@authorizerdev/authorizer-js 3.0.0 → 3.0.2

package/lib/index.mjs

@@ -9,8 +9,7 @@ var DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;
 var CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;
 
 // src/types.ts
-var OAuthProviders;
-(function(OAuthProviders2) {
+var OAuthProviders = /* @__PURE__ */ (function(OAuthProviders2) {
   OAuthProviders2["Apple"] = "apple";
   OAuthProviders2["Github"] = "github";
   OAuthProviders2["Google"] = "google";
@@ -21,20 +20,20 @@ var OAuthProviders;
   OAuthProviders2["Twitch"] = "twitch";
   OAuthProviders2["Roblox"] = "roblox";
   OAuthProviders2["Discord"] = "discord";
-})(OAuthProviders || (OAuthProviders = {}));
-var ResponseTypes;
-(function(ResponseTypes2) {
+  return OAuthProviders2;
+})({});
+var ResponseTypes = /* @__PURE__ */ (function(ResponseTypes2) {
   ResponseTypes2["Code"] = "code";
   ResponseTypes2["Token"] = "token";
-})(ResponseTypes || (ResponseTypes = {}));
+  return ResponseTypes2;
+})({});
 
 // src/utils.ts
 var hasWindow = /* @__PURE__ */ __name(() => typeof window !== "undefined", "hasWindow");
 var trimURL = /* @__PURE__ */ __name((url) => {
   let trimmedData = url.trim();
   const lastChar = trimmedData[trimmedData.length - 1];
-  if (lastChar === "/")
-    trimmedData = trimmedData.slice(0, -1);
+  if (lastChar === "/") trimmedData = trimmedData.slice(0, -1);
   return trimmedData;
 }, "trimURL");
 var getCrypto = /* @__PURE__ */ __name(() => {
@@ -59,7 +58,9 @@ var createQueryParams = /* @__PURE__ */ __name((params) => {
   return Object.keys(params).filter((k) => typeof params[k] !== "undefined").map((k) => `${encodeURIComponent(k)}=${encodeURIComponent(params[k])}`).join("&");
 }, "createQueryParams");
 var sha256 = /* @__PURE__ */ __name(async (s) => {
-  const digestOp = getCryptoSubtle().digest({
+  const subtle = getCryptoSubtle();
+  if (!subtle) throw new Error("Web Crypto API is not available");
+  const digestOp = subtle.digest({
     name: "SHA-256"
   }, new TextEncoder().encode(s));
   if (window.msCrypto) {
@@ -89,8 +90,16 @@ var bufferToBase64UrlEncoded = /* @__PURE__ */ __name((input) => {
   const ie11SafeInput = new Uint8Array(input);
   return urlEncodeB64(window.btoa(String.fromCharCode(...Array.from(ie11SafeInput))));
 }, "bufferToBase64UrlEncoded");
+var originFromAuthorizerUrl = /* @__PURE__ */ __name((authorizerUrl) => {
+  try {
+    return new URL(authorizerUrl).origin;
+  } catch {
+    return authorizerUrl;
+  }
+}, "originFromAuthorizerUrl");
 var executeIframe = /* @__PURE__ */ __name((authorizeUrl, eventOrigin, timeoutInSeconds = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) => {
   return new Promise((resolve, reject) => {
+    const expectedOrigin = originFromAuthorizerUrl(eventOrigin);
     const iframe = window.document.createElement("iframe");
     iframe.setAttribute("id", "authorizer-iframe");
     iframe.setAttribute("width", "0");
@@ -103,17 +112,16 @@ var executeIframe = /* @__PURE__ */ __name((authorizeUrl, eventOrigin, timeoutIn
       }
     }, "removeIframe");
     const timeoutSetTimeoutId = setTimeout(() => {
+      reject(new Error("Authorization timeout"));
       removeIframe();
     }, timeoutInSeconds * 1e3);
     const iframeEventHandler = /* @__PURE__ */ __name(function(e) {
-      if (e.origin !== eventOrigin)
-        return;
-      if (!e.data || !e.data.response)
-        return;
+      if (e.origin !== expectedOrigin) return;
+      if (!e.data || !e.data.response) return;
       const eventSource = e.source;
-      if (eventSource)
-        eventSource.close();
-      e.data.response.error ? reject(e.data.response) : resolve(e.data.response);
+      if (eventSource) eventSource.close();
+      if (e.data.response.error) reject(e.data.response);
+      else resolve(e.data.response);
       clearTimeout(timeoutSetTimeoutId);
       window.removeEventListener("message", iframeEventHandler, false);
       setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1e3);
