@auth0/auth0-spa-js 2.18.2 → 2.18.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/dist/auth0-spa-js.development.js +70 -3
  2. package/dist/auth0-spa-js.development.js.map +1 -1
  3. package/dist/auth0-spa-js.production.esm.js +1 -1
  4. package/dist/auth0-spa-js.production.esm.js.map +1 -1
  5. package/dist/auth0-spa-js.production.js +1 -1
  6. package/dist/auth0-spa-js.production.js.map +1 -1
  7. package/dist/auth0-spa-js.worker.development.js +41 -1
  8. package/dist/auth0-spa-js.worker.development.js.map +1 -1
  9. package/dist/auth0-spa-js.worker.production.js +1 -1
  10. package/dist/auth0-spa-js.worker.production.js.map +1 -1
  11. package/dist/lib/auth0-spa-js.cjs.js +70 -3
  12. package/dist/lib/auth0-spa-js.cjs.js.map +1 -1
  13. package/dist/typings/version.d.ts +1 -1
  14. package/dist/typings/worker/worker.types.d.ts +5 -0
  15. package/package.json +2 -2
  16. package/src/Auth0Client.ts +5 -0
  17. package/src/version.ts +1 -1
  18. package/src/worker/__mocks__/token.worker.ts +3 -3
  19. package/src/worker/token.worker.ts +59 -3
  20. package/src/worker/worker.types.ts +7 -0
package/dist/auth0-spa-js.worker.development.js CHANGED
@@ -103,6 +103,7 @@
103
103
  return obj;
104
104
  }, {});
105
105
  let refreshTokens = {};
106
+ let allowedBaseUrl = null;
106
107
  const cacheKey = (audience, scope) => "".concat(audience, "|").concat(scope);
107
108
  const cacheKeyContainsAudience = (audience, cacheKey) => cacheKey.startsWith("".concat(audience, "|"));
108
109
  const getRefreshToken = (audience, scope) => refreshTokens[cacheKey(audience, scope)];
@@ -212,8 +213,47 @@
212
213
  });
213
214
  }
214
215
  };
216
+ const isAuthorizedWorkerRequest = workerRequest => {
217
+ if (!allowedBaseUrl) {
218
+ return false;
219
+ }
220
+ try {
221
+ const allowedBaseOrigin = new URL(allowedBaseUrl).origin;
222
+ const requestedUrl = new URL(workerRequest.fetchUrl);
223
+ return requestedUrl.origin === allowedBaseOrigin && requestedUrl.pathname === "/oauth/token";
224
+ } catch (_unused) {
225
+ return false;
226
+ }
227
+ };
228
+ const messageRouter = event => {
229
+ const {data: data, ports: ports} = event;
230
+ const [port] = ports;
231
+ if ("type" in data && data.type === "init") {
232
+ if (allowedBaseUrl === null) {
233
+ try {
234
+ new URL(data.allowedBaseUrl);
235
+ allowedBaseUrl = data.allowedBaseUrl;
236
+ } catch (_unused2) {
237
+ return;
238
+ }
239
+ }
240
+ return;
241
+ }
242
+ if (!("fetchUrl" in data) || !isAuthorizedWorkerRequest(data)) {
243
+ port === null || port === void 0 || port.postMessage({
244
+ ok: false,
245
+ json: {
246
+ error: "invalid_fetch_url",
247
+ error_description: "Unauthorized fetch URL"
248
+ },
249
+ headers: {}
250
+ });
251
+ return;
252
+ }
253
+ messageHandler(event);
254
+ };
215
255
  {
216
- addEventListener("message", messageHandler);
256
+ addEventListener("message", messageRouter);
217
257
  }
218
258
  });
219
259
  //# sourceMappingURL=auth0-spa-js.worker.development.js.map
package/dist/auth0-spa-js.worker.development.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth0-spa-js.worker.development.js","sources":["../src/errors.ts","../src/utils.ts","../src/worker/token.worker.ts"],"sourcesContent":["/**\n * MFA requirements from an mfa_required error response\n */\nexport interface MfaRequirements {\n /** Required enrollment types */\n enroll?: Array<{ type: string }>;\n /** Required challenge types */\n challenge?: Array<{ type: string }>;\n}\n\n/**\n * Thrown when network requests to the Auth server fail.\n */\nexport class GenericError extends Error {\n constructor(public error: string, public error_description: string) {\n super(error_description);\n Object.setPrototypeOf(this, GenericError.prototype);\n }\n\n static fromPayload({\n error,\n error_description\n }: {\n error: string;\n error_description: string;\n }) {\n return new GenericError(error, error_description);\n }\n}\n\n/**\n * Thrown when handling the redirect callback fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class AuthenticationError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, AuthenticationError.prototype);\n }\n}\n\n/**\n * Thrown when handling the redirect callback for the connect flow fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class ConnectError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public connection: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, ConnectError.prototype);\n }\n}\n\n/**\n * Thrown when silent auth times out (usually due to a configuration issue) or\n * when network requests to the Auth server timeout.\n */\nexport class TimeoutError extends GenericError {\n constructor() {\n super('timeout', 'Timeout');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, TimeoutError.prototype);\n }\n}\n\n/**\n * Error thrown when the login popup times out (if the user does not complete auth)\n */\nexport class PopupTimeoutError extends TimeoutError {\n constructor(public popup: Window) {\n super();\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupTimeoutError.prototype);\n }\n}\n\nexport class PopupCancelledError extends GenericError {\n constructor(public popup: Window) {\n super('cancelled', 'Popup closed');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupCancelledError.prototype);\n }\n}\n\nexport class PopupOpenError extends GenericError {\n constructor() {\n super('popup_open', 'Unable to open a popup for loginWithPopup - window.open returned `null`');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupOpenError.prototype);\n }\n}\n\n/**\n * Error thrown when the token exchange results in a `mfa_required` error\n */\nexport class MfaRequiredError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public mfa_token: string,\n public mfa_requirements: MfaRequirements\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MfaRequiredError.prototype);\n }\n}\n\n/**\n * Error thrown when there is no refresh token to use\n */\nexport class MissingRefreshTokenError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_refresh_token',\n `Missing Refresh Token (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingRefreshTokenError.prototype);\n }\n}\n\n/**\n * Error thrown when there are missing scopes after refreshing a token\n */\nexport class MissingScopesError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_scopes',\n `Missing requested scopes after refresh (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', missing scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingScopesError.prototype);\n }\n}\n\n/**\n * Error thrown when the wrong DPoP nonce is used and a potential subsequent retry wasn't able to fix it.\n */\nexport class UseDpopNonceError extends GenericError {\n constructor(public newDpopNonce: string | undefined) {\n super('use_dpop_nonce', 'Server rejected DPoP proof: wrong nonce');\n\n Object.setPrototypeOf(this, UseDpopNonceError.prototype);\n }\n}\n\n/**\n * Returns an empty string when value is falsy, or when it's value is included in the exclude argument.\n * @param value The value to check\n * @param exclude An array of values that should result in an empty string.\n * @returns The value, or an empty string when falsy or included in the exclude argument.\n */\nfunction valueOrEmptyString(value: string, exclude: string[] = []) {\n return value && !exclude.includes(value) ? value : '';\n}\n","import { AuthenticationResult, PopupConfigOptions } from './global';\n\nimport {\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS\n} from './constants';\n\nimport {\n PopupTimeoutError,\n TimeoutError,\n GenericError,\n PopupCancelledError\n} from './errors';\n\nexport const parseAuthenticationResult = (\n queryString: string\n): AuthenticationResult => {\n if (queryString.indexOf('#') > -1) {\n queryString = queryString.substring(0, queryString.indexOf('#'));\n }\n\n const searchParams = new URLSearchParams(queryString);\n\n return {\n state: searchParams.get('state')!,\n code: searchParams.get('code') || undefined,\n connect_code: searchParams.get('connect_code') || undefined,\n error: searchParams.get('error') || undefined,\n error_description: searchParams.get('error_description') || undefined\n };\n};\n\nexport const runIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n) => {\n return new Promise<AuthenticationResult>((res, rej) => {\n const iframe = window.document.createElement('iframe');\n\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n let iframeEventHandler: (e: MessageEvent) => void;\n\n const timeoutSetTimeoutId = setTimeout(() => {\n rej(new TimeoutError());\n removeIframe();\n }, timeoutInSeconds * 1000);\n\n iframeEventHandler = function (e: MessageEvent) {\n if (e.origin != eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') return;\n\n const eventSource = e.source;\n\n if (eventSource) {\n (eventSource as any).close();\n }\n\n e.data.response.error\n ? rej(GenericError.fromPayload(e.data.response))\n : res(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n\n // Delay the removal of the iframe to prevent hanging loading status\n // in Chrome: https://github.com/auth0/auth0-spa-js/issues/240\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n\nexport const openPopup = (url: string) => {\n const width = 400;\n const height = 600;\n const left = window.screenX + (window.innerWidth - width) / 2;\n const top = window.screenY + (window.innerHeight - height) / 2;\n\n return window.open(\n url,\n 'auth0:authorize:popup',\n `left=${left},top=${top},width=${width},height=${height},resizable,scrollbars=yes,status=1`\n );\n};\n\nexport const runPopup = (config: PopupConfigOptions, eventOrigin: string) => {\n return new Promise<AuthenticationResult>((resolve, reject) => {\n let popupEventListener: (e: MessageEvent) => void;\n\n // Check each second if the popup is closed triggering a PopupCancelledError\n const popupTimer = setInterval(() => {\n if (config.popup && config.popup.closed) {\n clearInterval(popupTimer);\n clearTimeout(timeoutId);\n window.removeEventListener('message', popupEventListener, false);\n reject(new PopupCancelledError(config.popup));\n }\n }, 1000);\n\n const timeoutId = setTimeout(() => {\n clearInterval(popupTimer);\n reject(new PopupTimeoutError(config.popup));\n window.removeEventListener('message', popupEventListener, false);\n }, (config.timeoutInSeconds || DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) * 1000);\n\n popupEventListener = function (e: MessageEvent) {\n if (e.origin !== eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') {\n return;\n }\n\n clearTimeout(timeoutId);\n clearInterval(popupTimer);\n window.removeEventListener('message', popupEventListener, false);\n\n // Close popup automatically unless closePopup is explicitly set to false\n if (config.closePopup !== false) {\n config.popup.close();\n }\n\n if (e.data.response.error) {\n return reject(GenericError.fromPayload(e.data.response));\n }\n\n resolve(e.data.response);\n };\n\n window.addEventListener('message', popupEventListener);\n });\n};\n\nexport const getCrypto = () => {\n return window.crypto;\n};\n\nexport const createRandomString = () => {\n const charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n const validMax = 256 - (256 % charset.length);\n let random = '';\n while (random.length < 43) {\n const bytes = getCrypto().getRandomValues(new Uint8Array(43 - random.length));\n for (const byte of bytes) {\n if (random.length < 43 && byte < validMax) {\n random += charset[byte % charset.length];\n }\n }\n }\n return random;\n};\n\nexport const encode = (value: string) => btoa(value);\nexport const decode = (value: string) => atob(value);\n\nconst stripUndefined = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .reduce((acc, key) => ({ ...acc, [key]: params[key] }), {});\n};\n\nconst ALLOWED_AUTH0CLIENT_PROPERTIES = [\n {\n key: 'name',\n type: ['string']\n },\n {\n key: 'version',\n type: ['string', 'number']\n },\n {\n key: 'env',\n type: ['object']\n }\n];\n\n/**\n * Strips any property that is not present in ALLOWED_AUTH0CLIENT_PROPERTIES\n * @param auth0Client - The full auth0Client object\n * @param excludeEnv - If true, excludes the 'env' property from the result\n * @returns The stripped auth0Client object\n */\nexport const stripAuth0Client = (auth0Client: any, excludeEnv = false) => {\n return Object.keys(auth0Client).reduce((acc: any, key: string) => {\n // Exclude 'env' if requested (for /authorize query params to prevent truncation)\n if (excludeEnv && key === 'env') {\n return acc;\n }\n\n const allowedProperty = ALLOWED_AUTH0CLIENT_PROPERTIES.find(\n p => p.key === key\n );\n if (\n allowedProperty &&\n allowedProperty.type.includes(typeof auth0Client[key])\n ) {\n acc[key] = auth0Client[key];\n }\n\n return acc;\n }, {});\n};\n\nexport const createQueryParams = ({ clientId: client_id, ...params }: any) => {\n return new URLSearchParams(\n stripUndefined({ client_id, ...params })\n ).toString();\n};\n\nexport const sha256 = async (s: string) => {\n const digestOp: any = getCrypto().subtle.digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s)\n );\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map(c => {\n return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n })\n .join('')\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] | Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput)))\n );\n};\n\nexport const validateCrypto = () => {\n if (!getCrypto()) {\n throw new Error(\n 'For security reasons, `window.crypto` is required to run `auth0-spa-js`.'\n );\n }\n if (typeof getCrypto().subtle === 'undefined') {\n throw new Error(`\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n `);\n }\n};\n\n/**\n * @ignore\n */\nexport const getDomain = (domainUrl: string) => {\n if (!/^https?:\\/\\//.test(domainUrl)) {\n return `https://${domainUrl}`;\n }\n\n return domainUrl;\n};\n\n/**\n * @ignore\n */\nexport const getTokenIssuer = (\n issuer: string | undefined,\n domainUrl: string\n) => {\n if (issuer) {\n return issuer.startsWith('https://') ? issuer : `https://${issuer}/`;\n }\n\n return `${domainUrl}/`;\n};\n\nexport const parseNumber = (value: any): number | undefined => {\n if (typeof value !== 'string') {\n return value;\n }\n return parseInt(value, 10) || undefined;\n};\n\n/**\n * Ponyfill for `Object.fromEntries()`, which is not available until ES2020.\n *\n * When the target of this project reaches ES2020, this can be removed.\n */\nexport const fromEntries = <T = any>(\n iterable: Iterable<[PropertyKey, T]>\n): Record<PropertyKey, T> => {\n return [...iterable].reduce((obj, [key, val]) => {\n obj[key] = val;\n\n return obj;\n }, {} as Record<PropertyKey, T>);\n};\n","import { MissingRefreshTokenError } from '../errors';\nimport { FetchResponse } from '../global';\nimport { createQueryParams, fromEntries } from '../utils';\nimport { WorkerRefreshTokenMessage } from './worker.types';\n\nlet refreshTokens: Record<string, string> = {};\n\nconst cacheKey = (audience: string, scope: string) => `${audience}|${scope}`;\n\nconst cacheKeyContainsAudience = (audience: string, cacheKey: string) => cacheKey.startsWith(`${audience}|`);\n\nconst getRefreshToken = (audience: string, scope: string): string | undefined =>\n refreshTokens[cacheKey(audience, scope)];\n\nconst setRefreshToken = (\n refreshToken: string,\n audience: string,\n scope: string\n) => (refreshTokens[cacheKey(audience, scope)] = refreshToken);\n\nconst deleteRefreshToken = (audience: string, scope: string) =>\n delete refreshTokens[cacheKey(audience, scope)];\n\nconst wait = (time: number) =>\n new Promise<void>(resolve => setTimeout(resolve, time));\n\nconst formDataToObject = (formData: string): Record<string, any> => {\n const queryParams = new URLSearchParams(formData);\n const parsedQuery: any = {};\n\n queryParams.forEach((val, key) => {\n parsedQuery[key] = val;\n });\n\n return parsedQuery;\n};\n\nconst updateRefreshTokens = (oldRefreshToken: string | undefined, newRefreshToken: string): void => {\n Object.entries(refreshTokens).forEach(([key, token]) => {\n if (token === oldRefreshToken) {\n refreshTokens[key] = newRefreshToken;\n }\n });\n}\n\nconst checkDownscoping = (scope: string, audience: string): boolean => {\n const findCoincidence = Object.keys(refreshTokens).find((key) => {\n if (key !