npm - @authorizerdev/authorizer-js - Versions diffs - 3.0.1 → 3.0.2 - Mend

@authorizerdev/authorizer-js 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/lib/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/index.ts","../src/constants.ts","../src/types.ts","../src/utils.ts"],"sourcesContent":["// Note: write gql query in single line to reduce bundle size\nimport crossFetch from 'cross-fetch';\nimport { DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS } from './constants';\nimport * as Types from './types';\nimport {\n bufferToBase64UrlEncoded,\n createQueryParams,\n createRandomString,\n encode,\n executeIframe,\n hasWindow,\n sha256,\n trimURL,\n} from './utils';\n\n// re-usable gql response fragment\nconst userFragment =\n 'id email email_verified given_name family_name middle_name nickname preferred_username picture signup_methods gender birthdate phone_number phone_number_verified roles created_at updated_at revoked_timestamp is_multi_factor_auth_enabled app_data';\nconst authTokenFragment = `message access_token expires_in refresh_token id_token should_show_email_otp_screen should_show_mobile_otp_screen should_show_totp_screen authenticator_scanner_image authenticator_secret authenticator_recovery_codes user { ${userFragment} }`;\n\n// set fetch based on window object. Cross fetch have issues with umd build\nconst getFetcher = () => (hasWindow() ? window.fetch : crossFetch);\n\nexport * from './types';\n\nexport class Authorizer {\n // class variable\n config: Types.ConfigType;\n codeVerifier: string;\n\n // constructor\n constructor(config: Types.ConfigType) {\n if (!config) throw new Error('Configuration is required');\n\n this.config = config;\n if (!config.authorizerURL && !config.authorizerURL.trim())\n throw new Error('Invalid authorizerURL');\n\n if (config.authorizerURL)\n this.config.authorizerURL = trimURL(config.authorizerURL);\n\n if (!config.redirectURL && !config.redirectURL.trim())\n throw new Error('Invalid redirectURL');\n else this.config.redirectURL = trimURL(config.redirectURL);\n\n this.config.extraHeaders = {\n ...(config.extraHeaders \|\| {}),\n 'x-authorizer-url': this.config.authorizerURL,\n 'x-authorizer-client-id': this.config.clientID \|\| '',\n 'Content-Type': 'application/json',\n };\n this.config.clientID = (config?.clientID \|\| '').trim();\n }\n\n authorize = async (\n data: Types.AuthorizeRequest,\n ): Promise<\n \| Types.ApiResponse<Types.GetTokenResponse>\n \| Types.ApiResponse<Types.AuthorizeResponse>\n > => {\n if (!hasWindow())\n return this.errorResponse([\n new Error('this feature is only supported in browser'),\n ]);\n\n const scopes = ['openid', 'profile', 'email'];\n if (data.use_refresh_token) scopes.push('offline_access');\n\n const requestData: Record<string, string> = {\n redirect_uri: this.config.redirectURL,\n response_mode: data.response_mode \|\| 'web_message',\n state: encode(createRandomString()),\n nonce: encode(createRandomString()),\n response_type: data.response_type,\n scope: scopes.join(' '),\n client_id: this.config?.clientID \|\| '',\n };\n\n if (data.response_type === Types.ResponseTypes.Code) {\n this.codeVerifier = createRandomString();\n const sha = await sha256(this.codeVerifier);\n const codeChallenge = bufferToBase64UrlEncoded(sha);\n requestData.code_challenge = codeChallenge;\n }\n\n const authorizeURL = `${\n this.config.authorizerURL\n }/authorize?${createQueryParams(requestData)}`;\n\n if (requestData.response_mode !== 'web_message') {\n window.location.replace(authorizeURL);\n return this.okResponse(undefined);\n }\n\n try {\n const iframeRes = await executeIframe(\n authorizeURL,\n this.config.authorizerURL,\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n );\n\n if (data.response_type === Types.ResponseTypes.Code) {\n // get token and return it\n const tokenResp: Types.ApiResponse<Types.GetTokenResponse> =\n await this.getToken({\n code: iframeRes.code,\n });\n return tokenResp.errors.length\n ? this.errorResponse(tokenResp.errors)\n : this.okResponse(tokenResp.data);\n }\n\n // this includes access_token, id_token & refresh_token(optionally)\n return this.okResponse(iframeRes);\n } catch (err) {\n if (err.error) {\n window.location.replace(\n `${this.config.authorizerURL}/app?state=${encode(\n JSON.stringify({ clientID: this.config.clientID, redirectURL: this.config.redirectURL, authorizerURL: this.config.authorizerURL }),\n )}&redirect_uri=${encodeURIComponent(this.config.redirectURL \|\| '')}`,\n );\n }\n\n return this.errorResponse(err);\n }\n };\n\n browserLogin = async (): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const tokenResp: Types.ApiResponse<Types.AuthToken> =\n await this.getSession();\n return tokenResp.errors.length\n ? this.errorResponse(tokenResp.errors)\n : this.okResponse(tokenResp.data);\n } catch (err) {\n if (!hasWindow()) {\n return {\n data: undefined,\n errors: [new Error('browserLogin is only supported for browsers')],\n };\n }\n\n window.location.replace(\n `${this.config.authorizerURL}/app?state=${encode(\n JSON.stringify({ clientID: this.config.clientID, redirectURL: this.config.redirectURL, authorizerURL: this.config.authorizerURL }),\n )}&redirect_uri=${encodeURIComponent(this.config.redirectURL \|\| '')}`,\n );\n return this.errorResponse(err);\n }\n };\n\n forgotPassword = async (\n data: Types.ForgotPasswordRequest,\n ): Promise<Types.ApiResponse<Types.ForgotPasswordResponse>> => {\n if (!data.state) data.state = encode(createRandomString());\n\n if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;\n\n try {\n const forgotPasswordResp = await this.graphqlQuery({\n query:\n 'mutation forgotPassword($data: ForgotPasswordRequest!) {\tforgot_password(params: $data) { message should_show_mobile_otp_screen } }',\n variables: {\n data,\n },\n });\n return forgotPasswordResp?.errors?.length\n ? this.errorResponse(forgotPasswordResp.errors)\n : this.okResponse(forgotPasswordResp?.data.forgot_password);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n getMetaData = async (): Promise<Types.ApiResponse<Types.MetaData>> => {\n try {\n const res = await this.graphqlQuery({\n query:\n 'query { meta { version client_id is_google_login_enabled is_facebook_login_enabled is_github_login_enabled is_linkedin_login_enabled is_apple_login_enabled is_twitter_login_enabled is_microsoft_login_enabled is_twitch_login_enabled is_roblox_login_enabled is_email_verification_enabled is_basic_authentication_enabled is_magic_link_login_enabled is_sign_up_enabled is_strong_password_enabled is_multi_factor_auth_enabled is_mobile_basic_authentication_enabled is_phone_verification_enabled } }',\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data.meta);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n getProfile = async (\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.User>> => {\n try {\n const profileRes = await this.graphqlQuery({\n query: `query {\tprofile { ${userFragment} } }`,\n headers,\n });\n\n return profileRes?.errors?.length\n ? this.errorResponse(profileRes.errors)\n : this.okResponse(profileRes.data.profile);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n // this is used to verify / get session using cookie by default. If using node.js pass authorization header\n getSession = async (\n headers?: Types.Headers,\n params?: Types.SessionQueryRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `query getSession($params: SessionQueryRequest){session(params: $params) { ${authTokenFragment} } }`,\n headers,\n variables: {\n params,\n },\n });\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.session);\n } catch (err) {\n return this.errorResponse(err);\n }\n };\n\n getToken = async (\n data: Types.GetTokenRequest,\n ): Promise<Types.ApiResponse<Types.GetTokenResponse>> => {\n if (!data.grant_type) data.grant_type = 'authorization_code';\n\n if (data.grant_type === 'refresh_token' && !data.refresh_token)\n return this.errorResponse([new Error('Invalid refresh_token')]);\n\n if (data.grant_type === 'authorization_code' && !this.codeVerifier)\n return this.errorResponse([new Error('Invalid code verifier')]);\n\n const requestData = {\n client_id: this.config.clientID,\n code: data.code \|\| '',\n code_verifier: this.codeVerifier \|\| '',\n grant_type: data.grant_type \|\| '',\n refresh_token: data.refresh_token \|\| '',\n };\n\n try {\n const fetcher = getFetcher();\n const res = await fetcher(`${this.config.authorizerURL}/oauth/token`, {\n method: 'POST',\n body: JSON.stringify(requestData),\n headers: {\n ...this.config.extraHeaders,\n },\n credentials: 'include',\n });\n\n const json = await res.json();\n if (res.status >= 400)\n return this.errorResponse([\n new Error(json.error_description \|\| json.error),\n ]);\n\n return this.okResponse(json);\n } catch (err) {\n return this.errorResponse(err);\n }\n };\n\n login = async (\n data: Types.LoginRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation login($data: LoginRequest!) { login(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.login);\n } catch (err) {\n return this.errorResponse([new Error(err)]);\n }\n };\n\n logout = async (\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: ' mutation { logout { message } } ',\n headers,\n });\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.response);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n magicLinkLogin = async (\n data: Types.MagicLinkLoginRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n if (!data.state) data.state = encode(createRandomString());\n\n if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;\n\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation magicLinkLogin($data: MagicLinkLoginRequest!) { magic_link_login(params: $data) { message }}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.magic_link_login);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n oauthLogin = async (\n oauthProvider: string,\n roles?: string[],\n redirect_uri?: string,\n state?: string,\n ): Promise<void> => {\n let urlState = state;\n if (!urlState) {\n urlState = encode(createRandomString());\n }\n\n // @ts-expect-error ts-migrate(2554) FIXME: Expected 1 arguments, but got 0.\n if (!Object.values(Types.OAuthProviders).includes(oauthProvider)) {\n throw new Error(\n `only following oauth providers are supported: ${Object.values(\n oauthProvider,\n ).toString()}`,\n );\n }\n if (!hasWindow())\n throw new Error('oauthLogin is only supported for browsers');\n\n if (roles && roles.length) urlState += `&roles=${roles.join(',')}`;\n\n window.location.replace(\n `${this.config.authorizerURL}/oauth_login/${oauthProvider}?redirect_uri=${encodeURIComponent(\n redirect_uri \|\| this.config.redirectURL \|\| ''\n )}&state=${encodeURIComponent(urlState)}`,\n );\n };\n\n resendOtp = async (\n data: Types.ResendOtpRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation resendOtp($data: ResendOTPRequest!) { resend_otp(params: $data) { message }}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.resend_otp);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n resetPassword = async (\n data: Types.ResetPasswordRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const resetPasswordRes = await this.graphqlQuery({\n query:\n 'mutation resetPassword($data: ResetPasswordRequest!) {\treset_password(params: $data) { message } }',\n variables: {\n data,\n },\n });\n return resetPasswordRes?.errors?.length\n ? this.errorResponse(resetPasswordRes.errors)\n : this.okResponse(resetPasswordRes.data?.reset_password);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n revokeToken = async (data: { refresh_token: string }) => {\n if (!data.refresh_token && !data.refresh_token.trim())\n return this.errorResponse([new Error('Invalid refresh_token')]);\n\n const fetcher = getFetcher();\n const res = await fetcher(`${this.config.authorizerURL}/oauth/revoke`, {\n method: 'POST',\n headers: {\n ...this.config.extraHeaders,\n },\n body: JSON.stringify({\n refresh_token: data.refresh_token,\n client_id: this.config.clientID,\n }),\n });\n\n const responseData = await res.json();\n return this.okResponse(responseData);\n };\n\n signup = async (\n data: Types.SignUpRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation signup($data: SignUpRequest!) { signup(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.signup);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n updateProfile = async (\n data: Types.UpdateProfileRequest,\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const updateProfileRes = await this.graphqlQuery({\n query:\n 'mutation updateProfile($data: UpdateProfileRequest!) {\tupdate_profile(params: $data) { message } }',\n headers,\n variables: {\n data,\n },\n });\n\n return updateProfileRes?.errors?.length\n ? this.errorResponse(updateProfileRes.errors)\n : this.okResponse(updateProfileRes.data?.update_profile);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n deactivateAccount = async (\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: 'mutation deactivateAccount { deactivate_account { message } }',\n headers,\n });\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.deactivate_account);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n validateJWTToken = async (\n params?: Types.ValidateJWTTokenRequest,\n ): Promise<Types.ApiResponse<Types.ValidateJWTTokenResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query:\n 'query validateJWTToken($params: ValidateJWTTokenRequest!){validate_jwt_token(params: $params) { is_valid claims } }',\n variables: {\n params,\n },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.validate_jwt_token);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n validateSession = async (\n params?: Types.ValidateSessionRequest,\n ): Promise<Types.ApiResponse<Types.ValidateSessionResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: `query validateSession($params: ValidateSessionRequest){validate_session(params: $params) { is_valid user { ${userFragment} } } }`,\n variables: {\n params,\n },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.validate_session);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n verifyEmail = async (\n data: Types.VerifyEmailRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation verifyEmail($data: VerifyEmailRequest!) { verify_email(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.verify_email);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n resendVerifyEmail = async (\n data: Types.ResendVerifyEmailRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation resendVerifyEmail($data: ResendVerifyEmailRequest!) { resend_verify_email(params: $data) { message }}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.resend_verify_email);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n verifyOtp = async (\n data: Types.VerifyOtpRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation verifyOtp($data: VerifyOTPRequest!) { verify_otp(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.verify_otp);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n // helper to execute graphql queries\n // takes in any query or mutation string as value\n graphqlQuery = async (\n data: Types.GraphqlQueryRequest,\n ): Promise<Types.GrapQlResponseType> => {\n const fetcher = getFetcher();\n const res = await fetcher(`${this.config.authorizerURL}/graphql`, {\n method: 'POST',\n body: JSON.stringify({\n query: data.query,\n variables: data.variables \|\| {},\n }),\n headers: {\n ...this.config.extraHeaders,\n ...