@@ -128,44 +136,72 @@ var executeIframe = /* @__PURE__ */ __name((authorizeUrl, eventOrigin, timeoutIn
 var userFragment = "id email email_verified given_name family_name middle_name nickname preferred_username picture signup_methods gender birthdate phone_number phone_number_verified roles created_at updated_at revoked_timestamp is_multi_factor_auth_enabled app_data";
 var authTokenFragment = `message access_token expires_in refresh_token id_token should_show_email_otp_screen should_show_mobile_otp_screen should_show_totp_screen authenticator_scanner_image authenticator_secret authenticator_recovery_codes user { ${userFragment} }`;
 var getFetcher = /* @__PURE__ */ __name(() => hasWindow() ? window.fetch : crossFetch, "getFetcher");
+function toErrorList(errors) {
+  if (Array.isArray(errors)) {
+    return errors.map((item) => {
+      if (item instanceof Error) return item;
+      if (item && typeof item === "object" && "message" in item) return new Error(String(item.message));
+      return new Error(String(item));
+    });
+  }
+  if (errors instanceof Error) return [
+    errors
+  ];
+  if (errors !== null && typeof errors === "object") {
+    const o = errors;
+    if (typeof o.error_description === "string") return [
+      new Error(o.error_description)
+    ];
+    if (typeof o.error === "string") {
+      const desc = typeof o.error_description === "string" ? `: ${o.error_description}` : "";
+      return [
+        new Error(`${o.error}${desc}`)
+      ];
+    }
+    if (typeof o.message === "string") return [
+      new Error(o.message)
+    ];
+  }
+  if (errors === void 0 || errors === null) return [
+    new Error("Unknown error")
+  ];
+  return [
+    new Error(String(errors))
+  ];
+}
+__name(toErrorList, "toErrorList");
 var _Authorizer = class _Authorizer {
   // class variable
   config;
   codeVerifier;
   // constructor
   constructor(config) {
-    if (!config)
-      throw new Error("Configuration is required");
+    var _a, _b;
+    if (!config) throw new Error("Configuration is required");
     this.config = config;
-    if (!config.authorizerURL && !config.authorizerURL.trim())
-      throw new Error("Invalid authorizerURL");
-    if (config.authorizerURL)
-      this.config.authorizerURL = trimURL(config.authorizerURL);
-    if (!config.redirectURL && !config.redirectURL.trim())
-      throw new Error("Invalid redirectURL");
-    else
-      this.config.redirectURL = trimURL(config.redirectURL);
+    if (!((_a = config.authorizerURL) == null ? void 0 : _a.trim())) throw new Error("Invalid authorizerURL");
+    this.config.authorizerURL = trimURL(config.authorizerURL);
+    if (!((_b = config.redirectURL) == null ? void 0 : _b.trim())) throw new Error("Invalid redirectURL");
+    this.config.redirectURL = trimURL(config.redirectURL);
+    this.config.clientID = ((config == null ? void 0 : config.clientID) || "").trim();
     this.config.extraHeaders = {
       ...config.extraHeaders || {},
-      "x-authorizer-url": this.config.authorizerURL,
-      "x-authorizer-client-id": this.config.clientID || "",
+      "x-authorizer-url": config.authorizerURL,
+      "x-authorizer-client-id": config.clientID || "",
       "Content-Type": "application/json"
     };
-    this.config.clientID = ((config == null ? void 0 : config.clientID) || "").trim();
   }
-  authorize = async (data) => {
+  authorize = /* @__PURE__ */ __name(async (data) => {
     var _a;
-    if (!hasWindow())
-      return this.errorResponse([
-        new Error("this feature is only supported in browser")
-      ]);
+    if (!hasWindow()) return this.errorResponse([
+      new Error("this feature is only supported in browser")
+    ]);
     const scopes = [
       "openid",
       "profile",
       "email"
     ];
-    if (data.use_refresh_token)
-      scopes.push("offline_access");
+    if (data.use_refresh_token) scopes.push("offline_access");
     const requestData = {
