h&%("S      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO Safe-Inferred"8;?v Safe-Inferred"8;? P ms-graph-api3Possible exception states of authentication requestQ ms-graph-apidecoded claims from the JWT token, valid (at least) for the Google OpenID implementation as of February 2021R ms-graph-api/intended audience of the token (== API key ID ) ms-graph-apisub fieldS ms-graph-api#NB Validation is not a monad thoughT ms-graph-apiDecode and validate the aud, U and nbf fields of the JWTV ms-graph-api Validate the aud, U and nbf fieldsW ms-graph-api Fails if the Uiry field is not at least nsecs seconds in the futureX ms-graph-api(Fails if the current time is before the nbf time (= token is not yet valid)Y ms-graph-api Fails if the aud4ience field is not equal to the supplied ApiAudienceT ms-graph-apiintended token audience (its meaning depends on the OAuth identity provider ) ms-graph-apibuffer period to allow for API roundtrip delays (defaults to 0 if Nothing) ms-graph-api;JWT-encoded string, e.g. the contents of the id_token fieldV ms-graph-apiintended token audience (its meaning depends on the OAuth identity provider )W ms-graph-apidefaults to 0 if NothingY ms-graph-api/intended audience of the token (== API key ID ) ms-graph-apidecoded from the JWT0PZ[\]^_Q`abcdefRghijklmnopqrsSTVWXYtuvwxyz{|}~ Safe-Inferred"%&18;? s  ms-graph-api https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo ms-graph-api.Configuration object of the OAuth2 application ms-graph-apiapplication name ms-graph-apiapp client ID : see $https://stackoverflow.com/a/70670961 ms-graph-apiapp client secret " ms-graph-apiOAuth2 and OIDC scopes  ms-graph-apiOAuth2 state (a random string,  4https://www.rfc-editor.org/rfc/rfc6749#section-10.12 )  ms-graph-apiOAuth2 redirect URI  ms-graph-api NB : scopes openid and offline_access are ALWAYS requested since the library assumes we have access to refresh tokens and ID tokens ms-graph-api https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration  ms-graph-apiOAuth configuration     Safe-Inferred"168;?q ms-graph-apitransactional token store ms-graph-api The JWT identity token from the X-MS-TOKEN-AAD-ID-TOKEN header injected by App Service can be decoded for its claims e.g. sub0 (which is unique for each user for a given app) https://bogdan.bynapse.com/azure/the-app-service-token-store-was-added-to-app-service-authentication-authorization-and-it-is-a-repository-of-oauth-tokens-associated-with-your-app-users-when-a-user-logs-into-your-app-via-an-iden/ https://stackoverflow.com/questions/46757665/authentication-for-azure-functions/ ms-graph-api'Decode the App Service ID token header X-MS-TOKEN-AAD-ID-TOKEN:, look its user up in the local token store, supply token t to continuation. If the user sub cannot be found in the token store the browser is redirected to the login URI.Special case of  ms-graph-apiLogin endpointsee   ms-graph-apilogin endpoint handler ms-graph-api2The identity provider redirects the client to the reply& endpoint as part of the OAuth flow : https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http#authorization-responsesee   ms-graph-api1) the ExchangeToken arrives with the redirect once the user has approved the scopes in the browser https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http#authorization-response ms-graph-api72) fork a thread and start token refresh loop for user uid ms-graph-api Insert or update a token in the  object ms-graph-api  displayName ms-graph-api-drop the prefix and lowercase first character ms-graph-apiDrops the given prefix from a list. It returns the original sequence if the sequence doesn't start with the given prefix. dropPrefix "Mr. " "Mr. Men" == "Men" dropPrefix "Mr. " "Dr. Men" == "Dr. Men"& ms-graph-apiURI