== 'latest_refresh_token') {\n const isSameAudience = cacheKeyContainsAudience(audience, key);\n const scopesKey = key.split('|')[1].split(\" \");\n const requestedScopes = scope.split(\" \");\n const scopesAreIncluded = requestedScopes.every((key) => scopesKey.includes(key));\n\n return isSameAudience && scopesAreIncluded;\n }\n })\n\n return findCoincidence ? true : false;\n}\n\nconst messageHandler = async ({\n data: { timeout, auth, fetchUrl, fetchOptions, useFormData, useMrrt },\n ports: [port]\n}: MessageEvent<WorkerRefreshTokenMessage>) => {\n let headers: FetchResponse['headers'] = {};\n\n let json: {\n refresh_token?: string;\n };\n let refreshToken: string | undefined;\n\n const { audience, scope } = auth || {};\n\n try {\n const body = useFormData\n ? formDataToObject(fetchOptions.body as string)\n : JSON.parse(fetchOptions.body as string);\n\n if (!body.refresh_token && body.grant_type === 'refresh_token') {\n refreshToken = getRefreshToken(audience, scope);\n\n // When we don't have any refresh_token that matches the audience and scopes\n // stored, and useMrrt is configured to true, we will use the last refresh_token\n // returned by the server to do a refresh\n // We will avoid doing MRRT if we were to downscope while doing refresh in the same audience\n if (!refreshToken && useMrrt) {\n const latestRefreshToken = refreshTokens[\"latest_refresh_token\"];\n\n const isDownscoping = checkDownscoping(scope, audience);\n\n if (latestRefreshToken && !isDownscoping) {\n refreshToken = latestRefreshToken;\n }\n }\n\n if (!refreshToken) {\n throw new MissingRefreshTokenError(audience, scope);\n }\n\n fetchOptions.body = useFormData\n ? createQueryParams({\n ...body,\n refresh_token: refreshToken\n })\n : JSON.stringify({\n ...body,\n refresh_token: refreshToken\n });\n }\n\n let abortController: AbortController | undefined;\n\n if (typeof AbortController === 'function') {\n abortController = new AbortController();\n fetchOptions.signal = abortController.signal;\n }\n\n let response: void | Response;\n\n try {\n response = await Promise.race([\n wait(timeout),\n fetch(fetchUrl, { ...fetchOptions })\n ]);\n } catch (error) {\n // fetch error, reject `sendMessage` using `error` key so that we retry.\n port.postMessage({\n error: error.message\n });\n\n return;\n }\n\n if (!response) {\n // If the request times out, abort it and let `switchFetch` raise the error.\n if (abortController) abortController.abort();\n\n port.postMessage({\n error: \"Timeout when executing 'fetch'\"\n });\n\n return;\n }\n\n headers = fromEntries(response.headers);\n json = await response.json();\n\n if (json.refresh_token) {\n // If useMrrt is configured to true we want to save the latest refresh_token\n // to be used when refreshing tokens with MRRT\n if (useMrrt) {\n refreshTokens[\"latest_refresh_token\"] = json.refresh_token;\n\n // To avoid having some refresh_token that has already been used\n // we will update those inside the list with the new one obtained\n // by the server\n updateRefreshTokens(refreshToken, json.refresh_token);\n }\n\n setRefreshToken(json.refresh_token, audience, scope);\n delete json.refresh_token;\n } else {\n deleteRefreshToken(audience, scope);\n }\n\n port.postMessage({\n ok: response.ok,\n json,\n headers\n });\n } catch (error) {\n port.postMessage({\n ok: false,\n json: {\n error: error.error,\n error_description: error.message\n },\n headers\n });\n }\n};\n\n// Don't run `addEventListener` in our tests (this is replaced in rollup)\nif (process.env.NODE_ENV === 'test') {\n module.exports = { messageHandler };\n /* c8 ignore next 4 */\n} else {\n // @ts-ignore\n addEventListener('message', messageHandler);\n}\n"],"names":["GenericError","Error","constructor","error","error_description","super","this","Object","setPrototypeOf","prototype","fromPayload","_ref","MissingRefreshTokenError","audience","scope","concat","valueOrEmptyString","value","exclude","arguments","length","undefined","includes","stripUndefined","params","keys","filter","k","reduce","acc","key","_objectSpread","createQueryParams","clientId","client_id","_objectWithoutProperties","_excluded","URLSearchParams","toString","fromEntries","iterable","obj","_ref2","val","refreshTokens","cacheKey","cacheKeyContainsAudience","startsWith","getRefreshToken","setRefreshToken","refreshToken","deleteRefreshToken","wait","time","Promise","resolve","setTimeout","formDataToObject","formData","queryParams","parsedQuery","forEach","updateRefreshTokens","oldRefreshToken","newRefreshToken","entries","token","checkDownscoping","findCoincidence","find","isSameAudience","scopesKey","split","requestedScopes","scopesAreIncluded","every","messageHandler","async","data","timeout","auth","fetchUrl","fetchOptions","useFormData","useMrrt","ports","port","headers","json","body","JSON","parse","refresh_token","grant_type","latestRefreshToken","isDownscoping","stringify","abortController","AbortController","signal","response","race","fetch","postMessage","message","abort","ok","addEventListener"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAaO,MAAMA,qBAAqBC;QAChCC,WAAAA,CAAmBC,OAAsBC;YACvCC,MAAMD;YAAmBE,KADRH,QAAAA;YAAaG,KAASF,oBAAAA;YAEvCG,OAAOC,eAAeF,MAAMN,aAAaS;AAC3C;QAEA,kBAAOC,CAAWC;YAMf,KANgBR,OACjBA,OAAKC,mBACLA,qBAIDO;YACC,OAAO,IAAIX,aAAaG,OAAOC;AACjC;;IAgGK,MAAMQ,iCAAiCZ;QAC5CE,WAAAA,CAAmBW,UAAyBC;YAC1CT,MACE,yBAAuBU,qCAAAA,OACcC,mBAAmBH,UAAU,EAChE,6BACAE,OAAcC,mBAAmBF,QAAM;YACzCR,KANeO,WAAAA;YAAgBP,KAASQ,QAAAA;YAO1CP,OAAOC,eAAeF,MAAMM,yBAAyBH;AACvD;;IAmCF,SAASO,mBAAmBC;QAAuC,IAAxBC,UAAiBC,UAAAC,SAAA,KAAAD,UAAA,OAAAE,YAAAF,UAAA,KAAG;QAC7D,OAAOF,UAAUC,QAAQI,SAASL,SAASA,QAAQ;AACrD;;ICDA,MAAMM,iBAAkBC,UACfjB,OAAOkB,KAAKD,QAChBE,OAAOC,YAAYH,OAAOG,OAAO,aACjCC,OAAO,CAACC,KAAKC,QAAGC,eAAAA,mBAAWF,MAAG,IAAA;QAAEC,CAACA,MAAMN,OAAOM;QAAS,CAAE;IA6CvD,MAAME,oBAAoBrB;QAA6C,KAA1CsB,UAAUC,aAA2BvB,MAAba,SAAMW,yBAAAxB,MAAAyB;QAChE,OAAO,IAAIC,gBACTd,eAAcQ,eAAA;YAAGG;WAAcV,UAC/Bc;;IAwFG,MAAMC,cACXC,YAEO,KAAIA,WAAUZ,OAAO,CAACa,KAAGC;QAAiB,KAAdZ,KAAKa,OAAID;QAC1CD,IAAIX,OAAOa;QAEX,OAAOF;OACN,CAA4B;ICrTjC,IAAIG,gBAAwC,CAAA;IAE5C,MAAMC,WAAWA,CAAChC,UAAkBC,UAAa,GAAAC,OAAQF,UAAQ,KAAAE,OAAID;IAErE,MAAMgC,2BAA2BA,CAACjC,UAAkBgC,aAAqBA,SAASE,WAAUhC,GAAAA,OAAIF;IAEhG,MAAMmC,kBAAkBA,CAACnC,UAAkBC,UACzC8B,cAAcC,SAAShC,UAAUC;IAEnC,MAAMmC,kBAAkBA,CACtBC,cACArC,UACAC,UACI8B,cAAcC,SAAShC,UAAUC,UAAUoC;IAEjD,MAAMC,qBAAqBA,CAACtC,UAAkBC,iBACrC8B,cAAcC,SAAShC,UAAUC;IAE1C,MAAMsC,OAAQC,QACZ,IAAIC,QAAcC,WAAWC,WAAWD,SAASF;IAEnD,MAAMI,mBAAoBC;QACxB,MAAMC,cAAc,IAAItB,gBAAgBqB;QACxC,MAAME,cAAmB,CAAA;QAEzBD,YAAYE,QAAQ,CAAClB,KAAKb;YACxB8B,YAAY9B,OAAOa;;QAGrB,OAAOiB;;IAGT,MAAME,sBAAsBA,CAACC,iBAAqCC;QAChEzD,OAAO0D,QAAQrB,eAAeiB,QAAQlD;YAAkB,KAAhBmB,KAAKoC,SAAMvD;YACjD,IAAIuD,UAAUH,iBAAiB;gBAC7BnB,cAAcd,OAAOkC;AACvB;;;IAIJ,MAAMG,mBAAmBA,CAACrD,OAAeD;QACvC,MAAMuD,kBAAkB7D,OAAOkB,KAAKmB,eAAeyB,KAAMvC;YACvD,IAAIA,QAAQ,wBAAwB;gBAClC,MAAMwC,iBAAiBxB,yBAAyBjC,UAAUiB;gBAC1D,MAAMyC,YAAYzC,IAAI0C,MAAM,KAAK,GAAGA,MAAM;gBAC1C,MAAMC,kBAAkB3D,MAAM0D,MAAM;gBACpC,MAAME,oBAAoBD,gBAAgBE,MAAO7C,OAAQyC,UAAUjD,SAASQ;gBAE5E,OAAOwC,kBAAkBI;AAC3B;;QAGF,OAAON,kBAAkB,OAAO;;IAGlC,MAAMQ,iBAAiBC;QAGwB,KAF7CC,OAAMC,SAAEA,SAAOC,MAAEA,MAAIC,UAAEA,UAAQC,cAAEA,cAAYC,aAAEA,aAAWC,SAAEA,UAC5DC,QAAQC,SACgC5C;QACxC,IAAI6C,UAAoC,CAAA;QAExC,IAAIC;QAGJ,IAAItC;QAEJ,OAAMrC,UAAEA,UAAQC,OAAEA,SAAUkE,QAAQ,CAAA;QAEpC;YACE,MAAMS,OAAON,cACT1B,iBAAiByB,aAAaO,QAC9BC,KAAKC,MAAMT,aAAaO;YAE5B,KAAKA,KAAKG,iBAAiBH,KAAKI,eAAe,iBAAiB;gBAC9D3C,eAAeF,gBAAgBnC,UAAUC;gBAMzC,KAAKoC,gBAAgBkC,SAAS;oBAC5B,MAAMU,qBAAqBlD,cAAc;oBAEzC,MAAMmD,gBAAgB5B,iBAAiBrD,OAAOD;oBAE9C,IAAIiF,uBAAuBC,eAAe;wBACxC7C,eAAe4C;AACjB;AACF;gBAEA,KAAK5C,cAAc;oBACjB,MAAM,IAAItC,yBAAyBC,UAAUC;AAC/C;gBAEAoE,aAAaO,OAAON,cAChBnD,kBAAiBD,eAAAA,eAAA,CAAA,GACd0D,OAAI,IAAA;oBACPG,eAAe1C;sBAEfwC,KAAKM,UAASjE,eAAAA,eAAA,CAAA,GACX0D,OAAI,IAAA;oBACPG,eAAe1C;;AAErB;YAEA,IAAI+C;YAEJ,WAAWC,oBAAoB,YAAY;gBACzCD,kBAAkB,IAAIC;gBACtBhB,aAAaiB,SAASF,gBAAgBE;AACxC;YAEA,IAAIC;YAEJ;gBACEA,iBAAiB9C,QAAQ+C,KAAK,EAC5BjD,KAAK2B,UACLuB,MAAMrB,UAAQlD,mBAAOmD;AAExB,cAAC,OAAO/E;gBAEPmF,KAAKiB,YAAY;oBACfpG,OAAOA,MAAMqG;;gBAGf;AACF;YAEA,KAAKJ,UAAU;gBAEb,IAAIH,iBAAiBA,gBAAgBQ;gBAErCnB,KAAKiB,YAAY;oBACfpG,OAAO;;gBAGT;AACF;YAEAoF,UAAUhD,YAAY6D,SAASb;YAC/BC,aAAaY,SAASZ;YAEtB,IAAIA,KAAKI,eAAe;gBAGtB,IAAIR,SAAS;oBACXxC,cAAc,0BAA0B4C,KAAKI;oBAK7C9B,oBAAoBZ,cAAcsC,KAAKI;AACzC;gBAEA3C,gBAAgBuC,KAAKI,eAAe/E,UAAUC;uBACvC0E,KAAKI;AACd,mBAAO;gBACLzC,mBAAmBtC,UAAUC;AAC/B;YAEAwE,KAAKiB,YAAY;gBACfG,IAAIN,SAASM;gBACblB;gBACAD;;AAEH,UAAC,OAAOpF;YACPmF,KAAKiB,YAAY;gBACfG,IAAI;gBACJlB,MAAM;oBACJrF,OAAOA,MAAMA;oBACbC,mBAAmBD,MAAMqG;;gBAE3BjB;;AAEJ;;IAOK;QAELoB,iBAAiB,WAAW/B;AAC9B;"}
1
+ {"version":3,"file":"auth0-spa-js.worker.development.js","sources":["../src/errors.ts","../src/utils.ts","../src/worker/token.worker.ts"],"sourcesContent":["/**\n * MFA requirements from an mfa_required error response\n */\nexport interface MfaRequirements {\n /** Required enrollment types */\n enroll?: Array<{ type: string }>;\n /** Required challenge types */\n challenge?: Array<{ type: string }>;\n}\n\n/**\n * Thrown when network requests to the Auth server fail.\n */\nexport class GenericError extends Error {\n constructor(public error: string, public error_description: string) {\n super(error_description);\n Object.setPrototypeOf(this, GenericError.prototype);\n }\n\n static fromPayload({\n error,\n error_description\n }: {\n error: string;\n error_description: string;\n }) {\n return new GenericError(error, error_description);\n }\n}\n\n/**\n * Thrown when handling the redirect callback fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class AuthenticationError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, AuthenticationError.prototype);\n }\n}\n\n/**\n * Thrown when handling the redirect callback for the connect flow fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class ConnectError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public connection: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, ConnectError.prototype);\n }\n}\n\n/**\n * Thrown when silent auth times out (usually due to a configuration issue) or\n * when network requests to the Auth server timeout.\n */\nexport class TimeoutError extends GenericError {\n constructor() {\n super('timeout', 'Timeout');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, TimeoutError.prototype);\n }\n}\n\n/**\n * Error thrown when the login popup times out (if the user does not complete auth)\n */\nexport class PopupTimeoutError extends TimeoutError {\n constructor(public popup: Window) {\n super();\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupTimeoutError.prototype);\n }\n}\n\nexport class PopupCancelledError extends GenericError {\n constructor(public popup: Window) {\n super('cancelled', 'Popup closed');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupCancelledError.prototype);\n }\n}\n\nexport class PopupOpenError extends GenericError {\n constructor() {\n super('popup_open', 'Unable to open a popup for loginWithPopup - window.open returned `null`');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupOpenError.prototype);\n }\n}\n\n/**\n * Error thrown when the token exchange results in a `mfa_required` error\n */\nexport class MfaRequiredError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public mfa_token: string,\n public mfa_requirements: MfaRequirements\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MfaRequiredError.prototype);\n }\n}\n\n/**\n * Error thrown when there is no refresh token to use\n */\nexport class MissingRefreshTokenError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_refresh_token',\n `Missing Refresh Token (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingRefreshTokenError.prototype);\n }\n}\n\n/**\n * Error thrown when there are missing scopes after refreshing a token\n */\nexport class MissingScopesError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_scopes',\n `Missing requested scopes after refresh (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', missing scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingScopesError.prototype);\n }\n}\n\n/**\n * Error thrown when the wrong DPoP nonce is used and a potential subsequent retry wasn't able to fix it.\n */\nexport class UseDpopNonceError extends GenericError {\n constructor(public newDpopNonce: string | undefined) {\n super('use_dpop_nonce', 'Server rejected DPoP proof: wrong nonce');\n\n Object.setPrototypeOf(this, UseDpopNonceError.prototype);\n }\n}\n\n/**\n * Returns an empty string when value is falsy, or when it's value is included in the exclude argument.\n * @param value The value to check\n * @param exclude An array of values that should result in an empty string.\n * @returns The value, or an empty string when falsy or included in the exclude argument.\n */\nfunction valueOrEmptyString(value: string, exclude: string[] = []) {\n return value && !exclude.includes(value) ? value : '';\n}\n","import { AuthenticationResult, PopupConfigOptions } from './global';\n\nimport {\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS\n} from './constants';\n\nimport {\n PopupTimeoutError,\n TimeoutError,\n GenericError,\n PopupCancelledError\n} from './errors';\n\nexport const parseAuthenticationResult = (\n queryString: string\n): AuthenticationResult => {\n if (queryString.indexOf('#') > -1) {\n queryString = queryString.substring(0, queryString.indexOf('#'));\n }\n\n const searchParams = new URLSearchParams(queryString);\n\n return {\n state: searchParams.get('state')!,\n code: searchParams.get('code') || undefined,\n connect_code: searchParams.get('connect_code') || undefined,\n error: searchParams.get('error') || undefined,\n error_description: searchParams.get('error_description') || undefined\n };\n};\n\nexport const runIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n) => {\n return new Promise<AuthenticationResult>((res, rej) => {\n const iframe = window.document.createElement('iframe');\n\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n let iframeEventHandler: (e: MessageEvent) => void;\n\n const timeoutSetTimeoutId = setTimeout(() => {\n rej(new TimeoutError());\n removeIframe();\n }, timeoutInSeconds * 1000);\n\n iframeEventHandler = function (e: MessageEvent) {\n if (e.origin != eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') return;\n\n const eventSource = e.source;\n\n if (eventSource) {\n (eventSource as any).close();\n }\n\n e.data.response.error\n ? rej(GenericError.fromPayload(e.data.response))\n : res(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n\n // Delay the removal of the iframe to prevent hanging loading status\n // in Chrome: https://github.com/auth0/auth0-spa-js/issues/240\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n\nexport const openPopup = (url: string) => {\n const width = 400;\n const height = 600;\n const left = window.screenX + (window.innerWidth - width) / 2;\n const top = window.screenY + (window.innerHeight - height) / 2;\n\n return window.open(\n url,\n 'auth0:authorize:popup',\n `left=${left},top=${top},width=${width},height=${height},resizable,scrollbars=yes,status=1`\n );\n};\n\nexport const runPopup = (config: PopupConfigOptions, eventOrigin: string) => {\n return new Promise<AuthenticationResult>((resolve, reject) => {\n let popupEventListener: (e: MessageEvent) => void;\n\n // Check each second if the popup is closed triggering a PopupCancelledError\n const popupTimer = setInterval(() => {\n if (config.popup && config.popup.closed) {\n clearInterval(popupTimer);\n clearTimeout(timeoutId);\n window.removeEventListener('message', popupEventListener, false);\n reject(new PopupCancelledError(config.popup));\n }\n }, 1000);\n\n const timeoutId = setTimeout(() => {\n clearInterval(popupTimer);\n reject(new PopupTimeoutError(config.popup));\n window.removeEventListener('message', popupEventListener, false);\n }, (config.timeoutInSeconds || DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) * 1000);\n\n popupEventListener = function (e: MessageEvent) {\n if (e.origin !== eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') {\n return;\n }\n\n clearTimeout(timeoutId);\n clearInterval(popupTimer);\n window.removeEventListener('message', popupEventListener, false);\n\n // Close popup automatically unless closePopup is explicitly set to false\n if (config.closePopup !== false) {\n config.popup.close();\n }\n\n if (e.data.response.error) {\n return reject(GenericError.fromPayload(e.data.response));\n }\n\n resolve(e.data.response);\n };\n\n window.addEventListener('message', popupEventListener);\n });\n};\n\nexport const getCrypto = () => {\n return window.crypto;\n};\n\nexport const createRandomString = () => {\n const charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n const validMax = 256 - (256 % charset.length);\n let random = '';\n while (random.length < 43) {\n const bytes = getCrypto().getRandomValues(new Uint8Array(43 - random.length));\n for (const byte of bytes) {\n if (random.length < 43 && byte < validMax) {\n random += charset[byte % charset.length];\n }\n }\n }\n return random;\n};\n\nexport const encode = (value: string) => btoa(value);\nexport const decode = (value: string) => atob(value);\n\nconst stripUndefined = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .reduce((acc, key) => ({ ...acc, [key]: params[key] }), {});\n};\n\nconst ALLOWED_AUTH0CLIENT_PROPERTIES = [\n {\n key: 'name',\n type: ['string']\n },\n {\n key: 'version',\n type: ['string', 'number']\n },\n {\n key: 'env',\n type: ['object']\n }\n];\n\n/**\n * Strips any property that is not present in ALLOWED_AUTH0CLIENT_PROPERTIES\n * @param auth0Client - The full auth0Client object\n * @param excludeEnv - If true, excludes the 'env' property from the result\n * @returns The stripped auth0Client object\n */\nexport const stripAuth0Client = (auth0Client: any, excludeEnv = false) => {\n return Object.keys(auth0Client).reduce((acc: any, key: string) => {\n // Exclude 'env' if requested (for /authorize query params to prevent truncation)\n if (excludeEnv && key === 'env') {\n return acc;\n }\n\n const allowedProperty = ALLOWED_AUTH0CLIENT_PROPERTIES.find(\n p => p.key === key\n );\n if (\n allowedProperty &&\n allowedProperty.type.includes(typeof auth0Client[key])\n ) {\n acc[key] = auth0Client[key];\n }\n\n return acc;\n }, {});\n};\n\nexport const createQueryParams = ({ clientId: client_id, ...params }: any) => {\n return new URLSearchParams(\n stripUndefined({ client_id, ...params })\n ).toString();\n};\n\nexport const sha256 = async (s: string) => {\n const digestOp: any = getCrypto().subtle.digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s)\n );\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map(c => {\n return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n })\n .join('')\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] | Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput)))\n );\n};\n\nexport const validateCrypto = () => {\n if (!getCrypto()) {\n throw new Error(\n 'For security reasons, `window.crypto` is required to run `auth0-spa-js`.'