n    });\n  });\n}\n\nfunction validateClaims(sdk, claims, validationParams) {\n  var aud = validationParams.clientId;\n  var iss = validationParams.issuer;\n  var nonce = validationParams.nonce;\n\n  if (!claims || !iss || !aud) {\n    throw new AuthSdkError('The jwt, iss, and aud arguments are all required');\n  }\n\n  if (nonce && claims.nonce !== nonce) {\n    throw new AuthSdkError('OAuth flow response nonce doesn\\'t match request nonce');\n  }\n\n  var now = Math.floor(Date.now()/1000);\n\n  if (claims.iss !== iss) {\n    throw new AuthSdkError('The issuer [' + claims.iss + '] ' +\n      'does not match [' + iss + ']');\n  }\n\n  if (claims.aud !== aud) {\n    throw new AuthSdkError('The audience [' + claims.aud + '] ' +\n      'does not match [' + aud + ']');\n  }\n\n  if (claims.iat > claims.exp) {\n    throw new AuthSdkError('The JWT expired before it was issued');\n  }\n\n  if ((now - sdk.options.maxClockSkew) > claims.exp) {\n    throw new AuthSdkError('The JWT expired and is no longer valid');\n  }\n\n  if (claims.iat > (now + sdk.options.maxClockSkew)) {\n    throw new AuthSdkError('The JWT was issued in the future');\n  }\n}\n\nfunction getOAuthUrls(sdk, options) {\n  if (arguments.length > 2) {\n    throw new AuthSdkError('As of version 3.0, \"getOAuthUrls\" takes only a single set of options');\n  }\n  options = options || {};\n\n  // Get user-supplied arguments\n  var authorizeUrl = util.removeTrailingSlash(options.authorizeUrl) || sdk.options.authorizeUrl;\n  var issuer = util.removeTrailingSlash(options.issuer) || sdk.options.issuer;\n  var userinfoUrl = util.removeTrailingSlash(options.userinfoUrl) || sdk.options.userinfoUrl;\n  var tokenUrl = util.removeTrailingSlash(options.tokenUrl) || sdk.options.tokenUrl;\n  var logoutUrl = util.removeTrailingSlash(options.logoutUrl) || sdk.options.logoutUrl;\n  var revokeUrl = util.removeTrailingSlash(options.revokeUrl) || sdk.options.revokeUrl;\n\n  var baseUrl = issuer.indexOf('/oauth2') > 0 ? issuer : issuer + '/oauth2';\n\n  authorizeUrl = authorizeUrl || baseUrl + '/v1/authorize';\n  userinfoUrl = userinfoUrl || baseUrl + '/v1/userinfo';\n  tokenUrl = tokenUrl || baseUrl + '/v1/token';\n  revokeUrl = revokeUrl || baseUrl + '/v1/revoke';\n  logoutUrl = logoutUrl || baseUrl + '/v1/logout';\n\n  return {\n    issuer: issuer,\n    authorizeUrl: authorizeUrl,\n    userinfoUrl: userinfoUrl,\n    tokenUrl: tokenUrl,\n    revokeUrl: revokeUrl,\n    logoutUrl: logoutUrl\n  };\n}\n\nfunction urlParamsToObject(hashOrSearch) {\n  // Predefine regexs for parsing hash\n  var plus2space = /\\+/g;\n  var paramSplit = /([^&=]+)=?([^&]*)/g;\n  var fragment = hashOrSearch;\n\n  // Some hash based routers will automatically add a / character after the hash\n  if (fragment.charAt(0) === '#' && fragment.charAt(1) === '/') {\n    fragment = fragment.substring(2);\n  }\n\n  // Remove the leading # or ?\n  if (fragment.charAt(0) === '#' || fragment.charAt(0) === '?') {\n    fragment = fragment.substring(1);\n  }\n\n\n  var obj = {};\n\n  // Loop until we have no more params\n  var param;\n  while (true) { // eslint-disable-line no-constant-condition\n    param = paramSplit.exec(fragment);\n    if (!param) { break; }\n\n    var key = param[1];\n    var value = param[2];\n\n    // id_token should remain base64url encoded\n    if (key === 'id_token' || key === 'access_token' || key === 'code') {\n      obj[key] = value;\n    } else {\n      obj[key] = decodeURIComponent(value.replace(plus2space, ' '));\n    }\n  }\n  return obj;\n}\n\nmodule.exports = {\n  generateState: generateState,\n  generateNonce: generateNonce,\n  getWellKnown: getWellKnown,\n  getKey: getKey,\n  validateClaims: validateClaims,\n  getOAuthUrls: getOAuthUrls,\n  loadFrame: loadFrame,\n  loadPopup: loadPopup,\n  urlParamsToObject: urlParamsToObject,\n  isToken: isToken,\n  addListener: addListener,\n  removeListener: removeListener\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/oauthUtil.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n\nvar fetchRequest = require('../fetch/fetchRequest');\nvar storageUtil = require('./browserStorage');\n\nmodule.exports = require('./browser')(storageUtil, fetchRequest);\n\n\n\n// WEBPACK FOOTER //\n// ./lib/browser/browserIndex.js","/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nvar fetch = require('cross-fetch');\n\n\nfunction readData(response) {\n  if (response.headers.get('Content-Type') &&\n    response.headers.get('Content-Type').toLowerCase().indexOf('application/json') >= 0) {\n  return response.json()\n    // JSON parse can fail if response is not a valid object\n    .catch(e => {\n      return {\n        error: e,\n        errorSummary: 'Could not parse server response'\n      };\n    });\n  } else {\n    return response.text();\n  }\n}\n\nfunction formatResult(status, data) {\n  const isObject = typeof data === 'object'; \n  const result = {\n    responseText: isObject ? JSON.stringify(data) : data,\n    status: status\n  };\n  if (isObject) {\n    result.responseType = 'json';\n    result.responseJSON = data;\n  }\n  return result;\n}\n\n/* eslint-disable complexity */\nfunction fetchRequest(method, url, args) {\n  var body = args.data;\n  var headers = args.headers || {};\n  var contentType = (headers['Content-Type'] || headers['content-type'] || '');\n\n  // JSON encode body (if appropriate)\n  if (contentType === 'application/json' && body && typeof body !== 'string') {\n    body = JSON.stringify(body);\n  }\n\n  var fetchPromise = fetch(url, {\n    method: method,\n    headers: args.headers,\n    body: body,\n    credentials: args.withCredentials ? 'include' : 'omit'\n  })\n  .then(function(response) {\n    var error = !response.ok;\n    var status = response.status;\n    return readData(response)\n      .then(data => {\n        return formatResult(status, data);\n      })\n      .then(result => {\n        if (error) {\n          // Throwing result object since error handling is done in http.js\n          throw result;\n        }\n        return result;\n      });\n  });\n  return fetchPromise;\n}\n\nmodule.exports = fetchRequest;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/fetch/fetchRequest.js","var __self__ = (function (root) {\nfunction F() {\nthis.fetch = false;\nthis.DOMException = root.DOMException\n}\nF.prototype = root;\nreturn new F();\n})(typeof self !== 'undefined' ? self : this);\n(function(self) {\n\nvar irrelevant = (function (exports) {\n  var support = {\n    searchParams: 'URLSearchParams' in self,\n    iterable: 'Symbol' in self && 'iterator' in Symbol,\n    blob:\n      'FileReader' in self &&\n      'Blob' in self &&\n      (function() {\n        try {\n          new Blob();\n          return true\n        } catch (e) {\n          return false\n        }\n      })(),\n    formData: 'FormData' in self,\n    arrayBuffer: 'ArrayBuffer' in self\n  };\n\n  function isDataView(obj) {\n    return obj && DataView.prototype.isPrototypeOf(obj)\n  }\n\n  if (support.arrayBuffer) {\n    var viewClasses = [\n      '[object Int8Array]',\n      '[object Uint8Array]',\n      '[object Uint8ClampedArray]',\n      '[object Int16Array]',\n      '[object Uint16Array]',\n      '[object Int32Array]',\n      '[object Uint32Array]',\n      '[object Float32Array]',\n      '[object Float64Array]'\n    ];\n\n    var isArrayBufferView =\n      ArrayBuffer.isView ||\n      function(obj) {\n        return obj && viewClasses.indexOf(Object.prototype.toString.call(obj)) > -1\n      };\n  }\n\n  function normalizeName(name) {\n    if (typeof name !== 'string') {\n      name = String(name);\n    }\n    if (/[^a-z0-9\\-#$%&'*+.^_`|~]/i.test(name)) {\n      throw new TypeError('Invalid character in header field name')\n    }\n    return name.toLowerCase()\n  }\n\n  function normalizeValue(value) {\n    if (typeof value !== 'string') {\n      value = String(value);\n    }\n    return value\n  }\n\n  // Build a destructive iterator for the value list\n  function iteratorFor(items) {\n    var iterator = {\n      next: function() {\n        var value = items.shift();\n        return {done: value === undefined, value: value}\n      }\n    };\n\n    if (support.iterable) {\n      iterator[Symbol.iterator] = function() {\n        return iterator\n      };\n    }\n\n    return iterator\n  }\n\n  function Headers(headers) {\n    this.map = {};\n\n    if (headers instanceof Headers) {\n      headers.forEach(function(value, name) {\n        this.append(name, value);\n      }, this);\n    } else if (Array.isArray(headers)) {\n      headers.forEach(function(header) {\n        this.append(header[0], header[1]);\n      }, this);\n    } else if (headers) {\n      Object.getOwnPropertyNames(headers).forEach(function(name) {\n        this.append(name, headers[name]);\n      }, this);\n    }\n  }\n\n  Headers.prototype.append = function(name, value) {\n    name = normalizeName(name);\n    value = normalizeValue(value);\n    var oldValue = this.map[name];\n    this.map[name] = oldValue ? oldValue + ', ' + value : value;\n  };\n\n  Headers.prototype['delete'] = function(name) {\n    delete this.map[normalizeName(name)];\n  };\n\n  Headers.prototype.get = function(name) {\n    name = normalizeName(name);\n    return this.has(name) ? this.map[name] : null\n  };\n\n  Headers.prototype.has = function(name) {\n    return this.map.hasOwnProperty(normalizeName(name))\n  };\n\n  Headers.prototype.set = function(name, value) {\n    this.map[normalizeName(name)] = normalizeValue(value);\n  };\n\n  Headers.prototype.forEach = function(callback, thisArg) {\n    for (var name in this.map) {\n      if (this.map.hasOwnProperty(name)) {\n        callback.call(thisArg, this.map[name], name, this);\n      }\n    }\n  };\n\n  Headers.prototype.keys = function() {\n    var items = [];\n    this.forEach(function(value, name) {\n      items.push(name);\n    });\n    return iteratorFor(items)\n  };\n\n  Headers.prototype.values = function() {\n    var items = [];\n    this.forEach(function(value) {\n      items.push(value);\n    });\n    return iteratorFor(items)\n  };\n\n  Headers.prototype.entries = function() {\n    var items = [];\n    this.forEach(function(value, name) {\n      items.push([name, value]);\n    });\n    return iteratorFor(items)\n  };\n\n  if (support.iterable) {\n    Headers.prototype[Symbol.iterator] = Headers.prototype.entries;\n  }\n\n  function consumed(body) {\n    if (body.bodyUsed) {\n      return Promise.reject(new TypeError('Already read'))\n    }\n    body.bodyUsed = true;\n  }\n\n  function fileReaderReady(reader) {\n    return new Promise(function(resolve, reject) {\n      reader.onload = function() {\n        resolve(reader.result);\n      };\n      reader.onerror = function() {\n        reject(reader.error);\n      };\n    })\n  }\n\n  function readBlobAsArrayBuffer(blob) {\n    var reader = new FileReader();\n    var promise = fileReaderReady(reader);\n    reader.readAsArrayBuffer(blob);\n    return promise\n  }\n\n  function readBlobAsText(blob) {\n    var reader = new FileReader();\n    var promise = fileReaderReady(reader);\n    reader.readAsText(blob);\n    return promise\n  }\n\n  function readArrayBufferAsText(buf) {\n    var view = new Uint8Array(buf);\n    var chars = new Array(view.length);\n\n    for (var i = 0; i < view.length; i++) {\n      chars[i] = String.fromCharCode(view[i]);\n    }\n    return chars.join('')\n  }\n\n  function bufferClone(buf) {\n    if (buf.slice) {\n      return buf.slice(0)\n    } else {\n      var view = new Uint8Array(buf.byteLength);\n      view.set(new Uint8Array(buf));\n      return view.buffer\n    }\n  }\n\n  function Body() {\n    this.bodyUsed = false;\n\n    this._initBody = function(body) {\n      this._bodyInit = body;\n      if (!body) {\n        this._bodyText = '';\n      } else if (typeof body === 'string') {\n        this._bodyText = body;\n      } else if (support.blob && Blob.prototype.isPrototypeOf(body)) {\n        this._bodyBlob = body;\n      } else if (support.formData && FormData.prototype.isPrototypeOf(body)) {\n        this._bodyFormData = body;\n      } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n        this._bodyText = body.toString();\n      } else if (support.arrayBuffer && support.blob && isDataView(body)) {\n        this._bodyArrayBuffer = bufferClone(body.buffer);\n        // IE 10-11 can't handle a DataView body.