From cf071cebadfcc37a68c5b7a55addf3cf57dd735a Mon Sep 17 00:00:00 2001
From: Christopher Rogos <christopher.rogos@glueckkanja-gab.com>
Date: Tue, 14 Nov 2023 12:21:41 +0000
Subject: [PATCH] [IMP] auth_oidc: prompt for account on AAD login

---
 auth_oidc/README.rst                          |   4 ++++
 auth_oidc/controllers/main.py                 |   7 ++++++
 auth_oidc/data/auth_oauth_data.xml            |   2 ++
 auth_oidc/demo/local_keycloak.xml             |  20 ++++++++++++++++++
 auth_oidc/models/auth_oauth_provider.py       |   4 ++++
 auth_oidc/readme/CONFIGURE.md                 |   4 ++++
 auth_oidc/static/description/index.html       |  15 +++++++++----
 .../oauth-microsoft_azure-select_account.png  | Bin 0 -> 22114 bytes
 auth_oidc/tests/test_auth_oidc_auth_code.py   |  15 ++++++++++---
 auth_oidc/views/auth_oauth_provider.xml       |   3 +++
 10 files changed, 67 insertions(+), 7 deletions(-)
 create mode 100644 auth_oidc/static/description/oauth-microsoft_azure-select_account.png

diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst
index 837cc8704b..8b5d59bc65 100644
--- a/auth_oidc/README.rst
+++ b/auth_oidc/README.rst
@@ -90,6 +90,9 @@ or
 
 |image2|
 
+-  Auth Link Params: Add {'prompt':'select_account'} to the auth link to
+   get the account selection screen |image3|
+
 Setup for Keycloak
 ------------------
 
@@ -126,6 +129,7 @@ In Odoo, create a new Oauth Provider with the following parameters:
 .. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png
 .. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png
 .. |image2| image:: https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png
+.. |image3| image:: https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/oauth-microsoft_azure-select_account.png
 
 Usage
 =====
diff --git a/auth_oidc/controllers/main.py b/auth_oidc/controllers/main.py
index 2104a6cca0..5755491dda 100644
--- a/auth_oidc/controllers/main.py
+++ b/auth_oidc/controllers/main.py
@@ -6,6 +6,7 @@
 import hashlib
 import logging
 import secrets
+from ast import literal_eval
 
 from werkzeug.urls import url_decode, url_encode
 
@@ -43,6 +44,12 @@ def list_providers(self):
                     if "openid" not in provider["scope"].split():
                         _logger.error("openid connect scope must contain 'openid'")
                     params["scope"] = provider["scope"]
+
+                # append provider specific auth link params
+                if provider["auth_link_params"]:
+                    params_upd = literal_eval(provider["auth_link_params"])
+                    params.update(params_upd)
+
                 # auth link that the user will click
                 provider["auth_link"] = "{}?{}".format(
                     provider["auth_endpoint"], url_encode(params)
diff --git a/auth_oidc/data/auth_oauth_data.xml b/auth_oidc/data/auth_oauth_data.xml
index bdeea59a5c..a095b22307 100644
--- a/auth_oidc/data/auth_oauth_data.xml
+++ b/auth_oidc/data/auth_oauth_data.xml
@@ -17,6 +17,7 @@
         >https://login.microsoftonline.com/organizations/discovery/v2.0/keys</field>
         <field name="css_class">fa fa-fw fa-windows</field>
         <field name="body">Log in with Microsoft</field>
+        <field name="auth_link_params">{'prompt':'select_account'}</field>
     </record>
     <record id="provider_azuread_single" model="auth.oauth.provider">
         <field name="name">Azure AD Single Tenant</field>
@@ -35,5 +36,6 @@
         >https://login.microsoftonline.com/{tenant_id}/discovery/v2.0/keys</field>
         <field name="css_class">fa fa-fw fa-windows</field>
         <field name="body">Log in with Microsoft</field>
+        <field name="auth_link_params">{'prompt':'select_account'}</field>
     </record>
 </odoo>
diff --git a/auth_oidc/demo/local_keycloak.xml b/auth_oidc/demo/local_keycloak.xml
index 919754db99..0362764014 100644
--- a/auth_oidc/demo/local_keycloak.xml
+++ b/auth_oidc/demo/local_keycloak.xml
@@ -17,4 +17,24 @@
             name="jwks_uri"
         >http://localhost:8080/auth/realms/master/protocol/openid-connect/certs</field>
     </record>
+    <record id="provider_azuread_multi" model="auth.oauth.provider">
+        <field name="name">Azure AD Multitenant</field>
+        <field name="flow">id_token_code</field>
+        <field name="client_id">auth_oidc-test</field>
+        <field name="enabled">True</field>
+        <field name="token_map">upn:user_id upn:email</field>
+        <field
+            name="auth_endpoint"
+        >https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize</field>
+        <field name="scope">profile openid</field>
+        <field
+            name="token_endpoint"
+        >https://login.microsoftonline.com/organizations/oauth2/v2.0/token</field>
+        <field
+            name="jwks_uri"
+        >https://login.microsoftonline.com/organizations/discovery/v2.0/keys</field>
+        <field name="css_class">fa fa-fw fa-windows</field>
+        <field name="body">Log in with Microsoft</field>
+        <field name="auth_link_params">{'prompt':'select_account'}</field>
+    </record>
 </odoo>
diff --git a/auth_oidc/models/auth_oauth_provider.py b/auth_oidc/models/auth_oauth_provider.py
index ac498a7cdb..d05197da72 100644
--- a/auth_oidc/models/auth_oauth_provider.py
+++ b/auth_oidc/models/auth_oauth_provider.py
@@ -46,6 +46,10 @@ class AuthOauthProvider(models.Model):
         string="Token URL", help="Required for OpenID Connect authorization code flow."
     )
     jwks_uri = fields.Char(string="JWKS URL", help="Required for OpenID Connect.")
+    auth_link_params = fields.Char(
+        help="Additional parameters for the auth link. "
+        "For example: {'prompt':'select_account'}"
+    )
 
     @tools.ormcache("self.jwks_uri", "kid")
     def _get_keys(self, kid):
diff --git a/auth_oidc/readme/CONFIGURE.md b/auth_oidc/readme/CONFIGURE.md
index 275e4c0a20..8145f4faf9 100644
--- a/auth_oidc/readme/CONFIGURE.md
+++ b/auth_oidc/readme/CONFIGURE.md
@@ -38,6 +38,10 @@ or
 
 ![image](../static/description/odoo-azure_ad_multitenant.png)
 
+- Auth Link Params: Add {'prompt':'select_account'} to the auth link to get the account selection screen
+![image](../static/description/oauth-microsoft_azure-select_account.png)
+
+
 ## Setup for Keycloak
 
 Example configuration with OpenID Connect authorization code flow.
diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html
index 412ba2dc79..f96bca5d48 100644
--- a/auth_oidc/static/description/index.html
+++ b/auth_oidc/static/description/index.html
@@ -8,10 +8,11 @@
 
 /*
 :Author: David Goodger (goodger@python.org)
-:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
 
 See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
@@ -274,7 +275,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: grey; } /* line numbers */
+pre.code .ln { color: gray; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -300,7 +301,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic {
+span.problematic, pre.problematic {
   color: red }
 
