npm - @authress/login - Versions diffs - 2.4.306 → 2.4.309 - Mend

@authress/login 2.4.306 → 2.4.309

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +3 -0
package/dist/authress.min.js +2 -2
package/dist/authress.min.js.LICENSE.txt +1 -1
package/dist/authress.min.js.LICENSE.txt.gz +0 -0
package/dist/authress.min.js.gz +0 -0
package/package.json +1 -1
package/src/httpClient.js +3 -1
package/src/index.js +13 -0

package/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,9 @@
 # Change log
 This is the changelog for [Authress Login](readme.md).
+## 2.4 ##
+* Prevent silent returns from `authenticate` when a different connectionId is used to have the user log in.
 ## 2.3 ##
 * Add MFA device methods.
 * Improve http error handling when there is an issue authenticating.

package/dist/authress.min.js CHANGED Viewed

@@ -1,2 +1,2 @@
-/*! Authress Login SDK 2.4.306 | Author - Authress Developers | License information can be found at https://github.com/Authress/login-sdk.js */
-!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.authress=t():e.authress=t()}(this,(()=>(()=>{var e,t,r={878:e=>{function t(e){return String.fromCharCode(parseInt(e.slice(1),16))}function r(e){return`%${`00${e.charCodeAt(0).toString(16)}`.slice(-2)}`}e.exports.decode=function(e){return function(e){return decodeURIComponent(Array.from(atob(e),r).join(""))}(e.replace(/-/g,"+").replace(/_/g,"/"))},e.exports.encode=function(e){return e&&"object"==typeof e?btoa(String.fromCharCode(...new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,""):function(e){return btoa(encodeURIComponent(e).replace(/%[0-9A-F]{2}/g,t))}(e).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,"")}},568:(e,t,r)=>{const n=r(836),{sanitizeUrl:o}=r(332),i=r(629),a="ExtensionRequestNonce";let s=null;e.exports=class{constructor(e,t){if(this.extensionId=t,!e)throw Error('Missing required property "authressCustomDomain" in ExtensionClient constructor. The Custom Authress Domain Host is required.');if(!t)throw Error('Missing required property "extensionId" in ExtensionClient constructor. The extension is required for selecting the correct login method.');this.authressCustomDomain=o(e),this.accessToken=null,i.onLoad((async()=>{await this.requestToken({silent:!0})}))}async getUserIdentity(){const e=this.accessToken&&await n.decode(this.accessToken);return e?1e3*e.exp<Date.now()?(this.accessToken=null,null):e:null}async getTokenResponse(){return await this.getUserIdentity()?{accessToken:this.accessToken}:null}requestToken(e={code:null,silent:!1}){if(s)return s=s.catch((()=>{})).then((()=>this.requestTokenContinuation(e)));const t=this.requestTokenContinuation(e);return t.catch((()=>{})),s=t}async requestTokenContinuation(e={code:null,silent:!1}){const t=e&&e.code||new URLSearchParams(i.getCurrentLocation().search).get("code");if(!t){if(!e||!e.silent){const e=Error("OAuth Authorization code is required");throw e.code="InvalidAuthorizationCode",e}return this.getTokenResponse()}const r=new URL(this.authressCustomDomain);r.pathname="/api/authentication/oauth/tokens";const{codeVerifier:n,redirectUrl:o}=JSON.parse(localStorage.getItem(a)||"{}"),s=await fetch(r.toString(),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code_verifier:n,code:t,grant_type:"authorization_code",client_id:this.extensionId,redirect_uri:o})}),c=await s.json();this.accessToken=c.access_token;const d=new URL(i.getCurrentLocation());return d.searchParams.delete("code"),d.searchParams.delete("iss"),d.searchParams.delete("nonce"),d.searchParams.delete("expires_in"),d.searchParams.delete("access_token"),d.searchParams.delete("id_token"),history.replaceState({},void 0,d.toString()),this.getTokenResponse()}async login(e){const t=await this.getTokenResponse();if(t)return t;const r=await this.requestToken({silent:!0});if(r)return r;const o=new URL(this.authressCustomDomain),{codeVerifier:s,codeChallenge:c}=n.getAuthCodes(),d=e||i.getCurrentLocation().href;return localStorage.setItem(a,JSON.stringify({codeVerifier:s,redirectUrl:d})),o.searchParams.set("client_id",this.extensionId),o.searchParams.set("code_challenge",c),o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("redirect_uri",d),i.assign(o.toString()),await new Promise((e=>setTimeout(e,5e3))),null}}},75:(e,t,r)=>{const{sanitizeUrl:n}=r(332),o=r(629),i={"Content-Type":"application/json"},a=new Set(["Failed to fetch","NetworkError when attempting to fetch resource.","The Internet connection appears to be offline.","Network request failed","fetch failed","<HTML DOCUMENT></HTML>"]);function s(e){return e&&e.message&&a.has(e.message)}async function c(e){let t=null;for(let r=0;r<5;r++)try{return await e()}catch(e){if(e.retryCount=r,t=e,s(e)||"Network