@auth0/auth0-spa-js 2.4.1 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/README.md +1 -1
  2. package/dist/auth0-spa-js.development.js +298 -43
  3. package/dist/auth0-spa-js.development.js.map +1 -1
  4. package/dist/auth0-spa-js.production.esm.js +1 -1
  5. package/dist/auth0-spa-js.production.esm.js.map +1 -1
  6. package/dist/auth0-spa-js.production.js +1 -1
  7. package/dist/auth0-spa-js.production.js.map +1 -1
  8. package/dist/auth0-spa-js.worker.development.js +34 -2
  9. package/dist/auth0-spa-js.worker.development.js.map +1 -1
  10. package/dist/auth0-spa-js.worker.production.js +1 -1
  11. package/dist/auth0-spa-js.worker.production.js.map +1 -1
  12. package/dist/lib/auth0-spa-js.cjs.js +309 -44
  13. package/dist/lib/auth0-spa-js.cjs.js.map +1 -1
  14. package/dist/typings/Auth0Client.d.ts +42 -2
  15. package/dist/typings/Auth0Client.utils.d.ts +32 -0
  16. package/dist/typings/MyAccountApiClient.d.ts +92 -0
  17. package/dist/typings/api.d.ts +1 -1
  18. package/dist/typings/cache/cache-manager.d.ts +18 -1
  19. package/dist/typings/errors.d.ts +10 -0
  20. package/dist/typings/fetcher.d.ts +11 -7
  21. package/dist/typings/global.d.ts +97 -0
  22. package/dist/typings/http.d.ts +2 -2
  23. package/dist/typings/index.d.ts +2 -1
  24. package/dist/typings/transaction-manager.d.ts +15 -4
  25. package/dist/typings/version.d.ts +1 -1
  26. package/dist/typings/worker/worker.types.d.ts +1 -0
  27. package/package.json +1 -1
  28. package/src/Auth0Client.ts +282 -25
  29. package/src/Auth0Client.utils.ts +66 -0
  30. package/src/MyAccountApiClient.ts +158 -0
  31. package/src/api.ts +7 -1
  32. package/src/cache/cache-manager.ts +82 -7
  33. package/src/errors.ts +18 -0
  34. package/src/fetcher.ts +30 -18
  35. package/src/global.ts +112 -4
  36. package/src/http.ts +12 -5
  37. package/src/index.ts +5 -0
  38. package/src/transaction-manager.ts +17 -4
  39. package/src/utils.ts +1 -0
  40. package/src/version.ts +1 -1
  41. package/src/worker/token.worker.ts +60 -9
  42. package/src/worker/worker.types.ts +1 -0
package/dist/lib/auth0-spa-js.cjs.js CHANGED
@@ -550,7 +550,7 @@ var browserTabsLock = createCommonjsModule((function(module, exports) {
550
550
 
551
551
  var Lock = unwrapExports(browserTabsLock);
552
552
 
553
- var version = "2.4.1";
553
+ var version = "2.6.0";
554
554
 
555
555
  const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
556
556
 
@@ -602,6 +602,16 @@ class AuthenticationError extends GenericError {
602
602
  }
603
603
  }
604
604
 
605
+ class ConnectError extends GenericError {
606
+ constructor(error, error_description, connection, state, appState = null) {
607
+ super(error, error_description);
608
+ this.connection = connection;
609
+ this.state = state;
610
+ this.appState = appState;
611
+ Object.setPrototypeOf(this, ConnectError.prototype);
612
+ }
613
+ }
614
+
605
615
  class TimeoutError extends GenericError {
606
616
  constructor() {
607
617
  super("timeout", "Timeout");
@@ -662,6 +672,7 @@ const parseAuthenticationResult = queryString => {
662
672
  return {
663
673
  state: searchParams.get("state"),
664
674
  code: searchParams.get("code") || undefined,
675
+ connect_code: searchParams.get("connect_code") || undefined,
665
676
  error: searchParams.get("error") || undefined,
666
677
  error_description: searchParams.get("error_description") || undefined
667
678
  };
@@ -1200,7 +1211,7 @@ const fetchWithoutWorker = async (fetchUrl, fetchOptions, timeout) => {
1200
1211
  }));
1201
1212
  };
1202
1213
 
1203
- const fetchWithWorker = async (fetchUrl, audience, scope, fetchOptions, timeout, worker, useFormData) => sendMessage({
1214
+ const fetchWithWorker = async (fetchUrl, audience, scope, fetchOptions, timeout, worker, useFormData, useMrrt) => sendMessage({
1204
1215
  auth: {
1205
1216
  audience: audience,
1206
1217
  scope: scope
@@ -1208,18 +1219,19 @@ const fetchWithWorker = async (fetchUrl, audience, scope, fetchOptions, timeout,
1208
1219
  timeout: timeout,
1209
1220
  fetchUrl: fetchUrl,
1210
1221
  fetchOptions: fetchOptions,
1211
- useFormData: useFormData
1222
+ useFormData: useFormData,
1223
+ useMrrt: useMrrt
1212
1224
  }, worker);
1213
1225
 
1214
- const switchFetch = async (fetchUrl, audience, scope, fetchOptions, worker, useFormData, timeout = DEFAULT_FETCH_TIMEOUT_MS) => {
1226
+ const switchFetch = async (fetchUrl, audience, scope, fetchOptions, worker, useFormData, timeout = DEFAULT_FETCH_TIMEOUT_MS, useMrrt) => {
1215
1227
  if (worker) {
1216
- return fetchWithWorker(fetchUrl, audience, scope, fetchOptions, timeout, worker, useFormData);
1228
+ return fetchWithWorker(fetchUrl, audience, scope, fetchOptions, timeout, worker, useFormData, useMrrt);
1217
1229
  } else {
1218
1230
  return fetchWithoutWorker(fetchUrl, fetchOptions, timeout);
1219
1231
  }
1220
1232
  };
1221
1233
 
1222
- async function getJSON(url, timeout, audience, scope, options, worker, useFormData, dpop, isDpopRetry) {
1234
+ async function getJSON(url, timeout, audience, scope, options, worker, useFormData, useMrrt, dpop, isDpopRetry) {
1223
1235
  if (dpop) {
1224
1236
  const dpopProof = await dpop.generateProof({
1225
1237
  url: url,
@@ -1234,7 +1246,7 @@ async function getJSON(url, timeout, audience, scope, options, worker, useFormDa
1234
1246
  let response;
1235
1247
  for (let i = 0; i < DEFAULT_SILENT_TOKEN_RETRY_COUNT; i++) {
1236
1248
  try {
1237
- response = await switchFetch(url, audience, scope, options, worker, useFormData, timeout);
1249
+ response = await switchFetch(url, audience, scope, options, worker, useFormData, timeout, useMrrt);
1238
1250
  fetchError = null;
1239
1251
  break;
1240
1252
  } catch (e) {
@@ -1264,7 +1276,7 @@ async function getJSON(url, timeout, audience, scope, options, worker, useFormDa
1264
1276
  if (!dpop || !newDpopNonce || isDpopRetry) {
1265
1277
  throw new UseDpopNonceError(newDpopNonce);
1266
1278
  }
1267
- return getJSON(url, timeout, audience, scope, options, worker, useFormData, dpop, true);
1279
+ return getJSON(url, timeout, audience, scope, options, worker, useFormData, useMrrt, dpop, true);
1268
1280
  }
1269
1281
  throw new GenericError(error || "request_error", errorMessage);
1270
1282
  }
@@ -1272,12 +1284,16 @@ async function getJSON(url, timeout, audience, scope, options, worker, useFormDa
1272
1284
  }
1273
1285
 
1274
1286
  async function oauthToken(_a, worker) {
1275
- var {baseUrl: baseUrl, timeout: timeout, audience: audience, scope: scope, auth0Client: auth0Client, useFormData: useFormData, dpop: dpop} = _a, options = __rest(_a, [ "baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "dpop" ]);
1287
+ var {baseUrl: baseUrl, timeout: timeout, audience: audience, scope: scope, auth0Client: auth0Client, useFormData: useFormData, useMrrt: useMrrt, dpop: dpop} = _a, options = __rest(_a, [ "baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "useMrrt", "dpop" ]);
1276
1288
  const isTokenExchange = options.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange";
1277
- const allParams = Object.assign(Object.assign(Object.assign({}, options), isTokenExchange && audience && {
1289
+ const refreshWithMrrt = options.grant_type === "refresh_token" && useMrrt;
1290
+ const allParams = Object.assign(Object.assign(Object.assign(Object.assign({}, options), isTokenExchange && audience && {
1278
1291
  audience: audience
1279
1292
  }), isTokenExchange && scope && {
1280
1293
  scope: scope
1294
+ }), refreshWithMrrt && {
1295
+ audience: audience,
1296
+ scope: scope
1281
1297
  });
1282
1298
  const body = useFormData ? createQueryParams(allParams) : JSON.stringify(allParams);
1283
1299
  const isDpopSupported = isGrantTypeSupported(options.grant_type);
@@ -1288,7 +1304,7 @@ async function oauthToken(_a, worker) {
1288
1304
  "Content-Type": useFormData ? "application/x-www-form-urlencoded" : "application/json",
1289
1305
  "Auth0-Client": btoa(JSON.stringify(auth0Client || DEFAULT_AUTH0_CLIENT))
1290
1306
  }
1291
- }, worker, useFormData, isDpopSupported ? dpop : undefined);
1307
+ }, worker, useFormData, useMrrt, isDpopSupported ? dpop : undefined);
1292
1308
  }
1293
1309
 