 span.section-subtitle {
@@ -448,6 +449,10 @@ <h2><a class="toc-backref" href="#toc-entry-3">Setup for Microsoft Azure</a></h2
 <li>replace {tenant_id} in urls with your Azure tenant id</li>
 </ul>
 <p><img alt="image2" src="https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png" /></p>
+<ul class="simple">
+<li>Auth Link Params: Add {‘prompt’:’select_account’} to the auth link to
+get the account selection screen <img alt="image3" src="https://raw.githubusercontent.com/OCA/server-auth/17.0/auth_oidc/static/description/oauth-microsoft_azure-select_account.png" /></li>
+</ul>
 </div>
 <div class="section" id="setup-for-keycloak">
 <h2><a class="toc-backref" href="#toc-entry-4">Setup for Keycloak</a></h2>
@@ -582,7 +587,9 @@ <h2><a class="toc-backref" href="#toc-entry-20">Contributors</a></h2>
 <div class="section" id="maintainers">
 <h2><a class="toc-backref" href="#toc-entry-21">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>
diff --git a/auth_oidc/static/description/oauth-microsoft_azure-select_account.png b/auth_oidc/static/description/oauth-microsoft_azure-select_account.png
new file mode 100644
index 0000000000000000000000000000000000000000..a088777403f2eb509d294bc71f8803ffd2fcc1d7
GIT binary patch
literal 22114
zcmZs?2|SeF+dr;7B`p%NrG>IDlPyb$WEhfl5ZOkPHIv<tB9Rmt%UC92WQiC{_CoeC
znaRE-`!3sH48Jq_KF{y>Jpcda^{PJi+~?fqI_Ey;y586Ie&1pDbTv;LJAaIciRpya
zUG@7+O#6u7PvOzS;Fp(DIA-wAKGc0pHKx3Fo@sD#(BT&B786s!+vD5Thrl(n+g&({
ziHWt2@n>J7>nA(#<C&)#rcVuA5l_9W-R+q)-R<pNP>)=nS{fY%U5t9Q)NdJjTh1pl
zM_e)Spo$5A|1PTt2n4<R8LA%q?$t(caIl(P^FtQFgZsbVbo*kXP;fK%FqieK?_n>#
zTN{`jlz;b3?u(SX6kor5L>!mj`a;4Gp1P1w(D>qrlT5?27g>utuANzm9<u}4zWG)X
z`9r%xbPvm9KS!VZirL}Jh0ng3pG76EaN{xO6h!llUi7u!b5!UQPHV}}o(fU9wK{(%
zVvYaq+3RAVg?&+!@HNMe<95A2#_x-|a`;s0_P3fTL>E_FH8akCy%r@w?LO^{^h4K|
ze4Z-(Xk*^&8E4F)eT?>lwpvnCBD`1^s}g$)x%sFB&904({M0R#`Zji~_UnR~q&v|p
zxBlr3q{Y#TTkkI|o0jsl9xJ8f)UHv`CM(5?*lSI=lI#<$TCpChwP6M}Z_<?`q^=jg
z&hGaR;$f%7<-Wa2-V_X>dqik;T~F6-@LBa4<U88GDn-`)3|pwTiXN+-(oK6MpMY;Y
zk)2zkAe`W>F1c_ezBIa1Xui}GnbWd%LPf$=En{knxAQceyjEFY7d_fdr>MxM<nqT3
zGMjas_~@GdCc*kV^u(=evsPh-xaZC6ryDR5{GIa`2P3=TqFQ}~d950YLfkjVgPI1Y
z45ZUS{#N&o_@}D+Un{fR1HBQ|R?X|a1LC?+#R;D(W&NK=6js@qrTdnzswLJ3u)7GI
z({QHAY3PeesHwak8`T$Xk$ky)_|F)uF4@jw^>9!?Z<z9fSUTr@dcg_aAMfip*N@Z8
zTWv%&bc|Nx#vxm5HPNz~aJ|w@pE;Q~BLRJ_miav<Tjf)64QXh%mN#c;9r!HTh~4M7
z+v7s(3wMRv)v~7R-(&T!pPLmp*K(ruT@gn?dB9b_D)(FiOQf-|cGQjU(E8?*;j3hy
zs7}4JC5>A@3=Pvf^hF-z51d;+Y5T@)e_Pyxz$8hJwiUQlRIYZ0yU=Z!;mh#+YYpi%
zjq!j0MD>m3-J|MuYaO%aqWu+WgURvh+HXizo<<+zD(|Rr6f<WWPMFXb`eo5xda0Z(
zi)0^dZy2T0;^{t8pL1~?BPL->Ymux%ZUtn;igff?cF9IBvkx&{?q~iOINz3U3=fQw
zQB&u<*mos%MI15fG8Zp+@Ws2U$Kpbv3nx3<USs?GFit1+)BB!0k9!ppX1Ok9*t4K}
zY-CGWBdSxpuuo&e{c2UpRg2i9D}%$41;+>$$Z|IPBJPfMmXzIWS&Tilv2aepsLw?`
zH%6l-0QNq>`u+S_`i#+_i?Gx+Z6vO?&93a8kGUgesMHYqBjB^jfm6B-;uDD8#p<#8
zyepfgv~wn?j0ADNm1bLnu5kF%YAtKks^ohGJHBOa%#5(|3F~Gfn6Z*e1>G$LRC)zl
zWWvcSbQ^jUN3%O;|J{-}W}&wG;<KZA9}0PzO0R_|z)Q9w%LlajEm&=Jj03&WL^ZYt
z+5!?UabhAJF>)$YzS%KaR`;|od`R<j-&2)0soy8i=y6l0lljNlpftQ~9P)jD4SuKi
zhJIYym{IQMgJ?g22li^^Vv8{~CH+~7-`jFI4IT$r`h=KX%8fCJ54whEjh4_5s)uG=
zn}DCzo%1N*uuc|}poW@-$NoIG?ntoYhW9(3((Q^}_0085a%!u*>hxBu(Iy7l<yyfT
zWvM4JCnQ|D2_?Os4Q2C2CQdWokYnkVkc+%9Ar!d!ck`)&q3M%zEhQ%5E;W`t2&J?@
z(b}_i=7m*m6=lpCHp0Cw<&haS6|iV$!&0L;i9rWWZM56-_ubBy>2+(*{VknqA&y&^
zKTRzOFx%XgM58Olv`{+qc?ZTFnbB{SfSj2UA$}=jxfCI8JRP#x<9;oBzH^NOPFG{6
z4>Z@;uzoz+YE~}R)yOO)DKdPyCZ!+Gl~Hx4oWE1lEBehHv1xwct{RTd9`qCEA|&Lt
zUZv~B_zyoE{1s7WAuzpog6vwyJQ~xKGes+lKW|r{M>mt0JUpZO9@%zzvr>63lnuq1
zBW!{#*je8i>2a7G7pb^@w@c3U@ynqLv%vvmE3rD3f+XYUg88$X>lpk|A%BtKx0Sb?
zjmlJiS`@68_ZVC6md}Sr*rWe=3B7Qy5xpoeuh_D+>DeXHV7JCG?Vta+BA`#49Z^Zv
z31O4&D)_h{((lp1{oLSO)oHtEdtMLzq$ceSR|(|~?IG7v!E^MS)0lSySb<Ho=`G3l
zBCGQnnDK{ImPSsE0sI;`$@ObVPP1uOV^6a8v)aV;t#eEJ7%b;|M2O5=y-9uQmwWQ8
zi{@5ov`n*PTq52Gx#fS3!sfboOr)Odc|uF2YbbpS%9g+8&fTo&80FNck;Jm*NiPgH
zt~Ob#u#6kiEkr~#&kW~umG3+|_@ZE0>ib4f-|97y>w1pL+V1|=tNHec?L6o_2tENS
ztUf&(_hRbMi?!M?MYI^+JiM$hKvE)#R2-FSC1D&-Z%RmZY8>Ee`}w0%m}RUxE`H6c
zRr022rvByrYb9~UA2jBw$Y)3D^KC!jJ)066C7b9SUC^yx8rqL2((dy6LKVc2nnhb%
zN&R_6)C@OzKwO>wr!Q9hJFv(7q*J;*#;cE?B*}MZ*O!Z>=d|4)N{(-B)lj+q{_(Hb
z5FbN~%3`Fd(c=Kg*F}NlXjgF`Tv64lg|X;sgVn}Q{51}lt3*mpyo_s}iCd5u3{*nY
zHXBNqjBU-bx%G&b$x7jiOHNiL^+N9Gf909TDRA;_>RqN6atgb8%}z@7r!0Q7>4kJM
zSC#!i1)dUrIX~h{)GvAQHA&)ix|Ic4^+Ao+$U4P;vH!1-I&Ymnc*GS=5alkLacjWn
zr!)=wPHDjA%O2YGI#%gA9<q(wTrcD_#;VNF&r4meH4IRAU6yWDlBDTid4{q^u;-7O
zwd!Fl5$K<_Dh%KZHAIYaHkqJjiX+S4*0;^wZ!Rp#vUiPy|LV`m4K<B_ltFgN8NWh3
zelK(U!b`PkD{wNdH&;=O_0NjWR^E;E_(ktJHK@AZ$AURlWIpZgt|b4P)V@592EiX&
zYvsJR<qHr`u00ZorOZpfX)$Y0>t$1&;OVqYHkA@vjig@$Q$s_~_s70W@ppvZ;F4$W
zpiib~6xq@*zTH9keQNPUU7u5xcbU61h&Wvr;9E1B*ZI<3tOyBLNIq%n02#ixo^3-v
zB-3zZ{#9zNr)%Ub`)ON2PA6;Z!b#ce+(DeuN{oAU#+B04>i2oa59F4tU4&a{iVaG%
zg^<w~mlu7QqUTMe4C7rZhOROTnef^kqY12M-*R?{xjZpxB~cM`>rLM(+%0;3O_Vb=