(data.headers \|\| {}),\n },\n credentials: 'include',\n });\n\n const json = await res.json();\n\n if (json?.errors?.length) {\n return { data: undefined, errors: json.errors };\n }\n\n return { data: json.data, errors: [] };\n };\n\n errorResponse = (errors: Error[]): Types.ApiResponse<any> => {\n return {\n data: undefined,\n errors,\n };\n };\n\n okResponse = (data: any): Types.ApiResponse<any> => {\n return {\n data,\n errors: [],\n };\n };\n}\n","export const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;\nexport const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;\nexport const AUTHORIZE_IFRAME_TIMEOUT = 5;\n","export interface GrapQlResponseType {\n data: any \| undefined;\n errors: Error[];\n}\nexport interface ApiResponse<T> {\n errors: Error[];\n data: T \| undefined;\n}\nexport interface ConfigType {\n authorizerURL: string;\n redirectURL: string;\n clientID?: string;\n extraHeaders?: Record<string, string>;\n}\n\n// Pagination\nexport interface Pagination {\n limit: number;\n page: number;\n offset: number;\n total: number;\n}\n\n// Meta\nexport interface Meta {\n version: string;\n client_id: string;\n is_google_login_enabled: boolean;\n is_facebook_login_enabled: boolean;\n is_github_login_enabled: boolean;\n is_linkedin_login_enabled: boolean;\n is_apple_login_enabled: boolean;\n is_discord_login_enabled: boolean;\n is_twitter_login_enabled: boolean;\n is_microsoft_login_enabled: boolean;\n is_twitch_login_enabled: boolean;\n is_roblox_login_enabled: boolean;\n is_email_verification_enabled: boolean;\n is_basic_authentication_enabled: boolean;\n is_magic_link_login_enabled: boolean;\n is_sign_up_enabled: boolean;\n is_strong_password_enabled: boolean;\n is_multi_factor_auth_enabled: boolean;\n is_mobile_basic_authentication_enabled: boolean;\n is_phone_verification_enabled: boolean;\n}\n\n// User\nexport interface User {\n id: string;\n email: string \| null;\n email_verified: boolean;\n signup_methods: string;\n given_name: string \| null;\n family_name: string \| null;\n middle_name: string \| null;\n nickname: string \| null;\n preferred_username: string \| null;\n gender: string \| null;\n birthdate: string \| null;\n phone_number: string \| null;\n phone_number_verified: boolean;\n picture: string \| null;\n roles: string[];\n created_at: number \| null;\n updated_at: number \| null;\n revoked_timestamp: number \| null;\n is_multi_factor_auth_enabled: boolean \| null;\n app_data: Record<string, any> \| null;\n}\n\n// Users\nexport interface Users {\n pagination: Pagination;\n users: User[];\n}\n\n// VerificationRequest\nexport interface VerificationRequest {\n id: string;\n identifier: string \| null;\n token: string \| null;\n email: string \| null;\n expires: number \| null;\n created_at: number \| null;\n updated_at: number \| null;\n nonce: string \| null;\n redirect_uri: string \| null;\n}\n\n// VerificationRequests\nexport interface VerificationRequests {\n pagination: Pagination;\n verification_requests: VerificationRequest[];\n}\n\n// AuthorizerError (GraphQL Error type - renamed to avoid conflict with native Error)\nexport interface AuthorizerError {\n message: string;\n reason: string;\n}\n\n// AuthResponse\nexport interface AuthResponse {\n message: string;\n should_show_email_otp_screen: boolean \| null;\n should_show_mobile_otp_screen: boolean \| null;\n should_show_totp_screen: boolean \| null;\n access_token: string \| null;\n id_token: string \| null;\n refresh_token: string \| null;\n expires_in: number \| null;\n user: User \| null;\n authenticator_scanner_image: string \| null;\n authenticator_secret: string \| null;\n authenticator_recovery_codes: string[] \| null;\n}\n\n// Keep AuthToken as alias for backward compatibility\nexport type AuthToken = AuthResponse;\n\n// Response\nexport interface Response {\n message: string;\n}\n\n// Keep GenericResponse as alias for backward compatibility\nexport type GenericResponse = Response;\n\n// ForgotPasswordResponse\nexport interface ForgotPasswordResponse {\n message: string;\n should_show_mobile_otp_screen: boolean \| null;\n}\n\n// InviteMembersResponse\nexport interface InviteMembersResponse {\n message: string;\n Users: User[];\n}\n\n// LoginRequest\nexport interface LoginRequest {\n email?: string \| null;\n phone_number?: string \| null;\n password: string;\n roles?: string[] \| null;\n scope?: string[] \| null;\n state?: string \| null;\n}\n\n// SignUpRequest\nexport interface SignUpRequest {\n email?: string \| null;\n given_name?: string \| null;\n family_name?: string \| null;\n middle_name?: string \| null;\n nickname?: string \| null;\n gender?: string \| null;\n birthdate?: string \| null;\n phone_number?: string \| null;\n picture?: string \| null;\n password: string;\n confirm_password: string;\n roles?: string[] \| null;\n scope?: string[] \| null;\n redirect_uri?: string \| null;\n is_multi_factor_auth_enabled?: boolean \| null;\n state?: string \| null;\n app_data?: Record<string, any> \| null;\n}\n\n// Keep SignupRequest as alias for backward compatibility\nexport type SignupRequest = SignUpRequest;\n\n// MagicLinkLoginRequest\nexport interface MagicLinkLoginRequest {\n email: string;\n roles?: string[] \| null;\n scope?: string[] \| null;\n state?: string \| null;\n redirect_uri?: string \| null;\n}\n\n// VerifyEmailRequest\nexport interface VerifyEmailRequest {\n token: string;\n state?: string \| null;\n}\n\n// ResendVerifyEmailRequest\nexport interface ResendVerifyEmailRequest {\n email: string;\n identifier: string;\n state?: string \| null;\n}\n\n// VerifyOTPRequest\nexport interface VerifyOTPRequest {\n email?: string \| null;\n phone_number?: string \| null;\n otp: string;\n is_totp?: boolean \| null;\n state?: string \| null;\n}\n\n// Keep VerifyOtpRequest as alias for backward compatibility\nexport type VerifyOtpRequest = VerifyOTPRequest;\n\n// ResendOTPRequest\nexport interface ResendOTPRequest {\n email?: string \| null;\n phone_number?: string \| null;\n state?: string \| null;\n}\n\n// Keep ResendOtpRequest as alias for backward compatibility\nexport type ResendOtpRequest = ResendOTPRequest;\n\n// UpdateProfileRequest\nexport interface UpdateProfileRequest {\n old_password?: string \| null;\n new_password?: string \| null;\n confirm_new_password?: string \| null;\n email?: string \| null;\n given_name?: string \| null;\n family_name?: string \| null;\n middle_name?: string \| null;\n nickname?: string \| null;\n gender?: string \| null;\n birthdate?: string \| null;\n phone_number?: string \| null;\n picture?: string \| null;\n is_multi_factor_auth_enabled?: boolean \| null;\n app_data?: Record<string, any> \| null;\n}\n\n// UpdateUserRequest (admin only)\nexport interface UpdateUserRequest {\n id: string;\n email?: string \| null;\n email_verified?: boolean \| null;\n given_name?: string \| null;\n family_name?: string \| null;\n middle_name?: string \| null;\n nickname?: string \| null;\n gender?: string \| null;\n birthdate?: string \| null;\n phone_number?: string \| null;\n phone_number_verified?: boolean \| null;\n picture?: string \| null;\n roles?: string[] \| null;\n is_multi_factor_auth_enabled?: boolean \| null;\n app_data?: Record<string, any> \| null;\n}\n\n// ForgotPasswordRequest\nexport interface ForgotPasswordRequest {\n email?: string \| null;\n phone_number?: string \| null;\n state?: string \| null;\n redirect_uri?: string \| null;\n}\n\n// ResetPasswordRequest\nexport interface ResetPasswordRequest {\n token?: string \| null;\n otp?: string \| null;\n phone_number?: string \| null;\n password: string;\n confirm_password: string;\n}\n\n// Keep ResetPasswordInput as alias for backward compatibility\nexport type ResetPasswordInput = ResetPasswordRequest;\n\n// DeleteUserRequest (admin only)\nexport interface DeleteUserRequest {\n email: string;\n}\n\n// SessionQueryRequest\nexport interface SessionQueryRequest {\n roles?: string[] \| null;\n scope?: string[] \| null;\n}\n\n// Keep SessionQueryInput as alias for backward compatibility\nexport type SessionQueryInput = SessionQueryRequest;\n\n// ValidateJWTTokenRequest\nexport interface ValidateJWTTokenRequest {\n token_type: string;\n token: string;\n roles?: string[] \| null;\n}\n\n// Keep ValidateJWTTokenInput as alias for backward compatibility\nexport type ValidateJWTTokenInput = ValidateJWTTokenRequest;\n\n// ValidateJWTTokenResponse\nexport interface ValidateJWTTokenResponse {\n is_valid: boolean;\n claims: Record<string, any>;\n}\n\n// ValidateSessionRequest\nexport interface ValidateSessionRequest {\n cookie: string;\n roles?: string[] \| null;\n}\n\n// Keep ValidateSessionInput as alias for backward compatibility\nexport type ValidateSessionInput = ValidateSessionRequest;\n\n// ValidateSessionResponse\nexport interface ValidateSessionResponse {\n is_valid: boolean;\n user: User;\n}\n\n// OAuth types (not part of GraphQL schema, but used for OAuth flow)\nexport enum OAuthProviders {\n Apple = 'apple',\n Github = 'github',\n Google = 'google',\n Facebook = 'facebook',\n LinkedIn = 'linkedin',\n Twitter = 'twitter',\n Microsoft = 'microsoft',\n Twitch = 'twitch',\n Roblox = 'roblox',\n Discord = 'discord',\n}\n\nexport enum ResponseTypes {\n Code = 'code',\n Token = 'token',\n}\n\nexport interface AuthorizeRequest {\n response_type: ResponseTypes;\n use_refresh_token?: boolean;\n response_mode?: string;\n}\n\n// Keep AuthorizeInput as alias for backward compatibility\nexport type AuthorizeInput = AuthorizeRequest;\n\nexport interface AuthorizeResponse {\n state: string;\n code?: string;\n error?: string;\n error_description?: string;\n}\n\nexport interface RevokeTokenInput {\n refresh_token: string;\n}\n\nexport interface GetTokenRequest {\n code?: string;\n grant_type?: string;\n refresh_token?: string;\n}\n\n// Keep GetTokenInput as alias for backward compatibility\nexport type GetTokenInput = GetTokenRequest;\n\nexport interface GetTokenResponse {\n access_token: string;\n expires_in: number;\n id_token: string;\n refresh_token?: string;\n}\n\n// GraphQL query request\nexport type Headers = Record<string, string>;\n\nexport interface GraphqlQueryRequest {\n query: string;\n variables?: Record<string, any>;\n headers?: Headers;\n}\n\n// Deprecated types (for backward compatibility)\nexport interface IsValidJWTQueryInput {\n jwt: string;\n roles?: string[];\n}\n\nexport interface ValidJWTResponse {\n valid: string;\n message: string;\n}\n\n// Keep MetaDataResponse as alias for backward compatibility\nexport type MetaDataResponse = Meta;\n\n// Keep MetaData as alias for backward compatibility\nexport type MetaData = Meta;\n","import {\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS,\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n} from './constants';\nimport { AuthorizeResponse } from './types';\n\nexport const hasWindow = (): boolean => typeof window !== 'undefined';\n\nexport const trimURL = (url: string): string => {\n let trimmedData = url.trim();\n const lastChar = trimmedData[trimmedData.length - 1];\n if (lastChar === '/')\n trimmedData = trimmedData.slice(0, -1);\n\n return trimmedData;\n};\n\nexport const getCrypto = () => {\n // ie 11.x uses msCrypto\n return hasWindow()\n ? ((window.crypto \|\| (window as any).msCrypto) as Crypto)\n : null;\n};\n\nexport const getCryptoSubtle = () => {\n const crypto = getCrypto();\n // safari 10.x uses webkitSubtle\n return (crypto && crypto.subtle) \|\| (crypto as any).webkitSubtle;\n};\n\nexport const createRandomString = () => {\n const charset\n = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n let random = '';\n const crypto = getCrypto();\n if (crypto) {\n const randomValues = Array.from(crypto.getRandomValues(new Uint8Array(43)));\n randomValues.forEach(v => (random += charset[v % charset.length]));\n }\n return random;\n};\n\nexport const encode = (value: string) =>\n hasWindow() ? btoa(value) : Buffer.from(value).toString('base64');\nexport const decode = (value: string) =>\n hasWindow() ? atob(value) : Buffer.from(value, 'base64').toString('ascii');\n\nexport const createQueryParams = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(params[k])}`)\n .join('&');\n};\n\nexport const sha256 = async (s: string) => {\n const digestOp: any = getCryptoSubtle().digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s),\n );\n\n // msCrypto (IE11) uses the old spec, which is not Promise based\n // https://msdn.microsoft.com/en-us/expression/dn904640(v=vs.71)\n if ((window as any).msCrypto) {\n return new Promise((resolve, reject) => {\n digestOp.oncomplete = (e: any) => {\n resolve(e.target.result);\n };\n\n digestOp.onerror = (e: ErrorEvent) => {\n reject(e.error);\n };\n\n digestOp.onabort = () => {\n reject(new Error('The digest operation was aborted'));\n };\n });\n }\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map((c) => {\n return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;\n })\n .join(''),\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] \| Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput))),\n );\n};\n\nexport const executeIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n) => {\n return new Promise<AuthorizeResponse>((resolve, reject) => {\n const iframe = window.document.createElement('iframe');\n iframe.setAttribute('id', 'authorizer-iframe');\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n const timeoutSetTimeoutId = setTimeout(() => {\n reject(new Error('Authorization timeout'));\n removeIframe();\n }, timeoutInSeconds * 1000);\n\n const iframeEventHandler: (e: MessageEvent) => void = function (e: MessageEvent) {\n if (e.origin !