From f4a20e3ef98e0dd749b4c7da297e3aa8eb6641bc Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Mon, 25 May 2026 09:20:32 -0500
Subject: [PATCH 01/11] chore: update AAGUIDs (#1487)
Co-authored-by: stonith404 <58886915+stonith404@users.noreply.github.com>
---
backend/resources/aaguids.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/backend/resources/aaguids.json b/backend/resources/aaguids.json
index 659f9d76..5b6b630b 100644
--- a/backend/resources/aaguids.json
+++ b/backend/resources/aaguids.json
@@ -1 +1 @@
-{"fcb1bcb4-f370-078c-6993-bc24d0ae3fbe":"Ledger Nano X FIDO2 Authenticator","6e8d1eae-8d40-4c25-bcf8-4633959afc71":"Veridium iOS SDK","e8b7f4a2-c3d5-e6f7-890a-b1c2d3e4f567":"Sherlocked","9eb7eabc-9db5-49a1-b6c3-555a802093f4":"YubiKey 5 Series with NFC KVZR57","4d41190c-7beb-4a84-8018-adf265a6352d":"Thales IDPrime FIDO Bio","2772ce93-eb4b-4090-8b73-330f48477d73":"Security Key NFC by Yubico - Enterprise Edition Preview","6dae43be-af9c-417b-8b9f-1b611168ec60":"Dapple Authenticator from Dapple Security Inc.","5626bed4-e756-430b-a7ff-ca78c8b12738":"VALMIDO PRO FIDO","260e3021-482d-442d-838c-7edfbe153b7e":"Feitian ePass FIDO2-NFC Plus Authenticator","95e4d58c-056e-4a65-866d-f5a69659e880":"TruU Windows Authenticator","90636e1f-ef82-43bf-bdcf-5255f139d12f":"YubiKey Bio Series - Multi-protocol Edition","9c835346-796b-4c27-8898-d6032f515cc5":"Cryptnox FIDO2","c3f47802-de73-4dfc-ba22-671fe3304f90":"eToken Fusion NFC PIV Enterprise","0d9b2e56-566b-c393-2940-f821b7f15d6d":"Excelsecu eSecu FIDO2 Pro Security Key","2bff89f2-323a-48fc-b7c8-9ff7fe87c07e":"Feitian BioPass FIDO2 Pro (Enterprise Profile)","c5ef55ff-ad9a-4b9f-b580-adebafe026d0":"YubiKey 5 Series with Lightning","2194b428-9397-4046-8f39-007a1605a482":"IDPrime 931 Fido","39a5647e-1853-446c-a1f6-a79bae9f5bc7":"IDmelon","664d9f67-84a2-412a-9ff7-b4f7d8ee6d05":"OpenSK authenticator","3789da91-f943-46bc-95c3-50ea2012f03a":"NEOWAVE Winkeo FIDO2","fa2b99dc-9e39-4257-8f92-4a30d23c4118":"YubiKey 5 Series with NFC","341e4da9-3c2e-8103-5a9f-aad887135200":"Ledger Nano S FIDO2 Authenticator","69700f79-d1fb-472e-bd9b-a3a3b9a9eda0":"Pone Biometrics OFFPAD Authenticator","8da0e4dc-164b-454e-972e-88f362b23d59":"CardOS FIDO2 Token","89b19028-256b-4025-8872-255358d950e4":"Sentry Enterprises CTAP2 Authenticator","4e768f2c-5fab-48b3-b300-220eb487752b":"Hideez Key 4 FIDO2 SDK","47ab2fb4-66ac-4184-9ae1-86be814012d5":"Security Key NFC by Yubico - Enterprise Edition","931327dd-c89b-406c-a81e-ed7058ef36c6":"Swissbit iShield Key FIDO2","f8d5c4e9-e539-4c06-8662-ec2a4155a555":"StarSign Key Fob","b7d3f68e-88a6-471e-9ecf-2df26d041ede":"Security Key NFC by Yubico","8d1b1fcb-3c76-49a9-9129-5515b346aa02":"IDEMIA ID-ONE Card","30b5035e-d297-4ff7-020b-addc96ba6a98":"OneSpan DIGIPASS FX7","454e5346-4944-4ffd-6c93-8e9267193e9a":"Ensurity ThinC","e1a96183-5016-4f24-b55b-e3ae23614cc6":"ATKey.Pro CTAP2.0","9ff4cc65-6154-4fff-ba09-9e2af7882ad2":"Security Key NFC by Yubico - Enterprise Edition (Enterprise Profile)","4599062e-6926-4fe7-9566-9e8fb1aedaa0":"YubiKey 5 Series (Enterprise Profile)","9d3df6ba-282f-11ed-a261-0242ac120002":"Arculus FIDO2/U2F Key Card","fbefdf68-fe86-0106-213e-4d5fa24cbe2e":"Excelsecu eSecu FIDO2 NFC Security Key","62e54e98-c209-4df3-b692-de71bb6a8528":"YubiKey 5 FIPS Series with NFC Preview","ab32f0c6-2239-afbb-c470-d2ef4e254db7":"TOKEN2 FIDO2 Security Key","ce6bf97f-9f69-4ba7-9032-97adc6ca5cf1":"YubiKey 5 FIPS Series with NFC (RC Preview)","ad08c78a-4e41-49b9-86a2-ac15b06899e2":"YubiKey Bio Series - FIDO Edition (Enterprise Profile)","930b0c03-ef46-4ac4-935c-538dccd1fcdb":"Chipwon Clife Key","7787a482-13e8-4784-8a06-c7ed49a7aaf4":"Swissbit iShield Key 2","72c6b72d-8512-4c66-8359-9d3d10d9222f":"Security Key NFC by Yubico - Enterprise Edition (Enterprise Profile)","99ed6c29-4573-4847-816d-78ad8f1c75ef":"VeroCard FIDO2 Authenticator","973446ca-e21c-9a9b-99f5-9b985a67af0f":"ACS FIDO Authenticator Card","74820b05-a6c9-40f9-8fb0-9f86aca93998":"SafeNet eToken Fusion","1105e4ed-af1d-02ff-ffff-ffffffffffff":"Egomet FIDO2 Authenticator for Android","08987058-cadc-4b81-b6e1-30de50dcbe96":"Windows Hello","a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa":"Security Key NFC by Yubico","0acf3011-bc60-f375-fb53-6f05f43154e0":"Nymi FIDO2 Authenticator","d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3":"KEY-ID FIDO2 Authenticator","8eec9bf9-486c-46da-9a67-1fbb4f66b9ed":"HID Crescendo 4000 FIPS","4c50ff10-1057-4fc6-b8ed-43a529530c3c":"ImproveID Authenticator","c611b55c-77b2-4527-8082-590e931b2f08":"GoTrust Idem Key ","ee041bce-25e5-4cdb-8f86-897fd6418464":"Feitian ePass FIDO2-NFC Authenticator","2588ae83-5a3b-4536-b8de-5e540200d191":"Dapple Authenticator from Dapple Security Inc.","4b89f401-464e-4745-a520-486ddfc5d80e":"IIST FIDO2 Authenticator","2cd2f727-f6ca-44da-8f48-5c2e5da000a2":"Nitrokey 3 AM","10c70715-2a9a-4de1-b0aa-3cff6d496d39":"eToken Fusion NFC FIPS","efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4":"Safenet eToken FIDO","24083bcb-3034-4867-99de-a3b52e1d426a":"Enterprise Security Key Series with NFC (Consumer Profile)","4b3f8944-d4f2-4d21-bb19-764a986ec160":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","4c0cf95d-2f40-43b5-ba42-4c83a11c04ba":"Feitian BioPass FIDO2 Pro Authenticator","5343502d-5343-5343-6172-644649444f32":"ESS Smart Card Inc. Authenticator","69e7c36f-f2f6-9e0d-07a6-bcc243262e6b":"OneKey FIDO2 Authenticator","524de2de-982f-49b4-a769-2b5e3b73ad79":"YubiKey 5 Series (Enterprise Profile)","09591fc6-9811-48f7-8f57-b9f23df6413f":"Pone Biometrics OFFPAD Authenticator","912435d9-4a88-42f3-972d-1244b0d51420":"SI0X FIDO CL WRIST v1.0","7e3f3d30-3557-4442-bdae-139312178b39":"RSA DS100","73bb0cd4-e502-49b8-9c6f-b59445bf720b":"YubiKey 5 FIPS Series","39589099-9a75-49fc-afaa-801ca211c62a":"Feitian ePass FIDO-NFC (Enterprise Profile) (CTAP2.1, CTAP2.0, U2F)","dc5e949d-f939-43b3-9877-a85c7186b753":"YubiKey Bio Multi-protocol Edition (Enterprise Profile)","149a2021-8ef6-4133-96b8-81f8d5b7f1f5":"Security Key by Yubico with NFC","5df66f62-5b47-43d3-aa1d-a6e31c8dbeb5":"Securitag Assembly Group FIDO Authenticator NFC","9a272558-5cfa-4424-be37-65509677b77d":"SECORA ID Key S USB by Infineon Consumer Edition","09619fbf-d75e-4a62-be1d-fe4d240864ae":"VeriMark(TM) Guard 2.1 Fingerprint Security Key","50cbf15a-238c-4457-8f16-812c43bf3c49":"Ensurity AUTH TouchPro","ee7fa1e0-9539-432f-bd43-9c2fc6d4f311":"VeriMark NFC+ USB-C Security Key","b90e7dc1-316e-4fee-a25a-56a666a670fe":"YubiKey 5 Series with Lightning (Enterprise Profile)","6d4aa745-dad5-40c4-b9b4-6a252fcee70f":"GoTrust Cyber Key","175cd298-83d2-4a26-b637-313c07a6434e":"Chunghwa Telecom FIDO2 Smart Card Authenticator","34744913-4f57-4e6e-a527-e9ec3c4b94e6":"YubiKey Bio Series - Multi-protocol Edition","5ea308b2-7ac7-48b9-ac09-7e2da9015f8c":"Veridium Android SDK","3b1adb99-0dfe-46fd-90b8-7f7614a4de2a":"GoTrust Idem Key","46544d5d-8f5d-4db4-89ac-ea8977073fff":"Foongtone FIDO Authenticator","0a357157-9b18-4c8a-920e-d156e972b2f8":"YubiKey 5 Series (Consumer Profile)","998f358b-2dd2-4cbe-a43a-e8107438dfb3":"OnlyKey Secp256R1 FIDO2 CTAP2 Authenticator","30b5035e-d297-4ff2-010b-addc96ba6a98":"OneSpan DIGIPASS FX2-A","817cdab8-0d51-4de1-a821-e25b88519cf3":"Swissbit iShield Key 2 FIPS","61250591-b2bc-4456-b719-0b17be90bb30":"eWBM eFPA FIDO2 Authenticator","8c39ee86-7f9a-4a95-9ba3-f6b097e5c2ee":"YubiKey Bio Series - FIDO Edition (Enterprise Profile)","f8a011f3-8c0a-4d15-8006-17111f9edc7d":"Security Key by Yubico","8976631b-d4a0-427f-5773-0ec71c9e0279":"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator","7dab85a5-d16d-4eaf-a7ef-4c1385b151c5":"YubiKey 5 Series with NFC (Consumer Profile) KVZR57-2","516d3969-5a57-5651-5958-4e7a49434167":"SmartDisplayer BobeePass FIDO2 Authenticator","8681a073-5f50-4d52-bce4-e21658d207b3":"RSA Authenticator 4 for iOS","30b5035e-d297-4ff7-030b-addc96ba6a98":"OneSpan DIGIPASS FX7-C","e41b42a3-60ac-4afb-8757-a98f2d7f6c9f":"Deepnet SafeKey/Classic (FP)","c89e6a38-6c00-5426-5aa5-c9cbf48f0382":"ACS FIDO Authenticator NFC","eb7ef748-cbe0-4b40-b8f6-07bd2d592d35":"YubiKey 5 CCN Series with NFC (Consumer Profile)","a02167b9-ae71-4ac7-9a07-06432ebb6f1c":"YubiKey 5 Series with Lightning","82b0a720-127a-4788-b56d-d1d4b2d82eac":"ID-One Key","2c0df832-92de-4be1-8412-88a8f074df4a":"Feitian FIDO Smart Card","59f85fe7-faa5-4c92-9f52-697b9d4d5473":"RSA Authenticator 4 for Android","22682ee5-4f0e-4c19-be3e-797d5770ebfe":"Precision InnaIT Key FIDO 2 Level 2 certified","79f3c8ba-9e35-484b-8f47-53a5a0f5c630":"YubiKey 5 FIPS Series with NFC (Enterprise Profile)","6e34341a-88c7-483d-b777-a425c355be93":"WebComm OETHenticator","7a53c643-9dec-4219-b3a4-f9d24aca4e12":"G+D StarKey FIDO2-NFC","def8ab1a-9f91-44f1-a103-088d8dc7d681":"IDEMIA SOLVO Fly 80 R3 FIDO Card e","9955a1cd-564c-d388-ad68-9878a27be9f1":"StarSign Chase FIDO Card","9dd8d593-2213-438a-97f8-d6b813d51c27":"YubiKey Bio Fido Edition (Consumer Profile)","970c8d9c-19d2-46af-aa32-3f448db49e35":"WinMagic FIDO Eazy - TPM","c5703116-972b-4851-a3e7-ae1259843399":"NEOWAVE Badgeo FIDO2","c80dbd9a-533f-4a17-b941-1a2f1c7cedff":"HID Crescendo C3000","0b8b05a4-ebd4-4b0b-8f5f-33d7b6e606ab":"HID Crescendo 4000","5b0e46ba-db02-44ac-b979-ca9b84f5e335":"YubiKey 5 FIPS Series with Lightning Preview","12755c32-8ad1-46eb-881c-e0b38d848b09":"Feitian ePass FIDO Authenticator (CTAP2.1, CTAP2.0, U2F)","2a55aee6-27cb-42c0-bc6e-04efe999e88a":"HID Crescendo 4000","820d89ed-d65a-409e-85cb-f73f0578f82a":"IDmelon Authenticator","019614a3-2703-7e35-a453-285fd06c5d24":"ATLKey Authenticator","3124e301-f14e-4e38-876d-fbeeb090e7bf":"YubiKey 5 Series with Lightning Preview","b6ede29c-3772-412c-8a78-539c1f4c62d2":"Feitian BioPass FIDO2 Plus Authenticator","ed042a3a-4b22-4455-bb69-a267b652ae7e":"Security Key NFC by Yubico - Enterprise Edition","b2c1a50b-dad8-4dc7-ba4d-0ce9597904bc":"YubiKey 5 Series with NFC - Enhanced PIN (Enterprise Profile)","85203421-48f9-4355-9bc8-8a53846e5083":"YubiKey 5 FIPS Series with Lightning","fcc0118f-cd45-435b-8da1-9782b2da0715":"YubiKey 5 FIPS Series with NFC","d821a7d4-e97c-4cb6-bd82-4237731fd4be":"Hyper FIDO Bio Security Key","9876631b-d4a0-427f-5773-0ec71c9e0279":"Somu Secp256R1 FIDO2 CTAP2 Authenticator","522a3f91-5f5d-480d-be37-6cecfad5a27b":"Precision InnaIT Key FIDO 2 Level 2 certified","f56f58b3-d711-4afc-ba7d-6ac05f88cb19":"WinMagic FIDO Eazy - Phone","6ec5cff2-a0f9-4169-945b-f33b563f7b99":"YubiKey Bio Series - Multi-protocol Edition (Enterprise Profile)","882adaf5-3aa9-4708-8e7d-3957103775b4":"T-Shield TrustSec FIDO2 Bio and client PIN version","49a15c1c-3f63-3f51-23a7-b9e00096edd1":"IDEX CTAP2.1 Biometrics","f4c63eff-d26c-4248-801c-3736c7eaa93a":"FIDO KeyPass S3","d384db22-4d50-ebde-2eac-5765cf1e2a44":"Excelsecu eSecu FIDO2 Fingerprint Security Key","0db01cd6-5618-455b-bb46-1ec203d3213e":"GoldKey Security Token","b93fd961-f2e6-462f-b122-82002247de78":"Android Authenticator","aa79f476-ea00-417e-9628-1e8365123922":"HID Crescendo 4000 FIDO","1e906e14-77af-46bc-ae9f-fe6ef18257e4":"VeridiumID Passkey iOS SDK","2fc0579f-8113-47ea-b116-bb5a8db9202a":"YubiKey 5 Series with NFC","31c3f7ff-bf15-4327-83ec-9336abcbcd34":"WinMagic FIDO Eazy - Software","cb4f796c-a20a-af9e-d639-213c1ec247f3":"ACS PocketKey+ Bio","9ddd1817-af5a-4672-a2b9-3e3dd95000a9":"Windows Hello","d8522d9f-575b-4866-88a9-ba99fa02f35b":"YubiKey Bio Series - FIDO Edition","050dd0bc-ff20-4265-8d5d-305c4b215192":"eToken Fusion FIPS","50a45b0c-80e7-f944-bf29-f552bfa2e048":"ACS FIDO Authenticator","f7c558a0-f465-11e8-b568-0800200c9a66":"KONAI Secp256R1 FIDO2 Conformance Testing CTAP2 Authenticator","3f59672f-20aa-4afe-b6f4-7e5e916b6d98":"Arculus FIDO 2.1 Key Card [P71]","42b4fb4a-2866-43b2-9bf7-6c6669c2e5d3":"Google Titan Security Key v2","361a3082-0278-4583-a16f-72a527f973e4":"eWBM eFA500 FIDO2 Authenticator","2ffd6452-01da-471f-821b-ea4bf6c8676a":"IDPrime 941 Fido","9806a2c8-c0da-478e-b4ca-620005d34182":"YubiKey Bio Multi-protocol Edition (Consumer Profile) 1VDJSN-2","03012cb7-4fb2-42e7-9e8d-a81f10e2a5e9":"YubiKey 5 Series with Lightning (Consumer Profile)","30b5035e-d297-4ff7-b00b-addc96ba6a98":"OneSpan DIGIPASS FX7","0f083f18-4105-43a8-ad69-24e812e38141":"Security Key Series with NFC (Consumer Profile)","5eaff75a-dd43-451f-af9f-87c9eeae293e":"Swissbit iShield Key 2 FIPS Enterprise","b415094c-49d3-4c8b-b3fe-7d0ad28a6bc4":"ZTPass SmartAuth","692db549-7ae5-44d5-a1e5-dd20a493b723":"HID Crescendo Key","0ebd9f2c-f685-441c-8c3e-a02a234a840a":"YubiKey 5 Series with NFC Enhanced PIN (Consumer Profile)","23315ad0-6aca-4ba1-952e-f044f1e36976":"Clife Key 2 NFC","1d1b4e33-76a1-47fb-97a0-14b10d0933f1":"Cryptnox FIDO2.1","bbf4b6a7-679d-f6fc-c4f2-8ac0ddf9015a":"Excelsecu eSecu FIDO2 PRO Security Key","3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d":"Feitian iePass FIDO Authenticator","ab7d1767-3fa0-4388-b6c4-feef7a844809":"Enterprise Security Key Series with NFC (Enterprise Profile)","f4ce5fc0-57d3-46f5-a736-efb7d5bc63b5":"YubiKey 5 Series with NFC (Consumer Profile)","23786452-f02d-4344-87ed-aaf703726881":"SafeNet eToken Fusion CC","5e264d9d-28ef-4d34-95b4-5941e7a4faa8":"Ideem ZSM FIDO2 Authenticator","d2fbd093-ee62-488d-9dad-1e36389f8826":"YubiKey 5 FIPS Series (RC Preview)","234cd403-35a2-4cc2-8015-77ea280c77f5":"Feitian ePass FIDO2-NFC Series (CTAP2.1, CTAP2.0, U2F)","6999180d-630c-442d-b8f7-424b90a43fae":"Hyper FIDO Pro (CTAP2.1, CTAP2.0, U2F)","662ef48a-95e2-4aaa-a6c1-5b9c40375824":"YubiKey 5 Series with NFC - Enhanced PIN","aeb6569c-f8fb-4950-ac60-24ca2bbe2e52":"HID Crescendo C2300","87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c":"eWBM eFA320 FIDO2 Authenticator","58276709-bb4b-4bb3-baf1-60eea99282a7":"YubiKey Bio Series - Multi-protocol Edition 1VDJSN","7d2afadd-bf6b-44a2-a66b-e831fceb8eff":"Taglio CTAP2.1 EP","30b5035e-d297-4ff1-020b-addc96ba6a98":"OneSpan DIGIPASS FX1-C","04a8fcf2-19c1-457b-911e-69219f17583f":"Thales PAY GFCX13 authenticator","20ac7a17-c814-4833-93fe-539f0d5e3389":"YubiKey 5 Series (Enterprise Profile)","9012593f-43e4-4461-a97a-d92777b55d74":"VinCSS FIDO2 Fingerprint","d7781e5d-e353-46aa-afe2-3ca49f13332a":"YubiKey 5 Series with NFC","9f0d8150-baa5-4c00-9299-ad62c8bb4e87":"GoTrust Idem Card","12ded745-4bed-47d4-abaa-e713f51d6393":"Feitian AllinOne FIDO2 Authenticator","88bbd2f0-342a-42e7-9729-dd158be5407a":"Precision InnaIT Key FIDO 2 Level 2 certified","1d8cac46-47a1-3386-af50-e88ae46fe802":"Ledger Flex FIDO2 Authenticator","dd86a2da-86a0-4cbe-b462-4bd31f57bc6f":"YubiKey Bio Series - FIDO Edition","773c30d9-5919-4e96-a4f5-db65e95cf890":"GSTAG OAK FIDO2 Authenticator","34f5766d-1536-4a24-9033-0e294e510fb0":"YubiKey 5 Series with NFC Preview","83c47309-aabb-4108-8470-8be838b573cb":"YubiKey Bio Series - FIDO Edition (Enterprise Profile)","c1288a5c-d66b-495c-a68f-4e81f9ec5b53":"Deepnet SafeKey/Classic (FP) XF","4e2ddbc2-2687-4709-8551-cb66c9776bfe":"SECORA ID V2 FIDO2.1 L1","be727034-574a-f799-5c76-0929e0430973":"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)","092277e5-8437-46b5-b911-ea64b294acb7":"Taglio CTAP2.1 CS","ca87cb70-4c1b-4579-a8e8-4efdd7c007e0":"FIDO Alliance TruU Sample FIDO2 Authenticator","23195a52-62d9-40fa-8ee5-23b173f4fb52":"Hyper FIDO Pro NFC","ba0a9266-40d8-4048-9786-d710b5474752":"YubiKey Bio Multi-protocol Edition (Consumer Profile)","3e9db280-256a-4e17-b08e-19d79e9be166":"SECORA ID V2 by Infineon Pay Edition","a7fc3f84-86a3-4da4-a3d7-eb6485a066d8":"NEOWAVE Badgeo FIDO2 (CTAP 2.1)","1f8e43df-71ff-e11d-bea3-c4ee7003b232":"Thetis Pro FIDO2 Key","3ec9c8d3-a5a7-415b-a7b5-f1d606368d3f":"YubiKey 5 CCN Series with NFC (Enterprise Profile)","9e66c661-e428-452a-a8fb-51f7ed088acf":"YubiKey 5 FIPS Series with Lightning (RC Preview)","58b44d0b-0a7c-f33a-fd48-f7153c871352":"Ledger Nano S Plus FIDO2 Authenticator","9a3f2abd-a73d-439c-9ee7-1b53a857eaa7":"YubiKey 5 Series with NFC Enhanced PIN (Enterprise Profile)","454e5346-4944-4ffd-6c93-8e9267193e9b":"Ensurity AUTH BioPro","41e39911-c669-4811-b860-c6ad0b411b96":"YubiKey 5 Series with NFC (Enterprise Profile)","146e77ef-11eb-4423-b847-ce77864e9411":"eToken Fusion NFC PIV","13ac47cf-1d78-4fd5-9060-aedaabacf826":"HID Crescendo Key V3 - Enterprise Edition","e77e3c64-05e3-428b-8824-0cbeb04b829d":"Security Key NFC by Yubico","33d6d7d0-279f-4ef3-96b3-2d3282f4bde6":"Thales eToken Fusion BIO Enterprise","8d4378b0-725d-4432-b3c2-01fcdaf46286":"VeridiumID Passkey Android SDK","7409272d-1ff9-4e10-9fc9-ac0019c124fd":"YubiKey Bio Series - FIDO Edition","bb66c294-de08-47e4-b7aa-d12c2cd3fb20":"Mettlesemi Vishwaas Hawk Authenticator using FIDO2","c4ddaf11-3032-4e77-b3b9-3a340369b9ad":"HID Crescendo Fusion","add92433-0d69-4026-8166-29b25bce64e9":"YubiKey Bio Fido Edition (Enterprise Profile)","7d1351a6-e097-4852-b8bf-c9ac5c9ce4a3":"YubiKey Bio Series - Multi-protocol Edition","07a9f89c-6407-4594-9d56-621d5f1e358b":"NXP Semiconductros FIDO2 Conformance Testing CTAP2 Authenticator","d61d3b87-3e7c-4aea-9c50-441c371903ad":"KeyVault Secp256R1 FIDO2 CTAP2 Authenticator","c62100de-759b-4bf8-b22b-63b3e3a80401":"Token Ring 3 FIDO2 Authenticator","5ca1ab1e-1337-fa57-f1d0-a117e71ca702":"Allthenticator iOS App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers","b92c3f9a-c014-4056-887f-140a2501163b":"Security Key by Yubico","54d9fee8-e621-4291-8b18-7157b99c5bec":"HID Crescendo Enabled","72a2b5b1-95a5-4df9-a881-4192aff4f72e":"GoTrust Idem Key mini","a25342c0-3cdc-4414-8e46-f4807fca511c":"YubiKey 5 Series with NFC","3a662962-c6d4-4023-bebb-98ae92e78e20":"YubiKey 5 FIPS Series with Lightning (Enterprise Profile)","20f0be98-9af9-986a-4b42-8eca4acb28e4":"Excelsecu eSecu FIDO2 Fingerprint Security Key","ca4cff1b-5a81-4404-8194-59aabcf1660b":"IDPrime 3930 FIDO","ab32f0c6-2239-afbb-c470-d2ef4e254db6":"TEST (DUMMY RECORD)","760eda36-00aa-4d29-855b-4012a182cdeb":"Security Key NFC by Yubico Preview","6028b017-b1d4-4c02-b4b3-afcdafc96bb2":"Windows Hello","b12eac35-586c-4809-a4b1-d81af6c305cf":"Deepnet SafeKey/Classic (NFC)","30b5035e-d297-4fc1-b00b-addc96ba6a97":"OneSpan FIDO Touch","560a780c-b6ae-4f03-b110-082f856425b4":"KQC QuKey Bio FIDO2 Authenticator","1ac71f64-468d-4fe0-bef1-0e5f2f551f18":"YubiKey 