       redirect_uri: this.config.redirectURL,
       response_mode: data.response_mode || "web_message",
@@ -180,6 +216,7 @@ var _Authorizer = class _Authorizer {
       const sha = await sha256(this.codeVerifier);
       const codeChallenge = bufferToBase64UrlEncoded(sha);
       requestData.code_challenge = codeChallenge;
+      requestData.code_challenge_method = "S256";
     }
     const authorizeURL = `${this.config.authorizerURL}/authorize?${createQueryParams(requestData)}`;
     if (requestData.response_mode !== "web_message") {
@@ -197,12 +234,16 @@ var _Authorizer = class _Authorizer {
       return this.okResponse(iframeRes);
     } catch (err) {
       if (err.error) {
-        window.location.replace(`${this.config.authorizerURL}/app?state=${encode(JSON.stringify(this.config))}&redirect_uri=${this.config.redirectURL}`);
+        window.location.replace(`${this.config.authorizerURL}/app?state=${encode(JSON.stringify({
+          clientID: this.config.clientID,
+          redirectURL: this.config.redirectURL,
+          authorizerURL: this.config.authorizerURL
+        }))}&redirect_uri=${encodeURIComponent(this.config.redirectURL || "")}`);
       }
       return this.errorResponse(err);
     }
-  };
-  browserLogin = async () => {
+  }, "authorize");
+  browserLogin = /* @__PURE__ */ __name(async () => {
     try {
       const tokenResp = await this.getSession();
       return tokenResp.errors.length ? this.errorResponse(tokenResp.errors) : this.okResponse(tokenResp.data);
@@ -215,16 +256,18 @@ var _Authorizer = class _Authorizer {
           ]
         };
       }
-      window.location.replace(`${this.config.authorizerURL}/app?state=${encode(JSON.stringify(this.config))}&redirect_uri=${this.config.redirectURL}`);
+      window.location.replace(`${this.config.authorizerURL}/app?state=${encode(JSON.stringify({
+        clientID: this.config.clientID,
+        redirectURL: this.config.redirectURL,
+        authorizerURL: this.config.authorizerURL
+      }))}&redirect_uri=${encodeURIComponent(this.config.redirectURL || "")}`);
       return this.errorResponse(err);
     }
-  };
-  forgotPassword = async (data) => {
-    var _a;
-    if (!data.state)
-      data.state = encode(createRandomString());
-    if (!data.redirect_uri)
-      data.redirect_uri = this.config.redirectURL;
+  }, "browserLogin");
+  forgotPassword = /* @__PURE__ */ __name(async (data) => {
+    var _a, _b;
+    if (!data.state) data.state = encode(createRandomString());
+    if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;
     try {
       const forgotPasswordResp = await this.graphqlQuery({
         query: "mutation forgotPassword($data: ForgotPasswordRequest!) {	forgot_password(params: $data) { message should_show_mobile_otp_screen } }",
@@ -232,14 +275,14 @@ var _Authorizer = class _Authorizer {
           data
         }
       });
-      return ((_a = forgotPasswordResp == null ? void 0 : forgotPasswordResp.errors) == null ? void 0 : _a.length) ? this.errorResponse(forgotPasswordResp.errors) : this.okResponse(forgotPasswordResp == null ? void 0 : forgotPasswordResp.data.forgot_password);
+      return ((_a = forgotPasswordResp == null ? void 0 : forgotPasswordResp.errors) == null ? void 0 : _a.length) ? this.errorResponse(forgotPasswordResp.errors) : this.okResponse((_b = forgotPasswordResp == null ? void 0 : forgotPasswordResp.data) == null ? void 0 : _b.forgot_password);
     } catch (error) {
       return this.errorResponse([
         error
       ]);
     }
-  };
-  getMetaData = async () => {
+  }, "forgotPassword");
+  getMetaData = /* @__PURE__ */ __name(async () => {
     var _a;
     try {
       const res = await this.graphqlQuery({
@@ -251,8 +294,8 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
-  getProfile = async (headers) => {
+  }, "getMetaData");
+  getProfile = /* @__PURE__ */ __name(async (headers) => {
     var _a;
     try {
       const profileRes = await this.graphqlQuery({