\n );\n }\n if (typeof getCrypto().subtle === 'undefined') {\n throw new Error(`\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n `);\n }\n};\n\n/**\n * @ignore\n */\nexport const getDomain = (domainUrl: string) => {\n if (!/^https?:\\/\\//.test(domainUrl)) {\n return `https://${domainUrl}`;\n }\n\n return domainUrl;\n};\n\n/**\n * @ignore\n */\nexport const getTokenIssuer = (\n issuer: string | undefined,\n domainUrl: string\n) => {\n if (issuer) {\n return issuer.startsWith('https://') ? issuer : `https://${issuer}/`;\n }\n\n return `${domainUrl}/`;\n};\n\nexport const parseNumber = (value: any): number | undefined => {\n if (typeof value !== 'string') {\n return value;\n }\n return parseInt(value, 10) || undefined;\n};\n\n/**\n * Ponyfill for `Object.fromEntries()`, which is not available until ES2020.\n *\n * When the target of this project reaches ES2020, this can be removed.\n */\nexport const fromEntries = <T = any>(\n iterable: Iterable<[PropertyKey, T]>\n): Record<PropertyKey, T> => {\n return [...iterable].reduce((obj, [key, val]) => {\n obj[key] = val;\n\n return obj;\n }, {} as Record<PropertyKey, T>);\n};\n","import { MissingRefreshTokenError } from '../errors';\nimport { FetchResponse } from '../global';\nimport { createQueryParams, fromEntries } from '../utils';\nimport { WorkerMessage, WorkerRefreshTokenMessage } from './worker.types';\n\nlet refreshTokens: Record<string, string> = {};\nlet allowedBaseUrl: string | null = null;\n\nconst cacheKey = (audience: string, scope: string) => `${audience}|${scope}`;\n\nconst cacheKeyContainsAudience = (audience: string, cacheKey: string) => cacheKey.startsWith(`${audience}|`);\n\nconst getRefreshToken = (audience: string, scope: string): string | undefined =>\n refreshTokens[cacheKey(audience, scope)];\n\nconst setRefreshToken = (\n refreshToken: string,\n audience: string,\n scope: string\n) => (refreshTokens[cacheKey(audience, scope)] = refreshToken);\n\nconst deleteRefreshToken = (audience: string, scope: string) =>\n delete refreshTokens[cacheKey(audience, scope)];\n\nconst wait = (time: number) =>\n new Promise<void>(resolve => setTimeout(resolve, time));\n\nconst formDataToObject = (formData: string): Record<string, any> => {\n const queryParams = new URLSearchParams(formData);\n const parsedQuery: any = {};\n\n queryParams.forEach((val, key) => {\n parsedQuery[key] = val;\n });\n\n return parsedQuery;\n};\n\nconst updateRefreshTokens = (oldRefreshToken: string | undefined, newRefreshToken: string): void => {\n Object.entries(refreshTokens).forEach(([key, token]) => {\n if (token === oldRefreshToken) {\n refreshTokens[key] = newRefreshToken;\n }\n });\n}\n\nconst checkDownscoping = (scope: string, audience: string): boolean => {\n const findCoincidence = Object.keys(refreshTokens).find((key) => {\n if (key !== 'latest_refresh_token') {\n const isSameAudience = cacheKeyContainsAudience(audience, key);\n const scopesKey = key.split('|')[1].split(\" \");\n const requestedScopes = scope.split(\" \");\n const scopesAreIncluded = requestedScopes.every((key) => scopesKey.includes(key));\n\n return isSameAudience && scopesAreIncluded;\n }\n })\n\n return findCoincidence ? true : false;\n}\n\nconst messageHandler = async ({\n data: { timeout, auth, fetchUrl, fetchOptions, useFormData, useMrrt },\n ports: [port]\n}: MessageEvent<WorkerRefreshTokenMessage>) => {\n let headers: FetchResponse['headers'] = {};\n\n let json: {\n refresh_token?: string;\n };\n let refreshToken: string | undefined;\n\n const { audience, scope } = auth || {};\n\n try {\n const body = useFormData\n ? formDataToObject(fetchOptions.body as string)\n : JSON.parse(fetchOptions.body as string);\n\n if (!body.refresh_token && body.grant_type === 'refresh_token') {\n refreshToken = getRefreshToken(audience, scope);\n\n // When we don't have any refresh_token that matches the audience and scopes\n // stored, and useMrrt is configured to true, we will use the last refresh_token\n // returned by the server to do a refresh\n // We will avoid doing MRRT if we were to downscope while doing refresh in the same audience\n if (!refreshToken && useMrrt) {\n const latestRefreshToken = refreshTokens[\"latest_refresh_token\"];\n\n const isDownscoping = checkDownscoping(scope, audience);\n\n if (latestRefreshToken && !isDownscoping) {\n refreshToken = latestRefreshToken;\n }\n }\n\n if (!refreshToken) {\n throw new MissingRefreshTokenError(audience, scope);\n }\n\n fetchOptions.body = useFormData\n ? createQueryParams({\n ...body,\n refresh_token: refreshToken\n })\n : JSON.stringify({\n ...body,\n refresh_token: refreshToken\n });\n }\n\n let abortController: AbortController | undefined;\n\n if (typeof AbortController === 'function') {\n abortController = new AbortController();\n fetchOptions.signal = abortController.signal;\n }\n\n let response: void | Response;\n\n try {\n response = await Promise.race([\n wait(timeout),\n fetch(fetchUrl, { ...fetchOptions })\n ]);\n } catch (error) {\n // fetch error, reject `sendMessage` using `error` key so that we retry.\n port.postMessage({\n error: error.message\n });\n\n return;\n }\n\n if (!response) {\n // If the request times out, abort it and let `switchFetch` raise the error.\n if (abortController) abortController.abort();\n\n port.postMessage({\n error: \"Timeout when executing 'fetch'\"\n });\n\n return;\n }\n\n headers = fromEntries(response.headers);\n json = await response.json();\n\n if (json.refresh_token) {\n // If useMrrt is configured to true we want to save the latest refresh_token\n // to be used when refreshing tokens with MRRT\n if (useMrrt) {\n refreshTokens[\"latest_refresh_token\"] = json.refresh_token;\n\n // To avoid having some refresh_token that has already been used\n // we will update those inside the list with the new one obtained\n // by the server\n updateRefreshTokens(refreshToken, json.refresh_token);\n }\n\n setRefreshToken(json.refresh_token, audience, scope);\n delete json.refresh_token;\n } else {\n deleteRefreshToken(audience, scope);\n }\n\n port.postMessage({\n ok: response.ok,\n json,\n headers\n });\n } catch (error) {\n port.postMessage({\n ok: false,\n json: {\n error: error.error,\n error_description: error.message\n },\n headers\n });\n }\n};\n\nconst isAuthorizedWorkerRequest = (\n workerRequest: WorkerRefreshTokenMessage\n) => {\n if (!allowedBaseUrl) {\n return false;\n }\n\n try {\n const allowedBaseOrigin = new URL(allowedBaseUrl).origin;\n const requestedUrl = new URL(workerRequest.fetchUrl);\n\n return (\n requestedUrl.origin === allowedBaseOrigin &&\n requestedUrl.pathname === '/oauth/token'\n );\n } catch {\n return false;\n }\n};\n\nconst messageRouter = (event: MessageEvent<WorkerMessage>) => {\n const { data, ports } = event;\n const [port] = ports;\n\n if ('type' in data && data.type === 'init') {\n if (allowedBaseUrl === null) {\n try {\n new URL(data.allowedBaseUrl);\n allowedBaseUrl = data.allowedBaseUrl;\n } catch {\n return;\n }\n }\n\n return;\n }\n\n if (\n !('fetchUrl' in data) ||\n !isAuthorizedWorkerRequest(data as WorkerRefreshTokenMessage)\n ) {\n port?.postMessage({\n ok: false,\n json: {\n error: 'invalid_fetch_url',\n error_description: 'Unauthorized fetch URL'\n },\n headers: {}\n });\n return;\n }\n\n messageHandler(event as MessageEvent<WorkerRefreshTokenMessage>);\n};\n\n// Don't run `addEventListener` in our tests (this is replaced in rollup)\nif (process.env.NODE_ENV === 'test') {\n module.exports = { messageHandler, messageRouter };\n /* c8 ignore next 4 */\n} else {\n // @ts-ignore\n addEventListener('message', messageRouter);\n}\n"],"names":["GenericError","Error","constructor","error","error_description","super","this","Object","setPrototypeOf","prototype","fromPayload","_ref","MissingRefreshTokenError","audience","scope","concat","valueOrEmptyString","value","exclude","arguments","length","undefined","includes","stripUndefined","params","keys","filter","k","reduce","acc","key","_objectSpread","createQueryParams","clientId","client_id","_objectWithoutProperties","_excluded","URLSearchParams","toString","fromEntries","iterable","obj","_ref2","val","refreshTokens","allowedBaseUrl","cacheKey","cacheKeyContainsAudience","startsWith","getRefreshToken","setRefreshToken","refreshToken","deleteRefreshToken","wait","time","Promise","resolve","setTimeout","formDataToObject","formData","queryParams","parsedQuery","forEach","updateRefreshTokens","oldRefreshToken","newRefreshToken","entries","token","checkDownscoping","findCoincidence","find","isSameAudience","scopesKey","split","requestedScopes","scopesAreIncluded","every","messageHandler","async","data","timeout","auth","fetchUrl","fetchOptions","useFormData","useMrrt","ports","port","headers","json","body","JSON","parse","refresh_token","grant_type","latestRefreshToken","isDownscoping","stringify","abortController","AbortController","signal","response","race","fetch","postMessage","message","abort","ok","isAuthorizedWorkerRequest","workerRequest","allowedBaseOrigin","URL","origin","requestedUrl","pathname","_unused","messageRouter","event","type","_unused2","addEventListener"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAaO,MAAMA,qBAAqBC;QAChCC,WAAAA,CAAmBC,OAAsBC;YACvCC,MAAMD;YAAmBE,KADRH,QAAAA;YAAaG,KAASF,oBAAAA;YAEvCG,OAAOC,eAAeF,MAAMN,aAAaS;AAC3C;QAEA,kBAAOC,CAAWC;YAMf,KANgBR,OACjBA,OAAKC,mBACLA,qBAIDO;YACC,OAAO,IAAIX,aAAaG,OAAOC;AACjC;;IAgGK,MAAMQ,iCAAiCZ;QAC5CE,WAAAA,CAAmBW,UAAyBC;YAC1CT,MACE,yBAAuBU,qCAAAA,OACcC,mBAAmBH,UAAU,EAChE,6BACAE,OAAcC,mBAAmBF,QAAM;YACzCR,KANeO,WAAAA;YAAgBP,KAASQ,QAAAA;YAO1CP,OAAOC,eAAeF,MAAMM,yBAAyBH;AACvD;;IAmCF,SAASO,mBAAmBC;QAAuC,IAAxBC,UAAiBC,UAAAC,SAAA,KAAAD,UAAA,OAAAE,YAAAF,UAAA,KAAG;QAC7D,OAAOF,UAAUC,QAAQI,SAASL,SAASA,QAAQ;AACrD;;ICDA,MAAMM,iBAAkBC,UACfjB,OAAOkB,KAAKD,QAChBE,OAAOC,YAAYH,OAAOG,OAAO,aACjCC,OAAO,CAACC,KAAKC,QAAGC,eAAAA,mBAAWF,MAAG,IAAA;QAAEC,CAACA,MAAMN,OAAOM;QAAS,CAAE;IA6CvD,MAAME,oBAAoBrB;QAA6C,KAA1CsB,UAAUC,aAA2BvB,MAAba,SAAMW,yBAAAxB,MAAAyB;QAChE,OAAO,IAAIC,gBACTd,eAAcQ,eAAA;YAAGG;WAAcV,UAC/Bc;;IAwFG,MAAMC,cACXC,YAEO,KAAIA,WAAUZ,OAAO,CAACa,KAAGC;QAAiB,KAAdZ,KAAKa,OAAID;QAC1CD,IAAIX,OAAOa;QAEX,OAAOF;OACN,CAA4B;ICrTjC,IAAIG,gBAAwC,CAAA;IAC5C,IAAIC,iBAAgC;IAEpC,MAAMC,WAAWA,CAACjC,UAAkBC,UAAa,GAAAC,OAAQF,UAAQ,KAAAE,OAAID;IAErE,MAAMiC,2BAA2BA,CAAClC,UAAkBiC,aAAqBA,SAASE,WAAUjC,GAAAA,OAAIF;IAEhG,MAAMoC,kBAAkBA,CAACpC,UAAkBC,UACzC8B,cAAcE,SAASjC,UAAUC;IAEnC,MAAMoC,kBAAkBA,CACtBC,cACAtC,UACAC,UACI8B,cAAcE,SAASjC,UAAUC,UAAUqC;IAEjD,MAAMC,qBAAqBA,CAACvC,UAAkBC,iBACrC8B,cAAcE,SAASjC,UAAUC;IAE1C,MAAMuC,OAAQC,QACZ,IAAIC,QAAcC,WAAWC,WAAWD,SAASF;IAEnD,MAAMI,mBAAoBC;QACxB,MAAMC,cAAc,IAAIvB,gBAAgBsB;QACxC,MAAME,cAAmB,CAAA;QAEzBD,YAAYE,QAAQ,CAACnB,KAAKb;YACxB+B,YAAY/B,OAAOa;;QAGrB,OAAOkB;;IAGT,MAAME,sBAAsBA,CAACC,iBAAqCC;QAChE1D,OAAO2D,QAAQtB,eAAekB,QAAQnD;YAAkB,KAAhBmB,KAAKqC,SAAMxD;YACjD,IAAIwD,UAAUH,iBAAiB;gBAC7BpB,cAAcd,OAAOmC;AACvB;;;IAIJ,MAAMG,mBAAmBA,CAACtD,OAAeD;QACvC,MAAMwD,kBAAkB9D,OAAOkB,KAAKmB,eAAe0B,KAAMxC;YACvD,IAAIA,QAAQ,wBAAwB;gBAClC,MAAMyC,iBAAiBxB,yBAAyBlC,UAAUiB;gBAC1D,MAAM0C,YAAY1C,IAAI2C,MAAM,KAAK,GAAGA,MAAM;gBAC1C,MAAMC,kBAAkB5D,MAAM2D,MAAM;gBACpC,MAAME,oBAAoBD,gBAAgBE,MAAO9C,OAAQ0C,UAAUlD,SAASQ;gBAE5E,OAAOyC,kBAAkBI;AAC3B;;QAGF,OAAON,kBAAkB,OAAO;;IAGlC,MAAMQ,iBAAiBC;QAGwB,KAF7CC,OAAMC,SAAEA,SAAOC,MAAEA,MAAIC,UAAEA,UAAQC,cAAEA,cAAYC,aAAEA,aAAWC,SAAEA,UAC5DC,QAAQC,SACgC7C;QACxC,IAAI8C,UAAoC,CAAA;QAExC,IAAIC;QAGJ,IAAItC;QAEJ,OAAMtC,UAAEA,UAAQC,OAAEA,SAAUmE,QAAQ,CAAA;QAEpC;YACE,MAAMS,OAAON,cACT1B,iBAAiByB,aAAaO,QAC9BC,KAAKC,MAAMT,aAAaO;YAE5B,KAAKA,KAAKG,iBAAiBH,KAAKI,eAAe,iBAAiB;gBAC9D3C,eAAeF,gBAAgBpC,UAAUC;gBAMzC,KAAKqC,gBAAgBkC,SAAS;oBAC5B,MAAMU,qBAAqBnD,cAAc;oBAEzC,MAAMoD,gBAAgB5B,iBAAiBtD,OAAOD;oBAE9C,IAAIkF,uBAAuBC,eAAe;wBACxC7C,eAAe4C;AACjB;AACF;gBAEA,KAAK5C,cAAc;oBACjB,MAAM,IAAIvC,yBAAyBC,UAAUC;AAC/C;gBAEAqE,aAAaO,OAAON,cAChBpD,kBAAiBD,eAAAA,eAAA,CAAA,GACd2D,OAAI,IAAA;oBACPG,eAAe1C;sBAEfwC,KAAKM,UAASlE,eAAAA,eAAA,CAAA,GACX2D,OAAI,IAAA;oBACPG,eAAe1C;;AAErB;YAEA,IAAI+C;YAEJ,WAAWC,oBAAoB,YAAY;gBACzCD,kBAAkB,IAAIC;gBACtBhB,aAAaiB,SAASF,gBAAgBE;AACxC;YAEA,IAAIC;YAEJ;gBACEA,iBAAiB9C,QAAQ+C,KAAK,EAC5BjD,KAAK2B,UACLuB,MAAMrB,UAAQnD,mBAAOoD;AAExB,cAAC,OAAOhF;gBAEPoF,KAAKiB,YAAY;oBACfrG,OAAOA,MAAMsG;;gBAGf;AACF;YAEA,KAAKJ,UAAU;gBAEb,IAAIH,iBAAiBA,gBAAgBQ;gBAErCnB,KAAKiB,YAAY;oBACfrG,OAAO;;gBAGT;AACF;YAEAqF,UAAUjD,YAAY8D,SAASb;YAC/BC,aAAaY,SAASZ;YAEtB,IAAIA,KAAKI,eAAe;gBAGtB,IAAIR,SAAS;oBACXzC,cAAc,0BAA0B6C,KAAKI;oBAK7C9B,oBAAoBZ,cAAcsC,KAAKI;AACzC;gBAEA3C,gBAAgBuC,KAAKI,eAAehF,UAAUC;uBACvC2E,KAAKI;AACd,mBAAO;gBACLzC,mBAAmBvC,UAAUC;AAC/B;YAEAyE,KAAKiB,YAAY;gBACfG,IAAIN,SAASM;gBACblB;gBACAD;;AAEH,UAAC,OAAOrF;YACPoF,KAAKiB,YAAY;gBACfG,IAAI;gBACJlB,MAAM;oBACJtF,OAAOA,MAAMA;oBACbC,mBAAmBD,MAAMsG;;gBAE3BjB;;AAEJ;;IAGF,MAAMoB,4BACJC;QAEA,KAAKhE,gBAAgB;YACnB,OAAO;AACT;QAEA;YACE,MAAMiE,oBAAoB,IAAIC,IAAIlE,gBAAgBmE;YAClD,MAAMC,eAAe,IAAIF,IAAIF,cAAc3B;YAE3C,OACE+B,aAAaD,WAAWF,qBACxBG,aAAaC,aAAa;AAE7B,UAAC,OAAAC;YACA,OAAO;AACT;;IAGF,MAAMC,gBAAiBC;QACrB,OAAMtC,MAAEA,MAAIO,OAAEA,SAAU+B;QACxB,OAAO9B,QAAQD;QAEf,IAAI,UAAUP,QAAQA,KAAKuC,SAAS,QAAQ;YAC1C,IAAIzE,mBAAmB,MAAM;gBAC3B;oBACE,IAAIkE,IAAIhC,KAAKlC;oBACbA,iBAAiBkC,KAAKlC;AACvB,kBAAC,OAAA0E;oBACA;AACF;AACF;YAEA;AACF;QAEA,MACI,cAAcxC,UACf6B,0BAA0B7B,OAC3B;YACAQ,iBAAAA,cAAI,KAAJA,KAAMiB,YAAY;gBAChBG,IAAI;gBACJlB,MAAM;oBACJtF,OAAO;oBACPC,mBAAmB;;gBAErBoF,SAAS,CAAC;;YAEZ;AACF;QAEAX,eAAewC;;IAOV;QAELG,iBAAiB,WAAWJ;AAC9B;"}
package/dist/auth0-spa-js.worker.production.js CHANGED
@@ -1,2 +1,2 @@
1
- !function(e){"function"==typeof define&&define.amd?define(e):e()}(function(){"use strict";function e(e,t,r){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var r=e[Symbol.toPrimitive];if(void 0!==r){var n=r.call(e,t||"default");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function t(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter(function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable})),r.push.apply(r,n)}return r}function r(r){for(var n=1;n<arguments.length;n++){var o=null!=arguments[n]?arguments[n]:{};n%2?t(Object(o),!0).forEach(function(t){e(r,t,o[t])}):Object.getOwnPropertyDescriptors?Object.defineProperties(r,Object.getOwnPropertyDescriptors(o)):t(Object(o)).forEach(function(e){Object.defineProperty(r,e,Object.getOwnPropertyDescriptor(o,e))})}return r}class n extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,n.prototype)}static fromPayload(e){let{error:t,error_description:r}=e;return new n(t,r)}}class o extends n{constructor(e,t){super("missing_refresh_token","Missing Refresh Token (audience: '".concat(s(e,["default"]),"', scope: '").concat(s(t),"')")),this.audience=e,this.scope=t,Object.setPrototypeOf(this,o.prototype)}}function s(e){return e&&!(arguments.length>1&&void 0!==arguments[1]?arguments[1]:[]).includes(e)?e:""}const i=["clientId"],c=e=>{let{clientId:t}=e,n=function(e,t){if(null==e)return{};var r,n,o=function(e,t){if(null==e)return{};var r={};for(var n in e)if({}.hasOwnProperty.call(e,n)){if(-1!==t.indexOf(n))continue;r[n]=e[n]}return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n<s.length;n++)r=s[n],-1===t.indexOf(r)&&{}.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}(e,i);return new URLSearchParams((e=>Object.keys(e).filter(t=>void 0!==e[t]).reduce((t,n)=>r(r({},t),{},{[n]:e[n]}),{}))(r({client_id:t},n))).toString()};let a={};const f=(e,t)=>"".concat(e,"|").concat(t);addEventListener("message",async e=>{let t,n,{data:{timeout:s,auth:i,fetchUrl:u,fetchOptions:l,useFormData:p,useMrrt:h},ports:[d]}=e,y={};const{audience:b,scope:O}=i||{};try{const e=p?(e=>{const t=new URLSearchParams(e),r={};return t.forEach((e,t)=>{r[t]=e}),r})(l.body):JSON.parse(l.body);if(!e.refresh_token&&"refresh_token"===e.grant_type){if(n=((e,t)=>a[f(e,t)])(b,O),!n&&h){const e=a.latest_refresh_token,t=((e,t)=>{const r=Object.keys(a).find(r=>{if("latest_refresh_token"!==r){const n=((e,t)=>t.startsWith("".concat(e,"|")))(t,r),o=r.split("|")[1].split(" "),s=e.split(" ").every(e=>o.includes(e));return n&&s}});return!!r})(O,b);e&&!t&&(n=e)}if(!n)throw new o(b,O);l.body=p?c(r(r({},e),{},{refresh_token:n})):JSON.stringify(r(r({},e),{},{refresh_token:n}))}let i,w;"function"==typeof AbortController&&(i=new AbortController,l.signal=i.signal);try{w=await Promise.race([(v=s,new Promise(e=>setTimeout(e,v))),fetch(u,r({},l))])}catch(e){return void d.postMessage({error:e.message})}if(!w)return i&&i.abort(),void d.postMessage({error:"Timeout when executing 'fetch'"});j=w.headers,y=[...j].reduce((e,t)=>{let[r,n]=t;return e[r]=n,e},{}),t=await w.json(),t.refresh_token?(h&&(a.latest_refresh_token=t.refresh_token,g=n,m=t.refresh_token,Object.entries(a).forEach(e=>{let[t,r]=e;r===g&&(a[t]=m)})),((e,t,r)=>{a[f(t,r)]=e})(t.refresh_token,b,O),delete t.refresh_token):((e,t)=>{delete a[f(e,t)]})(b,O),d.postMessage({ok:w.ok,json:t,headers:y})}catch(e){d.postMessage({ok:!1,json:{error:e.error,error_description:e.message},headers:y})}var g,m,j,v})});