5 Series with NFC (Enterprise Profile)","6d44ba9b-f6ec-2e49-b930-0c8fe920cb73":"Security Key by Yubico with NFC","6832d205-75f2-44c7-a864-e868c796d06e":"Precision InnaIT Key FIDO 2 Level 2 certified","9eb85bb6-9625-4a72-815d-0487830ccab2":"Ensurity AUTH BioPro Desktop","30b5035e-d297-4ff7-010b-addc96ba6a98":"OneSpan DIGIPASS FX7-B","5ca1ab1e-fa57-1337-f1d0-a117371ca702":"Allthenticator Android App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers","eabb46cc-e241-80bf-ae9e-96fa6d2975cf":"TOKEN2 PIN Plus Security Key Series ","53414d53-554e-4700-0000-000000000000":"Samsung Pass","e416201b-afeb-41ca-a03d-2281c28322aa":"ATKey.Pro CTAP2.1","905b4cb4-ed6f-4da9-92fc-45e0d4e9b5c7":"YubiKey 5 FIPS Series (Enterprise Profile)","cfcb13a2-244f-4b36-9077-82b79d6a7de7":"USB/NFC Passcode Authenticator","76692dc1-c56a-48d9-8e7d-31b5ced430ac":"VeriMark NFC+ USB-A Security Key","91ad6b93-264b-4987-8737-3a690cad6917":"Token Ring FIDO2 Authenticator","a02140b7-0cbd-42e1-a9b5-a39da2545114":"Feitian BioPass FIDO2 Plus (Enterprise Profile)","5753362b-4e6b-6345-7b2f-255438404c75":"WiSECURE Blentity FIDO2 Authenticator","9f77e279-a6e2-4d58-b700-31e5943c6a98":"Hyper FIDO Pro","b9f6b7b6-f929-4189-bca9-dd951240c132":"Deepnet SafeKey/Classic (USB)","cc45f64e-52a2-451b-831a-4edd8022a202":"ToothPic Passkey Provider","0bb43545-fd2c-4185-87dd-feb0b2916ace":"Security Key NFC by Yubico - Enterprise Edition","73402251-f2a8-4f03-873e-3cb6db604b03":"uTrust FIDO2 Security Key","c1f9a0bc-1dd2-404a-b27f-8e29047a43fd":"YubiKey 5 FIPS Series with NFC","70e7c36f-f2f6-9e0d-07a6-bcc243262e6b":"OneKey FIDO2 Bluetooth Authenticator","4fc84f16-2545-4e53-b8fc-7bf4d7282a10":"YubiKey 5 CCN Series with NFC (Enterprise Profile)","6ab56fad-881f-4a43-acb2-0be065924522":"YubiKey 5 Series with NFC (Enterprise Profile)","504d7149-4e4c-3841-4555-55445a677357":"WiSECURE AuthTron USB FIDO2 Authenticator","2c2aeed8-8174-4159-814b-486e92a261d0":"NEOWAVE WINKEO V2.0","f2145e86-211e-4931-b874-e22bba7d01cc":"ID-One Key","53334693-4b3f-4198-8857-53772de2ab65":"Precision InnaIT Key FIDO 2 Level 2 certified","a3975549-b191-fd67-b8fb-017e2917fdb3":"Excelsecu eSecu FIDO2 NFC Security Key","19083c3d-8383-4b18-bc03-8f1c9ab2fd1b":"YubiKey 5 Series","da1fa263-8b25-42b6-a820-c0036f21ba7f":"ATKey.Card NFC","6002f033-3c07-ce3e-d0f7-0ffe5ed42543":"Excelsecu eSecu FIDO2 Fingerprint Key","5fdb81b8-53f0-4967-a881-f5ec26fe4d18":"VinCSS FIDO2 Authenticator","78ba3993-d784-4f44-8d6e-cc0a8ad5230e":"Feitian ePass FIDO-NFC(CTAP2.1, CTAP2.0, U2F)","57f7de54-c807-4eab-b1c6-1c9be7984e92":"YubiKey 5 FIPS Series","bb405265-40cf-4115-93e5-a332c1968d8c":"ID-One Card","2d3bec26-15ee-4f5d-88b2-53622490270b":"HID Crescendo Key V2","489ff376-b48d-6640-bb69-782a860ca795":"Mettlesemi Vishwaas Eagle Authenticator using FIDO2","3b24bf49-1d45-4484-a917-13175df0867b":"YubiKey 5 Series with Lightning (Enterprise Profile)","30b5035e-d297-4ff1-010b-addc96ba6a98":"OneSpan DIGIPASS FX1a","cb69481e-8ff7-4039-93ec-0a2729a154a8":"YubiKey 5 Series","0076631b-d4a0-427f-5773-0ec71c9e0279":"HYPR FIDO2 Authenticator","d716019a-9f4e-4041-9750-17c78f8ae81a":"eToken Fusion BIO","57235694-51a5-4a4d-a81a-f42185df6502":"SHALO AUTH","24673149-6c86-42e7-98d9-433fb5b73296":"YubiKey 5 Series with Lightning","357f2718-434f-4124-8a58-7e28c5e4a2fc":"Deepnet SafeKey/Classic (NFC)","42df17de-06ba-4177-a2bb-6701be1380d6":"Feitian BioPass FIDO2 Plus Authenticator","d7a423ad-3e19-4492-9200-78137dccc136":"VivoKey Apex FIDO2","b3315166-f36c-b05f-fea8-66a3dfdad171":"Ledger Nano Gen5 FIDO2 Authenticator","ba76a271-6eb6-4171-874d-b6428dbe3437":"ATKey.ProS","97e6a830-c952-4740-95fc-7c78dc97ce47":"YubiKey Bio Series - Multi-protocol Edition (Enterprise Profile)","f573f209-b7fb-b261-671a-d7cf624cc812":"Excelsecu eSecu FIDO2 PRO+ Security Key","005b20e1-f146-4b87-8f3a-36848ff60ea6":"SECORA ID V2 by Infineon Pay Edition M","6e24d385-004a-16a0-7bfe-efd963845b34":"Ledger Stax FIDO2 Authenticator","ee882879-721c-4913-9775-3dfcce97072a":"YubiKey 5 Series","8876631b-d4a0-427f-5773-0ec71c9e0279":"Solo Secp256R1 FIDO2 CTAP2 Authenticator","fec067a1-f1d0-4c5e-b4c0-cc3237475461":"KX701 SmartToken FIDO","30b5035e-d297-4ff1-b00b-addc96ba6a98":"OneSpan DIGIPASS FX1 BIO","b267239b-954f-4041-a01b-ee4f33c145b6":"authenton1 - CTAP2.1","b50d5e0a-7f81-4959-9b12-f45407407503":"IDPrime 3940 FIDO","8c97a730-3f7b-41a6-87d6-1e9b62bda6f0":"FT-JCOS FIDO Fingerprint Card","99bf4610-ec26-4252-b31f-7380ccd59db5":"ZTPass SmartAuth","a1f52be5-dfab-4364-b51c-2bd496b14a56":"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR","c3479970-e58a-4f70-836f-853bf42fb063":"YubiKey 5 Series with Lightning (Enterprise Profile)","0f00cc22-4640-41e7-9585-384ec73ffe9b":"Taglio CTAP2.1 BIO","ff4dac45-ede8-4ec2-aced-cf66103f4335":"YubiKey 5 Series","ba86dc56-635f-4141-aef6-00227b1b9af6":"TruU Windows Authenticator","3e078ffd-4c54-4586-8baa-a77da113aec5":"Hideez Key 3 FIDO2","fc5ca237-69a0-4f3c-afe4-1ebc66def6df":"Clife Key 2","ec31b4cc-2acc-4b8e-9c01-bade00ccbe26":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","5d629218-d3a5-11ed-afa1-0242ac120002":"Swissbit iShield Key Pro","bb878d7b-cf54-4784-b390-357030497043":"TruU FIDO2 Authenticator","d41f5a69-b817-4144-a13c-9ebd6d9254d6":"ATKey.Card CTAP2.0","e86addcd-7711-47e5-b42a-c18257b0bf61":"IDCore 3121 Fido","b113a455-cfb6-4c17-8cba-cd952feb7d48":"eToken FIDO NFC","95442b2e-f15e-4def-b270-efb106facb4e":"eWBM eFA310 FIDO2 Authenticator","dda9aa35-aaf1-4d3c-b6db-7902fd7dbbbf":"IDEMIA SOLVO Fly 80 R3 FIDO Card c","cdbdaea2-c415-5073-50f7-c04e968640b6":"Excelsecu eSecu FIDO2 Security Key","3aa78eb1-ddd8-46a8-a821-8f8ec57a7bd5":"YubiKey 5 CCN Series with NFC","bc2fe499-0d8e-4ffe-96f3-94a82840cf8c":"OCTATCO EzQuant FIDO2 AUTHENTICATOR","eb3b131e-59dc-536a-d176-cb7306da10f5":"ellipticSecure MIRkey USB Authenticator","3fd410dc-8ab7-4b86-a1cb-c7174620b2dc":"IDEMIA SOLVO Fly 80 R1 FIDO Card Draft","a6c5f5d8-2ad0-48b6-8257-e502c8970931":"eToken FIDO NFC Enterprise","e400ef8c-711d-4692-af46-7f2cf7da23ad":"Swissbit iShield Key 2 Enterprise","87c13177-85d6-40ac-8c61-fe7ab3de9dfb":"HID Crescendo Key V3","1c086528-58d5-f211-823c-356786e36140":"Atos CardOS FIDO2","77010bd7-212a-4fc9-b236-d2ca5e9d4084":"Feitian BioPass FIDO2 Authenticator","d94a29d9-52dd-4247-9c2d-8b818b610389":"VeriMark Guard Fingerprint Key","7b96457d-e3cd-432b-9ceb-c9fdd7ef7432":"YubiKey 5 FIPS Series with Lightning","7991798a-a7f3-487f-98c0-3faf7a458a04":"HID Crescendo Key V3","833b721a-ff5f-4d00-bb2e-bdda3ec01e29":"Feitian ePass FIDO2 Authenticator","c89674e3-a765-4b07-888a-7c086fbdf04b":"StarSign FIDO Card","a11a5faa-9f32-4b8c-8c5d-2f7d13e8c942":"AliasVault","ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4":"Google Password Manager","adce0002-35bc-c60a-648b-0b25f1f05503":"Chrome on Mac","dd4ec289-e01d-41c9-bb89-70fa845d4bf2":"iCloud Keychain (Managed)","531126d6-e717-415c-9320-3d9aa6981239":"Dashlane","bada5566-a7aa-401f-bd96-45619a55120d":"1Password","b84e4048-15dc-4dd0-8640-f4f60813c8af":"NordPass","0ea242b4-43c4-4a1b-8b17-dd6d0b6baec6":"Keeper","891494da-2c90-4d31-a9cd-4eab0aed1309":"Sésame","f3809540-7f14-49c1-a8b3-8f813b225541":"Enpass","b5397666-4885-aa6b-cebf-e52262a439a2":"Chromium Browser","771b48fd-d3d4-4f74-9232-fc157ab0507a":"Edge on Mac","d548826e-79b4-db40-a3d8-11116f7e8349":"Bitwarden","fbfc3007-154e-4ecc-8c0b-6e020557d7bd":"Apple Passwords","66a0ccb3-bd6a-191f-ee06-e375c50b9846":"Thales Bio iOS SDK","8836336a-f590-0921-301d-46427531eee6":"Thales Bio Android SDK","cd69adb5-3c7a-deb9-3177-6800ea6cb72a":"Thales PIN Android SDK","17290f1e-c212-34d0-1423-365d729f09d9":"Thales PIN iOS SDK","50726f74-6f6e-5061-7373-50726f746f6e":"Proton Pass","fdb141b2-5d84-443e-8a35-4698c205a502":"KeePassXC","eaecdef2-1c31-5634-8639-f1cbd9c00a08":"KeePassDX","bfc748bb-3429-4faa-b9f9-7cfa9f3b76d0":"iPasswords","b35a26b2-8f6e-4697-ab1d-d44db4da28c6":"Zoho Vault","b78a0a55-6ef8-d246-a042-ba0f6d55050c":"LastPass","de503f9c-21a4-4f76-b4b7-558eb55c6f89":"Devolutions","22248c4c-7a12-46e2-9a41-44291b373a4d":"LogMeOnce","a10c6dd9-465e-4226-8198-c7c44b91c555":"Kaspersky Password Manager","d350af52-0351-4ba2-acd3-dfeeadc3f764":"pwSafe","d3452668-01fd-4c12-926c-83a4204853aa":"Microsoft Password Manager","6d212b28-a2c1-4638-b375-5932070f62e9":"initial","d49b2120-b865-4191-8cea-be84a52b0485":"Heimlane Vault","d9be9d39-e6a6-4c28-a581-32b044d986e4":"Sticky Password Manager","70617373-7761-6c6c-6669-646f32303236":"Passwall","c9cadfc9-89a9-489e-a25a-c7e86a4d5f15":"Burp Suite Navigation Recorder"}
+{"fcb1bcb4-f370-078c-6993-bc24d0ae3fbe":"Ledger Nano X FIDO2 Authenticator","6e8d1eae-8d40-4c25-bcf8-4633959afc71":"Veridium iOS SDK","e8b7f4a2-c3d5-e6f7-890a-b1c2d3e4f567":"Sherlocked","9eb7eabc-9db5-49a1-b6c3-555a802093f4":"YubiKey 5 Series with NFC KVZR57","4d41190c-7beb-4a84-8018-adf265a6352d":"Thales IDPrime FIDO Bio","2772ce93-eb4b-4090-8b73-330f48477d73":"Security Key NFC by Yubico - Enterprise Edition Preview","6dae43be-af9c-417b-8b9f-1b611168ec60":"Dapple Authenticator from Dapple Security Inc.","5626bed4-e756-430b-a7ff-ca78c8b12738":"VALMIDO PRO FIDO","260e3021-482d-442d-838c-7edfbe153b7e":"Feitian ePass FIDO2-NFC Plus Authenticator","95e4d58c-056e-4a65-866d-f5a69659e880":"TruU Windows Authenticator","90636e1f-ef82-43bf-bdcf-5255f139d12f":"YubiKey Bio Series - Multi-protocol Edition","9c835346-796b-4c27-8898-d6032f515cc5":"Cryptnox FIDO2","c3f47802-de73-4dfc-ba22-671fe3304f90":"eToken Fusion NFC PIV Enterprise","0d9b2e56-566b-c393-2940-f821b7f15d6d":"Excelsecu eSecu FIDO2 Pro Security Key","2bff89f2-323a-48fc-b7c8-9ff7fe87c07e":"Feitian BioPass FIDO2 Pro (Enterprise Profile)","c5ef55ff-ad9a-4b9f-b580-adebafe026d0":"YubiKey 5 Series with Lightning","2194b428-9397-4046-8f39-007a1605a482":"IDPrime 931 Fido","39a5647e-1853-446c-a1f6-a79bae9f5bc7":"IDmelon","664d9f67-84a2-412a-9ff7-b4f7d8ee6d05":"OpenSK authenticator","3789da91-f943-46bc-95c3-50ea2012f03a":"NEOWAVE Winkeo FIDO2","fa2b99dc-9e39-4257-8f92-4a30d23c4118":"YubiKey 5 Series with NFC","341e4da9-3c2e-8103-5a9f-aad887135200":"Ledger Nano S FIDO2 Authenticator","69700f79-d1fb-472e-bd9b-a3a3b9a9eda0":"Pone Biometrics OFFPAD Authenticator","8da0e4dc-164b-454e-972e-88f362b23d59":"CardOS FIDO2 Token","89b19028-256b-4025-8872-255358d950e4":"Sentry Enterprises CTAP2 Authenticator","4e768f2c-5fab-48b3-b300-220eb487752b":"Hideez Key 4 FIDO2 SDK","47ab2fb4-66ac-4184-9ae1-86be814012d5":"Security Key NFC by Yubico - Enterprise Edition","931327dd-c89b-406c-a81e-ed7058ef36c6":"Swissbit iShield Key FIDO2","f8d5c4e9-e539-4c06-8662-ec2a4155a555":"StarSign Key Fob","b7d3f68e-88a6-471e-9ecf-2df26d041ede":"Security Key NFC by Yubico","8d1b1fcb-3c76-49a9-9129-5515b346aa02":"IDEMIA ID-ONE Card","30b5035e-d297-4ff7-020b-addc96ba6a98":"OneSpan DIGIPASS FX7","454e5346-4944-4ffd-6c93-8e9267193e9a":"Ensurity ThinC","e1a96183-5016-4f24-b55b-e3ae23614cc6":"ATKey.Pro CTAP2.0","9ff4cc65-6154-4fff-ba09-9e2af7882ad2":"Security Key NFC by Yubico - Enterprise Edition (Enterprise Profile)","4599062e-6926-4fe7-9566-9e8fb1aedaa0":"YubiKey 5 Series (Enterprise Profile)","9d3df6ba-282f-11ed-a261-0242ac120002":"Arculus FIDO2/U2F Key Card","fbefdf68-fe86-0106-213e-4d5fa24cbe2e":"Excelsecu eSecu FIDO2 NFC Security Key","62e54e98-c209-4df3-b692-de71bb6a8528":"YubiKey 5 FIPS Series with NFC Preview","ab32f0c6-2239-afbb-c470-d2ef4e254db7":"TOKEN2 FIDO2 Security Key","ce6bf97f-9f69-4ba7-9032-97adc6ca5cf1":"YubiKey 5 FIPS Series with NFC (RC Preview)","ad08c78a-4e41-49b9-86a2-ac15b06899e2":"YubiKey Bio Series - FIDO Edition (Enterprise Profile)","930b0c03-ef46-4ac4-935c-538dccd1fcdb":"Chipwon Clife Key","7787a482-13e8-4784-8a06-c7ed49a7aaf4":"Swissbit iShield Key 2","72c6b72d-8512-4c66-8359-9d3d10d9222f":"Security Key NFC by Yubico - Enterprise Edition (Enterprise Profile)","99ed6c29-4573-4847-816d-78ad8f1c75ef":"VeroCard FIDO2 Authenticator","973446ca-e21c-9a9b-99f5-9b985a67af0f":"ACS FIDO Authenticator Card","74820b05-a6c9-40f9-8fb0-9f86aca93998":"SafeNet eToken Fusion","1105e4ed-af1d-02ff-ffff-ffffffffffff":"Egomet FIDO2 Authenticator for Android","08987058-cadc-4b81-b6e1-30de50dcbe96":"Windows Hello","a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa":"Security Key NFC by Yubico","0acf3011-bc60-f375-fb53-6f05f43154e0":"Nymi FIDO2 Authenticator","d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3":"KEY-ID FIDO2 Authenticator","8eec9bf9-486c-46da-9a67-1fbb4f66b9ed":"HID Crescendo 4000 FIPS","4c50ff10-1057-4fc6-b8ed-43a529530c3c":"ImproveID Authenticator","c611b55c-77b2-4527-8082-590e931b2f08":"GoTrust Idem Key ","ee041bce-25e5-4cdb-8f86-897fd6418464":"Feitian ePass FIDO2-NFC Authenticator","2588ae83-5a3b-4536-b8de-5e540200d191":"Dapple Authenticator from Dapple Security Inc.","4b89f401-464e-4745-a520-486ddfc5d80e":"IIST FIDO2 Authenticator","2cd2f727-f6ca-44da-8f48-5c2e5da000a2":"Nitrokey 3 AM","10c70715-2a9a-4de1-b0aa-3cff6d496d39":"eToken Fusion NFC FIPS","efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4":"Safenet eToken FIDO","24083bcb-3034-4867-99de-a3b52e1d426a":"Enterprise Security Key Series with NFC (Consumer Profile)","4b3f8944-d4f2-4d21-bb19-764a986ec160":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","4c0cf95d-2f40-43b5-ba42-4c83a11c04ba":"Feitian BioPass FIDO2 Pro Authenticator","5343502d-5343-5343-6172-644649444f32":"ESS Smart Card Inc. Authenticator","69e7c36f-f2f6-9e0d-07a6-bcc243262e6b":"OneKey FIDO2 Authenticator","524de2de-982f-49b4-a769-2b5e3b73ad79":"YubiKey 5 Series (Enterprise Profile)","09591fc6-9811-48f7-8f57-b9f23df6413f":"Pone Biometrics OFFPAD Authenticator","912435d9-4a88-42f3-972d-1244b0d51420":"SI0X FIDO CL WRIST v1.0","7e3f3d30-3557-4442-bdae-139312178b39":"RSA DS100","73bb0cd4-e502-49b8-9c6f-b59445bf720b":"YubiKey 5 FIPS Series","39589099-9a75-49fc-afaa-801ca211c62a":"Feitian ePass FIDO-NFC (Enterprise Profile) (CTAP2.1, CTAP2.0, U2F)","dc5e949d-f939-43b3-9877-a85c7186b753":"YubiKey Bio Multi-protocol Edition (Enterprise Profile)","149a2021-8ef6-4133-96b8-81f8d5b7f1f5":"Security Key by Yubico with NFC","5df66f62-5b47-43d3-aa1d-a6e31c8dbeb5":"Securitag Assembly Group FIDO Authenticator NFC","9a272558-5cfa-4424-be37-65509677b77d":"SECORA ID Key S USB by Infineon Consumer Edition","09619fbf-d75e-4a62-be1d-fe4d240864ae":"VeriMark(TM) Guard 2.1 Fingerprint Security Key","50cbf15a-238c-4457-8f16-812c43bf3c49":"Ensurity AUTH TouchPro","ee7fa1e0-9539-432f-bd43-9c2fc6d4f311":"VeriMark NFC+ USB-C Security Key","b90e7dc1-316e-4fee-a25a-56a666a670fe":"YubiKey 5 Series with Lightning (Enterprise Profile)","6d4aa745-dad5-40c4-b9b4-6a252fcee70f":"GoTrust Cyber Key","175cd298-83d2-4a26-b637-313c07a6434e":"Chunghwa Telecom FIDO2 Smart Card Authenticator","34744913-4f57-4e6e-a527-e9ec3c4b94e6":"YubiKey Bio Series - Multi-protocol Edition","5ea308b2-7ac7-48b9-ac09-7e2da9015f8c":"Veridium Android SDK","3b1adb99-0dfe-46fd-90b8-7f7614a4de2a":"GoTrust Idem Key","46544d5d-8f5d-4db4-89ac-ea8977073fff":"Foongtone FIDO Authenticator","0a357157-9b18-4c8a-920e-d156e972b2f8":"YubiKey 5 Series (Consumer Profile)","998f358b-2dd2-4cbe-a43a-e8107438dfb3":"OnlyKey Secp256R1 FIDO2 CTAP2 Authenticator","30b5035e-d297-4ff2-010b-addc96ba6a98":"OneSpan DIGIPASS FX2-A","817cdab8-0d51-4de1-a821-e25b88519cf3":"Swissbit iShield Key 2 FIPS","61250591-b2bc-4456-b719-0b17be90bb30":"eWBM eFPA FIDO2 Authenticator","8c39ee86-7f9a-4a95-9ba3-f6b097e5c2ee":"YubiKey Bio Series - FIDO Edition (Enterprise Profile)","f8a011f3-8c0a-4d15-8006-17111f9edc7d":"Security Key by Yubico","8976631b-d4a0-427f-5773-0ec71c9e0279":"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator","7dab85a5-d16d-4eaf-a7ef-4c1385b151c5":"YubiKey 5 Series with NFC (Consumer Profile) KVZR57-2","516d3969-5a57-5651-5958-4e7a49434167":"SmartDisplayer BobeePass FIDO2 Authenticator","8681a073-5f50-4d52-bce4-e21658d207b3":"RSA Authenticator 4 for iOS","30b5035e-d297-4ff7-030b-addc96ba6a98":"OneSpan DIGIPASS FX7-C","e41b42a3-60ac-4afb-8757-a98f2d7f6c9f":"Deepnet SafeKey/Classic (FP)","c89e6a38-6c00-5426-5aa5-c9cbf48f0382":"ACS FIDO Authenticator NFC","eb7ef748-cbe0-4b40-b8f6-07bd2d592d35":"YubiKey 5 CCN Series with NFC (Consumer Profile)","a02167b9-ae71-4ac7-9a07-06432ebb6f1c":"YubiKey 5 Series with Lightning","82b0a720-127a-4788-b56d-d1d4b2d82eac":"ID-One Key","2c0df832-92de-4be1-8412-88a8f074df4a":"Feitian FIDO Smart Card","59f85fe7-faa5-4c92-9f52-697b9d4d5473":"RSA Authenticator 4 for Android","22682ee5-4f0e-4c19-be3e-797d5770ebfe":"Precision InnaIT Key FIDO 2 Level 2 certified","79f3c8ba-9e35-484b-8f47-53a5a0f5c630":"YubiKey 5 FIPS Series with NFC (Enterprise Profile)","6e34341a-88c7-483d-b777-a425c355be93":"WebComm OETHenticator","7a53c643-9dec-4219-b3a4-f9d24aca4e12":"G+D StarKey FIDO2-NFC","def8ab1a-9f91-44f1-a103-088d8dc7d681":"IDEMIA SOLVO Fly 80 R3 FIDO Card e","9955a1cd-564c-d388-ad68-9878a27be9f1":"StarSign Chase FIDO Card","9dd8d593-2213-438a-97f8-d6b813d51c27":"YubiKey Bio Fido Edition (Consumer Profile)","970c8d9c-19d2-46af-aa32-3f448db49e35":"WinMagic FIDO Eazy - TPM","c5703116-972b-4851-a3e7-ae1259843399":"NEOWAVE Badgeo FIDO2","c80dbd9a-533f-4a17-b941-1a2f1c7cedff":"HID Crescendo C3000","0b8b05a4-ebd4-4b0b-8f5f-33d7b6e606ab":"HID Crescendo 4000","5b0e46ba-db02-44ac-b979-ca9b84f5e335":"YubiKey 5 FIPS Series with Lightning Preview","12755c32-8ad1-46eb-881c-e0b38d848b09":"Feitian ePass FIDO Authenticator (CTAP2.1, CTAP2.0, U2F)","2a55aee6-27cb-42c0-bc6e-04efe999e88a":"HID Crescendo 4000","820d89ed-d65a-409e-85cb-f73f0578f82a":"IDmelon Authenticator","019614a3-2703-7e35-a453-285fd06c5d24":"ATLKey Authenticator","3124e301-f14e-4e38-876d-fbeeb090e7bf":"YubiKey 5 Series with Lightning Preview","b6ede29c-3772-412c-8a78-539c1f4c62d2":"Feitian BioPass FIDO2 Plus Authenticator","ed042a3a-4b22-4455-bb69-a267b652ae7e":"Security Key NFC by Yubico - Enterprise Edition","b2c1a50b-dad8-4dc7-ba4d-0ce9597904bc":"YubiKey 5 Series with NFC - Enhanced PIN (Enterprise Profile)","85203421-48f9-4355-9bc8-8a53846e5083":"YubiKey 5 FIPS Series with Lightning","fcc0118f-cd45-435b-8da1-9782b2da0715":"YubiKey 5 FIPS Series with NFC","d821a7d4-e97c-4cb6-bd82-4237731fd4be":"Hyper FIDO Bio Security