خُ³h&  *c  'و                    	  
                                               !  "  #  $  %  &  '  (  )  *  +  ,  -  .  /  0  1  2  3  4  5  6  7  8  9  :  ;  <  =  >  ?  @  A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  [  \  ]  ^  _  `  a  b  c  d  e  
         Safe-Inferred"8;?  خ        	       Safe-Inferred"8;?  ù        
       Safe-Inferred"8;?ر م   ]
f ms-graph-api3Possible exception states of authentication requestg ms-graph-apiى decoded claims from the JWT token, valid (at least) for the Google OpenID implementation as of February 2021h ms-graph-api/intended audience of the token (== API key ID ) ms-graph-apisub fieldi ms-graph-api#NB Validation is not a monad thoughj ms-graph-apiDecode and validate the aud,  k and nbf fields of the JWTl ms-graph-apiValidate the aud,  k and nbf fieldsm ms-graph-apiFails if the  kiry field is not at least nsecs seconds in the futuren ms-graph-api(Fails if the current time is before the nbf  time (= token is not yet valid)o ms-graph-apiFails if the aud4ience field is not equal to the supplied ApiAudiencej  ms-graph-apiح intended token audience (its meaning depends on the OAuth identity provider ) ms-graph-apiت buffer period to allow for API roundtrip delays (defaults to 0 if Nothing) ms-graph-api;JWT-encoded string, e.g. the contents of the id_token fieldl  ms-graph-apiح intended token audience (its meaning depends on the OAuth identity provider )m  ms-graph-apidefaults to 0 if Nothingo  ms-graph-api/intended audience of the token (== API key ID ) ms-graph-apidecoded from the JWT0fpqrstugvwxyz{|h}~€پ‚ƒ„…†‡ˆ‰ijlmnoٹ‹Œچژڈگ‘’“”•            Safe-Inferred"%&18;?ج ر ع è ï   {
 ms-graph-apiة https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo  ms-graph-api.Configuration object of the OAuth2 application ms-graph-apiapplication name ms-graph-apiapp client ID : see $https://stackoverflow.com/a/70670961  ms-graph-apiapp client secret " ms-graph-apiOAuth2 and OIDC scopes	 ms-graph-apiOAuth2 state (a random string, 4https://www.rfc-editor.org/rfc/rfc6749#section-10.12  )
 ms-graph-apiOAuth2 redirect URI ms-graph-apiNB : scopes openid and offline_accessق  are ALWAYS requested since the library assumes we have access to refresh tokens and ID tokens+Reference on Microsoft Graph permissions : =https://learn.microsoft.com/en-us/graph/permissions-reference – ms-graph-apiخ https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration   ms-graph-apiOAuth configuration	
	
           Safe-Inferred"168;?ر م   y ms-graph-apitransactional token store— ms-graph-api The JWT identity token from the X-MS-TOKEN-AAD-ID-TOKENأ  header injected by App Service can be decoded for its claims e.g. sub0 (which is unique for each user for a given app)نhttps://bogdan.bynapse.com/azure/the-app-service-token-store-was-added-to-app-service-authentication-authorization-and-it-is-a-repository-of-oauth-tokens-associated-with-your-app-users-when-a-user-logs-into-your-app-via-an-iden/ ذ https://stackoverflow.com/questions/46757665/authentication-for-azure-functions/  ms-graph-api'Decode the App Service ID token header X-MS-TOKEN-AAD-ID-TOKEN:, look its user up in the local token store, supply token t to continuation. If the user subد  cannot be found in the token store the browser is redirected to the login URI.Special case of  — ms-graph-apiLogin endpointsee  ک ms-graph-apilogin endpoint handler ms-graph-api2The identity provider redirects the client to the reply& endpoint as part of the OAuth flow : é https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http#authorization-response see  ™ ms-graph-apiه 1) the ExchangeToken arrives with the redirect once the user has approved the scopes in the browser
 é https://learn.microsoft.com/en-us/graph/auth-v2-user?view=graph-rest-1.0&tabs=http#authorization-response ڑ ms-graph-api72) fork a thread and start token refresh loop for user uid› ms-graph-api Insert or update a token in the   object ms-graph-api<Remove a user, i.e. they will have to authenticate once more ms-graph-apiہ Look up a user identifier and return their current token, if any ms-graph-api$return a list representation of the   object ms-graph-apiCreate an empty   objectœ ms-graph-apiDecode and validate ID token
 ى https://learn.microsoft.com/en-us/azure/active-directory/develop/userinfo#consider-using-an-id-token-instead ‌ ms-graph-apiا Lift ExceptT to ActionM which is basically the handler Monad in Scotty.