== eventOrigin)\n return;\n if (!e.data \|\| !e.data.response)\n return;\n\n const eventSource = e.source;\n\n if (eventSource)\n (eventSource as any).close();\n\n e.data.response.error\n ? reject(e.data.response)\n : resolve(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;AACA,yBAAuB;;;ACDhB,IAAMA,uCAAuC;AAC7C,IAAMC,oCAAoC;;;ACiU1C,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;;;;;;;;;SAAAA;;AAaL,IAAKC,gBAAAA,0BAAAA,gBAAAA;;;SAAAA;;;;ACzUL,IAAMC,YAAY,6BAAe,OAAOC,WAAW,aAAjC;AAElB,IAAMC,UAAU,wBAACC,QAAAA;AACtB,MAAIC,cAAcD,IAAIE,KAAI;AAC1B,QAAMC,WAAWF,YAAYA,YAAYG,SAAS,CAAA;AAClD,MAAID,aAAa,IACfF,eAAcA,YAAYI,MAAM,GAAG,EAAC;AAEtC,SAAOJ;AACT,GAPuB;AAShB,IAAMK,YAAY,6BAAA;AAEvB,SAAOT,UAAAA,IACDC,OAAOS,UAAWT,OAAeU,WACnC;AACN,GALyB;AAOlB,IAAMC,kBAAkB,6BAAA;AAC7B,QAAMF,SAASD,UAAAA;AAEf,SAAQC,UAAUA,OAAOG,UAAYH,OAAeI;AACtD,GAJ+B;AAMxB,IAAMC,qBAAqB,6BAAA;AAChC,QAAMC,UACF;AACJ,MAAIC,SAAS;AACb,QAAMP,SAASD,UAAAA;AACf,MAAIC,QAAQ;AACV,UAAMQ,eAAeC,MAAMC,KAAKV,OAAOW,gBAAgB,IAAIC,WAAW,EAAA,CAAA,CAAA;AACtEJ,iBAAaK,QAAQC,CAAAA,MAAMP,UAAUD,QAAQQ,IAAIR,QAAQT,MAAM,CAAC;EAClE;AACA,SAAOU;AACT,GAVkC;AAY3B,IAAMQ,SAAS,wBAACC,UACrB1B,UAAAA,IAAc2B,KAAKD,KAAAA,IAASE,OAAOR,KAAKM,KAAAA,EAAOG,SAAS,QAAA,GADpC;AAKf,IAAMC,oBAAoB,wBAACC,WAAAA;AAChC,SAAOC,OAAOC,KAAKF,MAAAA,EAChBG,OAAOC,CAAAA,MAAK,OAAOJ,OAAOI,CAAAA,MAAO,WAAA,EACjCC,IAAID,CAAAA,MAAK,GAAGE,mBAAmBF,CAAAA,CAAAA,IAAME,mBAAmBN,OAAOI,CAAAA,CAAE,CAAA,EAAG,EACpEG,KAAK,GAAA;AACV,GALiC;AAO1B,IAAMC,SAAS,8BAAOC,MAAAA;AAC3B,QAAMC,WAAgBC,gBAAAA,EAAkBC,OACtC;IAAEC,MAAM;EAAU,GAClB,IAAIC,YAAAA,EAAcC,OAAON,CAAAA,CAAAA;AAK3B,MAAKO,OAAeC,UAAU;AAC5B,WAAO,IAAIC,QAAQ,CAACC,SAASC,WAAAA;AAC3BV,eAASW,aAAa,CAACC,MAAAA;AACrBH,gBAAQG,EAAEC,OAAOC,MAAM;MACzB;AAEAd,eAASe,UAAU,CAACH,MAAAA;AAClBF,eAAOE,EAAEI,KAAK;MAChB;AAEAhB,eAASiB,UAAU,MAAA;AACjBP,eAAO,IAAIQ,MAAM,kCAAA,CAAA;MACnB;IACF,CAAA;EACF;AAEA,SAAO,MAAMlB;AACf,GAzBsB;AA2BtB,IAAMmB,eAAe,wBAACC,UAAAA;AACpB,QAAMC,WAAwC;IAAE,KAAK;IAAK,KAAK;IAAK,KAAK;EAAG;AAC5E,SAAOD,MAAME,QAAQ,UAAU,CAACC,MAAcF,SAASE,CAAAA,CAAE;AAC3D,GAHqB;AAmBd,IAAMC,2BAA2B,wBAACC,UAAAA;AACvC,QAAMC,gBAAgB,IAAIC,WAAWF,KAAAA;AACrC,SAAOG,aACLC,OAAOC,KAAKC,OAAOC,aAAY,GAAIC,MAAMC,KAAKR,aAAAA,CAAAA,CAAAA,CAAAA;AAElD,GALwC;AAOjC,IAAMS,gBAAgB,wBAC3BC,cACAC,aACAC,mBAA2BC,yCAAoC;AAE/D,SAAO,IAAIC,QAA2B,CAACC,SAASC,WAAAA;AAC9C,UAAMC,SAASd,OAAOe,SAASC,cAAc,QAAA;AAC7CF,WAAOG,aAAa,MAAM,mBAAA;AAC1BH,WAAOG,aAAa,SAAS,GAAA;AAC7BH,WAAOG,aAAa,UAAU,GAAA;AAC9BH,WAAOI,MAAMC,UAAU;AACvB,UAAMC,eAAe,6BAAA;AACnB,UAAIpB,OAAOe,SAASM,KAAKC,SAASR,MAAAA,GAAS;AACzCd,eAAOe,SAASM,KAAKE,YAAYT,MAAAA;AACjCd,eAAOwB,oBAAoB,WAAWC,oBAAoB,KAAA;MAC5D;IACF,GALqB;AAOrB,UAAMC,sBAAsBC,WAAW,MAAA;AACrCd,aAAO,IAAIe,MAAM,uBAAA,CAAA;AACjBR,mBAAAA;IACF,GAAGX,mBAAmB,GAAA;AAEtB,UAAMgB,qBAAgD,gCAAUI,GAAe;AAC7E,UAAIA,EAAEC,WAAWtB,YACf;AACF,UAAI,CAACqB,EAAEE,QAAQ,CAACF,EAAEE,KAAKC,SACrB;AAEF,YAAMC,cAAcJ,EAAEK;AAEtB,UAAID,YACDA,aAAoBE,MAAK;AAE5BN,QAAEE,KAAKC,SAASI,QACZvB,OAAOgB,EAAEE,KAAKC,QAAQ,IACtBpB,QAAQiB,EAAEE,KAAKC,QAAQ;AAE3BK,mBAAaX,mBAAAA;AACb1B,aAAOwB,oBAAoB,WAAWC,oBAAoB,KAAA;AAC1DE,iBAAWP,cAAckB,oCAAoC,GAAA;IAC/D,GAlBsD;AAoBtDtC,WAAOuC,iBAAiB,WAAWd,oBAAoB,KAAA;AACvDzB,WAAOe,SAASM,KAAKmB,YAAY1B,MAAAA;AACjCA,WAAOG,aAAa,OAAOV,YAAAA;EAC7B,CAAA;AACF,GA/C6B;;;AH3F7B,IAAMkC,eACJ;AACF,IAAMC,oBAAoB,kOAAkOD,YAAAA;AAG5P,IAAME,aAAa,6BAAOC,UAAAA,IAAcC,OAAOC,QAAQC,mBAAAA,SAApC;AAIZ,IAAMC,cAAN,MAAMA,YAAAA;;EAEXC;EACAC;;EAGA,YAAYD,QAA0B;AACpC,QAAI,CAACA,OAAQ,OAAM,IAAIE,MAAM,2BAAA;AAE7B,SAAKF,SAASA;AACd,QAAI,CAACA,OAAOG,iBAAiB,CAACH,OAAOG,cAAcC,KAAI,EACrD,OAAM,IAAIF,MAAM,uBAAA;AAElB,QAAIF,OAAOG,cACT,MAAKH,OAAOG,gBAAgBE,QAAQL,OAAOG,aAAa;AAE1D,QAAI,CAACH,OAAOM,eAAe,CAACN,OAAOM,YAAYF,KAAI,EACjD,OAAM,IAAIF,MAAM,qBAAA;QACb,MAAKF,OAAOM,cAAcD,QAAQL,OAAOM,WAAW;AAEzD,SAAKN,OAAOO,eAAe;MACzB,GAAIP,OAAOO,gBAAgB,CAAC;MAC5B,oBAAoB,KAAKP,OAAOG;MAChC,0BAA0B,KAAKH,OAAOQ,YAAY;MAClD,gBAAgB;IAClB;AACA,SAAKR,OAAOQ,aAAYR,iCAAQQ,aAAY,IAAIJ,KAAI;EACtD;EAEAK,YAAY,8BACVC,SAAAA;AAvDJ;AA4DI,QAAI,CAACf,UAAAA,EACH,QAAO,KAAKgB,cAAc;MACxB,IAAIT,MAAM,2CAAA;KACX;AAEH,UAAMU,SAAS;MAAC;MAAU;MAAW;;AACrC,QAAIF,KAAKG,kBAAmBD,QAAOE,KAAK,gBAAA;AAExC,UAAMC,cAAsC;MAC1CC,cAAc,KAAKhB,OAAOM;MAC1BW,eAAeP,KAAKO,iBAAiB;MACrCC,OAAOC,OAAOC,mBAAAA,CAAAA;MACdC,OAAOF,OAAOC,mBAAAA,CAAAA;MACdE,eAAeZ,KAAKY;MACpBC,OAAOX,OAAOY,KAAK,GAAA;MACnBC,aAAW,UAAKzB,WAAL,mBAAaQ,aAAY;IACtC;AAEA,QAAIE,KAAKY,kBAAwBI,cAAcC,MAAM;AACnD,WAAK1B,eAAemB,mBAAAA;AACpB,YAAMQ,MAAM,MAAMC,OAAO,KAAK5B,YAAY;AAC1C,YAAM6B,gBAAgBC,yBAAyBH,GAAAA;AAC/Cb,kBAAYiB,iBAAiBF;IAC/B;AAEA,UAAMG,eAAe,GACnB,KAAKjC,OAAOG,aAAa,cACb+B,kBAAkBnB,WAAAA,CAAAA;AAEhC,QAAIA,YAAYE,kBAAkB,eAAe;AAC/CrB,aAAOuC,SAASC,QAAQH,YAAAA;AACxB,aAAO,KAAKI,WAAWC,MAAAA;IACzB;AAEA,QAAI;AACF,YAAMC,YAAY,MAAMC,cACtBP,cACA,KAAKjC,OAAOG,eACZsC,oCAAAA;AAGF,UAAI/B,KAAKY,kBAAwBI,cAAcC,MAAM;AAEnD,cAAMe,YACJ,MAAM,KAAKC,SAAS;UAClBC,MAAML,UAAUK;QAClB,CAAA;AACF,eAAOF,UAAUG,OAAOC,SACpB,KAAKnC,cAAc+B,UAAUG,MAAM,IACnC,KAAKR,WAAWK,UAAUhC,IAAI;MACpC;AAGA,aAAO,KAAK2B,WAAWE,SAAAA;IACzB,SAASQ,KAAK;AACZ,UAAIA,IAAIC,OAAO;AACbpD,eAAOuC,SAASC,QACd,GAAG,KAAKpC,OAAOG,aAAa,cAAcgB,OACxC8B,KAAKC,UAAU;UAAE1C,UAAU,KAAKR,OAAOQ;UAAUF,aAAa,KAAKN,OAAOM;UAAaH,eAAe,KAAKH,OAAOG;QAAc,CAAA,CAAA,CAAA,iBAChHgD,mBAAmB,KAAKnD,OAAOM,eAAe,EAAA,CAAA,EAAK;MAEzE;AAEA,aAAO,KAAKK,cAAcoC,GAAAA;IAC5B;EACF,GAvEY;EAyEZK,eAAe,mCAAA;AACb,QAAI;AACF,YAAMV,YACJ,MAAM,KAAKW,WAAU;AACvB,aAAOX,UAAUG,OAAOC,SACpB,KAAKnC,cAAc+B,UAAUG,MAAM,IACnC,KAAKR,WAAWK,UAAUhC,IAAI;IACpC,SAASqC,KAAK;AACZ,UAAI,CAACpD,UAAAA,GAAa;AAChB,eAAO;UACLe,MAAM4B;UACNO,QAAQ;YAAC,IAAI3C,MAAM,6CAAA;;QACrB;MACF;AAEAN,aAAOuC,SAASC,QACd,GAAG,KAAKpC,OAAOG,aAAa,cAAcgB,OACxC8B,KAAKC,UAAU;QAAE1C,UAAU,KAAKR,OAAOQ;QAAUF,aAAa,KAAKN,OAAOM;QAAaH,eAAe,KAAKH,OAAOG;MAAc,CAAA,CAAA,CAAA,iBAChHgD,mBAAmB,KAAKnD,OAAOM,eAAe,EAAA,CAAA,EAAK;AAEvE,aAAO,KAAKK,cAAcoC,GAAAA;IAC5B;EACF,GAtBe;EAwBfO,iBAAiB,8BACf5C,SAAAA;AAxJJ;AA0JI,QAAI,CAACA,KAAKQ,MAAOR,MAAKQ,QAAQC,OAAOC,mBAAAA,CAAAA;AAErC,QAAI,CAACV,KAAKM,aAAcN,MAAKM,eAAe,KAAKhB,OAAOM;AAExD,QAAI;AACF,YAAMiD,qBAAqB,MAAM,KAAKC,aAAa;QACjDC,OACE;QACFC,WAAW;UACThD;QACF;MACF,CAAA;AACA,eAAO6C,8DAAoBV,WAApBU,mBAA4BT,UAC/B,KAAKnC,cAAc4C,mBAAmBV,MAAM,IAC5C,KAAKR,WAAWkB,yDAAoB7C,KAAKiD,eAAAA;IAC/C,SAASX,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GArBiB;EAuBjBY,cAAc,mCAAA;AA9KhB;AA+KI,QAAI;AACF,YAAMC,MAAM,MAAM,KAAKL,aAAa;QAClCC,OACE;MACJ,CAAA;AAEA,eAAOI,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,WAAWwB,IAAInD,KAAKoD,IAAI;IACnC,SAASd,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GAbc;EAede,aAAa,8BACXC,YAAAA;AA9LJ;AAgMI,QAAI;AACF,YAAMC,aAAa,MAAM,KAAKT,aAAa;QACzCC,OAAO,qBAAqBjE,YAAAA;QAC5BwE;MACF,CAAA;AAEA,eAAOC,8CAAYpB,WAAZoB,mBAAoBnB,UACvB,KAAKnC,cAAcsD,WAAWpB,MAAM,IACpC,KAAKR,WAAW4B,WAAWvD,KAAKwD,OAAO;IAC7C,SAASlB,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GAfa;;EAkBbK,aAAa,8BACXW,SACAG,WAAAA;AAjNJ;AAmNI,QAAI;AACF,YAAMN,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO,6EAA6EhE,iBAAAA;QACpFuE;QACAN,WAAW;UACTS;QACF;MACF,CAAA;AACA,eAAON,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUO,OAAAA;IAChC,SAASrB,KAAK;AACZ,aAAO,KAAKpC,cAAcoC,GAAAA;IAC5B;EACF,GAlBa;EAoBbJ,WAAW,8BACTjC,SAAAA;AAEA,QAAI,CAACA,KAAK2D,WAAY3D,MAAK2D,aAAa;AAExC,QAAI3D,KAAK2D,eAAe,mBAAmB,CAAC3D,KAAK4D,cAC/C,QAAO,KAAK3D,cAAc;MAAC,IAAIT,MAAM,uBAAA;KAAyB;AAEhE,QAAIQ,KAAK2D,eAAe,wBAAwB,CAAC,KAAKpE,aACpD,QAAO,KAAKU,cAAc;MAAC,IAAIT,MAAM,uBAAA;KAAyB;AAEhE,UAAMa,cAAc;MAClBU,WAAW,KAAKzB,OAAOQ;MACvBoC,MAAMlC,KAAKkC,QAAQ;MACnB2B,eAAe,KAAKtE,gBAAgB;MACpCoE,YAAY3D,KAAK2D,cAAc;MAC/BC,eAAe5D,KAAK4D,iBAAiB;IACvC;AAEA,QAAI;AACF,YAAME,UAAU9E,WAAAA;AAChB,YAAMmE,MAAM,MAAMW,QAAQ,GAAG,KAAKxE,OAAOG,aAAa,gBAAgB;QACpEsE,QAAQ;QACRC,MAAMzB,KAAKC,UAAUnC,WAAAA;QACrBiD,SAAS;UACP,GAAG,KAAKhE,OAAOO;QACjB;QACAoE,aAAa;MACf,CAAA;AAEA,YAAMC,OAAO,MAAMf,IAAIe,KAAI;AAC3B,UAAIf,IAAIgB,UAAU,IAChB,QAAO,KAAKlE,cAAc;QACxB,IAAIT,MAAM0E,KAAKE,qBAAqBF,KAAK5B,KAAK;OAC/C;AAEH,aAAO,KAAKX,WAAWuC,IAAAA;IACzB,SAAS7B,KAAK;AACZ,aAAO,KAAKpC,cAAcoC,GAAAA;IAC5B;EACF,GAxCW;EA0CXgC,QAAQ,8BACNrE,SAAAA;AA9QJ;AAgRI,QAAI;AACF,YAAMmD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;qEACsDhE,iBAAAA;;QAE7DiE,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUkB,KAAAA;IAChC,SAAShC,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAAC,IAAIT,MAAM6C,GAAAA;OAAK;IAC5C;EACF,GAjBQ;EAmBRiC,SAAS,8BACPhB,YAAAA;AAjSJ;AAmSI,QAAI;AACF,YAAMH,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;QACPO;MACF,CAAA;AACA,eAAOH,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUoB,QAAAA;IAChC,SAASlC,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GAdS;EAgBTmC,iBAAiB,8BACfxE,SAAAA;AAjTJ;AAmTI,QAAI;AACF,UAAI,CAACA,KAAKQ,MAAOR,MAAKQ,QAAQC,OAAOC,mBAAAA,CAAAA;AAErC,UAAI,CAACV,KAAKM,aAAcN,MAAKM,eAAe,KAAKhB,OAAOM;AAExD,YAAMuD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;;;QAGPC,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUsB,gBAAAA;IAChC,SAASpC,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GArBiB;EAuBjBqC,aAAa,8BACXC,eACAC,OACAtE,cACAE,UAAAA;AAEA,QAAIqE,WAAWrE;AACf,QAAI,CAACqE,UAAU;AACbA,iBAAWpE,OAAOC,mBAAAA,CAAAA;IACpB;AAGA,QAAI,CAACoE,OAAOC,OAAaC,cAAc,EAAEC,SAASN,aAAAA,GAAgB;AAChE,YAAM,IAAInF,MACR,iDAAiDsF,OAAOC,OACtDJ,aAAAA,EACAO,SAAQ,CAAA,EAAI;IAElB;AACA,QAAI,CAACjG,UAAAA,EACH,OAAM,IAAIO,MAAM,2CAAA;AAElB,QAAIoF,SAASA,MAAMxC,OAAQyC,aAAY,UAAUD,MAAM9D,KAAK,GAAA,CAAA;AAE5D5B,WAAOuC,SAASC,QACd,GAAG,KAAKpC,OAAOG,aAAa,gBAAgBkF,aAAAA,iBAA8BlC,mBACxEnC,gBAAgB,KAAKhB,OAAOM,eAAe,EAAA,CAAA,UAClC6C,mBAAmBoC,QAAAA,CAAAA,EAAW;EAE7C,GA7Ba;EA+BbM,YAAY,8BACVnF,SAAAA;AAvWJ;AAyWI,QAAI;AACF,YAAMmD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;;;QAGPC,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUiC,UAAAA;IAChC,SAAS/C,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GAjBY;EAmBZgD,gBAAgB,8BACdrF,SAAAA;AA1XJ;AA4XI,QAAI;AACF,YAAMsF,mBAAmB,MAAM,KAAKxC,aAAa;QAC/CC,OACE;QACFC,WAAW;UACThD;QACF;MACF,CAAA;AACA,eAAOsF,0DAAkBnD,WAAlBmD,mBAA0BlD,UAC7B,KAAKnC,cAAcqF,iBAAiBnD,MAAM,IAC1C,KAAKR,YAAW2D,sBAAiBtF,SAAjBsF,mBAAuBC,cAAAA;IAC7C,SAASjD,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GAjBgB;EAmBhBkD,cAAc,8BAAOxF,SAAAA;AACnB,QAAI,CAACA,KAAK4D,iBAAiB,CAAC5D,KAAK4D,cAAclE,KAAI,EACjD,QAAO,KAAKO,cAAc;MAAC,IAAIT,MAAM,uBAAA;KAAyB;AAEhE,UAAMsE,UAAU9E,WAAAA;AAChB,UAAMmE,MAAM,MAAMW,QAAQ,GAAG,KAAKxE,OAAOG,aAAa,iBAAiB;MACrEsE,QAAQ;MACRT,SAAS;QACP,GAAG,KAAKhE,OAAOO;MACjB;MACAmE,MAAMzB,KAAKC,UAAU;QACnBoB,eAAe5D,KAAK4D;QACpB7C,WAAW,KAAKzB,OAAOQ;MACzB,CAAA;IACF,CAAA;AAEA,UAAM2F,eAAe,MAAMtC,IAAIe,KAAI;AACnC,WAAO,KAAKvC,WAAW8D,YAAAA;EACzB,GAlBc;EAoBdC,SAAS,8BACP1F,SAAAA;AAjaJ;AAmaI,QAAI;AACF,YAAMmD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;wEACyDhE,iBAAAA;;QAEhEiE,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUuC,MAAAA;IAChC,SAASrD,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GAjBS;EAmBTsD,gBAAgB,8BACd3F,MACAsD,YAAAA;AArbJ;AAubI,QAAI;AACF,YAAMsC,mBAAmB,MAAM,KAAK9C,aAAa;QAC/CC,OACE;QACFO;QACAN,WAAW;UACThD;QACF;MACF,CAAA;AAEA,eAAO4F,0DAAkBzD,WAAlByD,mBAA0BxD,UAC7B,KAAKnC,cAAc2F,iBAAiBzD,MAAM,IAC1C,KAAKR,YAAWiE,sBAAiB5F,SAAjB4F,mBAAuBC,cAAAA;IAC7C,SAASvD,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GApBgB;EAsBhBwD,oBAAoB,8BAClBxC,YAAAA;AA1cJ;AA4cI,QAAI;AACF,YAAMH,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;QACPO;MACF,CAAA;AACA,eAAOH,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAU4C,kBAAAA;IAChC,SAASzD,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GAdoB;EAgBpB0D,mBAAmB,8BACjBvC,WAAAA;AA1dJ;AA4dI,QAAI;AACF,YAAMN,MAAM,MAAM,KAAKL,aAAa;QAClCC,OACE;QACFC,WAAW;UACTS;QACF;MACF,CAAA;AAEA,eAAON,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAU8C,kBAAAA;IAChC,SAAS3D,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GAlBmB;EAoBnB4D,kBAAkB,8BAChBzC,WAAAA;AA9eJ;AAgfI,QAAI;AACF,YAAMN,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO,8GAA8GjE,YAAAA;QACrHkE,WAAW;UACTS;QACF;MACF,CAAA;AAEA,eAAON,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUgD,gBAAAA;IAChC,SAAS7D,OAAO;AACd,aAAO,KAAKrC,cAAc;QAACqC;OAAM;IACnC;EACF,GAjBkB;EAmBlB8D,cAAc,8BACZpG,SAAAA;AAjgBJ;AAmgBI,QAAI;AACF,YAAMmD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;wFACyEhE,iBAAAA;;QAEhFiE,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUkD,YAAAA;IAChC,SAAShE,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GAjBc;EAmBdiE,oBAAoB,8BAClBtG,SAAAA;AAphBJ;AAshBI,QAAI;AACF,YAAMmD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;;;QAGPC,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUoD,mBAAAA;IAChC,SAASlE,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GAjBoB;EAmBpBmE,YAAY,8BACVxG,SAAAA;AAviBJ;AAyiBI,QAAI;AACF,YAAMmD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;kFACmEhE,iBAAAA;;QAE1EiE,WAAW;UAAEhD;QAAK;MACpB,CAAA;AAEA,eAAOmD,gCAAKhB,WAALgB,mBAAaf,UAChB,KAAKnC,cAAckD,IAAIhB,MAAM,IAC7B,KAAKR,YAAWwB,SAAInD,SAAJmD,mBAAUsD,UAAAA;IAChC,SAASpE,KAAK;AACZ,aAAO,KAAKpC,cAAc;QAACoC;OAAI;IACjC;EACF,GAjBY;;;EAqBZS,eAAe,8BACb9C,SAAAA;AA5jBJ;AA8jBI