Key","9876631b-d4a0-427f-5773-0ec71c9e0279":"Somu Secp256R1 FIDO2 CTAP2 Authenticator","522a3f91-5f5d-480d-be37-6cecfad5a27b":"Precision InnaIT Key FIDO 2 Level 2 certified","f56f58b3-d711-4afc-ba7d-6ac05f88cb19":"WinMagic FIDO Eazy - Phone","6ec5cff2-a0f9-4169-945b-f33b563f7b99":"YubiKey Bio Series - Multi-protocol Edition (Enterprise Profile)","882adaf5-3aa9-4708-8e7d-3957103775b4":"T-Shield TrustSec FIDO2 Bio and client PIN version","49a15c1c-3f63-3f51-23a7-b9e00096edd1":"IDEX CTAP2.1 Biometrics","f4c63eff-d26c-4248-801c-3736c7eaa93a":"FIDO KeyPass S3","d384db22-4d50-ebde-2eac-5765cf1e2a44":"Excelsecu eSecu FIDO2 Fingerprint Security Key","0db01cd6-5618-455b-bb46-1ec203d3213e":"GoldKey Security Token","b93fd961-f2e6-462f-b122-82002247de78":"Android Authenticator","aa79f476-ea00-417e-9628-1e8365123922":"HID Crescendo 4000 FIDO","1e906e14-77af-46bc-ae9f-fe6ef18257e4":"VeridiumID Passkey iOS SDK","2fc0579f-8113-47ea-b116-bb5a8db9202a":"YubiKey 5 Series with NFC","31c3f7ff-bf15-4327-83ec-9336abcbcd34":"WinMagic FIDO Eazy - Software","cb4f796c-a20a-af9e-d639-213c1ec247f3":"ACS PocketKey+ Bio","9ddd1817-af5a-4672-a2b9-3e3dd95000a9":"Windows Hello","d8522d9f-575b-4866-88a9-ba99fa02f35b":"YubiKey Bio Series - FIDO Edition","050dd0bc-ff20-4265-8d5d-305c4b215192":"eToken Fusion FIPS","50a45b0c-80e7-f944-bf29-f552bfa2e048":"ACS FIDO Authenticator","f7c558a0-f465-11e8-b568-0800200c9a66":"KONAI Secp256R1 FIDO2 Conformance Testing CTAP2 Authenticator","3f59672f-20aa-4afe-b6f4-7e5e916b6d98":"Arculus FIDO 2.1 Key Card [P71]","42b4fb4a-2866-43b2-9bf7-6c6669c2e5d3":"Google Titan Security Key v2","361a3082-0278-4583-a16f-72a527f973e4":"eWBM eFA500 FIDO2 Authenticator","2ffd6452-01da-471f-821b-ea4bf6c8676a":"IDPrime 941 Fido","9806a2c8-c0da-478e-b4ca-620005d34182":"YubiKey Bio Multi-protocol Edition (Consumer Profile) 1VDJSN-2","03012cb7-4fb2-42e7-9e8d-a81f10e2a5e9":"YubiKey 5 Series with Lightning (Consumer Profile)","30b5035e-d297-4ff7-b00b-addc96ba6a98":"OneSpan DIGIPASS FX7","0f083f18-4105-43a8-ad69-24e812e38141":"Security Key Series with NFC (Consumer Profile)","5eaff75a-dd43-451f-af9f-87c9eeae293e":"Swissbit iShield Key 2 FIPS Enterprise","b415094c-49d3-4c8b-b3fe-7d0ad28a6bc4":"ZTPass SmartAuth","692db549-7ae5-44d5-a1e5-dd20a493b723":"HID Crescendo Key","0ebd9f2c-f685-441c-8c3e-a02a234a840a":"YubiKey 5 Series with NFC Enhanced PIN (Consumer Profile)","23315ad0-6aca-4ba1-952e-f044f1e36976":"Clife Key 2 NFC","1d1b4e33-76a1-47fb-97a0-14b10d0933f1":"Cryptnox FIDO2.1","bbf4b6a7-679d-f6fc-c4f2-8ac0ddf9015a":"Excelsecu eSecu FIDO2 PRO Security Key","3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d":"Feitian iePass FIDO Authenticator","ab7d1767-3fa0-4388-b6c4-feef7a844809":"Enterprise Security Key Series with NFC (Enterprise Profile)","f4ce5fc0-57d3-46f5-a736-efb7d5bc63b5":"YubiKey 5 Series with NFC (Consumer Profile)","23786452-f02d-4344-87ed-aaf703726881":"SafeNet eToken Fusion CC","5e264d9d-28ef-4d34-95b4-5941e7a4faa8":"Ideem ZSM FIDO2 Authenticator","d2fbd093-ee62-488d-9dad-1e36389f8826":"YubiKey 5 FIPS Series (RC Preview)","234cd403-35a2-4cc2-8015-77ea280c77f5":"Feitian ePass FIDO2-NFC Series (CTAP2.1, CTAP2.0, U2F)","6999180d-630c-442d-b8f7-424b90a43fae":"Hyper FIDO Pro (CTAP2.1, CTAP2.0, U2F)","662ef48a-95e2-4aaa-a6c1-5b9c40375824":"YubiKey 5 Series with NFC - Enhanced PIN","aeb6569c-f8fb-4950-ac60-24ca2bbe2e52":"HID Crescendo C2300","87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c":"eWBM eFA320 FIDO2 Authenticator","58276709-bb4b-4bb3-baf1-60eea99282a7":"YubiKey Bio Series - Multi-protocol Edition 1VDJSN","7d2afadd-bf6b-44a2-a66b-e831fceb8eff":"Taglio CTAP2.1 EP","30b5035e-d297-4ff1-020b-addc96ba6a98":"OneSpan DIGIPASS FX1-C","04a8fcf2-19c1-457b-911e-69219f17583f":"Thales PAY GFCX13 authenticator","20ac7a17-c814-4833-93fe-539f0d5e3389":"YubiKey 5 Series (Enterprise Profile)","9012593f-43e4-4461-a97a-d92777b55d74":"VinCSS FIDO2 Fingerprint","d7781e5d-e353-46aa-afe2-3ca49f13332a":"YubiKey 5 Series with NFC","9f0d8150-baa5-4c00-9299-ad62c8bb4e87":"GoTrust Idem Card","12ded745-4bed-47d4-abaa-e713f51d6393":"Feitian AllinOne FIDO2 Authenticator","88bbd2f0-342a-42e7-9729-dd158be5407a":"Precision InnaIT Key FIDO 2 Level 2 certified","1d8cac46-47a1-3386-af50-e88ae46fe802":"Ledger Flex FIDO2 Authenticator","dd86a2da-86a0-4cbe-b462-4bd31f57bc6f":"YubiKey Bio Series - FIDO Edition","773c30d9-5919-4e96-a4f5-db65e95cf890":"GSTAG OAK FIDO2 Authenticator","34f5766d-1536-4a24-9033-0e294e510fb0":"YubiKey 5 Series with NFC Preview","83c47309-aabb-4108-8470-8be838b573cb":"YubiKey Bio Series - FIDO Edition (Enterprise Profile)","c1288a5c-d66b-495c-a68f-4e81f9ec5b53":"Deepnet SafeKey/Classic (FP) XF","4e2ddbc2-2687-4709-8551-cb66c9776bfe":"SECORA ID V2 FIDO2.1 L1","be727034-574a-f799-5c76-0929e0430973":"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)","092277e5-8437-46b5-b911-ea64b294acb7":"Taglio CTAP2.1 CS","ca87cb70-4c1b-4579-a8e8-4efdd7c007e0":"FIDO Alliance TruU Sample FIDO2 Authenticator","23195a52-62d9-40fa-8ee5-23b173f4fb52":"Hyper FIDO Pro NFC","ba0a9266-40d8-4048-9786-d710b5474752":"YubiKey Bio Multi-protocol Edition (Consumer Profile)","3e9db280-256a-4e17-b08e-19d79e9be166":"SECORA ID V2 by Infineon Pay Edition","a7fc3f84-86a3-4da4-a3d7-eb6485a066d8":"NEOWAVE Badgeo FIDO2 (CTAP 2.1)","1f8e43df-71ff-e11d-bea3-c4ee7003b232":"Thetis Pro FIDO2 Key","3ec9c8d3-a5a7-415b-a7b5-f1d606368d3f":"YubiKey 5 CCN Series with NFC (Enterprise Profile)","9e66c661-e428-452a-a8fb-51f7ed088acf":"YubiKey 5 FIPS Series with Lightning (RC Preview)","58b44d0b-0a7c-f33a-fd48-f7153c871352":"Ledger Nano S Plus FIDO2 Authenticator","9a3f2abd-a73d-439c-9ee7-1b53a857eaa7":"YubiKey 5 Series with NFC Enhanced PIN (Enterprise Profile)","454e5346-4944-4ffd-6c93-8e9267193e9b":"Ensurity AUTH BioPro","41e39911-c669-4811-b860-c6ad0b411b96":"YubiKey 5 Series with NFC (Enterprise Profile)","146e77ef-11eb-4423-b847-ce77864e9411":"eToken Fusion NFC PIV","13ac47cf-1d78-4fd5-9060-aedaabacf826":"HID Crescendo Key V3 - Enterprise Edition","e77e3c64-05e3-428b-8824-0cbeb04b829d":"Security Key NFC by Yubico","33d6d7d0-279f-4ef3-96b3-2d3282f4bde6":"Thales eToken Fusion BIO Enterprise","8d4378b0-725d-4432-b3c2-01fcdaf46286":"VeridiumID Passkey Android SDK","7409272d-1ff9-4e10-9fc9-ac0019c124fd":"YubiKey Bio Series - FIDO Edition","bb66c294-de08-47e4-b7aa-d12c2cd3fb20":"Mettlesemi Vishwaas Hawk Authenticator using FIDO2","c4ddaf11-3032-4e77-b3b9-3a340369b9ad":"HID Crescendo Fusion","add92433-0d69-4026-8166-29b25bce64e9":"YubiKey Bio Fido Edition (Enterprise Profile)","7d1351a6-e097-4852-b8bf-c9ac5c9ce4a3":"YubiKey Bio Series - Multi-protocol Edition","07a9f89c-6407-4594-9d56-621d5f1e358b":"NXP Semiconductros FIDO2 Conformance Testing CTAP2 Authenticator","d61d3b87-3e7c-4aea-9c50-441c371903ad":"KeyVault Secp256R1 FIDO2 CTAP2 Authenticator","c62100de-759b-4bf8-b22b-63b3e3a80401":"Token Ring 3 FIDO2 Authenticator","5ca1ab1e-1337-fa57-f1d0-a117e71ca702":"Allthenticator iOS App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers","b92c3f9a-c014-4056-887f-140a2501163b":"Security Key by Yubico","54d9fee8-e621-4291-8b18-7157b99c5bec":"HID Crescendo Enabled","72a2b5b1-95a5-4df9-a881-4192aff4f72e":"GoTrust Idem Key mini","a25342c0-3cdc-4414-8e46-f4807fca511c":"YubiKey 5 Series with NFC","3a662962-c6d4-4023-bebb-98ae92e78e20":"YubiKey 5 FIPS Series with Lightning (Enterprise Profile)","20f0be98-9af9-986a-4b42-8eca4acb28e4":"Excelsecu eSecu FIDO2 Fingerprint Security Key","ca4cff1b-5a81-4404-8194-59aabcf1660b":"IDPrime 3930 FIDO","ab32f0c6-2239-afbb-c470-d2ef4e254db6":"TEST (DUMMY RECORD)","760eda36-00aa-4d29-855b-4012a182cdeb":"Security Key NFC by Yubico Preview","6028b017-b1d4-4c02-b4b3-afcdafc96bb2":"Windows Hello","b12eac35-586c-4809-a4b1-d81af6c305cf":"Deepnet SafeKey/Classic (NFC)","30b5035e-d297-4fc1-b00b-addc96ba6a97":"OneSpan FIDO Touch","560a780c-b6ae-4f03-b110-082f856425b4":"KQC QuKey Bio FIDO2 Authenticator","1ac71f64-468d-4fe0-bef1-0e5f2f551f18":"YubiKey 5 Series with NFC (Enterprise Profile)","6d44ba9b-f6ec-2e49-b930-0c8fe920cb73":"Security Key by Yubico with NFC","6832d205-75f2-44c7-a864-e868c796d06e":"Precision InnaIT Key FIDO 2 Level 2 certified","9eb85bb6-9625-4a72-815d-0487830ccab2":"Ensurity AUTH BioPro Desktop","30b5035e-d297-4ff7-010b-addc96ba6a98":"OneSpan DIGIPASS FX7-B","5ca1ab1e-fa57-1337-f1d0-a117371ca702":"Allthenticator Android App: roaming BLE FIDO2 Allthenticator for Windows, Mac, Linux, and Allthenticate door readers","eabb46cc-e241-80bf-ae9e-96fa6d2975cf":"TOKEN2 PIN Plus Security Key Series ","53414d53-554e-4700-0000-000000000000":"Samsung Pass","e416201b-afeb-41ca-a03d-2281c28322aa":"ATKey.Pro CTAP2.1","905b4cb4-ed6f-4da9-92fc-45e0d4e9b5c7":"YubiKey 5 FIPS Series (Enterprise Profile)","cfcb13a2-244f-4b36-9077-82b79d6a7de7":"USB/NFC Passcode Authenticator","76692dc1-c56a-48d9-8e7d-31b5ced430ac":"VeriMark NFC+ USB-A Security Key","91ad6b93-264b-4987-8737-3a690cad6917":"Token Ring FIDO2 Authenticator","a02140b7-0cbd-42e1-a9b5-a39da2545114":"Feitian BioPass FIDO2 Plus (Enterprise Profile)","5753362b-4e6b-6345-7b2f-255438404c75":"WiSECURE Blentity FIDO2 Authenticator","9f77e279-a6e2-4d58-b700-31e5943c6a98":"Hyper FIDO Pro","b9f6b7b6-f929-4189-bca9-dd951240c132":"Deepnet SafeKey/Classic (USB)","cc45f64e-52a2-451b-831a-4edd8022a202":"ToothPic Passkey Provider","0bb43545-fd2c-4185-87dd-feb0b2916ace":"Security Key NFC by Yubico - Enterprise Edition","73402251-f2a8-4f03-873e-3cb6db604b03":"uTrust FIDO2 Security Key","c1f9a0bc-1dd2-404a-b27f-8e29047a43fd":"YubiKey 5 FIPS Series with NFC","70e7c36f-f2f6-9e0d-07a6-bcc243262e6b":"OneKey FIDO2 Bluetooth Authenticator","4fc84f16-2545-4e53-b8fc-7bf4d7282a10":"YubiKey 5 CCN Series with NFC (Enterprise Profile)","6ab56fad-881f-4a43-acb2-0be065924522":"YubiKey 5 Series with NFC (Enterprise Profile)","504d7149-4e4c-3841-4555-55445a677357":"WiSECURE AuthTron USB FIDO2 Authenticator","2c2aeed8-8174-4159-814b-486e92a261d0":"NEOWAVE WINKEO V2.0","f2145e86-211e-4931-b874-e22bba7d01cc":"ID-One Key","53334693-4b3f-4198-8857-53772de2ab65":"Precision InnaIT Key FIDO 2 Level 2 certified","a3975549-b191-fd67-b8fb-017e2917fdb3":"Excelsecu eSecu FIDO2 NFC Security Key","19083c3d-8383-4b18-bc03-8f1c9ab2fd1b":"YubiKey 5 Series","da1fa263-8b25-42b6-a820-c0036f21ba7f":"ATKey.Card NFC","6002f033-3c07-ce3e-d0f7-0ffe5ed42543":"Excelsecu eSecu FIDO2 Fingerprint Key","5fdb81b8-53f0-4967-a881-f5ec26fe4d18":"VinCSS FIDO2 Authenticator","78ba3993-d784-4f44-8d6e-cc0a8ad5230e":"Feitian ePass FIDO-NFC(CTAP2.1, CTAP2.0, U2F)","57f7de54-c807-4eab-b1c6-1c9be7984e92":"YubiKey 5 FIPS Series","bb405265-40cf-4115-93e5-a332c1968d8c":"ID-One Card","2d3bec26-15ee-4f5d-88b2-53622490270b":"HID Crescendo Key V2","489ff376-b48d-6640-bb69-782a860ca795":"Mettlesemi Vishwaas Eagle Authenticator using FIDO2","3b24bf49-1d45-4484-a917-13175df0867b":"YubiKey 5 Series with Lightning (Enterprise Profile)","30b5035e-d297-4ff1-010b-addc96ba6a98":"OneSpan DIGIPASS FX1a","cb69481e-8ff7-4039-93ec-0a2729a154a8":"YubiKey 5 Series","0076631b-d4a0-427f-5773-0ec71c9e0279":"HYPR FIDO2 Authenticator","d716019a-9f4e-4041-9750-17c78f8ae81a":"eToken Fusion BIO","57235694-51a5-4a4d-a81a-f42185df6502":"SHALO AUTH","24673149-6c86-42e7-98d9-433fb5b73296":"YubiKey 5 Series with Lightning","357f2718-434f-4124-8a58-7e28c5e4a2fc":"Deepnet SafeKey/Classic (NFC)","42df17de-06ba-4177-a2bb-6701be1380d6":"Feitian BioPass FIDO2 Plus Authenticator","d7a423ad-3e19-4492-9200-78137dccc136":"VivoKey Apex FIDO2","b3315166-f36c-b05f-fea8-66a3dfdad171":"Ledger Nano Gen5 FIDO2 Authenticator","ba76a271-6eb6-4171-874d-b6428dbe3437":"ATKey.ProS","97e6a830-c952-4740-95fc-7c78dc97ce47":"YubiKey Bio Series - Multi-protocol Edition (Enterprise Profile)","f573f209-b7fb-b261-671a-d7cf624cc812":"Excelsecu eSecu FIDO2 PRO+ Security Key","005b20e1-f146-4b87-8f3a-36848ff60ea6":"SECORA ID V2 by Infineon Pay Edition M","6e24d385-004a-16a0-7bfe-efd963845b34":"Ledger Stax FIDO2 Authenticator","ee882879-721c-4913-9775-3dfcce97072a":"YubiKey 5 Series","8876631b-d4a0-427f-5773-0ec71c9e0279":"Solo Secp256R1 FIDO2 CTAP2 Authenticator","fec067a1-f1d0-4c5e-b4c0-cc3237475461":"KX701 SmartToken FIDO","30b5035e-d297-4ff1-b00b-addc96ba6a98":"OneSpan DIGIPASS FX1 BIO","b267239b-954f-4041-a01b-ee4f33c145b6":"authenton1 - CTAP2.1","b50d5e0a-7f81-4959-9b12-f45407407503":"IDPrime 3940 FIDO","8c97a730-3f7b-41a6-87d6-1e9b62bda6f0":"FT-JCOS FIDO Fingerprint Card","99bf4610-ec26-4252-b31f-7380ccd59db5":"ZTPass SmartAuth","a1f52be5-dfab-4364-b51c-2bd496b14a56":"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR","c3479970-e58a-4f70-836f-853bf42fb063":"YubiKey 5 Series with Lightning (Enterprise Profile)","0f00cc22-4640-41e7-9585-384ec73ffe9b":"Taglio CTAP2.1 BIO","ff4dac45-ede8-4ec2-aced-cf66103f4335":"YubiKey 5 Series","ba86dc56-635f-4141-aef6-00227b1b9af6":"TruU Windows Authenticator","3e078ffd-4c54-4586-8baa-a77da113aec5":"Hideez Key 3 FIDO2","fc5ca237-69a0-4f3c-afe4-1ebc66def6df":"Clife Key 2","ec31b4cc-2acc-4b8e-9c01-bade00ccbe26":"KeyXentic FIDO2 Secp256R1 FIDO2 CTAP2 Authenticator","5d629218-d3a5-11ed-afa1-0242ac120002":"Swissbit iShield Key Pro","bb878d7b-cf54-4784-b390-357030497043":"TruU FIDO2 Authenticator","d41f5a69-b817-4144-a13c-9ebd6d9254d6":"ATKey.Card CTAP2.0","e86addcd-7711-47e5-b42a-c18257b0bf61":"IDCore 3121 Fido","b113a455-cfb6-4c17-8cba-cd952feb7d48":"eToken FIDO NFC","95442b2e-f15e-4def-b270-efb106facb4e":"eWBM eFA310 FIDO2 Authenticator","dda9aa35-aaf1-4d3c-b6db-7902fd7dbbbf":"IDEMIA SOLVO Fly 80 R3 FIDO Card c","cdbdaea2-c415-5073-50f7-c04e968640b6":"Excelsecu eSecu FIDO2 Security Key","3aa78eb1-ddd8-46a8-a821-8f8ec57a7bd5":"YubiKey 5 CCN Series with NFC","bc2fe499-0d8e-4ffe-96f3-94a82840cf8c":"OCTATCO EzQuant FIDO2 AUTHENTICATOR","eb3b131e-59dc-536a-d176-cb7306da10f5":"ellipticSecure MIRkey USB Authenticator","3fd410dc-8ab7-4b86-a1cb-c7174620b2dc":"IDEMIA SOLVO Fly 80 R1 FIDO Card Draft","a6c5f5d8-2ad0-48b6-8257-e502c8970931":"eToken FIDO NFC Enterprise","e400ef8c-711d-4692-af46-7f2cf7da23ad":"Swissbit iShield Key 2 Enterprise","87c13177-85d6-40ac-8c61-fe7ab3de9dfb":"HID Crescendo Key V3","1c086528-58d5-f211-823c-356786e36140":"Atos CardOS FIDO2","77010bd7-212a-4fc9-b236-d2ca5e9d4084":"Feitian BioPass FIDO2 Authenticator","d94a29d9-52dd-4247-9c2d-8b818b610389":"VeriMark Guard Fingerprint Key","7b96457d-e3cd-432b-9ceb-c9fdd7ef7432":"YubiKey 5 FIPS Series with Lightning","7991798a-a7f3-487f-98c0-3faf7a458a04":"HID Crescendo Key V3","833b721a-ff5f-4d00-bb2e-bdda3ec01e29":"Feitian ePass FIDO2 Authenticator","c89674e3-a765-4b07-888a-7c086fbdf04b":"StarSign FIDO Card","a11a5faa-9f32-4b8c-8c5d-2f7d13e8c942":"AliasVault","ea9b8d66-4d01-1d21-3ce4-b6b48cb575d4":"Google Password Manager","adce0002-35bc-c60a-648b-0b25f1f05503":"Chrome on Mac","dd4ec289-e01d-41c9-bb89-70fa845d4bf2":"iCloud Keychain (Managed)","531126d6-e717-415c-9320-3d9aa6981239":"Dashlane","bada5566-a7aa-401f-bd96-45619a55120d":"1Password","b84e4048-15dc-4dd0-8640-f4f60813c8af":"NordPass","0ea242b4-43c4-4a1b-8b17-dd6d0b6baec6":"Keeper","891494da-2c90-4d31-a9cd-4eab0aed1309":"Sésame","f3809540-7f14-49c1-a8b3-8f813b225541":"Enpass","b5397666-4885-aa6b-cebf-e52262a439a2":"Chromium Browser","771b48fd-d3d4-4f74-9232-fc157ab0507a":"Edge on Mac","d548826e-79b4-db40-a3d8-11116f7e8349":"Bitwarden","fbfc3007-154e-4ecc-8c0b-6e020557d7bd":"Apple Passwords","66a0ccb3-bd6a-191f-ee06-e375c50b9846":"Thales Bio iOS SDK","8836336a-f590-0921-301d-46427531eee6":"Thales Bio Android SDK","cd69adb5-3c7a-deb9-3177-6800ea6cb72a":"Thales PIN Android SDK","17290f1e-c212-34d0-1423-365d729f09d9":"Thales PIN iOS SDK","50726f74-6f6e-5061-7373-50726f746f6e":"Proton Pass","fdb141b2-5d84-443e-8a35-4698c205a502":"KeePassXC","eaecdef2-1c31-5634-8639-f1cbd9c00a08":"KeePassDX","9addb28c-b46f-4402-808f-019651441ff3":"KeePassPasskey","bfc748bb-3429-4faa-b9f9-7cfa9f3b76d0":"iPasswords","b35a26b2-8f6e-4697-ab1d-d44db4da28c6":"Zoho Vault","b78a0a55-6ef8-d246-a042-ba0f6d55050c":"LastPass","de503f9c-21a4-4f76-b4b7-558eb55c6f89":"Devolutions","22248c4c-7a12-46e2-9a41-44291b373a4d":"LogMeOnce","a10c6dd9-465e-4226-8198-c7c44b91c555":"Kaspersky Password Manager","d350af52-0351-4ba2-acd3-dfeeadc3f764":"pwSafe","d3452668-01fd-4c12-926c-83a4204853aa":"Microsoft Password Manager","6d212b28-a2c1-4638-b375-5932070f62e9":"initial","d49b2120-b865-4191-8cea-be84a52b0485":"Heimlane Vault","d9be9d39-e6a6-4c28-a581-32b044d986e4":"Sticky Password Manager","70617373-7761-6c6c-6669-646f32303236":"Passwall","c9cadfc9-89a9-489e-a25a-c7e86a4d5f15":"Burp Suite Navigation Recorder"}
From 0c95b7c3cc171ed77b51f236009b5ff659da0bec Mon Sep 17 00:00:00 2001
From: Elias Schneider
Date: Fri, 29 May 2026 09:14:44 +0200
Subject: [PATCH 02/11] feat: add support for `response_mode=fragment`
---
backend/internal/dto/validations.go | 4 +-
backend/internal/dto/validations_test.go | 3 +-
frontend/src/routes/authorize/+page.svelte | 45 ++++++++++++-------
tests/specs/oidc.spec.ts | 50 ++++++++++++++++++++++
4 files changed, 83 insertions(+), 19 deletions(-)
diff --git a/backend/internal/dto/validations.go b/backend/internal/dto/validations.go
index 2380775c..72035972 100644
--- a/backend/internal/dto/validations.go
+++ b/backend/internal/dto/validations.go
@@ -92,11 +92,11 @@ func ValidateCallbackURLPattern(raw string) bool {
}
// ValidateResponseMode validates response_mode parameter
-// If responseMode is present, it must be "form_post" or "query"
+// If responseMode is present, it must be "form_post", "query", or "fragment"
// Empty responseMode is allowed (field not provided, use default)
func ValidateResponseMode(responseMode string) bool {
switch responseMode {
- case "form_post", "query":
+ case "form_post", "query", "fragment":
return true
case "":
return true
diff --git a/backend/internal/dto/validations_test.go b/backend/internal/dto/validations_test.go
index 5f9d595d..d8b84621 100644
--- a/backend/internal/dto/validations_test.go
+++ b/backend/internal/dto/validations_test.go
@@ -66,8 +66,9 @@ func TestValidateResponseMode(t *testing.T) {
}{
{"valid form_post", "form_post", true},