1294
1310
  const dedupe = arr => Array.from(new Set(arr));
@@ -1416,7 +1432,7 @@ class CacheManager {
1416
1432
  decodedToken: entry.decodedToken
1417
1433
  };
1418
1434
  }
1419
- async get(cacheKey, expiryAdjustmentSeconds = DEFAULT_EXPIRY_ADJUSTMENT_SECONDS) {
1435
+ async get(cacheKey, expiryAdjustmentSeconds = DEFAULT_EXPIRY_ADJUSTMENT_SECONDS, useMrrt = false, cacheMode) {
1420
1436
  var _a;
1421
1437
  let wrappedEntry = await this.cache.get(cacheKey.toKey());
1422
1438
  if (!wrappedEntry) {
@@ -1426,6 +1442,9 @@ class CacheManager {
1426
1442
  if (matchedKey) {
1427
1443
  wrappedEntry = await this.cache.get(matchedKey);
1428
1444
  }
1445
+ if (!matchedKey && useMrrt && cacheMode !== "cache-only") {
1446
+ return this.getEntryWithRefreshToken(cacheKey, keys);
1447
+ }
1429
1448
  }
1430
1449
  if (!wrappedEntry) {
1431
1450
  return;
@@ -1434,11 +1453,7 @@ class CacheManager {
1434
1453
  const nowSeconds = Math.floor(now / 1e3);
1435
1454
  if (wrappedEntry.expiresAt - expiryAdjustmentSeconds < nowSeconds) {
1436
1455
  if (wrappedEntry.body.refresh_token) {
1437
- wrappedEntry.body = {
1438
- refresh_token: wrappedEntry.body.refresh_token
1439
- };
1440
- await this.cache.set(cacheKey.toKey(), wrappedEntry);
1441
- return wrappedEntry.body;
1456
+ return this.modifiedCachedEntry(wrappedEntry, cacheKey);
1442
1457
  }
1443
1458
  await this.cache.remove(cacheKey.toKey());
1444
1459
  await ((_a = this.keyManifest) === null || _a === void 0 ? void 0 : _a.remove(cacheKey.toKey()));
@@ -1446,6 +1461,19 @@ class CacheManager {
1446
1461
  }
1447
1462
  return wrappedEntry.body;
1448
1463
  }
1464
+ async modifiedCachedEntry(wrappedEntry, cacheKey) {
1465
+ wrappedEntry.body = {
1466
+ refresh_token: wrappedEntry.body.refresh_token,
1467
+ audience: wrappedEntry.body.audience,
1468
+ scope: wrappedEntry.body.scope
1469
+ };
1470
+ await this.cache.set(cacheKey.toKey(), wrappedEntry);
1471
+ return {
1472
+ refresh_token: wrappedEntry.body.refresh_token,
1473
+ audience: wrappedEntry.body.audience,
1474
+ scope: wrappedEntry.body.scope
1475
+ };
1476
+ }
1449
1477
  async set(entry) {
1450
1478
  var _a;
1451
1479
  const cacheKey = new CacheKey({
@@ -1498,6 +1526,33 @@ class CacheManager {
1498
1526
  return cacheKey.prefix === CACHE_KEY_PREFIX && cacheKey.clientId === keyToMatch.clientId && cacheKey.audience === keyToMatch.audience && hasAllScopes;
1499
1527
  }))[0];
1500
1528
  }
1529
+ async getEntryWithRefreshToken(keyToMatch, allKeys) {
1530
+ var _a;
1531
+ for (const key of allKeys) {
1532
+ const cacheKey = CacheKey.fromKey(key);
1533
+ if (cacheKey.prefix === CACHE_KEY_PREFIX && cacheKey.clientId === keyToMatch.clientId) {
1534
+ const cachedEntry = await this.cache.get(key);
1535
+ if ((_a = cachedEntry === null || cachedEntry === void 0 ? void 0 : cachedEntry.body) === null || _a === void 0 ? void 0 : _a.refresh_token) {
1536
+ return this.modifiedCachedEntry(cachedEntry, keyToMatch);
1537
+ }
1538
+ }
1539
+ }
1540
+ return undefined;
1541
+ }
1542
+ async updateEntry(oldRefreshToken, newRefreshToken) {
1543
+ var _a;
1544
+ const allKeys = await this.getCacheKeys();
1545
+ if (!allKeys) return;
1546
+ for (const key of allKeys) {
1547
+ const entry = await this.cache.get(key);
1548
+ if (((_a = entry === null || entry === void 0 ? void 0 : entry.body) === null || _a === void 0 ? void 0 : _a.refresh_token) === oldRefreshToken) {
1549
+ const cacheEntry = Object.assign(Object.assign({}, entry.body), {
1550
+ refresh_token: newRefreshToken
1551
+ });
1552
+ await this.set(cacheEntry);
1553
+ }
1554
+ }
1555
+ }
1501
1556
  }
1502
1557
 
1503
1558
  const TRANSACTION_STORAGE_KEY_PREFIX = "a0.spajs.txs";
@@ -1829,6 +1884,15 @@ const SessionStorage = {
1829
1884
  }
1830
1885
  };
1831
1886
 
1887
+ exports.ResponseType = void 0;
1888
+
1889
+ (function(ResponseType) {
1890
+ ResponseType["Code"] = "code";
1891
+ ResponseType["ConnectCode"] = "connect_code";
1892
+ })(exports.ResponseType || (exports.ResponseType = {}));
1893
+
1894
+ class User {}
1895
+
1832
1896
  function decodeBase64(base64, enableUnicode) {
1833
1897
  var binaryString = atob(base64);
1834
1898
  if (enableUnicode) {
@@ -1861,7 +1925,7 @@ function createBase64WorkerFactory(base64, sourcemapArg, enableUnicodeArg) {
1861
1925
  };
1862
1926
  }
1863
1927
 