1
+ !function(e){"function"==typeof define&&define.amd?define(e):e()}(function(){"use strict";function e(e,t,r){return(t=function(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var r=e[Symbol.toPrimitive];if(void 0!==r){var n=r.call(e,t||"default");if("object"!=typeof n)return n;throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string");return"symbol"==typeof t?t:t+""}(t))in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function t(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var n=Object.getOwnPropertySymbols(e);t&&(n=n.filter(function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable})),r.push.apply(r,n)}return r}function r(r){for(var n=1;n<arguments.length;n++){var o=null!=arguments[n]?arguments[n]:{};n%2?t(Object(o),!0).forEach(function(t){e(r,t,o[t])}):Object.getOwnPropertyDescriptors?Object.defineProperties(r,Object.getOwnPropertyDescriptors(o)):t(Object(o)).forEach(function(e){Object.defineProperty(r,e,Object.getOwnPropertyDescriptor(o,e))})}return r}class n extends Error{constructor(e,t){super(t),this.error=e,this.error_description=t,Object.setPrototypeOf(this,n.prototype)}static fromPayload(e){let{error:t,error_description:r}=e;return new n(t,r)}}class o extends n{constructor(e,t){super("missing_refresh_token","Missing Refresh Token (audience: '".concat(s(e,["default"]),"', scope: '").concat(s(t),"')")),this.audience=e,this.scope=t,Object.setPrototypeOf(this,o.prototype)}}function s(e){return e&&!(arguments.length>1&&void 0!==arguments[1]?arguments[1]:[]).includes(e)?e:""}const i=["clientId"],c=e=>{let{clientId:t}=e,n=function(e,t){if(null==e)return{};var r,n,o=function(e,t){if(null==e)return{};var r={};for(var n in e)if({}.hasOwnProperty.call(e,n)){if(-1!==t.indexOf(n))continue;r[n]=e[n]}return r}(e,t);if(Object.getOwnPropertySymbols){var s=Object.getOwnPropertySymbols(e);for(n=0;n<s.length;n++)r=s[n],-1===t.indexOf(r)&&{}.propertyIsEnumerable.call(e,r)&&(o[r]=e[r])}return o}(e,i);return new URLSearchParams((e=>Object.keys(e).filter(t=>void 0!==e[t]).reduce((t,n)=>r(r({},t),{},{[n]:e[n]}),{}))(r({client_id:t},n))).toString()};let a={},f=null;const u=(e,t)=>"".concat(e,"|").concat(t),l=async e=>{let t,n,{data:{timeout:s,auth:i,fetchUrl:f,fetchOptions:l,useFormData:p,useMrrt:h},ports:[d]}=e,y={};const{audience:b,scope:O}=i||{};try{const e=p?(e=>{const t=new URLSearchParams(e),r={};return t.forEach((e,t)=>{r[t]=e}),r})(l.body):JSON.parse(l.body);if(!e.refresh_token&&"refresh_token"===e.grant_type){if(n=((e,t)=>a[u(e,t)])(b,O),!n&&h){const e=a.latest_refresh_token,t=((e,t)=>{const r=Object.keys(a).find(r=>{if("latest_refresh_token"!==r){const n=((e,t)=>t.startsWith("".concat(e,"|")))(t,r),o=r.split("|")[1].split(" "),s=e.split(" ").every(e=>o.includes(e));return n&&s}});return!!r})(O,b);e&&!t&&(n=e)}if(!n)throw new o(b,O);l.body=p?c(r(r({},e),{},{refresh_token:n})):JSON.stringify(r(r({},e),{},{refresh_token:n}))}let i,v;"function"==typeof AbortController&&(i=new AbortController,l.signal=i.signal);try{v=await Promise.race([(j=s,new Promise(e=>setTimeout(e,j))),fetch(f,r({},l))])}catch(e){return void d.postMessage({error:e.message})}if(!v)return i&&i.abort(),void d.postMessage({error:"Timeout when executing 'fetch'"});w=v.headers,y=[...w].reduce((e,t)=>{let[r,n]=t;return e[r]=n,e},{}),t=await v.json(),t.refresh_token?(h&&(a.latest_refresh_token=t.refresh_token,g=n,m=t.refresh_token,Object.entries(a).forEach(e=>{let[t,r]=e;r===g&&(a[t]=m)})),((e,t,r)=>{a[u(t,r)]=e})(t.refresh_token,b,O),delete t.refresh_token):((e,t)=>{delete a[u(e,t)]})(b,O),d.postMessage({ok:v.ok,json:t,headers:y})}catch(e){d.postMessage({ok:!1,json:{error:e.error,error_description:e.message},headers:y})}var g,m,w,j};addEventListener("message",e=>{const{data:t,ports:r}=e,[n]=r;if("type"in t&&"init"===t.type){if(null===f)try{new URL(t.allowedBaseUrl),f=t.allowedBaseUrl}catch(e){return}}else"fetchUrl"in t&&(e=>{if(!f)return!1;try{const t=new URL(f).origin,r=new URL(e.fetchUrl);return r.origin===t&&"/oauth/token"===r.pathname}catch(e){return!1}})(t)?l(e):null==n||n.postMessage({ok:!1,json:{error:"invalid_fetch_url",error_description:"Unauthorized fetch URL"},headers:{}})})});
2
2
  //# sourceMappingURL=auth0-spa-js.worker.production.js.map
package/dist/auth0-spa-js.worker.production.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth0-spa-js.worker.production.js","sources":["../src/errors.ts","../src/utils.ts","../src/worker/token.worker.ts"],"sourcesContent":["/**\n * MFA requirements from an mfa_required error response\n */\nexport interface MfaRequirements {\n /** Required enrollment types */\n enroll?: Array<{ type: string }>;\n /** Required challenge types */\n challenge?: Array<{ type: string }>;\n}\n\n/**\n * Thrown when network requests to the Auth server fail.\n */\nexport class GenericError extends Error {\n constructor(public error: string, public error_description: string) {\n super(error_description);\n Object.setPrototypeOf(this, GenericError.prototype);\n }\n\n static fromPayload({\n error,\n error_description\n }: {\n error: string;\n error_description: string;\n }) {\n return new GenericError(error, error_description);\n }\n}\n\n/**\n * Thrown when handling the redirect callback fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class AuthenticationError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, AuthenticationError.prototype);\n }\n}\n\n/**\n * Thrown when handling the redirect callback for the connect flow fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class ConnectError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public connection: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, ConnectError.prototype);\n }\n}\n\n/**\n * Thrown when silent auth times out (usually due to a configuration issue) or\n * when network requests to the Auth server timeout.\n */\nexport class TimeoutError extends GenericError {\n constructor() {\n super('timeout', 'Timeout');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, TimeoutError.prototype);\n }\n}\n\n/**\n * Error thrown when the login popup times out (if the user does not complete auth)\n */\nexport class PopupTimeoutError extends TimeoutError {\n constructor(public popup: Window) {\n super();\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupTimeoutError.prototype);\n }\n}\n\nexport class PopupCancelledError extends GenericError {\n constructor(public popup: Window) {\n super('cancelled', 'Popup closed');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupCancelledError.prototype);\n }\n}\n\nexport class PopupOpenError extends GenericError {\n constructor() {\n super('popup_open', 'Unable to open a popup for loginWithPopup - window.open returned `null`');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupOpenError.prototype);\n }\n}\n\n/**\n * Error thrown when the token exchange results in a `mfa_required` error\n */\nexport class MfaRequiredError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public mfa_token: string,\n public mfa_requirements: MfaRequirements\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MfaRequiredError.prototype);\n }\n}\n\n/**\n * Error thrown when there is no refresh token to use\n */\nexport class MissingRefreshTokenError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_refresh_token',\n `Missing Refresh Token (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingRefreshTokenError.prototype);\n }\n}\n\n/**\n * Error thrown when there are missing scopes after refreshing a token\n */\nexport class MissingScopesError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_scopes',\n `Missing requested scopes after refresh (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', missing scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingScopesError.prototype);\n }\n}\n\n/**\n * Error thrown when the wrong DPoP nonce is used and a potential subsequent retry wasn't able to fix it.\n */\nexport class UseDpopNonceError extends GenericError {\n constructor(public newDpopNonce: string | undefined) {\n super('use_dpop_nonce', 'Server rejected DPoP proof: wrong nonce');\n\n Object.setPrototypeOf(this, UseDpopNonceError.prototype);\n }\n}\n\n/**\n * Returns an empty string when value is falsy, or when it's value is included in the exclude argument.\n * @param value The value to check\n * @param exclude An array of values that should result in an empty string.\n * @returns The value, or an empty string when falsy or included in the exclude argument.\n */\nfunction valueOrEmptyString(value: string, exclude: string[] = []) {\n return value && !exclude.includes(value) ? value : '';\n}\n","import { AuthenticationResult, PopupConfigOptions } from './global';\n\nimport {\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS\n} from './constants';\n\nimport {\n PopupTimeoutError,\n TimeoutError,\n GenericError,\n PopupCancelledError\n} from './errors';\n\nexport const parseAuthenticationResult = (\n queryString: string\n): AuthenticationResult => {\n if (queryString.indexOf('#') > -1) {\n queryString = queryString.substring(0, queryString.indexOf('#'));\n }\n\n const searchParams = new URLSearchParams(queryString);\n\n return {\n state: searchParams.get('state')!,\n code: searchParams.get('code') || undefined,\n connect_code: searchParams.get('connect_code') || undefined,\n error: searchParams.get('error') || undefined,\n error_description: searchParams.get('error_description') || undefined\n };\n};\n\nexport const runIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n) => {\n return new Promise<AuthenticationResult>((res, rej) => {\n const iframe = window.document.createElement('iframe');\n\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n let iframeEventHandler: (e: MessageEvent) => void;\n\n const timeoutSetTimeoutId = setTimeout(() => {\n rej(new TimeoutError());\n removeIframe();\n }, timeoutInSeconds * 1000);\n\n iframeEventHandler = function (e: MessageEvent) {\n if (e.origin != eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') return;\n\n const eventSource = e.source;\n\n if (eventSource) {\n (eventSource as any).close();\n }\n\n e.data.response.error\n ? rej(GenericError.fromPayload(e.data.response))\n : res(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n\n // Delay the removal of the iframe to prevent hanging loading status\n // in Chrome: https://github.com/auth0/auth0-spa-js/issues/240\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n\nexport const openPopup = (url: string) => {\n const width = 400;\n const height = 600;\n const left = window.screenX + (window.innerWidth - width) / 2;\n const top = window.screenY + (window.innerHeight - height) / 2;\n\n return window.open(\n url,\n 'auth0:authorize:popup',\n `left=${left},top=${top},width=${width},height=${height},resizable,scrollbars=yes,status=1`\n );\n};\n\nexport const runPopup = (config: PopupConfigOptions, eventOrigin: string) => {\n return new Promise<AuthenticationResult>((resolve, reject) => {\n let popupEventListener: (e: MessageEvent) => void;\n\n // Check each second if the popup is closed triggering a PopupCancelledError\n const popupTimer = setInterval(() => {\n if (config.popup && config.popup.closed) {\n clearInterval(popupTimer);\n clearTimeout(timeoutId);\n window.removeEventListener('message', popupEventListener, false);\n reject(new PopupCancelledError(config.popup));\n }\n }, 1000);\n\n const timeoutId = setTimeout(() => {\n clearInterval(popupTimer);\n reject(new PopupTimeoutError(config.popup));\n window.removeEventListener('message', popupEventListener, false);\n }, (config.timeoutInSeconds || DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) * 1000);\n\n popupEventListener = function (e: MessageEvent) {\n if (e.origin !== eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') {\n return;\n }\n\n clearTimeout(timeoutId);\n clearInterval(popupTimer);\n window.removeEventListener('message', popupEventListener, false);\n\n // Close popup automatically unless closePopup is explicitly set to false\n if (config.closePopup !== false) {\n config.popup.close();\n }\n\n if (e.data.response.error) {\n return reject(GenericError.fromPayload(e.data.response));\n }\n\n resolve(e.data.response);\n };\n\n window.addEventListener('message', popupEventListener);\n });\n};\n\nexport const getCrypto = () => {\n return window.crypto;\n};\n\nexport const createRandomString = () => {\n const charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n const validMax = 256 - (256 % charset.length);\n let random = '';\n while (random.length < 43) {\n const bytes = getCrypto().getRandomValues(new Uint8Array(43 - random.length));\n for (const byte of bytes) {\n if (random.length < 43 && byte < validMax) {\n random += charset[byte % charset.length];\n }\n }\n }\n return random;\n};\n\nexport const encode = (value: string) => btoa(value);\nexport const decode = (value: string) => atob(value);\n\nconst stripUndefined = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .reduce((acc, key) => ({ ...acc, [key]: params[key] }), {});\n};\n\nconst ALLOWED_AUTH0CLIENT_PROPERTIES = [\n {\n key: 'name',\n type: ['string']\n },\n {\n key: 'version',\n type: ['string', 'number']\n },\n {\n key: 'env',\n type: ['object']\n }\n];\n\n/**\n * Strips any property that is not present in ALLOWED_AUTH0CLIENT_PROPERTIES\n * @param auth0Client - The full auth0Client object\n * @param excludeEnv - If true, excludes the 'env' property from the result\n * @returns The stripped auth0Client object\n */\nexport const stripAuth0Client = (auth0Client: any, excludeEnv = false) => {\n return Object.keys(auth0Client).reduce((acc: any, key: string) => {\n // Exclude 'env' if requested (for /authorize query params to prevent truncation)\n if (excludeEnv && key === 'env') {\n return acc;\n }\n\n const allowedProperty = ALLOWED_AUTH0CLIENT_PROPERTIES.find(\n p => p.key === key\n );\n if (\n allowedProperty &&\n allowedProperty.type.includes(typeof auth0Client[key])\n ) {\n acc[key] = auth0Client[key];\n }\n\n return acc;\n }, {});\n};\n\nexport const createQueryParams = ({ clientId: client_id, ...params }: any) => {\n return new URLSearchParams(\n stripUndefined({ client_id, ...params })\n ).toString();\n};\n\nexport const sha256 = async (s: string) => {\n const digestOp: any = getCrypto().subtle.digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s)\n );\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map(c => {\n return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n })\n .join('')\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] | Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput)))\n );\n};\n\nexport const validateCrypto = () => {\n if (!getCrypto()) {\n throw new Error(\n 'For security reasons, `window.crypto` is required to run `auth0-spa-js`.'\n );\n }\n if (typeof getCrypto().subtle === 'undefined') {\n throw new Error(`\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n `);\n }\n};\n\n/**\n * @ignore\n */\nexport const getDomain = (domainUrl: string) => {\n if (!/^https?:\\/\\//.test(domainUrl)) {\n return `https://${domainUrl}`;\n }\n\n return domainUrl;\n};\n\n/**\n * @ignore\n */\nexport const getTokenIssuer = (\n issuer: string | undefined,\n domainUrl: string\n) => {\n if (issuer) {\n return issuer.startsWith('https://') ? issuer : `https://${issuer}/`;\n }\n\n return `${domainUrl}/`;\n};\n\nexport const parseNumber = (value: any): number | undefined => {\n if (typeof value !== 'string') {\n return value;\n }\n return parseInt(value, 10) || undefined;\n};\n\n/**\n * Ponyfill for `Object.fromEntries()`, which is not available until ES2020.\n *\n * When the target of this project reaches ES2020, this can be removed.