{"valid query", "query", true},
+ {"valid fragment", "fragment", true},
{"valid empty", "", true},
- {"invalid fragment", "fragment", false},
+ {"invalid unknown", "unknown", false},
}
for _, tt := range tests {
diff --git a/frontend/src/routes/authorize/+page.svelte b/frontend/src/routes/authorize/+page.svelte
index 4909541e..83139af0 100644
--- a/frontend/src/routes/authorize/+page.svelte
+++ b/frontend/src/routes/authorize/+page.svelte
@@ -180,11 +180,10 @@
throw new Error('Invalid redirect URL protocol');
}
- redirectURL.searchParams.append('error', error);
- if (authorizeState) {
- redirectURL.searchParams.append('state', authorizeState);
- }
- window.location.href = redirectURL.toString();
+ window.location.href = createRedirectURL(callbackURL, {
+ error,
+ state: authorizeState
+ });
}
function onSuccess(code: string, callbackURL: string, issuer: string) {
@@ -193,10 +192,6 @@
throw new Error('Invalid redirect URL protocol');
}
- redirectURL.searchParams.append('code', code);
- redirectURL.searchParams.append('state', authorizeState);
- redirectURL.searchParams.append('iss', issuer);
-
success = true;
setTimeout(() => {
if (responseMode === 'form_post') {
@@ -231,16 +226,34 @@
document.body.appendChild(form);
form.submit();
} else {
- // Default query parameter redirect (response_mode=query or not specified)
- const redirectURL = new URL(callbackURL);
- redirectURL.searchParams.append('code', code);
- redirectURL.searchParams.append('state', authorizeState);
- redirectURL.searchParams.append('iss', issuer);
-
- window.location.href = redirectURL.toString();
+ window.location.href = createRedirectURL(callbackURL, {
+ code,
+ state: authorizeState,
+ iss: issuer
+ });
}
}, 1000);
}
+
+ function createRedirectURL(url: string, params: Record) {
+ const redirectURL = new URL(url);
+ const responseParams =
+ responseMode === 'fragment'
+ ? new URLSearchParams(redirectURL.hash.slice(1))
+ : redirectURL.searchParams;
+
+ for (const [key, value] of Object.entries(params)) {
+ if (value) {
+ responseParams.set(key, value);
+ }
+ }
+
+ if (responseMode === 'fragment') {
+ redirectURL.hash = responseParams.toString();
+ }
+
+ return redirectURL.toString();
+ }
diff --git a/tests/specs/oidc.spec.ts b/tests/specs/oidc.spec.ts
index 5c6ed515..16900d6f 100644
--- a/tests/specs/oidc.spec.ts
+++ b/tests/specs/oidc.spec.ts
@@ -671,12 +671,45 @@ test('Authorize existing client with response_mode=form_post', async ({ page })
await expectFormPostRequest(formPostRequestPromise);
});
+test('Authorize existing client with response_mode=fragment', async ({ page }) => {
+ const oidcClient = oidcClients.nextcloud;
+ const urlParams = createUrlParams(oidcClient);
+ urlParams.set('response_mode', 'fragment');
+
+ await page.goto(`/authorize?${urlParams.toString()}`);
+
+ const redirectUrl = await waitForCallbackURL(page, oidcClient.callbackUrl);
+ expect(redirectUrl.search).toBe('');
+
+ const fragmentParams = new URLSearchParams(redirectUrl.hash.slice(1));
+ expect(fragmentParams.get('code')).toBeTruthy();
+ expect(fragmentParams.get('state')).toBe('nXx-6Qr-owc1SHBa');
+ expect(fragmentParams.get('iss')).toBeTruthy();
+});
+
function waitForFormPostRequest(page: Page, callbackUrl: string): Promise {
return page.waitForRequest(
(request) => request.method() === 'POST' && request.url() === callbackUrl
);
}
+async function waitForCallbackURL(page: Page, callbackUrl: string): Promise {
+ const expectedUrl = new URL(callbackUrl);
+
+ await page
+ .waitForURL((url) => url.origin === expectedUrl.origin && url.pathname === expectedUrl.pathname)
+ .catch((e) => {
+ if (
+ !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
+ !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
+ ) {
+ throw e;
+ }
+ });
+
+ return new URL(page.url());
+}
+
async function expectFormPostRequest(formPostRequestPromise: Promise) {
const request = await formPostRequestPromise;
const formData = new URLSearchParams(request.postData() ?? '');
@@ -704,6 +737,23 @@ test.describe('OIDC prompt parameter', () => {
expect(redirectUrl.searchParams.get('state')).toBe('nXx-6Qr-owc1SHBa');
});
+ test('prompt=none redirects errors with response_mode=fragment', async ({ page }) => {
+ await page.context().clearCookies();
+ const oidcClient = oidcClients.nextcloud;
+ const urlParams = createUrlParams(oidcClient);
+ urlParams.set('prompt', 'none');
+ urlParams.set('response_mode', 'fragment');
+
+ await page.goto(`/authorize?${urlParams.toString()}`).then(() => {});
+
+ const redirectUrl = await waitForCallbackURL(page, oidcClient.callbackUrl);
+ expect(redirectUrl.search).toBe('');
+
+ const fragmentParams = new URLSearchParams(redirectUrl.hash.slice(1));
+ expect(fragmentParams.get('error')).toBe('login_required');
+ expect(fragmentParams.get('state')).toBe('nXx-6Qr-owc1SHBa');
+ });
+
test('prompt=none redirects with consent_required when authorization needed', async ({
page
}) => {
From dd77bb0f32e6fbbc14726a19a15c4a4742611ab9 Mon Sep 17 00:00:00 2001
From: V
Date: Fri, 29 May 2026 09:18:29 +0200
Subject: [PATCH 03/11] feat: add support for systemd socket activation (#1479)
---
backend/go.mod | 1 +
backend/go.sum | 2 +
.../internal/bootstrap/router_bootstrap.go | 113 +++++++++++-------
backend/internal/common/env_config.go | 4 +
4 files changed, 80 insertions(+), 40 deletions(-)
diff --git a/backend/go.mod b/backend/go.mod
index fd535ed1..06f12696 100644
--- a/backend/go.mod
+++ b/backend/go.mod
@@ -10,6 +10,7 @@ require (
github.com/aws/smithy-go v1.25.1
github.com/caarlos0/env/v11 v11.4.1
github.com/cenkalti/backoff/v5 v5.0.3
+ github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
github.com/disintegration/imageorient v0.0.0-20180920195336-8147d86e83ec
github.com/disintegration/imaging v1.6.2
github.com/dunglas/go-urlpattern v0.0.0-20241020164140-716dfa1c80b1
diff --git a/backend/go.sum b/backend/go.sum
index 39cbd15f..917097ed 100644
--- a/backend/go.sum
+++ b/backend/go.sum
@@ -65,6 +65,8 @@ github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG
github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU=
+github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
diff --git a/backend/internal/bootstrap/router_bootstrap.go b/backend/internal/bootstrap/router_bootstrap.go
index f8e40b0d..96a8eabb 100644
--- a/backend/internal/bootstrap/router_bootstrap.go
+++ b/backend/internal/bootstrap/router_bootstrap.go
@@ -15,6 +15,7 @@ import (
"sync/atomic"
"time"
+ "github.com/coreos/go-systemd/activation"
"github.com/fsnotify/fsnotify"
sloggin "github.com/gin-contrib/slog"
"github.com/gin-gonic/gin"
@@ -163,24 +164,25 @@ func initServer(r *gin.Engine) (*serverConfig, error) {
return nil, err
}
- network, addr := listenerNetworkAndAddr()
- listener, err := net.Listen(network, addr) //nolint:noctx
- if err != nil {
- return nil, fmt.Errorf("failed to create %s listener: %w", network, err)
+ var socketFn func() (*socket, error)
+ if common.EnvConfig.SystemdSocket {
+ socketFn = systemdSocket
+ } else if common.EnvConfig.UnixSocket != "" {
+ socketFn = unixSocket
+ } else {
+ socketFn = tcpSocket
}
- if err := setUnixSocketMode(network, addr); err != nil {
- listener.Close()
+ socket, err := socketFn()
+ if err != nil {
return nil, err
}
- return &serverConfig{
- addr: addr,
- certProvider: certProvider,
- listener: listener,
- server: newHTTPServer(r, protocols),
- tlsConfig: tlsConfig,
- }, nil
+ addr := socket.addr
+ listener := socket.listener
+ server := newHTTPServer(r, protocols)
+
+ return &serverConfig{addr, certProvider, listener, server, tlsConfig}, nil
}
func initServerProtocols() (*http.Protocols, *tls.Config, *tlsCertProvider, error) {
@@ -208,6 +210,64 @@ func initServerProtocols() (*http.Protocols, *tls.Config, *tlsCertProvider, erro
return protocols, tlsConfig, certProvider, nil
}
+type socket struct {
+ addr string
+ listener net.Listener
+}
+
+func systemdSocket() (*socket, error) {
+ listeners, err := activation.Listeners()
+ if err != nil {
+ return nil, fmt.Errorf("failed to receive socket from systemd: %w", err)
+ }
+
+ if len(listeners) == 0 {
+ return nil, errors.New("did not receive any sockets from systemd")
+ }
+
+ if len(listeners) > 1 {
+ return nil, errors.New("received too many sockets from systemd")
+ }
+
+ return &socket{"(systemd)", listeners[0]}, nil
+}
+
+func unixSocket() (*socket, error) {
+ addr := common.EnvConfig.UnixSocket
+ os.Remove(addr) // remove dangling the socket file to avoid file-exist error
+
+ listener, err := net.Listen("unix", addr) //nolint:noctx
+ if err != nil {
+ return nil, fmt.Errorf("failed to create UNIX socket: %w", err)
+ }
+
+ if common.EnvConfig.UnixSocketMode != "" {
+ mode, err := strconv.ParseUint(common.EnvConfig.UnixSocketMode, 8, 32)
+ if err != nil {
+ listener.Close()
+ return nil, fmt.Errorf("failed to parse UNIX socket mode '%s': %w", common.EnvConfig.UnixSocketMode, err)
+ }
+
+ if err := os.Chmod(addr, os.FileMode(mode)); err != nil {
+ listener.Close()
+ return nil, fmt.Errorf("failed to set UNIX socket mode '%s': %w", common.EnvConfig.UnixSocketMode, err)
+ }
+ }
+
+ return &socket{addr, listener}, nil
+}
+
+func tcpSocket() (*socket, error) {
+ addr := net.JoinHostPort(common.EnvConfig.Host, common.EnvConfig.Port)
+
+ listener, err := net.Listen("tcp", addr) //nolint:noctx
+ if err != nil {
+ return nil, fmt.Errorf("failed to create TCP socket: %w", err)
+ }
+
+ return &socket{addr, listener}, nil
+}
+
func newHTTPServer(r *gin.Engine, protocols *http.Protocols) *http.Server {
return &http.Server{
MaxHeaderBytes: 1 << 20,
@@ -227,33 +287,6 @@ func newHTTPServer(r *gin.Engine, protocols *http.Protocols) *http.Server {
}
}
-func listenerNetworkAndAddr() (string, string) {
- if common.EnvConfig.UnixSocket == "" {
- return "tcp", net.JoinHostPort(common.EnvConfig.Host, common.EnvConfig.Port)
- }
-
- addr := common.EnvConfig.UnixSocket
- os.Remove(addr) // remove dangling the socket file to avoid file-exist error
- return "unix", addr
-}
-
-func setUnixSocketMode(network, addr string) error {
- if network != "unix" || common.EnvConfig.UnixSocketMode == "" {
- return nil
- }
-
- mode, err := strconv.ParseUint(common.EnvConfig.UnixSocketMode, 8, 32)
- if err != nil {
- return fmt.Errorf("failed to parse UNIX socket mode '%s': %w", common.EnvConfig.UnixSocketMode, err)
- }
-
- if err := os.Chmod(addr, os.FileMode(mode)); err != nil {
- return fmt.Errorf("failed to set UNIX socket mode '%s': %w", common.EnvConfig.UnixSocketMode, err)
- }
-
- return nil
-}
-
func runServer(ctx context.Context, config *serverConfig) error {
slog.Info("Server listening", slog.String("addr", config.addr), slog.Bool("tls", config.tlsConfig != nil))
diff --git a/backend/internal/common/env_config.go b/backend/internal/common/env_config.go
index 82a421f4..fa4f3f0c 100644
--- a/backend/internal/common/env_config.go
+++ b/backend/internal/common/env_config.go
@@ -68,6 +68,7 @@ type EnvConfigSchema struct {
Host string `env:"HOST" options:"toLower"`
UnixSocket string `env:"UNIX_SOCKET"`
UnixSocketMode string `env:"UNIX_SOCKET_MODE"`
+ SystemdSocket bool `env:"SYSTEMD_SOCKET"`
LocalIPv6Ranges string `env:"LOCAL_IPV6_RANGES"`
TLSCertFile string `env:"TLS_CERT" options:"file"`
@@ -153,6 +154,9 @@ func ValidateEnvConfig(config *EnvConfigSchema) error {
if err := validateFileBackend(config); err != nil {
return err
}
+ if config.SystemdSocket && config.UnixSocket != "" {
+ return errors.New("SYSTEMD_SOCKET and UNIX_SOCKET are mutually exclusive")
+ }
if err := validateLocalIPv6Ranges(config.LocalIPv6Ranges); err != nil {
return err
}
From 6aefe6c8e16cb6d6fd0783a34ec15de82a55baee Mon Sep 17 00:00:00 2001
From: Elias Schneider
Date: Fri, 29 May 2026 09:18:59 +0200
Subject: [PATCH 04/11] chore(translations): update translations via Crowdin
(#1490)
---
frontend/messages/tr.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/frontend/messages/tr.json b/frontend/messages/tr.json
index 537f416b..dfccd700 100644
--- a/frontend/messages/tr.json
+++ b/frontend/messages/tr.json
@@ -249,7 +249,7 @@
"edit": "Düzenle",
"user_groups_updated_successfully": "Kullanıcı grupları başarıyla güncellendi",
"user_updated_successfully": "Kullanıcı başarıyla güncellendi",
- "custom_claims_updated_successfully": "Özel alanlar başarıyla güncellendi",
+ "custom_claims_updated_successfully": "Özel yetkiler başarıyla güncellendi",
"back": "Geri",
"user_details_firstname_lastname": "Kullanıcı Detayları {firstName} {lastName}",
"manage_which_groups_this_user_belongs_to": "Bu kullanıcının ait olduğu grupları yönetin.",
From f13424720b7f5da3978988f0f9169cf303971a13 Mon Sep 17 00:00:00 2001
From: Elias Schneider
Date: Fri, 29 May 2026 09:44:37 +0200
Subject: [PATCH 05/11] tests(e2e): use custom Playwright route for callback
URL checks
---
tests/specs/oidc.spec.ts | 249 ++++++++++++++++-----------------------
1 file changed, 100 insertions(+), 149 deletions(-)
diff --git a/tests/specs/oidc.spec.ts b/tests/specs/oidc.spec.ts
index 16900d6f..3a4c125d 100644
--- a/tests/specs/oidc.spec.ts
+++ b/tests/specs/oidc.spec.ts
@@ -10,36 +10,21 @@ test.beforeEach(async () => await cleanupBackend());
test('Authorize existing client', async ({ page }) => {
const oidcClient = oidcClients.nextcloud;
const urlParams = createUrlParams(oidcClient);
- await page.goto(`/authorize?${urlParams.toString()}`);
-
- // Ignore DNS resolution error as the callback URL is not reachable
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.goto(`/authorize?${urlParams.toString()}`)
+ );
});
test('Authorize existing client while not signed in', async ({ page }) => {
const oidcClient = oidcClients.nextcloud;
const urlParams = createUrlParams(oidcClient);
await page.context().clearCookies();
- await page.goto(`/authorize?${urlParams.toString()}`);
- await (await passkeyUtil.init(page)).addPasskey();
- await page.getByRole('button', { name: 'Sign in' }).click();
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, async () => {
+ await page.goto(`/authorize?${urlParams.toString()}`);
- // Ignore DNS resolution error as the callback URL is not reachable
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
+ await (await passkeyUtil.init(page)).addPasskey();
+ await page.getByRole('button', { name: 'Sign in' }).click();
});
});
@@ -51,17 +36,9 @@ test('Authorize new client', async ({ page }) => {
await expect(page.getByTestId('scopes').getByRole('heading', { name: 'Email' })).toBeVisible();
await expect(page.getByTestId('scopes').getByRole('heading', { name: 'Profile' })).toBeVisible();
- await page.getByRole('button', { name: 'Sign in' }).click();
-
- // Ignore DNS resolution error as the callback URL is not reachable
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.getByRole('button', { name: 'Sign in' }).click()
+ );
});
test('Authorize new client while not signed in', async ({ page }) => {
@@ -76,17 +53,9 @@ test('Authorize new client while not signed in', async ({ page }) => {
await expect(page.getByTestId('scopes').getByRole('heading', { name: 'Email' })).toBeVisible();
await expect(page.getByTestId('scopes').getByRole('heading', { name: 'Profile' })).toBeVisible();
- await page.getByRole('button', { name: 'Sign in' }).click();
-
- // Ignore DNS resolution error as the callback URL is not reachable
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.getByRole('button', { name: 'Sign in' }).click()
+ );
});
test('Authorize new client fails with user group not allowed', async ({ page }) => {
@@ -130,24 +99,16 @@ test('End session without id token hint shows confirmation page', async ({ page
test('End session with id token hint redirects to callback URL', async ({ page }) => {
const client = oidcClients.nextcloud;
- const idToken = await generateIdToken("fe81c12a-7336-4aee-bebc-d901a873bf48", users.tim, client.id);
- let redirectedCorrectly = false;
- await page
- .goto(
+ const idToken = await generateIdToken(
+ 'fe81c12a-7336-4aee-bebc-d901a873bf48',
+ users.tim,
+ client.id
+ );
+ await expectCallbackRedirect(page, client.logoutCallbackUrl, () =>
+ page.goto(
`/api/oidc/end-session?id_token_hint=${idToken}&post_logout_redirect_uri=${client.logoutCallbackUrl}`
)
- .catch((e) => {
- if (
- e.message.includes('net::ERR_NAME_NOT_RESOLVED') ||
- e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- redirectedCorrectly = true;
- } else {
- throw e;
- }
- });
-
- expect(redirectedCorrectly).toBeTruthy();
+ );
});
test('Successfully refresh tokens with valid refresh token', async ({ request }) => {
@@ -627,17 +588,9 @@ test('Forces reauthentication when client requires it', async ({ page, request }
await (await passkeyUtil.init(page)).addPasskey();
const urlParams = createUrlParams(oidcClients.nextcloud);
- await page.goto(`/authorize?${urlParams.toString()}`);
-
- await expect(page.getByTestId('scopes')).not.toBeVisible();
-
- await page.waitForURL(oidcClients.nextcloud.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
+ await expectCallbackRedirect(page, oidcClients.nextcloud.callbackUrl, async () => {
+ await page.goto(`/authorize?${urlParams.toString()}`);
+ await expect(page.getByTestId('scopes')).not.toBeVisible();
});
expect(webauthnStartCalled).toBe(true);
@@ -676,9 +629,9 @@ test('Authorize existing client with response_mode=fragment', async ({ page }) =
const urlParams = createUrlParams(oidcClient);
urlParams.set('response_mode', 'fragment');
- await page.goto(`/authorize?${urlParams.toString()}`);
-
- const redirectUrl = await waitForCallbackURL(page, oidcClient.callbackUrl);
+ const redirectUrl = await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.goto(`/authorize?${urlParams.toString()}`)
+ );
expect(redirectUrl.search).toBe('');
const fragmentParams = new URLSearchParams(redirectUrl.hash.slice(1));
@@ -693,23 +646,6 @@ function waitForFormPostRequest(page: Page, callbackUrl: string): Promise {
- const expectedUrl = new URL(callbackUrl);
-
- await page
- .waitForURL((url) => url.origin === expectedUrl.origin && url.pathname === expectedUrl.pathname)
- .catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
-
- return new URL(page.url());
-}