\n        this._bodyInit = new Blob([this._bodyArrayBuffer]);\n      } else if (support.arrayBuffer && (ArrayBuffer.prototype.isPrototypeOf(body) || isArrayBufferView(body))) {\n        this._bodyArrayBuffer = bufferClone(body);\n      } else {\n        this._bodyText = body = Object.prototype.toString.call(body);\n      }\n\n      if (!this.headers.get('content-type')) {\n        if (typeof body === 'string') {\n          this.headers.set('content-type', 'text/plain;charset=UTF-8');\n        } else if (this._bodyBlob && this._bodyBlob.type) {\n          this.headers.set('content-type', this._bodyBlob.type);\n        } else if (support.searchParams && URLSearchParams.prototype.isPrototypeOf(body)) {\n          this.headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n        }\n      }\n    };\n\n    if (support.blob) {\n      this.blob = function() {\n        var rejected = consumed(this);\n        if (rejected) {\n          return rejected\n        }\n\n        if (this._bodyBlob) {\n          return Promise.resolve(this._bodyBlob)\n        } else if (this._bodyArrayBuffer) {\n          return Promise.resolve(new Blob([this._bodyArrayBuffer]))\n        } else if (this._bodyFormData) {\n          throw new Error('could not read FormData body as blob')\n        } else {\n          return Promise.resolve(new Blob([this._bodyText]))\n        }\n      };\n\n      this.arrayBuffer = function() {\n        if (this._bodyArrayBuffer) {\n          return consumed(this) || Promise.resolve(this._bodyArrayBuffer)\n        } else {\n          return this.blob().then(readBlobAsArrayBuffer)\n        }\n      };\n    }\n\n    this.text = function() {\n      var rejected = consumed(this);\n      if (rejected) {\n        return rejected\n      }\n\n      if (this._bodyBlob) {\n        return readBlobAsText(this._bodyBlob)\n      } else if (this._bodyArrayBuffer) {\n        return Promise.resolve(readArrayBufferAsText(this._bodyArrayBuffer))\n      } else if (this._bodyFormData) {\n        throw new Error('could not read FormData body as text')\n      } else {\n        return Promise.resolve(this._bodyText)\n      }\n    };\n\n    if (support.formData) {\n      this.formData = function() {\n        return this.text().then(decode)\n      };\n    }\n\n    this.json = function() {\n      return this.text().then(JSON.parse)\n    };\n\n    return this\n  }\n\n  // HTTP methods whose capitalization should be normalized\n  var methods = ['DELETE', 'GET', 'HEAD', 'OPTIONS', 'POST', 'PUT'];\n\n  function normalizeMethod(method) {\n    var upcased = method.toUpperCase();\n    return methods.indexOf(upcased) > -1 ? upcased : method\n  }\n\n  function Request(input, options) {\n    options = options || {};\n    var body = options.body;\n\n    if (input instanceof Request) {\n      if (input.bodyUsed) {\n        throw new TypeError('Already read')\n      }\n      this.url = input.url;\n      this.credentials = input.credentials;\n      if (!options.headers) {\n        this.headers = new Headers(input.headers);\n      }\n      this.method = input.method;\n      this.mode = input.mode;\n      this.signal = input.signal;\n      if (!body && input._bodyInit != null) {\n        body = input._bodyInit;\n        input.bodyUsed = true;\n      }\n    } else {\n      this.url = String(input);\n    }\n\n    this.credentials = options.credentials || this.credentials || 'same-origin';\n    if (options.headers || !this.headers) {\n      this.headers = new Headers(options.headers);\n    }\n    this.method = normalizeMethod(options.method || this.method || 'GET');\n    this.mode = options.mode || this.mode || null;\n    this.signal = options.signal || this.signal;\n    this.referrer = null;\n\n    if ((this.method === 'GET' || this.method === 'HEAD') && body) {\n      throw new TypeError('Body not allowed for GET or HEAD requests')\n    }\n    this._initBody(body);\n  }\n\n  Request.prototype.clone = function() {\n    return new Request(this, {body: this._bodyInit})\n  };\n\n  function decode(body) {\n    var form = new FormData();\n    body\n      .trim()\n      .split('&')\n      .forEach(function(bytes) {\n        if (bytes) {\n          var split = bytes.split('=');\n          var name = split.shift().replace(/\\+/g, ' ');\n          var value = split.join('=').replace(/\\+/g, ' ');\n          form.append(decodeURIComponent(name), decodeURIComponent(value));\n        }\n      });\n    return form\n  }\n\n  function parseHeaders(rawHeaders) {\n    var headers = new Headers();\n    // Replace instances of \\r\\n and \\n followed by at least one space or horizontal tab with a space\n    // https://tools.ietf.org/html/rfc7230#section-3.2\n    var preProcessedHeaders = rawHeaders.replace(/\\r?\\n[\\t ]+/g, ' ');\n    preProcessedHeaders.split(/\\r?\\n/).forEach(function(line) {\n      var parts = line.split(':');\n      var key = parts.shift().trim();\n      if (key) {\n        var value = parts.join(':').trim();\n        headers.append(key, value);\n      }\n    });\n    return headers\n  }\n\n  Body.call(Request.prototype);\n\n  function Response(bodyInit, options) {\n    if (!options) {\n      options = {};\n    }\n\n    this.type = 'default';\n    this.status = options.status === undefined ? 200 : options.status;\n    this.ok = this.status >= 200 && this.status < 300;\n    this.statusText = 'statusText' in options ? options.statusText : 'OK';\n    this.headers = new Headers(options.headers);\n    this.url = options.url || '';\n    this._initBody(bodyInit);\n  }\n\n  Body.call(Response.prototype);\n\n  Response.prototype.clone = function() {\n    return new Response(this._bodyInit, {\n      status: this.status,\n      statusText: this.statusText,\n      headers: new Headers(this.headers),\n      url: this.url\n    })\n  };\n\n  Response.error = function() {\n    var response = new Response(null, {status: 0, statusText: ''});\n    response.type = 'error';\n    return response\n  };\n\n  var redirectStatuses = [301, 302, 303, 307, 308];\n\n  Response.redirect = function(url, status) {\n    if (redirectStatuses.indexOf(status) === -1) {\n      throw new RangeError('Invalid status code')\n    }\n\n    return new Response(null, {status: status, headers: {location: url}})\n  };\n\n  exports.DOMException = self.DOMException;\n  try {\n    new exports.DOMException();\n  } catch (err) {\n    exports.DOMException = function(message, name) {\n      this.message = message;\n      this.name = name;\n      var error = Error(message);\n      this.stack = error.stack;\n    };\n    exports.DOMException.prototype = Object.create(Error.prototype);\n    exports.DOMException.prototype.constructor = exports.DOMException;\n  }\n\n  function fetch(input, init) {\n    return new Promise(function(resolve, reject) {\n      var request = new Request(input, init);\n\n      if (request.signal && request.signal.aborted) {\n        return reject(new exports.DOMException('Aborted', 'AbortError'))\n      }\n\n      var xhr = new XMLHttpRequest();\n\n      function abortXhr() {\n        xhr.abort();\n      }\n\n      xhr.onload = function() {\n        var options = {\n          status: xhr.status,\n          statusText: xhr.statusText,\n          headers: parseHeaders(xhr.getAllResponseHeaders() || '')\n        };\n        options.url = 'responseURL' in xhr ? xhr.responseURL : options.headers.get('X-Request-URL');\n        var body = 'response' in xhr ? xhr.response : xhr.responseText;\n        resolve(new Response(body, options));\n      };\n\n      xhr.onerror = function() {\n        reject(new TypeError('Network request failed'));\n      };\n\n      xhr.ontimeout = function() {\n        reject(new TypeError('Network request failed'));\n      };\n\n      xhr.onabort = function() {\n        reject(new exports.DOMException('Aborted', 'AbortError'));\n      };\n\n      xhr.open(request.method, request.url, true);\n\n      if (request.credentials === 'include') {\n        xhr.withCredentials = true;\n      } else if (request.credentials === 'omit') {\n        xhr.withCredentials = false;\n      }\n\n      if ('responseType' in xhr && support.blob) {\n        xhr.responseType = 'blob';\n      }\n\n      request.headers.forEach(function(value, name) {\n        xhr.setRequestHeader(name, value);\n      });\n\n      if (request.signal) {\n        request.signal.addEventListener('abort', abortXhr);\n\n        xhr.onreadystatechange = function() {\n          // DONE (success or failure)\n          if (xhr.readyState === 4) {\n            request.signal.removeEventListener('abort', abortXhr);\n          }\n        };\n      }\n\n      xhr.send(typeof request._bodyInit === 'undefined' ? null : request._bodyInit);\n    })\n  }\n\n  fetch.polyfill = true;\n\n  if (!self.fetch) {\n    self.fetch = fetch;\n    self.Headers = Headers;\n    self.Request = Request;\n    self.Response = Response;\n  }\n\n  exports.Headers = Headers;\n  exports.Request = Request;\n  exports.Response = Response;\n  exports.fetch = fetch;\n\n  return exports;\n\n}({}));\n})(__self__);\ndelete __self__.fetch.polyfill\nexports = __self__.fetch // To enable: import fetch from 'cross-fetch'\nexports.default = __self__.fetch // For TypeScript consumers without esModuleInterop.\nexports.fetch = __self__.fetch // To enable: import {fetch} from 'cross-fetch'\nexports.Headers = __self__.Headers\nexports.Request = __self__.Request\nexports.Response = __self__.Response\nmodule.exports = exports\n\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/cross-fetch/dist/browser-ponyfill.js\n// module id = 13\n// module chunks = 0","/*!\n * JavaScript Cookie v2.2.0\n * https://github.com/js-cookie/js-cookie\n *\n * Copyright 2006, 2015 Klaus Hartl & Fagner Brack\n * Released under the MIT license\n */\n;(function (factory) {\n\tvar registeredInModuleLoader = false;\n\tif (typeof define === 'function' && define.amd) {\n\t\tdefine(factory);\n\t\tregisteredInModuleLoader = true;\n\t}\n\tif (typeof exports === 'object') {\n\t\tmodule.exports = factory();\n\t\tregisteredInModuleLoader = true;\n\t}\n\tif (!registeredInModuleLoader) {\n\t\tvar OldCookies = window.Cookies;\n\t\tvar api = window.Cookies = factory();\n\t\tapi.noConflict = function () {\n\t\t\twindow.Cookies = OldCookies;\n\t\t\treturn api;\n\t\t};\n\t}\n}(function () {\n\tfunction extend () {\n\t\tvar i = 0;\n\t\tvar result = {};\n\t\tfor (; i < arguments.length; i++) {\n\t\t\tvar attributes = arguments[ i ];\n\t\t\tfor (var key in attributes) {\n\t\t\t\tresult[key] = attributes[key];\n\t\t\t}\n\t\t}\n\t\treturn result;\n\t}\n\n\tfunction init (converter) {\n\t\tfunction api (key, value, attributes) {\n\t\t\tvar result;\n\t\t\tif (typeof document === 'undefined') {\n\t\t\t\treturn;\n\t\t\t}\n\n\t\t\t// Write\n\n\t\t\tif (arguments.length > 1) {\n\t\t\t\tattributes = extend({\n\t\t\t\t\tpath: '/'\n\t\t\t\t}, api.defaults, attributes);\n\n\t\t\t\tif (typeof attributes.expires === 'number') {\n\t\t\t\t\tvar expires = new Date();\n\t\t\t\t\texpires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5);\n\t\t\t\t\tattributes.expires = expires;\n\t\t\t\t}\n\n\t\t\t\t// We're using \"expires\" because \"max-age\" is not supported by IE\n\t\t\t\tattributes.expires = attributes.expires ? attributes.expires.toUTCString() : '';\n\n\t\t\t\ttry {\n\t\t\t\t\tresult = JSON.stringify(value);\n\t\t\t\t\tif (/^[\\{\\[]/.test(result)) {\n\t\t\t\t\t\tvalue = result;\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {}\n\n\t\t\t\tif (!converter.write) {\n\t\t\t\t\tvalue = encodeURIComponent(String(value))\n\t\t\t\t\t\t.replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);\n\t\t\t\t} else {\n\t\t\t\t\tvalue = converter.write(value, key);\n\t\t\t\t}\n\n\t\t\t\tkey = encodeURIComponent(String(key));\n\t\t\t\tkey = key.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent);\n\t\t\t\tkey = key.replace(/[\\(\\)]/g, escape);\n\n\t\t\t\tvar stringifiedAttributes = '';\n\n\t\t\t\tfor (var attributeName in attributes) {\n\t\t\t\t\tif (!attributes[attributeName]) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tstringifiedAttributes += '; ' + attributeName;\n\t\t\t\t\tif (attributes[attributeName] === true) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tstringifiedAttributes += '=' + attributes[attributeName];\n\t\t\t\t}\n\t\t\t\treturn (document.cookie = key + '=' + value + stringifiedAttributes);\n\t\t\t}\n\n\t\t\t// Read\n\n\t\t\tif (!key) {\n\t\t\t\tresult = {};\n\t\t\t}\n\n\t\t\t// To prevent the for loop in the first place assign an empty array\n\t\t\t// in case there are no cookies at all. Also prevents odd result when\n\t\t\t// calling \"get()\"\n\t\t\tvar cookies = document.cookie ? document.cookie.split('; ') : [];\n\t\t\tvar rdecode = /(%[0-9A-Z]{2})+/g;\n\t\t\tvar i = 0;\n\n\t\t\tfor (; i < cookies.length; i++) {\n\t\t\t\tvar parts = cookies[i].split('=');\n\t\t\t\tvar cookie = parts.slice(1).join('=');\n\n\t\t\t\tif (!this.json && cookie.charAt(0) === '\"') {\n\t\t\t\t\tcookie = cookie.slice(1, -1);\n\t\t\t\t}\n\n\t\t\t\ttry {\n\t\t\t\t\tvar name = parts[0].replace(rdecode, decodeURIComponent);\n\t\t\t\t\tcookie = converter.read ?\n\t\t\t\t\t\tconverter.read(cookie, name) : converter(cookie, name) ||\n\t\t\t\t\t\tcookie.replace(rdecode, decodeURIComponent);\n\n\t\t\t\t\tif (this.json) {\n\t\t\t\t\t\ttry {\n\t\t\t\t\t\t\tcookie = JSON.parse(cookie);\n\t\t\t\t\t\t} catch (e) {}\n\t\t\t\t\t}\n\n\t\t\t\t\tif (key === name) {\n\t\t\t\t\t\tresult = cookie;\n\t\t\t\t\t\tbreak;\n\t\t\t\t\t}\n\n\t\t\t\t\tif (!key) {\n\t\t\t\t\t\tresult[name] = cookie;\n\t\t\t\t\t}\n\t\t\t\t} catch (e) {}\n\t\t\t}\n\n\t\t\treturn result;\n\t\t}\n\n\t\tapi.set = api;\n\t\tapi.get = function (key) {\n\t\t\treturn api.call(api, key);\n\t\t};\n\t\tapi.getJSON = function () {\n\t\t\treturn api.apply({\n\t\t\t\tjson: true\n\t\t\t}, [].slice.call(arguments));\n\t\t};\n\t\tapi.defaults = {};\n\n\t\tapi.remove = function (key, attributes) {\n\t\t\tapi(key, '', extend(attributes, {\n\t\t\t\texpires: -1\n\t\t\t}));\n\t\t};\n\n\t\tapi.withConverter = init;\n\n\t\treturn api;\n\t}\n\n\treturn init(function () {});\n}));\n\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/js-cookie/src/js.cookie.js\n// module id = 14\n// module chunks = 0","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* eslint-disable complexity */\n/* eslint-disable max-statements */\n/* SDK_VERSION is defined in webpack config */ \n/* global SDK_VERSION */\n/* global window, navigator, document, crypto */\nvar Emitter           = require('tiny-emitter');\nvar AuthSdkError      = require('../errors/AuthSdkError');\nvar builderUtil       = require('../builderUtil');\nvar constants         = require('../constants');\nvar cookies           = require('./browserStorage').storage;\nvar http              = require('../http');\nvar oauthUtil         = require('../oauthUtil');\nvar session           = require('../session');\nvar token             = require('../token');\nvar TokenManager      = require('../TokenManager');\nvar tx                = require('../tx');\nvar util              = require('../util');\n\nfunction OktaAuthBuilder(args) {\n  var sdk = this;\n\n  builderUtil.assertValidConfig(args);\n\n  var cookieSettings = util.extend({\n    secure: true\n  }, args.cookies);\n  var isLocalhost = (sdk.features.isLocalhost() && !sdk.features.isHTTPS());\n  if (isLocalhost) {\n    cookieSettings.secure = false; // Force secure=false if running on http://localhost\n  }\n  if (typeof cookieSettings.sameSite === 'undefined') {\n    // Chrome >= 80 will block cookies with SameSite=None unless they are also Secure\n    cookieSettings.sameSite = cookieSettings.secure ? 'none' : 'lax';\n  }\n  if (cookieSettings.secure && !sdk.features.isHTTPS()) {\n    // eslint-disable-next-line no-console\n    console.warn(\n      'The current page is not being served with the HTTPS protocol.\\n' +\n      'For security reasons, we strongly recommend using HTTPS.\\n' +\n      'If you cannot use HTTPS, set \"cookies.secure\" option to false.'