@@ -265,9 +308,9 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
+  }, "getProfile");
   // this is used to verify / get session using cookie by default. If using node.js pass authorization header
-  getSession = async (headers, params) => {
+  getSession = /* @__PURE__ */ __name(async (headers, params) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -281,18 +324,16 @@ var _Authorizer = class _Authorizer {
     } catch (err) {
       return this.errorResponse(err);
     }
-  };
-  getToken = async (data) => {
-    if (!data.grant_type)
-      data.grant_type = "authorization_code";
-    if (data.grant_type === "refresh_token" && !data.refresh_token)
-      return this.errorResponse([
-        new Error("Invalid refresh_token")
-      ]);
-    if (data.grant_type === "authorization_code" && !this.codeVerifier)
-      return this.errorResponse([
-        new Error("Invalid code verifier")
-      ]);
+  }, "getSession");
+  getToken = /* @__PURE__ */ __name(async (data) => {
+    var _a;
+    if (!data.grant_type) data.grant_type = "authorization_code";
+    if (data.grant_type === "refresh_token" && !((_a = data.refresh_token) == null ? void 0 : _a.trim())) return this.errorResponse([
+      new Error("Invalid refresh_token")
+    ]);
+    if (data.grant_type === "authorization_code" && !this.codeVerifier) return this.errorResponse([
+      new Error("Invalid code verifier")
+    ]);
     const requestData = {
       client_id: this.config.clientID,
       code: data.code || "",
@@ -310,17 +351,28 @@ var _Authorizer = class _Authorizer {
         },
         credentials: "include"
       });
-      const json = await res.json();
-      if (res.status >= 400)
+      const text = await res.text();
+      let json = {};
+      if (text) {
+        try {
+          json = JSON.parse(text);
+        } catch {
+          return this.errorResponse([
+            new Error(res.ok ? "Invalid JSON from token endpoint" : `HTTP ${res.status}`)
+          ]);
+        }
+      }
+      if (!res.ok) {
         return this.errorResponse([
-          new Error(json.error_description || json.error)
+          new Error(String(json.error_description || json.error || `HTTP ${res.status}`))
         ]);
+      }
       return this.okResponse(json);
     } catch (err) {
       return this.errorResponse(err);
     }
-  };
-  login = async (data) => {
+  }, "getToken");
+  login = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -333,32 +385,28 @@ var _Authorizer = class _Authorizer {
       });
       return ((_a = res == null ? void 0 : res.errors) == null ? void 0 : _a.length) ? this.errorResponse(res.errors) : this.okResponse((_b = res.data) == null ? void 0 : _b.login);
     } catch (err) {
-      return this.errorResponse([
-        new Error(err)
-      ]);
+      return this.errorResponse(err);
     }
-  };
-  logout = async (headers) => {
+  }, "login");
+  logout = /* @__PURE__ */ __name(async (headers) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
         query: " mutation { logout { message } } ",
         headers
       });
-      return ((_a = res == null ? void 0 : res.errors) == null ? void 0 : _a.length) ? this.errorResponse(res.errors) : this.okResponse((_b = res.data) == null ? void 0 : _b.response);
+      return ((_a = res == null ? void 0 : res.errors) == null ? void 0 : _a.length) ? this.errorResponse(res.errors) : this.okResponse((_b = res.data) == null ? void 0 : _b.logout);
     } catch (err) {
       return this.errorResponse([
         err
       ]);
     }
-  };
-  magicLinkLogin = async (data) => {
+  }, "logout");
+  magicLinkLogin = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
-      if (!data.state)
-        data.state = encode(createRandomString());
-      if (!data.redirect_uri)
-        data.redirect_uri = this.config.redirectURL;
+      if (!data.state) data.state = encode(createRandomString());
+      if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;