1864
- var WorkerFactory = createBase64WorkerFactory("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwooZnVuY3Rpb24oKSB7CiAgICAidXNlIHN0cmljdCI7CiAgICBjbGFzcyBHZW5lcmljRXJyb3IgZXh0ZW5kcyBFcnJvciB7CiAgICAgICAgY29uc3RydWN0b3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKSB7CiAgICAgICAgICAgIHN1cGVyKGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICAgICAgdGhpcy5lcnJvciA9IGVycm9yOwogICAgICAgICAgICB0aGlzLmVycm9yX2Rlc2NyaXB0aW9uID0gZXJyb3JfZGVzY3JpcHRpb247CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBHZW5lcmljRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICAgICAgc3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjogZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uOiBlcnJvcl9kZXNjcmlwdGlvbn0pIHsKICAgICAgICAgICAgcmV0dXJuIG5ldyBHZW5lcmljRXJyb3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICB9CiAgICB9CiAgICBjbGFzcyBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IgZXh0ZW5kcyBHZW5lcmljRXJyb3IgewogICAgICAgIGNvbnN0cnVjdG9yKGF1ZGllbmNlLCBzY29wZSkgewogICAgICAgICAgICBzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIiwgYE1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhhdWRpZW5jZSwgWyAiZGVmYXVsdCIgXSl9Jywgc2NvcGU6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhzY29wZSl9JylgKTsKICAgICAgICAgICAgdGhpcy5hdWRpZW5jZSA9IGF1ZGllbmNlOwogICAgICAgICAgICB0aGlzLnNjb3BlID0gc2NvcGU7CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICB9CiAgICBmdW5jdGlvbiB2YWx1ZU9yRW1wdHlTdHJpbmcodmFsdWUsIGV4Y2x1ZGUgPSBbXSkgewogICAgICAgIHJldHVybiB2YWx1ZSAmJiAhZXhjbHVkZS5pbmNsdWRlcyh2YWx1ZSkgPyB2YWx1ZSA6ICIiOwogICAgfQogICAgZnVuY3Rpb24gX19yZXN0KHMsIGUpIHsKICAgICAgICB2YXIgdCA9IHt9OwogICAgICAgIGZvciAodmFyIHAgaW4gcykgaWYgKE9iamVjdC5wcm90b3R5cGUuaGFzT3duUHJvcGVydHkuY2FsbChzLCBwKSAmJiBlLmluZGV4T2YocCkgPCAwKSB0W3BdID0gc1twXTsKICAgICAgICBpZiAocyAhPSBudWxsICYmIHR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzID09PSAiZnVuY3Rpb24iKSBmb3IgKHZhciBpID0gMCwgcCA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMocyk7IGkgPCBwLmxlbmd0aDsgaSsrKSB7CiAgICAgICAgICAgIGlmIChlLmluZGV4T2YocFtpXSkgPCAwICYmIE9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChzLCBwW2ldKSkgdFtwW2ldXSA9IHNbcFtpXV07CiAgICAgICAgfQogICAgICAgIHJldHVybiB0OwogICAgfQogICAgdHlwZW9mIFN1cHByZXNzZWRFcnJvciA9PT0gImZ1bmN0aW9uIiA/IFN1cHByZXNzZWRFcnJvciA6IGZ1bmN0aW9uKGVycm9yLCBzdXBwcmVzc2VkLCBtZXNzYWdlKSB7CiAgICAgICAgdmFyIGUgPSBuZXcgRXJyb3IobWVzc2FnZSk7CiAgICAgICAgcmV0dXJuIGUubmFtZSA9ICJTdXBwcmVzc2VkRXJyb3IiLCBlLmVycm9yID0gZXJyb3IsIGUuc3VwcHJlc3NlZCA9IHN1cHByZXNzZWQsIGU7CiAgICB9OwogICAgY29uc3Qgc3RyaXBVbmRlZmluZWQgPSBwYXJhbXMgPT4gT2JqZWN0LmtleXMocGFyYW1zKS5maWx0ZXIoKGsgPT4gdHlwZW9mIHBhcmFtc1trXSAhPT0gInVuZGVmaW5lZCIpKS5yZWR1Y2UoKChhY2MsIGtleSkgPT4gT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LCBhY2MpLCB7CiAgICAgICAgW2tleV06IHBhcmFtc1trZXldCiAgICB9KSksIHt9KTsKICAgIGNvbnN0IGNyZWF0ZVF1ZXJ5UGFyYW1zID0gX2EgPT4gewogICAgICAgIHZhciB7Y2xpZW50SWQ6IGNsaWVudF9pZH0gPSBfYSwgcGFyYW1zID0gX19yZXN0KF9hLCBbICJjbGllbnRJZCIgXSk7CiAgICAgICAgcmV0dXJuIG5ldyBVUkxTZWFyY2hQYXJhbXMoc3RyaXBVbmRlZmluZWQoT2JqZWN0LmFzc2lnbih7CiAgICAgICAgICAgIGNsaWVudF9pZDogY2xpZW50X2lkCiAgICAgICAgfSwgcGFyYW1zKSkpLnRvU3RyaW5nKCk7CiAgICB9OwogICAgY29uc3QgZnJvbUVudHJpZXMgPSBpdGVyYWJsZSA9PiBbIC4uLml0ZXJhYmxlIF0ucmVkdWNlKCgob2JqLCBba2V5LCB2YWxdKSA9PiB7CiAgICAgICAgb2JqW2tleV0gPSB2YWw7CiAgICAgICAgcmV0dXJuIG9iajsKICAgIH0pLCB7fSk7CiAgICBsZXQgcmVmcmVzaFRva2VucyA9IHt9OwogICAgY29uc3QgY2FjaGVLZXkgPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiBgJHthdWRpZW5jZX18JHtzY29wZX1gOwogICAgY29uc3QgZ2V0UmVmcmVzaFRva2VuID0gKGF1ZGllbmNlLCBzY29wZSkgPT4gcmVmcmVzaFRva2Vuc1tjYWNoZUtleShhdWRpZW5jZSwgc2NvcGUpXTsKICAgIGNvbnN0IHNldFJlZnJlc2hUb2tlbiA9IChyZWZyZXNoVG9rZW4sIGF1ZGllbmNlLCBzY29wZSkgPT4gcmVmcmVzaFRva2Vuc1tjYWNoZUtleShhdWRpZW5jZSwgc2NvcGUpXSA9IHJlZnJlc2hUb2tlbjsKICAgIGNvbnN0IGRlbGV0ZVJlZnJlc2hUb2tlbiA9IChhdWRpZW5jZSwgc2NvcGUpID0+IGRlbGV0ZSByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldOwogICAgY29uc3Qgd2FpdCA9IHRpbWUgPT4gbmV3IFByb21pc2UoKHJlc29sdmUgPT4gc2V0VGltZW91dChyZXNvbHZlLCB0aW1lKSkpOwogICAgY29uc3QgZm9ybURhdGFUb09iamVjdCA9IGZvcm1EYXRhID0+IHsKICAgICAgICBjb25zdCBxdWVyeVBhcmFtcyA9IG5ldyBVUkxTZWFyY2hQYXJhbXMoZm9ybURhdGEpOwogICAgICAgIGNvbnN0IHBhcnNlZFF1ZXJ5ID0ge307CiAgICAgICAgcXVlcnlQYXJhbXMuZm9yRWFjaCgoKHZhbCwga2V5KSA9PiB7CiAgICAgICAgICAgIHBhcnNlZFF1ZXJ5W2tleV0gPSB2YWw7CiAgICAgICAgfSkpOwogICAgICAgIHJldHVybiBwYXJzZWRRdWVyeTsKICAgIH07CiAgICBjb25zdCBtZXNzYWdlSGFuZGxlciA9IGFzeW5jICh7ZGF0YToge3RpbWVvdXQ6IHRpbWVvdXQsIGF1dGg6IGF1dGgsIGZldGNoVXJsOiBmZXRjaFVybCwgZmV0Y2hPcHRpb25zOiBmZXRjaE9wdGlvbnMsIHVzZUZvcm1EYXRhOiB1c2VGb3JtRGF0YX0sIHBvcnRzOiBbcG9ydF19KSA9PiB7CiAgICAgICAgbGV0IGhlYWRlcnMgPSB7fTsKICAgICAgICBsZXQganNvbjsKICAgICAgICBjb25zdCB7YXVkaWVuY2U6IGF1ZGllbmNlLCBzY29wZTogc2NvcGV9ID0gYXV0aCB8fCB7fTsKICAgICAgICB0cnkgewogICAgICAgICAgICBjb25zdCBib2R5ID0gdXNlRm9ybURhdGEgPyBmb3JtRGF0YVRvT2JqZWN0KGZldGNoT3B0aW9ucy5ib2R5KSA6IEpTT04ucGFyc2UoZmV0Y2hPcHRpb25zLmJvZHkpOwogICAgICAgICAgICBpZiAoIWJvZHkucmVmcmVzaF90b2tlbiAmJiBib2R5LmdyYW50X3R5cGUgPT09ICJyZWZyZXNoX3Rva2VuIikgewogICAgICAgICAgICAgICAgY29uc3QgcmVmcmVzaFRva2VuID0gZ2V0UmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBpZiAoIXJlZnJlc2hUb2tlbikgewogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IoYXVkaWVuY2UsIHNjb3BlKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZldGNoT3B0aW9ucy5ib2R5ID0gdXNlRm9ybURhdGEgPyBjcmVhdGVRdWVyeVBhcmFtcyhPYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sIGJvZHkpLCB7CiAgICAgICAgICAgICAgICAgICAgcmVmcmVzaF90b2tlbjogcmVmcmVzaFRva2VuCiAgICAgICAgICAgICAgICB9KSkgOiBKU09OLnN0cmluZ2lmeShPYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sIGJvZHkpLCB7CiAgICAgICAgICAgICAgICAgICAgcmVmcmVzaF90b2tlbjogcmVmcmVzaFRva2VuCiAgICAgICAgICAgICAgICB9KSk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgbGV0IGFib3J0Q29udHJvbGxlcjsKICAgICAgICAgICAgaWYgKHR5cGVvZiBBYm9ydENvbnRyb2xsZXIgPT09ICJmdW5jdGlvbiIpIHsKICAgICAgICAgICAgICAgIGFib3J0Q29udHJvbGxlciA9IG5ldyBBYm9ydENvbnRyb2xsZXI7CiAgICAgICAgICAgICAgICBmZXRjaE9wdGlvbnMuc2lnbmFsID0gYWJvcnRDb250cm9sbGVyLnNpZ25hbDsKICAgICAgICAgICAgfQogICAgICAgICAgICBsZXQgcmVzcG9uc2U7