\n    );\n    cookieSettings.secure = false;\n  }\n\n  this.options = {\n    clientId: args.clientId,\n    issuer: util.removeTrailingSlash(args.issuer),\n    authorizeUrl: util.removeTrailingSlash(args.authorizeUrl),\n    userinfoUrl: util.removeTrailingSlash(args.userinfoUrl),\n    tokenUrl: util.removeTrailingSlash(args.tokenUrl),\n    revokeUrl: util.removeTrailingSlash(args.revokeUrl),\n    logoutUrl: util.removeTrailingSlash(args.logoutUrl),\n    pkce: args.pkce === false ? false : true,\n    redirectUri: args.redirectUri,\n    postLogoutRedirectUri: args.postLogoutRedirectUri,\n    responseMode: args.responseMode,\n    httpRequestClient: args.httpRequestClient,\n    storageUtil: args.storageUtil,\n    transformErrorXHR: args.transformErrorXHR,\n    headers: args.headers,\n    onSessionExpired: args.onSessionExpired,\n    cookies: cookieSettings\n  };\n\n  this.userAgent = builderUtil.getUserAgent(args, SDK_VERSION) || 'okta-auth-js-' + SDK_VERSION;\n\n  // Digital clocks will drift over time, so the server\n  // can misalign with the time reported by the browser.\n  // The maxClockSkew allows relaxing the time-based\n  // validation of tokens (in seconds, not milliseconds).\n  // It currently defaults to 300, because 5 min is the\n  // default maximum tolerance allowed by Kerberos.\n  // (https://technet.microsoft.com/en-us/library/cc976357.aspx)\n  if (!args.maxClockSkew && args.maxClockSkew !== 0) {\n    this.options.maxClockSkew = constants.DEFAULT_MAX_CLOCK_SKEW;\n  } else {\n    this.options.maxClockSkew = args.maxClockSkew;\n  }\n\n  // Give the developer the ability to disable token signature\n  // validation.\n  this.options.ignoreSignature = !!args.ignoreSignature;\n\n  sdk.session = {\n    close: util.bind(session.closeSession, null, sdk),\n    exists: util.bind(session.sessionExists, null, sdk),\n    get: util.bind(session.getSession, null, sdk),\n    refresh: util.bind(session.refreshSession, null, sdk),\n    setCookieAndRedirect: util.bind(session.setCookieAndRedirect, null, sdk)\n  };\n\n  sdk.tx = {\n    status: util.bind(tx.transactionStatus, null, sdk),\n    resume: util.bind(tx.resumeTransaction, null, sdk),\n    exists: util.bind(tx.transactionExists, null, sdk),\n    introspect: util.bind(tx.introspect, null, sdk)\n  };\n\n  // This is exposed so we can mock document.cookie in our tests\n  sdk.tx.exists._get = function(name) {\n    return cookies.get(name);\n  };\n\n  // This is exposed so we can mock window.location.href in our tests\n  sdk.idToken = {\n    authorize: {\n      _getLocationHref: function() {\n        return window.location.href;\n      }\n    }\n  };\n\n  sdk.token = {\n    getWithoutPrompt: util.bind(token.getWithoutPrompt, null, sdk),\n    getWithPopup: util.bind(token.getWithPopup, null, sdk),\n    getWithRedirect: util.bind(token.getWithRedirect, null, sdk),\n    parseFromUrl: util.bind(token.parseFromUrl, null, sdk),\n    decode: token.decodeToken,\n    revoke: util.bind(token.revokeToken, null, sdk),\n    renew: util.bind(token.renewToken, null, sdk),\n    getUserInfo: util.bind(token.getUserInfo, null, sdk),\n    verify: util.bind(token.verifyToken, null, sdk)\n  };\n\n  // This is exposed so we can set window.location in our tests\n  sdk.token.getWithRedirect._setLocation = function(url) {\n    window.location = url;\n  };\n\n  // This is exposed so we can mock getting window.history in our tests\n  sdk.token.parseFromUrl._getHistory = function() {\n    return window.history;\n  };\n\n  // This is exposed so we can mock getting window.location in our tests\n  sdk.token.parseFromUrl._getLocation = function() {\n    return window.location;\n  };\n\n  // This is exposed so we can mock getting window.document in our tests\n  sdk.token.parseFromUrl._getDocument = function() {\n    return window.document;\n  };\n\n  sdk.fingerprint._getUserAgent = function() {\n    return navigator.userAgent;\n  };\n\n  var isWindowsPhone = /windows phone|iemobile|wpdesktop/i;\n  sdk.features.isFingerprintSupported = function() {\n    var agent = sdk.fingerprint._getUserAgent();\n    return agent && !isWindowsPhone.test(agent);\n  };\n\n  sdk.emitter = new Emitter();\n  sdk.tokenManager = new TokenManager(sdk, args.tokenManager);\n  sdk.tokenManager.on('error', this._onTokenManagerError, this);\n}\n\nvar proto = OktaAuthBuilder.prototype;\nproto._onTokenManagerError = function(error) {\n  var code = error.errorCode;\n  if (code === 'login_required' && error.accessToken) {\n    if (this.options.onSessionExpired) {\n      this.options.onSessionExpired();\n    } else {\n      // eslint-disable-next-line no-console\n      console.error('Session has expired or was closed outside the application.');\n    }\n  }\n};\n\nproto.features = {};\n\nproto.features.isPopupPostMessageSupported = function() {\n  var isIE8or9 = document.documentMode && document.documentMode < 10;\n  if (window.postMessage && !isIE8or9) {\n    return true;\n  }\n  return false;\n};\n\nproto.features.isTokenVerifySupported = function() {\n  return typeof crypto !== 'undefined' && crypto.subtle && typeof Uint8Array !== 'undefined';\n};\n\nproto.features.hasTextEncoder = function() {\n  return typeof TextEncoder !== 'undefined';\n};\n\nproto.features.isPKCESupported = function() {\n  return proto.features.isTokenVerifySupported() && proto.features.hasTextEncoder();\n};\n\nproto.features.isHTTPS = function() {\n  return window.location.protocol === 'https:';\n};\n\nproto.features.isLocalhost = function() {\n  return window.location.hostname === 'localhost';\n};\n// { username, password, (relayState), (context) }\nproto.signIn = function (opts) {\n  var sdk = this;\n  opts = util.clone(opts || {});\n  function postToTransaction(options) {\n    delete opts.sendFingerprint;\n    return tx.postToTransaction(sdk, '/api/v1/authn', opts, options);\n  }\n  if (!opts.sendFingerprint) {\n    return postToTransaction();\n  }\n  return sdk.fingerprint()\n  .then(function(fingerprint) {\n    return postToTransaction({\n      headers: {\n        'X-Device-Fingerprint': fingerprint\n      }\n    });\n  });\n};\n\n// Ends the current Okta SSO session without redirecting to Okta.\nproto.closeSession = function closeSession() {\n  var sdk = this;\n  \n  // Clear all local tokens\n  sdk.tokenManager.clear();\n\n  return sdk.session.close() // DELETE /api/v1/sessions/me\n  .catch(function(e) {\n    if (e.name === 'AuthApiError' && e.errorCode === 'E0000007') {\n      // Session does not exist or has already been closed\n      return;\n    }\n    throw e;\n  });\n};\n\n// Revokes the access token for the application session\nproto.revokeAccessToken = async function revokeAccessToken(accessToken) {\n  var sdk = this;\n  if (!accessToken) {\n    accessToken = await sdk.tokenManager.get('accessToken');\n  }\n  // Access token may have been removed. In this case, we will silently succeed.\n  if (!accessToken) {\n    return Promise.resolve();\n  }\n  return sdk.token.revoke(accessToken);\n};\n\n// Revokes accessToken, clears all local tokens, then redirects to Okta to end the SSO session.\nproto.signOut = async function (options) {\n  options = util.extend({}, options);\n\n  // postLogoutRedirectUri must be whitelisted in Okta Admin UI\n  var defaultUri = window.location.origin;\n  var postLogoutRedirectUri = options.postLogoutRedirectUri\n    || this.options.postLogoutRedirectUri\n    || defaultUri;\n\n  var accessToken = options.accessToken;\n  var revokeAccessToken = options.revokeAccessToken !== false;\n  var idToken = options.idToken;\n\n  var sdk = this;\n  var logoutUrl = oauthUtil.getOAuthUrls(sdk).logoutUrl;\n\n  if (typeof idToken === 'undefined') {\n    idToken = await sdk.tokenManager.get('idToken');\n  }\n\n  if (revokeAccessToken && typeof accessToken === 'undefined') {\n    accessToken = await sdk.tokenManager.get('token');\n  }\n\n  // Clear all local tokens\n  sdk.tokenManager.clear();\n\n  if (revokeAccessToken && accessToken) {\n    await sdk.revokeAccessToken(accessToken);\n  }\n\n  // No idToken? This can happen if the storage was cleared.\n  // Fallback to XHR signOut, then redirect to the post logout uri\n  if (!idToken) {\n    return sdk.closeSession() // can throw if the user cannot be signed out\n    .then(function() {\n      if (postLogoutRedirectUri === defaultUri) {\n        window.location.reload();\n      } else {\n        window.location.assign(postLogoutRedirectUri);\n      }\n    });\n  }\n\n  // logout redirect using the idToken.\n  var state = options.state;\n  var idTokenHint = idToken.idToken; // a string\n  var logoutUri = logoutUrl + '?id_token_hint=' + encodeURIComponent(idTokenHint) +\n    '&post_logout_redirect_uri=' + encodeURIComponent(postLogoutRedirectUri);\n\n  // State allows option parameters to be passed to logout redirect uri\n  if (state) {\n    logoutUri += '&state=' + encodeURIComponent(state);\n  }\n  \n  window.location.assign(logoutUri);\n};\n\nbuilderUtil.addSharedPrototypes(proto);\n\n// { resource, (rel), (requestContext)}\nproto.webfinger = function (opts) {\n  var url = '/.well-known/webfinger' + util.toQueryParams(opts);\n  var options = {\n    headers: {\n      'Accept': 'application/jrd+json'\n    }\n  };\n  return http.get(this, url, options);\n};\n\nproto.fingerprint = function(options) {\n  options = options || {};\n  var sdk = this;\n  if (!sdk.features.isFingerprintSupported()) {\n    return Promise.reject(new AuthSdkError('Fingerprinting is not supported on this device'));\n  }\n\n  var timeout;\n  var iframe;\n  var listener;\n  var promise = new Promise(function (resolve, reject) {\n    iframe = document.createElement('iframe');\n    iframe.style.display = 'none';\n\n    listener = function listener(e) {\n      if (!e || !e.data || e.origin !== sdk.getIssuerOrigin()) {\n        return;\n      }\n\n      try {\n        var msg = JSON.parse(e.data);\n      } catch (err) {\n        return reject(new AuthSdkError('Unable to parse iframe response'));\n      }\n\n      if (!msg) { return; }\n      if (msg.type === 'FingerprintAvailable') {\n        return resolve(msg.fingerprint);\n      }\n      if (msg.type === 'FingerprintServiceReady') {\n        e.source.postMessage(JSON.stringify({\n          type: 'GetFingerprint'\n        }), e.origin);\n      }\n    };\n    oauthUtil.addListener(window, 'message', listener);\n\n    iframe.src = sdk.getIssuerOrigin() + '/auth/services/devicefingerprint';\n    document.body.appendChild(iframe);\n\n    timeout = setTimeout(function() {\n      reject(new AuthSdkError('Fingerprinting timed out'));\n    }, options.timeout || 15000);\n  });\n\n  return promise.finally(function() {\n    clearTimeout(timeout);\n    oauthUtil.removeListener(window, 'message', listener);\n    if (document.body.contains(iframe)) {\n      iframe.parentElement.removeChild(iframe);\n    }\n  });\n};\n\nmodule.exports = builderUtil.buildOktaAuth(OktaAuthBuilder);\n\n\n\n// WEBPACK FOOTER //\n// ./lib/browser/browser.js","/**\n * Copyright (c) 2014-present, Facebook, Inc.\n *\n * This source code is licensed under the MIT license found in the\n * LICENSE file in the root directory of this source tree.\n */\n\nvar runtime = (function (exports) {\n  \"use strict\";\n\n  var Op = Object.prototype;\n  var hasOwn = Op.hasOwnProperty;\n  var undefined; // More compressible than void 0.\n  var $Symbol = typeof Symbol === \"function\" ? Symbol : {};\n  var iteratorSymbol = $Symbol.iterator || \"@@iterator\";\n  var asyncIteratorSymbol = $Symbol.asyncIterator || \"@@asyncIterator\";\n  var toStringTagSymbol = $Symbol.toStringTag || \"@@toStringTag\";\n\n  function wrap(innerFn, outerFn, self, tryLocsList) {\n    // If outerFn provided and outerFn.prototype is a Generator, then outerFn.prototype instanceof Generator.\n    var protoGenerator = outerFn && outerFn.prototype instanceof Generator ? outerFn : Generator;\n    var generator = Object.create(protoGenerator.prototype);\n    var context = new Context(tryLocsList || []);\n\n    // The ._invoke method unifies the implementations of the .next,\n    // .throw, and .return methods.\n    generator._invoke = makeInvokeMethod(innerFn, self, context);\n\n    return generator;\n  }\n  exports.wrap = wrap;\n\n  // Try/catch helper to minimize deoptimizations. Returns a completion\n  // record like context.tryEntries[i].completion. This interface could\n  // have been (and was previously) designed to take a closure to be\n  // invoked without arguments, but in all the cases we care about we\n  // already have an existing method we want to call, so there's no need\n  // to create a new function object. We can even get away with assuming\n  // the method takes exactly one argument, since that happens to be true\n  // in every case, so we don't have to touch the arguments object. The\n  // only additional allocation required is the completion record, which\n  // has a stable shape and so hopefully should be cheap to allocate.\n  function tryCatch(fn, obj, arg) {\n    try {\n      return { type: \"normal\", arg: fn.call(obj, arg) };\n    } catch (err) {\n      return { type: \"throw\", arg: err };\n    }\n  }\n\n  var GenStateSuspendedStart = \"suspendedStart\";\n  var GenStateSuspendedYield = \"suspendedYield\";\n  var GenStateExecuting = \"executing\";\n  var GenStateCompleted = \"completed\";\n\n  // Returning this object from the innerFn has the same effect as\n  // breaking out of the dispatch switch statement.\n  var ContinueSentinel = {};\n\n  // Dummy constructor functions that we use as the .constructor and\n  // .constructor.prototype properties for functions that return Generator\n  // objects. For full spec compliance, you may wish to configure your\n  // minifier not to mangle the names of these two functions.\n  function Generator() {}\n  function GeneratorFunction() {}\n  function GeneratorFunctionPrototype() {}\n\n  // This is a polyfill for %IteratorPrototype% for environments that\n  // don't natively support it.\n  var IteratorPrototype = {};\n  IteratorPrototype[iteratorSymbol] = function () {\n    return this;\n  };\n\n  var getProto = Object.getPrototypeOf;\n  var NativeIteratorPrototype = getProto && getProto(getProto(values([])));\n  if (NativeIteratorPrototype &&\n      NativeIteratorPrototype !== Op &&\n      hasOwn.call(NativeIteratorPrototype, iteratorSymbol)) {\n    // This environment has a native %IteratorPrototype%; use it instead\n    // of the polyfill.\n    IteratorPrototype = NativeIteratorPrototype;\n  }\n\n  var Gp = GeneratorFunctionPrototype.prototype =\n    Generator.prototype = Object.create(IteratorPrototype);\n  GeneratorFunction.prototype = Gp.constructor = GeneratorFunctionPrototype;\n  GeneratorFunctionPrototype.constructor = GeneratorFunction;\n  GeneratorFunctionPrototype[toStringTagSymbol] =\n    GeneratorFunction.displayName = \"GeneratorFunction\";\n\n  // Helper for defining the .next, .throw, and .return methods of the\n  // Iterator interface in terms of a single ._invoke method.