\n */\nexport const fromEntries = <T = any>(\n iterable: Iterable<[PropertyKey, T]>\n): Record<PropertyKey, T> => {\n return [...iterable].reduce((obj, [key, val]) => {\n obj[key] = val;\n\n return obj;\n }, {} as Record<PropertyKey, T>);\n};\n","import { MissingRefreshTokenError } from '../errors';\nimport { FetchResponse } from '../global';\nimport { createQueryParams, fromEntries } from '../utils';\nimport { WorkerRefreshTokenMessage } from './worker.types';\n\nlet refreshTokens: Record<string, string> = {};\n\nconst cacheKey = (audience: string, scope: string) => `${audience}|${scope}`;\n\nconst cacheKeyContainsAudience = (audience: string, cacheKey: string) => cacheKey.startsWith(`${audience}|`);\n\nconst getRefreshToken = (audience: string, scope: string): string | undefined =>\n refreshTokens[cacheKey(audience, scope)];\n\nconst setRefreshToken = (\n refreshToken: string,\n audience: string,\n scope: string\n) => (refreshTokens[cacheKey(audience, scope)] = refreshToken);\n\nconst deleteRefreshToken = (audience: string, scope: string) =>\n delete refreshTokens[cacheKey(audience, scope)];\n\nconst wait = (time: number) =>\n new Promise<void>(resolve => setTimeout(resolve, time));\n\nconst formDataToObject = (formData: string): Record<string, any> => {\n const queryParams = new URLSearchParams(formData);\n const parsedQuery: any = {};\n\n queryParams.forEach((val, key) => {\n parsedQuery[key] = val;\n });\n\n return parsedQuery;\n};\n\nconst updateRefreshTokens = (oldRefreshToken: string | undefined, newRefreshToken: string): void => {\n Object.entries(refreshTokens).forEach(([key, token]) => {\n if (token === oldRefreshToken) {\n refreshTokens[key] = newRefreshToken;\n }\n });\n}\n\nconst checkDownscoping = (scope: string, audience: string): boolean => {\n const findCoincidence = Object.keys(refreshTokens).find((key) => {\n if (key !== 'latest_refresh_token') {\n const isSameAudience = cacheKeyContainsAudience(audience, key);\n const scopesKey = key.split('|')[1].split(\" \");\n const requestedScopes = scope.split(\" \");\n const scopesAreIncluded = requestedScopes.every((key) => scopesKey.includes(key));\n\n return isSameAudience && scopesAreIncluded;\n }\n })\n\n return findCoincidence ? true : false;\n}\n\nconst messageHandler = async ({\n data: { timeout, auth, fetchUrl, fetchOptions, useFormData, useMrrt },\n ports: [port]\n}: MessageEvent<WorkerRefreshTokenMessage>) => {\n let headers: FetchResponse['headers'] = {};\n\n let json: {\n refresh_token?: string;\n };\n let refreshToken: string | undefined;\n\n const { audience, scope } = auth || {};\n\n try {\n const body = useFormData\n ? formDataToObject(fetchOptions.body as string)\n : JSON.parse(fetchOptions.body as string);\n\n if (!body.refresh_token && body.grant_type === 'refresh_token') {\n refreshToken = getRefreshToken(audience, scope);\n\n // When we don't have any refresh_token that matches the audience and scopes\n // stored, and useMrrt is configured to true, we will use the last refresh_token\n // returned by the server to do a refresh\n // We will avoid doing MRRT if we were to downscope while doing refresh in the same audience\n if (!refreshToken && useMrrt) {\n const latestRefreshToken = refreshTokens[\"latest_refresh_token\"];\n\n const isDownscoping = checkDownscoping(scope, audience);\n\n if (latestRefreshToken && !isDownscoping) {\n refreshToken = latestRefreshToken;\n }\n }\n\n if (!refreshToken) {\n throw new MissingRefreshTokenError(audience, scope);\n }\n\n fetchOptions.body = useFormData\n ? createQueryParams({\n ...body,\n refresh_token: refreshToken\n })\n : JSON.stringify({\n ...body,\n refresh_token: refreshToken\n });\n }\n\n let abortController: AbortController | undefined;\n\n if (typeof AbortController === 'function') {\n abortController = new AbortController();\n fetchOptions.signal = abortController.signal;\n }\n\n let response: void | Response;\n\n try {\n response = await Promise.race([\n wait(timeout),\n fetch(fetchUrl, { ...fetchOptions })\n ]);\n } catch (error) {\n // fetch error, reject `sendMessage` using `error` key so that we retry.\n port.postMessage({\n error: error.message\n });\n\n return;\n }\n\n if (!response) {\n // If the request times out, abort it and let `switchFetch` raise the error.\n if (abortController) abortController.abort();\n\n port.postMessage({\n error: \"Timeout when executing 'fetch'\"\n });\n\n return;\n }\n\n headers = fromEntries(response.headers);\n json = await response.json();\n\n if (json.refresh_token) {\n // If useMrrt is configured to true we want to save the latest refresh_token\n // to be used when refreshing tokens with MRRT\n if (useMrrt) {\n refreshTokens[\"latest_refresh_token\"] = json.refresh_token;\n\n // To avoid having some refresh_token that has already been used\n // we will update those inside the list with the new one obtained\n // by the server\n updateRefreshTokens(refreshToken, json.refresh_token);\n }\n\n setRefreshToken(json.refresh_token, audience, scope);\n delete json.refresh_token;\n } else {\n deleteRefreshToken(audience, scope);\n }\n\n port.postMessage({\n ok: response.ok,\n json,\n headers\n });\n } catch (error) {\n port.postMessage({\n ok: false,\n json: {\n error: error.error,\n error_description: error.message\n },\n headers\n });\n }\n};\n\n// Don't run `addEventListener` in our tests (this is replaced in rollup)\nif (process.env.NODE_ENV === 'test') {\n module.exports = { messageHandler };\n /* c8 ignore next 4 */\n} else {\n // @ts-ignore\n addEventListener('message', messageHandler);\n}\n"],"names":["GenericError","Error","constructor","error","error_description","super","this","Object","setPrototypeOf","prototype","fromPayload","_ref","MissingRefreshTokenError","audience","scope","concat","valueOrEmptyString","value","arguments","length","undefined","includes","createQueryParams","clientId","client_id","params","_objectWithoutProperties","_excluded","URLSearchParams","keys","filter","k","reduce","acc","key","_objectSpread","stripUndefined","toString","refreshTokens","cacheKey","addEventListener","async","json","refreshToken","data","timeout","auth","fetchUrl","fetchOptions","useFormData","useMrrt","ports","port","_ref2","headers","body","formData","queryParams","parsedQuery","forEach","val","formDataToObject","JSON","parse","refresh_token","grant_type","getRefreshToken","latestRefreshToken","isDownscoping","checkDownscoping","findCoincidence","find","isSameAudience","cacheKeyContainsAudience","startsWith","scopesKey","split","scopesAreIncluded","every","stringify","abortController","response","AbortController","signal","Promise","race","time","resolve","setTimeout","fetch","postMessage","message","abort","iterable","obj","oldRefreshToken","newRefreshToken","entries","token","setRefreshToken","deleteRefreshToken","ok","updateRefreshTokens"],"mappings":"glCAaO,MAAMA,UAAqBC,MAChCC,WAAAA,CAAmBC,EAAsBC,GACvCC,MAAMD,GAAmBE,KADRH,MAAAA,EAAaG,KAASF,kBAAAA,EAEvCG,OAAOC,eAAeF,KAAMN,EAAaS,UAC3C,CAEA,kBAAOC,CAAWC,GAMf,IANgBR,MACjBA,EAAKC,kBACLA,GAIDO,EACC,OAAO,IAAIX,EAAaG,EAAOC,EACjC,EAgGK,MAAMQ,UAAiCZ,EAC5CE,WAAAA,CAAmBW,EAAyBC,GAC1CT,MACE,wBAAuBU,qCAAAA,OACcC,EAAmBH,EAAU,CAChE,2BACAE,OAAcC,EAAmBF,GAAM,OACzCR,KANeO,SAAAA,EAAgBP,KAASQ,MAAAA,EAO1CP,OAAOC,eAAeF,KAAMM,EAAyBH,UACvD,EAmCF,SAASO,EAAmBC,GAC1B,OAAOA,KADmDC,UAAAC,OAAA,QAAAC,IAAAF,UAAA,GAAAA,UAAA,GAAG,IACpCG,SAASJ,GAASA,EAAQ,EACrD,sBC+CaK,EAAoBX,IAA6C,IAA1CY,SAAUC,GAA2Bb,EAAbc,+WAAMC,CAAAf,EAAAgB,GAChE,OAAO,IAAIC,gBAjDWH,IACflB,OAAOsB,KAAKJ,GAChBK,OAAOC,QAA0B,IAAdN,EAAOM,IAC1BC,OAAO,CAACC,EAAKC,IAAGC,EAAAA,KAAWF,GAAG,GAAA,CAAEC,CAACA,GAAMT,EAAOS,KAAS,CAAE,GA+C1DE,CAAcD,EAAA,CAAGX,aAAcC,KAC/BY,YCtNJ,IAAIC,EAAwC,CAAA,EAE5C,MAAMC,EAAWA,CAAC1B,EAAkBC,IAAa,GAAAC,OAAQF,EAAQ,KAAAE,OAAID,GAqLnE0B,iBAAiB,UAhIIC,UAGwB,IAGzCC,EAGAC,GARJC,MAAMC,QAAEA,EAAOC,KAAEA,EAAIC,SAAEA,EAAQC,aAAEA,EAAYC,YAAEA,EAAWC,QAAEA,GAC5DC,OAAQC,IACgCC,EACpCC,EAAoC,CAAA,EAOxC,MAAMzC,SAAEA,EAAQC,MAAEA,GAAUgC,GAAQ,CAAA,EAEpC,IACE,MAAMS,EAAON,EAhDSO,KACxB,MAAMC,EAAc,IAAI7B,gBAAgB4B,GAClCE,EAAmB,CAAA,EAMzB,OAJAD,EAAYE,QAAQ,CAACC,EAAK1B,KACxBwB,EAAYxB,GAAO0B,IAGdF,GAyCDG,CAAiBb,EAAaO,MAC9BO,KAAKC,MAAMf,EAAaO,MAE5B,IAAKA,EAAKS,eAAqC,kBAApBT,EAAKU,WAAgC,CAO9D,GANAtB,EApEkBuB,EAACrD,EAAkBC,IACzCwB,EAAcC,EAAS1B,EAAUC,IAmEdoD,CAAgBrD,EAAUC,IAMpC6B,GAAgBO,EAAS,CAC5B,MAAMiB,EAAqB7B,EAAoC,qBAEzD8B,EA3CWC,EAACvD,EAAeD,KACvC,MAAMyD,EAAkB/D,OAAOsB,KAAKS,GAAeiC,KAAMrC,IACvD,GAAY,yBAARA,EAAgC,CAClC,MAAMsC,EAvCqBC,EAAC5D,EAAkB0B,IAAqBA,EAASmC,WAAU3D,GAAAA,OAAIF,QAuCnE4D,CAAyB5D,EAAUqB,GACpDyC,EAAYzC,EAAI0C,MAAM,KAAK,GAAGA,MAAM,KAEpCC,EADkB/D,EAAM8D,MAAM,KACME,MAAO5C,GAAQyC,EAAUtD,SAASa,IAE5E,OAAOsC,GAAkBK,CAC3B,IAGF,QAAOP,GA+BqBD,CAAiBvD,EAAOD,GAE1CsD,IAAuBC,IACzBzB,EAAewB,EAEnB,CAEA,IAAKxB,EACH,MAAM,IAAI/B,EAAyBC,EAAUC,GAG/CkC,EAAaO,KAAON,EAChB3B,EAAiBa,EAAAA,EAAA,CAAA,EACdoB,GAAI,GAAA,CACPS,cAAerB,KAEfmB,KAAKiB,UAAS5C,EAAAA,EAAA,CAAA,EACXoB,GAAI,GAAA,CACPS,cAAerB,IAErB,CAEA,IAAIqC,EAOAC,EAL2B,mBAApBC,kBACTF,EAAkB,IAAIE,gBACtBlC,EAAamC,OAASH,EAAgBG,QAKxC,IACEF,QAAiBG,QAAQC,KAAK,EAjGtBC,EAkGDzC,EAjGX,IAAIuC,QAAcG,GAAWC,WAAWD,EAASD,KAkG3CG,MAAM1C,EAAQZ,KAAOa,KAExB,CAAC,MAAO7C,GAMP,YAJAiD,EAAKsC,YAAY,CACfvF,MAAOA,EAAMwF,SAIjB,CAEA,IAAKV,EAQH,OANID,GAAiBA,EAAgBY,aAErCxC,EAAKsC,YAAY,CACfvF,MAAO,mCD0Kb0F,ECpKwBZ,EAAS3B,QAA/BA,EDsKK,IAAIuC,GAAU7D,OAAO,CAAC8D,EAAGzC,KAAiB,IAAdnB,EAAK0B,GAAIP,EAG1C,OAFAyC,EAAI5D,GAAO0B,EAEJkC,GACN,CAA4B,GCzK7BpD,QAAauC,EAASvC,OAElBA,EAAKsB,eAGHd,IACFZ,EAAoC,qBAAII,EAAKsB,cAlHxB+B,EAuHDpD,EAvHsCqD,EAuHxBtD,EAAKsB,cAtH7CzD,OAAO0F,QAAQ3D,GAAeqB,QAAQhD,IAAkB,IAAhBuB,EAAKgE,GAAMvF,EAC7CuF,IAAUH,IACZzD,EAAcJ,GAAO8D,MA1BHG,EACtBxD,EACA9B,EACAC,KACIwB,EAAcC,EAAS1B,EAAUC,IAAU6B,GA6I3CwD,CAAgBzD,EAAKsB,cAAenD,EAAUC,UACvC4B,EAAKsB,eA5ISoC,EAACvF,EAAkBC,YACrCwB,EAAcC,EAAS1B,EAAUC,KA6IpCsF,CAAmBvF,EAAUC,GAG/BsC,EAAKsC,YAAY,CACfW,GAAIpB,EAASoB,GACb3D,OACAY,WAEH,CAAC,MAAOnD,GACPiD,EAAKsC,YAAY,CACfW,IAAI,EACJ3D,KAAM,CACJvC,MAAOA,EAAMA,MACbC,kBAAmBD,EAAMwF,SAE3BrC,WAEJ,CA9I0BgD,IAACP,EAAqCC,ED+QhEH,EC7RYP"}
1
+ {"version":3,"file":"auth0-spa-js.worker.production.js","sources":["../src/errors.ts","../src/utils.ts","../src/worker/token.worker.ts"],"sourcesContent":["/**\n * MFA requirements from an mfa_required error response\n */\nexport interface MfaRequirements {\n /** Required enrollment types */\n enroll?: Array<{ type: string }>;\n /** Required challenge types */\n challenge?: Array<{ type: string }>;\n}\n\n/**\n * Thrown when network requests to the Auth server fail.\n */\nexport class GenericError extends Error {\n constructor(public error: string, public error_description: string) {\n super(error_description);\n Object.setPrototypeOf(this, GenericError.prototype);\n }\n\n static fromPayload({\n error,\n error_description\n }: {\n error: string;\n error_description: string;\n }) {\n return new GenericError(error, error_description);\n }\n}\n\n/**\n * Thrown when handling the redirect callback fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class AuthenticationError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, AuthenticationError.prototype);\n }\n}\n\n/**\n * Thrown when handling the redirect callback for the connect flow fails, will be one of Auth0's\n * Authentication API's Standard Error Responses: https://auth0.com/docs/api/authentication?javascript#standard-error-responses\n */\nexport class ConnectError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public connection: string,\n public state: string,\n public appState: any = null\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, ConnectError.prototype);\n }\n}\n\n/**\n * Thrown when silent auth times out (usually due to a configuration issue) or\n * when network requests to the Auth server timeout.\n */\nexport class TimeoutError extends GenericError {\n constructor() {\n super('timeout', 'Timeout');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, TimeoutError.prototype);\n }\n}\n\n/**\n * Error thrown when the login popup times out (if the user does not complete auth)\n */\nexport class PopupTimeoutError extends TimeoutError {\n constructor(public popup: Window) {\n super();\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupTimeoutError.prototype);\n }\n}\n\nexport class PopupCancelledError extends GenericError {\n constructor(public popup: Window) {\n super('cancelled', 'Popup closed');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupCancelledError.prototype);\n }\n}\n\nexport class PopupOpenError extends GenericError {\n constructor() {\n super('popup_open', 'Unable to open a popup for loginWithPopup - window.open returned `null`');\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, PopupOpenError.prototype);\n }\n}\n\n/**\n * Error thrown when the token exchange results in a `mfa_required` error\n */\nexport class MfaRequiredError extends GenericError {\n constructor(\n error: string,\n error_description: string,\n public mfa_token: string,\n public mfa_requirements: MfaRequirements\n ) {\n super(error, error_description);\n //https://github.com/Microsoft/TypeScript-wiki/blob/master/Breaking-Changes.md#extending-built-ins-like-error-array-and-map-may-no-longer-work\n Object.setPrototypeOf(this, MfaRequiredError.prototype);\n }\n}\n\n/**\n * Error thrown when there is no refresh token to use\n */\nexport class MissingRefreshTokenError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_refresh_token',\n `Missing Refresh Token (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingRefreshTokenError.prototype);\n }\n}\n\n/**\n * Error thrown when there are missing scopes after refreshing a token\n */\nexport class MissingScopesError extends GenericError {\n constructor(public audience: string, public scope: string) {\n super(\n 'missing_scopes',\n `Missing requested scopes after refresh (audience: '${valueOrEmptyString(audience, [\n 'default'\n ])}', missing scope: '${valueOrEmptyString(scope)}')`\n );\n Object.setPrototypeOf(this, MissingScopesError.prototype);\n }\n}\n\n/**\n * Error thrown when the wrong DPoP nonce is used and a potential subsequent retry wasn't able to fix it.\n */\nexport class UseDpopNonceError extends GenericError {\n constructor(public newDpopNonce: string | undefined) {\n super('use_dpop_nonce', 'Server rejected DPoP proof: wrong nonce');\n\n Object.setPrototypeOf(this, UseDpopNonceError.prototype);\n }\n}\n\n/**\n * Returns an empty string when value is falsy, or when it's value is included in the exclude argument.\n * @param value The value to check\n * @param exclude An array of values that should result in an empty string.\n * @returns The value, or an empty string when falsy or included in the exclude argument.\n */\nfunction valueOrEmptyString(value: string, exclude: string[] = []) {\n return value && !exclude.includes(value) ? value : '';\n}\n","import { AuthenticationResult, PopupConfigOptions } from './global';\n\nimport {\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS\n} from './constants';\n\nimport {\n PopupTimeoutError,\n TimeoutError,\n GenericError,\n PopupCancelledError\n} from './errors';\n\nexport const parseAuthenticationResult = (\n queryString: string\n): AuthenticationResult => {\n if (queryString.indexOf('#') > -1) {\n queryString = queryString.substring(0, queryString.indexOf('#'));\n }\n\n const searchParams = new URLSearchParams(queryString);\n\n return {\n state: searchParams.get('state')!,\n code: searchParams.get('code') || undefined,\n connect_code: searchParams.get('connect_code') || undefined,\n error: searchParams.get('error') || undefined,\n error_description: searchParams.get('error_description') || undefined\n };\n};\n\nexport const runIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS\n) => {\n return new Promise<AuthenticationResult>((res, rej) => {\n const iframe = window.document.createElement('iframe');\n\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n let iframeEventHandler: (e: MessageEvent) => void;\n\n const timeoutSetTimeoutId = setTimeout(() => {\n rej(new TimeoutError());\n removeIframe();\n }, timeoutInSeconds * 1000);\n\n iframeEventHandler = function (e: MessageEvent) {\n if (e.origin != eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') return;\n\n const eventSource = e.source;\n\n if (eventSource) {\n (eventSource as any).close();\n }\n\n e.data.response.error\n ? rej(GenericError.fromPayload(e.data.response))\n : res(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n\n // Delay the removal of the iframe to prevent hanging loading status\n // in Chrome: https://github.com/auth0/auth0-spa-js/issues/240\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n\nexport const openPopup = (url: string) => {\n const width = 400;\n const height = 600;\n const left = window.screenX + (window.innerWidth - width) / 2;\n const top = window.screenY + (window.innerHeight - height) / 2;\n\n return window.open(\n url,\n 'auth0:authorize:popup',\n `left=${left},top=${top},width=${width},height=${height},resizable,scrollbars=yes,status=1`\n );\n};\n\nexport const runPopup = (config: PopupConfigOptions, eventOrigin: string) => {\n return new Promise<AuthenticationResult>((resolve, reject) => {\n let popupEventListener: (e: MessageEvent) => void;\n\n // Check each second if the popup is closed triggering a PopupCancelledError\n const popupTimer = setInterval(() => {\n if (config.popup && config.popup.closed) {\n clearInterval(popupTimer);\n clearTimeout(timeoutId);\n window.removeEventListener('message', popupEventListener, false);\n reject(new PopupCancelledError(config.popup));\n }\n }, 1000);\n\n const timeoutId = setTimeout(() => {\n clearInterval(popupTimer);\n reject(new PopupTimeoutError(config.popup));\n window.removeEventListener('message', popupEventListener, false);\n }, (config.timeoutInSeconds || DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) * 1000);\n\n popupEventListener = function (e: MessageEvent) {\n if (e.origin !