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICByZXNwb25zZSA9IGF3YWl0IFByb21pc2UucmFjZShbIHdhaXQodGltZW91dCksIGZldGNoKGZldGNoVXJsLCBPYmplY3QuYXNzaWduKHt9LCBmZXRjaE9wdGlvbnMpKSBdKTsKICAgICAgICAgICAgfSBjYXRjaCAoZXJyb3IpIHsKICAgICAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgICAgIGVycm9yOiBlcnJvci5tZXNzYWdlCiAgICAgICAgICAgICAgICB9KTsKICAgICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgICAgfQogICAgICAgICAgICBpZiAoIXJlc3BvbnNlKSB7CiAgICAgICAgICAgICAgICBpZiAoYWJvcnRDb250cm9sbGVyKSBhYm9ydENvbnRyb2xsZXIuYWJvcnQoKTsKICAgICAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgICAgIGVycm9yOiAiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIgogICAgICAgICAgICAgICAgfSk7CiAgICAgICAgICAgICAgICByZXR1cm47CiAgICAgICAgICAgIH0KICAgICAgICAgICAgaGVhZGVycyA9IGZyb21FbnRyaWVzKHJlc3BvbnNlLmhlYWRlcnMpOwogICAgICAgICAgICBqc29uID0gYXdhaXQgcmVzcG9uc2UuanNvbigpOwogICAgICAgICAgICBpZiAoanNvbi5yZWZyZXNoX3Rva2VuKSB7CiAgICAgICAgICAgICAgICBzZXRSZWZyZXNoVG9rZW4oanNvbi5yZWZyZXNoX3Rva2VuLCBhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICAgICAgZGVsZXRlIGpzb24ucmVmcmVzaF90b2tlbjsKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGRlbGV0ZVJlZnJlc2hUb2tlbihhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgb2s6IHJlc3BvbnNlLm9rLAogICAgICAgICAgICAgICAganNvbjoganNvbiwKICAgICAgICAgICAgICAgIGhlYWRlcnM6IGhlYWRlcnMKICAgICAgICAgICAgfSk7CiAgICAgICAgfSBjYXRjaCAoZXJyb3IpIHsKICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICBvazogZmFsc2UsCiAgICAgICAgICAgICAgICBqc29uOiB7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6IGVycm9yLmVycm9yLAogICAgICAgICAgICAgICAgICAgIGVycm9yX2Rlc2NyaXB0aW9uOiBlcnJvci5tZXNzYWdlCiAgICAgICAgICAgICAgICB9LAogICAgICAgICAgICAgICAgaGVhZGVyczogaGVhZGVycwogICAgICAgICAgICB9KTsKICAgICAgICB9CiAgICB9OwogICAgewogICAgICAgIGFkZEV2ZW50TGlzdGVuZXIoIm1lc3NhZ2UiLCBtZXNzYWdlSGFuZGxlcik7CiAgICB9Cn0pKCk7Cgo=", null, false);
1928
+ var WorkerFactory = createBase64WorkerFactory("Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwooZnVuY3Rpb24oKSB7CiAgICAidXNlIHN0cmljdCI7CiAgICBjbGFzcyBHZW5lcmljRXJyb3IgZXh0ZW5kcyBFcnJvciB7CiAgICAgICAgY29uc3RydWN0b3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKSB7CiAgICAgICAgICAgIHN1cGVyKGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICAgICAgdGhpcy5lcnJvciA9IGVycm9yOwogICAgICAgICAgICB0aGlzLmVycm9yX2Rlc2NyaXB0aW9uID0gZXJyb3JfZGVzY3JpcHRpb247CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBHZW5lcmljRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICAgICAgc3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjogZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uOiBlcnJvcl9kZXNjcmlwdGlvbn0pIHsKICAgICAgICAgICAgcmV0dXJuIG5ldyBHZW5lcmljRXJyb3IoZXJyb3IsIGVycm9yX2Rlc2NyaXB0aW9uKTsKICAgICAgICB9CiAgICB9CiAgICBjbGFzcyBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IgZXh0ZW5kcyBHZW5lcmljRXJyb3IgewogICAgICAgIGNvbnN0cnVjdG9yKGF1ZGllbmNlLCBzY29wZSkgewogICAgICAgICAgICBzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIiwgYE1pc3NpbmcgUmVmcmVzaCBUb2tlbiAoYXVkaWVuY2U6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhhdWRpZW5jZSwgWyAiZGVmYXVsdCIgXSl9Jywgc2NvcGU6ICcke3ZhbHVlT3JFbXB0eVN0cmluZyhzY29wZSl9JylgKTsKICAgICAgICAgICAgdGhpcy5hdWRpZW5jZSA9IGF1ZGllbmNlOwogICAgICAgICAgICB0aGlzLnNjb3BlID0gc2NvcGU7CiAgICAgICAgICAgIE9iamVjdC5zZXRQcm90b3R5cGVPZih0aGlzLCBNaXNzaW5nUmVmcmVzaFRva2VuRXJyb3IucHJvdG90eXBlKTsKICAgICAgICB9CiAgICB9CiAgICBmdW5jdGlvbiB2YWx1ZU9yRW1wdHlTdHJpbmcodmFsdWUsIGV4Y2x1ZGUgPSBbXSkgewogICAgICAgIHJldHVybiB2YWx1ZSAmJiAhZXhjbHVkZS5pbmNsdWRlcyh2YWx1ZSkgPyB2YWx1ZSA6ICIiOwogICAgfQogICAgZnVuY3Rpb24gX19yZXN0KHMsIGUpIHsKICAgICAgICB2YXIgdCA9IHt9OwogICAgICAgIGZvciAodmFyIHAgaW4gcykgaWYgKE9iamVjdC5wcm90b3R5cGUuaGFzT3duUHJvcGVydHkuY2FsbChzLCBwKSAmJiBlLmluZGV4T2YocCkgPCAwKSB0W3BdID0gc1twXTsKICAgICAgICBpZiAocyAhPSBudWxsICYmIHR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzID09PSAiZnVuY3Rpb24iKSBmb3IgKHZhciBpID0gMCwgcCA9IE9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMocyk7IGkgPCBwLmxlbmd0aDsgaSsrKSB7CiAgICAgICAgICAgIGlmIChlLmluZGV4T2YocFtpXSkgPCAwICYmIE9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChzLCBwW2ldKSkgdFtwW2ldXSA9IHNbcFtpXV07CiAgICAgICAgfQogICAgICAgIHJldHVybiB0OwogICAgfQogICAgdHlwZW9mIFN1cHByZXNzZWRFcnJvciA9PT0gImZ1bmN0aW9uIiA/IFN1cHByZXNzZWRFcnJvciA6IGZ1bmN0aW9uKGVycm9yLCBzdXBwcmVzc2VkLCBtZXNzYWdlKSB7CiAgICAgICAgdmFyIGUgPSBuZXcgRXJyb3IobWVzc2FnZSk7CiAgICAgICAgcmV0dXJuIGUubmFtZSA9ICJTdXBwcmVzc2VkRXJyb3IiLCBlLmVycm9yID0gZXJyb3IsIGUuc3VwcHJlc3NlZCA9IHN1cHByZXNzZWQsIGU7CiAgICB9OwogICAgY29uc3Qgc3RyaXBVbmRlZmluZWQgPSBwYXJhbXMgPT4gT2JqZWN0LmtleXMocGFyYW1zKS5maWx0ZXIoKGsgPT4gdHlwZW9mIHBhcmFtc1trXSAhPT0gInVuZGVmaW5lZCIpKS5yZWR1Y2UoKChhY2MsIGtleSkgPT4gT2JqZWN0LmFzc2lnbihPYmplY3QuYXNzaWduKHt9LCBhY2MpLCB7CiAgICAgICAgW2tleV06IHBhcmFtc1trZXldCiAgICB9KSksIHt9KTsKICAgIGNvbnN0IGNyZWF0ZVF1ZXJ5UGFyYW1zID0gX2EgPT4gewogICAgICAgIHZhciB7Y2xpZW50SWQ6IGNsaWVudF9pZH0gPSBfYSwgcGFyYW1zID0gX19yZXN0KF9hLCBbICJjbGllbnRJZCIgXSk7CiAgICAgICAgcmV0dXJuIG5ldyBVUkxTZWFyY2hQYXJhbXMoc3RyaXBVbmRlZmluZWQoT2JqZWN0LmFzc2lnbih7CiAgICAgICAgICAgIGNsaWVudF9pZDogY2xpZW50X2lkCiAgICAgICAgfSwgcGFyYW1zKSkpLnRvU3RyaW5nKCk7CiAgICB9OwogICAgY29uc3QgZnJvbUVudHJpZXMgPSBpdGVyYWJsZSA9PiBbIC4uLml0ZXJhYmxlIF0ucmVkdWNlKCgob2JqLCBba2V5LCB2YWxdKSA9PiB7CiAgICAgICAgb2JqW2tleV0gPSB2YWw7CiAgICAgICAgcmV0dXJuIG9iajsKICAgIH0pLCB7fSk7CiAgICBsZXQgcmVmcmVzaFRva2VucyA9IHt9OwogICAgY29uc3QgY2FjaGVLZXkgPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiBgJHthdWRpZW5jZX18JHtzY29wZX1gOwogICAgY29uc3QgY2FjaGVLZXlDb250YWluc0F1ZGllbmNlID0gKGF1ZGllbmNlLCBjYWNoZUtleSkgPT4gY2FjaGVLZXkuc3RhcnRzV2l0aChgJHthdWRpZW5jZX18YCk7CiAgICBjb25zdCBnZXRSZWZyZXNoVG9rZW4gPSAoYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldOwogICAgY29uc3Qgc2V0UmVmcmVzaFRva2VuID0gKHJlZnJlc2hUb2tlbiwgYXVkaWVuY2UsIHNjb3BlKSA9PiByZWZyZXNoVG9rZW5zW2NhY2hlS2V5KGF1ZGllbmNlLCBzY29wZSldID0gcmVmcmVzaFRva2VuOwogICAgY29uc3QgZGVsZXRlUmVmcmVzaFRva2VuID0gKGF1ZGllbmNlLCBzY29wZSkgPT4gZGVsZXRlIHJlZnJlc2hUb2tlbnNbY2FjaGVLZXkoYXVkaWVuY2UsIHNjb3BlKV07CiAgICBjb25zdCB3YWl0ID0gdGltZSA9PiBuZXcgUHJvbWlzZSgocmVzb2x2ZSA9PiBzZXRUaW1lb3V0KHJlc29sdmUsIHRpbWUpKSk7CiAgICBjb25zdCBmb3JtRGF0YVRvT2JqZWN0ID0gZm9ybURhdGEgPT4gewogICAgICAgIGNvbnN0IHF1ZXJ5UGFyYW1zID0gbmV3IFVSTFNlYXJjaFBhcmFtcyhmb3JtRGF0YSk7CiAgICAgICAgY29uc3QgcGFyc2VkUXVlcnkgPSB7fTsKICAgICAgICBxdWVyeVBhcmFtcy5mb3JFYWNoKCgodmFsLCBrZXkpID0+IHsKICAgICAgICAgICAgcGFyc2VkUXVlcnlba2V5XSA9IHZhbDsKICAgICAgICB9KSk7CiAgICAgICAgcmV0dXJuIHBhcnNlZFF1ZXJ5OwogICAgfTsKICAgIGNvbnN0IHVwZGF0ZVJlZnJlc2hUb2tlbnMgPSAob2xkUmVmcmVzaFRva2VuLCBuZXdSZWZyZXNoVG9rZW4pID0+IHsKICAgICAgICBPYmplY3QuZW50cmllcyhyZWZyZXNoVG9rZW5zKS5mb3JFYWNoKCgoW2tleSwgdG9rZW5dKSA9PiB7CiAgICAgICAgICAgIGlmICh0b2tlbiA9PT0gb2xkUmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW5zW2tleV0gPSBuZXdSZWZyZXNoVG9rZW47CiAgICAgICAgICAgIH0KICAgICAgICB9KSk7CiAgICB9OwogICAgY29uc3QgY2hlY2tEb3duc2NvcGluZyA9IChzY29wZSwgYXVkaWVuY2UpID0+IHsKICAgICAgICBjb25zdCBmaW5kQ29pbmNpZGVuY2UgPSBPYmplY3Qua2V5cyhyZWZyZXNoVG9rZW5zKS5maW5kKChrZXkgPT4gewogICAgICAgICAgICBpZiAoa2V5ICE9PSAibGF0ZXN0X3JlZnJlc2hfdG9rZW4iKSB7CiAgICAgICAgICAgICAgICBjb25zdCBpc1NhbWVBdWRpZW5jZSA9IGNhY2hlS2V5Q29udGFpbnNBdWRpZW5jZShhdWRpZW5jZSwga2V5KTsKICAgICAgICAgICAgICAgIGNvbnN0IHNjb3Blc0tleSA9IGtleS5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIik7CiAgICAgICAgICAgICAgICBjb25zdCByZXF1ZXN0ZWRTY29wZXMgPSBzY29wZS5zcGxpdCgiICIpOwogICAgICAgICAgICAgICAgY29uc3Qgc2NvcGVzQXJlSW5jbHVkZWQgPSByZXF1ZXN0ZWRTY29wZXMuZXZlcnkoKGtleSA9PiBzY29wZXNLZXkuaW5jbHVkZXMoa2V5KSkpOwogICAgICAgICAgICAgICAgcmV0dXJuIGlzU2FtZUF1ZGllbmNlICYmIHNjb3Blc0FyZUluY2x1ZGVkOwogICAgICAgICAgICB9CiAgICAgICAgfSkpOwogICAgICAgIHJldHVybiBmaW5kQ29pbmNpZGVuY2UgPyB0cnVlIDogZmFsc2U7CiAgICB9OwogICAgY29uc3QgbWVzc2FnZUhhbmRsZXIgPSBhc3luYyAoe2RhdGE6IHt0aW1lb3V0OiB0aW1lb3V0LCBhdXRoOiBhdXRoLCBmZXRjaFVybDogZmV0Y2hVcmwsIGZldGNoT3B0aW9uczogZmV0Y2hPcHRpb25zLCB1c2VGb3JtRGF0YTogdXNlRm9ybURhdGEsIHVzZU1ycnQ6IHVzZU1ycnR9LCBwb3J0czogW3BvcnRdfSkgPT4gewogICAgICAgIGxldCBoZWFkZXJzID0ge307CiAgICAgICAgbGV0IGpzb247CiAgICAgICAgbGV0IHJlZnJlc2hUb2tlbjsKICAgICAgICBjb25zdCB7YXVkaWVuY2U6IGF1ZGllbmNlLCBzY29wZTogc2NvcGV9ID0gYXV0aCB8fCB7fTsKICAgICAgICB0cnkgewogICAgICAgICAgICBjb25zdCBib2R5ID0gdXNlRm9ybURhdGEgPyBmb3JtRGF0YVRvT2JqZWN0KGZldGNoT3B0aW9ucy5ib2R5KSA6IEpTT04ucGFyc2UoZmV0Y2hPcHRpb25zLmJvZHkpOwogICAgICAgICAgICBpZiAoIWJvZHkucmVmcmVzaF90b2tlbiAmJiBib2R5LmdyYW50X3R5cGUgPT09ICJyZWZyZXNoX3Rva2VuIikgewogICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gZ2V0UmVmcmVzaFRva2VuKGF1ZGllbmNlLCBzY29wZSk7CiAgICAgICAgICAgICAgICBpZiAoIXJlZnJlc2hUb2tlbiAmJiB1c2VNcnJ0KSB7CiAgICAgICAgICAgICAgICAgICAgY29uc3QgbGF0ZXN0UmVmcmVzaFRva2VuID0gcmVmcmVzaFRva2Vuc1sibGF0ZXN0X3JlZnJlc2hfdG9rZW4iXTsKICAgICAgICAgICAgICAgICAgICBjb25zdCBpc0Rvd25zY29waW5nID0gY2hlY2tEb3duc2NvcGluZyhzY29wZSwgYXVkaWVuY2UpOwogICAgICAgICAgICAgICAgICAgIGlmIChsYXRlc3RSZWZyZXNoVG9rZW4gJiYgIWlzRG93bnNjb3BpbmcpIHsKICAgICAgICAgICAgICAgICAgICAgICAgcmVmcmVzaFRva2VuID0gbGF0ZXN0UmVmcmVzaFRva2VuOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGlmICghcmVmcmVzaFRva2VuKSB7CiAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IE1pc3NpbmdSZWZyZXNoVG9rZW5FcnJvcihhdWRpZW5jZSwgc2NvcGUpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmV0Y2hPcHRpb25zLmJvZHkgPSB1c2VGb3JtRGF0YSA/IGNyZWF0ZVF1ZXJ5UGFyYW1zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSwgYm9keSksIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoX3Rva2VuOiByZWZyZXNoVG9rZW4KICAgICAgICAgICAgICAgIH0pKSA6IEpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSwgYm9keSksIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoX3Rva2VuOiByZWZyZXNoVG9rZW4KICAgICAgICAgICAgICAgIH0pKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBsZXQgYWJvcnRDb250cm9sbGVyOwogICAgICAgICAgICBpZiAodHlwZW9mIEFib3J0Q29udHJvbGxlciA9PT0gImZ1bmN0aW9uIikgewogICAgICAgICAgICAgICAgYWJvcnRDb250cm9sbGVyID0gbmV3IEFib3J0Q29udHJvbGxlcjsKICAgICAgICAgICAgICAgIGZldGNoT3B0aW9ucy5zaWduYWwgPSBhYm9ydENvbnRyb2xsZXIuc2lnbmFsOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGxldCByZXNwb25zZTsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgIHJlc3BvbnNlID0gYXdhaXQgUHJvbWlzZS5yYWNlKFsgd2FpdCh0aW1lb3V0KSwgZmV0Y2goZmV0Y2hVcmwsIE9iamVjdC5hc3NpZ24oe30sIGZldGNoT3B0aW9ucykpIF0pOwogICAgICAgICAgICB9IGNhdGNoIChlcnJvcikgewogICAgICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6IGVycm9yLm1lc3NhZ2UKICAgICAgICAgICAgICAgIH0pOwogICAgICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGlmICghcmVzcG9uc2UpIHsKICAgICAgICAgICAgICAgIGlmIChhYm9ydENvbnRyb2xsZXIpIGFib3J0Q29udHJvbGxlci5hYm9ydCgpOwogICAgICAgICAgICAgICAgcG9ydC5wb3N0TWVzc2FnZSh7CiAgICAgICAgICAgICAgICAgICAgZXJyb3I6ICJUaW1lb3V0IHdoZW4gZXhlY3V0aW5nICdmZXRjaCciCiAgICAgICAgICAgICAgICB9KTsKICAgICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgICAgfQogICAgICAgICAgICBoZWFkZXJzID0gZnJvbUVudHJpZXMocmVzcG9uc2UuaGVhZGVycyk7CiAgICAgICAgICAgIGpzb24gPSBhd2FpdCByZXNwb25zZS5qc29uKCk7CiAgICAgICAgICAgIGlmIChqc29uLnJlZnJlc2hfdG9rZW4pIHsKICAgICAgICAgICAgICAgIGlmICh1c2VNcnJ0ICYmIGF1ZGllbmNlICE9PSAiZGVmYXVsdCIpIHsKICAgICAgICAgICAgICAgICAgICByZWZyZXNoVG9rZW5zWyJsYXRlc3RfcmVmcmVzaF90b2tlbiJdID0ganNvbi5yZWZyZXNoX3Rva2VuOwogICAgICAgICAgICAgICAgICAgIHVwZGF0ZVJlZnJlc2hUb2tlbnMocmVmcmVzaFRva2VuLCBqc29uLnJlZnJlc2hfdG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgc2V0UmVmcmVzaFRva2VuKGpzb24ucmVmcmVzaF90b2tlbiwgYXVkaWVuY2UsIHNjb3BlKTsKICAgICAgICAgICAgICAgIGRlbGV0ZSBqc29uLnJlZnJlc2hfdG9rZW47CiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBkZWxldGVSZWZyZXNoVG9rZW4oYXVkaWVuY2UsIHNjb3BlKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBwb3J0LnBvc3RNZXNzYWdlKHsKICAgICAgICAgICAgICAgIG9rOiByZXNwb25zZS5vaywKICAgICAgICAgICAgICAgIGpzb246IGpzb24sCiAgICAgICAgICAgICAgICBoZWFkZXJzOiBoZWFkZXJzCiAgICAgICAgICAgIH0pOwogICAgICAgIH0gY2F0Y2ggKGVycm9yKSB7CiAgICAgICAgICAgIHBvcnQucG9zdE1lc3NhZ2UoewogICAgICAgICAgICAgICAgb2s6IGZhbHNlLAogICAgICAgICAgICAgICAganNvbjogewogICAgICAgICAgICAgICAgICAgIGVycm9yOiBlcnJvci5lcnJvciwKICAgICAgICAgICAgICAgICAgICBlcnJvcl9kZXNjcmlwdGlvbjogZXJyb3IubWVzc2FnZQogICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgIGhlYWRlcnM6IGhlYWRlcnMKICAgICAgICAgICAgfSk7CiAgICAgICAgfQogICAgfTsKICAgIHsKICAgICAgICBhZGRFdmVudExpc3RlbmVyKCJtZXNzYWdlIiwgbWVzc2FnZUhhbmRsZXIpOwogICAgfQp9KSgpOwoK", null, false);
1865
1929
 