zeCXyc&(HHT&*{mu#ke1b)H5K9y5Zi*8lp5$_1sZgJUhENGp%6x*Udu)gymHK8U>Eq
zA@lInS)u~vX$`;Tz+$MJX8o_59wFC+6A`fY$DSZNKF1@Ue0Ns*l_t;}`s9LpV}~&R
ztdLs8-Pk%#gWNy^iz5mvBwNR_(T-Mml`5VR%}&Rf61v<?`M+I1O771#Yt?9xU2k>8
z%&P~-_@37&OuFOBD(uVlsa|Kn;memXT|V)4TDS50^~dV`H9RhICO$Reqfyk4hJATg
zAH=SGrsuzom1%b5^}tEq4?-L{Yd}0yFp!_Ez~5ojm|g#H(i-0mvCjPqWot0K^uXv(
zaQQo~vD)XTN12;GrIc6amb;NPA@?Kl&5N}8MP#)~OvYOJ*^38Lq63G8Wydwjlg$Ff
z&bMAlD?8*>>sHvOPIeG0EHOXLawXzor>l!pzYC{^A`U5g#uocP-l_42cfBmd)VMFj
zS<WhN-MnJvt!?Y$<|gpQYGApK1YadQUz>;>AW6vSQT@K|Kj6U^XOvRj;$(#Mt!oo*
z`*n3N&=ch%L~scWb%?H$p)|Lx8m4lwYZPqX99tiLtPqj<4n$akv&GXA0Nl8|E-tlD
zNfNu%aCsgRV6772XyjD!qObZ>=sfX`P5%8^y)u&Pd7OZI?DHLpxb7vyJcTgsVPEzt
z#ICH*RX9OWX}Tm?qck_fbJwg7{oX#xO!bx7v@C^ge8q=awo(1VJ=F%j&i%S;XBOf-
z*7wL)yr1M0d)(GMbvL#<ILiFBou7xkVYfu59eC!nBk;%5TjN*rQ>V+C?GWGTFj3tb
zY{^=%UtB`Mx|~8R5Zr@V5n?X3$ndk|VBm99D4W_*f%Mlro)ZeC{_;8U2BW`hld_O^
zgo$5j)jh(5gHNd)oxb=<%{pl%@6T#Of>F}+=WAlZFvEnM=(%kt_l>2e($}v?Ib#{^
z&aufHiJ9Ki3d}MVJX)L$S#yGCNoQsX#)REILVz(w8vOJ7m#MT*k5S_B`_77#`uYz}
zPBLc57H@oneS3TRhA_&1`(_D}VUsyee9vSKOouhP0H&M=H^c^QXTT#IY9W)8+oHYA
zVYi!mg6O??W`W>$E(N>4tH*w}eZ?8g!r0;-5gyCrK;k}P@NL*1-hzTmFdZHpR-T@?
z|5!<Dpk6+b*%+Nw7WUM_fS3jYQNAS@nMO90ad=`SxKL2<JrP8Qz!>)04fmwj@r+^#
z?GO$^^G$E)J*197+kIwIe6cW*PNO0c1;G-P{}?J5Jb}T-<FA@`*<$Y_`4r_-=7u#X
zmxE7{Ve9e~9-QKD+&RPY`GXii9l{nG!#QdpD?+>-nuIJQGaBjNL;hKI0xJ;{v^ocW
zU@r`}#pXi5<eqX_A$8AT1o<W+p$64!m*bTajT5|`i77A<nC`)gjOUY~lmtW;*)Yzb
z3Z7QZVpBvO8;1kqc{7}_@C<m0vIqvD0L@??)e#{gO^`P0q9S{9OIN~YAxOr;#G88~
zMV!x&BK~-kan1cDmm&7`zu%6IjQ1`j>fWcQdt768IG003DpFQ4g0PrVYIo(DVFsiW
z43rSBZ2ri|^2Vq|i+D#niBzyRBcC)|><=_H>(<K_5n>A(`)@tfg<(GHqQWr$OvKi+
z7g(qa`r@f-y%>xjc#Rz&r15a{x|1<-=2h5D?RE$~9xnqk#7e><k!Qg6lFWe0a8uqx
zDPYhR>4*YojMa%dV5j7~Z-jKR1-11O0w$cw=N2jN&2>!~J-GIbset~WpL+?`A=hj&
zw2lhc{b~|{1^Sfak=q<PY9Ug7=kQ!A1JCxxU-$zvP(J->+3f`$YOp|2N;3Lq^n(m(
zJQo%*t^#xY_f8`CMhFfcF^ErJ$nT|KScdI+7fX|xY*)!rFr}Vv=P9c)k0?!0ut-gx
z^v_d*k;dYr?3pvsEe66ww{_9I)iY@pA(GjG$eL4Pybla*u`TlOJ)1RzF?gTWFacvM
z*jRVoJkEeC<vuXNCcr1yGYzpeU~`f8_C?&rc&~~G5lvhF&mPoxjNR%b+(*_z^pUlf
z(IH`6MQa3ylYBfM_f}8TGeaRxRB?1Ji=32_;*M9)-P@h;Yz)3yNdzO9-F5+*QT9a=
z*G44%8-dRi8?Vf5jFrYSqu$Tl*B1UaRsGaY5TO@PnMCE|DA5Rz_WU95&8X?qJub?7
zq5aMA_;`eMQkI=k44$##hL0W~ACIc1@6GOd3tP}dTWsv3f3vHy^?MGL@xJ)ZKK>MA
zRhmAX=B4mtKv%k5cWORAof+IEQEO~yyISH^qeaGy-Ol?5gYd-R8SN>u&G#6G?{*pa
zeb`OMPY@~vqP^D!+X#tE(oz$H#b6Ndbh$`AW$XZoq})sjSSO7A$})h*o>D70d>|i!
z#M=MZ7+eg98wjAyml>Ow5Y8p`_V!jTwkO{pI7LUieJj*$6^LH$v3+ZwFfyL0N=LeP
zXmE@x`fs>(fg@&qpgqOI^e__n4$mAzIsA9tHSmUG)^eljj?`vm;8tek;-u=X4{moY
zKQMVRVD%&a=D-(eRaIO~oJ7Fi*E_fuwvCaSB}e%Ezx>4=Q#;yww1tX<W=!i)!Z3&r
zYY^B~W3jZBU-Wv&_u_8LM2mpU@dXFTIQy3|yE}`!>x(CLc^*}75?!~Hbl#s*lLhaJ
zwe^D7=Qw1*i~(->^r-i_-M{?1`ZJj@f{6bvZJ4?^KfFsHCg>a+5?L-C^fZqJTbKB8
zS^Yz~1L<)G#5snA{dVGnUcfRNzrNJVrYk+KC935&M@|M#SvgV$s?inswUR-CW8Z=f
z1n^pH{qRm*g`1fz&(8G}TmohU#B7sxxAolDI!%Ox^io#mnfj|Hu#VBL{-fN@fjg6d
zz7*f(W+6h?^RO`Hnv<)yjpVOi#}ub;?@()~w5=g(b(}wa)`~i@v4Y!Ga)d>*3F&UE
zi{w|5Yf44(zSc^-7Oz^pk83P9t)>q75w0@}*o|fxV|&NpLz(bS--L++CzamSH1wn#
zz7wP*NZa0MR9(+6MnczohS5~}gs1+e4vY4mrT5p+6J0~KY&Hovx|3z|t*<N*Tsc;o
zEhfuJ=OSQMYC8*FHRjU?R?a@G?a}Nx@|<~Ry|iWx?^xWpDzUpP(c85*uF~m8XB|kj
zEd9s6LHdPX$`UpC(Z5V=yx)ZDeLMI;FK~;ZQd3zu&;rp<uyk*}q7wS|mZ67?jLgtg
zsU7Beh=$~tbAQQZn4C>8ZhK59=ElO;I__&}PAfNtHzS7|{*E@TthttrpHsyP%lIGC
znYu-DP+3VB%d1#eCRlfvblnai0{<ed^MR}sZ-hmCG()-^PDR!}T{<6Utsk^6tM=jL
z4{wk|-lJ~<HVa$DTT9u}U@O1Bzkru0y|`Z4<~#K>werMa)=RPDRy)ga@cie46<(9`
zlBOqE4ExgEF@fi6rHCZ-0!oD>1ygG>eulx1?rtx2bS-ZW7`=057l6PFF}vV(&&5e~
z9krXds&lwViYS4e)(+q@vS5*d<>q{s$748DcK*JldGhcJn{g_|T06zpuP)V{bWmms
zJkHX0&-vvPm38G1hzw1V-=LHyeVuQM?l(hRRX-<R48}9pw>^ZsRa(9~w6ih#mbNa7
z-+a5f@iu^~KU{zob<Fr3vzDar@iLRuE_2tl)~`GwG>+8TgI^<FkN40s$${N@4+0W^
z1L8U?OmNUFAQ!Qa$-aq#ZTjw#-0E!>?0xZq5vN)`PTu&s(tZPt`w1B@yw)HimQMbq
zceys^%@<cLzhKFPPkH2DC+#1C(7`2`PEL{)CfXZg?LU_y_m>G7T*mM3i^uDXm5oJf
zM+>ER*G?WBu-tEh&uWCM1q7vxhaZ!vq^pyd8Yq7EZnZ4mKB@eE4O&K9s92FLOXrp$
zO8Ac)S9u%C5BwgY4ob1+O3!#B32T$YC?S$<at$8YVrw>jNGyjhwOZ{I(t6v<a2?Na
z8nohkG?5yXAoz7AJI9|p8x~<ud*O)!M{857vq=2S;K!V#>L2UlVJh!*Zf<o4(oJe2
zs6nA$Y|XzGi8LPhcox|A_DEd7IQk42_MR*(3-SX3N5&SN#%Bo~42iqkA20Y!q4~40
znT@vxK1@6FYqzuoM{R~pma#R~7^m#FzTx?-Un~7SO9;HW-0V$)AYc6jw#W-ZnOaAC
zb$sKMD+b6As(m6KpXiGs$X&{>VfQmb=cSdE=U4i4_K7E4lpr|n6TUkZ$)gZ$f8Pyx
zjta3+V-?>_dt5(u@dNJY*#orlX?$X3(4Qgb_V(?2_J5E!<HuiXsgHcVvY%zWd^T@|
z{>93o<-{%iqLFKN1U7iwL?w+A9;qJ{NDNw2zo4Y{7K2Z{wHK8~Y@bn)y0phZ7{mqO
zt&_j=Q7jBHv?!us0KPa(eI)BN%1VjHVke%<5EYEEQl|mRVCj@1{-HrMCsY_9DgDGA
z4tf_`-w5I8iv+>d{^C!!Jv<`d{74_!LQi-VLWZKE_7FtWt-w|-d3^6Z<V-7}PT3EH
znWM<t=!|I)hyY4BwSNXd0?_)GdJYC3fplLNWq?<*&Bc3VwP*KGll0?XZ;-MBnOxiy
zI|f`yPXy!c;R1mxW=f}z3Wm)T^0eZw+5QJkh1fFU=w0pA_z4SRBrrP;D*~I%`R<Kl
zfRcqX`4DX?()h<eBqD&BcxsFk@4+D2Aol-3A=GQa#6QcTjSNU}>IHgUnAkH1pAEbD
z53L=<AT~!1^Duydnocd$06{uT{RclzDgQTaI+gay2rJeIcG0FfW0eO(_vT7IlSAH%
z`2vT<s)NflDFdoz_%PBR5GGK|Ehg2{WxG2xf|KhuaIP@%>Wx2Ro20;i<vgz{k<HHh