-
async function expectFormPostRequest(formPostRequestPromise: Promise) {
const request = await formPostRequestPromise;
const formData = new URLSearchParams(request.postData() ?? '');
@@ -744,9 +680,9 @@ test.describe('OIDC prompt parameter', () => {
urlParams.set('prompt', 'none');
urlParams.set('response_mode', 'fragment');
- await page.goto(`/authorize?${urlParams.toString()}`).then(() => {});
-
- const redirectUrl = await waitForCallbackURL(page, oidcClient.callbackUrl);
+ const redirectUrl = await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.goto(`/authorize?${urlParams.toString()}`)
+ );
expect(redirectUrl.search).toBe('');
const fragmentParams = new URLSearchParams(redirectUrl.hash.slice(1));
@@ -775,17 +711,9 @@ test.describe('OIDC prompt parameter', () => {
const urlParams = createUrlParams(oidcClient);
urlParams.set('prompt', 'none');
- await page.goto(`/authorize?${urlParams.toString()}`);
-
- // Should redirect successfully to callback URL with code
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.goto(`/authorize?${urlParams.toString()}`)
+ );
});
test('prompt=consent forces consent display even for authorized client', async ({ page }) => {
@@ -801,17 +729,9 @@ test.describe('OIDC prompt parameter', () => {
).toBeVisible();
await expect(page.getByTestId('scopes').getByRole('heading', { name: 'Email' })).toBeVisible();
- await page.getByRole('button', { name: 'Sign in' }).click();
-
- // Should redirect successfully after consent
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.getByRole('button', { name: 'Sign in' }).click()
+ );
});
test('prompt=login forces reauthentication', async ({ page }) => {
@@ -826,17 +746,9 @@ test.describe('OIDC prompt parameter', () => {
});
await (await passkeyUtil.init(page)).addPasskey();
- await page.goto(`/authorize?${urlParams.toString()}`);
-
- // Should require reauthentication even though user is signed in
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.goto(`/authorize?${urlParams.toString()}`)
+ );
expect(reauthCalled).toBe(true);
});
@@ -853,17 +765,9 @@ test.describe('OIDC prompt parameter', () => {
await expect(selectionCard).toBeVisible();
await expect(selectionCard).toContainText('Tim Cook');
- await page.getByRole('button', { name: 'Sign In' }).click();
-
- // Should redirect successfully to callback URL with code
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.getByRole('button', { name: 'Sign In' }).click()
+ );
});
test('prompt=select_account account can be changed', async ({ page }) => {
@@ -880,17 +784,9 @@ test.describe('OIDC prompt parameter', () => {
await page.getByRole('button', { name: 'Sign In' }).click();
- await page.getByRole('button', { name: 'Sign In' }).click();
-
- // Should redirect successfully to callback URL with code
- await page.waitForURL(oidcClient.callbackUrl).catch((e) => {
- if (
- !e.message.includes('net::ERR_NAME_NOT_RESOLVED') &&
- !e.message.includes('net::ERR_CERT_AUTHORITY_INVALID')
- ) {
- throw e;
- }
- });
+ await expectCallbackRedirect(page, oidcClient.callbackUrl, () =>
+ page.getByRole('button', { name: 'Sign In' }).click()
+ );
});
test('prompt=none with prompt=consent returns interaction_required', async ({ page }) => {
@@ -935,3 +831,58 @@ test.describe('OIDC prompt parameter', () => {
expect(redirectUrl.searchParams.get('state')).toBe('nXx-6Qr-owc1SHBa');
});
});
+
+async function waitForCallbackURL(page: Page, callbackUrl: string): Promise {
+ const expectedUrl = new URL(callbackUrl);
+ const isCallbackURL = (url: URL) =>
+ url.origin === expectedUrl.origin && url.pathname === expectedUrl.pathname;
+
+ const callbackRequest = await page.waitForRequest((request) =>
+ isCallbackURL(new URL(request.url()))
+ );
+ await page.waitForURL(isCallbackURL, { waitUntil: 'commit' }).catch(() => {});
+
+ const currentURL = new URL(page.url());
+ if (isCallbackURL(currentURL)) {
+ return currentURL;
+ }
+
+ return new URL(callbackRequest.url());
+}
+
+async function expectCallbackRedirect(
+ page: Page,
+ callbackUrl: string,
+ action: () => Promise
+): Promise {
+ const callbackRouteMatcher = await routeCallbackPage(page, callbackUrl);
+
+ try {
+ const callbackURLPromise = waitForCallbackURL(page, callbackUrl);
+ const actionPromise = action().then(
+ () => undefined,
+ (error) => error
+ );
+ const callbackURL = await callbackURLPromise;
+ await actionPromise;
+ return callbackURL;
+ } finally {
+ await page.unroute(callbackRouteMatcher);
+ }
+}
+
+async function routeCallbackPage(page: Page, callbackUrl: string): Promise<(url: URL) => boolean> {
+ const expectedUrl = new URL(callbackUrl);
+ const callbackRouteMatcher = (url: URL) =>
+ url.origin === expectedUrl.origin && url.pathname === expectedUrl.pathname;
+
+ await page.route(callbackRouteMatcher, async (route) => {
+ await route.fulfill({
+ status: 200,
+ contentType: 'text/html',
+ body: 'OIDC callback'
+ });
+ });
+
+ return callbackRouteMatcher;
+}
From 272d1479bd64b4a068bfe4dfa5ba4cd3c5e90505 Mon Sep 17 00:00:00 2001
From: Elias Schneider
Date: Fri, 29 May 2026 10:04:56 +0200
Subject: [PATCH 06/11] fix: scope confirmation wasn't shown if account
selection was prompted
---
frontend/src/routes/authorize/+page.svelte | 32 +++++++++++-----------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/frontend/src/routes/authorize/+page.svelte b/frontend/src/routes/authorize/+page.svelte
index 83139af0..0425630a 100644
--- a/frontend/src/routes/authorize/+page.svelte
+++ b/frontend/src/routes/authorize/+page.svelte
@@ -273,7 +273,22 @@
{errorMessage}.
{/if}
- {#if accountSelectionRequired && $userStore && !errorMessage}
+ {#if authorizationRequired}
+
+ {:else if accountSelectionRequired && $userStore && !errorMessage}
@@ -314,21 +329,6 @@
})}
/>
- {:else if authorizationRequired}
-
{/if}
From b3d40a476b35cfa2451749e9a3d307b7babaeb6b Mon Sep 17 00:00:00 2001
From: Elias Schneider
Date: Fri, 29 May 2026 11:14:49 +0200
Subject: [PATCH 07/11] feat: improve design trough the whole application
---
.../internal/bootstrap/router_bootstrap.go | 7 +-
.../internal/utils/image/profile_picture.go | 4 +-
backend/resources/fonts/Gloock.ttf | Bin 0 -> 95156 bytes
.../resources/fonts/PlayfairDisplay-Bold.ttf | Bin 193720 -> 0 bytes
frontend/package.json | 1 +
frontend/src/app.css | 362 ++++++++----------
.../form/searchable-multi-select.svelte | 22 +-
.../components/form/searchable-select.svelte | 8 +-
.../src/lib/components/header/header.svelte | 12 +-
.../src/lib/components/passkey-row.svelte | 2 +-
.../src/lib/components/qrcode/qrcode.svelte | 4 +-
.../signup/signup-token-modal.svelte | 1 -
.../advanced-table-column-selection.svelte | 2 +-
.../table/advanced-table-filter.svelte | 8 +-
.../components/table/advanced-table.svelte | 6 +-
.../alert-dialog/alert-dialog-action.svelte | 19 +-
.../alert-dialog/alert-dialog-cancel.svelte | 19 +-
.../alert-dialog/alert-dialog-content.svelte | 19 +-
.../alert-dialog-description.svelte | 6 +-
.../alert-dialog/alert-dialog-footer.svelte | 9 +-
.../alert-dialog/alert-dialog-header.svelte | 6 +-
.../ui/alert-dialog/alert-dialog-media.svelte | 20 +
.../alert-dialog/alert-dialog-overlay.svelte | 9 +-
.../alert-dialog/alert-dialog-portal.svelte | 7 +
.../ui/alert-dialog/alert-dialog-title.svelte | 6 +-
.../alert-dialog/alert-dialog-trigger.svelte | 2 +-
.../ui/alert-dialog/alert-dialog.svelte | 7 +
.../lib/components/ui/alert-dialog/index.ts | 30 +-
.../src/lib/components/ui/alert/alert.svelte | 2 +-
.../src/lib/components/ui/badge/badge.svelte | 32 +-
frontend/src/lib/components/ui/badge/index.ts | 4 +-
.../lib/components/ui/button/button.svelte | 37 +-
.../src/lib/components/ui/button/index.ts | 6 +-
.../src/lib/components/ui/card/card.svelte | 2 +-
.../ui/dialog/dialog-content.svelte | 4 +-
.../dropdown-menu-checkbox-group.svelte | 16 +
.../dropdown-menu-checkbox-item.svelte | 21 +-
.../dropdown-menu-content.svelte | 16 +-
.../dropdown-menu-group-heading.svelte | 8 +-
.../dropdown-menu/dropdown-menu-group.svelte | 2 +-
.../dropdown-menu/dropdown-menu-item.svelte | 10 +-
.../dropdown-menu/dropdown-menu-label.svelte | 6 +-
.../dropdown-menu/dropdown-menu-portal.svelte | 7 +
.../dropdown-menu-radio-group.svelte | 2 +-
.../dropdown-menu-radio-item.svelte | 15 +-
.../dropdown-menu-separator.svelte | 6 +-
.../dropdown-menu-shortcut.svelte | 6 +-
.../dropdown-menu-sub-content.svelte | 9 +-
.../dropdown-menu-sub-trigger.svelte | 8 +-
.../ui/dropdown-menu/dropdown-menu-sub.svelte | 7 +
.../dropdown-menu-trigger.svelte | 2 +-
.../ui/dropdown-menu/dropdown-menu.svelte | 7 +
.../lib/components/ui/dropdown-menu/index.ts | 39 +-
.../src/lib/components/ui/input/input.svelte | 4 +-
.../src/lib/components/ui/item/item.svelte | 6 +-
.../src/lib/components/ui/popover/index.ts | 23 +-
.../ui/popover/popover-close.svelte | 7 +
.../ui/popover/popover-content.svelte | 12 +-
.../ui/popover/popover-description.svelte | 20 +
.../ui/popover/popover-header.svelte | 20 +
.../ui/popover/popover-portal.svelte | 7 +
.../ui/popover/popover-title.svelte | 20 +
.../ui/popover/popover-trigger.svelte | 6 +-
.../lib/components/ui/popover/popover.svelte | 7 +
.../src/lib/components/ui/select/index.ts | 29 +-
.../ui/select/select-content.svelte | 21 +-
.../ui/select/select-group-heading.svelte | 21 +
.../components/ui/select/select-group.svelte | 16 +-
.../components/ui/select/select-item.svelte | 10 +-
.../components/ui/select/select-label.svelte | 6 +-
.../components/ui/select/select-portal.svelte | 7 +
.../select/select-scroll-down-button.svelte | 10 +-
.../ui/select/select-scroll-up-button.svelte | 10 +-
.../ui/select/select-separator.svelte | 8 +-
.../ui/select/select-trigger.svelte | 12 +-
.../lib/components/ui/select/select.svelte | 11 +
.../src/lib/components/ui/separator/index.ts | 4 +-
.../components/ui/separator/separator.svelte | 11 +-
.../lib/components/ui/switch/switch.svelte | 2 +-
frontend/src/lib/components/ui/tabs/index.ts | 12 +-
.../components/ui/tabs/tabs-content.svelte | 6 +-
.../lib/components/ui/tabs/tabs-list.svelte | 40 +-
.../components/ui/tabs/tabs-trigger.svelte | 6 +-
.../src/lib/components/ui/tabs/tabs.svelte | 8 +-
.../src/lib/components/ui/tooltip/index.ts | 14 +-
.../ui/tooltip/tooltip-content.svelte | 27 +-
.../ui/tooltip/tooltip-portal.svelte | 7 +
.../ui/tooltip/tooltip-provider.svelte | 7 +
.../ui/tooltip/tooltip-trigger.svelte | 2 +-
.../lib/components/ui/tooltip/tooltip.svelte | 7 +
.../components/web-authn-unsupported.svelte | 2 +-
frontend/src/routes/authorize/+page.svelte | 2 +-
frontend/src/routes/device/+page.svelte | 2 +-
frontend/src/routes/login/+page.svelte | 2 +-
.../src/routes/login/alternative/+page.svelte | 2 +-
.../login/alternative/code/+page.svelte | 2 +-
.../login/alternative/email/+page.svelte | 4 +-
frontend/src/routes/logout/+page.svelte | 2 +-
frontend/src/routes/settings/+layout.svelte | 12 +-
.../src/routes/settings/account/+page.svelte | 2 +-
.../settings/account/login-code-modal.svelte | 1 -
.../oidc-client-preview-modal.svelte | 2 +-
.../settings/admin/users/[id]/+page.svelte | 2 +-
frontend/src/routes/signup/+page.svelte | 2 +-
.../routes/signup/add-passkey/+page.svelte | 2 +-
frontend/src/routes/signup/setup/+page.svelte | 2 +-
.../static/fonts/PlayfairDisplay-Bold.woff | Bin 98092 -> 0 bytes
.../fonts/PlayfairDisplay-ExtraBold.woff | Bin 97896 -> 0 bytes
.../static/fonts/PlayfairDisplay-Medium.woff | Bin 97544 -> 0 bytes
.../static/fonts/PlayfairDisplay-Regular.woff | Bin 92364 -> 0 bytes
.../fonts/PlayfairDisplay-SemiBold.woff | Bin 98120 -> 0 bytes
pnpm-lock.yaml | 8 +
.../uploads/profile-pictures/defaults/CF.png | Bin 6189 -> 5712 bytes
.../uploads/profile-pictures/defaults/TC.png | Bin 5818 -> 5410 bytes
tests/specs/application-configuration.spec.ts | 3 +-
115 files changed, 822 insertions(+), 550 deletions(-)
create mode 100644 backend/resources/fonts/Gloock.ttf
delete mode 100644 backend/resources/fonts/PlayfairDisplay-Bold.ttf
create mode 100644 frontend/src/lib/components/ui/alert-dialog/alert-dialog-media.svelte
create mode 100644 frontend/src/lib/components/ui/alert-dialog/alert-dialog-portal.svelte
create mode 100644 frontend/src/lib/components/ui/alert-dialog/alert-dialog.svelte
create mode 100644 frontend/src/lib/components/ui/dropdown-menu/dropdown-menu-checkbox-group.svelte
create mode 100644 frontend/src/lib/components/ui/dropdown-menu/dropdown-menu-portal.svelte
create mode 100644 frontend/src/lib/components/ui/dropdown-menu/dropdown-menu-sub.svelte
create mode 100644 frontend/src/lib/components/ui/dropdown-menu/dropdown-menu.svelte
create mode 100644 frontend/src/lib/components/ui/popover/popover-close.svelte
create mode 100644 frontend/src/lib/components/ui/popover/popover-description.svelte
create mode 100644 frontend/src/lib/components/ui/popover/popover-header.svelte
create mode 100644 frontend/src/lib/components/ui/popover/popover-portal.svelte
create mode 100644 frontend/src/lib/components/ui/popover/popover-title.svelte
create mode 100644 frontend/src/lib/components/ui/popover/popover.svelte
create mode 100644 frontend/src/lib/components/ui/select/select-group-heading.svelte
create mode 100644 frontend/src/lib/components/ui/select/select-portal.svelte
create mode 100644 frontend/src/lib/components/ui/select/select.svelte
create mode 100644 frontend/src/lib/components/ui/tooltip/tooltip-portal.svelte
create mode 100644 frontend/src/lib/components/ui/tooltip/tooltip-provider.svelte
create mode 100644 frontend/src/lib/components/ui/tooltip/tooltip.svelte
delete mode 100644 frontend/static/fonts/PlayfairDisplay-Bold.woff
delete mode 100644 frontend/static/fonts/PlayfairDisplay-ExtraBold.woff
delete mode 100644 frontend/static/fonts/PlayfairDisplay-Medium.woff
delete mode 100644 frontend/static/fonts/PlayfairDisplay-Regular.woff
delete mode 100644 frontend/static/fonts/PlayfairDisplay-SemiBold.woff
diff --git a/backend/internal/bootstrap/router_bootstrap.go b/backend/internal/bootstrap/router_bootstrap.go
index 96a8eabb..cc9e3a91 100644
--- a/backend/internal/bootstrap/router_bootstrap.go
+++ b/backend/internal/bootstrap/router_bootstrap.go
@@ -165,11 +165,12 @@ func initServer(r *gin.Engine) (*serverConfig, error) {
}
var socketFn func() (*socket, error)
- if common.EnvConfig.SystemdSocket {
+ switch {
+ case common.EnvConfig.SystemdSocket:
socketFn = systemdSocket
- } else if common.EnvConfig.UnixSocket != "" {
+ case common.EnvConfig.UnixSocket != "":
socketFn = unixSocket
- } else {
+ default:
socketFn = tcpSocket
}
diff --git a/backend/internal/utils/image/profile_picture.go b/backend/internal/utils/image/profile_picture.go
index 21d78797..4c4debde 100644
--- a/backend/internal/utils/image/profile_picture.go
+++ b/backend/internal/utils/image/profile_picture.go
@@ -54,7 +54,7 @@ func CreateDefaultProfilePicture(initials string) (*bytes.Buffer, error) {
img := imaging.New(profilePictureSize, profilePictureSize, color.RGBA{R: 255, G: 255, B: 255, A: 255})
// Load the font
- fontBytes, err := resources.FS.ReadFile("fonts/PlayfairDisplay-Bold.ttf")
+ fontBytes, err := resources.FS.ReadFile("fonts/Gloock.ttf")
if err != nil {
return nil, fmt.Errorf("failed to read font file: %w", err)
}
@@ -84,7 +84,7 @@ func CreateDefaultProfilePicture(initials string) (*bytes.Buffer, error) {
// Center the initials
x := (profilePictureSize - font.MeasureString(face, initials).Ceil()) / 2
- y := (profilePictureSize-face.Metrics().Height.Ceil())/2 + face.Metrics().Ascent.Ceil() - 10
+ y := (profilePictureSize-face.Metrics().Height.Ceil())/2 + face.Metrics().Ascent.Ceil()
drawer.Dot = fixed.P(x, y)
// Draw the initials
diff --git a/backend/resources/fonts/Gloock.ttf b/backend/resources/fonts/Gloock.ttf
new file mode 100644
index 0000000000000000000000000000000000000000..3e58c4e455cc143e9b02d05fdcb054fac62ed7ab
GIT binary patch
literal 95156
zcmcGX349er_V26u?l%i$2NIH-oh1ob2!uT(gdGHA3oay(uqY%Df`A|}ijFceIe+yH_LDl@|$oH!r?ql^n8iUdSJ(0~HD?_1S3Awd{@@AH2&r@FfO)N+33)TyQW
zc7zl{gb-Lo>p=sG2IjtydPoS%03qaF3uCk6j|dSuRtU$1S(Q^uz0aP!6Jh?S1e#sCaE|5ot%ky%1iz=E
zbar|9_InmmmAW4}r*dBPzw;CRB}5|i1$CQKRX%6VAIEi}z3_@@B|3_|>0-Yb~+&{Th?;k`fOP%8Q
z{L^cy&GYIq@;+>9Z8^@h-Gq#o)yR?e3ma`(X-wpLn0b~rifoytayI_^lMpBKg=cZ&
z^~h^R7KyDQ=)7UJ&2n7c>=E)obzfdEPH^(j`d|02jnId@=sT@QJi`$v0#zxN*7AZ7
zz6|4n@3f`0;r5;Oc}#B6M#lP@M#!yv~I@dG&|?Uu5u|6Jlf@AjXw{pSPZaAOnFSO@on#w&WMl+QL^
z8FRVn(R4MRtDcQlmI+*~ZMquH)eHWz^Zn-!xf@J842s~8B1$9^riyNadE&Q(_lQRc
zSBqx}pA&x}Tr0jNRI(WIck*|XyGMQ~EONj6ny^lO2i^)DlnMnBvuX|j#{prJhu{l@
z?}P|}&niEc2jxk53SJ@Zl3_Agc9%osb#k^`CjTJU$XDeK<1I@E%bk`-Eq}JWYT03p
zuzIb3x7OOSY=yRQw&}J-w%^&Fw5_xK%^q#P$Nsqeul9EwNsi|npE!;!jAxTQ6$;yAWGQR7l5=ULhkw
zCWp)oxg+G^kQYNcg?Zs?VYNFnX`e&QoZT`|`OWW((u5J5T+ih)kxBawj
zUEA;5iFTpwrbl;*?iO7TJu-T8OlC~)nE5fkiCGo1I_CM9nwY=E?2P%Meb@Fg+kf2t
z>)4psjM)6x;js_JCB?0bdnE4JxL4xd@Wgv&dggn6<5}fd?Rnl)6CWL)8ox0iDdC}n
z?-GY3j!P^}oSnEY@nGWd#B)j3qSgU!-0NSxExm84~NFOBE8@O!bvhno)VDXCb9#$9eKN`FJamlE&%^$~O
z8JqlZi^w)s_~TX)W6bc!ZDOnu?vL9=j6CO$JH&82qFKI^k?J9T+|?`|AbK-anLL5b
z;z2S2uV|(R6BA;FsOFd><}o+u!ZA-w6;)y;Db>U?pqXM8=SotibN?DKkP%@l`DSv@
z!&RlIfY&3gB{q%N0#OQYIVmQ`EY4H8u7JN>l#xE4cp333;?!h3BdzWwaC~!Fsk$P%nL-`CbZym?T?)5q
zld=O-{~bV9=^zj43UwFhB9~U>B6G(U^?5FDe5nbtp`m=THb&k?STfn5y~vYuRRyR;6vc!_RDBI;AU%nU8E4
zPqf+k~hjSd6V2}w4t5bjr|s3v0L1{lBdSA(es*TOS5)f8-G9Tw9(FxX6-CXekS=Z$?KE1ByUfy)$Oc1
z&+12})6#!Jzv5rRY#(bs^IyZi8eYGccZONt7n`AeU*wwUU$p2
zc<_^hUmQHtm`8|%Q#ghnTy}8C=O3^(`ZL5z?eqISzw`4&pO61MPl!)rKaEuUpD=s=
zW_j7;BAJRBpp-
zykY#^P;++u&-goOwJK`7Yy69`<_iCet=!pV>^Al_ziI3u&jFJf(~S>R%-CljnO2u5I5qC0ce?UCQ%zd?3
zBc2y8GH3s**dX2#@31=DCThh_@sZdsJ`)GTmvVxvk`v|AvbQXfi{T82oCmXC-1L%!z=KLX|J?p=A
zA{tNDQFIcW>A8JGp~z>17$geh!;BR-ib>*naRVNCDAu+JudqPeCKie%^y53kePShR
zsa4`>@wj+GJSpxHHDa^aC|(tBicRtn@rKwVc8T5M1M#_dTYSM<@>WLY`NAa@vljb}
z2o)>XWw@PH&2L4dxLd@E`$dfSy@(Tk5N*ZpSg}1MlEfn-Q9O+Q_#?jPPxz2$S*bn7
zy5$*s-V6BRml)~)f*<}fKKW((?JKP3ym;7kqOVwwuYH|y;x#c?Y!M^G-|)ZxzytrC
zG4OvFm3QE)w~GnvDU^tP;yUp@9`8djS?py5_&4Lg$9TDec)vN~E4<~`Vy-yM%J3G(
z;djME@h|zKJR^US4f4FKm;2h^Zo~a`3WP*Avsx=
z;OTC_hg>hK6Po{
zCb^ll);d`uH^^t@3-TrTkbFWuF8?mK%UZch{zLAN@5%S&HuYrzcvb+-D~GNCn4$-ie&s{
zG|=~xWtXrUORhp?B7t^anWiEG_be}Qp5QxaRHCCo5ikEo*jvyutUE3vrB8XU2yP^!