== eventOrigin) return;\n if (!e.data || e.data.type !== 'authorization_response') {\n return;\n }\n\n clearTimeout(timeoutId);\n clearInterval(popupTimer);\n window.removeEventListener('message', popupEventListener, false);\n\n // Close popup automatically unless closePopup is explicitly set to false\n if (config.closePopup !== false) {\n config.popup.close();\n }\n\n if (e.data.response.error) {\n return reject(GenericError.fromPayload(e.data.response));\n }\n\n resolve(e.data.response);\n };\n\n window.addEventListener('message', popupEventListener);\n });\n};\n\nexport const getCrypto = () => {\n return window.crypto;\n};\n\nexport const createRandomString = () => {\n const charset =\n '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n const validMax = 256 - (256 % charset.length);\n let random = '';\n while (random.length < 43) {\n const bytes = getCrypto().getRandomValues(new Uint8Array(43 - random.length));\n for (const byte of bytes) {\n if (random.length < 43 && byte < validMax) {\n random += charset[byte % charset.length];\n }\n }\n }\n return random;\n};\n\nexport const encode = (value: string) => btoa(value);\nexport const decode = (value: string) => atob(value);\n\nconst stripUndefined = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .reduce((acc, key) => ({ ...acc, [key]: params[key] }), {});\n};\n\nconst ALLOWED_AUTH0CLIENT_PROPERTIES = [\n {\n key: 'name',\n type: ['string']\n },\n {\n key: 'version',\n type: ['string', 'number']\n },\n {\n key: 'env',\n type: ['object']\n }\n];\n\n/**\n * Strips any property that is not present in ALLOWED_AUTH0CLIENT_PROPERTIES\n * @param auth0Client - The full auth0Client object\n * @param excludeEnv - If true, excludes the 'env' property from the result\n * @returns The stripped auth0Client object\n */\nexport const stripAuth0Client = (auth0Client: any, excludeEnv = false) => {\n return Object.keys(auth0Client).reduce((acc: any, key: string) => {\n // Exclude 'env' if requested (for /authorize query params to prevent truncation)\n if (excludeEnv && key === 'env') {\n return acc;\n }\n\n const allowedProperty = ALLOWED_AUTH0CLIENT_PROPERTIES.find(\n p => p.key === key\n );\n if (\n allowedProperty &&\n allowedProperty.type.includes(typeof auth0Client[key])\n ) {\n acc[key] = auth0Client[key];\n }\n\n return acc;\n }, {});\n};\n\nexport const createQueryParams = ({ clientId: client_id, ...params }: any) => {\n return new URLSearchParams(\n stripUndefined({ client_id, ...params })\n ).toString();\n};\n\nexport const sha256 = async (s: string) => {\n const digestOp: any = getCrypto().subtle.digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s)\n );\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map(c => {\n return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);\n })\n .join('')\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] | Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput)))\n );\n};\n\nexport const validateCrypto = () => {\n if (!getCrypto()) {\n throw new Error(\n 'For security reasons, `window.crypto` is required to run `auth0-spa-js`.'\n );\n }\n if (typeof getCrypto().subtle === 'undefined') {\n throw new Error(`\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n `);\n }\n};\n\n/**\n * @ignore\n */\nexport const getDomain = (domainUrl: string) => {\n if (!/^https?:\\/\\//.test(domainUrl)) {\n return `https://${domainUrl}`;\n }\n\n return domainUrl;\n};\n\n/**\n * @ignore\n */\nexport const getTokenIssuer = (\n issuer: string | undefined,\n domainUrl: string\n) => {\n if (issuer) {\n return issuer.startsWith('https://') ? issuer : `https://${issuer}/`;\n }\n\n return `${domainUrl}/`;\n};\n\nexport const parseNumber = (value: any): number | undefined => {\n if (typeof value !== 'string') {\n return value;\n }\n return parseInt(value, 10) || undefined;\n};\n\n/**\n * Ponyfill for `Object.fromEntries()`, which is not available until ES2020.\n *\n * When the target of this project reaches ES2020, this can be removed.\n */\nexport const fromEntries = <T = any>(\n iterable: Iterable<[PropertyKey, T]>\n): Record<PropertyKey, T> => {\n return [...iterable].reduce((obj, [key, val]) => {\n obj[key] = val;\n\n return obj;\n }, {} as Record<PropertyKey, T>);\n};\n","import { MissingRefreshTokenError } from '../errors';\nimport { FetchResponse } from '../global';\nimport { createQueryParams, fromEntries } from '../utils';\nimport { WorkerMessage, WorkerRefreshTokenMessage } from './worker.types';\n\nlet refreshTokens: Record<string, string> = {};\nlet allowedBaseUrl: string | null = null;\n\nconst cacheKey = (audience: string, scope: string) => `${audience}|${scope}`;\n\nconst cacheKeyContainsAudience = (audience: string, cacheKey: string) => cacheKey.startsWith(`${audience}|`);\n\nconst getRefreshToken = (audience: string, scope: string): string | undefined =>\n refreshTokens[cacheKey(audience, scope)];\n\nconst setRefreshToken = (\n refreshToken: string,\n audience: string,\n scope: string\n) => (refreshTokens[cacheKey(audience, scope)] = refreshToken);\n\nconst deleteRefreshToken = (audience: string, scope: string) =>\n delete refreshTokens[cacheKey(audience, scope)];\n\nconst wait = (time: number) =>\n new Promise<void>(resolve => setTimeout(resolve, time));\n\nconst formDataToObject = (formData: string): Record<string, any> => {\n const queryParams = new URLSearchParams(formData);\n const parsedQuery: any = {};\n\n queryParams.forEach((val, key) => {\n parsedQuery[key] = val;\n });\n\n return parsedQuery;\n};\n\nconst updateRefreshTokens = (oldRefreshToken: string | undefined, newRefreshToken: string): void => {\n Object.entries(refreshTokens).forEach(([key, token]) => {\n if (token === oldRefreshToken) {\n refreshTokens[key] = newRefreshToken;\n }\n });\n}\n\nconst checkDownscoping = (scope: string, audience: string): boolean => {\n const findCoincidence = Object.keys(refreshTokens).find((key) => {\n if (key !== 'latest_refresh_token') {\n const isSameAudience = cacheKeyContainsAudience(audience, key);\n const scopesKey = key.split('|')[1].split(\" \");\n const requestedScopes = scope.split(\" \");\n const scopesAreIncluded = requestedScopes.every((key) => scopesKey.includes(key));\n\n return isSameAudience && scopesAreIncluded;\n }\n })\n\n return findCoincidence ? true : false;\n}\n\nconst messageHandler = async ({\n data: { timeout, auth, fetchUrl, fetchOptions, useFormData, useMrrt },\n ports: [port]\n}: MessageEvent<WorkerRefreshTokenMessage>) => {\n let headers: FetchResponse['headers'] = {};\n\n let json: {\n refresh_token?: string;\n };\n let refreshToken: string | undefined;\n\n const { audience, scope } = auth || {};\n\n try {\n const body = useFormData\n ? formDataToObject(fetchOptions.body as string)\n : JSON.parse(fetchOptions.body as string);\n\n if (!body.refresh_token && body.grant_type === 'refresh_token') {\n refreshToken = getRefreshToken(audience, scope);\n\n // When we don't have any refresh_token that matches the audience and scopes\n // stored, and useMrrt is configured to true, we will use the last refresh_token\n // returned by the server to do a refresh\n // We will avoid doing MRRT if we were to downscope while doing refresh in the same audience\n if (!refreshToken && useMrrt) {\n const latestRefreshToken = refreshTokens[\"latest_refresh_token\"];\n\n const isDownscoping = checkDownscoping(scope, audience);\n\n if (latestRefreshToken && !isDownscoping) {\n refreshToken = latestRefreshToken;\n }\n }\n\n if (!refreshToken) {\n throw new MissingRefreshTokenError(audience, scope);\n }\n\n fetchOptions.body = useFormData\n ? createQueryParams({\n ...body,\n refresh_token: refreshToken\n })\n : JSON.stringify({\n ...body,\n refresh_token: refreshToken\n });\n }\n\n let abortController: AbortController | undefined;\n\n if (typeof AbortController === 'function') {\n abortController = new AbortController();\n fetchOptions.signal = abortController.signal;\n }\n\n let response: void | Response;\n\n try {\n response = await Promise.race([\n wait(timeout),\n fetch(fetchUrl, { ...fetchOptions })\n ]);\n } catch (error) {\n // fetch error, reject `sendMessage` using `error` key so that we retry.\n port.postMessage({\n error: error.message\n });\n\n return;\n }\n\n if (!response) {\n // If the request times out, abort it and let `switchFetch` raise the error.\n if (abortController) abortController.abort();\n\n port.postMessage({\n error: \"Timeout when executing 'fetch'\"\n });\n\n return;\n }\n\n headers = fromEntries(response.headers);\n json = await response.json();\n\n if (json.refresh_token) {\n // If useMrrt is configured to true we want to save the latest refresh_token\n // to be used when refreshing tokens with MRRT\n if (useMrrt) {\n refreshTokens[\"latest_refresh_token\"] = json.refresh_token;\n\n // To avoid having some refresh_token that has already been used\n // we will update those inside the list with the new one obtained\n // by the server\n updateRefreshTokens(refreshToken, json.refresh_token);\n }\n\n setRefreshToken(json.refresh_token, audience, scope);\n delete json.refresh_token;\n } else {\n deleteRefreshToken(audience, scope);\n }\n\n port.postMessage({\n ok: response.ok,\n json,\n headers\n });\n } catch (error) {\n port.postMessage({\n ok: false,\n json: {\n error: error.error,\n error_description: error.message\n },\n headers\n });\n }\n};\n\nconst isAuthorizedWorkerRequest = (\n workerRequest: WorkerRefreshTokenMessage\n) => {\n if (!allowedBaseUrl) {\n return false;\n }\n\n try {\n const allowedBaseOrigin = new URL(allowedBaseUrl).origin;\n const requestedUrl = new URL(workerRequest.fetchUrl);\n\n return (\n requestedUrl.origin === allowedBaseOrigin &&\n requestedUrl.pathname === '/oauth/token'\n );\n } catch {\n return false;\n }\n};\n\nconst messageRouter = (event: MessageEvent<WorkerMessage>) => {\n const { data, ports } = event;\n const [port] = ports;\n\n if ('type' in data && data.type === 'init') {\n if (allowedBaseUrl === null) {\n try {\n new URL(data.allowedBaseUrl);\n allowedBaseUrl = data.allowedBaseUrl;\n } catch {\n return;\n }\n }\n\n return;\n }\n\n if (\n !('fetchUrl' in data) ||\n !isAuthorizedWorkerRequest(data as WorkerRefreshTokenMessage)\n ) {\n port?.postMessage({\n ok: false,\n json: {\n error: 'invalid_fetch_url',\n error_description: 'Unauthorized fetch URL'\n },\n headers: {}\n });\n return;\n }\n\n messageHandler(event as MessageEvent<WorkerRefreshTokenMessage>);\n};\n\n// Don't run `addEventListener` in our tests (this is replaced in rollup)\nif (process.env.NODE_ENV === 'test') {\n module.exports = { messageHandler, messageRouter };\n /* c8 ignore next 4 */\n} else {\n // @ts-ignore\n addEventListener('message', messageRouter);\n}\n"],"names":["GenericError","Error","constructor","error","error_description","super","this","Object","setPrototypeOf","prototype","fromPayload","_ref","MissingRefreshTokenError","audience","scope","concat","valueOrEmptyString","value","arguments","length","undefined","includes","createQueryParams","clientId","client_id","params","_objectWithoutProperties","_excluded","URLSearchParams","keys","filter","k","reduce","acc","key","_objectSpread","stripUndefined","toString","refreshTokens","allowedBaseUrl","cacheKey","messageHandler","async","json","refreshToken","data","timeout","auth","fetchUrl","fetchOptions","useFormData","useMrrt","ports","port","_ref2","headers","body","formData","queryParams","parsedQuery","forEach","val","formDataToObject","JSON","parse","refresh_token","grant_type","getRefreshToken","latestRefreshToken","isDownscoping","checkDownscoping","findCoincidence","find","isSameAudience","cacheKeyContainsAudience","startsWith","scopesKey","split","scopesAreIncluded","every","stringify","abortController","response","AbortController","signal","Promise","race","time","resolve","setTimeout","fetch","postMessage","message","abort","iterable","obj","oldRefreshToken","newRefreshToken","entries","token","setRefreshToken","deleteRefreshToken","ok","updateRefreshTokens","addEventListener","event","type","URL","_unused2","workerRequest","allowedBaseOrigin","origin","requestedUrl","pathname","_unused","isAuthorizedWorkerRequest"],"mappings":"glCAaO,MAAMA,UAAqBC,MAChCC,WAAAA,CAAmBC,EAAsBC,GACvCC,MAAMD,GAAmBE,KADRH,MAAAA,EAAaG,KAASF,kBAAAA,EAEvCG,OAAOC,eAAeF,KAAMN,EAAaS,UAC3C,CAEA,kBAAOC,CAAWC,GAMf,IANgBR,MACjBA,EAAKC,kBACLA,GAIDO,EACC,OAAO,IAAIX,EAAaG,EAAOC,EACjC,EAgGK,MAAMQ,UAAiCZ,EAC5CE,WAAAA,CAAmBW,EAAyBC,GAC1CT,MACE,wBAAuBU,qCAAAA,OACcC,EAAmBH,EAAU,CAChE,2BACAE,OAAcC,EAAmBF,GAAM,OACzCR,KANeO,SAAAA,EAAgBP,KAASQ,MAAAA,EAO1CP,OAAOC,eAAeF,KAAMM,EAAyBH,UACvD,EAmCF,SAASO,EAAmBC,GAC1B,OAAOA,KADmDC,UAAAC,OAAA,QAAAC,IAAAF,UAAA,GAAAA,UAAA,GAAG,IACpCG,SAASJ,GAASA,EAAQ,EACrD,sBC+CaK,EAAoBX,IAA6C,IAA1CY,SAAUC,GAA2Bb,EAAbc,+WAAMC,CAAAf,EAAAgB,GAChE,OAAO,IAAIC,gBAjDWH,IACflB,OAAOsB,KAAKJ,GAChBK,OAAOC,QAA0B,IAAdN,EAAOM,IAC1BC,OAAO,CAACC,EAAKC,IAAGC,EAAAA,KAAWF,GAAG,GAAA,CAAEC,CAACA,GAAMT,EAAOS,KAAS,CAAE,GA+C1DE,CAAcD,EAAA,CAAGX,aAAcC,KAC/BY,YCtNJ,IAAIC,EAAwC,CAAA,EACxCC,EAAgC,KAEpC,MAAMC,EAAWA,CAAC3B,EAAkBC,IAAa,GAAAC,OAAQF,EAAQ,KAAAE,OAAID,GAqD/D2B,EAAiBC,UAGwB,IAGzCC,EAGAC,GARJC,MAAMC,QAAEA,EAAOC,KAAEA,EAAIC,SAAEA,EAAQC,aAAEA,EAAYC,YAAEA,EAAWC,QAAEA,GAC5DC,OAAQC,IACgCC,EACpCC,EAAoC,CAAA,EAOxC,MAAM1C,SAAEA,EAAQC,MAAEA,GAAUiC,GAAQ,CAAA,EAEpC,IACE,MAAMS,EAAON,EAhDSO,KACxB,MAAMC,EAAc,IAAI9B,gBAAgB6B,GAClCE,EAAmB,CAAA,EAMzB,OAJAD,EAAYE,QAAQ,CAACC,EAAK3B,KACxByB,EAAYzB,GAAO2B,IAGdF,GAyCDG,CAAiBb,EAAaO,MAC9BO,KAAKC,MAAMf,EAAaO,MAE5B,IAAKA,EAAKS,eAAqC,kBAApBT,EAAKU,WAAgC,CAO9D,GANAtB,EApEkBuB,EAACtD,EAAkBC,IACzCwB,EAAcE,EAAS3B,EAAUC,IAmEdqD,CAAgBtD,EAAUC,IAMpC8B,GAAgBO,EAAS,CAC5B,MAAMiB,EAAqB9B,EAAoC,qBAEzD+B,EA3CWC,EAACxD,EAAeD,KACvC,MAAM0D,EAAkBhE,OAAOsB,KAAKS,GAAekC,KAAMtC,IACvD,GAAY,yBAARA,EAAgC,CAClC,MAAMuC,EAvCqBC,EAAC7D,EAAkB2B,IAAqBA,EAASmC,WAAU5D,GAAAA,OAAIF,QAuCnE6D,CAAyB7D,EAAUqB,GACpD0C,EAAY1C,EAAI2C,MAAM,KAAK,GAAGA,MAAM,KAEpCC,EADkBhE,EAAM+D,MAAM,KACME,MAAO7C,GAAQ0C,EAAUvD,SAASa,IAE5E,OAAOuC,GAAkBK,CAC3B,IAGF,QAAOP,GA+BqBD,CAAiBxD,EAAOD,GAE1CuD,IAAuBC,IACzBzB,EAAewB,EAEnB,CAEA,IAAKxB,EACH,MAAM,IAAIhC,EAAyBC,EAAUC,GAG/CmC,EAAaO,KAAON,EAChB5B,EAAiBa,EAAAA,EAAA,CAAA,EACdqB,GAAI,GAAA,CACPS,cAAerB,KAEfmB,KAAKiB,UAAS7C,EAAAA,EAAA,CAAA,EACXqB,GAAI,GAAA,CACPS,cAAerB,IAErB,CAEA,IAAIqC,EAOAC,EAL2B,mBAApBC,kBACTF,EAAkB,IAAIE,gBACtBlC,EAAamC,OAASH,EAAgBG,QAKxC,IACEF,QAAiBG,QAAQC,KAAK,EAjGtBC,EAkGDzC,EAjGX,IAAIuC,QAAcG,GAAWC,WAAWD,EAASD,KAkG3CG,MAAM1C,EAAQb,KAAOc,KAExB,CAAC,MAAO9C,GAMP,YAJAkD,EAAKsC,YAAY,CACfxF,MAAOA,EAAMyF,SAIjB,CAEA,IAAKV,EAQH,OANID,GAAiBA,EAAgBY,aAErCxC,EAAKsC,YAAY,CACfxF,MAAO,mCDyKb2F,ECnKwBZ,EAAS3B,QAA/BA,EDqKK,IAAIuC,GAAU9D,OAAO,CAAC+D,EAAGzC,KAAiB,IAAdpB,EAAK2B,GAAIP,EAG1C,OAFAyC,EAAI7D,GAAO2B,EAEJkC,GACN,CAA4B,GCxK7BpD,QAAauC,EAASvC,OAElBA,EAAKsB,eAGHd,IACFb,EAAoC,qBAAIK,EAAKsB,cAlHxB+B,EAuHDpD,EAvHsCqD,EAuHxBtD,EAAKsB,cAtH7C1D,OAAO2F,QAAQ5D,GAAesB,QAAQjD,IAAkB,IAAhBuB,EAAKiE,GAAMxF,EAC7CwF,IAAUH,IACZ1D,EAAcJ,GAAO+D,MA1BHG,EACtBxD,EACA/B,EACAC,KACIwB,EAAcE,EAAS3B,EAAUC,IAAU8B,GA6I3CwD,CAAgBzD,EAAKsB,cAAepD,EAAUC,UACvC6B,EAAKsB,eA5ISoC,EAACxF,EAAkBC,YACrCwB,EAAcE,EAAS3B,EAAUC,KA6IpCuF,CAAmBxF,EAAUC,GAG/BuC,EAAKsC,YAAY,CACfW,GAAIpB,EAASoB,GACb3D,OACAY,WAEH,CAAC,MAAOpD,GACPkD,EAAKsC,YAAY,CACfW,IAAI,EACJ3D,KAAM,CACJxC,MAAOA,EAAMA,MACbC,kBAAmBD,EAAMyF,SAE3BrC,WAEJ,CA9I0BgD,IAACP,EAAqCC,ED8QhEH,EC5RYP,GA4NZiB,iBAAiB,UAzCIC,IACrB,MAAM5D,KAAEA,EAAIO,MAAEA,GAAUqD,GACjBpD,GAAQD,EAEf,GAAI,SAAUP,GAAsB,SAAdA,EAAK6D,MACzB,GAAuB,OAAnBnE,EACF,IACE,IAAIoE,IAAI9D,EAAKN,gBACbA,EAAiBM,EAAKN,cACvB,CAAC,MAAAqE,GACA,MACF,MAOA,aAAc/D,GArClBgE,KAEA,IAAKtE,EACH,OAAO,EAGT,IACE,MAAMuE,EAAoB,IAAIH,IAAIpE,GAAgBwE,OAC5CC,EAAe,IAAIL,IAAIE,EAAc7D,UAE3C,OACEgE,EAAaD,SAAWD,GACE,iBAA1BE,EAAaC,QAEhB,CAAC,MAAAC,GACA,OAAO,CACT,GAsBGC,CAA0BtE,GAa7BJ,EAAegE,GAXbpD,SAAAA,EAAMsC,YAAY,CAChBW,IAAI,EACJ3D,KAAM,CACJxC,MAAO,oBACPC,kBAAmB,0BAErBmD,QAAS,CAAC"}
package/dist/lib/auth0-spa-js.cjs.js CHANGED
@@ -160,7 +160,7 @@ AsyncGenerator.prototype["function" == typeof Symbol && Symbol.asyncIterator ||
160
160
  return this._invoke("return", e);
161
161
  };
162
162
 
163
- var version = "2.18.2";
163
+ var version = "2.18.3";
164
164
 
165
165
  const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
166
166
 
@@ -1067,7 +1067,9 @@ class WebLocksApiManager {
1067
1067
 
1068
1068
  class LegacyLockManager {
1069
1069
  constructor() {
1070
+ _defineProperty(this, "lock", void 0);
1070
1071
  _defineProperty(this, "activeLocks", new Set);
1072
+ _defineProperty(this, "pagehideHandler", void 0);
1071
1073
  this.lock = new _default;
1072
1074
  this.pagehideHandler = () => {
1073
1075
  this.activeLocks.forEach(key => this.lock.releaseLock(key));
@@ -1647,6 +1649,9 @@ class CacheKey {