       const res = await this.graphqlQuery({
         query: `
 					mutation magicLinkLogin($data: MagicLinkLoginRequest!) { magic_link_login(params: $data) { message }}
@@ -373,22 +421,21 @@ var _Authorizer = class _Authorizer {
         err
       ]);
     }
-  };
-  oauthLogin = async (oauthProvider, roles, redirect_uri, state) => {
+  }, "magicLinkLogin");
+  oauthLogin = /* @__PURE__ */ __name(async (oauthProvider, roles, redirect_uri, state) => {
     let urlState = state;
     if (!urlState) {
       urlState = encode(createRandomString());
     }
-    if (!Object.values(OAuthProviders).includes(oauthProvider)) {
-      throw new Error(`only following oauth providers are supported: ${Object.values(oauthProvider).toString()}`);
+    const oauthProviderIds = Object.values(OAuthProviders);
+    if (!oauthProviderIds.includes(oauthProvider)) {
+      throw new Error(`only following oauth providers are supported: ${oauthProviderIds.join(", ")}`);
     }
-    if (!hasWindow())
-      throw new Error("oauthLogin is only supported for browsers");
-    if (roles && roles.length)
-      urlState += `&roles=${roles.join(",")}`;
-    window.location.replace(`${this.config.authorizerURL}/oauth_login/${oauthProvider}?redirect_uri=${redirect_uri || this.config.redirectURL}&state=${urlState}`);
-  };
-  resendOtp = async (data) => {
+    if (!hasWindow()) throw new Error("oauthLogin is only supported for browsers");
+    if (roles && roles.length) urlState += `&roles=${roles.join(",")}`;
+    window.location.replace(`${this.config.authorizerURL}/oauth_login/${oauthProvider}?redirect_uri=${encodeURIComponent(redirect_uri || this.config.redirectURL || "")}&state=${encodeURIComponent(urlState)}`);
+  }, "oauthLogin");
+  resendOtp = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -405,8 +452,8 @@ var _Authorizer = class _Authorizer {
         err
       ]);
     }
-  };
-  resetPassword = async (data) => {
+  }, "resendOtp");
+  resetPassword = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const resetPasswordRes = await this.graphqlQuery({
@@ -421,27 +468,47 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
-  revokeToken = async (data) => {
-    if (!data.refresh_token && !data.refresh_token.trim())
-      return this.errorResponse([
-        new Error("Invalid refresh_token")
-      ]);
-    const fetcher = getFetcher();
-    const res = await fetcher(`${this.config.authorizerURL}/oauth/revoke`, {
-      method: "POST",
-      headers: {
-        ...this.config.extraHeaders
-      },
-      body: JSON.stringify({
-        refresh_token: data.refresh_token,
-        client_id: this.config.clientID
-      })
-    });
-    const responseData = await res.json();
-    return this.okResponse(responseData);
-  };
-  signup = async (data) => {
+  }, "resetPassword");
+  revokeToken = /* @__PURE__ */ __name(async (data) => {
+    var _a;
+    if (!((_a = data.refresh_token) == null ? void 0 : _a.trim())) return this.errorResponse([
+      new Error("Invalid refresh_token")
+    ]);
+    try {
+      const fetcher = getFetcher();
+      const res = await fetcher(`${this.config.authorizerURL}/oauth/revoke`, {
+        method: "POST",
+        headers: {
+          ...this.config.extraHeaders
+        },
+        body: JSON.stringify({
+          refresh_token: data.refresh_token,
+          client_id: this.config.clientID
+        })
+      });
+      const text = await res.text();
+      let responseData = {};
+      if (text) {
+        try {
+          responseData = JSON.parse(text);
+        } catch {
+          return this.errorResponse([
+            new Error(res.ok ? "Invalid JSON from revoke endpoint" : `HTTP ${res.status}`)
+          ]);
+        }
+      }
+      if (!res.ok) {
+        const errBody = responseData;
+        return this.errorResponse([
+          new Error(String(errBody.error_description || errBody.error || `HTTP ${res.status}`))