1866
1930
  const singlePromiseMap = {};
1867
1931
 
@@ -1961,6 +2025,33 @@ const patchOpenUrlWithOnRedirect = options => {
1961
2025
  return result;
1962
2026
  };
1963
2027
 
2028
+ const allScopesAreIncluded = (scopeToInclude, scopes) => {
2029
+ const scopeGroup = (scopes === null || scopes === void 0 ? void 0 : scopes.split(" ")) || [];
2030
+ const scopesToInclude = (scopeToInclude === null || scopeToInclude === void 0 ? void 0 : scopeToInclude.split(" ")) || [];
2031
+ return scopesToInclude.every((key => scopeGroup.includes(key)));
2032
+ };
2033
+
2034
+ const getScopeToRequest = (useMrrt, authorizationParams, cachedAudience, cachedScope) => {
2035
+ var _a;
2036
+ if (useMrrt && cachedAudience && cachedScope) {
2037
+ if (authorizationParams.audience !== cachedAudience) {
2038
+ return authorizationParams.scope;
2039
+ }
2040
+ const cachedScopes = cachedScope.split(" ");
2041
+ const newScopes = ((_a = authorizationParams.scope) === null || _a === void 0 ? void 0 : _a.split(" ")) || [];
2042
+ const newScopesAreIncluded = newScopes.every((scope => cachedScopes.includes(scope)));
2043
+ return cachedScopes.length >= newScopes.length && newScopesAreIncluded ? cachedScope : authorizationParams.scope;
2044
+ }
2045
+ return authorizationParams.scope;
2046
+ };
2047
+
2048
+ const isRefreshWithMrrt = (cachedAudience, cachedScope, requestAudience, requestScope) => {
2049
+ if (cachedAudience !== requestAudience) {
2050
+ return true;
2051
+ }
2052
+ return !allScopesAreIncluded(requestScope, cachedScope);
2053
+ };
2054
+
1964
2055
  const VERSION = 1;
1965
2056
 