z08BAhyIyEflCp?xLRt?RTW5}}{q)dOGVdNElBD>9V7j(ApOu-?(sj2CY?$Q$t1WU|
zp_A)RFc&-dSE_!V_2Q(i1bi2}iAB`*gj`K?7c{!FvvW*&(MQj{fy?1?h39-rVbv|l
z<yuBK6&xKMZ3f|bb8OaX*EjY`uoHVaxrpzh+<hwYF=e|+Qze>5H9*N{>HCqY(*d*Q
z!^@p`&PgMa2bk@@Zv)%9EN(zx7k@8KgX8&m_rVmk<&c0K{Zl0J90n1HS4g+T_Cc&4
zN=ly?`k2%<^f%J$vXE|4lUWxlEaoU!?GjnzjD+D#pWG)pghUM99viq(#~;lAEY<XJ
ziNLbJ{1?yhS_i?lHs`J&KW*@_8#2Nk&xKr<4@>3kBRISz2|!t6o~yZWao|XMp~55I
zFL{wF6u2zZJiJXDzT98xN=47;taNDd!*)jacfOadN#CaS6xcR*SFab3C865?((1Op
z)<=wb{|-7*XnAeKuQ7fe0HK%_lIn2&YkI%}3a71`qLlEtgVl*Tlas%0Tg~wJE7WIN
zMj*1m^M&QtB?32Fo2|BgSZ#QGD6L-m+<Y={<MuA;_2I^?QU2YpMJFpstr9hr%cLV)
zJ7Yqse{q=$v@AWeZ~_*aZQ<@J{l(Nz6_+^_du7(^^{K+YO;jWnGXYl744)-JRHYGA
zR~9*bB?t<7Jd_TNH@>RS(V)XNTetD9QT8FLbHn|=D?R{0SoOtqaSw0Y*_B~i_1o=f
zRGE0wu82rl?LRNnw&S|H?kduM3ckzqyXyO|`k!hcsvO%3BcA*@5-dmO_Xk*wE1T8Q
zevppg%1+5>2y_jRCbLTI!|+;7T^|7Qm8K*ST@;Y!NO1&SVN_@3o|g#ml4j(X(4(Ze
zhsQ1;u#(Rl^U4HW{rdZdVz;*^RjEQ+Q$v1>Fc7*Ghr6X=xhG@lo4XWKyMx%4$|h50
zyW^a#`Bk?%-d4h`RX>f@KU?$LrKr*ktWFO<Y2@9J|4aBm!%&~helFeez<!fuY*m%b
zcCYFfrPZIecZ_*?b{}{RViIp}D13yq9YVWRGJ?i-Nkc=!c1gOb;A8rl)o$_PYmdCj
zW$3P7Sap0yM78PRo`zxi;P7U(q@90k{8&hJ{8WgrQ3<NwxpdRx+XWrM{A3vEaE(E{
z!s~>dM|C>RPREZ0@-qu0-uA{J=BY^W&F&z;cWB0mz>?bBF2=~-O|)%;Jo$4+BUDMZ
zNB&9Uw`w(tI=kTE(8q+&*8443{kQ)%5;C4MqNLUNAF`@TK_@R~>LxGy(1)ZfD{LEC
zaU6nzg8m+FJPrFtuH1h;yt_l)R6Tc|bB&{V=}?W>_N9Hd4^4?6&KTDU^fbuTY{G^)
z?sOXlS^3Qu7o&^!)lCJ07f;&;rgxJFNF2bm8UDBl9b+Wk7OSmng5~9+<Qf3u+aRvh
zn+RN8*m)y+-c)4T*6BKWy^xB2pOyK&US4HiNN<UAqUvVtJ3Aet^%qo@Rljb$z|{H|
z#oPlE!GY%_J&%tDF8U3dpU(_d_;&f*4xL7K2vO3>V?|F>>-cxv<|kJwhUx8rFQ;<y
zPdzGP{@9X;!%;VH#Ut`@La>;3pJA;~LIY%w-=|v`rX9Fu5;!iA5yEZ-R<HK9F86H~
zXY42O@pNX}PdWE&e@p+?;CS$!Kkn$u3!NfEB11Bdq<`Q&k8^Ul{N%WF*80zzft74k
zZhuem5gd}Yic`Dawsd{C2xm$&Qz2OnaRY#SD<eVoAlVk{EKD3<Fvc#s9T>Y{c&wl`
z@P#ZaUIu~sQ+yqcXLg#6!EM`ByK*W=a3J!jFR0;Ez(xG|kfnSuj$6v*>f%1z3eMa9
z0KKCt)_Q+J419fDgWtW$G|I?oltxi_qNIp|Huz2YV&L$kBtAq-)Z?L5kI>dA=aNs$
z248leB_AnN`?Yk`!Nw0Aw%DGNLo%kVT0{FW;(Sa&J0tPDJDcyMV9r>tVRR|!7A)qC
zBy0HJd#gWGIXP9|qz<FzmPNlA;C>z<ME<3naPy%ta5$Q;k!NQ#c-V(45yTnk^T5L%
zDTK=KQr?5;?Wsd}BXv}Y60Bb<8RdFDuD<$<-s%sj-=<3mEng9odd@d0Dcmk!1zPbB
zx!u)b>CcLj#>7^`R3Y4kRnmM}FhX3Ifn>8~_7f>}3*nanp%a-x`=_PuD|?<lFJ2PV
zcrEQj8e>d19hr|Nwx?|HVQe(}xCgPNBQLiAkfzZ;oT-}^`s&2|MPiPP?#428V3nm$
z@Y3m3Ee;`n(b2-Gu`xRrrjY>bkY7HI2z;jY?$Y7a(9?gs_BS%w{<8ht2f58gE}eR~
zyD?WypLd<4H7sKNWnY<^xLo?aC?vRkVL!U!UXRJJ`*Ybc$nkpuqsHeH1eM+~&5lei
zRV|`P)HtdBTM76)mktL{&#pk1t*-zcg+?HCbEJr?y@XE?Yph6u{^2ML0@?=Ir@QgB
z_;%mz=CE_LT9v3euuM!5>I<Ff=7|YKoE7yfR#p6`b+<mHFPSYmhza=|=P9k$G&;Vx
zPwz^tqcfIiQOtAh-H_aRP_}-AjN#Y$+o7x){J~7tH;mcC0}qem-hJ8is-X>5I^V-{
z?GUaU3oHf3+|D9fv<t&H1pxr*B^XUZQLz}rYW>TY3od0}_yz^vM%RINRy4xtCc0ne
zUdpk9A*Ge35B)v`uZ};6U$lLzj937+Y;wxG#Gm3D4P9GG(H|M<v6gHKX*leb!x9iG
z$$IVOtBur?=q8hp)U4)9)LPB6f4-mYqJ6u4a`oe(C&yX38a-`(PX;$zZ){pCZ;M*j
z%CFx_6!ad8(%e>+U*7q<a(r>^a<CICG9w`p2})Q$;t`2ZO0s;po6jDyv$^oE64rF}
z;b0~gKjkcvGS?K(0D9!$d`RYl3<aDK)*V^mvM##NzlZ1Seti*vaZ&2g*mANcm&3jP
z)N+#0;FyA}L38>a=nP9EKgA~)VSiAOGg7dq2&Cs+FM$E{*f!_jIb;?Gk}MiGA-`9~
z<83%ksV_~cmms|)IQTFOYkKu?DDxUAg*QWJKR~nsu=hF?BkUE5s1f$Ns2OT~PT*fX
zO}tp|;A5<E#kW?*v+ul`fXXB(=jae1_~yOQ6eHze1DU<vKE~XF^<g&|Z6ek&2zmT9
ze3%q*GnYKZnCm-MO2EZa5%)D5*K-Flefp4@KKuM>Ridi%NWB#W|HkyOl%3T~+5nrL
zQq*M1-w20|fh>c}<pCMorVg&oOAWdJC;7&bMrh1esB;dg{gZqF8zV~8q)Da5Nj~4H
zR3+-bq)PWB9{?pv)XGU^(&Q3sH`?#}am(K*@8M{_k>gfVDDTB+zmC_IW2g;0y15F(
zzjXzF*=WCJZOcEXn3xzJ)?v!gds*5G_7Z*xBwl&93#6*;aS3W!l^=DY%%t)UyGrOH
z_B~H^=;^tEG8t0Uj8Xn_ncqU05UFabGao!`ICD%_mHrf00g}a)0WOE65mf1LfM3du
zl{Oi)OMi*8&q6MteYwosrR)kR8NJ@C;<ZAQn=F&7nudXA^J50ghnCObDn?#%FAww&
zt;^yncD80$c&d-H{npOA61s>#xWTI5oD9ZP36%(s9q^e<o<wa}>NO_^?rf@1Kf9tu
zNDth;A5x*darM7Mdf+`0qCy2Y`8o+4_r;a6eE)F~A66?x)@m^O2?hVZa$lEQM8E(N
zXMfZ5!2n$c<E#RFQtIM75BN(Jk1ajO{Y}B`JWZ)sC2ONuoulg%nfl-Hl$`h?(LBP*
z6shGdZ~V+Qj%SGNo8Nn$p&Q>E1Qh)5FyRu$mf-vSOQP!>SeInp@dU^+sfsj@I2>J)
z!SDohF{%1Bk9h6>?WOL%F}QEzK{QW5BU8ZSWuf7a*TXPy>)dZIQ*i6>#)CMXox@B!
zf|o;U*q_z#HjlU-`|YaZzR`bR!~8wZ&YgWbh%2Er_RngZ!7aYuJQoy_xS877qw5q7
z{!Y56kmShJt_&`ifAd^XNUC6Jw+9!jzmtR%l8*0de*-Sqe)9+`B$@APF9sK!zmr52
zl5+O74}uHc-#iiuNwj^HH{F+xGLhc#R37|he)$M#-_nKV?}<#6Q1>Ot3$4lt_*gmO
zl?rlw=uQ2z8u||mL@2-X_P4+c2HpRNz#Kp!*6c>w)$p`W)+RJ5m{{Bjz8M+=emF0%
zW(lYy9T@7C5!T?b4yEt326(`UiY;ymiwF^fG7(sK+STmVnO2B429H%1IVtzWQ=KtJ
zUEaDa_EyAO<bs^nzaPY1v7kD)WUgB)1>@z2GezD9%|2#$d;+CQ@PCGKM%j?tl=q92
zB4HxgcGd3UDG{QWn9`d|XY)=4V{y3rDFE<47nPTrMRk%C&&|e*!TWFcu0GP(!ByVu
zTJLM|b?urgEiAkrRjeGI_EJwwn20GVZ?nyI&rn#@LA|uanp?!`!-ddTyx43N9LEof
zNh{9*97meJLOz6J1xgvtY=)v*Tcm|&)AcAt_EmDTD<6^f4ZVy$LmXr%NhTOUUHMlS
zs7x|TJrpHx$A$4AXCnIwhZ5H|J0RDxE3$bhfS15j)~-HBmYYh$jIm{W{!8DL%*be2
zv;XhVv9{P$vUZV11~WxH!{^bMFw8lae%ICZU7-&0@#E|?5PeOGKvgvy;9ud|`uuwv
z=hN<a7uj%+<b<j5y4M(_HZ(Sh6h@x3DmeSNhDK-c*riiV?0An?pSkvnQMC(SpX)V<
zT2ldNR2W$4A=*{mMXK8x{BSip5Tj$z0C{VNPiRj$AxzX6f^b-4#~nxu9zv>)nhy*f