—  ms-graph-api-look up the UserSub's token, do stuff with it ms-graph-api	login URI ms-graph-apicall MSGraph APIs with token t, etc. ms-graph-apie.g. "/login" ms-graph-apie.g. "/oauth/reply"™ ms-graph-apialso called code. Expires in 10 minutesڑ ms-graph-apiuser ID› ms-graph-apiuser id ms-graph-api	new token ms-graph-apitoken expires in ms-graph-apiuser identifier e.g. sub ms-graph-apiuser identifier e.g. subœ  ms-graph-api-appears in the OAuth2Token if scopes include openid ms-graph-api(sub)           Safe-Inferred"18;?  G
" ms-graph-apia collection of items with key value% ms-graph-apiSpecialized version of  ‍ to  ںs2This can be used to catch exceptions of composite    statements, e.g. around a do block& ms-graph-api)POST https://graph.microsoft.com/v1.0/...' ms-graph-apiLike  & but catches  ںs to allow pattern matching( ms-graph-api(GET https://graph.microsoft.com/v1.0/...) ms-graph-apiLike  ( but catches  ںs to allow pattern matching* ms-graph-api(GET https://graph.microsoft.com/v1.0/...ً Returns the response body as a bytestring, e.g. for endpoints that download files or general bytestring payloads+ ms-graph-api-drop the prefix and lowercase first charactere.g. userDisplayName -> displayName، ms-graph-api-drop the prefix and lowercase first character¢ ms-graph-apiü Drops the given prefix from a list.
   It returns the original sequence if the sequence doesn't start with the given prefix.ح dropPrefix "Mr. " "Mr. Men" == "Men"
dropPrefix "Mr. " "Dr. Men" == "Dr. Men"&  ms-graph-apiURI path segments ms-graph-apirequest body'  ms-graph-apiURI path segments(  ms-graph-apiURI path segments)  ms-graph-apiURI path segments*  ms-graph-apiURI path segments+  ms-graph-apirecord prefix،  ms-graph-apirecord name prefix ms-graph-apiJSON field name "#$%&'()*+(*)&' %"#$+           Safe-Inferred"8;?  ‡5 ms-graph-apiGet user informationGET /users/{user-id}ع https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#request 6 ms-graph-api!Get information on signed-in userںCalling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions are not supported when using the /me endpoint.GET /meـ https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#request-1 5  ms-graph-apiuser id04321560432156           Safe-Inferred"8;?   ·A ms-graph-api.download a complete file from user's directory%GET /me/drive/items/{item-id}/contentç https://learn.microsoft.com/en-us/graph/api/driveitem-get-content?view=graph-rest-1.0&tabs=http#request B ms-graph-apidownload a file from a drive.GET /drives/{drive-id}/items/{item-id}/contentç https://learn.microsoft.com/en-us/graph/api/driveitem-get-content?view=graph-rest-1.0&tabs=http#request A  ms-graph-apiitem IDB  ms-graph-apidrive ID ms-graph-apifile ID<@?>=AB<@?>=AB           Safe-Inferred"8;?  $bH ms-graph-apiخGroups are collections of principals with shared access to resources in Microsoft services or in your app. Different principals such as users, other groups, devices, and applications can be part of groups. 