,UAAM8D,UAAU9E,WAAAA;AAChB,UAAMmE,MAAM,MAAMW,QAAQ,GAAG,KAAKxE,OAAOG,aAAa,YAAY;MAChEsE,QAAQ;MACRC,MAAMzB,KAAKC,UAAU;QACnBO,OAAO/C,KAAK+C;QACZC,WAAWhD,KAAKgD,aAAa,CAAC;MAChC,CAAA;MACAM,SAAS;QACP,GAAG,KAAKhE,OAAOO;QACf,GAAIG,KAAKsD,WAAW,CAAC;MACvB;MACAW,aAAa;IACf,CAAA;AAEA,UAAMC,OAAO,MAAMf,IAAIe,KAAI;AAE3B,SAAIA,kCAAM/B,WAAN+B,mBAAc9B,QAAQ;AACxB,aAAO;QAAEpC,MAAM4B;QAAWO,QAAQ+B,KAAK/B;MAAO;IAChD;AAEA,WAAO;MAAEnC,MAAMkE,KAAKlE;MAAMmC,QAAQ,CAAA;IAAG;EACvC,GAxBe;EA0BflC,gBAAgB,wBAACkC,WAAAA;AACf,WAAO;MACLnC,MAAM4B;MACNO;IACF;EACF,GALgB;EAOhBR,aAAa,wBAAC3B,SAAAA;AACZ,WAAO;MACLA;MACAmC,QAAQ,CAAA;IACV;EACF,GALa;AAMf;AAzkBa9C;AAAN,IAAMA,aAAN;","names":["DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","CLEANUP_IFRAME_TIMEOUT_IN_SECONDS","OAuthProviders","ResponseTypes","hasWindow","window","trimURL","url","trimmedData","trim","lastChar","length","slice","getCrypto","crypto","msCrypto","getCryptoSubtle","subtle","webkitSubtle","createRandomString","charset","random","randomValues","Array","from","getRandomValues","Uint8Array","forEach","v","encode","value","btoa","Buffer","toString","createQueryParams","params","Object","keys","filter","k","map","encodeURIComponent","join","sha256","s","digestOp","getCryptoSubtle","digest","name","TextEncoder","encode","window","msCrypto","Promise","resolve","reject","oncomplete","e","target","result","onerror","error","onabort","Error","urlEncodeB64","input","b64Chars","replace","m","bufferToBase64UrlEncoded","input","ie11SafeInput","Uint8Array","urlEncodeB64","window","btoa","String","fromCharCode","Array","from","executeIframe","authorizeUrl","eventOrigin","timeoutInSeconds","DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","Promise","resolve","reject","iframe","document","createElement","setAttribute","style","display","removeIframe","body","contains","removeChild","removeEventListener","iframeEventHandler","timeoutSetTimeoutId","setTimeout","Error","e","origin","data","response","eventSource","source","close","error","clearTimeout","CLEANUP_IFRAME_TIMEOUT_IN_SECONDS","addEventListener","appendChild","userFragment","authTokenFragment","getFetcher","hasWindow","window","fetch","crossFetch","Authorizer","config","codeVerifier","Error","authorizerURL","trim","trimURL","redirectURL","extraHeaders","clientID","authorize","data","errorResponse","scopes","use_refresh_token","push","requestData","redirect_uri","response_mode","state","encode","createRandomString","nonce","response_type","scope","join","client_id","ResponseTypes","Code","sha","sha256","codeChallenge","bufferToBase64UrlEncoded","code_challenge","authorizeURL","createQueryParams","location","replace","okResponse","undefined","iframeRes","executeIframe","DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","tokenResp","getToken","code","errors","length","err","error","JSON","stringify","encodeURIComponent","browserLogin","getSession","forgotPassword","forgotPasswordResp","graphqlQuery","query","variables","forgot_password","getMetaData","res","meta","getProfile","headers","profileRes","profile","params","session","grant_type","refresh_token","code_verifier","fetcher","method","body","credentials","json","status","error_description","login","logout","response","magicLinkLogin","magic_link_login","oauthLogin","oauthProvider","roles","urlState","Object","values","OAuthProviders","includes","toString","resendOtp","resend_otp","resetPassword","resetPasswordRes","reset_password","revokeToken","responseData","signup","updateProfile","updateProfileRes","update_profile","deactivateAccount","deactivate_account","validateJWTToken","validate_jwt_token","validateSession","validate_session","verifyEmail","verify_email","resendVerifyEmail","resend_verify_email","verifyOtp","verify_otp"]}
1	+ {"version":3,"sources":["../src/index.ts","../src/constants.ts","../src/types.ts","../src/utils.ts"],"sourcesContent":["// Note: write gql query in single line to reduce bundle size\nimport crossFetch from 'cross-fetch';\nimport { DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS } from './constants';\nimport * as Types from './types';\nimport {\n bufferToBase64UrlEncoded,\n createQueryParams,\n createRandomString,\n encode,\n executeIframe,\n hasWindow,\n sha256,\n trimURL,\n} from './utils';\n\n// re-usable gql response fragment\nconst userFragment =\n 'id email email_verified given_name family_name middle_name nickname preferred_username picture signup_methods gender birthdate phone_number phone_number_verified roles created_at updated_at revoked_timestamp is_multi_factor_auth_enabled app_data';\nconst authTokenFragment = `message access_token expires_in refresh_token id_token should_show_email_otp_screen should_show_mobile_otp_screen should_show_totp_screen authenticator_scanner_image authenticator_secret authenticator_recovery_codes user { ${userFragment} }`;\n\n// set fetch based on window object. Cross fetch have issues with umd build\nconst getFetcher = () => (hasWindow() ? window.fetch : crossFetch);\n\nfunction toErrorList(errors: unknown): Error[] {\n if (Array.isArray(errors)) {\n return errors.map((item) => {\n if (item instanceof Error) return item;\n if (item && typeof item === 'object' && 'message' in item)\n return new Error(String((item as { message: unknown }).message));\n return new Error(String(item));\n });\n }\n if (errors instanceof Error) return [errors];\n if (errors !== null && typeof errors === 'object') {\n const o = errors as Record<string, unknown>;\n if (typeof o.error_description === 'string')\n return [new Error(o.error_description)];\n if (typeof o.error === 'string') {\n const desc =\n typeof o.error_description === 'string'\n ? `: ${o.error_description}`\n : '';\n return [new Error(`${o.error}${desc}`)];\n }\n if (typeof o.message === 'string') return [new Error(o.message)];\n }\n if (errors === undefined \|\| errors === null)\n return [new Error('Unknown error')];\n return [new Error(String(errors))];\n}\n\nexport * from './types';\n\n/*\n Client for the Authorizer API. All network calls go to `config.authorizerURL`\n * with cookies included where the runtime allows; only configure URLs you trust.\n /\nexport class Authorizer {\n // class variable\n config: Types.ConfigType;\n codeVerifier: string;\n\n // constructor\n constructor(config: Types.ConfigType) {\n if (!config) throw new Error('Configuration is required');\n\n this.config = config;\n if (!config.authorizerURL?.trim()) throw new Error('Invalid authorizerURL');\n\n this.config.authorizerURL = trimURL(config.authorizerURL);\n\n if (!config.redirectURL?.trim()) throw new Error('Invalid redirectURL');\n this.config.redirectURL = trimURL(config.redirectURL);\n this.config.clientID = (config?.clientID \|\| '').trim();\n\n this.config.extraHeaders = {\n ...(config.extraHeaders \|\| {}),\n 'x-authorizer-url': config.authorizerURL,\n 'x-authorizer-client-id': config.clientID \|\| '',\n 'Content-Type': 'application/json',\n };\n }\n\n authorize = async (\n data: Types.AuthorizeRequest,\n ): Promise<\n \| Types.ApiResponse<Types.GetTokenResponse>\n \| Types.ApiResponse<Types.AuthorizeResponse>\n > => {\n if (!hasWindow())\n return this.errorResponse([\n new Error('this feature is only supported in browser'),\n ]);\n\n const scopes = ['openid', 'profile', 'email'];\n if (data.use_refresh_token) scopes.push('offline_access');\n\n const requestData: Record<string, string> = {\n redirect_uri: this.config.redirectURL,\n response_mode: data.response_mode \|\| 'web_message',\n state: encode(createRandomString()),\n nonce: encode(createRandomString()),\n response_type: data.response_type,\n scope: scopes.join(' '),\n client_id: this.config?.clientID \|\| '',\n };\n\n if (data.response_type === Types.ResponseTypes.Code) {\n this.codeVerifier = createRandomString();\n const sha = await sha256(this.codeVerifier);\n const codeChallenge = bufferToBase64UrlEncoded(sha);\n requestData.code_challenge = codeChallenge;\n requestData.code_challenge_method = 'S256';\n }\n\n const authorizeURL = `${\n this.config.authorizerURL\n }/authorize?${createQueryParams(requestData)}`;\n\n if (requestData.response_mode !== 'web_message') {\n window.location.replace(authorizeURL);\n return this.okResponse(undefined);\n }\n\n try {\n const iframeRes = await executeIframe(\n authorizeURL,\n this.config.authorizerURL,\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n );\n\n if (data.response_type === Types.ResponseTypes.Code) {\n // get token and return it\n const tokenResp: Types.ApiResponse<Types.GetTokenResponse> =\n await this.getToken({\n code: iframeRes.code,\n });\n return tokenResp.errors.length\n ? this.errorResponse(tokenResp.errors)\n : this.okResponse(tokenResp.data);\n }\n\n // this includes access_token, id_token & refresh_token(optionally)\n return this.okResponse(iframeRes);\n } catch (err) {\n if (err.error) {\n window.location.replace(\n `${this.config.authorizerURL}/app?state=${encode(\n JSON.stringify({\n clientID: this.config.clientID,\n redirectURL: this.config.redirectURL,\n authorizerURL: this.config.authorizerURL,\n }),\n )}&redirect_uri=${encodeURIComponent(this.config.redirectURL \|\| '')}`,\n );\n }\n\n return this.errorResponse(err);\n }\n };\n\n browserLogin = async (): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const tokenResp: Types.ApiResponse<Types.AuthToken> =\n await this.getSession();\n return tokenResp.errors.length\n ? this.errorResponse(tokenResp.errors)\n : this.okResponse(tokenResp.data);\n } catch (err) {\n if (!hasWindow()) {\n return {\n data: undefined,\n errors: [new Error('browserLogin is only supported for browsers')],\n };\n }\n\n window.location.replace(\n `${this.config.authorizerURL}/app?state=${encode(\n JSON.stringify({\n clientID: this.config.clientID,\n redirectURL: this.config.redirectURL,\n authorizerURL: this.config.authorizerURL,\n }),\n )}&redirect_uri=${encodeURIComponent(this.config.redirectURL \|\| '')}`,\n );\n return this.errorResponse(err);\n }\n };\n\n forgotPassword = async (\n data: Types.ForgotPasswordRequest,\n ): Promise<Types.ApiResponse<Types.ForgotPasswordResponse>> => {\n if (!data.state) data.state = encode(createRandomString());\n\n if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;\n\n try {\n const forgotPasswordResp = await this.graphqlQuery({\n query:\n 'mutation forgotPassword($data: ForgotPasswordRequest!) {\tforgot_password(params: $data) { message should_show_mobile_otp_screen } }',\n variables: {\n data,\n },\n });\n return forgotPasswordResp?.errors?.length\n ? this.errorResponse(forgotPasswordResp.errors)\n : this.okResponse(forgotPasswordResp?.data?.forgot_password);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n getMetaData = async (): Promise<Types.ApiResponse<Types.MetaData>> => {\n try {\n const res = await this.graphqlQuery({\n query:\n 'query { meta { version client_id is_google_login_enabled is_facebook_login_enabled is_github_login_enabled is_linkedin_login_enabled is_apple_login_enabled is_twitter_login_enabled is_microsoft_login_enabled is_twitch_login_enabled is_roblox_login_enabled is_email_verification_enabled is_basic_authentication_enabled is_magic_link_login_enabled is_sign_up_enabled is_strong_password_enabled is_multi_factor_auth_enabled is_mobile_basic_authentication_enabled is_phone_verification_enabled } }',\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data.meta);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n getProfile = async (\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.User>> => {\n try {\n const profileRes = await this.graphqlQuery({\n query: `query {\tprofile { ${userFragment} } }`,\n headers,\n });\n\n return profileRes?.errors?.length\n ? this.errorResponse(profileRes.errors)\n : this.okResponse(profileRes.data.profile);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n // this is used to verify / get session using cookie by default. If using node.js pass authorization header\n getSession = async (\n headers?: Types.Headers,\n params?: Types.SessionQueryRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `query getSession($params: SessionQueryRequest){session(params: $params) { ${authTokenFragment} } }`,\n headers,\n variables: {\n params,\n },\n });\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.session);\n } catch (err) {\n return this.errorResponse(err);\n }\n };\n\n getToken = async (\n data: Types.GetTokenRequest,\n ): Promise<Types.ApiResponse<Types.GetTokenResponse>> => {\n if (!data.grant_type) data.grant_type = 'authorization_code';\n\n if (data.grant_type === 'refresh_token' && !data.refresh_token?.trim())\n return this.errorResponse([new Error('Invalid refresh_token')]);\n\n if (data.grant_type === 'authorization_code' && !this.codeVerifier)\n return this.errorResponse([new Error('Invalid code verifier')]);\n\n const requestData = {\n client_id: this.config.clientID,\n code: data.code \|\| '',\n code_verifier: this.codeVerifier \|\| '',\n grant_type: data.grant_type \|\| '',\n refresh_token: data.refresh_token \|\| '',\n };\n\n try {\n const fetcher = getFetcher();\n const res = await fetcher(`${this.config.authorizerURL}/oauth/token`, {\n method: 'POST',\n body: JSON.stringify(requestData),\n headers: {\n ...this.config.extraHeaders,\n },\n credentials: 'include',\n });\n\n const text = await res.text();\n let json: {\n error?: string;\n error_description?: string;\n } & Record<string, unknown> = {};\n if (text) {\n try {\n json = JSON.parse(text);\n } catch {\n return this.errorResponse([\n new Error(\n res.ok\n ? 