z1-ytZ&JR$hq$Ab377uIa(?u*94*WI<Ah3hyQ=t^;^0jxxi<bXSi<~lYuvYnFnTP-#
z3Kzl>iLk}`4Qe&@>6_Sb4fr<oc}b*!AR#d8^&;)lj*%Rm`MM!?WUdz=x!3~d;9Ohe
zC9EKftuR3DYWR%R5M&LF%|TgK_bFi$@cfiuI07RW`vfP*f>QBYciKT?7cSe)KQguF
z>b=vdm?sFAkr%7`qO-Ez@0veV((jTp)qZ0!cgjJP2G@`qaJ#J$+iN-tyxZqAMvamk
zKFg>lvcnr~nx!pT88~_(d}p?1CnwF^wW|2ytPC9_!WL0$3XH^sebBvCj2$lX=JPN|
zcv>HFxM!h~ob(_`Ya-4;yAzQEMU?=C&i-Mdz-$keu^?o~wZ}^>5~TJU6pI!eHb9gy
z*b*I7^IN2NCb$ASZCYpL_Y`)*qx(TzQoz=9v%+MOL4~-knJaqM96danUo$kvCajbv
z%UCjSKCXL*#5vHiAr<m?WP(YuoAeo(?e8Z89<B%VVRMYVot*#gurLrIhae_}P=YiF
zym9yK#l`J06VE}(1%vQvfQYR;z8@p-C%DrQ!yMAsbq4~d5O5L>=iBI@YDp>c0Lx50
z%s?g>n~ww=nmDf;*uOmXR!(rXz`aXr7(0zjaFiEeD@6F3&4Ns@iXBeR<tmQN8U_<#
zFIGP1i1<>Rcb(GX8<A3+SA237J=a&9lQ!R9YGPM)a+Xkt*cbYe8D1lCR->3w{ntH%
zxh^*Xxdo+YW;$_U5L@aOjF6FEk!n)5_08EhVHrd3N~sPoe+Vr6d}S^T!Yx9qm9H>D
znhAF1xZN+zCf+hkxaZyW|FnU!jV55A1`X1$<0Fx3(te))O%5b8L8Hu^ymDcm!CA{m
zqMKN)>=!Xd{?y#jlK)<|Y-8*+$OZG-jYMFE@td=eM%dU}*O8}QUaKw1MF$r~4xWJl
z5{Q!i>AOfiWIXI99N2ClE=*LjN$G<)Ox~yP@E5caY`l#Vt9f3tVLCMpOOx+)J@JCa
zZko%y`0P<yUcNnaH9Lo_ckui)FzIk-x+0;D`Cfyp^#^1A(=eI5pN1duIJM)3xivhD
z3Z#gYWR^zhACdxP<Cp2NF;8_+rZwaB(w_vcCk$TiwixXn28EaS`HNVD#RJ(`@fx}C
zne18`#9l|{I&m)NyPYT@2ar<=#riS5BbU9uAL6*Y7`RI#dj9W`Mr>DC$KkHn=?(kG
z@qJ3bjmyBS05xit(OdBd`^2Ny^q<{@3zS?#Y-}zRWh%5EKJn{LqBXdpGJN|9OXG~P
z_X!g%1(g5@i@-W;jFDTe3S7&;OQgwW%iI`HSpu6?Qh_!{h>@%Q`=&WmWmN!2*aGJS
zc<S381P5~yY#lh$v8Rjm+vb43i|($Rxb9PNRAFG4b3JZda@e@bj}f5`OQ3x`Ep<To
zZUTdkmea{J1vOBA$xXnIEUZi>ds*&$d&YoPDqhW3;taPMODO-<F+V605Y#$X^p0VZ
zlG;$A0}d~E#Jgvz?>XIYwyzQbVeIkJb0i;@PaAO$X`@3?RUsuz=x0GX+u&lx*e3)(
zkdrU2c&}o|@R^zDg%hscx3eV9_D5cs-2jvL^hQ4i$|eZUmQHPhRNO<Vfz5Lb;mN<*
zr0Ktt_F8<IbP%|6*AyD4;22NyGrINcb&E2@ZpI5%YZDBSzAp@0fTMtcI{ZPKjD%w+
zr(#R)b+MQskFUh$j%I?{%icj`B&gnzxR2bj2yK7}w0^+aCGd*Z+3bH;6r#Ahy@KYi
ziY%J8(CI2L03nt8l9HcnKEx4JqO%|sZa6_ZF2fi#!VUMayUU>JLYaJ+1mIq4&GT8n
zJHXnNsTRZQfH3N(zH!df{m&ylrZhl2K&-cxgEdKKDTW}t03}AV_vhv03&YdYnyNrb
zM@8pVt@kPMyMSI#{tdh<Cgg!nIB$n|56y+-AVNb4www4w7vVKZ`QHX^H14=Wr6eh&
ze_Er<FBMFzOS2dwD7b(6m_e)W#h+hv51xVJ4Kshvja|Fx-BhxWSv;j8v8pheOIWt}
znp{#ibO6AR;sD_U#1a}i(@TJd^o~dY`|yfuj-IKH7;vI4^<QL{B#Iki-`VR*IpdLL
zjk;jBe$KbSOf2g^K%Sqm$zX;bW@iKL@9N_sJ7a7C4dO9Jt~((Lzr+4mMu(zk%-9yT
zV=y)<vON<sVFLo{kT9`q!4P|~^^01v&qPAm$Y-OT*y6YMx(XP0hWlfK6s%RU>N%9)
zh-Zf5Gdz0j;}V7wdvn_5M<d3TTP5VEsrI~=81_FQV+2!<UIu?D--x!wn#DeG#^>6m
zGv2dqIT^zLu^Zx7(uxtZOXx;4Da!7da)p$V%q&dYk|K^b#ZP=+NWeEq7ruGtAqvL+
zHE~r1&pgWWx0MhpYHNNHPQx>vWzqp9tg2tQ{Q#%T9b@k{E8sZ1*H{>LG`#^5S13hf
z2YJ{c1JLDx9O-iF)L{WfD@K#9pF7nJkmNgS%T8CN%71S6L0w;fL)h1+mf>?3K>|kf
z=8}_2!GZr|f|WvEDoUr_1O4hUpc!GUgj~kqzM7p)hi53nm;ma1T9_z{zeYuR&i4{P
zv$O2kgYoz+KH^V63+!RRw8t4)4G@s{F;4oiC+ngNuvz>*A7uEwXsq<<qbHq0pD0o+
zGWMFkk1;~dJO*q8qm_LN1IMCX%LF|sBr}%qlf`|cE(vxSr7Z(;x;>a0E?wm1<mK+R
zd{bIE5j)|J!0sgKw%B6F!wF8<<L!`>ew2aI-DhQ&fZ5^aJ?CE_brl%g1$eyvS~L_T
zEJNHJ@3l)sXOzw9pt1~+3-)_AJq!V1Z}J{^7skNl5^X6VNZ_3!kmvAW#|)0+%g)E+
z4Y6$1WTp8cO652HouyF!O{AV5mP7|^F$u+hYUqV9p_C>R$-6<ue*w_?J_`vXe>_Qf
zy~oz)Usg$<F{x=mF{<e3g^^JHb`;5{9p%4}8p;QL1?(o8mH+uz3h;fK15uYWmj{kp
zF73yedt!>mEH`R7wgzgS)1DO$ytZ7uh)YaPCZZUuJ=(?BSCLdTc17ZES#xu<5|tcR
z{cDnyPbq%Va=kEab0FxzkIBvDxSD~<^@YL2Nz1?CCL05J4=R=iM65QUxc)MfLyBK#
zj^#LtI)Ktk@mtHWnn!`^JPDPF3n(WIg4EAvAws5osjT0%Mw!GoFe;^hELQUBf;(&u
zh?NdRPqwSjoNyJJ6NxJWi9@S`xC#aX^8cS>4gi!iit4sN!BYIXD~85V!?Ypl@&Kds
zj2fmdc&+@)HBBCP7^U1`xWfhW;Vt8oir>$V`!6u6=qVLTwa3v5Iac(?DSn{yBx;W=
zA2_12v=2x7!%-7Isj@wCk~V-bu}qj$0hR2n0S4zX30NH)T*dZs>&k$T%3o$&#av<Q
z@<67_+BF<)HB&Wta*xixojCS|^_%SFQ0D`4+V1j)pV>z9M6&<xxe`h}xWotkW?h2c
zWyPKT<{+rxAIpUMJhqf@V4LM~DDK2J64ZTzYyY;+l~COEZzN0ijbx?`-YA{`FQ$OF
z%b~+k&xRF1(s}x~mjSqSXoEMFC!lm+KsU%N_dTm&2ASod->#bO8;ScjxMO&B)|qzB
zfm`~|YT)1&*Kb#IaO;Ttk-Myuho7NB#@tx<$!CI#^UqLk$J})H%WG<}PKrN6C5*X6
z9*~~|7i!N?AIIF<56Xu^StpI3p+18?hvkK|StlPqLzRL)N8}s9MF5k;J07L|-()Ty
zk=VC%uK7EPN$IZpk|0xlG>;NXlRH1b!C+Je#>SA6wT$=D1CB6?Kixf(Ix8P!V9NMu
z80Fe0$PY<_UJOE!A+ia6dYZ2O;cf=}dRrR#*MCXJxDBy8%X8c6(m60x@l#O7L1dd|
zgwYsW-#hU$Dt^X-`!$4#<x;Q&W$ph+)!r<E3^d^4I|iKjlc*aGC43Suo@*sc&oLBb
z>95BK4g?_D`f^JTgI7BJiY<sSb|L`wCIABIxMF{lCK+DAOsFAs{%N`v&O{<-gb9sO
zAg=>+D1Q?eVJVBBmLQcwDQ_Lhg$YIsfm$nrpuFpql>;$}6q7Z=cKw%J%x>5efkh=C
zZ6<R0DWVAoqkpQj^U8+Uw5Mfe$aBN)(&4{TtG$^d`Of(-k2R0ghp{yS@k9*J)cic2
zA9b61>qEZM(Rff5b9*L5yltS7QTAbv#9vcd`(@BP`c`!TS1mEolk)}Cb)B6LO3vL2
z9Z<cIx|cqd3J2H9Ne9=e9!y;T#B;c4Y;3G>t(;hJ-{OwK@wKUsZ;jJy$eK@q{v~{A
z{`g*MSt}<OTuYMp)$vhNgdr2s*l@^xlZ)f79ufF8FkqoU9rUu&=qiuRB>^$MnW~&W
zLH(1}_8$)R)6zO_I)sz=1pcJkC;T=GcFyx!%hD^q2r>;BL68LmRCkfy;I+z+R_hrg
z3i7%979kcQjoEV`6+3hA?Gf{ra(AuyXG1)eGeGuZTc{#3JLyOtD1wJS!rJw~Z8H=U
zsYsR0u^7j4mi`=2mqz_G6|(x@4}S$dMX_B)bQ>c*J0MT)e~ECu6pTK3W_C;)WM~a`
zXyYzY_f}a4M2iCnN4`8JLR`QK>OPB2a87q)d0|6JQDz_Xo&C&CY-=-Q6dgJi1}jAR
zs?mNL#;UXGH>9NWqeAR|-|$+<ZITY0rHhM;8{2Ua?4jKcydG$DO;Uj(C--7&JP^Lb
zhL<?^8%No@cd6d&QWZUNk}tPuYwmME*Q5g-<=)8aWoSod1xvPy#D3IAx*V!Id!j|2
zk@EnClumdFMfGx0<|2`QqGRkWrAE|!wx%<MCX-N+s@A6H3l>AZfWMugSq9SA5V&|Z