z%y;J3ko?5=q4BYA-{mAv`OeF?eQ*7Yz7XwXGqS7&(`CMk*3-TV>{ec|tb_jIyI}p=
zcaiu-tDWn&;3?z$jPIiHH)sae5PMA?c6VZoUf}TukthfHzL)2GKN^uD0&HzYBKImp
zs{Bzz8MDxFg~|78d1Vcr^^kDNOc5k|izK-~w54x`%c-o%lGrDzrp{8Z{55>VBHYLn
zZsT*2$9SA)oD;o`*F|?@r|2)EM24IUO@MA>7it7$E~MSj^gC6@Eh6F9@Q9xn*grB!
zE}^W&j1)gHVtmR7^R-FFW1QtK#oD=fn*hQ5_uaPV)%7-FDcVmJ`MIYhxwQ<^S{sDU_7dGnz`r{`e(bA3e
zyW-gvJMq-Y#;Q;_7-9*Q}`JE9`?SdS0X(LgXmY{JEly_QRt@
zE7{gJ!19X7LjS>*!}x*SzHjAO&XwSBk7#R25FM>Qh)(Ds9RCzr}3TNKduA
z%o!fb6ny+rWbP>1;>%+d883iqfyhw=?p?vVD|LojZWN;|cY(o;&}G-M8<-9N+cerZ
zfcRzCSe6G;^Ie`TG*Pxctufu>zo*WzP_&;^9*>_?+zqMoug)(YC;x5{iS5Q|+Q9h+
zt`&8qtdH>r<)lS(wu)#OOqx_R$&JRR!Wb}c_*l7OR%vwwer~LA_McSbk(q`4$9iO7
z;h3==Q8%prB#+oO;+o+e@ywWOMtH=MvD_6C$Br51Va6r&(-#ax?HeYv%M)ae`-TvqYT^59#nz
z9e$|8-8!t*;WizL{Gf(`nTBSd5
zYk5^AvwS5@k`Ci_7@@;39fs@BLuiQh+Lop69crbd@&)S9l(m(P2k1~)zQk@+sCE-2
zGkv-vtCF^?OVo7~p?b1sW9`7RK<=4wbuWQy+zPQ|TY|O9a?tV+$9T(Njs#0^<6)fR
z*kZh5JY(F=ajP-K7;EGkQ{*{$jAJb`>=~@-3q%8J0G`0;5}lmYDoH&<{E-%@Yeo0#
zb1Si&HP9U9_9d(WMzJ;;z*-}Z9-PKH#Uswpu3Gi%g;m{Y!so?zglok2gsa6V!bcf<
z4Ay@~2$zYI$n^j@PU!QC;#+-wUL4owHR2n6UM-I4^P}RZJ};v!l6;LVHmJKbk{ps>
z%CF>M`8CgPjw0bV^0@p~o>0$kq-uvnUL%>|>gPR@70VY$+E|8^DU5YZSHkX7Qb=jV
z&nQhOv=t8F{=dr%EQ-*;hxydJ4AxeCP
zDpmPN6%?*2V$rJ=3U#K=l-8_q68u-0dDT`T{fq^}~c(zUwRXj95x
z7)?($zrc@}E$>TuIM$+CX(cq|LHdDtPuYVhRm>~4s2gnE+$3A0s;%*tv
zzGJ%VM%*RCWP6z=bBQ};sElFPv@3Ck3}F|wlguG*m#t+x*->T_w@GGJvV+Xxxvhns
z8!X$<&PHwAh>ueJaxCFfoZrR2{Upwd3(RsGgio2DG|1D65<{phjFv>u$|#xeD||~3
zHL1G#aY(H3S}>T$VbQv^(ziE&;tmeG_9+gj`e6urY$KSbD8Ce=wbfp0zR|-|pzjGi
zKO)xhA8&B*#)0})id?i7E8|2r>0$TiJUUMh-PwstVx-t7lbQX`5FfHPmx``B;yZhy
z%g*RIoxQ8x;v1PE-jrQLA7=hvqsswerrO(MCvKLwNp{5=D%h8LhW)L9q5;S&v6VsM
z7`y3`y{~#acwk~J46l@3*|8O$riC|w?y2^KIsVd;cjEE?^;Hzv0@y1o654s%hBwP
zU65ng*_rk
zgq_SOaw@y)r9-^bWvdxG87r`UsihJD;;8AaE~=UCl@F#BuI*!41gWDRqY
zXW3u;E$ieL@SmZgpL|iigfCr>-51~~0@+b5!9V1)!}~var*soLrhmqhzRfDo#ti+>
z%z<3&h2F*fr`lb;gT36B*^#UhxAR=|@A9wg1g?`_v4Yk1TkKV=XD4tYdxC0b@HP3m
zd_%q|x3J&$wtPo!6?e+Nu{Zb+_E3YFWt?Ik)WfcAJY(3y?5#eC=PzZ4zQ5dt2YZ6u
z!tHqK)#7=%gWXoA*v>BEKiOA&kG;g5>@L2~j^YRO&%JuD^F#5v{D^+~AND&x(fghU
z^m`&-H1qUFt~3W>*ZPe7o?YsCd6rq&kL;kHXZQLd`=~zUt_{Pm7*@k(*bRr_G+c(8
zJ>gH;nO?;{@_zP_KVdcfA67XB#6f%iDOKgSlso2E%*@Ox9N_3byL4(*Wrd@E<@Cym
z@|)d-WtG*XQ>T_!RNDtkE#(fUs>;%8dy&3!7d72?6#26jnOV&uv$NfUnpmuZr<7J1
zLxwtr_*sWEXU*wmA6`0jes#HhxGvi)Ag91S(o7xMEVXN{rKnD1
z>HKQPHD;;yF(&_*X8gI`?APj4U1)Yzo;qh0^(eBBy~LHB)!#l&!x1#DMZx3z%^hbp
z*EX(dX2o>-1YKajgsC&Drp})|ZC3e0*Mzc}u7V;*slT>TzY3;a;w;mRwU_IYyS(X!quigTyg8uRIqvCAEY=xd@0yvR
zmM<(rjhQz&X8JSDY?diIr@J5b?)F(GjqKF_>G
z-=8;gp}Iehu3MoZ2A-thf2@PENDFIa=7-F)7@WAcYitE
z{pED`m($%}PWK*0;TW^1{+YU}?nUOU?nS!j?98lgk#owcW>%Id7m9Bv(;bk#qUb9p
zXQ<5zU1U+tK>O^O6{_#dE1z0fQKl=%%F1z-R{ER+l%X_*+*nP;+D!V?KX+{~~|>9?tUFbE+53E3eiGS=nZR*_rwb_PLJIs;bHb^XHiNdvtf}
z>ndg0{-ivYPAaQhP~lJMVW!L~pVr9J%}kk6Sv|vy&7V_da_1Hfv@1t2tK3~Vr@Ugy
z{8_X7jma%E8)U*M>&npryC-^|>CZsv7U9i|=R
z`b{afz%-d$KVG?o{__0b=N6balx_7s=)X)31ja<3r3JQrrL59UuZO+6=5>lGdo{+!JIuIiby$}qI1++EEaS^gZR
z!ZLHR%>g1OJ1@{IJx|-L|DwCT2ySYVdD+yk=Bx$!qII(-Hou$Q{Gzb=MYrY`{q;p~
zQ`?*0>)Pxht9g0Z&5Ou3n{2i}+Z0By2ubsJ#kh$@#U9VF*F^B>VP5;SlO}q*MteIH
zmrV1l95>NxB$t{mcu!575*;7!6~$grm^ffPE4RXuf^@G;^Lk3ArF)IE#Q4Pcbgw1N
zQ?|hp9w7<}yNWd99-su4fuYG2Zy{n0S@C
zJ~%=a#CV7%7OW4GVcbjficu5Gi`Pd=#hLE4rg<%$y%B{IRej#b!a_eow5QDD-8#x^
zO_{X5gA6Jxnp)(w7fp=!T9S*$TsINs=#>*a-ch4S$}f)gc=J>&uejJ#V{+4?4kY=n
zJl;%oKT~mT9W~Jd8Y@dZUiYYpC8T)NJ-3Q=Q?YI((IvcV9t~RFz{06sF=nDy3{%YU
zTt^S{#;RECu+rCBi>Zp^HJg}HTwGSl>+_w9i~SN5d&-a}v7k8JYfJMKdA!!-Qe<)z
zj+*FoBo=s`i3MnYEG6k)yM`MiJY_YGDFq&NQ;8dGHeZEaYe~^mudP!&Hw!&0Ju9iJ
zCexM-LZc^^jEXKDQ#>)TIKJ59&A)ac_o5Xp{-&gR9cf-yVdwQM%{A&yE)xq9F_*-G
zQm-*(npaMxAznwPbgwJTqgoq`SXMCw7TTL%Qmj}?2I$th)7HC!MPX4vr}!qr2}o;c
zNP%W4vNKJf?a3vcqLqoIN~s!b5v>&B^+eOi##W-*#L@v~6+u_Y?oA>WnVUpwo+((_
ze`3LgAbtu`go>gQCB6qa~amUz4&z?SX}O&d0LVvV(IKyi{cs626Dx;HFs*yxGFt~C>*
z<4F(G>EUTLBD8Sa#G261La!_>@P>3&T@KSKsA;8w)&yP|i7qV3qxca93IeWzm1vl1
zTX%|2BwJ$~drKZ_$E4NR)wz9IjYFMd(`uaR9G6z(Qs>TTpkdZ&q9?;EZ&1A@-J90zW@OXNx#rFEW;ausZdRE$J!!(*s`FLlM5tFyQI(v{<%>r?
z5A8}oK6Oq+K6Oq)K6Oq;K6Oq(K6Oq-K6UPZeCpg0`P8`+@~Lx1ny0t!NL|uACEhkA
z9-N*mQ8rP^*_)wkHZ#rJrL(sS{V|KKFbIpiVuwsD%}Z2{{l9Wxj_Ka)Mitit+l!RN
zd9ymz*knY}M4Y11Voo!7uEx_f&6BHJo=a(FIYmEr6L_C1wpOK!$c;k%8_+i~ucoVv
zP_lLd4+OYko)S7sXx`xF^0V(i;Vv6?dAf*=hnsfj6MAbNR}QM31NUO3LijlFgH0mglu6
z7Bq5uyd}z~KdNZJ_)*EIbg*K_eYft8C2)CN%E~XNHZh0k%er@6T)4lx~Yt!ia)m5S<
zIG2musN#J5M}|Uipf{>;;;3lGR8Q~XjG9atPQUHn;_jH}Q7!Hkw7A=tw|RM&=O|3`
z_Uzo8p)pfqg#*&Oy*jVN{FIHYq^Do4Z74Lun@JOkw8+YgQ%vMbnV=PzqAPPwq^D)j
z^GtyTrq#F^Yn1hC%m2SK=|NXAu>Th;R(LBv);lpTI=-2`#25S9IS2>bvvVUVgSqO}
zIbP{Z;o_I334$R&5Mg$EW+(LUunccEdil_+qz|Jw86M{C4$ts3Zx2o*6pBT_?HR}*
z+=$l5G-c4<5x{&++Ik@d5*bBAs>tZH^-`ydA)-^RRXl^ZHCFMc$T-ELBI6a0icCn`
zfG;d0Hjx-(JF()l4eaf!*d$_R+I5Ogs#iwJFRh>n!m8d#Zq*T?Z
zB2!eIDl%2^3?@>hcvPfZ@u2|5u
zY~3yutI+LIu}U!R-K4-d`pTQnjk#vDKhY`$x?=Mda5ayymZ;*XHlvDXzUEOk6wfVW
z?$cE20)3@(EHtAk$09ST*l(qrK4y`N&8T8nVn!9iZSeMODsQR2(&a5Pql$gG8CC4R
zA!lE+yxYyFVz|SMDuxyC_G>EdPJN}zyUUC!_TQRO#eO$A`ptILm?zJS1TG%+Cr(;X%Eu#)RtI_ZNh+y;GAD&q7kGD|F
z=bnbJ++1E&A(Cd7R^2ROX5T#fW}cC%r}gR`A9aR9pVhNOd&q&-gRO4fLLS4j1v}3;
zBz36Ahp|#U$=|}Wjy62kc#bDFPw_P20giilsv>w*{OyUm$oG5W
zkAxcx%u!VE?!Od|>2RHKn)o`Sj__k0R_T=A8V5+3Y5Wi2F3nkC$s_)Ieh;9^`HHZD
zx9U_mDqLq#E&W)Bzt!PP<6Ba8QCb@zTJam`R%4*y{_{Z2`F`rjxhuq52Ceu7MXLm;
zk)L;2T7hS91Lv#pcU4$6J&nHnceaffDs+2tNHi7*_K{%g*7&~J@HnZ<`9-_rIp74P
zzu;NWG-$9sH~+1!(wTlcz!*R|JO$@DsnXFA-XA%}yCvW1Cqm!xhRPY9JKf7uxemOo
zup4bH;jRBX>NR+}ZPqT05LKEHVhN-SuP)h3ygA2fn&UOiQKvcTT5`zuRH}SWbEqf%
z{ARf&hp|hSu}gED)Ep;?Tm0|Uw8I{GL&7pi-LXtkT!yw?!=iJn)j8JwJcm`ktz?bR
zIp*m)=II(JykIbYK$>)q(n
z{et@$!pGbX5&m9>ckA#mH+Z|3==d$}ImB<$VVV0z_eA#?9S+ywKpp1mu%`~Y>M%ox
zCVvMvec2u3jwEcY!x%R`+HF;FSA**u;c3@#*Vo7@Twl8ms<`W89q!ZNE*-wB!@uiL
z^SidVHj%^YLRW-n%k`9-cTQb@)S(%F%7w;U_qx!RYq{%I!fG8>=y17f1}Rhgadr24
z*Lc?`*H9e}&|zO4=IJn7hiN*56aEw(_qf^-4`;VVxSTG7uWej#))Ss`9wYophX-_c
z%DJDEJF`jq@KYWCP=~u!=rs9F&RU(m&G9y`KfUH)*5p|0c!BU49X_VR
zwGOP*@p~P=Tj|$vyJHEV8NbCb$8nRROoul%3n%LM7#$AR;Xoal{P~Wal+e|YLD)fu
z2|A3?VWguq>28PB-e5nc!_zuEuEVcY=)ZfgS^VQ>@qPAPyuS6W{qH*5Lb%E9CH#vH
z&G;rec58pij-RkUV8^rA@6zFN9X?>kChgV!xVl^6SYn@HpQ6L-bvRy!qjWe_hXZto
zM}ohvj_294iKp392t9Ue)gErgR_#tZwrabe!+I6kowie?9J75zctD5yb$HCSN2g=A
zw(ZJ3ZCh*WpSXuF&C99WJz0QA?U_
z7Ch5*Sfay8IvlIRk+#9yEzn_a9d=V8Ui3RX7x_-jOJplOJNeE`m&{#cuue}?^B$R|
z<3lyi=b8r}MG5CL=Tv?7H=6S|I{vf{XDc3lVWwt6Cp7;F&7ZC3Mqe?fki4s;%Gs{d
zr|6Mqw@%-!=N-FsjVE-tTXXK#rM;+mzSOlyefLFu_e)()f{M!o9naJ8JRMKd@iZOZ
zr{nu{JX_7%WVV{a$qHR&xDKS
zmv~z9?ALSQhgAviFu#<&b!oj7o-$acSk*k0xYn#HpSSK*tMI5Q)ST^gT|O;Ed!4Jj
zMxeb;>7~PDjX;ntzr8Afw*ZwC*}8--ItvV&q2jwxD^i}JVsZ|!)T>aG|z*UmE`@8x+`buG9T3O2X)DBY5r$*d*gh;P*K4m#dJ$1`<2Q^gHE7d0Yu`ew^>@Nd?#T-5DfrDfTyrP!=fzEHJTBDE}=
zbvc`L-UT}E4&9ywx+Q8+m-e8J*Qi`ZfUc!ROZ29`Tchu`
z*YWl`-bEu|)3SHbHq%A(chLxR(Q*~*uukL9Md$6J^G?+1PwAA2I^}g;!rR)~U)OiP
z)FERxXuqy`hUoYZ9p9?sTXlTAMs>VyPnvGec-@Bax`gq%Rm)Y}n4w$3{E9Nilh@$A
zJ@uU?!TaJ7oYi-l!g=qsn@D6e^;_NwRo`j4gZJy6Wi70})AWS?PSYCw>!5?=`xsJQ
zP@Nf-c}vx#zjJ0}7Mmc(X8qnZcEd`|U}Y`DK}h9!0Al=Qm3{TRN`uS&d2i+X5WH$N
zsotS}NM0Zutiu`|-mhg^?&ndQ3w8SMb+|!?6*_!OhwF6sln$TQ;Y=OwB4qcVY3=(p
zYY6ofs&GF0X`{+fI%uWe-wtQ(D)}WzTf!I)3C^l#C+Kx>3hxH16?O+g_3bao+u)gm>Ps4u
zw|AAl@5y_({L+9!iUGW7EBOWaM8fMhB=2NSAynUap_lMBtz>6oG2t=}$vdyN6RzNp
z=;Lm}2YCxqqOU&^KE|Q+_Y~nX*n|3Rm(u799FkwOzfAZFx|U)+hvdD@*9rf|yQPx%
zM%7-&4)HI-_c;b1JhvzVl77E7a}#)OUh%l{{an@_k3){#GIBtLOZqkNK_dJ>LP2
zqrQ)PTYRr54$=<#zVP8geS5%B;r*FPRsYnLKGTkt|9t<{>598qOVEYV5G~ht_v=ul
z(C#b$^L?m!>fmXrmH1)b9>PYO3*i&{qt2&W}WYA-_#bFY(+}ob9=xy4KIIL(x2?YBF^|2=1^o7F5qo5}iKX=P
z<#=?{Ki$Lo+P}m9uHtRw`}p<2AN039%r9d+t-tW`XZ?+j8r}t0-^fsJe!sz&GPdY<
zzqj!n3iZv8M(?J+{lS+%c%$Cjult7mx)XZGPVLv3zuZxN$v`q2q~r@E4C1h`OBPIO
z7>7kmYtiyrkhnc59uA9$=dgi5GF~&4!wC|d3DY^8e9D#pD
z9S$kBa#+PSj#i+&olxQIVjS5+sE`f@=`TUxGGqT8jGM|0XLRm=2?-d9a^GkAt
z_~p0n>CC7NiOe!Mj!&fR`AomW6p;TWWGG_=QWtPl>QXocV6z7Z6`H{s&0x?xLJ3DXq&UXmlRTYr}4g-WKW%iELHZ>hDd*ORZjNH8kjW&?7+ug8DW)
zVuE6VjKEWYA9I}I*w+;9BVHTWH83*J+IR#M1mp#z1V*~I21b&v*%5fkbs{Jx@MG6R
zS6>c~E>D&Du`ANK+j+ZliIYzW!chxRqO&X@k9(fLNEPF34gA=d!9G+s`=__Cp@A
zwYEND4YxdHS#GJYOtg%#^tQzEU8QMYu4WxAeW3aMqUL_kgD+_A3om`q=;uDM`4^6w
z`$qkxqpNzzyXobZ`^U!bA2s^OOW#5IxsQAcJ2bzH^m9L{zmcRpWu1Pu@r{1EVR}pR
z`G)eBSNfe>FV)NG;{*B9(>Pfoe@{#hL9F(@B_4;KfS!b&hSosObMHlHE%CoXHP8m~Y=mBg
zHbI-AH=sA6Ezn!=yu*1b=WV{n#CE9GS1b0@!o{SkcGnBO^-J6L(00}CL$v!i?LLiv
zKJVMl-Q(P;=gvk_>zV!aVl20jb3eZTbR+F9?j2XT=xNPURf?*iIp2PN>Gg6v$g~&I
zcTyOT4YETH$PEQRflx4I#6x+^wEA(*hx$VWP$4uB8Uzi7hC$<@Vp=%~x*oa#x)GX6
zo6CHk(f0F$5;@3lqiLV8xztY0k|D_guP0b%GT~YHPYCc5Ghp6>9
zwH~6@L$cDh-Cy$|YCc4dUG7_f>?@Fc1+uR|_7%v!0@+s}`wC=Vf$S@geFd_wK=u{L
zz5>}-Ao~hrUx7{!AoptQ;xzjI7@Z!V6-Q~s-L&FvT5-1=?R&y6|J}6YZd$Pd`Ri##
zJ?pCf1q~qk*VK4`8V^w80l(Y_sOAz{zt;W8sYbT*%*q?Ekbb^B)neqLyjjwWgFbvSY!S#pn`5LP-|nK
z-G^?zrOhW=w0Sfw8c*$)+Wnfp-MeVXF5N?Z!b*O^N`Ashe!@zA!b*M;tDyU!4bVpD
zRcI5m8F~YH6WRj316@SZJ~S>Nvv<^iK^+*>VI9Z)IMjhd9XKeD^b=T^Jw)m2FfBMt
z3l7tQ!?fTqEjUaI4%33ewBRr;I7|x;(}Kga;4m#XObZUvg2S}nFj#y?A3aY?6dphM
zJ+t;zwCFgk_?}kOQ~NGzSF<=Yta4yms?FzHpl0^wMosT(YAbIHP(JfXe9S*tFV#{S
zeGyMtLKuc5dy!->lI%s2y-2bbN%kViUL@H|zP(7Y7fJRa$zCMcizIuIWG|BJMUuUg
zxt|v9WiGvpndpPm_b75b54{L&K+bKPw?nniPW$h9Aj{~3tkgSq=1UrozNFlcodKKCPZHC@}-h{S5??7sI{7Y&+
zOw0TE9-6m3!z2O66iK)Df9sJAQC@H>sC|q!731G3XoUIP@)a
z0y+tug1&=JLua7xp&ztV2a)O^QXNF9gGhCdeW+z1znog{p!PeVd!Uujz0fM?KIlP8
z*vR=+XcM#`MpPAYwe+iIh-llc$BOE)qI#^T9xJNHit4eV
zdaS4(X?LNIUFc&M`q+g&cA<}5=wlc9*hO8tX#Fnqu?v0dLLa-($1e1-3w`XO<-3~c
zd{<1nyW{1^=Pghjn$*E
zdNiiyOvmXZN+SyA{m66#Z5%*|@;)ibB77u3d_uAVtvJ#)Hx
z=5+PU>FSx&)ibB7*K@j^%>Q;lyP*%DJ8>k%=4Yh|nP(1gOktG%C2z7!wL+MZ!_j90r
z@Z>}Np#rE78VC)7217&O843*}KAiI?U!AA~&w2dyjB02Bv=CYZErD)>mO{&Y6R@iZ
z*wqB=Y65mO0lS)jT}{BQCZLCX=wTmv*oPkWp@)6wVIO+fhaUE!hkfW_0=72++na#x
zO~CdhV0#m=y$RUf1a!1dyiJ?lA-)?K`M_2et2@_8ru|gW7jc`wnW|f!_9@
zw>{`>4>kNi>3rFP8UE+sbb`10tk}nCD4n3_yPwUXrI`p&-
zJ*`7eJ3(qLNX-SQxga$cq~?OuT#%XzQghMMI?$Snj@F^0)#zw7I$Dd4)}o`e=x8lE
zS__&_f#y>n@dTJX#YprJBhf=zcl~@1(3c-zM0tP_L0~8Bvz}*?MQtRsZS#HNu)lB)F+YpBvPNmKDHzI
zNhCjsq@63I`B9_-@xf%?Il5A}x%ph9RMGzc0D4S{zkG>rIg&f|Tb
zg3=C9+5t*CKxqdk?Et0qptK&84ujGQ*w#*LYbUm~6WiK}ZSBOic4AvQv8|mTcn$>5
zf#5k1JO_g3K=2$0o&&*ijHKtVvvVML4g}9(XFIX8o!Hq<>})4?wi7$siJk4l&US+E
zIS@XHt?dNmbD+$QGQDjVv>W;W+5>&Wnr}bE^94{ogB|VU`IhvpqSvjW*R7)0t)kbh
zqSvjW*R7)0tlzst~=2wN)kemixAX7~d^{?txZ9
z_d=_n`=AGr=uyUp=b;y&4Ww;^UWGP6o1r(LH=!+%i3Z=(#@@C=wb=4b_850TyP*%D
zJyWn&dFzn34(s><>-Yid_yOzq
z0qghy>-Yhy_yMc<0ju}{4C=t34h-tRpbiY`z@QEc>cF55tM~znsKX+DK>m-hh*Ma^