\n  function defineIteratorMethods(prototype) {\n    [\"next\", \"throw\", \"return\"].forEach(function(method) {\n      prototype[method] = function(arg) {\n        return this._invoke(method, arg);\n      };\n    });\n  }\n\n  exports.isGeneratorFunction = function(genFun) {\n    var ctor = typeof genFun === \"function\" && genFun.constructor;\n    return ctor\n      ? ctor === GeneratorFunction ||\n        // For the native GeneratorFunction constructor, the best we can\n        // do is to check its .name property.\n        (ctor.displayName || ctor.name) === \"GeneratorFunction\"\n      : false;\n  };\n\n  exports.mark = function(genFun) {\n    if (Object.setPrototypeOf) {\n      Object.setPrototypeOf(genFun, GeneratorFunctionPrototype);\n    } else {\n      genFun.__proto__ = GeneratorFunctionPrototype;\n      if (!(toStringTagSymbol in genFun)) {\n        genFun[toStringTagSymbol] = \"GeneratorFunction\";\n      }\n    }\n    genFun.prototype = Object.create(Gp);\n    return genFun;\n  };\n\n  // Within the body of any async function, `await x` is transformed to\n  // `yield regeneratorRuntime.awrap(x)`, so that the runtime can test\n  // `hasOwn.call(value, \"__await\")` to determine if the yielded value is\n  // meant to be awaited.\n  exports.awrap = function(arg) {\n    return { __await: arg };\n  };\n\n  function AsyncIterator(generator) {\n    function invoke(method, arg, resolve, reject) {\n      var record = tryCatch(generator[method], generator, arg);\n      if (record.type === \"throw\") {\n        reject(record.arg);\n      } else {\n        var result = record.arg;\n        var value = result.value;\n        if (value &&\n            typeof value === \"object\" &&\n            hasOwn.call(value, \"__await\")) {\n          return Promise.resolve(value.__await).then(function(value) {\n            invoke(\"next\", value, resolve, reject);\n          }, function(err) {\n            invoke(\"throw\", err, resolve, reject);\n          });\n        }\n\n        return Promise.resolve(value).then(function(unwrapped) {\n          // When a yielded Promise is resolved, its final value becomes\n          // the .value of the Promise<{value,done}> result for the\n          // current iteration.\n          result.value = unwrapped;\n          resolve(result);\n        }, function(error) {\n          // If a rejected Promise was yielded, throw the rejection back\n          // into the async generator function so it can be handled there.\n          return invoke(\"throw\", error, resolve, reject);\n        });\n      }\n    }\n\n    var previousPromise;\n\n    function enqueue(method, arg) {\n      function callInvokeWithMethodAndArg() {\n        return new Promise(function(resolve, reject) {\n          invoke(method, arg, resolve, reject);\n        });\n      }\n\n      return previousPromise =\n        // If enqueue has been called before, then we want to wait until\n        // all previous Promises have been resolved before calling invoke,\n        // so that results are always delivered in the correct order. If\n        // enqueue has not been called before, then it is important to\n        // call invoke immediately, without waiting on a callback to fire,\n        // so that the async generator function has the opportunity to do\n        // any necessary setup in a predictable way. This predictability\n        // is why the Promise constructor synchronously invokes its\n        // executor callback, and why async functions synchronously\n        // execute code before the first await. Since we implement simple\n        // async functions in terms of async generators, it is especially\n        // important to get this right, even though it requires care.\n        previousPromise ? previousPromise.then(\n          callInvokeWithMethodAndArg,\n          // Avoid propagating failures to Promises returned by later\n          // invocations of the iterator.\n          callInvokeWithMethodAndArg\n        ) : callInvokeWithMethodAndArg();\n    }\n\n    // Define the unified helper method that is used to implement .next,\n    // .throw, and .return (see defineIteratorMethods).\n    this._invoke = enqueue;\n  }\n\n  defineIteratorMethods(AsyncIterator.prototype);\n  AsyncIterator.prototype[asyncIteratorSymbol] = function () {\n    return this;\n  };\n  exports.AsyncIterator = AsyncIterator;\n\n  // Note that simple async functions are implemented on top of\n  // AsyncIterator objects; they just return a Promise for the value of\n  // the final result produced by the iterator.\n  exports.async = function(innerFn, outerFn, self, tryLocsList) {\n    var iter = new AsyncIterator(\n      wrap(innerFn, outerFn, self, tryLocsList)\n    );\n\n    return exports.isGeneratorFunction(outerFn)\n      ? iter // If outerFn is a generator, return the full iterator.\n      : iter.next().then(function(result) {\n          return result.done ? result.value : iter.next();\n        });\n  };\n\n  function makeInvokeMethod(innerFn, self, context) {\n    var state = GenStateSuspendedStart;\n\n    return function invoke(method, arg) {\n      if (state === GenStateExecuting) {\n        throw new Error(\"Generator is already running\");\n      }\n\n      if (state === GenStateCompleted) {\n        if (method === \"throw\") {\n          throw arg;\n        }\n\n        // Be forgiving, per 25.3.3.3.3 of the spec:\n        // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume\n        return doneResult();\n      }\n\n      context.method = method;\n      context.arg = arg;\n\n      while (true) {\n        var delegate = context.delegate;\n        if (delegate) {\n          var delegateResult = maybeInvokeDelegate(delegate, context);\n          if (delegateResult) {\n            if (delegateResult === ContinueSentinel) continue;\n            return delegateResult;\n          }\n        }\n\n        if (context.method === \"next\") {\n          // Setting context._sent for legacy support of Babel's\n          // function.sent implementation.\n          context.sent = context._sent = context.arg;\n\n        } else if (context.method === \"throw\") {\n          if (state === GenStateSuspendedStart) {\n            state = GenStateCompleted;\n            throw context.arg;\n          }\n\n          context.dispatchException(context.arg);\n\n        } else if (context.method === \"return\") {\n          context.abrupt(\"return\", context.arg);\n        }\n\n        state = GenStateExecuting;\n\n        var record = tryCatch(innerFn, self, context);\n        if (record.type === \"normal\") {\n          // If an exception is thrown from innerFn, we leave state ===\n          // GenStateExecuting and loop back for another invocation.\n          state = context.done\n            ? GenStateCompleted\n            : GenStateSuspendedYield;\n\n          if (record.arg === ContinueSentinel) {\n            continue;\n          }\n\n          return {\n            value: record.arg,\n            done: context.done\n          };\n\n        } else if (record.type === \"throw\") {\n          state = GenStateCompleted;\n          // Dispatch the exception by looping back around to the\n          // context.dispatchException(context.arg) call above.\n          context.method = \"throw\";\n          context.arg = record.arg;\n        }\n      }\n    };\n  }\n\n  // Call delegate.iterator[context.method](context.arg) and handle the\n  // result, either by returning a { value, done } result from the\n  // delegate iterator, or by modifying context.method and context.arg,\n  // setting context.delegate to null, and returning the ContinueSentinel.\n  function maybeInvokeDelegate(delegate, context) {\n    var method = delegate.iterator[context.method];\n    if (method === undefined) {\n      // A .throw or .return when the delegate iterator has no .throw\n      // method always terminates the yield* loop.\n      context.delegate = null;\n\n      if (context.method === \"throw\") {\n        // Note: [\"return\"] must be used for ES3 parsing compatibility.\n        if (delegate.iterator[\"return\"]) {\n          // If the delegate iterator has a return method, give it a\n          // chance to clean up.\n          context.method = \"return\";\n          context.arg = undefined;\n          maybeInvokeDelegate(delegate, context);\n\n          if (context.method === \"throw\") {\n            // If maybeInvokeDelegate(context) changed context.method from\n            // \"return\" to \"throw\", let that override the TypeError below.\n            return ContinueSentinel;\n          }\n        }\n\n        context.method = \"throw\";\n        context.arg = new TypeError(\n          \"The iterator does not provide a 'throw' method\");\n      }\n\n      return ContinueSentinel;\n    }\n\n    var record = tryCatch(method, delegate.iterator, context.arg);\n\n    if (record.type === \"throw\") {\n      context.method = \"throw\";\n      context.arg = record.arg;\n      context.delegate = null;\n      return ContinueSentinel;\n    }\n\n    var info = record.arg;\n\n    if (! info) {\n      context.method = \"throw\";\n      context.arg = new TypeError(\"iterator result is not an object\");\n      context.delegate = null;\n      return ContinueSentinel;\n    }\n\n    if (info.done) {\n      // Assign the result of the finished delegate to the temporary\n      // variable specified by delegate.resultName (see delegateYield).\n      context[delegate.resultName] = info.value;\n\n      // Resume execution at the desired location (see delegateYield).\n      context.next = delegate.nextLoc;\n\n      // If context.method was \"throw\" but the delegate handled the\n      // exception, let the outer generator proceed normally. If\n      // context.method was \"next\", forget context.arg since it has been\n      // \"consumed\" by the delegate iterator. If context.method was\n      // \"return\", allow the original .return call to continue in the\n      // outer generator.\n      if (context.method !== \"return\") {\n        context.method = \"next\";\n        context.arg = undefined;\n      }\n\n    } else {\n      // Re-yield the result returned by the delegate method.\n      return info;\n    }\n\n    // The delegate iterator is finished, so forget it and continue with\n    // the outer generator.\n    context.delegate = null;\n    return ContinueSentinel;\n  }\n\n  // Define Generator.prototype.{next,throw,return} in terms of the\n  // unified ._invoke helper method.\n  defineIteratorMethods(Gp);\n\n  Gp[toStringTagSymbol] = \"Generator\";\n\n  // A Generator should always return itself as the iterator object when the\n  // @@iterator function is called on it. Some browsers' implementations of the\n  // iterator prototype chain incorrectly implement this, causing the Generator\n  // object to not be returned from this call. This ensures that doesn't happen.\n  // See https://github.com/facebook/regenerator/issues/274 for more details.\n  Gp[iteratorSymbol] = function() {\n    return this;\n  };\n\n  Gp.toString = function() {\n    return \"[object Generator]\";\n  };\n\n  function pushTryEntry(locs) {\n    var entry = { tryLoc: locs[0] };\n\n    if (1 in locs) {\n      entry.catchLoc = locs[1];\n    }\n\n    if (2 in locs) {\n      entry.finallyLoc = locs[2];\n      entry.afterLoc = locs[3];\n    }\n\n    this.tryEntries.push(entry);\n  }\n\n  function resetTryEntry(entry) {\n    var record = entry.completion || {};\n    record.type = \"normal\";\n    delete record.arg;\n    entry.completion = record;\n  }\n\n  function Context(tryLocsList) {\n    // The root entry object (effectively a try statement without a catch\n    // or a finally block) gives us a place to store values thrown from\n    // locations where there is no enclosing try statement.\n    this.tryEntries = [{ tryLoc: \"root\" }];\n    tryLocsList.forEach(pushTryEntry, this);\n    this.reset(true);\n  }\n\n  exports.keys = function(object) {\n    var keys = [];\n    for (var key in object) {\n      keys.push(key);\n    }\n    keys.reverse();\n\n    // Rather than returning an object with a next method, we keep\n    // things simple and return the next function itself.\n    return function next() {\n      while (keys.length) {\n        var key = keys.pop();\n        if (key in object) {\n          next.value = key;\n          next.done = false;\n          return next;\n        }\n      }\n\n      // To avoid creating an additional object, we just hang the .value\n      // and .done properties off the next function object itself. This\n      // also ensures that the minifier will not anonymize the function.\n      next.done = true;\n      return next;\n    };\n  };\n\n  function values(iterable) {\n    if (iterable) {\n      var iteratorMethod = iterable[iteratorSymbol];\n      if (iteratorMethod) {\n        return iteratorMethod.call(iterable);\n      }\n\n      if (typeof iterable.next === \"function\") {\n        return iterable;\n      }\n\n      if (!isNaN(iterable.length)) {\n        var i = -1, next = function next() {\n          while (++i < iterable.length) {\n            if (hasOwn.call(iterable, i)) {\n              next.value = iterable[i];\n              next.done = false;\n              return next;\n            }\n          }\n\n          next.value = undefined;\n          next.done = true;\n\n          return next;\n        };\n\n        return next.next = next;\n      }\n    }\n\n    // Return an iterator with no values.\n    return { next: doneResult };\n  }\n  exports.values = values;\n\n  function doneResult() {\n    return { value: undefined, done: true };\n  }\n\n  Context.prototype = {\n    constructor: Context,\n\n    reset: function(skipTempReset) {\n      this.prev = 0;\n      this.next = 0;\n      // Resetting context._sent for legacy support of Babel's\n      // function.sent implementation.