z9mfzxmV!J(R_zqppJ9t_)tuBUCD$M1X)T&bCoUaP-3aPEQp;TYrmUf;tNGTy^zYry
zbOHH&FJVxY7~s(S#}4lB$}vk?L%yW==3Y9>Jk1}8JpAw_&feJhm!b0?yYg6JgJ9b^
z4y6W(Uzgr0-S4QaRnv$qFrBUKxecd_=6X0dIEZWkwin(3v?7L4#a68wwQMSO#81gd
zNnpjEXJuuD=aPne`Bzp}*x`gHPdWwOuLX#~aY5G|OXnl3W^ruW%E5&JcY;~il;aWl
z_MV-PzYxCGbYJ~8&L_2|j+m^@#h4elY^5Ie8M{OPES9}Hg{6Aj?s6mK$zr1Yy{e-^
zhjaRP3^CVg3)WwF{3+4RX3SQdaygwvf`s@TG##tZIh~!82eqV@cl*d#y#8{+skKit
zdCRA%;(s)6`wd(9=7vS6Qteo4B{dj$PjL;ki2omr0DfXgN)ofpj^Rw{#7i{(v9n$~
z-3gGiJOcO|Zp{rbp)#c68UnkZ`qTO|gqF-?=-~P3pq&%j;m2#I*Br4weFHI^z@P0m
z#ztD=b}l`Zt^o9FLut(@@1kVChNBemmeQ41z`NY&a=~h6lan~xp@d;L0fq>Dyz>0G
z_}w8uG$zic6~`lL2#<hgT-8lRs$J4Y+Niy>zY8;a-HZHee?#7rVa@Fy5R-}fqffKt
zh!}uo0e>%fB1_BsJLJh6@NKd$e?mBn5!#&-cMY-e(ym<hV`kb|Now@pM^xjJKuNe6
z1k;AG+x%PaNN{ww4fa0|U0cqLN92+%h@j>%;SK~EpP;CtFpBg?+3*D31${rFqh(C#
z>vwer^6PfUd=vfQz?U^Vd;@fXWr{%BBzEcX$M|0K_9#Df6BMT<b_JvUS1z|_+e|!S
z3yu8*nROt&#0W}|CZdH7jUc6>>r5a5p{>Q`AS=`5{<{nmDNa1b8NK~tLcE_KN0d)b
z0qJ5DX|w|wotTocUM5#Law20d{o7*%3ZFm{5wb6lSb){~AfaySb01t4K>DWgXNBXz
zQ~g5M;cC0Zp(>vRTYj2pMj*%<>&<n6CUo?R4%^$G+*wf6&y#YXLa8})t_6Eb#M!#~
z&4$|nApDT;G6s~tLNI3H0{_R*)-Ul)mz`7FRd@Y|HS;eyD|Q?ENANLB<)J)fnF*TT
znEB*Yy^^eQWOSg!*?h;yxOB+Z(S4z8a;t>FJXO0o-KctX(n$zVmLJg>T!u;P6rMk>
z3j1DcJpPiCU)?7$I{R&D06xf}wg4oY6^p3(;_it}w;Rqs@(*7EokB2(JE~S{yjWho
z_Q>%>m-4J%db17OuB&MA%B5N*4wuZ&TbpMdgH1x0`6@*e$cNy3XRcA=XU<}il@2|!
zx6k;c=lJAF2lc<xv05phhwqg)MGE^SYxL*$hRitJNV={Kb{VNp1V$GVx^01cZYgvS
zWMJ<5Pl2f_^+7o9RFMw?(p(zWLPjJAMn*Aq0wpkmD*!ifYB-aN>?t^ph!=Ed1In(6
z?^3WALO6diB=?>}iVwoY+mXG*e*V(g$Ty(Z#Lo&O0^^WDp8FP$#}f^ni&xA^ulULM
zbpmQ5ilH-|P$}A2<p(BOm?FD=lByDCuMEWiq>%{BBeEt6_8e=_s=FNg?(?l=WL~6i
z#<f-2P3o;zadtp_GyBs5*)j*`O)gjR>)Oxew&kPZTvJ;uKOG8Wx94J!K;&9ThD?pC
zv<Lj4NrDcJWb=$`&ykU)8Cl;c-dprPGm6%U{^XNj+7F75Kr#$=L*z5$G4F?pg44O<
zg<@SlWH**PfOT6eCE!SlQGR_;t54@Od<|r$I=V^nQ4FPyoMz=6R_Cb~)w#l8jIW<^
zAbu5kY$xS7t@pqVIvX<qwC3$cF!)DnukvL%24_R;4Y94wbF~-u6xx$PNL_h~(f~Cc
zp~?SI6Cj;nhzXXxu1FYWnQ{e?eCTxY9C}?;aKFz#wU!+OD8kBH$lUhl=<yR#;7sdd
zCjN=-lP7M%GT^Fyvg>XyB2`ZVhtxDx80hb1jMV)ErEq~a(S{%b8IJ-3&85>!L4p;^
zeb?h!X^LGG!2!6Xi1UDbG(}G69fUSYwnjrK=P5j`vM>hxIv#<H71|#HHh^I~s0c`q
z_QdkzQbexNWv6@Av3raoThN{)ep<HETsH#Bb{L)oS?L8|HLQXCve)5iXD^``gTKlH
z6!xg-Jvm!@ng|T=jL-}+%X<^-Yj{TU9(H`1R76&KXpsWc{m1Vk6+epp_#Jk0We=G>
z<)2j{E(44x)pn8bp#WZnc*Ozh0~F2w;2^6(@=?Q06{35{wLg30q5f^~dBSjJnPC=$
zkS+Zd{v*K{>-(R^E(TV}30tfYM)=<c09^ZOp_H$Bl!Wwr$z***9MU@eb*rxqB>~S6
zax>7S_V&o(l@`c}|Jx%MD)UuOCP(x%-5a>5umAO>fq*Q&%m$!?itB{`$n;NF=m9Bv
zi<r>P@vKy*btn1LulCk})z$>tF0X*^<=zuy0sYEFpSgm@=oleAK@b4$M)IqsC~f?H
zVd?#br|;(xbO9>}MkBX`iAyTPG;*8x54@C2+fRsQ5!rtxD>J&0KTyeMV<Z%Xnlm!x
z=>Jv%UZ9h6I22XubD>%f1>|amAn8v?$mqIig8g(#U(8JK>pAPhTouN#A{UZ#<%o61
zH&lonl0<_{-Gn{N2WDQvw~WSyq8U6j{%r?^kpRSi!|x7@v-V?O4*^ooqrHmtDawi9
zq0*=@Yeg}6N|KeOt_V!YZ+&T`9V;j}Z`x3Dy0#i@HK!Bzkh&X-6wwAC6Lflln>cEM
zjZe2t=)H5S@g{KIE67~PiWDqNvaJm=iDGP*Gy{AYJBxw(C~yeG$!GbDet*?JMAhh_
zWF(p!>a~l5PZgG}%Ho;7OUi%_GReyQ$xt>nH&II8u|H!#HQ1{}?j=megPh{iS3Q)v
z2=PtQmHr$zCr0cFosfdLzS9Vqj{AsL*v3rU83-*i{;Q%3dhvuGDai!-9#HAnh>eNL
z`G<D8(kObWgRPIvUvKO^+q(_QR+?zo0IAZ?Ha$-P%-q~h^}@+-K~9vqMqj1#u2nj0
zjZiQ%Tdlo{PFXIQrAE&n%MpBb6Yr8hF)OyjGyfG>1d}L$kW$tTCm6+-S>y2vHSdkE
zE61BJ3ljxoiEHITC}mg-)dhIphKp2W3y>X`kS+4L2(w6Rk`}|YYrA6b;XA#AJaW>C
zEq1yziN!IajF0V^I%si9=-_G4G0GTwL>Pnc#UYH5E%v>6#@N}-Rot2^Oof4BWFu2V
zh`%IXL&1kPyv7uZw{Sw*8i1dO4u(ekpNtYz3|piR9Y21&nUSoInbd3<#d5iTB3w-6
z?1RObHX3-t;vjA&Dfy5g>9-zL!PpvyL>^p+`B+IpgYdl(Yh|a^occ_#X#<k21cy)`
zofVK&;RQ~p%{pV{*DX_#XHEbe(>nO-hO)>gZ$IFtC<SbPMc#e!69}v$t4w^QVCwPh
zK*R5!&(H^|oV2?^e%amh<6AkI%1}oR$33(Cz6G>CUi0g#vKJIOY|VS{WA-!~>?^WM
z!l$7;mpH07qhiX*S9&VoT$jocUj{E((1_YwKP2;x1Pj!C6qm%qu{Ay4L{eF2Sep&_
zAqHav+=D?ZJsyF;Zn6cv`~?w{0l;#^x4F+D*;fO1_qJQ@SqclydJ}M6tyZD^-?X?2
zzpdw$O<<j}d<z?;b^8icw(7iBt2?Y*t#mhRE|N79k6GGQ6iPVW7<n>l8?ysLJeS>c
zdR7c`PM=a$P?)y*h?_fk;jQPaX&sd(Ao80u%>Qs9Yg&LRS+kE>;7KhM1%S2KrR*5{
zr!U?YlN8s&lP>>w2a%6@iAN^utcAgU&dQ!%KLI;*LFi=={YSRkv@NfMW$4SyQhQz*
z%S)lMy?EI?*(s8yt3-WY&CdztQI8GOPg+T&mHU)~7@OLkq8vz-7NW%x6k6RqaR`0n
z0{CJpdh2>^iP>T+Vd|sE^;^rSGs4ni9pdO>0aKyCWI|t%{i&_7x813Kr+6%9N4wP$
zo!Dru7YAZ_;yhT?=Fma1i@h@+`voey8u=&exMokQ%@ha|GxWJBJjG!*nJ}R$QO62e
zj?k?S7Djp$<{h9Hr<zUhxadtT^<}S%zW6B=Sm`27j8EOyE4XfTBogMT$sZTMd&bY|
z1JSPw7xm$PKG{_P>3i{=fs+o3Q-r8rF@Dfg$o!ty^X@yL0Un5t1-dO&ScFsH)TIWS
z`9?FnNjDyEF$CYm{<AL%zIiTLuF8Hnsjyy-t{>ufRXk12rCypM5fyhNg<5;g38eG+
zt>;>#@J2yVzxZ63-1cjZXX@djV`7AKyL^`;Rl-`sj7`+615a#)OyE!4!c85T9m}V3
zV53$$7MrD0BtxBN(3fmVa)<JV5O;fy^#532ldVJlj+YwI?CM<1L0)_pKzg<1AlO<c
z(fd+mN77+UAh>6hItLfZ0+f;g$f_7qLPw+|4Xnv0CHV&>>12pOaBgVy=5=+dhH4vR
zK7)L4<gY2M?(b}gES}4SBbs!p56hy_c5K$B-#c)G7PQ&CzE%)Q%fBHzt32A1&WnE1
zA34{r7$CwC;1Ya_8%P`lOpsjxI1o3^)Im`_t_mXu`hgQKO68<D86d;06+N=Z2e%(f
z0&EKVK+X+l)p~1-t+Pb#4`99yLY3eQqXul9ac#ydWAm4RUP42W@#jqBpLj+f;3+WI
zg$`$euQ&lglR-X9;pu|1<u;1;tx1EFm&m{w{9uWtPG2?5CG#MFKVrT$YmZH00%Cmb