1966
2057
  const NAME = "auth0-spa-js";
@@ -2094,8 +2185,8 @@ class Fetcher {
2094
2185
  }
2095
2186
  throw new TypeError("`url` must be absolute or `baseUrl` non-empty.");
2096
2187
  }
2097
- getAccessToken() {
2098
- return this.config.getAccessToken ? this.config.getAccessToken() : this.hooks.getAccessToken();
2188
+ getAccessToken(authParams) {
2189
+ return this.config.getAccessToken ? this.config.getAccessToken(authParams) : this.hooks.getAccessToken(authParams);
2099
2190
  }
2100
2191
  buildBaseRequest(info, init) {
2101
2192
  const request = new Request(info, init);
@@ -2104,7 +2195,7 @@ class Fetcher {
2104
2195
  }
2105
2196
  return new Request(this.buildUrl(this.config.baseUrl, request.url), request);
2106
2197
  }
2107
- async setAuthorizationHeader(request, accessToken) {
2198
+ setAuthorizationHeader(request, accessToken) {
2108
2199
  request.headers.set("authorization", `${this.config.dpopNonceId ? "DPoP" : "Bearer"} ${accessToken}`);
2109
2200
  }
2110
2201
  async setDpopProofHeader(request, accessToken) {
@@ -2120,8 +2211,8 @@ class Fetcher {
2120
2211
  });
2121
2212
  request.headers.set("dpop", dpopProof);
2122
2213
  }
2123
- async prepareRequest(request) {
2124
- const accessToken = await this.getAccessToken();
2214
+ async prepareRequest(request, authParams) {
2215
+ const accessToken = await this.getAccessToken(authParams);
2125
2216
  this.setAuthorizationHeader(request, accessToken);
2126
2217
  await this.setDpopProofHeader(request, accessToken);
2127
2218
  }
@@ -2154,19 +2245,78 @@ class Fetcher {
2154
2245
  }
2155
2246
  return callbacks.onUseDpopNonceError();
2156
2247
  }
2157
- async internalFetchWithAuth(info, init, callbacks) {
2248
+ async internalFetchWithAuth(info, init, callbacks, authParams) {
2158
2249
  const request = this.buildBaseRequest(info, init);
2159
- await this.prepareRequest(request);
2250
+ await this.prepareRequest(request, authParams);
2160
2251
  const response = await this.config.fetch(request);
2161
2252
  return this.handleResponse(response, callbacks);
2162
2253
  }
2163
- fetchWithAuth(info, init) {
2254
+ fetchWithAuth(info, init, authParams) {
2164
2255
  const callbacks = {
2165
2256
  onUseDpopNonceError: () => this.internalFetchWithAuth(info, init, Object.assign(Object.assign({}, callbacks), {
2166
2257
  onUseDpopNonceError: undefined
2167
- }))
2258
+ }), authParams)
2168
2259
  };
2169
- return this.internalFetchWithAuth(info, init, callbacks);
2260
+ return this.internalFetchWithAuth(info, init, callbacks, authParams);
2261
+ }
2262
+ }
2263
+
2264
+ class MyAccountApiClient {
2265
+ constructor(myAccountFetcher, apiBase) {
2266
+ this.myAccountFetcher = myAccountFetcher;
2267
+ this.apiBase = apiBase;
2268
+ }
2269
+ async connectAccount(params) {
2270
+ const res = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/connect`, {
2271
+ method: "POST",
2272
+ headers: {
2273
+ "Content-Type": "application/json"
2274
+ },
2275
+ body: JSON.stringify(params)
2276
+ });
2277
+ return this._handleResponse(res);
2278
+ }
2279
+ async completeAccount(params) {
2280
+ const res = await this.myAccountFetcher.fetchWithAuth(`${this.apiBase}v1/connected-accounts/complete`, {
2281
+ method: "POST",
2282
+ headers: {
2283
+ "Content-Type": "application/json"
2284
+ },
2285
+ body: JSON.stringify(params)
2286
+ });
2287
+ return this._handleResponse(res);
2288
+ }
2289
+ async _handleResponse(res) {
2290
+ let body;
2291
+ try {
2292
+ body = await res.text();
2293
+ body = JSON.parse(body);
2294
+ } catch (err) {
2295
+ throw new MyAccountApiError({
2296
+ type: "invalid_json",
2297
+ status: res.status,
2298
+ title: "Invalid JSON response",
2299
+ detail: body || String(err)
2300
+ });
2301
+ }
2302
+ if (res.ok) {
2303
+ return body;
2304
+ } else {
2305
+ throw new MyAccountApiError(body);
2306
+ }
2307
+ }
2308
+ }
2309
+
2310
+ class MyAccountApiError extends Error {
2311
+ constructor({type: type, status: status, title: title, detail: detail, validation_errors: validation_errors}) {
2312
+ super(detail);
2313
+ this.name = "MyAccountApiError";
2314
+ this.type = type;
2315
+ this.status = status;
2316
+ this.title = title;
2317
+ this.detail = detail;
2318
+ this.validation_errors = validation_errors;
2319
+ Object.setPrototypeOf(this, MyAccountApiError.prototype);
2170
2320
  }
2171
2321
  }
2172
2322
 