zDJ3e7C
zduK&7)E@Fc@!ZeioCEbEo)7hh3ZO!0AT$UX3=M&2C^U@taL(g>cZ1qd`qokU)=~P_
zQTo!NUpmqV&E?^-Sv5<>c$VJe(06G^y=K|OtuOBUG^OIi!3J
z4^xMSsl&t6;bH3VFm-sCI;4IMsrj-FQ~(u11EE3CU}zXLijs`Vx{pz%1i5vy9WsGEOtgIL$2MG_#D;%rZ_h%Qy`ZwIERo615;v3lg;;Q412a
zAffuoPyfZk`~*TjUFKnGL8}(DYC)?Ov}!@C7PM+Xt5$oMcQ`BWa%Io*G-y2yT5GYX
z??J1UuS7{!X$EA2?2rR;Ljh1A6ofYj#_NZ1j)K}i?VxC=J>-Gnxu3;32kJ*WAL7vpR4^
z65q+ZZWpv0`T*MF`vx=*&?j$Vjq{-ID=c<5GldIaeO{Juz7d=cgY#i!TB&a
z9|q^c;LM%~BX$@R1+{_NLD5iq$O9!qsZd9#6Vw?>hq9m?D32%cm%R6RFg_2y=jpRw
zVYPd(+C8*xH&%NFY|nu08L&MAwr9Zh4A`Cl+cRK$7HrRg?OCur3$|y$_AJ<*1>3V=
zt32N^ussI0$H4X&*d7DhV_;hcwsl~83~Y~q?J=-D3$|y$_AJ<*1>3V=dlqcZg6&zb
zJqEUFm3bCyk1-ltU^GyD{!?&13eHEt`6xIa1?Qvm`LkH@S&%);9PE4MVBcfS=a`LL
z+M&FTxZ0gu49`%Ie;DK+2Kk3U{$Y@R7~~%Y`G-ONVXXTo7JL-TJ&NTX#d42gxks_w
zqgd`yEcYmudlZX33VKh1-jksBB3bjK-Uqq&LGFE!dmqHU0x7k(H`gdhC;)k@p#~3aGV5P58VLW2u%h1
zGL8Ss;9rN;9Q!YQ?ihXUSc^Vq_NghkkI>nE=u7wx`;H;GdWP~XR`4xW@U7Z|
zz!JX2624_-l}XDUgbuJ~RL^njq&ca-zBY)>(
zMt-@lTWwamZMm>Htv2V5
zasV-TP3KNdrx00PI^}lGb#`=i^u)Gn6BQXA>ag3aRAdPWwnuf&35gF$jt_|s>)O3r
zH~!~#O-W3!I}*F+WUI@Z?8u04yTf6(M?@v0tt@jdv`dkPOIDP2ubSb
z3=Xk7!h?d^1$F8fn-Cfj6%ZB^6BgF4opIt~XpFI`p`v^H;7Dh9myoFN!F})I%PB@;
z`_SZe!9iWpR!1wwu&`);frp+1e;Mf_dxSl<3l7oemUn
zBWxBW_heq6Hw=$4l8==Hj+&UCs(5UTJi=yc2
zC9P@QEDc+&>2cw`zsn0v&u)FB%5B7Fw=wRzc5tD3$dNXSvcP~w3!DV{77H&$VhR?Uv0NBdKIX`K
zKaN%od#mNb73d6fIhWI~9d@f@I!{0XU9AGA3yX#ADJkPd2&dCMxplDNc6&wy$$)^y
z3wNXami)>Z0)pJmfT~|tkq8QER!{!_Mn%yQWCnT|5KfeDP
z(pwsBV%@RtkDZj=+wGPG-L6S&pZPzeT>Q6`NogO9Y@6IYwAO9(%Q3oicmH!s!{>dn
z>$?{=Jk~z({ZHL#Nq>DHy_ZGxsl})nAHrW;M%U52F`FSq=a1yAXSfAJc997Y@d3_u
zo%t{xLWC&6a^tfjwL6V9aH{r1i@JlqO$_s&L&9ZZy3sjN%8sKK6igj8w6fnd_fHw#
zH>Y2}oW8?{PMAEZue)QsF)*QnyVJ0oo@3qCobf#d%aN9m>7~jkiUdsH!Sw$*r#E4EEQI(EX53yM`$^O!{Hf$hZLnwyh;im$Q3Bd
z6B`pA+A26G(BMC@xBa(on?3v8
zd*ahlvXW!n0sTvR^_-HJm^xs|*pk~?x!ZRcTo_#Hoqx+KB{sY5-Coz_=4I!s8e94N
zb@Qh0ce(IiX3MpY3-V=h?on~0>g|cCV5PKf8hUbCdZH{?wWoUio_j+>C*3)8=$(@$#<@Er
z7)1#k-Q!+by!eH2L1Ug>u;7`|7ppy~&Ds{pPR=%SKhw#ja3vw3WdJ|?$iHuiqhm^7U_{%hv^|J&;D2JPDNk$UX};-WgV
z?Z8Xx5%FOmVIhIeXg@}Yxj9$I3CDm_NKP9)`U+^h^Nzwx#stZj%OPucDyZR0PbyZW
zHEK~7gPIsQkMc%f3$NeEW1KMTJVAm9JcKbCD@Ybo^GmP+x=j_6GK08Y@v(k?7!e|RTw`xUBC
za|hm7yu8ntJPIX~=O}NnUYSRY=O$0xRe97nZ1No93(UHlOY;JMdsII(dA{VG)nBUX
zE8YRUGLM=&nB{!Sce{Va!`uN)Ht~EX$LhHQ{=%F)sQDDy?t!-B#n}AOSJgIy0P;4D
z1x@;Ok>AaLJo85UEsQL(Pr-Pev(V_QMD0T~IB
zA+x2NzCOzI_IljPjgKHbA|lw3AKm$n
zn{Ik%d1_7v<@ZBxyP?O8@$t!tah~Gt9fyUdC0S&FH7PB8!tCG@?}F-AN|pPcJgZw~
z*2=NtewUTiEhfT;h=}S7Z{OPQr!74!Y91S}?e!Rc=i+j`CO15+1iEPQ<5X%L)FYbBEFSUwK?J|#Wn&I-yAMIzcJSYxvaj_
zY$pP2(vqw)-$+W6Lls*2+8S6KaBkRy1vFX#=ejx*s*BsrvmDT{g%}2`tXNCZi#M&W
z%b)0GRTLIr$WS#Hgfb5eZ8hDc1hZHtI~l#=MzjtNM6RI8;UPv)kS7Sa`t|M8o3Hct
z>XDb*HLFWTI@7n5TJO?-QZXvu}%kYO)6ZAooQKDmhin-L&lN>9zY^YL?e=tRf
zD0CJP@6ZDfzEzLXjruZmVtQKH$2>Q~U*oQ9OZbWm^&7+#-g;L{#7x;o&oOi>w67&y
z``QUDZO$BRWS?d{bv&hLVVA7s_>GAiVNrh6Ea#B#1CytjA2sVz_HFWf$*;vOD+d-(
zX;#-)>~dY1NBL2+oNw7N`WcTePND1PvCHq;s1;bF7v;SR{4S#VStq_^a^d|3YERb0R^SHBUx*YD!2{NNA)oF*Uef!6hVj>k14x_)dpI;#286
z>=DQo?jVP5B1Ojxxi7qXx3GP3YG|kMhW(u)A{)M@?=-W>b9KqRSPHdn8}g5a@sWJi
zBfgy+)9?>aRF>B8Fn=9NX)Q}z<4N&TOE2k1I0uBIMP9!88!Y^N5$kd$ymltM&AJg|
ziG8wzxunOgJYckl4$W0EI@$2}xr|yCJ#F!KrGCg0ml{!gYqO~eQe52PNvtUQT=yuP
zSdO;T9NpH#yd(EBD^xt%>%+s${)o&rdmVBj19F;qPqLHSVl+TbW_HFPJ-VSbBq_?06>Qvo@pOl5HZ6>dCTjqloZd~95Nd|d4K;L>&T=dUX@!`9uhm_LqH^G9O88#{I-G5?%zh}LvJ
zzosiS`px!9O<9`p)Jf-6c+~i7mUD<--Y6{^&BkAiNwadklJ={Vqt;AjIbX}ftCXY0
zUz6us*|B9g>{T`5-C}nU{
zdPz-@A|*RDJFb0bNN^z5)>gK4nz~74!@qHJCo+n4rm3Z5%&T$YAJwEWMk~2_*s|>G
z)_Da((bce}Dq2Xi;a#~nwxo|%R-IN}cv!=VxXHn(iMy*}G!JLeSoc@EG^rw1{iN$egy$lO&i`E!yF$11E^KZ|Vc59Y&xsBn!utYc4
zZqwNe_1mt(ZL+x&rdH{KMf!+VGB8k-2AjBLc99}Cr%S)getNZ(5Z6AsUE4O1;b9@I
zTLr8Au?(5fx`mCiKX$ckO|^)RPY51>oWi
z?aJ~!lamkZxd{?y??_=Hk!Ti%Tc!)E9vK@uTHS!0VW;{JHW~+EqHr%pY~UT^s34ta
zj>01|=+%gD>B;lfob513h_!XVwSZyjV38CHsRTY1ccv3$mKdQ-t~N{D2x<`wt4%0x
zoN2V*STR&8_&&Gyp_!S7_Rc|Z@5%Hw6N!o5Z0o)8eQ4;`*_qQrLwNPyWP>+PG}i~Y
zgj`oW4XzBp30r61>~R4+3b24q*^})J
z$zK**l8$xIYE$ivxVbq!9`Wm^zj4!x-+0S24?Ot6TNW=JoqpZSJn;29Hr`S@APdn0
zwc3GjI5u?VzZ}?|_~X~!_udmH-h1CIPo8qt>S1F#`R;-K@+tCFA>?C1SqW;rBafJ@!^7mlwy{
zEY-g{yl}>-sieN@4NBg+_nBDAvhk0^U@y33_nwoo=OuoaOYEJpc0k7oF4a2_W*C+j
zLw0~X260>
z+I6r4q&9=VhUo6V;Zq5~Na3L0Xy7s13abzf?~Q{vzI)#hR9=p9>%_;yG_38S?Z){%2{r^dLL${p;`s!e7eh~DX5Kc6YxpAcA
z68ae;B8|8WNR4pEMbOr;4i*K0bvpeTB5(0!1aa6pjQ$qEjgTT74y#s5#auR>iiSfy
zey`DhNVy8<+fA4h@ecGJByN#?pw@u=gGFlR;d0rt%~TsaMgkFozaTauuLAo{Jey5=
zC1a?POZScDvg3Evi+znBDtIoA5*#}}k5JC>yGlEIdw2HTZqezUT|Sf=?jPEph%Z+5
z<_?@XvwHdS;CMCb#4SV-phmtI3O5sJ1r(75dN+Z
zSf{5)UWzQwGVtXQ46{S8unUJ?vV*{_DS&t9j~&0A`zNz6w#+=TpFIu|foL1|oO}3@
zGwjg<_opg_jhF0y;cUxG`A5F14$Hd=EWL$xGF><}Dv$Yl)O~M1hHOrG%-^AB&h}%-
zzLm#(2VHmgm`(dudDiBAzK0Gx+uvt%%-^7!*!K4!`&NF|58=;VeV+(8f_Oq6^JC;U
zbRtZf^x1spAFx#Sv$*g4WAT&V8=vqr=bI0iV3fDeBKie7IjCH0Aw_PA<%8mDYA{d)
zmNN%A6t0S3BenlTzU$S)D2?PA_h`CtH}sS2dV;V*i6d5sI-lS}P#k$9grdOrZJ}dc
zr?U>%mqSE2t$E|QLLIoUx-abdgO50h_5bP2#H5X%S;fbArpU%P`{UveoO2fM_g_W_
zBp?VshH3kcl=Us|9&;vOHmMDuM2Z;}l&L8ffu8Y;&F(=h>iG0pyuF5qpi=`RqwqJ!
z!Iirt5Gxne9e*Yfd*Z60M5Jrqs_DZ`1;b-opCyyZ0aBrr6(^M!)G~5pqmx?XODc|U
zn|26Ws1jJO#f^=^fQpT&i(%&n&Q3W8vLc&Q7Xr4o{JuR`{YbE6y`q2n2NhzLH^!Ly
zWA%n4)%)?IOxIfW@>%xrjX8MtoU(k6-hwGp9?l;X%+bk*6PhZe(c4>izPcdX>!cu&P0GUuy)_Rgrg&LpuvAD@Yb
zMny-#6ZZF_1*GJwTWCe4ETEK@QihFHHF=_qwL$UFUS6>cT$BefqW(2
zjFm_T@8NsyBO!;j6RGCEa-_QThZfm`-AJ_#G}R-!q!Xr&Z3k0#4{ToVHXt_=)$nc!
zfJh#KrzL&3rSnzF<^e27G;WcY!=
zY(KNv-I9cE{=Z$D28{-b|9#`Fi6XVzkZHnq%QI@y(1-k>G-8hAgssoJh5tvGD20H-0J!9vq=N>joVfLYoH@sU8%8OrFJN~S6Id}7&
ze?fLFe?EW5J7sz(s8XlhERP|(SswF!blTfO59K}-`H{zbcPmy2|1ARhxFH&W*Hwl8
zsc3=TLMjq=*b&fdM^KvP_C>T+LMzu~5+Kwwi?u%Mey2C!r!Swb3Bo5JDg`
z4ujm|cDvvmd*Rc^(;2N64n58RwII#P^SfhkD(dtWy{OiW4i!?!TvqKgG6SOg2Do6YTwLNA71TH9kOa>
zZy&4VReNrl9Z!uV*r7cqPHeosFJ0eJ^M=NYr3U4bVi%@WE?{n1VZJ$=@)=cH9dHy;
zj4gwla+H)br)nKeS{A_^tyaCR*8oOIt5=X&EF@xqY%oh1#_5D3=9D0NymCYY^Qzi;
zqPC1_#WT7_r2$|d!{J4@$J19#-Z}!O!@I9Ca?`-bxg8JWZvN|mV9@O@X2&e*ibeb_
z_#__N#v6+Dxd)ebKQwdlqiglU&k&x
zhClQ15t;!wSswpwbRm_mV`ji(TGziw_krY0T=}|q2i7bOB=2zZU^ZiAYGiEh1lB0%
z9)mZDr31Jpd)2@fT9g1cuYsGRNV!A${W|Ui*_cdFdT64YEE75zb2?(~bizcTE(j}#
zEG4hf<0YX+Aw{eykAD$=1DtFO5U8UA-Pr4x??j`1urhIBAy;!_X)86O)SJ4sw`zH*
zx0E($`ZKjqPx>{r>6r(X_P=o2AO3%^x-Q4%Iec@tCPL-lPehmAOEgzW^r?Lj_}jxAzc`Ml!GT@jvi3Y}zoQ?+yr%baA%EfF3sj5b}S0gJ2w
z^Q_^8oknmgO$75Jw&V=J%6lG~Y2Le>7`GUcp0}vpuVU=@2LwHxyTA<(g_x4cDR
zo$>Kh@2$639^K@fo|o08r|(}r@GyAimDU{Ro~NuErefBR9_U~n;+~(1=v5A}6cvV>
z4G)M!aVX%MYETO~vlJavq=OQK0Z?<%hb4fgq)pZrX%%w#4^{;kb=en5g16{nUb3928`TppPwC#Pq^kBz$
zuA}Ag=q;p-j}j&2`;d+nexqAQ!?$=2T>KrC324}ObHrg6MMR6ija+BMmbHK_5y&0S`vLsnhPtCXsPV7QdX849rpy%aF_1v9f@1S9J>ho-7`ama4~_y}O1?4~w5g0I!gB;JgwQz2J)i^2nC4uS{X1
zs8!8tMT17%xkLxzHfzX8Mum9wuh9viUI$
zfEYwGQl)XvdSCBHrB`GN
zcimjiMSCo@RN|gT-te-B%i(ZFq7MA8(6>@bq;@7k{Z6-Q<=aDjiH6lT78|mA_7Cm5
z#p3WTSNEN=p==6Anjj5%_w4ck_VQ9`WmjLZ*tcs}sc+-4U^xsfdd1EvcQT0#Sik_;H&!|1YGE~VjdCY&)3Qobo2iU_9IFO3cZhATaC
z=jo4JQBWQY#fB0_$g675FG;~OBPAS3oZR?avS^C*1WIYMF_Dl$eL*n^{xceF8!sCe
zE6f)+ev~RmQX$0xo@y%6=iT^8urCDu+?>%6Y4)lgMgNpoBf@#pQ=+6sgSk
z3ayIeMU5|S&6)HF9wfQSIg@hUQ|Aiu*sl&jf=ESPCpkF4=F@q;CW9m!+HXQ$ll&%M
zrZ>TLEq}w!>tFp5zb@xMa>*-?|H9|x@!QU5oBMz1-<9!@NjgYR`MGIM0iE#M@P#_=
z$0f7;oNp0SLif88Wg~6M@y{_W`>Xjb4+=K^pv;zrg*Cu#sn)lL4eG5K{qB0IqNm
zRNdq$$Tv~ctW$I%uUUZ=A($ejh!^6>V%BK{BQuh#>+GnvR4H46Y(u_ZU{1X%Q7R=8
z@G9L~_{kMor_CcxyS4ER~Xp@^c?I&J3}C2lcgT#|B%xK&ce`Ex#uEPz8bfSPK(T
z)!kZdOjiXPUZu*b5V^$&thHT3S)1EDT;KW7Z*TJ?+(8iUh16&eHTuhufY%Ozf3@UL
ztK$F}WuehR8S&YM&;TCj_YuPpCb${KZ;=3WKusl(Kpjv3os*;lB!}$zKoaZ7jHtT7
zkgcusdpW(%?(3%?pHdbjx_(YGj^OnH@lY1Kf8iU7o1DuLaw2lBh@J=x9%y7qCI7o
z^N?k^x4FoeQnJ{3{bCZbj28mXE6zc-fjjX(JnJ9u4)4ZKRMimyTSFe?@qYn2Oi)a{UGW%;VbbsytB3<>AR((W8-A
z;M~a2PGis6v1v*M-S`~-mW@Vc{H*m`CK{RccZf~BS@)7!vste<56y4<2;?B7HBcFC
z^rD_`VI
zbLP65=Da!Et@8sPzq+<%Zmp@v8bN#|x82_hW+dDF%PmdOb^U9K4Xwp~#N5Hd^7y~R
znIVd1!F9s0;8xsWgd%m6Ft^twwh0JskiISq?I*8LO>;m$sC
zG*AZui_~Dq^D+<|CBTX0aHn|mLPOl{wU(Iv(%`V+DId|{u&U>3!J^ns?^**Sq
z-k-=b3ISv;b9>pMyt1V{FiX{#CF&J7oGCc8qf8({M>H|zk?g8IMOi%
z`uGt4C~`|SA8=STF#0-jC%Lc6mwij_WGcyoWHD6?_tLffJzs
z9mt#{I1YJEta5TDV2k!uK+XQWv4AboSDkt2qo1;Hf@;r!wx&O^R4t`gE^&Sqr1g2C
z*~Ixd{Pd>hhMJ&lbo6&X=jqzzAwoFhH7CxNY4%OZoZ)l*sp<)lJjDU@&bzgF5?GWW
z#MG(;vLsbIk)NSb>v^(Y%kx4C7v+v({*+RokqFY~MWd}>nd{Jh+t~)57^=6ZdL3b{h~#aq%lMk4>CTM2`-3gRw8#Gq4&>+}b40tHb~ag{v&{
znSoxo{xa)jQ^^c>|99Lr3M6*-v1~G#C4OAEXIkb*wg6NX2FaCwy3!}svFDS}fT;89
z3)@r#>TS^=fb$d)Ng$qP9ReW@2b|;1
zyww$GHl2};5*eT+@EX6{vFGvMNrGsZ_jqmaVE^d(B|tRT=%#v4@KAipQuzY5y@-4p
zz_b^OqcivI-2cKEf9M?$`d^-&dC}MFneWf@-Up2pOckLISpLfgrx}fK6
z=SMz)GC#BL=(VS(GV$qc{CaV)dwx?FztNsw4D&mKc$Oa#E!dS|hek%yk+!Nt76?1%
zT%BH)Z4ydhO`_;Iz)|!}FheN1(~(XA3kepuv>xaLVUhmKT{GlacH*w}RImT0di_9o
z+_Y;I3U-(56>MtcKH#k%s+%mfq$NupPqX0*JaJj
zp5>f3*PQkOXAS#o2sDa2Eljlt!x)YNkZD5yH%)RRi^7%OthXUnOJ%@mlqu4sm`N}5
zKo~(e#8_Rrc%W|7FmrCA*BWn`u(2qs)b09g
zAmB}Bd}iCBT6MrXSPnG?PVRFDe95rIq|FV6(#1q2JlCYm$NzSGEuZuzQjp90$}=mt
z^3KviE}IM%1J>lq*prw&pADzVCowxv
z;X0`Gt9-`pd`1hn=SAYHQLl;U1Rze8+l3Tr1nWhWc!@H#xJ?Gu>8NvHg2RT!6-J3F
zYP<|3MRLs0&I_P`!4Sep2s3g>zE+z$Fnc~>yCgkaca+?*BbKQF_F}VUW$FpX#&7KQ
zIHY_(try-yH1nA5vsfn``wAQ3>uA9`;{C9`bRB-v3-~(X)U)r2_hGk}gz09}56}*_
zCCUgEU~K?np?pj^FA;C9*BjQLa9~%G>cz(qFDm57D*z@8ljBjRB0GeCL#AIn~f7s<4
zgUO-+ZA0wHyWn%-Jpcdkxqn&UmYgz2!WZT1Ul-m?G`VWLV&N&{DV|N^+ZNtc;}r|<
zs_Tk{r`(6)-12j|g~y*86@QIOAYA8h?l)maaX+^e=T<(u`Oe?q`;uMxUsryF$QODG
z!xu2Q?5Gk&w;vU9r)0F6vXs~w90W$Nn2P#+1e*^0B&Z(S{1fujnkM{;guWiTlb{nX
zvTEeyB}%G+sFJfpb*jJqloSgwU&3uaeXA4>zCBQOe$>W3>kT8_NL|nU_y=B(KMDXs
zTh4D#&%-ZW`H@PC_sa@Lnyy&bsRO!{@tTZkv@k{Do(91xLe*U&GzM}L5r@H>D&@|>
zrVBp_n#Vf-NbhRFyCS15WcS;h1VD7XZHC^Q(yZvsJ6|2ybl?3GDIQ|}gvW7uC1(f+
zo{KtdH{GOB2mG(`_S)a2f7u%_7hg!3%ZJWxPRs0(Hs^&B)%RiD_}n;ueHAYRKacr1
zA8oz{^HlUry!620$IPU>mB#`lJHGh8+2Y1*mIy=gRK6D6;!Asd}yx5a@dy|
z)lOPgVNC_f$s|K*e7k^waH#q~vA2+?d|;=;ZX^8zK>|-07CsTFy~4;ppyV`8G#ynn
z@Pq{PIiexF^_RvG^u^X}VVf;xclWrMI;wG6do0s_UHEl9)!3fIT+Z%yZaf!}JodQ#
zkk_7&RCascO9M53pdN|^dFf>|Q1%{A)bO(^-gja2p6Q^6u9uOl-}Ay~5vmq*{_j97
z{~B{nliZAk?2tNM3Bg=Axk$>P$h`^)ekv7Ly0GyvdBj&3(w{u`)ojN6jdVb9tb$m8@>$h$9NtQ@H$Ueil
zLKXFUyg&S*!sD9${6>0l1uMwkny=tr$ee)63|iUl>u56c2>#r<&N+d`L!un-xZZJ}
zFX7ZrPzA~E0{a-Ka$}iapw0C%znmm%Df5d8o{;$!`03ox4wK2vPWNAR}t)A?I{7jHvw%zRTdpG(ImKt8T&LKgJpPL`9zG1tzf!#lHhxuT
z3KyE^$0{k6$_gI_Ro}}PzyS;VWH3Y^0kGgOAW0esR;zIx)op|bD8Y^BvYlBhrga<6
zdo!g?D+93QMuuw5fhKQmf$SUV+eKkRdjcf_4!}Vg(m2%fqa7!d!!_+_q8GI2atd1c
zC`2w~qp&yCGPw%$Z87QE_&5(Tj@~xEvoY(Y1eM_}l%gD3YZ;YET!