httpstea:/learn.microsoft.comen-usgraphapi	resources-groups-overview?view=graph-rest-1.0&tabs=httpM ms-graph-apiإ Get the teams in Microsoft Teams that the user is a direct member of.1GET /users/{id | user-principal-name}/joinedTeamsك https://learn.microsoft.com/en-us/graph/api/user-list-joinedteams?view=graph-rest-1.0&tabs=http N ms-graph-apiGet the  <	s in the  H% storage, starting from the root item*GET /groups/{group-id}/drive/root/childrenل https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http M  ms-graph-apiUser IDN  ms-graph-apiGroup IDHLKJIMNHLKJIMN           Safe-Inferred"8;?  &ّ[ ms-graph-apiGet drive of current user\ ms-graph-api5List children in the root of the current user's drive–https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http#list-children-in-the-root-of-the-current-users-drive ] ms-graph-api5List children in the root of the current user's drive/GET /drives/{drive-id}/items/{item-id}/children–https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http#list-children-in-the-root-of-the-current-users-drive ]  ms-graph-apidrive ID ms-graph-apiitem ID
TWVUXZY[\]
[\]XZYTWVU  £    
                                                      !   "   #   $   %   &   '   (   )   *   +   ,   -  .  .   /   0   1   2   3   4   5   6   7   8   9   :  ;  ;   <   =   >   3   ?   @   A   B   C   D  E  E   F   G   H   I   J   K   L   M   N   O  P  P   Q   R   S   T   U   V   W   X   Y   Z  E  E   G   [  \  \   ]   ^   _   `   a   K   L   N   O   b   c   d  
e  
f  
g  
 h  
 i jk l  
 m  
 n  
 o  
 p  
q  
r  
s  
t  
u  
v  
 w  
 x  
 y  
 z  
 {  
 |  
f  
 }  
g  
~  
   
~  
 €  
  
 پ  
 ‚  
 ƒ  
 „  
 …  
 †  
 ‡  
 ˆ  
 ‰  
 ٹ  
 ‹  
 Œ  
 چ  
 ژ  
 ڈ  
 گ  
 ‘  
 ’   “   ”   •   –   —   ک   ™   ڑ ›œ ‌ ‍ ں       ،¢+ms-graph-api-0.6.0.0-6WfOhvX5Fo5Ch00DaiDjHPMSGraphAPI.Internal.CommonNetwork.OAuth2.SessionNetwork.OAuth2.Provider.AzureADMSGraphAPI.Users.UserMSGraphAPI.Files.DriveItemMSGraphAPI.Users.GroupMSGraphAPI.DriveMSGraphAPI.AuthMSGraphAPI.UserNetwork.OAuth2.JWT req-3.13.0-Z6GuU1Shmz9y57HLYa14xNetwork.HTTP.ReqrunReqUserSubAzureADUserOAuthCfg$sel:oacAppName:OAuthCfg$sel:oacClientId:OAuthCfg$sel:oacClientSecret:OAuthCfg$sel:oacScopes:OAuthCfg$sel:oacAuthState:OAuthCfg$sel:oacRedirectURI:OAuthCfgAzureAD
azureADApp$fFromJSONAzureADUser$fEqAzureADUser$fOrdAzureADUser$fShowAzureADUser$fEqAzureAD$fShowAzureADTokensScottyActionwithAADUserloginEndpointreplyEndpoint
expireUser
lookupUsertokensToList	newTokens$fShowOAuthSessionError$fExceptionOAuthSessionError$fEqTokensData$fShowTokensData$fEqOAuthSessionError
CollectioncValuetryReqpostpostEgetgetEgetLbsaesonOptions$fFromJSONCollection$fEqCollection$fShowCollection$fGenericCollectionUseruIduUserPrincipalNameuDisplayNamegetMe$fFromJSONUser$fEqUser	$fOrdUser
$fShowUser$fGenericUser	DriveItemdiIddiNamediLastModifiedDateTimedownloadFileMedownloadFile$fFromJSONDriveItem$fEqDriveItem$fOrdDriveItem$fShowDriveItem$fGenericDriveItemGroupgIdgDisplayNamegDescriptiongetUserJoinedTeamsgetGroupsDriveItems$fFromJSONGroup	$fEqGroup
$fOrdGroup$fShowGroup$fGenericGroupdiSizeDrivedId
getDriveMegetDriveItemsMegetDriveItemChildren$fFromJSONDrive	$fEqDrive$fShowDrive$fGenericDriveJWTException	JWTClaimsApiAudiencebindValidationdecodeValidateJWTbase	GHC.FloatexpvalidateJWTvalidateExpvalidateNbfvalidateAud	JENoTokenJEClaimNotFoundJEMalformedJWTJEAudienceNotFoundJENotYetValidJEExpiredTokenjcEmailjcSubjcNbfjcIatjcExpjcAudapiAudience	UserEmail	userEmailuserSub	jwtClaimsdecValidSubdecValidExpdecValidNbfdecValidEmaildecValidAud	decodeJWTdecAuddecExpdecIatdecNbfdecSubdecEmailclaimNotFoundfromAudfromNumericDatefromStringOrUriepochdefaultAzureADIdpaadHeaderIdTokenloginHfetchUpdateTokenrefreshLoopupdateTokendecValidIdTokenexcepttToActionM(unliftio-0.2.25.0-Ba7f1DCqS4b5QAYene3ALXUnliftIO.ExceptiontryHttpExceptionReq
recordName
dropPrefix