\n      this.sent = this._sent = undefined;\n      this.done = false;\n      this.delegate = null;\n\n      this.method = \"next\";\n      this.arg = undefined;\n\n      this.tryEntries.forEach(resetTryEntry);\n\n      if (!skipTempReset) {\n        for (var name in this) {\n          // Not sure about the optimal order of these conditions:\n          if (name.charAt(0) === \"t\" &&\n              hasOwn.call(this, name) &&\n              !isNaN(+name.slice(1))) {\n            this[name] = undefined;\n          }\n        }\n      }\n    },\n\n    stop: function() {\n      this.done = true;\n\n      var rootEntry = this.tryEntries[0];\n      var rootRecord = rootEntry.completion;\n      if (rootRecord.type === \"throw\") {\n        throw rootRecord.arg;\n      }\n\n      return this.rval;\n    },\n\n    dispatchException: function(exception) {\n      if (this.done) {\n        throw exception;\n      }\n\n      var context = this;\n      function handle(loc, caught) {\n        record.type = \"throw\";\n        record.arg = exception;\n        context.next = loc;\n\n        if (caught) {\n          // If the dispatched exception was caught by a catch block,\n          // then let that catch block handle the exception normally.\n          context.method = \"next\";\n          context.arg = undefined;\n        }\n\n        return !! caught;\n      }\n\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        var record = entry.completion;\n\n        if (entry.tryLoc === \"root\") {\n          // Exception thrown outside of any try block that could handle\n          // it, so set the completion value of the entire function to\n          // throw the exception.\n          return handle(\"end\");\n        }\n\n        if (entry.tryLoc <= this.prev) {\n          var hasCatch = hasOwn.call(entry, \"catchLoc\");\n          var hasFinally = hasOwn.call(entry, \"finallyLoc\");\n\n          if (hasCatch && hasFinally) {\n            if (this.prev < entry.catchLoc) {\n              return handle(entry.catchLoc, true);\n            } else if (this.prev < entry.finallyLoc) {\n              return handle(entry.finallyLoc);\n            }\n\n          } else if (hasCatch) {\n            if (this.prev < entry.catchLoc) {\n              return handle(entry.catchLoc, true);\n            }\n\n          } else if (hasFinally) {\n            if (this.prev < entry.finallyLoc) {\n              return handle(entry.finallyLoc);\n            }\n\n          } else {\n            throw new Error(\"try statement without catch or finally\");\n          }\n        }\n      }\n    },\n\n    abrupt: function(type, arg) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.tryLoc <= this.prev &&\n            hasOwn.call(entry, \"finallyLoc\") &&\n            this.prev < entry.finallyLoc) {\n          var finallyEntry = entry;\n          break;\n        }\n      }\n\n      if (finallyEntry &&\n          (type === \"break\" ||\n           type === \"continue\") &&\n          finallyEntry.tryLoc <= arg &&\n          arg <= finallyEntry.finallyLoc) {\n        // Ignore the finally entry if control is not jumping to a\n        // location outside the try/catch block.\n        finallyEntry = null;\n      }\n\n      var record = finallyEntry ? finallyEntry.completion : {};\n      record.type = type;\n      record.arg = arg;\n\n      if (finallyEntry) {\n        this.method = \"next\";\n        this.next = finallyEntry.finallyLoc;\n        return ContinueSentinel;\n      }\n\n      return this.complete(record);\n    },\n\n    complete: function(record, afterLoc) {\n      if (record.type === \"throw\") {\n        throw record.arg;\n      }\n\n      if (record.type === \"break\" ||\n          record.type === \"continue\") {\n        this.next = record.arg;\n      } else if (record.type === \"return\") {\n        this.rval = this.arg = record.arg;\n        this.method = \"return\";\n        this.next = \"end\";\n      } else if (record.type === \"normal\" && afterLoc) {\n        this.next = afterLoc;\n      }\n\n      return ContinueSentinel;\n    },\n\n    finish: function(finallyLoc) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.finallyLoc === finallyLoc) {\n          this.complete(entry.completion, entry.afterLoc);\n          resetTryEntry(entry);\n          return ContinueSentinel;\n        }\n      }\n    },\n\n    \"catch\": function(tryLoc) {\n      for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n        var entry = this.tryEntries[i];\n        if (entry.tryLoc === tryLoc) {\n          var record = entry.completion;\n          if (record.type === \"throw\") {\n            var thrown = record.arg;\n            resetTryEntry(entry);\n          }\n          return thrown;\n        }\n      }\n\n      // The context.catch method must only be called with a location\n      // argument that corresponds to a known catch block.\n      throw new Error(\"illegal catch attempt\");\n    },\n\n    delegateYield: function(iterable, resultName, nextLoc) {\n      this.delegate = {\n        iterator: values(iterable),\n        resultName: resultName,\n        nextLoc: nextLoc\n      };\n\n      if (this.method === \"next\") {\n        // Deliberately forget the last sent value so that we don't\n        // accidentally pass it on to the delegate.\n        this.arg = undefined;\n      }\n\n      return ContinueSentinel;\n    }\n  };\n\n  // Regardless of whether this script is executing as a CommonJS module\n  // or not, return the runtime object so that we can declare the variable\n  // regeneratorRuntime in the outer scope, which allows this module to be\n  // injected easily by `bin/regenerator --include-runtime script.js`.\n  return exports;\n\n}(\n  // If this script is executing as a CommonJS module, use module.exports\n  // as the regeneratorRuntime namespace. Otherwise create a new empty\n  // object. Either way, the resulting object will be used to initialize\n  // the regeneratorRuntime variable at the top of this file.\n  typeof module === \"object\" ? module.exports : {}\n));\n\ntry {\n  regeneratorRuntime = runtime;\n} catch (accidentalStrictMode) {\n  // This module should not be running in strict mode, so the above\n  // assignment should always work unless something is misconfigured. Just\n  // in case runtime.js accidentally runs in strict mode, we can escape\n  // strict mode using a global Function call. This could conceivably fail\n  // if a Content Security Policy forbids using Function, but in that case\n  // the proper solution is to fix the accidental strict mode problem. If\n  // you've misconfigured your bundler to force strict mode and applied a\n  // CSP to forbid Function, and you're not willing to fix either of those\n  // problems, please detail your unique predicament in a GitHub issue.\n  Function(\"r\", \"regeneratorRuntime = r\")(runtime);\n}\n\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/regenerator-runtime/runtime.js\n// module id = 16\n// module chunks = 0","function E () {\n  // Keep this empty so it's easier to inherit from\n  // (via https://github.com/lipsmack from https://github.com/scottcorgan/tiny-emitter/issues/3)\n}\n\nE.prototype = {\n  on: function (name, callback, ctx) {\n    var e = this.e || (this.e = {});\n\n    (e[name] || (e[name] = [])).push({\n      fn: callback,\n      ctx: ctx\n    });\n\n    return this;\n  },\n\n  once: function (name, callback, ctx) {\n    var self = this;\n    function listener () {\n      self.off(name, listener);\n      callback.apply(ctx, arguments);\n    };\n\n    listener._ = callback\n    return this.on(name, listener, ctx);\n  },\n\n  emit: function (name) {\n    var data = [].slice.call(arguments, 1);\n    var evtArr = ((this.e || (this.e = {}))[name] || []).slice();\n    var i = 0;\n    var len = evtArr.length;\n\n    for (i; i < len; i++) {\n      evtArr[i].fn.apply(evtArr[i].ctx, data);\n    }\n\n    return this;\n  },\n\n  off: function (name, callback) {\n    var e = this.e || (this.e = {});\n    var evts = e[name];\n    var liveEvents = [];\n\n    if (evts && callback) {\n      for (var i = 0, len = evts.length; i < len; i++) {\n        if (evts[i].fn !== callback && evts[i].fn._ !== callback)\n          liveEvents.push(evts[i]);\n      }\n    }\n\n    // Remove event from queue to prevent memory leak\n    // Suggested by https://github.com/lazd\n    // Ref: https://github.com/scottcorgan/tiny-emitter/commit/c6ebfaa9bc973b33d110a84a307742b7cf94c953#commitcomment-5024910\n\n    (liveEvents.length)\n      ? e[name] = liveEvents\n      : delete e[name];\n\n    return this;\n  }\n};\n\nmodule.exports = E;\n\n\n\n//////////////////\n// WEBPACK FOOTER\n// /root/okta/okta-auth-js/node_modules/tiny-emitter/index.js\n// module id = 17\n// module chunks = 0","/*!\n * Copyright (c) 2018-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nvar AuthSdkError = require('./errors/AuthSdkError');\nvar tx = require('./tx');\nvar util = require('./util');\n\n// TODO: use @okta/configuration-validation (move module to this monorepo?)\n// eslint-disable-next-line complexity\nfunction assertValidConfig(args) {\n  if (!args) {\n    throw new AuthSdkError('No arguments passed to constructor. ' +\n      'Required usage: new OktaAuth(args)');\n  }\n\n  var issuer = args.issuer;\n  if (!issuer) {\n    throw new AuthSdkError('No issuer passed to constructor. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  var isUrlRegex = new RegExp('^http?s?://.+');\n  if (!isUrlRegex.test(args.issuer)) {\n    throw new AuthSdkError('Issuer must be a valid URL. ' + \n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com/oauth2/{authServerId}\"})');\n  }\n\n  if (issuer.indexOf('-admin.') !== -1) {\n    throw new AuthSdkError('Issuer URL passed to constructor contains \"-admin\" in subdomain. ' +\n      'Required usage: new OktaAuth({issuer: \"https://{yourOktaDomain}.com})');\n  }\n\n  var userAgent = args.userAgent;\n  var userAgentTemplateWithNoPlaceholder = \n    userAgent && userAgent.template && userAgent.template.indexOf('$OKTA_AUTH_JS') === -1;\n  if (userAgentTemplateWithNoPlaceholder) {\n    throw new AuthSdkError('UserAgentTemplate must include \"$OKTA_AUTH_JS\" placeholder. ' + \n      'Required usage: new OktaAuth({userAgentTemplate: \"xxx $OKTA_AUTH_JS xxx\"})');\n  }\n}\n\nfunction addSharedPrototypes(proto) {\n  proto.getIssuerOrigin = function() {\n    // Infer the URL from the issuer URL, omitting the /oauth2/{authServerId}\n    return this.options.issuer.split('/oauth2/')[0];\n  };\n\n  // { username, (relayState) }\n  proto.forgotPassword = function (opts) {\n    return tx.postToTransaction(this, '/api/v1/authn/recovery/password', opts);\n  };\n\n  // { username, (relayState) }\n  proto.unlockAccount = function (opts) {\n    return tx.postToTransaction(this, '/api/v1/authn/recovery/unlock', opts);\n  };\n\n  // { recoveryToken }\n  proto.verifyRecoveryToken = function (opts) {\n    return tx.postToTransaction(this, '/api/v1/authn/recovery/token', opts);\n  };\n}\n\nfunction buildOktaAuth(OktaAuthBuilder) {\n  return function(storageUtil, httpRequestClient) {\n    function OktaAuth(args) {\n      if (!(this instanceof OktaAuth)) {\n        return new OktaAuth(args);\n      }\n\n      if (args) {\n        args.storageUtil = storageUtil;\n\n        if (args.ajaxRequest) {\n          util.deprecate('ajaxRequest is being deprecated, use httpRequestClient attribute instead.');\n          args.httpRequestClient = args.ajaxRequest;\n        } else if (!args.httpRequestClient) {\n          args.httpRequestClient = httpRequestClient;\n        }\n      }\n\n      util.bind(OktaAuthBuilder, this)(args);\n    }\n    OktaAuth.prototype = OktaAuthBuilder.prototype;\n    OktaAuth.prototype.constructor = OktaAuth;\n\n    // Hoist feature detection functions to static type\n    OktaAuth.features = OktaAuthBuilder.prototype.features;\n\n    return OktaAuth;\n  };\n}\n\nfunction getUserAgent(args, sdkVersion) {\n  var userAgent = args.userAgent;\n\n  if (!userAgent) {\n    return '';\n  }\n\n  if (userAgent.value) {\n    return userAgent.value;\n  }\n\n  if (userAgent.template) {\n    return userAgent.template.replace('$OKTA_AUTH_JS', `okta-auth-js/${sdkVersion}`);\n  }\n\n  return '';\n}\n\nmodule.exports = {\n  addSharedPrototypes: addSharedPrototypes,\n  buildOktaAuth: buildOktaAuth,\n  assertValidConfig: assertValidConfig,\n  getUserAgent: getUserAgent\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/builderUtil.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nfunction AuthApiError(err, xhr) {\n  this.name = 'AuthApiError';\n  this.message = err.errorSummary;\n  this.errorSummary = err.errorSummary;\n  this.errorCode = err.errorCode;\n  this.errorLink = err.errorLink;\n  this.errorId = err.errorId;\n  this.errorCauses = err.errorCauses;\n\n  if (xhr) {\n    this.xhr = xhr;\n  }\n}\nAuthApiError.prototype = new Error();\n\nmodule.exports = AuthApiError;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/errors/AuthApiError.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nfunction AuthPollStopError() {\n  this.name = 'AuthPollStopError';\n  this.message = 'The poll was stopped by the sdk';\n}\nAuthPollStopError.prototype = new Error();\n\nmodule.exports = AuthPollStopError;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/errors/AuthPollStopError.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window */\nvar util = require('./util');\nvar http = require('./http');\n\nfunction sessionExists(sdk) {\n  return sdk.session.get()\n    .then(function(res) {\n      if (res.status === 'ACTIVE') {\n        return true;\n      }\n      return false;\n    })\n    .catch(function() {\n      return false;\n    });\n}\n\nfunction getSession(sdk) { \n  return http.get(sdk, '/api/v1/sessions/me')\n  .then(function(session) {\n    var res = util.omit(session, '_links');\n\n    res.refresh = function() {\n      return http.post(sdk, util.getLink(session, 'refresh').href);\n    };\n\n    res.user = function() {\n      return http.get(sdk, util.getLink(session, 'user').href);\n    };\n\n    return res;\n  })\n  .catch(function() {\n    // Return INACTIVE status on failure\n    return {status: 'INACTIVE'};\n  });\n}\n\nfunction closeSession(sdk) {\n  return http.httpRequest(sdk, {\n    url: sdk.getIssuerOrigin() + '/api/v1/sessions/me',\n    method: 'DELETE'\n  });\n}\n\nfunction refreshSession(sdk) {\n  return http.post(sdk, '/api/v1/sessions/me/lifecycle/refresh');\n}\n\nfunction setCookieAndRedirect(sdk, sessionToken, redirectUrl) {\n  redirectUrl = redirectUrl || window.location.href;\n  window.location = sdk.getIssuerOrigin() + '/login/sessionCookieRedirect' +\n    util.toQueryParams({\n      checkAccountSetupComplete: true,\n      token: sessionToken,\n      redirectUrl: redirectUrl\n    });\n}\n\nmodule.exports = {\n  sessionExists: sessionExists,\n  getSession: getSession,\n  closeSession: closeSession,\n  refreshSession: refreshSession,\n  setCookieAndRedirect: setCookieAndRedirect\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/session.