1647
1649
  let suffix = arguments.length > 2 ? arguments[2] : undefined;
1648
1650
  this.prefix = prefix;
1649
1651
  this.suffix = suffix;
1652
+ _defineProperty(this, "clientId", void 0);
1653
+ _defineProperty(this, "scope", void 0);
1654
+ _defineProperty(this, "audience", void 0);
1650
1655
  this.clientId = data.clientId;
1651
1656
  this.scope = data.scope;
1652
1657
  this.audience = data.audience;
@@ -1726,6 +1731,7 @@ class CacheManager {
1726
1731
  constructor(cache, keyManifest, nowProvider) {
1727
1732
  this.cache = cache;
1728
1733
  this.keyManifest = keyManifest;
1734
+ _defineProperty(this, "nowProvider", void 0);
1729
1735
  this.nowProvider = nowProvider || DEFAULT_NOW_PROVIDER;
1730
1736
  }
1731
1737
  async setIdToken(clientId, idToken, decodedToken) {
@@ -1899,6 +1905,7 @@ class TransactionManager {
1899
1905
  this.storage = storage;
1900
1906
  this.clientId = clientId;
1901
1907
  this.cookieDomain = cookieDomain;
1908
+ _defineProperty(this, "storageKey", void 0);
1902
1909
  this.storageKey = "".concat(TRANSACTION_STORAGE_KEY_PREFIX, ".").concat(this.clientId);
1903
1910
  }
1904
1911
  create(transaction) {
@@ -2218,7 +2225,30 @@ let ResponseType = function(ResponseType) {
2218
2225
  return ResponseType;
2219
2226
  }({});
2220
2227
 
2221
- class User {}
2228
+ class User {
2229
+ constructor() {
2230
+ _defineProperty(this, "name", void 0);
2231
+ _defineProperty(this, "given_name", void 0);
2232
+ _defineProperty(this, "family_name", void 0);
2233
+ _defineProperty(this, "middle_name", void 0);
2234
+ _defineProperty(this, "nickname", void 0);
2235
+ _defineProperty(this, "preferred_username", void 0);
2236
+ _defineProperty(this, "profile", void 0);
2237
+ _defineProperty(this, "picture", void 0);
2238
+ _defineProperty(this, "website", void 0);
2239
+ _defineProperty(this, "email", void 0);
2240
+ _defineProperty(this, "email_verified", void 0);
2241
+ _defineProperty(this, "gender", void 0);
2242
+ _defineProperty(this, "birthdate", void 0);
2243
+ _defineProperty(this, "zoneinfo", void 0);
2244
+ _defineProperty(this, "locale", void 0);
2245
+ _defineProperty(this, "phone_number", void 0);
2246
+ _defineProperty(this, "phone_number_verified", void 0);
2247
+ _defineProperty(this, "address", void 0);
2248
+ _defineProperty(this, "updated_at", void 0);
2249
+ _defineProperty(this, "sub", void 0);
2250
+ }
2251
+ }
2222
2252
 
2223
2253
  function decodeBase64$1(base64, enableUnicode) {
2224
2254
  var binaryString = atob(base64);
@@ -2252,7 +2282,7 @@ function createBase64WorkerFactory(base64, sourcemapArg, enableUnicodeArg) {
2252
2282
  };
2253
2283
  }
2254
2284
 
2255
- var WorkerFactory = createBase64WorkerFactory("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwooZnVuY3Rpb24oKSB7CiAgICAidXNlIHN0cmljdCI7CiAgICBmdW5jdGlvbiBfZGVmaW5lUHJvcGVydHkoZSwgciwgdCkgewogICAgICAgIHJldHVybiAociA9IF90b1Byb3BlcnR5S2V5KHIpKSBpbiBlID8gT2JqZWN0LmRlZmluZVByb3BlcnR5KGUsIHIsIHsKICAgICAgICAgICAgdmFsdWU6IHQsCiAgICAgICAgICAgIGVudW1lcmFibGU6ICEwLAogICAgICAgICAgICBjb25maWd1cmFibGU6ICEwLAogICAgICAgICAgICB3cml0YWJsZTogITAKICAgICAgICB9KSA6IGVbcl0gPSB0LCBlOwogICAgfQogICAgZnVuY3Rpb24gb3duS2V5cyhlLCByKSB7CiAgICAgICAgdmFyIHQgPSBPYmplY3Qua2V5cyhlKTsKICAgICAgICBpZiAoT2JqZWN0LmdldE93blByb3BlcnR5U3ltYm9scykgewogICAgICAgICAgICB2YXIgbyA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7CiAgICAgICAgICAgIHIgJiYgKG8gPSBvLmZpbHRlcihmdW5jdGlvbihyKSB7CiAgICAgICAgICAgICAgICByZXR1cm4gT2JqZWN0LmdldE93blByb3BlcnR5RGVzY3JpcHRvcihlLCByKS5lbnVtZXJhYmxlOwogICAgICAgICAgICB9KSksIHQucHVzaC5hcHBseSh0LCBvKTsKICAgICAgICB9CiAgICAgICAgcmV0dXJuIHQ7CiAgICB9CiAgICBmdW5jdGlvbiBfb2JqZWN0U3ByZWFkMihlKSB7CiAgICAgICAgZm9yICh2YXIgciA9IDE7IHIgPCBhcmd1bWVudHMubGVuZ3RoOyByKyspIHsKICAgICAgICAgICAgdmFyIHQgPSBudWxsICE9IGFyZ3VtZW50c1tyXSA/IGFyZ3VtZW50c1tyXSA6IHt9OwogICAgICAgICAgICByICUgMiA/IG93bktleXMoT2JqZWN0KHQpLCAhMCkuZm9yRWFjaChmdW5jdGlvbihyKSB7CiAgICAgICAgICAgICAgICBfZGVmaW5lUHJvcGVydHkoZSwgciwgdFtyXSk7CiAgICAgICAgICAgIH0pIDogT2JqZWN0LmdldE93blByb3BlcnR5RGVzY3JpcHRvcnMgPyBPYmplY3QuZGVmaW5lUHJvcGVydGllcyhlLCBPYmplY3QuZ2V0T3duUHJvcGVydHlEZXNjcmlwdG9ycyh0KSkgOiBvd25LZXlzKE9iamVjdCh0KSkuZm9yRWFjaChmdW5jdGlvbihyKSB7CiAgICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoZSwgciwgT2JqZWN0LmdldE93blByb3BlcnR5RGVzY3JpcHRvcih0LCByKSk7CiAgICAgICAgICAgIH0pOwogICAgICAgIH0KICAgICAgICByZXR1cm4gZTsKICAgIH0KICAgIGZ1bmN0aW9uIF9vYmplY3RXaXRob3V0UHJvcGVydGllcyhlLCB0KSB7CiAgICAgICAgaWYgKG51bGwgPT0gZSkgcmV0dXJuIHt9OwogICAgICAgIHZhciBvLCByLCBpID0gX29iamVjdFdpdGhvdXRQcm9wZXJ0aWVzTG9vc2UoZSwgdCk7CiAgICAgICAgaWYgKE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMpIHsKICAgICAgICAgICAgdmFyIG4gPSBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKGUpOwogICAgICAgICAgICBmb3IgKHIgPSAwOyByIDwgbi5sZW5ndGg7IHIrKykgbyA9IG5bcl0sIC0xID09PSB0LmluZGV4T2YobykgJiYge30ucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLCBvKSAmJiAoaVtvXSA9IGVbb10pOwogICAgICAgIH0KICAgICAgICByZXR1cm4gaTsKICAgIH0KICAgIGZ1bmN0aW9uIF9vYmplY3RXaXRob3V0UHJvcGVydGllc0xvb3NlKHIsIGUpIHsKICAgICAgICBpZiAobnVsbCA9PSByKSByZXR1cm4ge307CiAgICAgICAgdmFyIHQgPSB7fTsKICAgICAgICBmb3IgKHZhciBuIGluIHIpIGlmICh7fS5oYXNPd25Qcm9wZXJ0eS5jYWxsKHIsIG4pKSB7CiAgICAgICAgICAgIGlmICgtMSAhPT0gZS5pbmRleE9mKG4pKSBjb250aW51ZTsKICAgICAgICAgICAgdFtuXSA9IHJbbl07CiAgICAgICAgfQogICAgICAgIHJldHVybiB0OwogICAgfQogICAgZnVuY3Rpb24gX3RvUHJpbWl0aXZlKHQsIHIpIHsKICAgICAgICBpZiAoIm9iamVjdCIgIT0gdHlwZW9mIHQgfHwgIXQpIHJldHVybiB0OwogICAgICAgIHZhciBlID0gdFtTeW1ib2wudG9QcmltaXRpdmVdOwogICAgICAgIGlmICh2b2lkIDAgIT09IGUpIHsKICAgICAgICAgICAgdmFyIGkgPSBlLmNhbGwodCwgciB8fCAiZGVmYXVsdCIpOwogICAgICAgICAgICBpZiAoIm9iamVjdCIgIT0gdHlwZW9mIGkpIHJldHVybiBpOwogICAgICAgICAgICB0aHJvdyBuZXcgVHlwZUVycm9yKCJAQHRvUHJpbWl0aXZlIG11c3QgcmV0dXJuIGEgcHJpbWl0aXZlIHZhbHVlLiIpOwogICAgICAgIH0KICAgICAgICByZXR1cm4gKCJzdHJpbmciID09PSByID8gU3RyaW5nIDogTnVtYmVyKSh0KTsKICAgIH0KICAgIGZ1bmN0aW9uIF90b1Byb3BlcnR5S2V5KHQpIHsKICAgICAgICB2YXIgaSA9IF90b1ByaW1pdGl2ZSh0LCAic3RyaW5nIik7CiAgICAgICAgcmV0dXJuICJzeW1ib2wiID09IHR5cGVvZiBpID8gaSA6IGkgKyAiIjsKICAgIH0KICAgIGNsYXNzIEdlbmVyaWNFcnJvciBleHRlbmRzIEVycm9yIHsKICAgICAgICBjb25zdHJ1Y3RvcihlcnJvciwgZXJyb3JfZGVzY3JpcHRpb24pIHsKICAgICAgICAgICAgc3VwZXIoZXJyb3JfZGVzY3JpcHRpb24pOwogICAgICAgICAgICB0aGlzLmVycm9yID0gZXJyb3I7CiAgICAgICAgICAgIHRoaXMuZXJyb3JfZGVzY3JpcHRpb24gPSBlcnJvcl9kZXNjcmlwdGlvbjsKICAgICAgICAgICAgT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsIEdlbmVyaWNFcnJvci5wcm90b3R5cGUpOwogICAgICAgIH0KICAgICAgICBzdGF0aWMgZnJvbVBheWxvYWQoX3JlZikgewogICAgICAgICAgICBsZXQge2Vycm9yOiBlcnJvciwgZXJyb3JfZGVzY3JpcHRpb246IGVycm9yX2Rlc2NyaXB0aW9ufSA9IF9yZWY7CiAgICAgICAgICAgIHJldHVybiBuZXcgR2VuZXJpY0Vycm9yKGVycm9yLCBlcnJvcl9kZXNjcmlwdGlvbik7CiAgICAgICAgfQogICAgfQogICAgY2xhc3MgTWlzc2luZ1JlZnJlc2hUb2tlbkVycm9yIGV4dGVuZHMgR2VuZXJpY0Vycm9yIHsKICAgICAgICBjb25zdHJ1Y3RvcihhdWRpZW5jZSwgc2NvcGUpIHsKICAgICAgICAgICAgc3VwZXIoIm1pc3NpbmdfcmVmcmVzaF90b2tlbiIsICJNaXNzaW5nIFJlZnJlc2ggVG9rZW4gKGF1ZGllbmNlOiAnIi5jb25jYXQodmFsdWVPckVtcHR5U3RyaW5nKGF1ZGllbmNlLCBbICJkZWZhdWx0IiBdKSwgIicsIHNjb3BlOiAnIikuY29uY2F0KHZhbHVlT3JFbXB0eVN0cmluZyhzY29wZSksICInKSIpKTsKICAgICAgICAgICAgdGhpcy5hdWRpZW5jZSA9IGF1ZGllbmNlOwogICAgICAgICAgICB0aGlzLnNjb3BlID0gc2NvcGU7CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICB9CiAgICBmdW5jdGlvbiB2YWx1ZU9yRW1wdHlTdHJpbmcodmFsdWUpIHsKICAgICAgICBsZXQgZXhjbHVkZSA9IGFyZ3VtZW50cy5sZW5ndGggPiAxICYmIGFyZ3VtZW50c1sxXSAhPT0gdW5kZWZpbmVkID8gYXJndW1lbnRzWzFdIDogW107CiAgICAgICAgcmV0dXJuIHZhbHVlICYmICFleGNsdWRlLmluY2x1ZGVzKHZhbHVlKSA/IHZhbHVlIDogIiI7CiAgICB9CiAgICBjb25zdCBfZXhjbHVkZWQgPSBbICJjbGllbnRJZCIgXTsKICAgIGNvbnN0IHN0cmlwVW5kZWZpbmVkID0gcGFyYW1zID0+IE9iamVjdC5rZXlzKHBhcmFtcykuZmlsdGVyKGsgPT4gdHlwZW9mIHBhcmFtc1trXSAhPT0gInVuZGVmaW5lZCIpLnJlZHVjZSgoYWNjLCBrZXkpID0+IF9vYmplY3RTcHJlYWQyKF9vYmplY3RTcHJlYWQyKHt9LCBhY2MpLCB7fSwgewogICAgICAgIFtrZXldOiBwYXJhbXNba2V5XQogICAgfSksIHt9KTsKICAgIGNvbnN0IGNyZWF0ZVF1ZXJ5UGFyYW1zID0gX3JlZiA9PiB7CiAgICAgICAgbGV0IHtjbGllbnRJZDogY2xpZW50X2lkfSA9IF9yZWYsIHBhcmFtcyA9IF9vYmplY3RXaXRob3V0UHJvcGVydGllcyhfcmVmLCBfZXhjbHVkZWQpOwogICAgICAgIHJldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKHN0cmlwVW5kZWZpbmVkKF9vYmplY3RTcHJlYWQyKHsKICAgICAgICAgICAgY2xpZW50X2lkOiBjbGllbnRfaWQKICAgICAgICB9LCBwYXJhbXMpKSkudG9TdHJpbmcoKTsKICAgIH07CiAgICBjb25zdCBmcm9tRW50cmllcyA9IGl0ZXJhYmxlID0+IFsgLi4uaXRlcmFibGUgXS5yZWR1Y2UoKG9iaiwgX3JlZjIpID0+IHsKICAgICAgICBsZXQgW2tleSwgdmFsXSA9IF9yZWYyOwogICAgICAgIG9ialtrZXldID0gdmFsOwogICAgICAgIHJldHVybiBvYmo7CiAgICB9LCB7fSk7CiAgICBsZXQgcmVmcmVzaFRva2VucyA9IHt9OwogICAgY29uc3QgY2FjaGVLZXkgPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiAiIi5jb25jYXQoYXVkaWVuY2UsICJ8IikuY29uY2F0KHNjb3BlKTsKICAgIGNvbnN0IGNhY2hlS2V5Q29udGFpbnNBdWRpZW5jZSA9IChhdWRpZW5jZSwgY2FjaGVLZXkpID0+IGNhY2hlS2V5LnN0YXJ0c1dpdGgoIiIuY29uY2F0KGF1ZGllbmNlLCAifCIpKTsKICAgIGNvbnN0IGdldFJlZnJlc2hUb2tlbiA9IChhdWRpZW5jZSwgc2NvcGUpID0+IHJlZnJlc2hUb2tlbnNbY2FjaGVLZXkoYXVkaWVuY2UsIHNjb3BlKV07CiAgICBjb25zdCBzZXRSZWZyZXNoVG9rZW4gPSAocmVmcmVzaFRva2VuLCBhdWRpZW5jZSwgc2NvcGUpID0+IHJlZnJlc2hUb2tlbnNbY2FjaGVLZXkoYXVkaWVuY2UsIHNjb3BlKV0gPSByZWZyZXNoVG9rZW47CiAgICBjb25zdCBkZWxldGVSZWZyZXNoVG9rZW4gPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiBkZWxldGUgcmVmcmVzaFRva2Vuc1tjYWNoZUtleShhdWRpZW5jZSwgc2NvcGUpXTsKICAgIGNvbnN0IHdhaXQgPSB0aW1lID0+IG5ldyBQcm9taXNlKHJlc29sdmUgPT4gc2V0VGltZW91dChyZXNvbHZlLCB0aW1lKSk7CiAgICBjb25zdCBmb3JtRGF0YVRvT2JqZWN0ID0gZm9ybURhdGEgPT4gewogICAgICAgIGNvbnN0IHF1ZXJ5UGFyYW1zID0gbmV3IFVSTFNlYXJjaFBhcmFtcyhmb3JtRGF0YSk7CiAgICAgICAgY29uc3QgcGFyc2VkUXVlcnkgPSB7fTsKICAgICAgICBxdWVyeVBhcmFtcy5mb3JFYWNoKCh2YWwsIGtleSkgPT4gewogICAgICAgICAgICBwYXJzZWRRdWVyeVtrZXldID0gdmFsOwogICAgICAgIH0pOwogICAgICAgIHJldHVybiBwYXJzZWRRdWVyeTsKICAgIH07CiAgICBjb25zdCB1cGRhdGVSZWZyZXNoVG9rZW5zID0gKG9sZFJlZnJlc2hUb2tlbiwgbmV3UmVmcmVzaFRva2VuKSA9PiB7CiAgICAgICAgT2JqZWN0LmVudHJpZXMocmVmcmVzaFRva2VucykuZm9yRWFjaChfcmVmID0+IHsKICAgICAgICAgICAgbGV0IFtrZXksIHRva2VuXSA9IF9yZWY7CiAgICAgICAgICAgIGlmICh0b2tlbiA9PT0gb2xkUmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW5zW2tleV0gPSBuZXdSZWZyZXNoVG9rZW47CiAgICAgICAgICAgIH0KICAgICAgICB9KTsKICAgIH07CiAgICBjb25zdCBjaGVja0Rvd25zY29waW5nID0gKHNjb3BlLCBhdWRpZW5jZSkgPT4gewogICAgICAgIGNvbnN0IGZpbmRDb2luY2lkZW5jZSA9IE9iamVjdC5rZXlzKHJlZnJlc2hUb2tlbnMpLmZpbmQoa2V5ID0+IHsKICAgICAgICAgICAgaWYgKGtleSAhPT0gImxhdGVzdF9yZWZyZXNoX3Rva2VuIikgewogICAgICAgICAgICAgICAgY29uc3QgaXNTYW1lQXVkaWVuY2UgPSBjYWNoZUtleUNvbnRhaW5zQXVkaWVuY2UoYXVkaWVuY2UsIGtleSk7CiAgICAgICAgICAgICAgICBjb25zdCBzY29wZXNLZXkgPSBrZXkuc3BsaXQoInwiKVsxXS5zcGxpdCgiICIpOwogICAgICAgICAgICAgICAgY29uc3QgcmVxdWVzdGVkU2NvcGVzID0gc2NvcGUuc3BsaXQoIiAiKTsKICAgICAgICAgICAgICAgIGNvbnN0IHNjb3Blc0FyZUluY2x1ZGVkID0gcmVxdWVzdGVkU2NvcGVzLmV2ZXJ5KGtleSA9PiBzY29wZXNLZXkuaW5jbHVkZXMoa2V5KSk7CiAgICAgICAgICAgICAgICByZXR1cm4gaXNTYW1lQXVkaWVuY2UgJiYgc2NvcGVzQXJlSW5jbHVkZWQ7CiAgICAgICAgICAgIH0KICAgICAgICB9KTsKICAgICAgICByZXR1cm4gZmluZENvaW5jaWRlbmNlID8gdHJ1ZSA6IGZhbHNlOwogICAgfTsKICAgIGNvbnN0IG1lc3NhZ2VIYW5kbGVyID0gYXN5bmMgX3JlZjIgPT4gewogICAgICAgIGxldCB7ZGF0YToge3RpbWVvdXQ6IHRpbWVvdXQsIGF1dGg6IGF1dGgsIGZldGNoVXJsOiBmZXRjaFVybCwgZmV0Y2hPcHRpb25zOiBmZXRjaE9wdGlvbnMsIHVzZUZvcm1EYXRhOiB1c2VGb3JtRGF0YSwgdXNlTXJydDogdXNlTXJydH0sIHBvcnRzOiBbcG9ydF19ID0gX3JlZjI7CiAgICAgICAgbGV0IGhlYWRlcnMgPSB7fTsKICAgICAgICBsZXQganNvbjsKICAgICAgICBsZXQgcmVmcmVzaFRva2VuOwogICAgICAgIGNvbnN0IHthdWRpZW5jZTogYXVkaWVuY2UsIHNjb3BlOiBzY29wZX0gPSBhdXRoIHx8IHt9OwogICAgICAgIHRyeSB7CiAgICAgICAgICAgIGNvbnN0IGJvZHkgPSB1c2VGb3JtRGF0YSA/IGZvcm1EYXRhVG9PYmplY3QoZmV0Y2hPcHRpb25zLmJvZHkpIDogSlNPTi5wYXJzZShmZXRjaE9wdGlvbnMuYm9keSk7CiAgICAgICAgICAgIGlmICghYm9keS5yZWZyZXNoX3Rva2VuICYmIGJvZHkuZ3JhbnRfdHlwZSA9PT0gInJlZnJlc2hfdG9rZW4iKSB7CiAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW4gPSBnZXRSZWZyZXNoVG9rZW4oYXVkaWVuY2UsIHNjb3BlKTsKICAgICAgICAgICAgICAgIGlmICghcmVmcmVzaFRva2VuICYmIHVzZU1ycnQpIHsKICAgICAgICAgICAgICAgICAgICBjb25zdCBsYXRlc3RSZWZyZXNoVG9rZW4gPSByZWZyZXNoVG9rZW5zWyJsYXRlc3RfcmVmcmVzaF90b2tlbiJdOwogICAgICAgICAgICAgICAgICAgIGNvbnN0IGlzRG93bnNjb3BpbmcgPSBjaGVja0Rvd25zY29waW5nKHNjb3BlLCBhdWRpZW5jZSk7CiAgICAgICAgICAgICAgICAgICAgaWYgKGxhdGVzdFJlZnJlc2hUb2tlbiAmJiAhaXNEb3duc2NvcGluZykgewogICAgICAgICAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW4gPSBsYXRlc3RSZWZyZXNoVG9rZW47CiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgaWYgKCFyZWZyZXNoVG9rZW4pIHsKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTWlzc2luZ1JlZnJlc2hUb2tlbkVycm9yKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmZXRjaE9wdGlvbnMuYm9keSA9IHVzZUZvcm1EYXRhID8gY3JlYXRlUXVlcnlQYXJhbXMoX29iamVjdFNwcmVhZDIoX29iamVjdFNwcmVhZDIoe30sIGJvZHkpLCB7fSwgewogICAgICAgICAgICAgICAgICAgIHJlZnJlc2hfdG9rZW46IHJlZnJlc2hUb2tlbgogICAgICAgICAgICAgICAgfSkpIDogSlNPTi5zdHJpbmdpZnkoX29iamVjdFNwcmVhZDIoX29iamVjdFNwcmVhZDIoe30sIGJvZHkpLCB7fSwgewogICAgICAgICAgICAgICAgICAgIHJlZnJlc2hfdG9rZW46IHJlZnJlc2hUb2tlbgogICAgICAgICAgICAgICAgfSkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGxldCBhYm9ydENvbnRyb2xsZXI7CiAgICAgICAgICAgIGlmICh0eXBlb2YgQWJvcnRDb250cm9sbGVyID09PSAiZnVuY3Rpb24iKSB7CiAgICAgICAgICAgICAgICBhYm9ydENvbnRyb2xsZXIgPSBuZXcgQWJvcnRDb250cm9sbGVyOwogICAgICAgICAgICAgICAgZmV0Y2hPcHRpb25zLnNpZ25hbCA9IGFib3J0Q29udHJvbGxlci5zaWduYWw7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgbGV0IHJlc3BvbnNlOwogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgcmVzcG9uc2UgPSBhd2FpdCBQcm9taXNlLnJhY2UoWyB3YWl0KHRpbWVvdXQpLCBmZXRjaChmZXRjaFVybCwgX29iamVjdFNwcmVhZDIoe30sIGZldGNoT3B0aW9ucykpIF0pOwogICAgICAgICAgICB9IGNhdGNoIChlcnJvcikgewogICAgICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6IGVycm9yLm1lc3NhZ2UKICAgICAgICAgICAgICAgIH0pOwogICAgICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGlmICghcmVzcG9uc2UpIHsKICAgICAgICAgICAgICAgIGlmIChhYm9ydENvbnRyb2xsZXIpIGFib3J0Q29udHJvbGxlci5hYm9ydCgpOwogICAgICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6ICJUaW1lb3V0IHdoZW4gZXhlY3V0aW5nICdmZXRjaCciCiAgICAgICAgICAgICAgICB9KTsKICAgICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgICAgfQogICAgICAgICAgICBoZWFkZXJzID0gZnJvbUVudHJpZXMocmVzcG9uc2UuaGVhZGVycyk7CiAgICAgICAgICAgIGpzb24gPSBhd2FpdCByZXNwb25zZS5qc29uKCk7CiAgICAgICAgICAgIGlmIChqc29uLnJlZnJlc2hfdG9rZW4pIHsKICAgICAgICAgICAgICAgIGlmICh1c2VNcnJ0KSB7CiAgICAgICAgICAgICAgICAgICAgcmVmcmVzaFRva2Vuc1sibGF0ZXN0X3JlZnJlc2hfdG9rZW4iXSA9IGpzb24ucmVmcmVzaF90b2tlbjsKICAgICAgICAgICAgICAgICAgICB1cGRhdGVSZWZyZXNoVG9rZW5zKHJlZnJlc2hUb2tlbiwganNvbi5yZWZyZXNoX3Rva2VuKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIHNldFJlZnJlc2hUb2tlbihqc29uLnJlZnJlc2hfdG9rZW4sIGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBkZWxldGUganNvbi5yZWZyZXNoX3Rva2VuOwogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgZGVsZXRlUmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICBvazogcmVzcG9uc2Uub2ssCiAgICAgICAgICAgICAgICBqc29uOiBqc29uLAogICAgICAgICAgICAgICAgaGVhZGVyczogaGVhZGVycwogICAgICAgICAgICB9KTsKICAgICAgICB9IGNhdGNoIChlcnJvcikgewogICAgICAgICAgICBwb3J0LnBvc3RNZXNzYWdlKHsKICAgICAgICAgICAgICAgIG9rOiBmYWxzZSwKICAgICAgICAgICAgICAgIGpzb246IHsKICAgICAgICAgICAgICAgICAgICBlcnJvcjogZXJyb3IuZXJyb3IsCiAgICAgICAgICAgICAgICAgICAgZXJyb3JfZGVzY3JpcHRpb246IGVycm9yLm1lc3NhZ2UKICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICBoZWFkZXJzOiBoZWFkZXJzCiAgICAgICAgICAgIH0pOwogICAgICAgIH0KICAgIH07CiAgICB7CiAgICAgICAgYWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsIG1lc3NhZ2VIYW5kbGVyKTsKICAgIH0KfSkoKTsKCg==", null, false);
2285