'Invalid JSON from token endpoint'\n : `HTTP ${res.status}`,\n ),\n ]);\n }\n }\n if (!res.ok) {\n return this.errorResponse([\n new Error(\n String(\n json.error_description \|\| json.error \|\| `HTTP ${res.status}`,\n ),\n ),\n ]);\n }\n\n return this.okResponse(json);\n } catch (err) {\n return this.errorResponse(err);\n }\n };\n\n login = async (\n data: Types.LoginRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation login($data: LoginRequest!) { login(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.login);\n } catch (err) {\n return this.errorResponse(err);\n }\n };\n\n logout = async (\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: ' mutation { logout { message } } ',\n headers,\n });\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.logout);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n magicLinkLogin = async (\n data: Types.MagicLinkLoginRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n if (!data.state) data.state = encode(createRandomString());\n\n if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;\n\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation magicLinkLogin($data: MagicLinkLoginRequest!) { magic_link_login(params: $data) { message }}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.magic_link_login);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n oauthLogin = async (\n oauthProvider: string,\n roles?: string[],\n redirect_uri?: string,\n state?: string,\n ): Promise<void> => {\n let urlState = state;\n if (!urlState) {\n urlState = encode(createRandomString());\n }\n\n const oauthProviderIds = Object.values(Types.OAuthProviders) as string[];\n if (!oauthProviderIds.includes(oauthProvider)) {\n throw new Error(\n `only following oauth providers are supported: ${oauthProviderIds.join(', ')}`,\n );\n }\n if (!hasWindow())\n throw new Error('oauthLogin is only supported for browsers');\n\n if (roles && roles.length) urlState += `&roles=${roles.join(',')}`;\n\n window.location.replace(\n `${this.config.authorizerURL}/oauth_login/${oauthProvider}?redirect_uri=${encodeURIComponent(\n redirect_uri \|\| this.config.redirectURL \|\| '',\n )}&state=${encodeURIComponent(urlState)}`,\n );\n };\n\n resendOtp = async (\n data: Types.ResendOtpRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation resendOtp($data: ResendOTPRequest!) { resend_otp(params: $data) { message }}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.resend_otp);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n resetPassword = async (\n data: Types.ResetPasswordRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const resetPasswordRes = await this.graphqlQuery({\n query:\n 'mutation resetPassword($data: ResetPasswordRequest!) {\treset_password(params: $data) { message } }',\n variables: {\n data,\n },\n });\n return resetPasswordRes?.errors?.length\n ? this.errorResponse(resetPasswordRes.errors)\n : this.okResponse(resetPasswordRes.data?.reset_password);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n revokeToken = async (data: { refresh_token: string }) => {\n if (!data.refresh_token?.trim())\n return this.errorResponse([new Error('Invalid refresh_token')]);\n\n try {\n const fetcher = getFetcher();\n const res = await fetcher(`${this.config.authorizerURL}/oauth/revoke`, {\n method: 'POST',\n headers: {\n ...this.config.extraHeaders,\n },\n body: JSON.stringify({\n refresh_token: data.refresh_token,\n client_id: this.config.clientID,\n }),\n });\n\n const text = await res.text();\n let responseData: Record<string, unknown> = {};\n if (text) {\n try {\n responseData = JSON.parse(text) as Record<string, unknown>;\n } catch {\n return this.errorResponse([\n new Error(\n res.ok\n ? 'Invalid JSON from revoke endpoint'\n : `HTTP ${res.status}`,\n ),\n ]);\n }\n }\n\n if (!res.ok) {\n const errBody = responseData as {\n error?: string;\n error_description?: string;\n };\n return this.errorResponse([\n new Error(\n String(\n errBody.error_description \|\|\n errBody.error \|\|\n `HTTP ${res.status}`,\n ),\n ),\n ]);\n }\n\n return this.okResponse(responseData);\n } catch (err) {\n return this.errorResponse(err);\n }\n };\n\n signup = async (\n data: Types.SignUpRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation signup($data: SignUpRequest!) { signup(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.signup);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n updateProfile = async (\n data: Types.UpdateProfileRequest,\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const updateProfileRes = await this.graphqlQuery({\n query:\n 'mutation updateProfile($data: UpdateProfileRequest!) {\tupdate_profile(params: $data) { message } }',\n headers,\n variables: {\n data,\n },\n });\n\n return updateProfileRes?.errors?.length\n ? this.errorResponse(updateProfileRes.errors)\n : this.okResponse(updateProfileRes.data?.update_profile);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n deactivateAccount = async (\n headers?: Types.Headers,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: 'mutation deactivateAccount { deactivate_account { message } }',\n headers,\n });\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.deactivate_account);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n validateJWTToken = async (\n params?: Types.ValidateJWTTokenRequest,\n ): Promise<Types.ApiResponse<Types.ValidateJWTTokenResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query:\n 'query validateJWTToken($params: ValidateJWTTokenRequest!){validate_jwt_token(params: $params) { is_valid claims } }',\n variables: {\n params,\n },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.validate_jwt_token);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n validateSession = async (\n params?: Types.ValidateSessionRequest,\n ): Promise<Types.ApiResponse<Types.ValidateSessionResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: `query validateSession($params: ValidateSessionRequest){validate_session(params: $params) { is_valid user { ${userFragment} } } }`,\n variables: {\n params,\n },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.validate_session);\n } catch (error) {\n return this.errorResponse([error]);\n }\n };\n\n verifyEmail = async (\n data: Types.VerifyEmailRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation verifyEmail($data: VerifyEmailRequest!) { verify_email(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.verify_email);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n resendVerifyEmail = async (\n data: Types.ResendVerifyEmailRequest,\n ): Promise<Types.ApiResponse<Types.GenericResponse>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation resendVerifyEmail($data: ResendVerifyEmailRequest!) { resend_verify_email(params: $data) { message }}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.resend_verify_email);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n verifyOtp = async (\n data: Types.VerifyOtpRequest,\n ): Promise<Types.ApiResponse<Types.AuthToken>> => {\n try {\n const res = await this.graphqlQuery({\n query: `\n\t\t\t\t\tmutation verifyOtp($data: VerifyOTPRequest!) { verify_otp(params: $data) { ${authTokenFragment}}}\n\t\t\t\t`,\n variables: { data },\n });\n\n return res?.errors?.length\n ? this.errorResponse(res.errors)\n : this.okResponse(res.data?.verify_otp);\n } catch (err) {\n return this.errorResponse([err]);\n }\n };\n\n // helper to execute graphql queries\n // takes in any query or mutation string as value\n graphqlQuery = async (\n data: Types.GraphqlQueryRequest,\n ): Promise<Types.GrapQlResponseType> => {\n const fetcher = getFetcher();\n const res = await fetcher(`${this.config.authorizerURL}/graphql`, {\n method: 'POST',\n body: JSON.stringify({\n query: data.query,\n variables: data.variables \|\| {},\n }),\n headers: {\n ...this.config.extraHeaders,\n ...(data.headers \|\| {}),\n },\n credentials: 'include',\n });\n\n const text = await res.text();\n let json: { data?: unknown; errors?: unknown[] } = {};\n if (text) {\n try {\n json = JSON.parse(text);\n } catch {\n return {\n data: undefined,\n errors: [\n new Error(\n res.ok\n ? 'Invalid JSON from GraphQL endpoint'\n : `HTTP ${res.status}`,\n ),\n ],\n };\n }\n } else if (!res.ok) {\n return {\n data: undefined,\n errors: [new Error(`HTTP ${res.status}`)],\n };\n }\n\n if (json?.errors?.length) {\n return { data: undefined, errors: toErrorList(json.errors) };\n }\n\n if (!res.ok) {\n return {\n data: undefined,\n errors: [new Error(`HTTP ${res.status}`)],\n };\n }\n\n return { data: json.data, errors: [] };\n };\n\n errorResponse = (errors: unknown): Types.ApiResponse<any> => {\n return {\n data: undefined,\n errors: toErrorList(errors),\n };\n };\n\n okResponse = (data: any): Types.ApiResponse<any> => {\n return {\n data,\n errors: [],\n };\n };\n}\n","export const DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS = 60;\nexport const CLEANUP_IFRAME_TIMEOUT_IN_SECONDS = 2;\nexport const AUTHORIZE_IFRAME_TIMEOUT = 5;\n","export interface GrapQlResponseType {\n data: any \| undefined;\n errors: Error[];\n}\nexport interface ApiResponse<T> {\n errors: Error[];\n data: T \| undefined;\n}\n/\n SDK configuration. Requests use `credentials: 'include'`, so cookies for the\n * Authorizer instance are sent to `authorizerURL`. That URL must be the exact,\n * trusted origin of your Authorizer deployment (correct scheme, host, and port).\n * A mistaken or attacker-controlled URL can leak session credentials.\n /\nexport interface ConfigType {\n authorizerURL: string;\n redirectURL: string;\n clientID?: string;\n extraHeaders?: Record<string, string>;\n}\n\n// Pagination\nexport interface Pagination {\n limit: number;\n page: number;\n offset: number;\n total: number;\n}\n\n// Meta\nexport interface Meta {\n version: string;\n client_id: string;\n is_google_login_enabled: boolean;\n is_facebook_login_enabled: boolean;\n is_github_login_enabled: boolean;\n is_linkedin_login_enabled: boolean;\n is_apple_login_enabled: boolean;\n is_discord_login_enabled: boolean;\n is_twitter_login_enabled: boolean;\n is_microsoft_login_enabled: boolean;\n is_twitch_login_enabled: boolean;\n is_roblox_login_enabled: boolean;\n is_email_verification_enabled: boolean;\n is_basic_authentication_enabled: boolean;\n is_magic_link_login_enabled: boolean;\n is_sign_up_enabled: boolean;\n is_strong_password_enabled: boolean;\n is_multi_factor_auth_enabled: boolean;\n is_mobile_basic_authentication_enabled: boolean;\n is_phone_verification_enabled: boolean;\n}\n\n// User\nexport interface User {\n id: string;\n email: string \| null;\n email_verified: boolean;\n signup_methods: string;\n given_name: string \| null;\n family_name: string \| null;\n middle_name: string \| null;\n nickname: string \| null;\n preferred_username: string \| null;\n gender: string \| null;\n birthdate: string \| null;\n phone_number: string \| null;\n phone_number_verified: boolean;\n picture: string \| null;\n roles: string[];\n created_at: number \| null;\n updated_at: number \| null;\n revoked_timestamp: number \| null;\n is_multi_factor_auth_enabled: boolean \| null;\n app_data: Record<string, any> \| null;\n}\n\n// Users\nexport interface Users {\n pagination: Pagination;\n users: User[];\n}\n\n// VerificationRequest\nexport interface VerificationRequest {\n id: string;\n identifier: string \| null;\n token: string \| null;\n email: string \| null;\n expires: number \| null;\n created_at: number \| null;\n updated_at: number \| null;\n nonce: string \| null;\n redirect_uri: string \| null;\n}\n\n// VerificationRequests\nexport interface VerificationRequests {\n pagination: Pagination;\n verification_requests: VerificationRequest[];\n}\n\n// AuthorizerError (GraphQL Error type - renamed to avoid conflict with native Error)\nexport interface AuthorizerError {\n message: string;\n reason: string;\n}\n\n// AuthResponse\nexport interface AuthResponse {\n message: string;\n should_show_email_otp_screen: boolean \| null;\n should_show_mobile_otp_screen: boolean \| null;\n should_show_totp_screen: boolean \| null;\n access_token: string \| null;\n id_token: string \| null;\n refresh_token: string \| null;\n expires_in: number \| null;\n user: User \| null;\n authenticator_scanner_image: string \| null;\n authenticator_secret: string \| null;\n authenticator_recovery_codes: string[] \| null;\n}\n\n// Keep AuthToken as alias for backward compatibility\nexport type AuthToken = AuthResponse;\n\n// Response\nexport interface Response {\n message: string;\n}\n\n// Keep GenericResponse as alias for backward compatibility\nexport type GenericResponse = Response;\n\n// ForgotPasswordResponse\nexport interface ForgotPasswordResponse {\n message: string;\n should_show_mobile_otp_screen: boolean \| null;\n}\n\n// InviteMembersResponse\nexport interface InviteMembersResponse {\n message: string;\n Users: User[];\n}\n\n// LoginRequest\nexport interface LoginRequest {\n email?: string \| null;\n phone_number?: string \| null;\n password: string;\n roles?: string[] \| null;\n scope?: string[] \| null;\n state?: string \| null;\n}\n\n// SignUpRequest\nexport interface SignUpRequest {\n email?: string \| null;\n given_name?: string \| null;\n family_name?: string \| null;\n middle_name?: string \| null;\n nickname?: string \| null;\n gender?: string \| null;\n birthdate?: string \| null;\n phone_number?: string \| null;\n picture?: string \| null;\n password: string;\n confirm_password: string;\n roles?: string[] \| null;\n scope?: string[] \| null;\n redirect_uri?: string \| null;\n is_multi_factor_auth_enabled?: boolean \| null;\n state?: string \| null;\n app_data?: Record<string, any> \| null;\n}\n\n// Keep SignupRequest as alias for backward compatibility\nexport type SignupRequest = SignUpRequest;\n\n// MagicLinkLoginRequest\nexport interface MagicLinkLoginRequest {\n email: string;\n roles?: string[] \| null;\n scope?: string[] \| null;\n state?: string \| null;\n redirect_uri?: string \| null;\n}\n\n// VerifyEmailRequest\nexport interface VerifyEmailRequest {\n token: string;\n state?: string \| null;\n}\n\n// ResendVerifyEmailRequest\nexport interface ResendVerifyEmailRequest {\n email: string;\n identifier: string;\n state?: string \| null;\n}\n\n// VerifyOTPRequest\nexport interface VerifyOTPRequest {\n email?: string \| null;\n phone_number?: string \| null;\n otp: string;\n is_totp?: boolean \| null;\n state?: string \| null;\n}\n\n// Keep VerifyOtpRequest as alias for backward compatibility\nexport type VerifyOtpRequest = VerifyOTPRequest;\n\n// ResendOTPRequest\nexport interface ResendOTPRequest {\n email?: string \| null;\n phone_number?: string \| null;\n state?: string \| null;\n}\n\n// Keep ResendOtpRequest as alias for backward compatibility\nexport type ResendOtpRequest = ResendOTPRequest;\n\n// UpdateProfileRequest\nexport interface UpdateProfileRequest {\n old_password?: string \| null;\n new_password?: string \| null;\n confirm_new_password?: string \| null;\n email?: string \| null;\n given_name?: string \| null;\n family_name?: string \| null;\n middle_name?: string \| null;\n nickname?: string \| null;\n gender?: string \| null;\n birthdate?: string \| null;\n phone_number?: string \| null;\n picture?: string \| null;\n is_multi_factor_auth_enabled?: boolean \| null;\n app_data?: Record<string, any> \| null;\n}\n\n// UpdateUserRequest (admin only)\nexport interface UpdateUserRequest {\n id: string;\n email?: string \| null;\n email_verified?: boolean \| null;\n given_name?: string \| null;\n family_name?: string \| null;\n middle_name?: string \| null;\n nickname?: string \| null;\n gender?: string \| null;\n birthdate?: string \| null;\n phone_number?: string \| null;\n phone_number_verified?: boolean \| null;\n picture?: string \| null;\n roles?: string[] \| null;\n is_multi_factor_auth_enabled?: boolean \| null;\n app_data?: Record<string, any> \| null;\n}\n\n// ForgotPasswordRequest\nexport interface ForgotPasswordRequest {\n email?: string \| null;\n phone_number?: string \| null;\n state?: string \| null;\n redirect_uri?: string \| null;\n}\n\n// ResetPasswordRequest\nexport interface ResetPasswordRequest {\n token?: string \| null;\n otp?: string \| null;\n phone_number?: string \| null;\n password: string;\n confirm_password: string;\n}\n\n// Keep ResetPasswordInput as alias for backward compatibility\nexport type ResetPasswordInput = ResetPasswordRequest;\n\n// DeleteUserRequest (admin only)\nexport interface DeleteUserRequest {\n email: string;\n}\n\n// SessionQueryRequest\nexport interface SessionQueryRequest {\n roles?: string[] \| null;\n scope?: string[] \| null;\n}\n\n// Keep SessionQueryInput as alias for backward compatibility\nexport type SessionQueryInput = SessionQueryRequest;\n\n// ValidateJWTTokenRequest\nexport interface ValidateJWTTokenRequest {\n token_type: string;\n token: string;\n roles?: string[] \| null;\n}\n\n// Keep ValidateJWTTokenInput as alias for backward compatibility\nexport type ValidateJWTTokenInput = ValidateJWTTokenRequest;\n\n// ValidateJWTTokenResponse\nexport interface ValidateJWTTokenResponse {\n is_valid: boolean;\n claims: Record<string, any>;\n}\n\n// ValidateSessionRequest\nexport interface ValidateSessionRequest {\n cookie: string;\n roles?: string[] \| null;\n}\n\n// Keep ValidateSessionInput as alias for backward compatibility\nexport type ValidateSessionInput = ValidateSessionRequest;\n\n// ValidateSessionResponse\nexport interface ValidateSessionResponse {\n is_valid: boolean;\n user: User;\n}\n\n// OAuth types (not part of GraphQL schema, but used for OAuth flow)\nexport enum OAuthProviders {\n Apple = 'apple',\n Github = 'github',\n Google = 'google',\n Facebook = 'facebook',\n LinkedIn = 'linkedin',\n Twitter = 'twitter',\n Microsoft = 'microsoft',\n Twitch = 'twitch',\n Roblox = 'roblox',\n Discord = 'discord',\n}\n\nexport enum ResponseTypes {\n Code = 'code',\n Token = 'token',\n}\n\nexport interface AuthorizeRequest {\n response_type: ResponseTypes;\n use_refresh_token?: boolean;\n response_mode?: string;\n}\n\n// Keep AuthorizeInput as alias for backward compatibility\nexport type AuthorizeInput = AuthorizeRequest;\n\nexport interface AuthorizeResponse {\n state: string;\n code?: string;\n error?: string;\n error_description?: string;\n}\n\nexport interface RevokeTokenInput {\n refresh_token: string;\n}\n\nexport interface GetTokenRequest {\n code?: string;\n grant_type?: string;\n refresh_token?: string;\n}\n\n// Keep GetTokenInput as alias for backward compatibility\nexport type GetTokenInput = GetTokenRequest;\n\nexport interface GetTokenResponse {\n access_token: string;\n expires_in: number;\n id_token: string;\n refresh_token?: string;\n}\n\n// GraphQL query request\nexport type Headers = Record<string, string>;\n\nexport interface GraphqlQueryRequest {\n query: string;\n variables?: Record<string, any>;\n headers?: Headers;\n}\n\n// Deprecated types (for backward compatibility)\nexport interface IsValidJWTQueryInput {\n jwt: string;\n roles?: string[];\n}\n\nexport interface ValidJWTResponse {\n valid: string;\n message: string;\n}\n\n// Keep MetaDataResponse as alias for backward compatibility\nexport type MetaDataResponse = Meta;\n\n// Keep MetaData as alias for backward compatibility\nexport type MetaData = Meta;\n","import {\n CLEANUP_IFRAME_TIMEOUT_IN_SECONDS,\n DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n} from './constants';\nimport { AuthorizeResponse } from './types';\n\nexport const hasWindow = (): boolean => typeof window !== 'undefined';\n\nexport const trimURL = (url: string): string => {\n let trimmedData = url.trim();\n const lastChar = trimmedData[trimmedData.length - 1];\n if (lastChar === '/')\n trimmedData = trimmedData.slice(0, -1);\n\n return trimmedData;\n};\n\nexport const getCrypto = () => {\n // ie 11.x uses msCrypto\n return hasWindow()\n ? ((window.crypto \|\| (window as any).msCrypto) as Crypto)\n : null;\n};\n\nexport const getCryptoSubtle = () => {\n const crypto = getCrypto();\n // safari 10.x uses webkitSubtle\n return (crypto && crypto.subtle) \|\| (crypto as any).webkitSubtle;\n};\n\nexport const createRandomString = () => {\n const charset\n = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';\n let random = '';\n const crypto = getCrypto();\n if (crypto) {\n const randomValues = Array.from(crypto.getRandomValues(new Uint8Array(43)));\n randomValues.forEach(v => (random += charset[v % charset.length]));\n }\n return random;\n};\n\nexport const encode = (value: string) =>\n hasWindow() ? btoa(value) : Buffer.from(value).toString('base64');\nexport const decode = (value: string) =>\n hasWindow() ? atob(value) : Buffer.from(value, 'base64').toString('ascii');\n\nexport const createQueryParams = (params: any) => {\n return Object.keys(params)\n .filter(k => typeof params[k] !== 'undefined')\n .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(params[k])}`)\n .join('&');\n};\n\nexport const sha256 = async (s: string) => {\n const subtle = getCryptoSubtle();\n if (!subtle)\n throw new Error('Web Crypto API is not available');\n\n const digestOp: any = subtle.digest(\n { name: 'SHA-256' },\n new TextEncoder().encode(s),\n );\n\n // msCrypto (IE11) uses the old spec, which is not Promise based\n // https://msdn.microsoft.com/en-us/expression/dn904640(v=vs.71)\n if ((window as any).msCrypto) {\n return new Promise((resolve, reject) => {\n digestOp.oncomplete = (e: any) => {\n resolve(e.target.result);\n };\n\n digestOp.onerror = (e: ErrorEvent) => {\n reject(e.error);\n };\n\n digestOp.onabort = () => {\n reject(new Error('The digest operation was aborted'));\n };\n });\n }\n\n return await digestOp;\n};\n\nconst urlEncodeB64 = (input: string) => {\n const b64Chars: { [index: string]: string } = { '+': '-', '/': '_', '=': '' };\n return input.replace(/[+/=]/g, (m: string) => b64Chars[m]);\n};\n\n// https://stackoverflow.com/questions/30106476/\nconst decodeB64 = (input: string) =>\n decodeURIComponent(\n atob(input)\n .split('')\n .map((c) => {\n return `%${`00${c.charCodeAt(0).toString(16)}`.slice(-2)}`;\n })\n .join(''),\n );\n\nexport const urlDecodeB64 = (input: string) =>\n decodeB64(input.replace(/_/g, '/').replace(/-/g, '+'));\n\nexport const bufferToBase64UrlEncoded = (input: number[] \| Uint8Array) => {\n const ie11SafeInput = new Uint8Array(input);\n return urlEncodeB64(\n window.btoa(String.fromCharCode(...Array.from(ie11SafeInput))),\n );\n};\n\nconst originFromAuthorizerUrl = (authorizerUrl: string): string => {\n try {\n return new URL(authorizerUrl).origin;\n }\n catch {\n return authorizerUrl;\n }\n};\n\nexport const executeIframe = (\n authorizeUrl: string,\n eventOrigin: string,\n timeoutInSeconds: number = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS,\n) => {\n return new Promise<AuthorizeResponse>((resolve, reject) => {\n const expectedOrigin = originFromAuthorizerUrl(eventOrigin);\n const iframe = window.document.createElement('iframe');\n iframe.setAttribute('id', 'authorizer-iframe');\n iframe.setAttribute('width', '0');\n iframe.setAttribute('height', '0');\n iframe.style.display = 'none';\n const removeIframe = () => {\n if (window.document.body.contains(iframe)) {\n window.document.body.removeChild(iframe);\n window.removeEventListener('message', iframeEventHandler, false);\n }\n };\n\n const timeoutSetTimeoutId = setTimeout(() => {\n reject(new Error('Authorization timeout'));\n removeIframe();\n }, timeoutInSeconds 1000);\n\n const iframeEventHandler: (e: MessageEvent) => void = function (e: MessageEvent) {\n if (e.origin !== expectedOrigin)\n return;\n if (!e.data \|\| !e.data.response)\n return;\n\n const eventSource = e.source;\n\n if (eventSource)\n (eventSource as any).close();\n\n if (e.data.response.error)\n reject(e.data.response);\n else\n resolve(e.data.response);\n\n clearTimeout(timeoutSetTimeoutId);\n window.removeEventListener('message', iframeEventHandler, false);\n setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1000);\n };\n\n window.addEventListener('message', iframeEventHandler, false);\n window.document.body.appendChild(iframe);\n iframe.setAttribute('src', authorizeUrl);\n });\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;AACA,yBAAuB;;;ACDhB,IAAMA,uCAAuC;AAC7C,IAAMC,oCAAoC;;;ACuU1C,IAAKC,iBAAAA,0BAAAA,iBAAAA;;;;;;;;;;;SAAAA;;AAaL,IAAKC,gBAAAA,0BAAAA,gBAAAA;;;SAAAA;;;;AC/UL,IAAMC,YAAY,6BAAe,OAAOC,WAAW,aAAjC;AAElB,IAAMC,UAAU,wBAACC,QAAAA;AACtB,MAAIC,cAAcD,IAAIE,KAAI;AAC1B,QAAMC,WAAWF,YAAYA,YAAYG,SAAS,CAAA;AAClD,MAAID,aAAa,IACfF,eAAcA,YAAYI,MAAM,GAAG,EAAC;AAEtC,SAAOJ;AACT,GAPuB;AAShB,IAAMK,YAAY,6BAAA;AAEvB,SAAOT,UAAAA,IACDC,OAAOS,UAAWT,OAAeU,WACnC;AACN,GALyB;AAOlB,IAAMC,kBAAkB,6BAAA;AAC7B,QAAMF,SAASD,UAAAA;AAEf,SAAQC,UAAUA,OAAOG,UAAYH,OAAeI;AACtD,GAJ+B;AAMxB,IAAMC,qBAAqB,6BAAA;AAChC,QAAMC,UACF;AACJ,MAAIC,SAAS;AACb,QAAMP,SAASD,UAAAA;AACf,MAAIC,QAAQ;AACV,UAAMQ,eAAeC,MAAMC,KAAKV,OAAOW,gBAAgB,IAAIC,WAAW,EAAA,CAAA,CAAA;AACtEJ,iBAAaK,QAAQC,CAAAA,MAAMP,UAAUD,QAAQQ,IAAIR,QAAQT,MAAM,CAAC;EAClE;AACA,SAAOU;AACT,GAVkC;AAY3B,IAAMQ,SAAS,wBAACC,UACrB1B,UAAAA,IAAc2B,KAAKD,KAAAA,IAASE,OAAOR,KAAKM,KAAAA,EAAOG,SAAS,QAAA,GADpC;AAKf,IAAMC,oBAAoB,wBAACC,WAAAA;AAChC,SAAOC,OAAOC,KAAKF,MAAAA,EAChBG,OAAOC,CAAAA,MAAK,OAAOJ,OAAOI,CAAAA,MAAO,WAAA,EACjCC,IAAID,CAAAA,MAAK,GAAGE,mBAAmBF,CAAAA,CAAAA,IAAME,mBAAmBN,OAAOI,CAAAA,CAAE,CAAA,EAAG,EACpEG,KAAK,GAAA;AACV,GALiC;AAO1B,IAAMC,SAAS,8BAAOC,MAAAA;AAC3B,QAAMC,SAASC,gBAAAA;AACf,MAAI,CAACD,OACH,OAAM,IAAIE,MAAM,iCAAA;AAElB,QAAMC,WAAgBH,OAAOI,OAC3B;IAAEC,MAAM;EAAU,GAClB,IAAIC,YAAAA,EAAcC,OAAOR,CAAAA,CAAAA;AAK3B,MAAKS,OAAeC,UAAU;AAC5B,WAAO,IAAIC,QAAQ,CAACC,SAASC,WAAAA;AAC3BT,eAASU,aAAa,CAACC,MAAAA;AACrBH,gBAAQG,EAAEC,OAAOC,MAAM;MACzB;AAEAb,eAASc,UAAU,CAACH,MAAAA;AAClBF,eAAOE,EAAEI,KAAK;MAChB;AAEAf,eAASgB,UAAU,MAAA;AACjBP,eAAO,IAAIV,MAAM,kCAAA,CAAA;MACnB;IACF,CAAA;EACF;AAEA,SAAO,MAAMC;AACf,GA7BsB;AA+BtB,IAAMiB,eAAe,wBAACC,UAAAA;AACpB,QAAMC,WAAwC;IAAE,KAAK;IAAK,KAAK;IAAK,KAAK;EAAG;AAC5E,SAAOD,MAAME,QAAQ,UAAU,CAACC,MAAcF,SAASE,CAAAA,CAAE;AAC3D,GAHqB;AAmBd,IAAMC,2BAA2B,wBAACC,UAAAA;AACvC,QAAMC,gBAAgB,IAAIC,WAAWF,KAAAA;AACrC,SAAOG,aACLC,OAAOC,KAAKC,OAAOC,aAAY,GAAIC,MAAMC,KAAKR,aAAAA,CAAAA,CAAAA,CAAAA;AAElD,GALwC;AAOxC,IAAMS,0BAA0B,wBAACC,kBAAAA;AAC/B,MAAI;AACF,WAAO,IAAIC,IAAID,aAAAA,EAAeE;EAChC,QACM;AACJ,WAAOF;EACT;AACF,GAPgC;AASzB,IAAMG,gBAAgB,wBAC3BC,cACAC,aACAC,mBAA2BC,yCAAoC;AAE/D,SAAO,IAAIC,QAA2B,CAACC,SAASC,WAAAA;AAC9C,UAAMC,iBAAiBZ,wBAAwBM,WAAAA;AAC/C,UAAMO,SAASnB,OAAOoB,SAASC,cAAc,QAAA;AAC7CF,WAAOG,aAAa,MAAM,mBAAA;AAC1BH,WAAOG,aAAa,SAAS,GAAA;AAC7BH,WAAOG,aAAa,UAAU,GAAA;AAC9BH,WAAOI,MAAMC,UAAU;AACvB,UAAMC,eAAe,6BAAA;AACnB,UAAIzB,OAAOoB,SAASM,KAAKC,SAASR,MAAAA,GAAS;AACzCnB,eAAOoB,SAASM,KAAKE,YAAYT,MAAAA;AACjCnB,eAAO6B,oBAAoB,WAAWC,oBAAoB,KAAA;MAC5D;IACF,GALqB;AAOrB,UAAMC,sBAAsBC,WAAW,MAAA;AACrCf,aAAO,IAAIgB,MAAM,uBAAA,CAAA;AACjBR,mBAAAA;IACF,GAAGZ,mBAAmB,GAAA;AAEtB,UAAMiB,qBAAgD,gCAAUI,GAAe;AAC7E,UAAIA,EAAEzB,WAAWS,eACf;AACF,UAAI,CAACgB,EAAEC,QAAQ,CAACD,EAAEC,KAAKC,SACrB;AAEF,YAAMC,cAAcH,EAAEI;AAEtB,UAAID,YACDA,aAAoBE,MAAK;AAE5B,UAAIL,EAAEC,KAAKC,SAASI,MAClBvB,QAAOiB,EAAEC,KAAKC,QAAQ;UAEtBpB,SAAQkB,EAAEC,KAAKC,QAAQ;AAEzBK,mBAAaV,mBAAAA;AACb/B,aAAO6B,oBAAoB,WAAWC,oBAAoB,KAAA;AAC1DE,iBAAWP,cAAciB,oCAAoC,GAAA;IAC/D,GAnBsD;AAqBtD1C,WAAO2C,iBAAiB,WAAWb,oBAAoB,KAAA;AACvD9B,WAAOoB,SAASM,KAAKkB,YAAYzB,MAAAA;AACjCA,WAAOG,aAAa,OAAOX,YAAAA;EAC7B,CAAA;AACF,GAjD6B;;;AHxG7B,IAAMkC,eACJ;AACF,IAAMC,oBAAoB,kOAAkOD,YAAAA;AAG5P,IAAME,aAAa,6BAAOC,UAAAA,IAAcC,OAAOC,QAAQC,mBAAAA,SAApC;AAEnB,SAASC,YAAYC,QAAe;AAClC,MAAIC,MAAMC,QAAQF,MAAAA,GAAS;AACzB,WAAOA,OAAOG,IAAI,CAACC,SAAAA;AACjB,UAAIA,gBAAgBC,MAAO,QAAOD;AAClC,UAAIA,QAAQ,OAAOA,SAAS,YAAY,aAAaA,KACnD,QAAO,IAAIC,MAAMC,OAAQF,KAA8BG,OAAO,CAAA;AAChE,aAAO,IAAIF,MAAMC,OAAOF,IAAAA,CAAAA;IAC1B,CAAA;EACF;AACA,MAAIJ,kBAAkBK,MAAO,QAAO;IAACL;;AACrC,MAAIA,WAAW,QAAQ,OAAOA,WAAW,UAAU;AACjD,UAAMQ,IAAIR;AACV,QAAI,OAAOQ,EAAEC,sBAAsB,SACjC,QAAO;MAAC,IAAIJ,MAAMG,EAAEC,iBAAiB;;AACvC,QAAI,OAAOD,EAAEE,UAAU,UAAU;AAC/B,YAAMC,OACJ,OAAOH,EAAEC,sBAAsB,WAC3B,KAAKD,EAAEC,iBAAiB,KACxB;AACN,aAAO;QAAC,IAAIJ,MAAM,GAAGG,EAAEE,KAAK,GAAGC,IAAAA,EAAM;;IACvC;AACA,QAAI,OAAOH,EAAED,YAAY,SAAU,QAAO;MAAC,IAAIF,MAAMG,EAAED,OAAO;;EAChE;AACA,MAAIP,WAAWY,UAAaZ,WAAW,KACrC,QAAO;IAAC,IAAIK,MAAM,eAAA;;AACpB,SAAO;IAAC,IAAIA,MAAMC,OAAON,MAAAA,CAAAA;;AAC3B;AA1BSD;AAkCF,IAAMc,cAAN,MAAMA,YAAAA;;EAEXC;EACAC;;EAGA,YAAYD,QAA0B;AA/DxC;AAgEI,QAAI,CAACA,OAAQ,OAAM,IAAIT,MAAM,2BAAA;AAE7B,SAAKS,SAASA;AACd,QAAI,GAACA,YAAOE,kBAAPF,mBAAsBG,QAAQ,OAAM,IAAIZ,MAAM,uBAAA;AAEnD,SAAKS,OAAOE,gBAAgBE,QAAQJ,OAAOE,aAAa;AAExD,QAAI,GAACF,YAAOK,gBAAPL,mBAAoBG,QAAQ,OAAM,IAAIZ,MAAM,qBAAA;AACjD,SAAKS,OAAOK,cAAcD,QAAQJ,OAAOK,WAAW;AACpD,SAAKL,OAAOM,aAAYN,iCAAQM,aAAY,IAAIH,KAAI;AAEpD,SAAKH,OAAOO,eAAe;MACzB,GAAIP,OAAOO,gBAAgB,CAAC;MAC5B,oBAAoBP,OAAOE;MAC3B,0BAA0BF,OAAOM,YAAY;MAC7C,gBAAgB;IAClB;EACF;EAEAE,YAAY,8BACVC,SAAAA;AApFJ;AAyFI,QAAI,CAAC5B,UAAAA,EACH,QAAO,KAAK6B,cAAc;MACxB,IAAInB,MAAM,2CAAA;KACX;AAEH,UAAMoB,SAAS;MAAC;MAAU;MAAW;;AACrC,QAAIF,KAAKG,kBAAmBD,QAAOE,KAAK,gBAAA;AAExC,UAAMC,cAAsC;MAC1CC,cAAc,KAAKf,OAAOK;MAC1BW,eAAeP,KAAKO,iBAAiB;MACrCC,OAAOC,OAAOC,mBAAAA,CAAAA;MACdC,OAAOF,OAAOC,mBAAAA,CAAAA;MACdE,eAAeZ,KAAKY;MACpBC,OAAOX,OAAOY,KAAK,GAAA;MACnBC,aAAW,UAAKxB,WAAL,mBAAaM,aAAY;IACtC;AAEA,QAAIG,KAAKY,kBAAwBI,cAAcC,MAAM;AACnD,WAAKzB,eAAekB,mBAAAA;AACpB,YAAMQ,MAAM,MAAMC,OAAO,KAAK3B,YAAY;AAC1C,YAAM4B,gBAAgBC,yBAAyBH,GAAAA;AAC/Cb,kBAAYiB,iBAAiBF;AAC7Bf,kBAAYkB,wBAAwB;IACtC;AAEA,UAAMC,eAAe,GACnB,KAAKjC,OAAOE,aAAa,cACbgC,kBAAkBpB,WAAAA,CAAAA;AAEhC,QAAIA,YAAYE,kBAAkB,eAAe;AAC/ClC,aAAOqD,SAASC,QAAQH,YAAAA;AACxB,aAAO,KAAKI,WAAWvC,MAAAA;IACzB;AAEA,QAAI;AACF,YAAMwC,YAAY,MAAMC,cACtBN,cACA,KAAKjC,OAAOE,eACZsC,oCAAAA;AAGF,UAAI/B,KAAKY,kBAAwBI,cAAcC,MAAM;AAEnD,cAAMe,YACJ,MAAM,KAAKC,SAAS;UAClBC,MAAML,UAAUK;QAClB,CAAA;AACF,eAAOF,UAAUvD,OAAO0D,SACpB,KAAKlC,cAAc+B,UAAUvD,MAAM,IACnC,KAAKmD,WAAWI,UAAUhC,IAAI;MACpC;AAGA,aAAO,KAAK4B,WAAWC,SAAAA;IACzB,SAASO,KAAK;AACZ,UAAIA,IAAIjD,OAAO;AACbd,eAAOqD,SAASC,QACd,GAAG,KAAKpC,OAAOE,aAAa,cAAcgB,OACxC4B,KAAKC,UAAU;UACbzC,UAAU,KAAKN,OAAOM;UACtBD,aAAa,KAAKL,OAAOK;UACzBH,eAAe,KAAKF,OAAOE;QAC7B,CAAA,CAAA,CAAA,iBACgB8C,mBAAmB,KAAKhD,OAAOK,eAAe,EAAA,CAAA,EAAK;MAEzE;AAEA,aAAO,KAAKK,cAAcmC,GAAAA;IAC5B;EACF,GA5EY;EA8EZI,eAAe,mCAAA;AACb,QAAI;AACF,YAAMR,YACJ,MAAM,KAAKS,WAAU;AACvB,aAAOT,UAAUvD,OAAO0D,SACpB,KAAKlC,cAAc+B,UAAUvD,MAAM,IACnC,KAAKmD,WAAWI,UAAUhC,IAAI;IACpC,SAASoC,KAAK;AACZ,UAAI,CAAChE,UAAAA,GAAa;AAChB,eAAO;UACL4B,MAAMX;UACNZ,QAAQ;YAAC,IAAIK,MAAM,6CAAA;;QACrB;MACF;AAEAT,aAAOqD,SAASC,QACd,GAAG,KAAKpC,OAAOE,aAAa,cAAcgB,OACxC4B,KAAKC,UAAU;QACbzC,UAAU,KAAKN,OAAOM;QACtBD,aAAa,KAAKL,OAAOK;QACzBH,eAAe,KAAKF,OAAOE;MAC7B,CAAA,CAAA,CAAA,iBACgB8C,mBAAmB,KAAKhD,OAAOK,eAAe,EAAA,CAAA,EAAK;AAEvE,aAAO,KAAKK,cAAcmC,GAAAA;IAC5B;EACF,GA1Be;EA4BfM,iBAAiB,8BACf1C,SAAAA;AA9LJ;AAgMI,QAAI,CAACA,KAAKQ,MAAOR,MAAKQ,QAAQC,OAAOC,mBAAAA,CAAAA;AAErC,QAAI,CAACV,KAAKM,aAAcN,MAAKM,eAAe,KAAKf,OAAOK;AAExD,QAAI;AACF,YAAM+C,qBAAqB,MAAM,KAAKC,aAAa;QACjDC,OACE;QACFC,WAAW;UACT9C;QACF;MACF,CAAA;AACA,eAAO2C,8DAAoBlE,WAApBkE,mBAA4BR,UAC/B,KAAKlC,cAAc0C,mBAAmBlE,MAAM,IAC5C,KAAKmD,YAAWe,8DAAoB3C,SAApB2C,mBAA0BI,eAAAA;IAChD,SAAS5D,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GArBiB;EAuBjB6D,cAAc,mCAAA;AApNhB;AAqNI,QAAI;AACF,YAAMC,MAAM,MAAM,KAAKL,aAAa;QAClCC,OACE;MACJ,CAAA;AAEA,eAAOI,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,WAAWqB,IAAIjD,KAAKkD,IAAI;IACnC,SAAS/D,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GAbc;EAedgE,aAAa,8BACXC,YAAAA;AApOJ;AAsOI,QAAI;AACF,YAAMC,aAAa,MAAM,KAAKT,aAAa;QACzCC,OAAO,qBAAqB5E,YAAAA;QAC5BmF;MACF,CAAA;AAEA,eAAOC,8CAAY5E,WAAZ4E,mBAAoBlB,UACvB,KAAKlC,cAAcoD,WAAW5E,MAAM,IACpC,KAAKmD,WAAWyB,WAAWrD,KAAKsD,OAAO;IAC7C,SAASnE,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GAfa;;EAkBbsD,aAAa,8BACXW,SACAG,WAAAA;AAvPJ;AAyPI,QAAI;AACF,YAAMN,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO,6EAA6E3E,iBAAAA;QACpFkF;QACAN,WAAW;UACTS;QACF;MACF,CAAA;AACA,eAAON,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUO,OAAAA;IAChC,SAASpB,KAAK;AACZ,aAAO,KAAKnC,cAAcmC,GAAAA;IAC5B;EACF,GAlBa;EAoBbH,WAAW,8BACTjC,SAAAA;AA1QJ;AA4QI,QAAI,CAACA,KAAKyD,WAAYzD,MAAKyD,aAAa;AAExC,QAAIzD,KAAKyD,eAAe,mBAAmB,GAACzD,UAAK0D,kBAAL1D,mBAAoBN,QAC9D,QAAO,KAAKO,cAAc;MAAC,IAAInB,MAAM,uBAAA;KAAyB;AAEhE,QAAIkB,KAAKyD,eAAe,wBAAwB,CAAC,KAAKjE,aACpD,QAAO,KAAKS,cAAc;MAAC,IAAInB,MAAM,uBAAA;KAAyB;AAEhE,UAAMuB,cAAc;MAClBU,WAAW,KAAKxB,OAAOM;MACvBqC,MAAMlC,KAAKkC,QAAQ;MACnByB,eAAe,KAAKnE,gBAAgB;MACpCiE,YAAYzD,KAAKyD,cAAc;MAC/BC,eAAe1D,KAAK0D,iBAAiB;IACvC;AAEA,QAAI;AACF,YAAME,UAAUzF,WAAAA;AAChB,YAAM8E,MAAM,MAAMW,QAAQ,GAAG,KAAKrE,OAAOE,aAAa,gBAAgB;QACpEoE,QAAQ;QACRC,MAAMzB,KAAKC,UAAUjC,WAAAA;QACrB+C,SAAS;UACP,GAAG,KAAK7D,OAAOO;QACjB;QACAiE,aAAa;MACf,CAAA;AAEA,YAAMC,OAAO,MAAMf,IAAIe,KAAI;AAC3B,UAAIC,OAG0B,CAAC;AAC/B,UAAID,MAAM;AACR,YAAI;AACFC,iBAAO5B,KAAK6B,MAAMF,IAAAA;QACpB,QAAQ;AACN,iBAAO,KAAK/D,cAAc;YACxB,IAAInB,MACFmE,IAAIkB,KACA,qCACA,QAAQlB,IAAImB,MAAM,EAAE;WAE3B;QACH;MACF;AACA,UAAI,CAACnB,IAAIkB,IAAI;AACX,eAAO,KAAKlE,cAAc;UACxB,IAAInB,MACFC,OACEkF,KAAK/E,qBAAqB+E,KAAK9E,SAAS,QAAQ8D,IAAImB,MAAM,EAAE,CAAA;SAGjE;MACH;AAEA,aAAO,KAAKxC,WAAWqC,IAAAA;IACzB,SAAS7B,KAAK;AACZ,aAAO,KAAKnC,cAAcmC,GAAAA;IAC5B;EACF,GA9DW;EAgEXiC,QAAQ,8BACNrE,SAAAA;AA1UJ;AA4UI,QAAI;AACF,YAAMiD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;qEACsD3E,iBAAAA;;QAE7D4E,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUoB,KAAAA;IAChC,SAASjC,KAAK;AACZ,aAAO,KAAKnC,cAAcmC,GAAAA;IAC5B;EACF,GAjBQ;EAmBRkC,SAAS,8BACPlB,YAAAA;AA7VJ;AA+VI,QAAI;AACF,YAAMH,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;QACPO;MACF,CAAA;AACA,eAAOH,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUqB,MAAAA;IAChC,SAASlC,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GAdS;EAgBTmC,iBAAiB,8BACfvE,SAAAA;AA7WJ;AA+WI,QAAI;AACF,UAAI,CAACA,KAAKQ,MAAOR,MAAKQ,QAAQC,OAAOC,mBAAAA,CAAAA;AAErC,UAAI,CAACV,KAAKM,aAAcN,MAAKM,eAAe,KAAKf,OAAOK;AAExD,YAAMqD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;;;QAGPC,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUuB,gBAAAA;IAChC,SAASpC,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GArBiB;EAuBjBqC,aAAa,8BACXC,eACAC,OACArE,cACAE,UAAAA;AAEA,QAAIoE,WAAWpE;AACf,QAAI,CAACoE,UAAU;AACbA,iBAAWnE,OAAOC,mBAAAA,CAAAA;IACpB;AAEA,UAAMmE,mBAAmBC,OAAOC,OAAaC,cAAc;AAC3D,QAAI,CAACH,iBAAiBI,SAASP,aAAAA,GAAgB;AAC7C,YAAM,IAAI5F,MACR,iDAAiD+F,iBAAiB/D,KAAK,IAAA,CAAA,EAAO;IAElF;AACA,QAAI,CAAC1C,UAAAA,EACH,OAAM,IAAIU,MAAM,2CAAA;AAElB,QAAI6F,SAASA,MAAMxC,OAAQyC,aAAY,UAAUD,MAAM7D,KAAK,GAAA,CAAA;AAE5DzC,WAAOqD,SAASC,QACd,GAAG,KAAKpC,OAAOE,aAAa,gBAAgBiF,aAAAA,iBAA8BnC,mBACxEjC,gBAAgB,KAAKf,OAAOK,eAAe,EAAA,CAAA,UAClC2C,mBAAmBqC,QAAAA,CAAAA,EAAW;EAE7C,GA3Ba;EA6BbM,YAAY,8BACVlF,SAAAA;AAjaJ;AAmaI,QAAI;AACF,YAAMiD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;;;QAGPC,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUkC,UAAAA;IAChC,SAAS/C,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GAjBY;EAmBZgD,gBAAgB,8BACdpF,SAAAA;AApbJ;AAsbI,QAAI;AACF,YAAMqF,mBAAmB,MAAM,KAAKzC,aAAa;QAC/CC,OACE;QACFC,WAAW;UACT9C;QACF;MACF,CAAA;AACA,eAAOqF,0DAAkB5G,WAAlB4G,mBAA0BlD,UAC7B,KAAKlC,cAAcoF,iBAAiB5G,MAAM,IAC1C,KAAKmD,YAAWyD,sBAAiBrF,SAAjBqF,mBAAuBC,cAAAA;IAC7C,SAASnG,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GAjBgB;EAmBhBoG,cAAc,8BAAOvF,SAAAA;AAtcvB;AAucI,QAAI,GAACA,UAAK0D,kBAAL1D,mBAAoBN,QACvB,QAAO,KAAKO,cAAc;MAAC,IAAInB,MAAM,uBAAA;KAAyB;AAEhE,QAAI;AACF,YAAM8E,UAAUzF,WAAAA;AAChB,YAAM8E,MAAM,MAAMW,QAAQ,GAAG,KAAKrE,OAAOE,aAAa,iBAAiB;QACrEoE,QAAQ;QACRT,SAAS;UACP,GAAG,KAAK7D,OAAOO;QACjB;QACAgE,MAAMzB,KAAKC,UAAU;UACnBoB,eAAe1D,KAAK0D;UACpB3C,WAAW,KAAKxB,OAAOM;QACzB,CAAA;MACF,CAAA;AAEA,YAAMmE,OAAO,MAAMf,IAAIe,KAAI;AAC3B,UAAIwB,eAAwC,CAAC;AAC7C,UAAIxB,MAAM;AACR,YAAI;AACFwB,yBAAenD,KAAK6B,MAAMF,IAAAA;QAC5B,QAAQ;AACN,iBAAO,KAAK/D,cAAc;YACxB,IAAInB,MACFmE,IAAIkB,KACA,sCACA,QAAQlB,IAAImB,MAAM,EAAE;WAE3B;QACH;MACF;AAEA,UAAI,CAACnB,IAAIkB,IAAI;AACX,cAAMsB,UAAUD;AAIhB,eAAO,KAAKvF,cAAc;UACxB,IAAInB,MACFC,OACE0G,QAAQvG,qBACNuG,QAAQtG,SACR,QAAQ8D,IAAImB,MAAM,EAAE,CAAA;SAG3B;MACH;AAEA,aAAO,KAAKxC,WAAW4D,YAAAA;IACzB,SAASpD,KAAK;AACZ,aAAO,KAAKnC,cAAcmC,GAAAA;IAC5B;EACF,GArDc;EAuDdsD,SAAS,8BACP1F,SAAAA;AA9fJ;AAggBI,QAAI;AACF,YAAMiD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;wEACyD3E,iBAAAA;;QAEhE4E,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUyC,MAAAA;IAChC,SAAStD,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GAjBS;EAmBTuD,gBAAgB,8BACd3F,MACAoD,YAAAA;AAlhBJ;AAohBI,QAAI;AACF,YAAMwC,mBAAmB,MAAM,KAAKhD,aAAa;QAC/CC,OACE;QACFO;QACAN,WAAW;UACT9C;QACF;MACF,CAAA;AAEA,eAAO4F,0DAAkBnH,WAAlBmH,mBAA0BzD,UAC7B,KAAKlC,cAAc2F,iBAAiBnH,MAAM,IAC1C,KAAKmD,YAAWgE,sBAAiB5F,SAAjB4F,mBAAuBC,cAAAA;IAC7C,SAAS1G,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GApBgB;EAsBhB2G,oBAAoB,8BAClB1C,YAAAA;AAviBJ;AAyiBI,QAAI;AACF,YAAMH,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;QACPO;MACF,CAAA;AACA,eAAOH,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAU8C,kBAAAA;IAChC,SAAS5G,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GAdoB;EAgBpB6G,mBAAmB,8BACjBzC,WAAAA;AAvjBJ;AAyjBI,QAAI;AACF,YAAMN,MAAM,MAAM,KAAKL,aAAa;QAClCC,OACE;QACFC,WAAW;UACTS;QACF;MACF,CAAA;AAEA,eAAON,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUgD,kBAAAA;IAChC,SAAS9G,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GAlBmB;EAoBnB+G,kBAAkB,8BAChB3C,WAAAA;AA3kBJ;AA6kBI,QAAI;AACF,YAAMN,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO,8GAA8G5E,YAAAA;QACrH6E,WAAW;UACTS;QACF;MACF,CAAA;AAEA,eAAON,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUkD,gBAAAA;IAChC,SAAShH,OAAO;AACd,aAAO,KAAKc,cAAc;QAACd;OAAM;IACnC;EACF,GAjBkB;EAmBlBiH,cAAc,8BACZpG,SAAAA;AA9lBJ;AAgmBI,QAAI;AACF,YAAMiD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;wFACyE3E,iBAAAA;;QAEhF4E,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUoD,YAAAA;IAChC,SAASjE,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GAjBc;EAmBdkE,oBAAoB,8BAClBtG,SAAAA;AAjnBJ;AAmnBI,QAAI;AACF,YAAMiD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;;;QAGPC,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUsD,mBAAAA;IAChC,SAASnE,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GAjBoB;EAmBpBoE,YAAY,8BACVxG,SAAAA;AApoBJ;AAsoBI,QAAI;AACF,YAAMiD,MAAM,MAAM,KAAKL,aAAa;QAClCC,OAAO;kFACmE3E,iBAAAA;;QAE1E4E,WAAW;UAAE9C;QAAK;MACpB,CAAA;AAEA,eAAOiD,gCAAKxE,WAALwE,mBAAad,UAChB,KAAKlC,cAAcgD,IAAIxE,MAAM,IAC7B,KAAKmD,YAAWqB,SAAIjD,SAAJiD,mBAAUwD,UAAAA;IAChC,SAASrE,KAAK;AACZ,aAAO,KAAKnC,cAAc;QAACmC;OAAI;IACjC;EACF,GAjBY;;;EAqBZQ,eAAe,8BACb5C,SAAAA;AAzpBJ;AA2pBI,UAAM4D,UAAUzF,WAAAA;AAChB,UAAM8E,MAAM,MAAMW,QAAQ,GAAG,KAAKrE,OAAOE,aAAa,YAAY;MAChEoE,QAAQ;MACRC,MAAMzB,KAAKC,UAAU;QACnBO,OAAO7C,KAAK6C;QACZC,WAAW9C,KAAK8C,aAAa,CAAC;MAChC,CAAA;MACAM,SAAS;QACP,GAAG,KAAK7D,OAAOO;QACf,GAAIE,KAAKoD,WAAW,CAAC;MACvB;MACAW,aAAa;IACf,CAAA;AAEA,UAAMC,OAAO,MAAMf,IAAIe,KAAI;AAC3B,QAAIC,OAA+C,CAAC;AACpD,QAAID,MAAM;AACR,UAAI;AACFC,eAAO5B,KAAK6B,MAAMF,IAAAA;MACpB,QAAQ;AACN,eAAO;UACLhE,MAAMX;UACNZ,QAAQ;YACN,IAAIK,MACFmE,IAAIkB,KACA,uCACA,QAAQlB,IAAImB,MAAM,EAAE;;QAG9B;MACF;IACF,WAAW,CAACnB,IAAIkB,IAAI;AAClB,aAAO;QACLnE,MAAMX;QACNZ,QAAQ;UAAC,IAAIK,MAAM,QAAQmE,IAAImB,MAAM,EAAE;;MACzC;IACF;AAEA,SAAIH,kCAAMxF,WAANwF,mBAAc9B,QAAQ;AACxB,aAAO;QAAEnC,MAAMX;QAAWZ,QAAQD,YAAYyF,KAAKxF,MAAM;MAAE;IAC7D;AAEA,QAAI,CAACwE,IAAIkB,IAAI;AACX,aAAO;QACLnE,MAAMX;QACNZ,QAAQ;UAAC,IAAIK,MAAM,QAAQmE,IAAImB,MAAM,EAAE;;MACzC;IACF;AAEA,WAAO;MAAEpE,MAAMiE,KAAKjE;MAAMvB,QAAQ,CAAA;IAAG;EACvC,GArDe;EAuDfwB,gBAAgB,wBAACxB,WAAAA;AACf,WAAO;MACLuB,MAAMX;MACNZ,QAAQD,YAAYC,MAAAA;IACtB;EACF,GALgB;EAOhBmD,aAAa,wBAAC5B,SAAAA;AACZ,WAAO;MACLA;MACAvB,QAAQ,CAAA;IACV;EACF,GALa;AAMf;AAnqBaa;AAAN,IAAMA,aAAN;","names":["DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","CLEANUP_IFRAME_TIMEOUT_IN_SECONDS","OAuthProviders","ResponseTypes","hasWindow","window","trimURL","url","trimmedData","trim","lastChar","length","slice","getCrypto","crypto","msCrypto","getCryptoSubtle","subtle","webkitSubtle","createRandomString","charset","random","randomValues","Array","from","getRandomValues","Uint8Array","forEach","v","encode","value","btoa","Buffer","toString","createQueryParams","params","Object","keys","filter","k","map","encodeURIComponent","join","sha256","s","subtle","getCryptoSubtle","Error","digestOp","digest","name","TextEncoder","encode","window","msCrypto","Promise","resolve","reject","oncomplete","e","target","result","onerror","error","onabort","urlEncodeB64","input","b64Chars","replace","m","bufferToBase64UrlEncoded","input","ie11SafeInput","Uint8Array","urlEncodeB64","window","btoa","String","fromCharCode","Array","from","originFromAuthorizerUrl","authorizerUrl","URL","origin","executeIframe","authorizeUrl","eventOrigin","timeoutInSeconds","DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","Promise","resolve","reject","expectedOrigin","iframe","document","createElement","setAttribute","style","display","removeIframe","body","contains","removeChild","removeEventListener","iframeEventHandler","timeoutSetTimeoutId","setTimeout","Error","e","data","response","eventSource","source","close","error","clearTimeout","CLEANUP_IFRAME_TIMEOUT_IN_SECONDS","addEventListener","appendChild","userFragment","authTokenFragment","getFetcher","hasWindow","window","fetch","crossFetch","toErrorList","errors","Array","isArray","map","item","Error","String","message","o","error_description","error","desc","undefined","Authorizer","config","codeVerifier","authorizerURL","trim","trimURL","redirectURL","clientID","extraHeaders","authorize","data","errorResponse","scopes","use_refresh_token","push","requestData","redirect_uri","response_mode","state","encode","createRandomString","nonce","response_type","scope","join","client_id","ResponseTypes","Code","sha","sha256","codeChallenge","bufferToBase64UrlEncoded","code_challenge","code_challenge_method","authorizeURL","createQueryParams","location","replace","okResponse","iframeRes","executeIframe","DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS","tokenResp","getToken","code","length","err","JSON","stringify","encodeURIComponent","browserLogin","getSession","forgotPassword","forgotPasswordResp","graphqlQuery","query","variables","forgot_password","getMetaData","res","meta","getProfile","headers","profileRes","profile","params","session","grant_type","refresh_token","code_verifier","fetcher","method","body","credentials","text","json","parse","ok","status","login","logout","magicLinkLogin","magic_link_login","oauthLogin","oauthProvider","roles","urlState","oauthProviderIds","Object","values","OAuthProviders","includes","resendOtp","resend_otp","resetPassword","resetPasswordRes","reset_password","revokeToken","responseData","errBody","signup","updateProfile","updateProfileRes","update_profile","deactivateAccount","deactivate_account","validateJWTToken","validate_jwt_token","validateSession","validate_session","verifyEmail","verify_email","resendVerifyEmail","resend_verify_email","verifyOtp","verify_otp"]}