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global window, document, btoa */\n/* eslint-disable complexity, max-statements */\nvar http          = require('./http');\nvar util          = require('./util');\nvar oauthUtil     = require('./oauthUtil');\nvar sdkCrypto     = require('./crypto');\nvar AuthSdkError  = require('./errors/AuthSdkError');\nvar OAuthError    = require('./errors/OAuthError');\nvar constants     = require('./constants');\nvar cookies       = require('./browser/browserStorage').storage;\nvar PKCE          = require('./pkce');\n\n// Only the access token can be revoked in SPA applications\nfunction revokeToken(sdk, token) {\n  return Promise.resolve()\n  .then(function() {\n    if (!token || !token.accessToken) {\n      throw new AuthSdkError('A valid access token object is required');\n    }\n    var clientId = sdk.options.clientId;\n    if (!clientId) {\n      throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to revoke a token');\n    }\n    var revokeUrl = oauthUtil.getOAuthUrls(sdk).revokeUrl;\n    var accessToken = token.accessToken;\n    var args = util.toQueryParams({\n      // eslint-disable-next-line camelcase\n      token_type_hint: 'access_token',\n      token: accessToken\n    }).slice(1);\n    var creds = btoa(clientId);\n    return http.post(sdk, revokeUrl, args, {\n      headers: {\n        'Content-Type': 'application/x-www-form-urlencoded',\n        'Authorization': 'Basic ' + creds\n      }\n    });\n  });\n}\n\nfunction decodeToken(token) {\n  var jwt = token.split('.');\n  var decodedToken;\n\n  try {\n    decodedToken = {\n      header: JSON.parse(util.base64UrlToString(jwt[0])),\n      payload: JSON.parse(util.base64UrlToString(jwt[1])),\n      signature: jwt[2]\n    };\n  } catch(e) {\n    throw new AuthSdkError('Malformed token');\n  }\n\n  return decodedToken;\n}\n\n// Verify the id token\nfunction verifyToken(sdk, token, validationParams) {\n  return Promise.resolve()\n  .then(function() {\n    if (!token || !token.idToken) {\n      throw new AuthSdkError('Only idTokens may be verified');\n    }\n\n    var jwt = decodeToken(token.idToken);\n\n    var validationOptions = {\n      clientId: sdk.options.clientId,\n      issuer: sdk.options.issuer,\n      ignoreSignature: sdk.options.ignoreSignature\n    };\n\n    util.extend(validationOptions, validationParams);\n\n    // Standard claim validation\n    oauthUtil.validateClaims(sdk, jwt.payload, validationOptions);\n\n    // If the browser doesn't support native crypto or we choose not\n    // to verify the signature, bail early\n    if (validationOptions.ignoreSignature == true || !sdk.features.isTokenVerifySupported()) {\n      return token;\n    }\n\n    return oauthUtil.getKey(sdk, token.issuer, jwt.header.kid)\n    .then(function(key) {\n      return sdkCrypto.verifyToken(token.idToken, key);\n    })\n    .then(function(valid) {\n      if (!valid) {\n        throw new AuthSdkError('The token signature is not valid');\n      }\n      if (validationParams.accessToken && token.claims.at_hash) {\n        return sdkCrypto.getOidcHash(validationParams.accessToken)\n          .then(hash => {\n            if (hash !== token.claims.at_hash) {\n              throw new AuthSdkError('Token hash verification failed');\n            }\n          });\n      }\n    })\n    .then(() => {\n      return token;\n    });\n  });\n}\n\nfunction addPostMessageListener(sdk, timeout, state) {\n  var responseHandler;\n  var timeoutId;\n  var msgReceivedOrTimeout = new Promise(function(resolve, reject) {\n\n    responseHandler = function responseHandler(e) {\n      if (!e.data || e.data.state !== state) {\n        // A message not meant for us\n        return;\n      }\n\n      // Configuration mismatch between saved token and current app instance\n      // This may happen if apps with different issuers are running on the same host url\n      // If they share the same storage key, they may read and write tokens in the same location.\n      // Common when developing against http://localhost\n      if (e.origin !== sdk.getIssuerOrigin()) {\n        return reject(new AuthSdkError('The request does not match client configuration'));\n      }\n\n      resolve(e.data);\n    };\n\n    oauthUtil.addListener(window, 'message', responseHandler);\n\n    timeoutId = setTimeout(function() {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return msgReceivedOrTimeout\n    .finally(function() {\n      clearTimeout(timeoutId);\n      oauthUtil.removeListener(window, 'message', responseHandler);\n    });\n}\n\nfunction addFragmentListener(sdk, windowEl, timeout) {\n  var timeoutId;\n  var promise = new Promise(function(resolve, reject) {\n    function hashChangeHandler() {\n      /*\n        We are only able to access window.location.hash on a window\n        that has the same domain. A try/catch is necessary because\n        there's no other way to determine that the popup is in\n        another domain. When we try to access a window on another\n        domain, an error is thrown.\n      */\n      try {\n        if (windowEl &&\n            windowEl.location &&\n            windowEl.location.hash) {\n          resolve(oauthUtil.hashToObject(windowEl.location.hash));\n        } else if (windowEl && !windowEl.closed) {\n          setTimeout(hashChangeHandler, 500);\n        }\n      } catch (err) {\n        setTimeout(hashChangeHandler, 500);\n      }\n    }\n  \n    hashChangeHandler();\n\n    timeoutId = setTimeout(function() {\n      reject(new AuthSdkError('OAuth flow timed out'));\n    }, timeout || 120000);\n  });\n\n  return promise.finally(function() {\n    clearTimeout(timeoutId);\n  });\n}\n\nfunction exchangeCodeForToken(sdk, oauthParams, authorizationCode, urls) {\n  // PKCE authorization_code flow\n  // Retrieve saved values and build oauthParams for call to /token\n  var meta = PKCE.loadMeta(sdk);\n  var getTokenParams = {\n    clientId: oauthParams.clientId,\n    authorizationCode: authorizationCode,\n    codeVerifier: meta.codeVerifier,\n    redirectUri: meta.redirectUri\n  };\n  return PKCE.getToken(sdk, getTokenParams, urls)\n  .then(function(res) {\n    validateResponse(res, getTokenParams);\n    return res;\n  })\n  .finally(function() {\n    PKCE.clearMeta(sdk);\n  });\n}\n\nfunction validateResponse(res, oauthParams) {\n  if (res['error'] || res['error_description']) {\n    throw new OAuthError(res['error'], res['error_description']);\n  }\n\n  if (res.state !== oauthParams.state) {\n    throw new AuthSdkError('OAuth flow response state doesn\\'t match request state');\n  }\n}\n\nfunction handleOAuthResponse(sdk, oauthParams, res, urls) {\n  urls = urls || {};\n\n  var responseType = oauthParams.responseType;\n  if (!Array.isArray(responseType)) {\n    responseType = [responseType];\n  }\n\n  var scopes = util.clone(oauthParams.scopes);\n  var clientId = oauthParams.clientId || sdk.options.clientId;\n  var pkce = sdk.options.pkce !== false;\n\n  return Promise.resolve()\n  .then(function() {\n    validateResponse(res, oauthParams);\n\n    // PKCE flow\n    // We do not support \"hybrid\" scenarios where the response includes both a code and a token.\n    // If the response contains a code it is used immediately to obtain new tokens.\n    if (res.code && pkce) {\n      responseType = ['token', 'id_token']; // what we expect the code to provide us\n      return exchangeCodeForToken(sdk, oauthParams, res.code, urls);\n    }\n    return res;\n  }).then(function(res) {\n    var tokenDict = {};\n    var expiresIn = res.expires_in;\n    var tokenType = res.token_type;\n    var accessToken = res.access_token;\n    var idToken = res.id_token;\n    \n    if (accessToken) {\n      tokenDict.accessToken = {\n        value: accessToken,\n        accessToken: accessToken,\n        expiresAt: Number(expiresIn) + Math.floor(Date.now()/1000),\n        tokenType: tokenType,\n        scopes: scopes,\n        authorizeUrl: urls.authorizeUrl,\n        userinfoUrl: urls.userinfoUrl\n      };\n    }\n\n    if (idToken) {\n      var jwt = sdk.token.decode(idToken);\n\n      var idTokenObj = {\n        value: idToken,\n        idToken: idToken,\n        claims: jwt.payload,\n        expiresAt: jwt.payload.exp,\n        scopes: scopes,\n        authorizeUrl: urls.authorizeUrl,\n        issuer: urls.issuer,\n        clientId: clientId\n      };\n\n      var validationParams = {\n        clientId: clientId,\n        issuer: urls.issuer,\n        nonce: oauthParams.nonce,\n        accessToken: accessToken\n      };\n\n      if (oauthParams.ignoreSignature !== undefined) {\n        validationParams.ignoreSignature = oauthParams.ignoreSignature;\n      }\n\n      return verifyToken(sdk, idTokenObj, validationParams)\n      .then(function() {\n        tokenDict.idToken = idTokenObj;\n        return tokenDict;\n      });\n    }\n\n    return tokenDict;\n  })\n  .then(function(tokenDict) {\n    // Validate received tokens against requested response types \n    if (responseType.indexOf('token') !== -1 && !tokenDict.accessToken) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Unable to parse OAuth flow response: response type \"token\" was requested but \"access_token\" was not returned.');\n    }\n    if (responseType.indexOf('id_token') !== -1 && !tokenDict.idToken) {\n      // eslint-disable-next-line max-len\n      throw new AuthSdkError('Unable to parse OAuth flow response: response type \"id_token\" was requested but \"id_token\" was not returned.');\n    }\n\n    return {\n      tokens: tokenDict,\n      state: res.state,\n      code: res.code\n    };\n  });\n}\n\nfunction getDefaultOAuthParams(sdk) {\n  return {\n    pkce: sdk.options.pkce,\n    clientId: sdk.options.clientId,\n    redirectUri: sdk.options.redirectUri || window.location.href,\n    responseType: ['token', 'id_token'],\n    responseMode: sdk.options.responseMode,\n    state: oauthUtil.generateState(),\n    nonce: oauthUtil.generateNonce(),\n    scopes: ['openid', 'email'],\n    ignoreSignature: sdk.options.ignoreSignature\n  };\n}\n\nfunction convertOAuthParamsToQueryParams(oauthParams) {\n  // Quick validation\n  if (!oauthParams.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (util.isString(oauthParams.responseType) && oauthParams.responseType.indexOf(' ') !== -1) {\n    throw new AuthSdkError('Multiple OAuth responseTypes must be defined as an array');\n  }\n\n  // Convert our params to their actual OAuth equivalents\n  var oauthQueryParams = util.removeNils({\n    'client_id': oauthParams.clientId,\n    'code_challenge': oauthParams.codeChallenge,\n    'code_challenge_method': oauthParams.codeChallengeMethod,\n    'display': oauthParams.display,\n    'idp': oauthParams.idp,\n    'idp_scope': oauthParams.idpScope,\n    'login_hint': oauthParams.loginHint,\n    'max_age': oauthParams.maxAge,\n    'nonce': oauthParams.nonce,\n    'prompt': oauthParams.prompt,\n    'redirect_uri': oauthParams.redirectUri,\n    'response_mode': oauthParams.responseMode,\n    'response_type': oauthParams.responseType,\n    'sessionToken': oauthParams.sessionToken,\n    'state': oauthParams.state,\n  });\n\n  ['idp_scope', 'response_type'].forEach( function( mayBeArray ) { \n    if (Array.isArray(oauthQueryParams[mayBeArray])) {\n      oauthQueryParams[mayBeArray] = oauthQueryParams[mayBeArray].join(' ');\n    }\n  });\n\n  if (oauthParams.responseType.indexOf('id_token') !== -1 &&\n      oauthParams.scopes.indexOf('openid') === -1) {\n    throw new AuthSdkError('openid scope must be specified in the scopes argument when requesting an id_token');\n  } else {\n    oauthQueryParams.scope = oauthParams.scopes.join(' ');\n  }\n\n  return oauthQueryParams;\n}\n\nfunction buildAuthorizeParams(oauthParams) {\n  var oauthQueryParams = convertOAuthParamsToQueryParams(oauthParams);\n  return util.toQueryParams(oauthQueryParams);\n}\n\n/*\n * Retrieve an idToken from an Okta or a third party idp\n *\n * Two main flows:\n *\n *  1) Exchange a sessionToken for a token\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *      sessionToken: 'yourtoken'\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *\n *    Forced:\n *      prompt: 'none'\n *      responseMode: 'okta_post_message'\n *      display: undefined\n *\n *  2) Get a token from an idp\n *\n *    Required:\n *      clientId: passed via the OktaAuth constructor or into getToken\n *\n *    Optional:\n *      redirectUri: defaults to window.location.href\n *      scopes: defaults to ['openid', 'email']\n *      idp: defaults to Okta as an idp\n *      prompt: no default. Pass 'none' to throw an error if user is not signed in\n *\n *    Forced:\n *      display: 'popup'\n *\n *  Only common optional params shown. Any OAuth parameters not explicitly forced are available to override\n *\n * @param {Object} oauthOptions\n * @param {String} [oauthOptions.clientId] ID of this client\n * @param {String} [oauthOptions.redirectUri] URI that the iframe or popup will go to once authenticated\n * @param {String[]} [oauthOptions.scopes] OAuth 2.0 scopes to request (openid must be specified)\n * @param {String} [oauthOptions.idp] ID of an external IdP to use for user authentication\n * @param {String} [oauthOptions.sessionToken] Bootstrap Session Token returned by the Okta Authentication API\n * @param {String} [oauthOptions.prompt] Determines whether the Okta login will be displayed on failure.\n *                                       Use 'none' to prevent this behavior\n *\n * @param {Object} options\n * @param {Integer} [options.timeout] Time in ms before the flow is automatically terminated. Defaults to 120000\n * @param {String} [options.popupTitle] Title dispayed in the popup.