@@ -2217,6 +2367,18 @@ class Auth0Client {
2217
2367
  this.dpop = this.options.useDpop ? new Dpop(this.options.clientId) : undefined;
2218
2368
  this.domainUrl = getDomain(this.options.domain);
2219
2369
  this.tokenIssuer = getTokenIssuer(this.options.issuer, this.domainUrl);
2370
+ const myAccountApiIdentifier = `${this.domainUrl}/me/`;
2371
+ const myAccountFetcher = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && {
2372
+ dpopNonceId: "__auth0_my_account_api__"
2373
+ }), {
2374
+ getAccessToken: () => this.getTokenSilently({
2375
+ authorizationParams: {
2376
+ scope: "create:me:connected_accounts",
2377
+ audience: myAccountApiIdentifier
2378
+ }
2379
+ })
2380
+ }));
2381
+ this.myAccountApi = new MyAccountApiClient(myAccountFetcher, myAccountApiIdentifier);
2220
2382
  if (typeof window !== "undefined" && window.Worker && this.options.useRefreshTokens && cacheLocation === CACHE_LOCATION_MEMORY) {
2221
2383
  if (this.options.workerUrl) {
2222
2384
  this.worker = new Worker(this.options.workerUrl);
@@ -2326,7 +2488,8 @@ class Auth0Client {
2326
2488
  const organization = ((_a = urlOptions.authorizationParams) === null || _a === void 0 ? void 0 : _a.organization) || this.options.authorizationParams.organization;
2327
2489
  const _c = await this._prepareAuthorizeUrl(urlOptions.authorizationParams || {}), {url: url} = _c, transaction = __rest(_c, [ "url" ]);
2328
2490
  this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, transaction), {
2329
- appState: appState
2491
+ appState: appState,
2492
+ response_type: exports.ResponseType.Code
2330
2493
  }), organization && {
2331
2494
  organization: organization
2332
2495
  }));
@@ -2342,12 +2505,19 @@ class Auth0Client {
2342
2505
  if (queryStringFragments.length === 0) {
2343
2506
  throw new Error("There are no query params available for parsing.");
2344
2507
  }
2345
- const {state: state, code: code, error: error, error_description: error_description} = parseAuthenticationResult(queryStringFragments.join(""));
2346
2508
  const transaction = this.transactionManager.get();
2347
2509
  if (!transaction) {
2348
2510
  throw new GenericError("missing_transaction", "Invalid state");
2349
2511
  }
2350
2512
  this.transactionManager.remove();
2513
+ const authenticationResult = parseAuthenticationResult(queryStringFragments.join(""));
2514
+ if (transaction.response_type === exports.ResponseType.ConnectCode) {
2515
+ return this._handleConnectAccountRedirectCallback(authenticationResult, transaction);
2516
+ }
2517
+ return this._handleLoginRedirectCallback(authenticationResult, transaction);
2518
+ }
2519
+ async _handleLoginRedirectCallback(authenticationResult, transaction) {
2520
+ const {code: code, state: state, error: error, error_description: error_description} = authenticationResult;
2351
2521
  if (error) {
2352
2522
  throw new AuthenticationError(error, error_description || error, state, transaction.appState);
2353
2523
  }
@@ -2370,9 +2540,32 @@ class Auth0Client {
2370
2540
  organization: organization
2371
2541
  });
2372
2542
  return {
2373
- appState: transaction.appState
2543
+ appState: transaction.appState,
2544
+ response_type: exports.ResponseType.Code
2374
2545
  };
2375
2546
  }
2547
+ async _handleConnectAccountRedirectCallback(connectResult, transaction) {
2548
+ const {connect_code: connect_code, state: state, error: error, error_description: error_description} = connectResult;
2549
+ if (error) {
2550
+ throw new ConnectError(error, error_description || error, transaction.connection, state, transaction.appState);
2551
+ }
2552
+ if (!connect_code) {
2553
+ throw new GenericError("missing_connect_code", "Missing connect code");
2554
+ }
2555
+ if (!transaction.code_verifier || !transaction.state || !transaction.auth_session || !transaction.redirect_uri || transaction.state !== state) {
2556
+ throw new GenericError("state_mismatch", "Invalid state");
2557
+ }
2558
+ const data = await this.myAccountApi.completeAccount({
2559
+ auth_session: transaction.auth_session,
2560
+ connect_code: connect_code,
2561
+ redirect_uri: transaction.redirect_uri,
2562
+ code_verifier: transaction.code_verifier
2563
+ });
2564
+ return Object.assign(Object.assign({}, data), {
2565
+ appState: transaction.appState,
2566
+ response_type: exports.ResponseType.ConnectCode
2567
+ });
2568
+ }
2376
2569
  async checkSession(options) {
2377
2570
  if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
2378
2571
  if (!this.cookieStorage.get(OLD_IS_AUTHENTICATED_COOKIE_NAME)) {
@@ -2407,7 +2600,8 @@ class Auth0Client {
2407
2600
  const entry = await this._getEntryFromCache({
2408
2601
  scope: getTokenOptions.authorizationParams.scope,
2409
2602
  audience: getTokenOptions.authorizationParams.audience || "default",
2410
- clientId: this.options.clientId
2603
+ clientId: this.options.clientId,
2604
+ cacheMode: cacheMode
2411
2605
  });
2412
2606
  if (entry) {
2413
2607
  return entry;
@@ -2461,7 +2655,7 @@ class Auth0Client {
2461
2655
  scope: localOptions.authorizationParams.scope,
2462
2656
  audience: localOptions.authorizationParams.audience || "default",
2463
2657
  clientId: this.options.clientId
2464
- }));
2658
+ }), undefined, this.options.useMrrt);
2465
2659
  return cache.access_token;
2466
2660
  }
2467
2661
  async isAuthenticated() {
@@ -2559,7 +2753,7 @@ class Auth0Client {
2559
2753
  scope: options.authorizationParams.scope,
2560
2754
  audience: options.authorizationParams.audience || "default",
2561
2755
  clientId: this.options.clientId
2562
- }));
2756
+ }), undefined, this.options.useMrrt);
2563
2757
  if ((!cache || !cache.refresh_token) && !this.worker) {
2564
2758
  if (this.options.useRefreshTokensFallback) {
2565
2759
  return await this._getTokenFromIFrame(options);
@@ -2568,6 +2762,7 @@ class Auth0Client {
2568
2762
  }
2569
2763
  const redirect_uri = options.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin;
2570
2764
  const timeout = typeof options.timeoutInSeconds === "number" ? options.timeoutInSeconds * 1e3 : null;
2765
+ const scopesToRequest = getScopeToRequest(this.options.useMrrt, options.authorizationParams, cache === null || cache === void 0 ? void 0 : cache.audience, cache === null || cache === void 0 ? void 0 : cache.scope);
2571
2766
  try {
2572
2767
  const tokenResult = await this._requestToken(Object.assign(Object.assign(Object.assign({}, options.authorizationParams), {
2573
2768
  grant_type: "refresh_token",
@@ -2575,7 +2770,24 @@ class Auth0Client {
2575
2770
  redirect_uri: redirect_uri
2576
2771
  }), timeout && {
2577
2772
  timeout: timeout
2578
- }));
2773
+ }), {
2774
+ scopesToRequest: scopesToRequest
2775
+ });
2776
+ if (tokenResult.refresh_token && this.options.useMrrt && (cache === null || cache === void 0 ? void 0 : cache.refresh_token)) {
2777
+ await this.cacheManager.updateEntry(cache.refresh_token, tokenResult.refresh_token);
2778
+ }
2779
+ if (this.options.useMrrt) {
2780
+ const isRefreshMrrt = isRefreshWithMrrt(cache === null || cache === void 0 ? void 0 : cache.audience, cache === null || cache === void 0 ? void 0 : cache.scope, options.authorizationParams.audience, options.authorizationParams.scope);
2781
+ if (isRefreshMrrt) {
2782
+ const tokenHasAllScopes = allScopesAreIncluded(scopesToRequest, tokenResult.scope);
2783
+ if (!tokenHasAllScopes) {
2784
+ if (this.options.useRefreshTokensFallback) {
2785
+ return await this._getTokenFromIFrame(options);
2786
+ }
2787
+ throw new MissingRefreshTokenError(options.authorizationParams.audience || "default", options.authorizationParams.scope);
2788
+ }
2789
+ }
2790
+ }
2579
2791
  return Object.assign(Object.assign({}, tokenResult), {
2580
2792
  scope: options.authorizationParams.scope,
2581
2793
  oauthTokenScope: tokenResult.scope,
@@ -2611,12 +2823,12 @@ class Auth0Client {
2611
2823
  this.userCache.set(CACHE_KEY_ID_TOKEN_SUFFIX, cache);
2612
2824
  return cache;
2613
2825
  }
2614
- async _getEntryFromCache({scope: scope, audience: audience, clientId: clientId}) {
2826
+ async _getEntryFromCache({scope: scope, audience: audience, clientId: clientId, cacheMode: cacheMode}) {
2615
2827
  const entry = await this.cacheManager.get(new CacheKey({
2616
2828
  scope: scope,
2617
2829
  audience: audience,
2618
2830
  clientId: clientId
2619
- }), 60);
2831
+ }), 60, this.options.useMrrt, cacheMode);
2620
2832
  if (entry && entry.access_token) {
2621
2833
  const {token_type: token_type, access_token: access_token, oauthTokenScope: oauthTokenScope, expires_in: expires_in} = entry;
2622
2834
  const cache = await this._getIdTokenFromCache();
@@ -2632,15 +2844,18 @@ class Auth0Client {
2632
2844
  }
2633
2845
  }
2634
2846
  async _requestToken(options, additionalParameters) {
2635
- const {nonceIn: nonceIn, organization: organization} = additionalParameters || {};
2636
- const authResult = await oauthToken(Object.assign({
2847
+ const {nonceIn: nonceIn, organization: organization, scopesToRequest: scopesToRequest} = additionalParameters || {};
2848
+ const authResult = await oauthToken(Object.assign(Object.assign({
2637
2849
  baseUrl: this.domainUrl,
2638
2850
  client_id: this.options.clientId,
2639
2851
  auth0Client: this.options.auth0Client,
2640
2852
  useFormData: this.options.useFormData,
2641
2853
  timeout: this.httpTimeoutMs,
2854
+ useMrrt: this.options.useMrrt,
2642
2855
  dpop: this.dpop
2643
- }, options), this.worker);
2856
+ }, options), {
2857
+ scope: scopesToRequest || options.scope
2858
+ }), this.worker);
2644
2859
  const decodedToken = await this._verifyIdToken(authResult.id_token, nonceIn, organization);
2645
2860
  await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, authResult), {
2646
2861
  decodedToken: decodedToken,
@@ -2692,16 +2907,62 @@ class Auth0Client {
2692
2907
  }
2693
2908
  return new Fetcher(config, {
2694
2909
  isDpopEnabled: () => !!this.options.useDpop,
2695
- getAccessToken: () => this.getTokenSilently(),
2910
+ getAccessToken: authParams => {
2911
+ var _a;
2912
+ return this.getTokenSilently({
2913
+ authorizationParams: {
2914
+ scope: (_a = authParams === null || authParams === void 0 ? void 0 : authParams.scope) === null || _a === void 0 ? void 0 : _a.join(" "),
2915
+ audience: authParams === null || authParams === void 0 ? void 0 : authParams.audience
2916
+ }
2917
+ });
2918
+ },
2696
2919
  getDpopNonce: () => this.getDpopNonce(config.dpopNonceId),
2697
- setDpopNonce: nonce => this.setDpopNonce(nonce),
2920
+ setDpopNonce: nonce => this.setDpopNonce(nonce, config.dpopNonceId),
2698
2921
  generateDpopProof: params => this.generateDpopProof(params)
2699
2922
  });
2700
2923
  }
2924
+ async connectAccountWithRedirect(options) {
2925
+ if (!this.options.useDpop) {
2926
+ throw new Error("`useDpop` option must be enabled before using connectAccountWithRedirect.");
2927
+ }
2928
+ if (!this.options.useMrrt) {
2929
+ throw new Error("`useMrrt` option must be enabled before using connectAccountWithRedirect.");
2930
+ }
2931
+ const {openUrl: openUrl, appState: appState, connection: connection, authorization_params: authorization_params, redirectUri: redirectUri = this.options.authorizationParams.redirect_uri || window.location.origin} = options;
2932
+ if (!connection) {
2933
+ throw new Error("connection is required");
2934
+ }
2935
+ const state = encode(createRandomString());
2936
+ const code_verifier = createRandomString();
2937
+ const code_challengeBuffer = await sha256(code_verifier);
2938
+ const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);
2939
+ const {connect_uri: connect_uri, connect_params: connect_params, auth_session: auth_session} = await this.myAccountApi.connectAccount({
2940
+ connection: connection,
2941
+ redirect_uri: redirectUri,
2942
+ state: state,
2943
+ code_challenge: code_challenge,
2944
+ code_challenge_method: "S256",
2945
+ authorization_params: authorization_params
2946
+ });
2947
+ this.transactionManager.create({
2948
+ state: state,
2949
+ code_verifier: code_verifier,
2950
+ auth_session: auth_session,
2951
+ redirect_uri: redirectUri,
2952
+ appState: appState,
2953
+ connection: connection,
2954
+ response_type: exports.ResponseType.ConnectCode
2955
+ });
2956
+ const url = new URL(connect_uri);
2957
+ url.searchParams.set("ticket", connect_params.ticket);
2958
+ if (openUrl) {
2959
+ await openUrl(url.toString());
2960
+ } else {
2961
+ window.location.assign(url);
2962
+ }
2963
+ }
2701
2964
  }
2702
2965
 
2703
- class User {}
2704
-
2705
2966
  async function createAuth0Client(options) {
2706
2967
  const auth0 = new Auth0Client(options);
2707
2968
  await auth0.checkSession();
@@ -2714,6 +2975,8 @@ exports.AuthenticationError = AuthenticationError;
2714
2975
 
2715
2976
  exports.CacheKey = CacheKey;
2716
2977
 
2978
+ exports.ConnectError = ConnectError;
2979
+
2717
2980
  exports.GenericError = GenericError;
2718
2981
 
2719
2982
  exports.InMemoryCache = InMemoryCache;
@@ -2724,6 +2987,8 @@ exports.MfaRequiredError = MfaRequiredError;
2724
2987
 
2725
2988
  exports.MissingRefreshTokenError = MissingRefreshTokenError;
2726
2989
 
2990
+ exports.MyAccountApiError = MyAccountApiError;
2991
+
2727
2992
  exports.PopupCancelledError = PopupCancelledError;
2728
2993
 
2729
2994
  exports.PopupTimeoutError = PopupTimeoutError;