zw-1oA0RM6SpF++(p2`0I<KM@9_q`LHoJYk?M9is8;Vx29n8O^mA%|(qp>kRzx+~-`
zIkjOq<gkfmV+ctqrx2BCyG`mLCSu%)`6Bv$Hr?O9evilR-#xDD+CHD_+UI(`-k;a=
z9q3ExxK=`&0tH%{O_=65M0Dlj!umiGK3SgjAOuUHEK_X$kO=P<nGY4A?2Rc<Uyi0#
z1->Sf4sCNZU#-BSJS|O*f)U(1jl|PH&H{!#Q6e+U<SdFLs#=H^9X<ed5a6v#b0d)1
z=mng`rxOKWwO$1Ul^Zp_g>VFTS18{tkr)P$rAgc)UB_+JSeU`P#T?OB9splQhnM^Q
zGH5+m-Sv-5&A?LpbDaIY*w)*<E)MIre&5r(rBwkKWB!aC!<opA`|D82(rG|}<#9+j
zs~dPixG+@q|Inyl6Z_=<uTQ4|#%5%1G@x%Tl7|v?wSa2ObGl9Y2V9(vL$IsiXZ^&~
zz*|k@Em5SF0e7c#f&BMXz13;5SUv`HK2T+QiSuTO5_;Y6`o1F%;TH<TsDSmZI7F^k
zP-aQ$=?*v<4jdH6`;R!gmPo+!JSb<yGEwc{A#`|AcmzVk<fS+f@$P}I#h~gbIpLZ6
z-L~HzD6_r%#6YFS8?XZmQVY6_A+IF7`7==|PofuZO50HmJzE9;%(8X)splB}Zj_cS
z-u0B^+J5%%Pq`ZaKS?z$xQ7F&Ix#umZ1~JbgkykrznQ%h8|sm-{u72&(X~e+@e2Q|
zZ(gFn#IiHXnqvr3X<PD?_!C&bu##<a9Yu)j5zJ-LKqT<J|LWdSiq^MO5cN<oBLdPi
z__Qcd`Yx{!zbMY%jR9IcbL*7D01}a7H<bJ=kh%ry4s2Ht&vK%~33rNm72M;N(ZFHx
zl?Kb~BaLA8m-2y956&swLQsvj=2H)N31HYGOwiUq4A<Ybt^W==AwG-Y?_C^*#H(bu
zQ{sBWSmfhWCOoh^2knC&M3HcfeTgPwj&e9iG^fKPnld}88(qCM5VJlMD5r}4!o~nU
zu4KUZi%`{zK&4fzH|!VfPL=oG><0ykR0Y!1@SN9?K|pf>GMMIy2hpBA`6Qh3D&z$C
zq};j$OL=FTyCP;q%^I;3D=PXZDCkmuva~bio8;V=`LwIeH-@BRMeNzBmqFvY0|mZ_
zZ@^h)@=3VhEI<04|4ku3ALmx5^~+l^tSTP~Ue7oq07-&1N&HluYr@Bt;7X}b@ndx)
zc#<^ri<m;m!ia~P*bp%18z2l_CFi1k`VQjmwvUwssbX1<JjjH17!7=xLn9x15%G&+
zV?zAxmMVL)sSw=i8EvYOeGBjkxQ=)L&5qBZw=A1C$V1#RDAljFtFfh;&gu-<Y}KXH
znegxu99SBFIa%@(6iR><EWi~NN1Y+UnD8xE)^WG^geS0Y{y!;TiSc*}HT5JgO|YR=
z5^#H4dC2+P>m{`45}Y4cRh7VhS^RtF4`M0fdRhZ305jh@Oj?}@%opw(e*}zA9MqiA
zAJ21Yx-O)v{IrwXAeX7V;u|(*rDMM_hgM>TGDMC|Y)^Z37`%Q2(hU#bJzAAw|6?YF
zhz!QjUxOjq%F<e{gdQJ-i^8aS-Mi;)XuC5>x&vQiZ|r0fT`6&UM3_usRPL{a_FzZQ
zXn^yv(zLa?5HT>QwY?ITvoUd-^$)S%`841v?s$P`K7#DNd&M1p%AdlHl<F<T2U50c
z{d3ft3fMr$_T1I3!<Rsn$uGZaZsZ^c7$XsEk9&jgz$wMt)Pj+KYr$qC#|VZajXzGZ
zBDuwr#p?@>^Sp4M2yWXSxq_8B?I>ni^8Ap|+(OyKJ#J`=^eba=%(Sx0rmoHBU4GmN
zI=gq&mZ|l4MMbfQ@@emvd0xyF753)Wm=zqpGCM?<9)j=jMyo2;^W!vZ%@wY2W>wmt
z8y(Xc8&TJvFi4)N(xX)k8FwG;t2;I}TKl1G*Vp3p>QyJ)hnhfZ7mF(b2frm=@!Vxz
z><{nWjn;Vw!opbgoNB9ul10O@c6e(o-20l|Uv;Zfwz5OC)Np&RGONZ^Pe<Rv)|E`n
zm4&gA_f2ukV@^Rm8?8lzW$A;wclz_4A!mv*56^NjZ9<<bW0xksByOss9VX(bkD4od
zT&|Bf%IW7d{2_x49=!u``HNZg!|coE@5z#*(pL7X&GR8G^oc`3nb}hBXqntWmN12N
z^a%&K@-ReE%^-)5GJl2dTATSke*k@5F@9g!IWjg}clrY-+~X-!$G~o#ajhk&elcY)
zLWWm=DUh}DEWY<fop*0O4DmkrrjBeLZsP<+w~PI!VKMrTIE6m@$Q?e`g6e@Js~-Ws
zLqNX>uj;Yue`l5K-!@LT>xH#ty}x@U{1S&_7wSBk&_R#4B-*Tu9wXeBdnhoPS+=%Y
zx9eXInMhD%Z>HR<2tUZRW}Sz$3He`7s$}afCJisfoEhTCg+!g~U*^7T!tTpi@Qh=d
zB%8eAm48|bf~FYFB$Qolskmj$C>u-K%{dd=zXO}!tdTA$o1BWSm+EKqEhU3C5QeYZ
zX;m4r*n7>0^fcMLV87!0{fX#Cb=Oiidj+P}as=qKm6DrcYi=<k%#-Xl?~BL?D0<5|
z6Y*w8U3G)E#>R`F#va$;k|P?i2jT<^6Qy*=(>u8#cj?SLF5`5;WHbaT@JsmH3?;ih
z9JP1Wm8<pMK|zZ}NWGBpIsBK6%CU$;?Q`FzbGuXNJ}U9;^sy?r`bRnbt4>4Au<LJ!
zQNqV1&GOOrWwgBIKp!rod~$zGk-nm2o*HDbBKKHdLHH%|?azm<C7EXSvqn%j^N^$a
zUPCkS)`{!J%aK9I@K5W;$Y_Vx1{yAr-!=(yuJ>biQWsr}W09ez#PES?li9UdK5D;%
z{X=c0ogmU`DPBWol^}07G>cyqcFZ@rKnW*d*(eU;@L+RFLQ?G$OUfR9&(iC;6(8S6
zMVO?_5Qx*<cW<*6D*ZEd?=$V~NfcmKi;a&_{T1O#*%z6!9`EQm(AxsPc8sYk4Exu-
z@p${MuuO1s96o3(R(^*ZDmIp?AC?CVJFc=rmDzGh@><;{YOcj^`~vSozRl?!4SIX0
zKE<Ja$gyJm-Am@e8h;dN<iUBm+_1M3^_0<eY(UA>Zdxmc@9fpb!y3`tH$Jn!J1cCk
z&NY6Pj*ot|IMgm<g(B#LU5|%b{0ZTDrStWJ9;Nihc+0}{&b?ZcsS$dOu;!Vgb$fnb
zn$lg(tEn9XFAh>}irSvrsaLKf@1lq6_k;4%xzYV*nOuxtyOk@+AzinAGbc2dVwH3l
zTVO@S=Lgsvx##XyXz1t@`{HE$@`!pGiywPNOSOZaR%p{|vY^hxN^fYSr3o(vKYxin
zW%2g=qVv=9%?UiMuoX-%xm-G)6rdDdqdZLD+_yUD5mYC`-gJNedyR67navMgbJkNv
zMzXsaS05Qsr_G$@>0J=m71YuvD2+#ag50`F-xa1|>;>U^+l>y1)&S5L%Q#kG?=Y#;
zdHiZ=W*=9(O>Q<(64tCSdJnH-(^bXaHN4LSN2Bu3`_o7<UM~|bq*4=-ueG1sf8hCd
zjbzrhbW7q6L8->VM6h&x95jtCbgKJa4Qt`$SFsXK|2TduM$d{YZRKaqF*nhxZniY@
zpKPdTtMajtnh&V@B;8i1?Ee(%EC9CkTLRiszZV^b30rrAt9Cm1#d#B}s^YV5&X6Y3
z(%q=B_@*+6_zs8;=gtL4g)4a+f_u=6|FV8`mkl2;nT$~^`g<9xjt0wAE-I+8;YpUB
z9h4Ux>df3|N+uHv6?ms@%!!%@kY8Wgnlipj%XM4g-;B;$_FK}~i`jg-kEyMB#w@+u
zGBjsi)wXH-h6k8<a%N|_{#w|~gTw^0<X9@{<!sLTt3k4Am3ixA*c){MQmTM{^c=6k
z$L(QuP$QU3O_)KB(797{czF8S(kV{`m@J({^nSdlSyhKfJ>f=id+v+rJ{U80YG@DW
z>vwU<r_UepbZq%7(Pk~|!1G!<=tS2<=AP}(&TmrHQ|Bqm3p-faUW~~i%NdCd7EiN8
z7sXVc<a+4t0?l{8{qx|zdi^T>%~MM=+$4vtc|``=L&6qF+wN@8F$#H&CFd39JsB)p
zk|nJr3xeB(7$Wp+8SL?Y7IBi+?sv|z9z`H_RR=LW8Qo5Ggd$OkxyFZZ%`|_3S+H8=
zXc74)O2J`iW)@ECFDq-?FXh)#^J24&(cXeF5B_Y`pN+bBr8}$5;os%jpK?HVJXOhf
z4TjsT59jw_j3V5g=f6?>Emz-T0)q(qHHxlA-Zp_xb1>AV8;Bmw7p!xivCgA5_D1Or
zDYv9w{bpV6A9z>UwHnoW#<O&!t77ykhRMxSsU;T`D9M-Rd)4rSE*LCTNz$$Gj>BML
zb!;bMXx@Pn8|wVV@!p?<cAn5Xcbo)CZxx7red!fr`!Ka$X@;4PA=UaH>z!TtxtSNW
zX7hTSs-D+W`kKjr2U3CSQDE9gf>E49W!6&Z1mvjT!p(6isW{!Ci{<*~2y1~!j_k-H
zxT#Hr-Kel%6TR}DXp=ALL6D;m9kObLQ=40!-BjgW_p32sJ+(4-`Hy0eE^&x=AlIo>
zSMy?-zMSn6>l$U&7gA(E4liTs-(DTwtC8m4UuU9`BkAIQs7fQ651Hx^=0sV|WSk}!
zX@HiXf}xMZ(qP_&II4ibtat%rD~+bklxAP(%^T42QmK8_S8M&aY^VIA)@BTbkgP6k
zn))*Kf`FQ0ZVA?Ff5IZhAjIZ;&+{GDpBiwm(KML}7O$bg2VI4yB3-{s=vX{F@fb?N
wqAZVAH59{OuEg^r5xHwMXH-$=HZ8suR(^dZm!1q-!2Zj|%Ha&-l<&>|0`&D6&j0`b