\n *                                      Defaults to 'External Identity Provider User Authentication'\n */\nfunction getToken(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getToken\" takes only a single set of options'));\n  }\n  \n  options = options || {};\n\n  return prepareOauthParams(sdk, options)\n  .then(function(oauthParams) {\n\n    // Start overriding any options that don't make sense\n    var sessionTokenOverrides = {\n      prompt: 'none',\n      responseMode: 'okta_post_message',\n      display: null\n    };\n\n    var idpOverrides = {\n      display: 'popup'\n    };\n\n    if (options.sessionToken) {\n      util.extend(oauthParams, sessionTokenOverrides);\n    } else if (options.idp) {\n      util.extend(oauthParams, idpOverrides);\n    }\n\n    // Use the query params to build the authorize url\n    var requestUrl,\n        endpoint,\n        urls;\n\n    // Get authorizeUrl and issuer\n    urls = oauthUtil.getOAuthUrls(sdk, oauthParams);\n    endpoint = options.codeVerifier ? urls.tokenUrl : urls.authorizeUrl;\n    requestUrl = endpoint + buildAuthorizeParams(oauthParams);\n\n    // Determine the flow type\n    var flowType;\n    if (oauthParams.sessionToken || oauthParams.display === null) {\n      flowType = 'IFRAME';\n    } else if (oauthParams.display === 'popup') {\n      flowType = 'POPUP';\n    } else {\n      flowType = 'IMPLICIT';\n    }\n\n    function getOrigin(url) {\n      /* eslint-disable-next-line no-useless-escape */\n      var originRegex = /^(https?\\:\\/\\/)?([^:\\/?#]*(?:\\:[0-9]+)?)/;\n      return originRegex.exec(url)[0];\n    }\n\n    // Execute the flow type\n    switch (flowType) {\n      case 'IFRAME':\n        var iframePromise = addPostMessageListener(sdk, options.timeout, oauthParams.state);\n        var iframeEl = oauthUtil.loadFrame(requestUrl);\n        return iframePromise\n          .then(function(res) {\n            return handleOAuthResponse(sdk, oauthParams, res, urls);\n          })\n          .finally(function() {\n            if (document.body.contains(iframeEl)) {\n              iframeEl.parentElement.removeChild(iframeEl);\n            }\n          });\n\n      case 'POPUP':\n        var oauthPromise; // resolves with OAuth response\n\n        // Add listener on postMessage before window creation, so\n        // postMessage isn't triggered before we're listening\n        if (oauthParams.responseMode === 'okta_post_message') {\n          if (!sdk.features.isPopupPostMessageSupported()) {\n            throw new AuthSdkError('This browser doesn\\'t have full postMessage support');\n          }\n          oauthPromise = addPostMessageListener(sdk, options.timeout, oauthParams.state);\n        }\n\n        // Create the window\n        var windowOptions = {\n          popupTitle: options.popupTitle\n        };\n        var windowEl = oauthUtil.loadPopup(requestUrl, windowOptions);\n\n        // Poll until we get a valid hash fragment\n        if (oauthParams.responseMode === 'fragment') {\n          var windowOrigin = getOrigin(sdk.idToken.authorize._getLocationHref());\n          var redirectUriOrigin = getOrigin(oauthParams.redirectUri);\n          if (windowOrigin !== redirectUriOrigin) {\n            throw new AuthSdkError('Using fragment, the redirectUri origin (' + redirectUriOrigin +\n              ') must match the origin of this page (' + windowOrigin + ')');\n          }\n          oauthPromise = addFragmentListener(sdk, windowEl, options.timeout);\n        }\n\n        // The popup may be closed without receiving an OAuth response. Setup a poller to monitor the window.\n        var popupPromise = new Promise(function(resolve, reject) {\n          var closePoller = setInterval(function() {\n            if (!windowEl || windowEl.closed) {\n              clearInterval(closePoller);\n              reject(new AuthSdkError('Unable to parse OAuth flow response'));\n            }\n          }, 100);\n\n          // Proxy the OAuth promise results\n          oauthPromise\n          .then(function(res) {\n            clearInterval(closePoller);\n            resolve(res);\n          })\n          .catch(function(err) {\n            clearInterval(closePoller);\n            reject(err);\n          });\n        });\n\n        return popupPromise\n          .then(function(res) {\n            return handleOAuthResponse(sdk, oauthParams, res, urls);\n          })\n          .finally(function() {\n            if (windowEl && !windowEl.closed) {\n              windowEl.close();\n            }\n          });\n\n      default:\n        throw new AuthSdkError('The full page redirect flow is not supported');\n    }\n  });\n}\n\nfunction getWithoutPrompt(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithoutPrompt\" takes only a single set of options'));\n  }\n  options = util.clone(options) || {};\n  util.extend(options, {\n    prompt: 'none',\n    responseMode: 'okta_post_message',\n    display: null\n  });\n  return getToken(sdk, options);\n}\n\nfunction getWithPopup(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithPopup\" takes only a single set of options'));\n  }\n  options = util.clone(options) || {};\n  util.extend(options, {\n    display: 'popup',\n    responseMode: 'okta_post_message'\n  });\n  return getToken(sdk, options);\n}\n\nfunction prepareOauthParams(sdk, options) {\n  // clone and prepare options\n  options = util.clone(options) || {};\n\n  // build params using defaults + options\n  var oauthParams = getDefaultOAuthParams(sdk);\n  util.extend(oauthParams, options);\n\n  if (oauthParams.pkce === false) {\n    return Promise.resolve(oauthParams);\n  }\n\n  // PKCE flow\n  if (!sdk.features.isPKCESupported()) {\n    var errorMessage = 'PKCE requires a modern browser with encryption support running in a secure context.';\n    if (!sdk.features.isHTTPS()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\nThe current page is not being served with HTTPS protocol. PKCE requires secure HTTPS protocol.';\n    }\n    if (!sdk.features.hasTextEncoder()) {\n      // eslint-disable-next-line max-len\n      errorMessage += '\\n\"TextEncoder\" is not defined. To use PKCE, you may need to include a polyfill/shim for this browser.';\n    }\n    return Promise.reject(new AuthSdkError(errorMessage));\n  }\n\n  // set default code challenge method, if none provided\n  if (!oauthParams.codeChallengeMethod) {\n    oauthParams.codeChallengeMethod = PKCE.DEFAULT_CODE_CHALLENGE_METHOD;\n  }\n\n  // responseType is forced\n  oauthParams.responseType = 'code';\n\n  return oauthUtil.getWellKnown(sdk, null)\n    .then(function(res) {\n      var methods = res['code_challenge_methods_supported'] || [];\n      if (methods.indexOf(oauthParams.codeChallengeMethod) === -1) {\n        throw new AuthSdkError('Invalid code_challenge_method');\n      }\n    })\n    .then(function() {\n      // PKCE authorization_code flow\n      var codeVerifier = PKCE.generateVerifier(oauthParams.codeVerifier);\n\n      // We will need these values after redirect when we call /token\n      var meta = {\n        codeVerifier: codeVerifier,\n        redirectUri: oauthParams.redirectUri\n      };\n      PKCE.saveMeta(sdk, meta);\n\n      return PKCE.computeChallenge(codeVerifier);\n    })\n    .then(function(codeChallenge) {\n\n      // Clone/copy the params. Set codeChallenge\n      var clonedParams = util.clone(oauthParams) || {};\n      util.extend(clonedParams, oauthParams, {\n        codeChallenge: codeChallenge,\n      });\n      return clonedParams;\n    });\n}\n\nfunction getWithRedirect(sdk, options) {\n  if (arguments.length > 2) {\n    return Promise.reject(new AuthSdkError('As of version 3.0, \"getWithRedirect\" takes only a single set of options'));\n  }\n  options = util.clone(options) || {};\n\n  return prepareOauthParams(sdk, options)\n    .then(function(oauthParams) {\n      var urls = oauthUtil.getOAuthUrls(sdk, options);\n      var requestUrl = urls.authorizeUrl + buildAuthorizeParams(oauthParams);\n\n      // Set session cookie to store the oauthParams\n      cookies.set(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME, JSON.stringify({\n        responseType: oauthParams.responseType,\n        state: oauthParams.state,\n        nonce: oauthParams.nonce,\n        scopes: oauthParams.scopes,\n        clientId: oauthParams.clientId,\n        urls: urls,\n        ignoreSignature: oauthParams.ignoreSignature\n      }), null, sdk.options.cookies);\n\n      // Set nonce cookie for servers to validate nonce in id_token\n      cookies.set(constants.REDIRECT_NONCE_COOKIE_NAME, oauthParams.nonce, null, sdk.options.cookies);\n\n      // Set state cookie for servers to validate state\n      cookies.set(constants.REDIRECT_STATE_COOKIE_NAME, oauthParams.state, null, sdk.options.cookies);\n\n      sdk.token.getWithRedirect._setLocation(requestUrl);\n    });\n}\n\nfunction renewToken(sdk, token) {\n  if (!oauthUtil.isToken(token)) {\n    return Promise.reject(new AuthSdkError('Renew must be passed a token with ' +\n      'an array of scopes and an accessToken or idToken'));\n  }\n\n  var responseType;\n  if (sdk.options.pkce) {\n    responseType = 'code';\n  } else if (token.accessToken) {\n    responseType = 'token';\n  } else {\n    responseType = 'id_token';\n  }\n\n  return sdk.token.getWithoutPrompt({\n    responseType: responseType,\n    scopes: token.scopes,\n    authorizeUrl: token.authorizeUrl,\n    userinfoUrl: token.userinfoUrl,\n    issuer: token.issuer\n  })\n  .then(function(res) {\n    // Multiple tokens may have come back. Return only the token which was requested.\n    var tokens = res.tokens;\n    return token.idToken ? tokens.idToken : tokens.accessToken;\n  });\n}\n\nfunction removeHash(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.search);\n  } else {\n    nativeLoc.hash = '';\n  }\n}\n\nfunction removeSearch(sdk) {\n  var nativeHistory = sdk.token.parseFromUrl._getHistory();\n  var nativeDoc = sdk.token.parseFromUrl._getDocument();\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  if (nativeHistory && nativeHistory.replaceState) {\n    nativeHistory.replaceState(null, nativeDoc.title, nativeLoc.pathname + nativeLoc.hash);\n  } else {\n    nativeLoc.search = '';\n  }\n}\n\nfunction parseFromUrl(sdk, options) {\n  options = options || {};\n  if (util.isString(options)) {\n    options = { url: options };\n  }\n\n  // https://openid.net/specs/openid-connect-core-1_0.html#Authentication\n  var defaultResponseMode = sdk.options.pkce ? 'query' : 'fragment';\n\n  var url = options.url;\n  var responseMode = options.responseMode || sdk.options.responseMode || defaultResponseMode;\n  var nativeLoc = sdk.token.parseFromUrl._getLocation();\n  var paramStr;\n\n  if (responseMode === 'query') {\n    paramStr = url ? url.substring(url.indexOf('?')) : nativeLoc.search;\n  } else {\n    paramStr = url ? url.substring(url.indexOf('#')) : nativeLoc.hash;\n  }\n\n  if (!paramStr) {\n    return Promise.reject(new AuthSdkError('Unable to parse a token from the url'));\n  }\n\n  var oauthParamsCookie = cookies.get(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME);\n  if (!oauthParamsCookie) {\n    return Promise.reject(new AuthSdkError('Unable to retrieve OAuth redirect params cookie'));\n  }\n\n  try {\n    var oauthParams = JSON.parse(oauthParamsCookie);\n    var urls = oauthParams.urls;\n    delete oauthParams.urls;\n    cookies.delete(constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME);\n  } catch(e) {\n    return Promise.reject(new AuthSdkError('Unable to parse the ' +\n    constants.REDIRECT_OAUTH_PARAMS_COOKIE_NAME + ' cookie: ' + e.message));\n  }\n\n  return Promise.resolve(oauthUtil.urlParamsToObject(paramStr))\n    .then(function(res) {\n      if (!url) {\n        // Clean hash or search from the url\n        responseMode === 'query' ? removeSearch(sdk) : removeHash(sdk);\n      }\n      return handleOAuthResponse(sdk, oauthParams, res, urls);\n    });\n}\n\nasync function getUserInfo(sdk, accessTokenObject, idTokenObject) {\n  // If token objects were not passed, attempt to read from the TokenManager\n  if (!accessTokenObject) {\n    accessTokenObject = await sdk.tokenManager.get('accessToken');\n  }\n  if (!idTokenObject) {\n    idTokenObject = await sdk.tokenManager.get('idToken');\n  }\n\n  if (!accessTokenObject ||\n      (!oauthUtil.isToken(accessTokenObject) && !accessTokenObject.accessToken && !accessTokenObject.userinfoUrl)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an access token object'));\n  }\n\n  if (!idTokenObject ||\n    (!oauthUtil.isToken(idTokenObject) && !idTokenObject.idToken)) {\n    return Promise.reject(new AuthSdkError('getUserInfo requires an ID token object'));\n  }\n\n  return http.httpRequest(sdk, {\n    url: accessTokenObject.userinfoUrl,\n    method: 'GET',\n    accessToken: accessTokenObject.accessToken\n  })\n  .then(userInfo => {\n    // Only return the userinfo response if subjects match to mitigate token substitution attacks\n    if (userInfo.sub === idTokenObject.claims.sub) {\n      return userInfo;\n    }\n    return Promise.reject(new AuthSdkError('getUserInfo request was rejected due to token mismatch'));\n  })\n  .catch(function(err) {\n    if (err.xhr && (err.xhr.status === 401 || err.xhr.status === 403)) {\n      var authenticateHeader;\n      if (err.xhr.headers && util.isFunction(err.xhr.headers.get) && err.xhr.headers.get('WWW-Authenticate')) {\n        authenticateHeader = err.xhr.headers.get('WWW-Authenticate');\n      } else if (util.isFunction(err.xhr.getResponseHeader)) {\n        authenticateHeader = err.xhr.getResponseHeader('WWW-Authenticate');\n      }\n      if (authenticateHeader) {\n        var errorMatches = authenticateHeader.match(/error=\"(.*?)\"/) || [];\n        var errorDescriptionMatches = authenticateHeader.match(/error_description=\"(.*?)\"/) || [];\n        var error = errorMatches[1];\n        var errorDescription = errorDescriptionMatches[1];\n        if (error && errorDescription) {\n          err = new OAuthError(error, errorDescription);\n        }\n      }\n    }\n    throw err;\n  });\n}\n\nmodule.exports = {\n  revokeToken: revokeToken,\n  getToken: getToken,\n  getWithoutPrompt: getWithoutPrompt,\n  getWithPopup: getWithPopup,\n  getWithRedirect: getWithRedirect,\n  parseFromUrl: parseFromUrl,\n  decodeToken: decodeToken,\n  renewToken: renewToken,\n  getUserInfo: getUserInfo,\n  verifyToken: verifyToken,\n  handleOAuthResponse: handleOAuthResponse,\n  prepareOauthParams: prepareOauthParams\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/token.