+        ]);
+      }
+      return this.okResponse(responseData);
+    } catch (err) {
+      return this.errorResponse(err);
+    }
+  }, "revokeToken");
+  signup = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -458,8 +525,8 @@ var _Authorizer = class _Authorizer {
         err
       ]);
     }
-  };
-  updateProfile = async (data, headers) => {
+  }, "signup");
+  updateProfile = /* @__PURE__ */ __name(async (data, headers) => {
     var _a, _b;
     try {
       const updateProfileRes = await this.graphqlQuery({
@@ -475,8 +542,8 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
-  deactivateAccount = async (headers) => {
+  }, "updateProfile");
+  deactivateAccount = /* @__PURE__ */ __name(async (headers) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -489,8 +556,8 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
-  validateJWTToken = async (params) => {
+  }, "deactivateAccount");
+  validateJWTToken = /* @__PURE__ */ __name(async (params) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -505,8 +572,8 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
-  validateSession = async (params) => {
+  }, "validateJWTToken");
+  validateSession = /* @__PURE__ */ __name(async (params) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -521,8 +588,8 @@ var _Authorizer = class _Authorizer {
         error
       ]);
     }
-  };
-  verifyEmail = async (data) => {
+  }, "validateSession");
+  verifyEmail = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -539,8 +606,8 @@ var _Authorizer = class _Authorizer {
         err
       ]);
     }
-  };
-  resendVerifyEmail = async (data) => {
+  }, "verifyEmail");
+  resendVerifyEmail = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -557,8 +624,8 @@ var _Authorizer = class _Authorizer {
         err
       ]);
     }
-  };
-  verifyOtp = async (data) => {
+  }, "resendVerifyEmail");
+  verifyOtp = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
     try {
       const res = await this.graphqlQuery({
@@ -575,10 +642,10 @@ var _Authorizer = class _Authorizer {
         err
       ]);
     }
-  };
+  }, "verifyOtp");
   // helper to execute graphql queries
   // takes in any query or mutation string as value
-  graphqlQuery = async (data) => {
+  graphqlQuery = /* @__PURE__ */ __name(async (data) => {
     var _a;
     const fetcher = getFetcher();
     const res = await fetcher(`${this.config.authorizerURL}/graphql`, {
@@ -593,30 +660,58 @@ var _Authorizer = class _Authorizer {
       },
       credentials: "include"
     });
-    const json = await res.json();
+    const text = await res.text();
+    let json = {};
+    if (text) {
+      try {
+        json = JSON.parse(text);
+      } catch {
+        return {
+          data: void 0,
+          errors: [
+            new Error(res.ok ? "Invalid JSON from GraphQL endpoint" : `HTTP ${res.status}`)
+          ]
+        };
+      }
+    } else if (!res.ok) {
+      return {
+        data: void 0,
+        errors: [
+          new Error(`HTTP ${res.status}`)
+        ]
+      };
+    }
     if ((_a = json == null ? void 0 : json.errors) == null ? void 0 : _a.length) {
       return {
         data: void 0,
-        errors: json.errors
+        errors: toErrorList(json.errors)
+      };
+    }
+    if (!res.ok) {
+      return {
+        data: void 0,
+        errors: [
+          new Error(`HTTP ${res.status}`)
+        ]
       };
     }
     return {
       data: json.data,
       errors: []
     };
-  };
-  errorResponse = (errors) => {
+  }, "graphqlQuery");
+  errorResponse = /* @__PURE__ */ __name((errors) => {
     return {
       data: void 0,
-      errors
+      errors: toErrorList(errors)
     };
-  };
-  okResponse = (data) => {
+  }, "errorResponse");
+  okResponse = /* @__PURE__ */ __name((data) => {
     return {
       data,
       errors: []
     };
-  };
+  }, "okResponse");
 };
 __name(_Authorizer, "Authorizer");
 var Authorizer = _Authorizer;