z5PAgW5mLvtW~_Wu$yZUKC$gZ*sZ3z%Do!3e(p>d=tSZq6Drq#_wF7~SMir&oM3&7u
zhyZbonq`RbWvfZ)^dToW*Flrvq1sq|tiRM-zzy>}lnQ$AFb~Hzss2MQ`cT}xZ3C)|
z$LT>kCwCDk%*y!uN6yX^=KaCF^{!AWNQ6-9#(@tHr1F(L?qu(Wi}K{*<@&ste0S*e
zp;7^-ksqAcd3@#a*N8?N7ZODjV-dHgKM!uH3lr#keNcF!`FNC>Z2JbXD&W04K?Tk=
zJlu+(Bnc5On~gJ3WZ6L^VQW?*5ID%?GOZ&VmRvG@suQm)N;Ab#!O7S$FTrBsl;k+aV0Mbb2=5)blW*=I&7RZ
zu~@owI8E7QpUX?oHiBS=HILGgX7#}EpdcJQa^U#t@x8m3ch2vao1JP7E)6fqTCA^^
zf|MRaDG{l3+Wnw?I}@PAy_89}Nowu~Zx@bDfrI4$?xrZ%W(y1T1|3
zD#*@&;5b@Ko~|t3>3l#eXL6;_lx0y`mxEN7EibPfCK{Z*5+}*r0ordz9>yw$|C?T$o!r4t}&L2_)!hI*PAO_4dSG&?Od%Oa6(6OZ&%==mIj9IT;(L
zHf$Y?$YJ<@mI=ZGF;6%k3&54gStLRpSaP^7{~Pp@_{}b9Aafn`5wxxg9JhjVf7XSU
zH(!S6t0U5bte=5eDe2L0vy96Ei=|5zI2?*BaM?Hu+O0a!F}{rM9cEse1}=1)TQv;h~7(dw<%pd6ybJ`hcv!r<`u;wFD%S=8K0_#ar6Ake9XFe%*GydA4TT+J5(
zH(ZB?gI451*)^CHkn})|*!{!k@x3g(viVpvAR28krZo;WKrZ+bMw`~wEd^{gMG82~=uQDKU^Pi9k^?S#
zryQ_Ygmovp4}czXGfY5Oc6n}ja$8BS%)4^)SZ(4^ZNKcG-cEzo&7l|2gV?{X7+#8RH66K>I%&(WA
zhV**Qb}=|P#B>x5Ajqau@fg>s6K9@x;;aZ2bhyi~oqCiL!a|J>^9{DeS2#y$p&3L+bOOGFVqSD_R
zb3#wRX5^e9StQuV>_Dzv
zTN-t+!!N7|T0C(h65o|9wj_QRXZ+kUp19*OklJU!9d)woP`#%QF|Aaqie?g1S8<6+
zHc^aJ-q_72W^=m%3_}xrf`HH&0DTZC?%5%V>a1?PmMCh4L%Yn9E-@rpWSOII&Dfnw
z3um_#H(MnPZJzDqi!4pV2SEXf0q$-tBU2bn9jGmih*B-;hoG>H#5sl%`{T=KW1}J!
zM)6LluuMvz1podF4{ySRZHMvzw^F&DqFtk`diP%7
zRw@0ZWrcD%iJ7?ouoi@s=90V(42I5afTIt{mFJT(>rs0t=+JnVC;kNefIE?>8ISr4
z!2+SQ(8aXzExb+4)w1wfdbq{g+v?kH4&Fw?B1#)&=hz>hYef?Af!mtqY$o0lv|07M
zAaCjEB7od&3gjAcrQIN&%P3~J4pgtffa`jxJ|k61m*~U?7nB3lXy~O@
zN+FO-Di{D9!%L@7JE!fgoogtibC>!W!RfKN9&ae4+v7SuG`UNRIBZ(yU@(-`qy~NA
z6bt8aX3VBP7szEi{-Hwu;$*3BaDMbdy-rOamWgH~eTg?4t>J_>ibP9M=)ufChM8N@
z9S+z!P1OqwhOJ`)jgC|mK1&yPQ_b+HQ|%!tOb@^d6MP<9*dA7rSmdd-YX~}uO)yJd
zYx0BfW3}3`@$qBT>amGH(%GBzr<~3tJ6An2I(oEHIXXIeq$*VpHV&Sx9UQ2w4hW2A
zS1hs1$QD7Q*=$1G3A?D(8WH%rT6h$eII$ZD?_JjFMS}hTqUN#*G-m1vP2l1A-)_J}i8E1S!68H1%f;9;*mrxsNz
zd)Q<3s;#E^{_~R4^q@B2ELy_-!OZ;LGjk=iKOd+h?i#P(H0XDghu@kw{ovS%_e}gc
zQ9S{fcn7HNMAW<^Hz?IXaM)icE)rr9SH_*eOFNlUsp`q#tq}nra|+>9BwKFj-Nxz5
z7G}<;ckN1_pP9LxzTZ9*DkB>j8>}44jzps)mci=T4}9Qkb+Gl_DtD!#-fe5|xp3!G
z=oE@mhy*sF5)tj&_aT0U30Ncv770)n6Cl?YLFgDx@PHrBTOgvxP!RkB-H5bhfnDnQ
z%i*S3;Ei6L9#2e*PWUKI|A4Ki);@}da)G3@*WZlZr-igLSG7B{
z6urmsAS!tm5{L}Zsbq!YuoZ9sJS&2fbrW|Vs+4o7#fCwOx_Uj{qG#^rfzj%~OBes8
zzwFXTDe3ropM0!7v@m>P@Xytd?0w6n`fY>5_s^QL*>8g;Zp2T2fVZv)$C^h9Os#b}
zQ8z-U6HYbIs-X=;G--Hrvm+6A;(4ze;DD^vAgA3gIvGbpqEOIJjLnaVS^>9!KCq5i>MD;vb#`qpQo`zY^^)$D)$Hyd#&N&ddyDdY5Lyq2>vT6ixM&
z(~X0b!hB!zj1={vS+7#%p%%;2lfL_X0zp
z^ZW#{!ucm4oNY?T!B!a{LMVzyY}A8>{SYaPij$~*fl6is^vo25C<)abo&~fyrt8m;
zs-l2&WPT_Lm463m8K0kK6-e0`wH{;pSbF;heo3M#Jn3}NCH+;-;xMU$(fJ#=xXG#+;%
zO`&!FT4v$Y_@^5)NxNF=VPD`q-uC_eyPg;nP0{G*rJ>(hU;pZP5C`CK?eOO&hU
z>&bX18_uG3zlZhEK7qH+mxq6C$pfV}6y@2nu)uOS30vj{3V!jh`ra4LK6GyN*0FQ5
zJI;;Vx;l63;OqcOX>T)<8qk^Pl!)1;>gjqY=ysZoNRL+wNin&}kS(bQPpUJ^jAS8}kIK^PwE;|*
z3^HCh=64nS{(f)3tSjwk^WXT|z|{RaU-6bgCVOWx1O|)@Wn`o_JD_2xvu#+E8S+YDVtGAZU0hvVTs(AWA?C#YVlk)7<<#GM^Ue3(bMoXp
zrbhkvabRRaM~@CQ$YMt~Q{hwWH&M??&!_xd7*b@op9MH2bhZZTtmfosI_x^+19E4c
z=Tf*`K6}=jsKwNh&m}ospN*l3QXp;Lc!SHy>l*=CFe{!F7p9sM3d$fq4Bi2-e;hf6
z@E3s%KsM3Ogid$rtPqG(?`vS1XqH740^_1u&TFEBS~wnD(kAyAkQ6
zKGV=bZMA;CCty(P#P@5D*F9#RiQi}$T0gp<(i2m%NiX->}
zPPPRNaSX6lr&4H1+d*+kn2=7!W04T~{w4|KuX&c2%O=wBkh@4po+MoVw&&kacFc>-
zpq1C;(ChjW>0&YME1EUI#^6vkytm{JN>-mI(Of>DCwe{HXwD7|PWs*7$Y!O!e&cSP
zZhmwEnTR6Jc>Woi#oi609(B37XaOFR%L2{7l(2n}jj94y19icEM%NfHjP@*5>j>~a
zxpx(f&{QJjXgL6^-fYrqg)j>%Q)vZPJmlxg?vw21^9|p^o@5u_>-oc_L;0nCW58^|
ze;REy9?JVfYb{ipSegwb^HE#G$k2iH-s6)uH)vM(lqdT4)f}F=k;xU)j=t&?!q->|
z{oXS7;*sXfdcgg5;tDgcN8n7z#KvqeG2t{N+Tt)`2o7`$bk)>)ADnkUdUQl4_ubK&
zZYeq4cQ%`|s`P-fGeeQ_NAJurX7}DB6)wJcH}}|o#`b`EUQ{gdIs#HRMPKbLLrwdrAm>IFX2xB|3?+XCe>Q)O}Gon4frkIw=6T@e1Cj)@APnaaL35V
zj=}Qq^xj!OsZRWJh2rs0D4EnRjSnv9G`UEkP)I~_8r{O+_!9GGqR~_;8qI9{%iPHD
z?A-A19C)Dzys*G|p(LOOnw4qbYm3x(adYJ{FHI*ucd$Vr7opx@UTOpfj^1R04vtnl
z?6%mKk!td;N%WI*{o6*r#T=9wAe{FxnE@t;d6ZcmtP^ZKm)>
zEv3ZM{ZA6cNx}(#-fS}9
zY3$Hr^89LB)fkn0P#^-pGPdX`BxCaQpjPf1U^5&l-mGu^n4?Hp#@O}1F=VyCxF!B1g87ttN0z4SLw2V
z`WbNOE?#%ir7)d0q%hBKt1;PW7F2nmF%LHPU0Y+4aHdsjX-pBClER8gqGv<{`(t~Z
z$*KO!)S2w`^^_)bCZx(N_>pub&Tj6~nVXUll2L>Ar*K#cjKyBRw!V~w4k>ql-M>72
z3E6Zb3KI=(*qy9LWr8|H-GOm^ny(3viFmQ7;Mg(00DX-bG14a5~i$8PDS|x=tDhc3`tx>^93q!KyWDX>H9$t=agf
zVAN}k`bQz7En2$;9+`t_t!nLQ+GJ$XDG3cQc_PcSh*(c*d5VG{!@3J)5NX3oHj_vQ
zXs$FjJ2O2wF<7tQDAe9U=3w?3Eoh_C)~g%p5L;gt@86O!svA|jrYr2>Bg7k
zTDGISyKZEG)W|JIFEp%=oVnH~+|OmvZ86wGeQ1&mAE+&ktZ4qG(;IacE!Z|Mqx}U5
zuLvUp_LYelP%yrVZw5Wm-1G+hF2CRH#?fcJ{(?VG6+V%$+vmp7rfs|b+QJAG<6IhT
zYk+~9?Kum&{HqN_HxZ;(`*76iYAL;@3rJE-X$P|yC8I^UXh*g2%LraVS5O3~;Zx&a
z>$5n>&uBEQ(s_QyHMH0@8F$rcNy&E@aoTpfA(EhR=niejw4a?0_$buH-2}E-$)4+*Kz=LI!scd;qD@SVysN|
zyRc3PRu%Y7OHWtu>7nNVQLl4@X5)E2y9vN{KN_blT+8`1@cgcyOB257hSc8PC!UX=
zCnz~a(14q8nBjF$*m5@tYe4ITZDrbn-5cs9+xe6|SlI-N!ly(|$kje2;P)={RcSW_
zYPKL)EabNCWQ&eB=1#uyh9Fo_@Y)b89B*(^QWo4nXGb$XLBt0i0To4o&&RNNAB
ze_A*!u_f@E7GA6Ppx|1z4*uOTQgI@-0d3{U|9qhBvo{3VK5>ISs25z6flS)sgTlPw
z-e(DkrJ`8wKy3}af_JMAdN4IzY@@d6;mAwI9=$8u0o%f=PJrfnKy%p#oo!BS^+7vn
zr&cnoK;>(?p>5Lr^4!oTehx1*j`{4ud_qE>u-M#TX(P9r-lXDpwj>&D1bCz*(IR0c
zmRcLsk~VJJ%zEiY
zZ076hG`!-qEL!XXQ05Tp=bvAs>pq`wr|DT{w
z_Olx>kVv1fRn`!%Tt}Y_cIy+#U)Ua`+@ep|>QxE_dA)3zCB)0nCogW=uhJ)S5kwkd
zcw4nHys1_|&|ouh)xZ{(spz3$UIDVL{%O(um#Kf)^7RxDXq{oZ*?w>o;hE^O+Nps$
zR1cV^T?MkKdNAW_K$@GyEH@5m-k3IFyKhLHV6S)~
z+PQYbknL^(nb!*$l6<`~$QFTvYlR4oMkJdGUE+xgE)k-6KllI#g*sJQFAf4lIRUN>
zZ~PSPS~h;nteo$Z?5go)A^7Wy;jhX>EdK0UpM>Pln
z;gp2#_fec#4)%A_K}ouAQ$E%~hib>qVn!jxMo#(RBg*&o8n;N(`rcZhXR$*aknR1=
zJ__~GiGQ?0_>bzKsE7kVE)
zcI@Ha!gw@OlKGgugUhkJ0ABz+g!6ON7g1&;SBq&iSjMeIW26Gp8Yn-kZ!(gP<}sl#
z4xP*yP{+mb*1WF0JsR(6mQi1$HQR9*bw#%hIX^e`p-$8?EG1zWbV
z&@(-jiPgeAwYcPq`8=uoP|~T9Vy=wKnPn#`@zzR6fnqXR>Gilr_72XS-oLjJEf4HI
z7<-OdpCNS)+eLUv_*1qIbMiIaZMk=Ur_^h7yx_eG#h%*aH%L9<33fO89;#W-Ej?`k
za6>KlWdV9Wpd1^npj8O2JtoTwT(e&_%5~MK&fDOSXxIl#kSkqD7UQjG+t8X*29NgB
zy({J7N~yeDEG|ERA5a2VTJFO|nq?3Bb5;fStqM;zjeDl5DUVJoqT#uG6lfS>aJ-zB
zsj*?z$h<*RkmJp;=~GDCSbExomrJ#be|a>lwrvMDpXY9LtS3WkV0f@th=dWJ!P)A<
zDqAI1kfn9KK`e|4v^0uhkVBVFY&1p^k7UUC=>lF{0e4h3^zY6@#~=uBp-FTgOwiE&mj=tUoM$!@|pQ!MZE
z<>N-9QIc@VqS5N_5v{n@pL^t&n^vp!+Z-s&3fu7~v&rKznM3Iw
zd)SY2Mj*7bDy`XsFFK#yq0#wb_DDKlHhUlwl8}wmO-Y4>gk&>D3KtD4z?h67s0l~_
zMSUpGM64FUO%j&KBt)N+s{OEQ!KE@i_fz_Z`$Vq%Sd7542!fk&K8MvPsus~~R#-ri
z4dtmC(G3E%u@c(1fh`SGpnN}t!GZz1T%2on&=C*bOao_*@PA%iwSj-Sgbt~TIKvP9
zR2qr<&4v4ZJ^6~?Etm^W;@|xYzq|`S{AT#cya+T|uYPhVySQ;!jl{Vb3k#X}^r!{L8pUh&h>;&EieN%^+T#Vdvo+wT{I>
zDjjolqD^S%-20r^V)Lql$c@#0&_t`D;ayN6lb|jeUb!rhS5ikOuB`Up8Mj`Q%I6bmo%{3)ihixh9|+DT67xam
zJ*~g^HrE>;FR#|6#(}=qzR@MQ4%PPDo5_}p#!@zW@1EKr7oKOtyG8MCNy;Zg0X%#I
zk6RQLNhZUh#)ZSgP3suS_RvNaAv-C`!6haMOfE0+ZGZ$KGJV`gIK{gfqhYPa=nn?y
zg#tmpQKJnRZxtR@~`7!}mDF
zUd+9joZxKQJS0*o!hLdK>efWIX#f_7YVe
zJgXeZln{jYB5(xQF!y`hD0|3xa)OJw$N`ZJDr`ZrpTcOB4wcAFg^nw%3ZH8%(SDo1
z>Hd}d8+X9Ad6(`>WdFC`jJisIO71q5;?Z8Bk`vpun1;_rT>o@jq
z>U1U6;TX;~Ggn=~`r|!>|G_EbZaQG2Eb^toa)B(gL0ZPeCRr}rz@&-WBcfZmbB9;k
zM_w(>jZ#Z!!?k^wVXY^uw}+jsP$7}-9Twe2R2(>+E~icx3dZxba%B(EEg+m=6YNQB
z5v!p8kV%j8QY(d2Cf$JM_3D)GZ16QY-D`Bac0HkdKk+7=?oGNk;XnC1Ujf`{X6v0A
z8T{Yt(P@4(R4x)U9Dp}WycgTe{n!~9O#52Ce6rO;5`(`lqK2wLM|Iy6|jj$_xgM(rLvPQv4M$v1&Pj
z9fm)I`yx@R^R_gLnQh>)~aYK
zoWMe$rMla0uecpnZMe`FK=_v*!$b8~==_4t(_}KpE|bok7)YRPH;&a#B)r(f?s{G2
zs+KENyK(^?tWjc+7E>X%q1Q==@7gza;@+wImnGHYfL^E554Lav^qgT$Wo)P~9y=V_Jx4edun@O5kW)L|OkrURsf`W-)`xpF~Scq1AP|zR`Mk8Ut
z1-+W-&zc#`e(A8FgR(H_#Iu3{7?A;auhi%a>#L?j(YUeYOGp-^#Et4iU5`W=^cd$nj)KQ{Az4@uff(`}|d*8#)tTA!<
z6(7C*k&m8Kv7wtM4112NqsObmvl{jM{qxbX*Pk%KZyz9Ss%lUtyfTZScK7duJgGC2E(k#1iRtlji1OoK|FX=kv2rI-?sMv&UBA1Nty~kUvpz;7>n}DMJ
zYkW#MB1s-CM^|wlxCrz?LX&>}#}VT63q0=UeG-SR0Qpd1MHHvLD`lN%m?+nx;hd(;
zs!r-MMh;91*=p4&@ME_(CAZ9SIPVGUhk7pXd4+)
zE;N%m{Rj3PFD7@6_1-oxj-wdK8=J(IyH4Su*G)1F~xkYJ*Wt@|oD-EQ|=0$?73i5fT**Y6x1u
zGa^(vWlum>i^85or8SLXAdPU6&?;y&4crY&_iy52D0sgJD(%ew%hQpLE5LuNvQuOB1pG5~q
zq9!$h6mCX#oha-LHmjWNitsS@fe78h1L9f{ywOGfE+Atan8B~71wcv5u*}eU%LnEvG{i`EGtNr%1J^R+y
z_U&04)4AX0)5UtcQI*<1=+Rm1gLaMjfLr%KJ%G;CRLk|SY5|fl0n7DN^X7z!sf?ln
z_=C8UFy1AYl_)GR3Kvbl5iJrTPDYh@)@snBxe^7Je0Jf6JEetB
z-nAJWbyIe`+wQP??JkElQeY~601iKa%Slj5)#)T~0!_?`8bDSuDn^;6kiWb_mY4MM
z2E1;u@p6yocdR=CqE8q0+;{H-#~d!vCk8EVGW$gDkPJJb>4?W0PYo97q#4|k-Hm%@;1N6n#izx0^8UhCJ}zWcHApmX6Ll>e
z(dbrnjThi^SejEk^xR{h(&l&_Ayxbn2>*!;oe^*@8^oLH{%uffCvKwRH-b;{R`%A7
zTQ{QY%*LDf8$8MO!-wys^NNt^t-gcp%@F1Xf!(A2nH>E{iFe#}P?%&1Su90xewV+V^eHG>&&cZ_Q+^$EC&r
z@pPyxR0Mbj_4z>I2~-rM5qOzudp7(}f4D<{qm?%MMMP9GV*I-B;)t
zjeTi+u+gU(Z$9H^U;4q0N1J^p#Rjz_S6;&ofZAt;`i^g6d$HA1HWXmy6$$^
z%#lKfc*0?~+Wt10meSF`y&j8vKa!#$Hmlu191|);%vLAKnJa%Go)wqTRicObiT3zl
zzdIckkd-$P(5M-T7yt~R5gkgYz(^>TQt@7VDq#<$9e6!zu33#*rw7A_q*@aVjHW3{sTzZ|mFANm?j1U-CkAinbIn~pxdXXoSV
z8_y+PFYTIVGnb<=XyGgWfs=!FLQ8~!aSRHh!adCkR<)>Cqt-_fciNenErF?#(Pc0*
z9gI8dO|(HoV^&`JB}qKVo%@~^mWZJ9L;{v2_zMvW@lBV1srfFSkb`5EH@n}h^Mu7SPPNK0Gb(V`(NksP<{arw1EM_BWvT#=%*2W2J
zGPQoRF|%1ft9wB}H5T-<{3CY|2s&7zn`*9q(>1Ucx^9|GywM?!Zn^d?$@=;wzo-0)
z>PubI)<5=(&6=>G=n#rOCvXDC&}3tvzl6nsH1c^Jh(Nhxc00v9(V&GS4V~1CpWx(T
z=iqQ-1t;QBWJu%0fHn>zjgENZ(#ffOx4VA$LzXCtg#`PdR55vs()!&ecQ4*KG56?x
z3BlXlrt#{;M0I@U;_BM&@wquE7Zc~=S!r&LvH1n#>hv&%RSynL-ZG-wv4hRA|JXA#
zyZ3VMg|(x1ZoF>?Bt+`UTg0y+0MduOhjU4gRHZ5-XC%UO1{IDHHDL3Ru0=_oUaf(*
zp*N`YhDUL-fn=m?1Ne*B{_9v){6r^5$OV|lCs{@TpR|tBy|hHmFDFed>!_hKanAnU;3nXL_)d_eT1Tgrva3
zyCt+d89Z}j?!l$K_fM;j967je`sRDJ8%L#TLA7UHJo3lvo%KTld+viA+T<5PqxZ^k
zD1^c{VFC!YX)J*1xh50!x+2r+3(TO^5AzfH>$iz^SbvyYbKIV6q>!}eVYGAuYom0
zZY56g!lt0p9_)^^J&qpc84EuaMDg*e;C(1r{*`;u8C8cDok$=hD~&@Boe(VWWn`Sf
znWjN3<$v*;&wu)rlGE%A)dC)~#}tBDZ79Xxp|j}QI|P=Bd$8*BzEh<&4BwncWSYPC
zTc!GMdHYYFPk-Vy_rLGNzI{xmUR!7E)8&=mb5DvNV}q6Ip~2jGYBZS~P4Tbq!C(4Ap^5{4OD3mvQ_e~#)K4RmNq=%A9v^|L
zNnZ(niCy_5`>raF`r2`z1h+O%&JGscFi|FuAzFvKMn`_23)v+IM-kaC7qOEKq6$J%
z62OyG$81C$t$Ljd7w{HqwL6!$KAroBTQ_^2)<5
zLGBU9uJ}HeTWn