literal 0
HcmV?d00001

diff --git a/auth_oidc/tests/test_auth_oidc_auth_code.py b/auth_oidc/tests/test_auth_oidc_auth_code.py
index a1a08b0a71..43a1ec6fff 100644
--- a/auth_oidc/tests/test_auth_oidc_auth_code.py
+++ b/auth_oidc/tests/test_auth_oidc_auth_code.py
@@ -71,7 +71,7 @@ def setUp(self):
         super().setUp()
         # search our test provider and bind the demo user to it
         self.provider_rec = self.env["auth.oauth.provider"].search(
-            [("client_id", "=", "auth_oidc-test")]
+            [("name", "=", "keycloak:8080 on localhost")]
         )
         self.assertEqual(len(self.provider_rec), 1)
 
@@ -83,8 +83,10 @@ def test_auth_link(self):
         ).write(dict(enabled=False))
         with MockRequest(self.env):
             providers = OpenIDLogin().list_providers()
-            self.assertEqual(len(providers), 1)
-            auth_link = providers[0]["auth_link"]
+            self.assertEqual(len(providers), 2)
+            auth_link = list(
+                filter(lambda p: p["name"] == "keycloak:8080 on localhost", providers)
+            )[0]["auth_link"]
             assert auth_link.startswith(self.provider_rec.auth_endpoint)
             params = parse_qs(urlparse(auth_link).query)
             self.assertEqual(params["response_type"], ["code"])
@@ -95,6 +97,13 @@ def test_auth_link(self):
             self.assertTrue(params["nonce"])
             self.assertTrue(params["state"])
             self.assertEqual(params["redirect_uri"], [BASE_URL + "/auth_oauth/signin"])
+            self.assertFalse("prompt" in params)
+
+            auth_link_ms = list(
+                filter(lambda p: p["name"] == "Azure AD Multitenant", providers)
+            )[0]["auth_link"]
+            params = parse_qs(urlparse(auth_link_ms).query)
+            self.assertEqual(params["prompt"], ["select_account"])
 
     def _prepare_login_test_user(self):
         user = self.env.ref("base.user_demo")
diff --git a/auth_oidc/views/auth_oauth_provider.xml b/auth_oidc/views/auth_oauth_provider.xml
index 90c931b417..c63f2cef60 100644
--- a/auth_oidc/views/auth_oauth_provider.xml
+++ b/auth_oidc/views/auth_oauth_provider.xml
@@ -19,6 +19,9 @@
                 <field name="token_endpoint" />
                 <field name="jwks_uri" />
             </field>
+            <field name="auth_endpoint" position="after">
+                <field name="auth_link_params" />
+            </field>
         </field>
     </record>
 </odoo>