package/lib/index.mjs CHANGED Viewed

@@ -58,7 +58,9 @@ var createQueryParams = /* @__PURE__ */ __name((params) => {
   return Object.keys(params).filter((k) => typeof params[k] !== "undefined").map((k) => `${encodeURIComponent(k)}=${encodeURIComponent(params[k])}`).join("&");
 }, "createQueryParams");
 var sha256 = /* @__PURE__ */ __name(async (s) => {
-  const digestOp = getCryptoSubtle().digest({
+  const subtle = getCryptoSubtle();
+  if (!subtle) throw new Error("Web Crypto API is not available");
+  const digestOp = subtle.digest({
     name: "SHA-256"
   }, new TextEncoder().encode(s));
   if (window.msCrypto) {
@@ -88,8 +90,16 @@ var bufferToBase64UrlEncoded = /* @__PURE__ */ __name((input) => {
   const ie11SafeInput = new Uint8Array(input);
   return urlEncodeB64(window.btoa(String.fromCharCode(...Array.from(ie11SafeInput))));
 }, "bufferToBase64UrlEncoded");
+var originFromAuthorizerUrl = /* @__PURE__ */ __name((authorizerUrl) => {
+  try {
+    return new URL(authorizerUrl).origin;
+  } catch {
+    return authorizerUrl;
+  }
+}, "originFromAuthorizerUrl");
 var executeIframe = /* @__PURE__ */ __name((authorizeUrl, eventOrigin, timeoutInSeconds = DEFAULT_AUTHORIZE_TIMEOUT_IN_SECONDS) => {
   return new Promise((resolve, reject) => {
+    const expectedOrigin = originFromAuthorizerUrl(eventOrigin);
     const iframe = window.document.createElement("iframe");
     iframe.setAttribute("id", "authorizer-iframe");
     iframe.setAttribute("width", "0");
@@ -106,11 +116,12 @@ var executeIframe = /* @__PURE__ */ __name((authorizeUrl, eventOrigin, timeoutIn
       removeIframe();
     }, timeoutInSeconds * 1e3);
     const iframeEventHandler = /* @__PURE__ */ __name(function(e) {
-      if (e.origin !== eventOrigin) return;
+      if (e.origin !== expectedOrigin) return;
       if (!e.data || !e.data.response) return;
       const eventSource = e.source;
       if (eventSource) eventSource.close();
-      e.data.response.error ? reject(e.data.response) : resolve(e.data.response);
+      if (e.data.response.error) reject(e.data.response);
+      else resolve(e.data.response);
       clearTimeout(timeoutSetTimeoutId);
       window.removeEventListener("message", iframeEventHandler, false);
       setTimeout(removeIframe, CLEANUP_IFRAME_TIMEOUT_IN_SECONDS * 1e3);
@@ -125,25 +136,60 @@ var executeIframe = /* @__PURE__ */ __name((authorizeUrl, eventOrigin, timeoutIn
 var userFragment = "id email email_verified given_name family_name middle_name nickname preferred_username picture signup_methods gender birthdate phone_number phone_number_verified roles created_at updated_at revoked_timestamp is_multi_factor_auth_enabled app_data";
 var authTokenFragment = `message access_token expires_in refresh_token id_token should_show_email_otp_screen should_show_mobile_otp_screen should_show_totp_screen authenticator_scanner_image authenticator_secret authenticator_recovery_codes user { ${userFragment} }`;
 var getFetcher = /* @__PURE__ */ __name(() => hasWindow() ? window.fetch : crossFetch, "getFetcher");
+function toErrorList(errors) {
+  if (Array.isArray(errors)) {
+    return errors.map((item) => {
+      if (item instanceof Error) return item;
+      if (item && typeof item === "object" && "message" in item) return new Error(String(item.message));
+      return new Error(String(item));
+    });
+  }
+  if (errors instanceof Error) return [
+    errors
+  ];
+  if (errors !== null && typeof errors === "object") {
+    const o = errors;
+    if (typeof o.error_description === "string") return [
+      new Error(o.error_description)
+    ];
+    if (typeof o.error === "string") {
+      const desc = typeof o.error_description === "string" ? `: ${o.error_description}` : "";
+      return [
+        new Error(`${o.error}${desc}`)
+      ];
+    }
+    if (typeof o.message === "string") return [
+      new Error(o.message)
+    ];
+  }
+  if (errors === void 0 || errors === null) return [
+    new Error("Unknown error")
+  ];
+  return [
+    new Error(String(errors))
+  ];
+}
+__name(toErrorList, "toErrorList");
 var _Authorizer = class _Authorizer {
   // class variable
   config;
   codeVerifier;
   // constructor
   constructor(config) {
+    var _a, _b;
     if (!config) throw new Error("Configuration is required");
     this.config = config;
-    if (!config.authorizerURL && !config.authorizerURL.trim()) throw new Error("Invalid authorizerURL");
-    if (config.authorizerURL) this.config.authorizerURL = trimURL(config.authorizerURL);
-    if (!config.redirectURL && !config.redirectURL.trim()) throw new Error("Invalid redirectURL");
-    else this.config.redirectURL = trimURL(config.redirectURL);
+    if (!((_a = config.authorizerURL) == null ? void 0 : _a.trim())) throw new Error("Invalid authorizerURL");
+    this.config.authorizerURL = trimURL(config.authorizerURL);
+    if (!((_b = config.redirectURL) == null ? void 0 : _b.trim())) throw new Error("Invalid redirectURL");
+    this.config.redirectURL = trimURL(config.redirectURL);
+    this.config.clientID = ((config == null ? void 0 : config.clientID) || "").trim();
     this.config.extraHeaders = {
       ...config.extraHeaders || {},
-      "x-authorizer-url": this.config.authorizerURL,
-      "x-authorizer-client-id": this.config.clientID || "",
+      "x-authorizer-url": config.authorizerURL,
+      "x-authorizer-client-id": config.clientID || "",
       "Content-Type": "application/json"
     };
-    this.config.clientID = ((config == null ? void 0 : config.clientID) || "").trim();
   }
   authorize = /* @__PURE__ */ __name(async (data) => {
     var _a;
@@ -170,6 +216,7 @@ var _Authorizer = class _Authorizer {
       const sha = await sha256(this.codeVerifier);
       const codeChallenge = bufferToBase64UrlEncoded(sha);
       requestData.code_challenge = codeChallenge;
+      requestData.code_challenge_method = "S256";
     }
     const authorizeURL = `${this.config.authorizerURL}/authorize?${createQueryParams(requestData)}`;
     if (requestData.response_mode !== "web_message") {
@@ -218,7 +265,7 @@ var _Authorizer = class _Authorizer {
     }
   }, "browserLogin");
   forgotPassword = /* @__PURE__ */ __name(async (data) => {
-    var _a;
+    var _a, _b;
     if (!data.state) data.state = encode(createRandomString());
     if (!data.redirect_uri) data.redirect_uri = this.config.redirectURL;
     try {
@@ -228,7 +275,7 @@ var _Authorizer = class _Authorizer {
           data
         }
       });
-      return ((_a = forgotPasswordResp == null ? void 0 : forgotPasswordResp.errors) == null ? void 0 : _a.length) ? this.errorResponse(forgotPasswordResp.errors) : this.okResponse(forgotPasswordResp == null ? void 0 : forgotPasswordResp.data.forgot_password);
+      return ((_a = forgotPasswordResp == null ? void 0 : forgotPasswordResp.errors) == null ? void 0 : _a.length) ? this.errorResponse(forgotPasswordResp.errors) : this.okResponse((_b = forgotPasswordResp == null ? void 0 : forgotPasswordResp.data) == null ? void 0 : _b.forgot_password);
     } catch (error) {
       return this.errorResponse([
         error
@@ -279,8 +326,9 @@ var _Authorizer = class _Authorizer {
     }
   }, "getSession");
   getToken = /* @__PURE__ */ __name(async (data) => {
+    var _a;
     if (!data.grant_type) data.grant_type = "authorization_code";
-    if (data.grant_type === "refresh_token" && !data.refresh_token) return this.errorResponse([
+    if (data.grant_type === "refresh_token" && !((_a = data.refresh_token) == null ? void 0 : _a.trim())) return this.errorResponse([
       new Error("Invalid refresh_token")
     ]);
     if (data.grant_type === "authorization_code" && !this.codeVerifier) return this.errorResponse([
@@ -303,10 +351,22 @@ var _Authorizer = class _Authorizer {
         },
         credentials: "include"
       });
-      const json = await res.json();
-      if (res.status >= 400) return this.errorResponse([
-        new Error(json.error_description || json.error)
-      ]);
+      const text = await res.text();
+      let json = {};
+      if (text) {
+        try {
+          json = JSON.parse(text);
+        } catch {
+          return this.errorResponse([
+            new Error(res.ok ? "Invalid JSON from token endpoint" : `HTTP ${res.status}`)
+          ]);
+        }
+      }
+      if (!res.ok) {
+        return this.errorResponse([
+          new Error(String(json.error_description || json.error || `HTTP ${res.status}`))
+        ]);
+      }
       return this.okResponse(json);
     } catch (err) {
       return this.errorResponse(err);
@@ -325,9 +385,7 @@ var _Authorizer = class _Authorizer {
       });
       return ((_a = res == null ? void 0 : res.errors) == null ? void 0 : _a.length) ? this.errorResponse(res.errors) : this.okResponse((_b = res.data) == null ? void 0 : _b.login);
     } catch (err) {
-      return this.errorResponse([
-        new Error(err)
-      ]);
+      return this.errorResponse(err);
     }
   }, "login");
   logout = /* @__PURE__ */ __name(async (headers) => {
@@ -337,7 +395,7 @@ var _Authorizer = class _Authorizer {
         query: " mutation { logout { message } } ",
         headers
       });
-      return ((_a = res == null ? void 0 : res.errors) == null ? void 0 : _a.length) ? this.errorResponse(res.errors) : this.okResponse((_b = res.data) == null ? void 0 : _b.response);
+      return ((_a = res == null ? void 0 : res.errors) == null ? void 0 : _a.length) ? this.errorResponse(res.errors) : this.okResponse((_b = res.data) == null ? void 0 : _b.logout);
     } catch (err) {
       return this.errorResponse([
         err
@@ -369,8 +427,9 @@ var _Authorizer = class _Authorizer {
     if (!urlState) {
       urlState = encode(createRandomString());
     }
-    if (!Object.values(OAuthProviders).includes(oauthProvider)) {
-      throw new Error(`only following oauth providers are supported: ${Object.values(oauthProvider).toString()}`);
+    const oauthProviderIds = Object.values(OAuthProviders);
+    if (!oauthProviderIds.includes(oauthProvider)) {
+      throw new Error(`only following oauth providers are supported: ${oauthProviderIds.join(", ")}`);
     }
     if (!hasWindow()) throw new Error("oauthLogin is only supported for browsers");
     if (roles && roles.length) urlState += `&roles=${roles.join(",")}`;
@@ -411,22 +470,43 @@ var _Authorizer = class _Authorizer {
     }
   }, "resetPassword");
   revokeToken = /* @__PURE__ */ __name(async (data) => {
-    if (!data.refresh_token && !data.refresh_token.trim()) return this.errorResponse([
+    var _a;
+    if (!((_a = data.refresh_token) == null ? void 0 : _a.trim())) return this.errorResponse([
       new Error("Invalid refresh_token")
     ]);
-    const fetcher = getFetcher();
-    const res = await fetcher(`${this.config.authorizerURL}/oauth/revoke`, {
-      method: "POST",
-      headers: {
-        ...this.config.extraHeaders
-      },
-      body: JSON.stringify({
-        refresh_token: data.refresh_token,
-        client_id: this.config.clientID
-      })
-    });
-    const responseData = await res.json();
-    return this.okResponse(responseData);
+    try {
+      const fetcher = getFetcher();
+      const res = await fetcher(`${this.config.authorizerURL}/oauth/revoke`, {
+        method: "POST",
+        headers: {
+          ...this.config.extraHeaders
+        },
+        body: JSON.stringify({
+          refresh_token: data.refresh_token,
+          client_id: this.config.clientID
+        })
+      });
+      const text = await res.text();
+      let responseData = {};
+      if (text) {
+        try {
+          responseData = JSON.parse(text);
+        } catch {
+          return this.errorResponse([
+            new Error(res.ok ? "Invalid JSON from revoke endpoint" : `HTTP ${res.status}`)
+          ]);
+        }
+      }
+      if (!res.ok) {
+        const errBody = responseData;
+        return this.errorResponse([
+          new Error(String(errBody.error_description || errBody.error || `HTTP ${res.status}`))
+        ]);
+      }
+      return this.okResponse(responseData);
+    } catch (err) {
+      return this.errorResponse(err);
+    }
   }, "revokeToken");
   signup = /* @__PURE__ */ __name(async (data) => {
     var _a, _b;
@@ -580,11 +660,39 @@ var _Authorizer = class _Authorizer {
       },
       credentials: "include"
     });
-    const json = await res.json();
+    const text = await res.text();
+    let json = {};
+    if (text) {
+      try {
+        json = JSON.parse(text);
+      } catch {
+        return {
+          data: void 0,
+          errors: [
+            new Error(res.ok ? "Invalid JSON from GraphQL endpoint" : `HTTP ${res.status}`)
+          ]
+        };
+      }
+    } else if (!res.ok) {
+      return {
+        data: void 0,
+        errors: [
+          new Error(`HTTP ${res.status}`)
+        ]
+      };
+    }
     if ((_a = json == null ? void 0 : json.errors) == null ? void 0 : _a.length) {
       return {
         data: void 0,
-        errors: json.errors
+        errors: toErrorList(json.errors)
+      };
+    }
+    if (!res.ok) {
+      return {
+        data: void 0,
+        errors: [
+          new Error(`HTTP ${res.status}`)
+        ]
       };
     }
     return {
@@ -595,7 +703,7 @@ var _Authorizer = class _Authorizer {
   errorResponse = /* @__PURE__ */ __name((errors) => {
     return {
       data: void 0,
-      errors
+      errors: toErrorList(errors)
     };
   }, "errorResponse");
   okResponse = /* @__PURE__ */ __name((data) => {