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n/* global crypto, Uint8Array, TextEncoder */\nvar util = require('./util');\n\nfunction getOidcHash(str) {  \n  var buffer = new TextEncoder().encode(str);\n  return crypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var intBuffer = new Uint8Array(arrayBuffer);\n    var firstHalf = intBuffer.slice(0, 16);\n    var hash = String.fromCharCode.apply(null, firstHalf);\n    var b64u = util.stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\nfunction verifyToken(idToken, key) {\n  key = util.clone(key);\n\n  var format = 'jwk';\n  var algo = {\n    name: 'RSASSA-PKCS1-v1_5',\n    hash: { name: 'SHA-256' }\n  };\n  var extractable = true;\n  var usages = ['verify'];\n\n  // https://connect.microsoft.com/IE/feedback/details/2242108/webcryptoapi-importing-jwk-with-use-field-fails\n  // This is a metadata tag that specifies the intent of how the key should be used.\n  // It's not necessary to properly verify the jwt's signature.\n  delete key.use;\n\n  return crypto.subtle.importKey(\n    format,\n    key,\n    algo,\n    extractable,\n    usages\n  )\n  .then(function(cryptoKey) {\n    var jwt = idToken.split('.');\n    var payload = util.stringToBuffer(jwt[0] + '.' + jwt[1]);\n    var b64Signature = util.base64UrlDecode(jwt[2]);\n    var signature = util.stringToBuffer(b64Signature);\n\n    return crypto.subtle.verify(\n      algo,\n      cryptoKey,\n      signature,\n      payload\n    );\n  });\n}\n\nmodule.exports = {\n  getOidcHash: getOidcHash,\n  verifyToken: verifyToken\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/crypto.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n */\n\nfunction OAuthError(errorCode, summary) {\n  this.name = 'OAuthError';\n  this.message = summary;\n\n  this.errorCode = errorCode;\n  this.errorSummary = summary;\n}\nOAuthError.prototype = new Error();\n\nmodule.exports = OAuthError;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/errors/OAuthError.js","/*!\n * Copyright (c) 2019-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global crypto */\n /* eslint-disable complexity, max-statements */\nvar AuthSdkError  = require('./errors/AuthSdkError');\nvar http          = require('./http');\nvar util          = require('./util');\n\n// Code verifier: Random URL-safe string with a minimum length of 43 characters.\n// Code challenge: Base64 URL-encoded SHA-256 hash of the code verifier.\nvar MIN_VERIFIER_LENGTH = 43;\nvar MAX_VERIFIER_LENGTH = 128;\nvar DEFAULT_CODE_CHALLENGE_METHOD = 'S256';\n\nfunction dec2hex (dec) {\n  return ('0' + dec.toString(16)).substr(-2);\n}\n\nfunction getRandomString(length) {\n  var a = new Uint8Array(Math.ceil(length / 2));\n  crypto.getRandomValues(a);\n  var str = Array.from(a, dec2hex).join('');\n  return str.slice(0, length);\n}\n\nfunction generateVerifier(prefix) {\n  var verifier = prefix || '';\n  if (verifier.length < MIN_VERIFIER_LENGTH) {\n    verifier = verifier + getRandomString(MIN_VERIFIER_LENGTH - verifier.length);\n  }\n  return encodeURIComponent(verifier).slice(0, MAX_VERIFIER_LENGTH);\n}\n\nfunction getStorage(sdk) {\n  return sdk.options.storageUtil.getPKCEStorage(sdk.options.cookies);\n}\n\nfunction saveMeta(sdk, meta) {\n  var storage = getStorage(sdk);\n  storage.setStorage(meta);\n}\n\nfunction loadMeta(sdk) {\n  var storage = getStorage(sdk);\n  var obj = storage.getStorage();\n  return obj;\n}\n\nfunction clearMeta(sdk) {\n  var storage = getStorage(sdk);\n  storage.clearStorage();\n}\n\n/* global Uint8Array, TextEncoder */\nfunction computeChallenge(str) {  \n  var buffer = new TextEncoder().encode(str);\n  return crypto.subtle.digest('SHA-256', buffer).then(function(arrayBuffer) {\n    var hash = String.fromCharCode.apply(null, new Uint8Array(arrayBuffer));\n    var b64u = util.stringToBase64Url(hash); // url-safe base64 variant\n    return b64u;\n  });\n}\n\n\nfunction validateOptions(oauthOptions) {\n  // Quick validation\n  if (!oauthOptions.clientId) {\n    throw new AuthSdkError('A clientId must be specified in the OktaAuth constructor to get a token');\n  }\n\n  if (!oauthOptions.redirectUri) {\n    throw new AuthSdkError('The redirectUri passed to /authorize must also be passed to /token');\n  }\n\n  if (!oauthOptions.authorizationCode) {\n    throw new AuthSdkError('An authorization code (returned from /authorize) must be passed to /token');\n  }\n\n  if (!oauthOptions.codeVerifier) {\n    throw new AuthSdkError('The \"codeVerifier\" (generated and saved by your app) must be passed to /token');\n  }\n}\n\nfunction getPostData(options) {\n  // Convert options to OAuth params\n  var params = util.removeNils({\n    'client_id': options.clientId,\n    'redirect_uri': options.redirectUri,\n    'grant_type': 'authorization_code',\n    'code': options.authorizationCode,\n    'code_verifier': options.codeVerifier\n  });\n  // Encode as URL string\n  return util.toQueryParams(params).slice(1);\n}\n\n// exchange authorization code for an access token\nfunction getToken(sdk, oauthOptions, urls) {\n  validateOptions(oauthOptions);\n  var data = getPostData(oauthOptions);\n\n  return http.httpRequest(sdk, {\n    url: urls.tokenUrl,\n    method: 'POST',\n    args: data,\n    withCredentials: false,\n    headers: {\n      'Content-Type': 'application/x-www-form-urlencoded'\n    }\n  });\n}\n\nmodule.exports = {\n  DEFAULT_CODE_CHALLENGE_METHOD: DEFAULT_CODE_CHALLENGE_METHOD,\n  generateVerifier: generateVerifier,\n  clearMeta: clearMeta,\n  saveMeta: saveMeta,\n  loadMeta: loadMeta,\n  computeChallenge: computeChallenge,\n  getToken: getToken\n};\n\n\n\n// WEBPACK FOOTER //\n// ./lib/pkce.js","/*!\n * Copyright (c) 2015-present, Okta, Inc. and/or its affiliates. All rights reserved.\n * The Okta software accompanied by this notice is provided pursuant to the Apache License, Version 2.0 (the \"License.\")\n *\n * You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT\n * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n *\n * See the License for the specific language governing permissions and limitations under the License.\n *\n */\n/* global localStorage, sessionStorage */\n/* eslint complexity:[0,8] max-statements:[0,21] */\nvar util = require('./util');\nvar AuthSdkError = require('./errors/AuthSdkError');\nvar storageUtil = require('./browser/browserStorage');\nvar constants = require('./constants');\nvar storageBuilder = require('./storageBuilder');\nvar SdkClock = require('./clock');\n\nvar DEFAULT_OPTIONS = {\n  autoRenew: true,\n  storage: 'localStorage',\n  expireEarlySeconds: 30\n};\n\nfunction getExpireTime(tokenMgmtRef, token) {\n  var expireTime = token.expiresAt - tokenMgmtRef.options.expireEarlySeconds;\n  return expireTime;\n}\n\nfunction hasExpired(tokenMgmtRef, token) {\n  var expireTime = getExpireTime(tokenMgmtRef, token);\n  return expireTime <= tokenMgmtRef.clock.now();\n}\n\nfunction emitExpired(tokenMgmtRef, key, token) {\n  tokenMgmtRef.emitter.emit('expired', key, token);\n}\n\nfunction emitError(tokenMgmtRef, error) {\n  tokenMgmtRef.emitter.emit('error', error);\n}\n\nfunction clearExpireEventTimeout(tokenMgmtRef, key) {\n  clearTimeout(tokenMgmtRef.expireTimeouts[key]);\n  delete tokenMgmtRef.expireTimeouts[key];\n\n  // Remove the renew promise (if it exists)\n  delete tokenMgmtRef.renewPromise[key];\n}\n\nfunction clearExpireEventTimeoutAll(tokenMgmtRef) {\n  var expireTimeouts = tokenMgmtRef.expireTimeouts;\n  for (var key in expireTimeouts) {\n    if (!expireTimeouts.hasOwnProperty(key)) {\n      continue;\n    }\n    clearExpireEventTimeout(tokenMgmtRef, key);\n  }\n}\n\nfunction setExpireEventTimeout(sdk, tokenMgmtRef, key, token) {\n  var expireTime = getExpireTime(tokenMgmtRef, token);\n  var expireEventWait = Math.max(expireTime - tokenMgmtRef.clock.now(), 0) * 1000;\n\n  // Clear any existing timeout\n  clearExpireEventTimeout(tokenMgmtRef, key);\n\n  var expireEventTimeout = setTimeout(function() {\n    emitExpired(tokenMgmtRef, key, token);\n  }, expireEventWait);\n\n  // Add a new timeout\n  tokenMgmtRef.expireTimeouts[key] = expireEventTimeout;\n}\n\nfunction setExpireEventTimeoutAll(sdk, tokenMgmtRef, storage) {\n  try {\n    var tokenStorage = storage.getStorage();\n  } catch(e) {\n    // Any errors thrown on instantiation will not be caught,\n    // because there are no listeners yet\n    emitError(tokenMgmtRef, e);\n    return;\n  }\n\n  for(var key in tokenStorage) {\n    if (!tokenStorage.hasOwnProperty(key)) {\n      continue;\n    }\n    var token = tokenStorage[key];\n    setExpireEventTimeout(sdk, tokenMgmtRef, key, token);\n  }\n}\n\nfunction add(sdk, tokenMgmtRef, storage, key, token) {\n  var tokenStorage = storage.getStorage();\n  if (!util.isObject(token) ||\n      !token.scopes ||\n      (!token.expiresAt && token.expiresAt !== 0) ||\n      (!token.idToken && !token.accessToken)) {\n    throw new AuthSdkError('Token must be an Object with scopes, expiresAt, and an idToken or accessToken properties');\n  }\n  tokenStorage[key] = token;\n  storage.setStorage(tokenStorage);\n  setExpireEventTimeout(sdk, tokenMgmtRef, key, token);\n}\n\nfunction get(storage, key) {\n  var tokenStorage = storage.getStorage();\n  return tokenStorage[key];\n}\n\nfunction getAsync(sdk, tokenMgmtRef, storage, key) {\n  return new Promise(function(resolve) {\n    var token = get(storage, key);\n    if (!token || !hasExpired(tokenMgmtRef, token)) {\n      return resolve(token);\n    }\n\n    var tokenPromise = tokenMgmtRef.options.autoRenew\n      ? renew(sdk, tokenMgmtRef, storage, key)\n      : remove(tokenMgmtRef, storage, key);\n\n    return resolve(tokenPromise);\n  });\n}\n\nfunction remove(tokenMgmtRef, storage, key) {\n  // Clear any listener for this token\n  clearExpireEventTimeout(tokenMgmtRef, key);\n\n  // Remove it from storage\n  var tokenStorage = storage.getStorage();\n  delete tokenStorage[key];\n  storage.setStorage(tokenStorage);\n}\n\nfunction renew(sdk, tokenMgmtRef, storage, key) {\n  // Multiple callers may receive the same promise. They will all resolve or reject from the same request.\n  var existingPromise = tokenMgmtRef.renewPromise[key];\n  if (existingPromise) {\n    return existingPromise;\n  }\n\n  try {\n    var token = get(storage, key);\n    if (!token) {\n      throw new AuthSdkError('The tokenManager has no token for the key: ' + key);\n    }\n  } catch (e) {\n    return Promise.reject(e);\n  }\n\n  // Remove existing autoRenew timeout for this key\n  clearExpireEventTimeout(tokenMgmtRef, key);\n\n  // Store the renew promise state, to avoid renewing again\n  tokenMgmtRef.renewPromise[key] = sdk.token.renew(token)\n    .then(function(freshToken) {\n      var oldToken = get(storage, key);\n      if (!oldToken) {\n        // It is possible to enter a state where the tokens have been cleared\n        // after a renewal request was triggered. To ensure we do not store a\n        // renewed token, we verify the promise key doesn't exist and return.\n        return;\n      }\n      add(sdk, tokenMgmtRef, storage, key, freshToken);\n      tokenMgmtRef.emitter.emit('renewed', key, freshToken, oldToken);\n      return freshToken;\n    })\n    .catch(function(err) {\n      if (err.name === 'OAuthError' || err.name === 'AuthSdkError') {\n        remove(tokenMgmtRef, storage, key);\n        err.tokenKey = key;\n        err.accessToken = !!token.accessToken;\n        emitError(tokenMgmtRef, err);\n      }\n      throw err;\n    })\n    .finally(function() {\n      // Remove existing promise key\n      delete tokenMgmtRef.renewPromise[key];\n    });\n\n  return tokenMgmtRef.renewPromise[key];\n}\n\nfunction clear(tokenMgmtRef, storage) {\n  clearExpireEventTimeoutAll(tokenMgmtRef);\n  storage.clearStorage();\n}\n\nfunction TokenManager(sdk, options) {\n  options = util.extend({}, DEFAULT_OPTIONS, util.removeNils(options));\n\n  if (options.storage === 'localStorage' && !storageUtil.browserHasLocalStorage()) {\n    util.warn('This browser doesn\\'t support localStorage. Switching to sessionStorage.');\n    options.storage = 'sessionStorage';\n  }\n\n  if (options.storage === 'sessionStorage' && !storageUtil.browserHasSessionStorage()) {\n    util.warn('This browser doesn\\'t support sessionStorage. Switching to cookie-based storage.');\n    options.storage = 'cookie';\n  }\n\n  var storageProvider;\n  if (typeof options.storage === 'object') {\n    // A custom storage provider must implement getItem(key) and setItem(key, val)\n    storageProvider = options.storage;\n  } else {\n    switch(options.storage) {\n      case 'localStorage':\n        storageProvider = localStorage;\n        break;\n      case 'sessionStorage':\n        storageProvider = sessionStorage;\n        break;\n      case 'cookie':\n        storageProvider = storageUtil.getCookieStorage(sdk.options.cookies);\n        break;\n      case 'memory':\n        storageProvider = storageUtil.getInMemoryStorage();\n        break;\n      default:\n        throw new AuthSdkError('Unrecognized storage option');\n    }\n  }\n  var storageKey = options.storageKey || constants.TOKEN_STORAGE_NAME;\n  var storage = storageBuilder(storageProvider, storageKey);\n  var clock = SdkClock.create(sdk, options);\n  var tokenMgmtRef = {\n    clock: clock,\n    options: options,\n    emitter: sdk.emitter,\n    expireTimeouts: {},\n    renewPromise: {}\n  };\n\n  this.add = util.bind(add, this, sdk, tokenMgmtRef, storage);\n  this.get = util.bind(getAsync, this, sdk, tokenMgmtRef, storage);\n  this.remove = util.bind(remove, this, tokenMgmtRef, storage);\n  this.clear = util.bind(clear, this, tokenMgmtRef, storage);\n  this.renew = util.bind(renew, this, sdk, tokenMgmtRef, storage);\n  this.on = util.bind(tokenMgmtRef.emitter.on, tokenMgmtRef.emitter);\n  this.off = util.bind(tokenMgmtRef.emitter.off, tokenMgmtRef.emitter);\n\n  setExpireEventTimeoutAll(sdk, tokenMgmtRef, storage);\n}\n\nmodule.exports = TokenManager;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/TokenManager.js","var util = require('./util');\n\nfunction SdkClock(localOffset) {\n  // Calculated local clock offset from server time (in milliseconds). Can be positive or negative.\n  this.localOffset = parseInt(localOffset || 0);\n}\n\nutil.extend(SdkClock.prototype, {\n  // Return the current time (in seconds)\n  now: function() {\n    var now = (Date.now() + this.localOffset) / 1000;\n    return now;\n  }\n});\n\n// factory method. Create an instance of a clock from current context.\nSdkClock.create = function(/* sdk, options */) {\n  // TODO: calculate localOffset\n  var localOffset = 0;\n  return new SdkClock(localOffset);\n};\n\nmodule.exports = SdkClock;\n\n\n\n// WEBPACK FOOTER //\n// ./lib/clock.js"],"sourceRoot":""}