+ var WorkerFactory = createBase64WorkerFactory("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwooZnVuY3Rpb24oKSB7CiAgICAidXNlIHN0cmljdCI7CiAgICBmdW5jdGlvbiBfZGVmaW5lUHJvcGVydHkoZSwgciwgdCkgewogICAgICAgIHJldHVybiAociA9IF90b1Byb3BlcnR5S2V5KHIpKSBpbiBlID8gT2JqZWN0LmRlZmluZVByb3BlcnR5KGUsIHIsIHsKICAgICAgICAgICAgdmFsdWU6IHQsCiAgICAgICAgICAgIGVudW1lcmFibGU6ICEwLAogICAgICAgICAgICBjb25maWd1cmFibGU6ICEwLAogICAgICAgICAgICB3cml0YWJsZTogITAKICAgICAgICB9KSA6IGVbcl0gPSB0LCBlOwogICAgfQogICAgZnVuY3Rpb24gb3duS2V5cyhlLCByKSB7CiAgICAgICAgdmFyIHQgPSBPYmplY3Qua2V5cyhlKTsKICAgICAgICBpZiAoT2JqZWN0LmdldE93blByb3BlcnR5U3ltYm9scykgewogICAgICAgICAgICB2YXIgbyA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7CiAgICAgICAgICAgIHIgJiYgKG8gPSBvLmZpbHRlcihmdW5jdGlvbihyKSB7CiAgICAgICAgICAgICAgICByZXR1cm4gT2JqZWN0LmdldE93blByb3BlcnR5RGVzY3JpcHRvcihlLCByKS5lbnVtZXJhYmxlOwogICAgICAgICAgICB9KSksIHQucHVzaC5hcHBseSh0LCBvKTsKICAgICAgICB9CiAgICAgICAgcmV0dXJuIHQ7CiAgICB9CiAgICBmdW5jdGlvbiBfb2JqZWN0U3ByZWFkMihlKSB7CiAgICAgICAgZm9yICh2YXIgciA9IDE7IHIgPCBhcmd1bWVudHMubGVuZ3RoOyByKyspIHsKICAgICAgICAgICAgdmFyIHQgPSBudWxsICE9IGFyZ3VtZW50c1tyXSA/IGFyZ3VtZW50c1tyXSA6IHt9OwogICAgICAgICAgICByICUgMiA/IG93bktleXMoT2JqZWN0KHQpLCAhMCkuZm9yRWFjaChmdW5jdGlvbihyKSB7CiAgICAgICAgICAgICAgICBfZGVmaW5lUHJvcGVydHkoZSwgciwgdFtyXSk7CiAgICAgICAgICAgIH0pIDogT2JqZWN0LmdldE93blByb3BlcnR5RGVzY3JpcHRvcnMgPyBPYmplY3QuZGVmaW5lUHJvcGVydGllcyhlLCBPYmplY3QuZ2V0T3duUHJvcGVydHlEZXNjcmlwdG9ycyh0KSkgOiBvd25LZXlzKE9iamVjdCh0KSkuZm9yRWFjaChmdW5jdGlvbihyKSB7CiAgICAgICAgICAgICAgICBPYmplY3QuZGVmaW5lUHJvcGVydHkoZSwgciwgT2JqZWN0LmdldE93blByb3BlcnR5RGVzY3JpcHRvcih0LCByKSk7CiAgICAgICAgICAgIH0pOwogICAgICAgIH0KICAgICAgICByZXR1cm4gZTsKICAgIH0KICAgIGZ1bmN0aW9uIF9vYmplY3RXaXRob3V0UHJvcGVydGllcyhlLCB0KSB7CiAgICAgICAgaWYgKG51bGwgPT0gZSkgcmV0dXJuIHt9OwogICAgICAgIHZhciBvLCByLCBpID0gX29iamVjdFdpdGhvdXRQcm9wZXJ0aWVzTG9vc2UoZSwgdCk7CiAgICAgICAgaWYgKE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMpIHsKICAgICAgICAgICAgdmFyIG4gPSBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKGUpOwogICAgICAgICAgICBmb3IgKHIgPSAwOyByIDwgbi5sZW5ndGg7IHIrKykgbyA9IG5bcl0sIC0xID09PSB0LmluZGV4T2YobykgJiYge30ucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLCBvKSAmJiAoaVtvXSA9IGVbb10pOwogICAgICAgIH0KICAgICAgICByZXR1cm4gaTsKICAgIH0KICAgIGZ1bmN0aW9uIF9vYmplY3RXaXRob3V0UHJvcGVydGllc0xvb3NlKHIsIGUpIHsKICAgICAgICBpZiAobnVsbCA9PSByKSByZXR1cm4ge307CiAgICAgICAgdmFyIHQgPSB7fTsKICAgICAgICBmb3IgKHZhciBuIGluIHIpIGlmICh7fS5oYXNPd25Qcm9wZXJ0eS5jYWxsKHIsIG4pKSB7CiAgICAgICAgICAgIGlmICgtMSAhPT0gZS5pbmRleE9mKG4pKSBjb250aW51ZTsKICAgICAgICAgICAgdFtuXSA9IHJbbl07CiAgICAgICAgfQogICAgICAgIHJldHVybiB0OwogICAgfQogICAgZnVuY3Rpb24gX3RvUHJpbWl0aXZlKHQsIHIpIHsKICAgICAgICBpZiAoIm9iamVjdCIgIT0gdHlwZW9mIHQgfHwgIXQpIHJldHVybiB0OwogICAgICAgIHZhciBlID0gdFtTeW1ib2wudG9QcmltaXRpdmVdOwogICAgICAgIGlmICh2b2lkIDAgIT09IGUpIHsKICAgICAgICAgICAgdmFyIGkgPSBlLmNhbGwodCwgciB8fCAiZGVmYXVsdCIpOwogICAgICAgICAgICBpZiAoIm9iamVjdCIgIT0gdHlwZW9mIGkpIHJldHVybiBpOwogICAgICAgICAgICB0aHJvdyBuZXcgVHlwZUVycm9yKCJAQHRvUHJpbWl0aXZlIG11c3QgcmV0dXJuIGEgcHJpbWl0aXZlIHZhbHVlLiIpOwogICAgICAgIH0KICAgICAgICByZXR1cm4gKCJzdHJpbmciID09PSByID8gU3RyaW5nIDogTnVtYmVyKSh0KTsKICAgIH0KICAgIGZ1bmN0aW9uIF90b1Byb3BlcnR5S2V5KHQpIHsKICAgICAgICB2YXIgaSA9IF90b1ByaW1pdGl2ZSh0LCAic3RyaW5nIik7CiAgICAgICAgcmV0dXJuICJzeW1ib2wiID09IHR5cGVvZiBpID8gaSA6IGkgKyAiIjsKICAgIH0KICAgIGNsYXNzIEdlbmVyaWNFcnJvciBleHRlbmRzIEVycm9yIHsKICAgICAgICBjb25zdHJ1Y3RvcihlcnJvciwgZXJyb3JfZGVzY3JpcHRpb24pIHsKICAgICAgICAgICAgc3VwZXIoZXJyb3JfZGVzY3JpcHRpb24pOwogICAgICAgICAgICB0aGlzLmVycm9yID0gZXJyb3I7CiAgICAgICAgICAgIHRoaXMuZXJyb3JfZGVzY3JpcHRpb24gPSBlcnJvcl9kZXNjcmlwdGlvbjsKICAgICAgICAgICAgT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsIEdlbmVyaWNFcnJvci5wcm90b3R5cGUpOwogICAgICAgIH0KICAgICAgICBzdGF0aWMgZnJvbVBheWxvYWQoX3JlZikgewogICAgICAgICAgICBsZXQge2Vycm9yOiBlcnJvciwgZXJyb3JfZGVzY3JpcHRpb246IGVycm9yX2Rlc2NyaXB0aW9ufSA9IF9yZWY7CiAgICAgICAgICAgIHJldHVybiBuZXcgR2VuZXJpY0Vycm9yKGVycm9yLCBlcnJvcl9kZXNjcmlwdGlvbik7CiAgICAgICAgfQogICAgfQogICAgY2xhc3MgTWlzc2luZ1JlZnJlc2hUb2tlbkVycm9yIGV4dGVuZHMgR2VuZXJpY0Vycm9yIHsKICAgICAgICBjb25zdHJ1Y3RvcihhdWRpZW5jZSwgc2NvcGUpIHsKICAgICAgICAgICAgc3VwZXIoIm1pc3NpbmdfcmVmcmVzaF90b2tlbiIsICJNaXNzaW5nIFJlZnJlc2ggVG9rZW4gKGF1ZGllbmNlOiAnIi5jb25jYXQodmFsdWVPckVtcHR5U3RyaW5nKGF1ZGllbmNlLCBbICJkZWZhdWx0IiBdKSwgIicsIHNjb3BlOiAnIikuY29uY2F0KHZhbHVlT3JFbXB0eVN0cmluZyhzY29wZSksICInKSIpKTsKICAgICAgICAgICAgdGhpcy5hdWRpZW5jZSA9IGF1ZGllbmNlOwogICAgICAgICAgICB0aGlzLnNjb3BlID0gc2NvcGU7CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICB9CiAgICBmdW5jdGlvbiB2YWx1ZU9yRW1wdHlTdHJpbmcodmFsdWUpIHsKICAgICAgICBsZXQgZXhjbHVkZSA9IGFyZ3VtZW50cy5sZW5ndGggPiAxICYmIGFyZ3VtZW50c1sxXSAhPT0gdW5kZWZpbmVkID8gYXJndW1lbnRzWzFdIDogW107CiAgICAgICAgcmV0dXJuIHZhbHVlICYmICFleGNsdWRlLmluY2x1ZGVzKHZhbHVlKSA/IHZhbHVlIDogIiI7CiAgICB9CiAgICBjb25zdCBfZXhjbHVkZWQgPSBbICJjbGllbnRJZCIgXTsKICAgIGNvbnN0IHN0cmlwVW5kZWZpbmVkID0gcGFyYW1zID0+IE9iamVjdC5rZXlzKHBhcmFtcykuZmlsdGVyKGsgPT4gdHlwZW9mIHBhcmFtc1trXSAhPT0gInVuZGVmaW5lZCIpLnJlZHVjZSgoYWNjLCBrZXkpID0+IF9vYmplY3RTcHJlYWQyKF9vYmplY3RTcHJlYWQyKHt9LCBhY2MpLCB7fSwgewogICAgICAgIFtrZXldOiBwYXJhbXNba2V5XQogICAgfSksIHt9KTsKICAgIGNvbnN0IGNyZWF0ZVF1ZXJ5UGFyYW1zID0gX3JlZiA9PiB7CiAgICAgICAgbGV0IHtjbGllbnRJZDogY2xpZW50X2lkfSA9IF9yZWYsIHBhcmFtcyA9IF9vYmplY3RXaXRob3V0UHJvcGVydGllcyhfcmVmLCBfZXhjbHVkZWQpOwogICAgICAgIHJldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKHN0cmlwVW5kZWZpbmVkKF9vYmplY3RTcHJlYWQyKHsKICAgICAgICAgICAgY2xpZW50X2lkOiBjbGllbnRfaWQKICAgICAgICB9LCBwYXJhbXMpKSkudG9TdHJpbmcoKTsKICAgIH07CiAgICBjb25zdCBmcm9tRW50cmllcyA9IGl0ZXJhYmxlID0+IFsgLi4uaXRlcmFibGUgXS5yZWR1Y2UoKG9iaiwgX3JlZjIpID0+IHsKICAgICAgICBsZXQgW2tleSwgdmFsXSA9IF9yZWYyOwogICAgICAgIG9ialtrZXldID0gdmFsOwogICAgICAgIHJldHVybiBvYmo7CiAgICB9LCB7fSk7CiAgICBsZXQgcmVmcmVzaFRva2VucyA9IHt9OwogICAgbGV0IGFsbG93ZWRCYXNlVXJsID0gbnVsbDsKICAgIGNvbnN0IGNhY2hlS2V5ID0gKGF1ZGllbmNlLCBzY29wZSkgPT4gIiIuY29uY2F0KGF1ZGllbmNlLCAifCIpLmNvbmNhdChzY29wZSk7CiAgICBjb25zdCBjYWNoZUtleUNvbnRhaW5zQXVkaWVuY2UgPSAoYXVkaWVuY2UsIGNhY2hlS2V5KSA9PiBjYWNoZUtleS5zdGFydHNXaXRoKCIiLmNvbmNhdChhdWRpZW5jZSwgInwiKSk7CiAgICBjb25zdCBnZXRSZWZyZXNoVG9rZW4gPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldOwogICAgY29uc3Qgc2V0UmVmcmVzaFRva2VuID0gKHJlZnJlc2hUb2tlbiwgYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldID0gcmVmcmVzaFRva2VuOwogICAgY29uc3QgZGVsZXRlUmVmcmVzaFRva2VuID0gKGF1ZGllbmNlLCBzY29wZSkgPT4gZGVsZXRlIHJlZnJlc2hUb2tlbnNbY2FjaGVLZXkoYXVkaWVuY2UsIHNjb3BlKV07CiAgICBjb25zdCB3YWl0ID0gdGltZSA9PiBuZXcgUHJvbWlzZShyZXNvbHZlID0+IHNldFRpbWVvdXQocmVzb2x2ZSwgdGltZSkpOwogICAgY29uc3QgZm9ybURhdGFUb09iamVjdCA9IGZvcm1EYXRhID0+IHsKICAgICAgICBjb25zdCBxdWVyeVBhcmFtcyA9IG5ldyBVUkxTZWFyY2hQYXJhbXMoZm9ybURhdGEpOwogICAgICAgIGNvbnN0IHBhcnNlZFF1ZXJ5ID0ge307CiAgICAgICAgcXVlcnlQYXJhbXMuZm9yRWFjaCgodmFsLCBrZXkpID0+IHsKICAgICAgICAgICAgcGFyc2VkUXVlcnlba2V5XSA9IHZhbDsKICAgICAgICB9KTsKICAgICAgICByZXR1cm4gcGFyc2VkUXVlcnk7CiAgICB9OwogICAgY29uc3QgdXBkYXRlUmVmcmVzaFRva2VucyA9IChvbGRSZWZyZXNoVG9rZW4sIG5ld1JlZnJlc2hUb2tlbikgPT4gewogICAgICAgIE9iamVjdC5lbnRyaWVzKHJlZnJlc2hUb2tlbnMpLmZvckVhY2goX3JlZiA9PiB7CiAgICAgICAgICAgIGxldCBba2V5LCB0b2tlbl0gPSBfcmVmOwogICAgICAgICAgICBpZiAodG9rZW4gPT09IG9sZFJlZnJlc2hUb2tlbikgewogICAgICAgICAgICAgICAgcmVmcmVzaFRva2Vuc1trZXldID0gbmV3UmVmcmVzaFRva2VuOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICB9OwogICAgY29uc3QgY2hlY2tEb3duc2NvcGluZyA9IChzY29wZSwgYXVkaWVuY2UpID0+IHsKICAgICAgICBjb25zdCBmaW5kQ29pbmNpZGVuY2UgPSBPYmplY3Qua2V5cyhyZWZyZXNoVG9rZW5zKS5maW5kKGtleSA9PiB7CiAgICAgICAgICAgIGlmIChrZXkgIT09ICJsYXRlc3RfcmVmcmVzaF90b2tlbiIpIHsKICAgICAgICAgICAgICAgIGNvbnN0IGlzU2FtZUF1ZGllbmNlID0gY2FjaGVLZXlDb250YWluc0F1ZGllbmNlKGF1ZGllbmNlLCBrZXkpOwogICAgICAgICAgICAgICAgY29uc3Qgc2NvcGVzS2V5ID0ga2V5LnNwbGl0KCJ8IilbMV0uc3BsaXQoIiAiKTsKICAgICAgICAgICAgICAgIGNvbnN0IHJlcXVlc3RlZFNjb3BlcyA9IHNjb3BlLnNwbGl0KCIgIik7CiAgICAgICAgICAgICAgICBjb25zdCBzY29wZXNBcmVJbmNsdWRlZCA9IHJlcXVlc3RlZFNjb3Blcy5ldmVyeShrZXkgPT4gc2NvcGVzS2V5LmluY2x1ZGVzKGtleSkpOwogICAgICAgICAgICAgICAgcmV0dXJuIGlzU2FtZUF1ZGllbmNlICYmIHNjb3Blc0FyZUluY2x1ZGVkOwogICAgICAgICAgICB9CiAgICAgICAgfSk7CiAgICAgICAgcmV0dXJuIGZpbmRDb2luY2lkZW5jZSA/IHRydWUgOiBmYWxzZTsKICAgIH07CiAgICBjb25zdCBtZXNzYWdlSGFuZGxlciA9IGFzeW5jIF9yZWYyID0+IHsKICAgICAgICBsZXQge2RhdGE6IHt0aW1lb3V0OiB0aW1lb3V0LCBhdXRoOiBhdXRoLCBmZXRjaFVybDogZmV0Y2hVcmwsIGZldGNoT3B0aW9uczogZmV0Y2hPcHRpb25zLCB1c2VGb3JtRGF0YTogdXNlRm9ybURhdGEsIHVzZU1ycnQ6IHVzZU1ycnR9LCBwb3J0czogW3BvcnRdfSA9IF9yZWYyOwogICAgICAgIGxldCBoZWFkZXJzID0ge307CiAgICAgICAgbGV0IGpzb247CiAgICAgICAgbGV0IHJlZnJlc2hUb2tlbjsKICAgICAgICBjb25zdCB7YXVkaWVuY2U6IGF1ZGllbmNlLCBzY29wZTogc2NvcGV9ID0gYXV0aCB8fCB7fTsKICAgICAgICB0cnkgewogICAgICAgICAgICBjb25zdCBib2R5ID0gdXNlRm9ybURhdGEgPyBmb3JtRGF0YVRvT2JqZWN0KGZldGNoT3B0aW9ucy5ib2R5KSA6IEpTT04ucGFyc2UoZmV0Y2hPcHRpb25zLmJvZHkpOwogICAgICAgICAgICBpZiAoIWJvZHkucmVmcmVzaF90b2tlbiAmJiBib2R5LmdyYW50X3R5cGUgPT09ICJyZWZyZXNoX3Rva2VuIikgewogICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gZ2V0UmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBpZiAoIXJlZnJlc2hUb2tlbiAmJiB1c2VNcnJ0KSB7CiAgICAgICAgICAgICAgICAgICAgY29uc3QgbGF0ZXN0UmVmcmVzaFRva2VuID0gcmVmcmVzaFRva2Vuc1sibGF0ZXN0X3JlZnJlc2hfdG9rZW4iXTsKICAgICAgICAgICAgICAgICAgICBjb25zdCBpc0Rvd25zY29waW5nID0gY2hlY2tEb3duc2NvcGluZyhzY29wZSwgYXVkaWVuY2UpOwogICAgICAgICAgICAgICAgICAgIGlmIChsYXRlc3RSZWZyZXNoVG9rZW4gJiYgIWlzRG93bnNjb3BpbmcpIHsKICAgICAgICAgICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gbGF0ZXN0UmVmcmVzaFRva2VuOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGlmICghcmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IE1pc3NpbmdSZWZyZXNoVG9rZW5FcnJvcihhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmV0Y2hPcHRpb25zLmJvZHkgPSB1c2VGb3JtRGF0YSA/IGNyZWF0ZVF1ZXJ5UGFyYW1zKF9vYmplY3RTcHJlYWQyKF9vYmplY3RTcHJlYWQyKHt9LCBib2R5KSwge30sIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoX3Rva2VuOiByZWZyZXNoVG9rZW4KICAgICAgICAgICAgICAgIH0pKSA6IEpTT04uc3RyaW5naWZ5KF9vYmplY3RTcHJlYWQyKF9vYmplY3RTcHJlYWQyKHt9LCBib2R5KSwge30sIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoX3Rva2VuOiByZWZyZXNoVG9rZW4KICAgICAgICAgICAgICAgIH0pKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBsZXQgYWJvcnRDb250cm9sbGVyOwogICAgICAgICAgICBpZiAodHlwZW9mIEFib3J0Q29udHJvbGxlciA9PT0gImZ1bmN0aW9uIikgewogICAgICAgICAgICAgICAgYWJvcnRDb250cm9sbGVyID0gbmV3IEFib3J0Q29udHJvbGxlcjsKICAgICAgICAgICAgICAgIGZldGNoT3B0aW9ucy5zaWduYWwgPSBhYm9ydENvbnRyb2xsZXIuc2lnbmFsOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGxldCByZXNwb25zZTsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIHJlc3BvbnNlID0gYXdhaXQgUHJvbWlzZS5yYWNlKFsgd2FpdCh0aW1lb3V0KSwgZmV0Y2goZmV0Y2hVcmwsIF9vYmplY3RTcHJlYWQyKHt9LCBmZXRjaE9wdGlvbnMpKSBdKTsKICAgICAgICAgICAgfSBjYXRjaCAoZXJyb3IpIHsKICAgICAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgICAgIGVycm9yOiBlcnJvci5tZXNzYWdlCiAgICAgICAgICAgICAgICB9KTsKICAgICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgICAgfQogICAgICAgICAgICBpZiAoIXJlc3BvbnNlKSB7CiAgICAgICAgICAgICAgICBpZiAoYWJvcnRDb250cm9sbGVyKSBhYm9ydENvbnRyb2xsZXIuYWJvcnQoKTsKICAgICAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgICAgIGVycm9yOiAiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIgogICAgICAgICAgICAgICAgfSk7CiAgICAgICAgICAgICAgICByZXR1cm47CiAgICAgICAgICAgIH0KICAgICAgICAgICAgaGVhZGVycyA9IGZyb21FbnRyaWVzKHJlc3BvbnNlLmhlYWRlcnMpOwogICAgICAgICAgICBqc29uID0gYXdhaXQgcmVzcG9uc2UuanNvbigpOwogICAgICAgICAgICBpZiAoanNvbi5yZWZyZXNoX3Rva2VuKSB7CiAgICAgICAgICAgICAgICBpZiAodXNlTXJydCkgewogICAgICAgICAgICAgICAgICAgIHJlZnJlc2hUb2tlbnNbImxhdGVzdF9yZWZyZXNoX3Rva2VuIl0gPSBqc29uLnJlZnJlc2hfdG9rZW47CiAgICAgICAgICAgICAgICAgICAgdXBkYXRlUmVmcmVzaFRva2VucyhyZWZyZXNoVG9rZW4sIGpzb24ucmVmcmVzaF90b2tlbik7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBzZXRSZWZyZXNoVG9rZW4oanNvbi5yZWZyZXNoX3Rva2VuLCBhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICAgICAgZGVsZXRlIGpzb24ucmVmcmVzaF90b2tlbjsKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGRlbGV0ZVJlZnJlc2hUb2tlbihhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgb2s6IHJlc3BvbnNlLm9rLAogICAgICAgICAgICAgICAganNvbjoganNvbiwKICAgICAgICAgICAgICAgIGhlYWRlcnM6IGhlYWRlcnMKICAgICAgICAgICAgfSk7CiAgICAgICAgfSBjYXRjaCAoZXJyb3IpIHsKICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICBvazogZmFsc2UsCiAgICAgICAgICAgICAgICBqc29uOiB7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6IGVycm9yLmVycm9yLAogICAgICAgICAgICAgICAgICAgIGVycm9yX2Rlc2NyaXB0aW9uOiBlcnJvci5tZXNzYWdlCiAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgaGVhZGVyczogaGVhZGVycwogICAgICAgICAgICB9KTsKICAgICAgICB9CiAgICB9OwogICAgY29uc3QgaXNBdXRob3JpemVkV29ya2VyUmVxdWVzdCA9IHdvcmtlclJlcXVlc3QgPT4gewogICAgICAgIGlmICghYWxsb3dlZEJhc2VVcmwpIHsKICAgICAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgICAgIH0KICAgICAgICB0cnkgewogICAgICAgICAgICBjb25zdCBhbGxvd2VkQmFzZU9yaWdpbiA9IG5ldyBVUkwoYWxsb3dlZEJhc2VVcmwpLm9yaWdpbjsKICAgICAgICAgICAgY29uc3QgcmVxdWVzdGVkVXJsID0gbmV3IFVSTCh3b3JrZXJSZXF1ZXN0LmZldGNoVXJsKTsKICAgICAgICAgICAgcmV0dXJuIHJlcXVlc3RlZFVybC5vcmlnaW4gPT09IGFsbG93ZWRCYXNlT3JpZ2luICYmIHJlcXVlc3RlZFVybC5wYXRobmFtZSA9PT0gIi9vYXV0aC90b2tlbiI7CiAgICAgICAgfSBjYXRjaCAoX3VudXNlZCkgewogICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgfQogICAgfTsKICAgIGNvbnN0IG1lc3NhZ2VSb3V0ZXIgPSBldmVudCA9PiB7CiAgICAgICAgY29uc3Qge2RhdGE6IGRhdGEsIHBvcnRzOiBwb3J0c30gPSBldmVudDsKICAgICAgICBjb25zdCBbcG9ydF0gPSBwb3J0czsKICAgICAgICBpZiAoInR5cGUiIGluIGRhdGEgJiYgZGF0YS50eXBlID09PSAiaW5pdCIpIHsKICAgICAgICAgICAgaWYgKGFsbG93ZWRCYXNlVXJsID09PSBudWxsKSB7CiAgICAgICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgICAgIG5ldyBVUkwoZGF0YS5hbGxvd2VkQmFzZVVybCk7CiAgICAgICAgICAgICAgICAgICAgYWxsb3dlZEJhc2VVcmwgPSBkYXRhLmFsbG93ZWRCYXNlVXJsOwogICAgICAgICAgICAgICAgfSBjYXRjaCAoX3VudXNlZDIpIHsKICAgICAgICAgICAgICAgICAgICByZXR1cm47CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuOwogICAgICAgIH0KICAgICAgICBpZiAoISgiZmV0Y2hVcmwiIGluIGRhdGEpIHx8ICFpc0F1dGhvcml6ZWRXb3JrZXJSZXF1ZXN0KGRhdGEpKSB7CiAgICAgICAgICAgIHBvcnQgPT09IG51bGwgfHwgcG9ydCA9PT0gdm9pZCAwIHx8IHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgb2s6IGZhbHNlLAogICAgICAgICAgICAgICAganNvbjogewogICAgICAgICAgICAgICAgICAgIGVycm9yOiAiaW52YWxpZF9mZXRjaF91cmwiLAogICAgICAgICAgICAgICAgICAgIGVycm9yX2Rlc2NyaXB0aW9uOiAiVW5hdXRob3JpemVkIGZldGNoIFVSTCIKICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICBoZWFkZXJzOiB7fQogICAgICAgICAgICB9KTsKICAgICAgICAgICAgcmV0dXJuOwogICAgICAgIH0KICAgICAgICBtZXNzYWdlSGFuZGxlcihldmVudCk7CiAgICB9OwogICAgewogICAgICAgIGFkZEV2ZW50TGlzdGVuZXIoIm1lc3NhZ2UiLCBtZXNzYWdlUm91dGVyKTsKICAgIH0KfSkoKTsKCg==", null, false);
2256
2286
 
2257
2287
  const singlePromiseMap = {};
2258
2288
 
@@ -2272,6 +2302,7 @@ class CacheKeyManifest {
2272
2302
  constructor(cache, clientId) {
2273
2303
  this.cache = cache;
2274
2304
  this.clientId = clientId;
2305
+ _defineProperty(this, "manifestKey", void 0);
2275
2306
  this.manifestKey = this.createManifestKeyFrom(this.clientId);
2276
2307
  }
2277
2308
  async add(key) {
@@ -2398,6 +2429,8 @@ const AUTH0_NONCE_ID = "auth0";
2398
2429
 
2399
2430
  class DpopStorage {
2400
2431
  constructor(clientId) {
2432
+ _defineProperty(this, "clientId", void 0);
2433
+ _defineProperty(this, "dbHandle", void 0);
2401
2434
  this.clientId = clientId;
2402
2435
  }
2403
2436
  getVersion() {
@@ -2466,6 +2499,7 @@ class DpopStorage {
2466
2499
 
2467
2500
  class Dpop {
2468
2501
  constructor(clientId) {
2502
+ _defineProperty(this, "storage", void 0);
2469
2503
  this.storage = new DpopStorage(clientId);
2470
2504
  }
2471
2505
  getNonce(id) {
@@ -2505,6 +2539,8 @@ var TokenType = function(TokenType) {
2505
2539
 
2506
2540
  class Fetcher {
2507
2541
  constructor(config, hooks) {
2542
+ _defineProperty(this, "config", void 0);
2543
+ _defineProperty(this, "hooks", void 0);
2508
2544
  this.hooks = hooks;
2509
2545
  this.config = _objectSpread2(_objectSpread2({}, config), {}, {
2510
2546
  fetch: config.fetch || (typeof window === "undefined" ? fetch : window.fetch.bind(window))
@@ -2672,6 +2708,11 @@ class MyAccountApiError extends Error {
2672
2708
  constructor(_ref) {
2673
2709
  let {type: type, status: status, title: title, detail: detail, validation_errors: validation_errors} = _ref;
2674
2710
  super(detail);
2711
+ _defineProperty(this, "type", void 0);
2712
+ _defineProperty(this, "status", void 0);
2713
+ _defineProperty(this, "title", void 0);
2714
+ _defineProperty(this, "detail", void 0);
2715
+ _defineProperty(this, "validation_errors", void 0);
2675
2716
  this.name = "MyAccountApiError";
2676
2717
  this.type = type;
2677
2718
  this.status = status;
@@ -8063,6 +8104,7 @@ class MfaContextManager {
8063
8104
  constructor() {
8064
8105
  let ttlMs = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : DEFAULT_TTL_MS;
8065
8106
  _defineProperty(this, "contexts", new Map);
8107
+ _defineProperty(this, "ttlMs", void 0);
8066
8108
  this.ttlMs = ttlMs;
8067
8109
  }
8068
8110
  set(mfaToken, context) {
@@ -8100,6 +8142,9 @@ class MfaContextManager {
8100
8142
 
8101
8143
  class MfaApiClient {
8102
8144
  constructor(authJsMfaClient, auth0Client) {
8145
+ _defineProperty(this, "authJsMfaClient", void 0);
8146
+ _defineProperty(this, "auth0Client", void 0);
8147
+ _defineProperty(this, "contextManager", void 0);
8103
8148
  this.authJsMfaClient = authJsMfaClient;
8104
8149
  this.auth0Client = auth0Client;
8105
8150
  this.contextManager = new MfaContextManager;
@@ -8213,7 +8258,25 @@ const _excluded = [ "openUrl", "fragment", "appState" ], _excluded2 = [ "url" ],
8213
8258
 
8214
8259
  class Auth0Client {
8215
8260
  constructor(options) {
8261
+ _defineProperty(this, "transactionManager", void 0);
8262
+ _defineProperty(this, "cacheManager", void 0);
8263
+ _defineProperty(this, "lockManager", void 0);
8264
+ _defineProperty(this, "domainUrl", void 0);
8265
+ _defineProperty(this, "tokenIssuer", void 0);
8266
+ _defineProperty(this, "scope", void 0);
8267
+ _defineProperty(this, "cookieStorage", void 0);
8268
+ _defineProperty(this, "dpop", void 0);
8269
+ _defineProperty(this, "sessionCheckExpiryDays", void 0);
8270
+ _defineProperty(this, "orgHintCookieName", void 0);
8271
+ _defineProperty(this, "isAuthenticatedCookieName", void 0);
8272
+ _defineProperty(this, "nowProvider", void 0);
8273
+ _defineProperty(this, "httpTimeoutMs", void 0);
8274
+ _defineProperty(this, "options", void 0);
8216
8275
  _defineProperty(this, "userCache", (new InMemoryCache).enclosedCache);
8276
+ _defineProperty(this, "myAccountApi", void 0);
8277
+ _defineProperty(this, "mfa", void 0);
8278
+ _defineProperty(this, "worker", void 0);
8279
+ _defineProperty(this, "authJsClient", void 0);
8217
8280
  _defineProperty(this, "defaultOptions", {
8218
8281
  authorizationParams: {
8219
8282
  scope: DEFAULT_SCOPE
@@ -8277,6 +8340,10 @@ class Auth0Client {
8277
8340
  } else {
8278
8341
  this.worker = new WorkerFactory;
8279
8342
  }
8343
+ this.worker.postMessage({
8344
+ type: "init",
8345
+ allowedBaseUrl: this.domainUrl
8346
+ });
8280
8347
  }
8281
8348
  }
8282
8349
  getConfiguration() {