path segments ms-graph-api request body' ms-graph-apiURI path segments( ms-graph-apiURI path segments) ms-graph-apiURI path segments* ms-graph-apiURI path segments+ ms-graph-api record prefix ms-graph-apirecord name prefix ms-graph-apiJSON field name "#$%&'()*+ (*)&'%"#$+ Safe-Inferred"8;?5 ms-graph-apiGet user information GET /users/{user-id} https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#request6 ms-graph-api!Get information on signed-in userCalling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions are not supported when using the /me endpoint. GET /me https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#request-15 ms-graph-apiuser id04321565604321 Safe-Inferred"8;?< ms-graph-api.download a complete file from user's directory %GET /me/drive/items/{item-id}/content https://learn.microsoft.com/en-us/graph/api/driveitem-get-content?view=graph-rest-1.0&tabs=http#request= ms-graph-apidownload a file from a drive .GET /drives/{drive-id}/items/{item-id}/content https://learn.microsoft.com/en-us/graph/api/driveitem-get-content?view=graph-rest-1.0&tabs=http#request< ms-graph-apiitem ID= ms-graph-apidrive ID ms-graph-apifile ID<=<= Safe-Inferred"8;?";E ms-graph-apiGet drive of current userF ms-graph-api5List children in the root of the current user's drive https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http#list-children-in-the-root-of-the-current-users-driveG ms-graph-api5List children in the root of the current user's drive /GET /drives/{drive-id}/items/{item-id}/children https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http#list-children-in-the-root-of-the-current-users-driveG ms-graph-apidrive ID ms-graph-apiitem ID >A@?BDCEFG EFGBDC>A@?    !"#$%&'()*+,,-./01234567899:;<1=>?@ABCDEEFGHHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklVmWnonp qrstuvwxyz{|}~  +ms-graph-api-0.5.0.0-92hg9qxfYXvKWdKxfo4q6zMSGraphAPI.Internal.CommonNetwork.OAuth2.SessionNetwork.OAuth2.Provider.AzureADMSGraphAPI.UserMSGraphAPI.Files.DriveItemsMSGraphAPI.DriveMSGraphAPI.AuthNetwork.OAuth2.JWT req-3.13.0-Z6GuU1Shmz9y57HLYa14xNetwork.HTTP.ReqrunReqUserSub AzureADUserOAuthCfg$sel:oacAppName:OAuthCfg$sel:oacClientId:OAuthCfg$sel:oacClientSecret:OAuthCfg$sel:oacScopes:OAuthCfg$sel:oacAuthState:OAuthCfg$sel:oacRedirectURI:OAuthCfgAzureAD azureADApp$fFromJSONAzureADUser$fEqAzureADUser$fOrdAzureADUser$fShowAzureADUser $fEqAzureAD $fShowAzureADTokensScottyAction withAADUser loginEndpoint replyEndpoint expireUser lookupUser tokensToList newTokens$fShowOAuthSessionError$fExceptionOAuthSessionError$fEqTokensData$fShowTokensData$fEqOAuthSessionError CollectioncValuetryReqpostpostEgetgetEgetLbs aesonOptions$fFromJSONCollection$fEqCollection$fShowCollection$fGenericCollectionUseruIduUserPrincipalName uDisplayNamegetMe$fFromJSONUser$fEqUser $fOrdUser $fShowUser $fGenericUserdownloadFileMe downloadFile DriveItemdiNamediSizeDrivedId getDriveMegetDriveItemsMegetDriveItemChildren$fFromJSONDrive$fFromJSONDriveItem $fEqDriveItem$fShowDriveItem$fGenericDriveItem $fEqDrive $fShowDrive$fGenericDrive JWTException JWTClaims ApiAudiencebindValidationdecodeValidateJWTbase GHC.Floatexp validateJWT validateExp validateNbf validateAud JENoTokenJEClaimNotFoundJEMalformedJWTJEAudienceNotFound JENotYetValidJEExpiredTokenjcEmailjcSubjcNbfjcIatjcExpjcAud apiAudience UserEmail userEmailuserSub jwtClaims decValidSub decValidExp decValidNbf decValidEmail decValidAud decodeJWTdecAuddecExpdecIatdecNbfdecSubdecEmail claimNotFoundfromAudfromNumericDatefromStringOrUriepochdefaultAzureADIdpaadHeaderIdTokenloginHfetchUpdateToken refreshLoop updateTokendecValidIdTokenexcepttToActionM(unliftio-0.2.25.0-Ba7f1DCqS4b5QAYene3ALXUnliftIO.Exceptiontry HttpExceptionReq recordName dropPrefix