Error"===e.message||"ERR_NETWORK"===e.code||!e.status||e.status>=500){t.isNetworkError=!0,await new Promise((e=>setTimeout(e,10*2**r)));continue}throw e}throw t}e.exports=class{constructor(e,t){if(!e)throw Error("Custom Authress Domain Host is required");const r=t||{debug(){},warn(){},critical(){}};this.logger=r;const o=new URL(n(e));this.loginUrl=`${o.origin}/api`}get(e,t,r,n){return c((()=>this.fetchWrapper("GET",e,null,r,t,n)))}delete(e,t,r,n){return c((()=>this.fetchWrapper("DELETE",e,null,r,t,n)))}post(e,t,r,n,o){return c((()=>this.fetchWrapper("POST",e,r,n,t,o)))}put(e,t,r,n,o){return c((()=>this.fetchWrapper("PUT",e,r,n,t,o)))}patch(e,t,r,n,o){return c((()=>this.fetchWrapper("PATCH",e,r,n,t,o)))}async fetchWrapper(e,t,r,n,a,s){const c=`${this.loginUrl}${t.toString()}`,d=e.toUpperCase(),l=Object.assign({},i,n);try{this.logger&&this.logger.debug&&this.logger.debug({title:"HttpClient Request",method:d,url:c});const e={method:d,headers:l};r&&(e.body=JSON.stringify(r)),!o.isLocalHost()&&a&&(e.credentials="include");const t=await fetch(c,e);if(!t.ok)throw t;let n={};try{n=await t.text(),n=JSON.parse(n)}catch(e){}return{url:c,headers:t.headers,status:t.status,data:n}}catch(e){let t=e;try{t=await e.text(),t=JSON.parse(t)}catch(e){}const n=t.stack&&t.stack.match(/chrome-extension:[/][/](\w+)[/]/);if(n){this.logger&&this.logger.debug&&this.logger.debug({title:`Fetch failed due to a browser extension - ${d} - ${c}`,method:d,url:c,data:r,headers:l,error:e,resolvedError:t,extensionErrorId:n});const o=new Error(`Extension Error ID: ${n}`);throw o.code="BROWSER_EXTENSION_ERROR",o}const o=e.status;let i="warn",a="HttpClient Response Error";e?401===o?(a="HttpClient Response Error due to invalid token",i="debug"):404===o?(a="HttpClient Response: Not Found",i="debug"):o<500&&s&&(i="debug"):a="HttpClient Response Error - Unknown error occurred",this.logger&&this.logger[i]&&this.logger[i]({title:a,online:"undefined"==typeof navigator||navigator.onLine,method:d,url:c,status:o,data:r,headers:l,error:e,resolvedError:t});throw{url:c,status:o,data:t,headers:e.headers}}}}},354:(e,t,r)=>{const n=r(427),o=r(321),i=r(629),a=r(75),s=r(836),{sanitizeUrl:c}=r(332),d=r(160);let l,u=new Promise((e=>l=e)),h=null;const p="AuthenticationRequestNonce";const f=r(568);e.exports={LoginClient:class{constructor(e,t){const r=Object.assign({applicationId:"app_default"},e);this.logger=t||console;const n=r.authressApiUrl||r.authressLoginHostUrl||r.authenticationServiceUrl||"";if(!n)throw Error('Missing required property "authressApiUrl" in LoginClient constructor. Custom Authress Domain Host is required.');this.applicationId=r.applicationId,this.hostUrl=c(n),this.httpClient=new a(this.hostUrl,t),this.lastSessionCheck=0,this.enableCredentials=this.getMatchingDomainInfo(this.hostUrl),r.skipBackgroundCredentialsCheck||i.onLoad((async()=>{await this.userSessionExists(!0)}))}getMatchingDomainInfo(e){const t=new URL(e);if(i.isLocalHost())return!1;const r=i.getCurrentLocation();if("https:"!==r.protocol)return!1;const n=t.host.toLowerCase().split(".").reverse(),a=r.host.toLowerCase().split(".").reverse();let s=[];for(let e of n){const t=o(a,s.length+1).join(".");if(s.concat(e).join(".")!==t)break;s.push(e)}return s.length===n.length&&s.length===a.length||s.length>1}getUserIdentity(){const e=d.getUserCookie(),t=s.decodeOrParse(e);if(t){const r=t.exp?new Date(1e3*t.exp):new Date(Date.now()+864e5);return d.set(e,r),t.userId=t.sub,t}const r=d.get(),n=s.decodeOrParse(r);if(!n)return null;const o=new URL(n.iss).hostname,i=new URL(this.hostUrl).hostname;return o.endsWith(i)||i.endsWith(o)?(n.userId=n.sub,n):(this.logger&&this.logger.error&&this.logger.error({title:"Token saved in browser is for a different issuer, discarding",issuerOrigin:o,hostUrlOrigin:i,savedUserData:n}),d.clear(),null)}async getConnectionCredentials(){await this.waitForUserSession();try{const e=await this.ensureToken();return(await this.httpClient.get("/session/credentials",this.enableCredentials,{Authorization:e&&`Bearer ${e}`})).data}catch(e){return null}}async getDevices(){try{const e=await this.ensureToken();return(await this.httpClient.get("/session/devices",this.enableCredentials,{Authorization:e&&`Bearer ${e}`})).data.devices}catch(e){return[]}}async deleteDevice(e){try{const t=await this.ensureToken();await this.httpClient.delete(`/session/devices/${encodeURIComponent(e)}`,this.enableCredentials,{Authorization:t&&`Bearer ${t}`})}catch(e){throw this.logger&&this.logger.log({title:"Failed to delete device",error:e}),e}}async openUserConfigurationScreen(e={redirectUrl:null,startPage:"Profile"}){if(!await this.userSessionExists()){const e=Error("User must be logged to configure user profile data.");throw e.code="NotLoggedIn",e}const t=new URL("/settings",this.hostUrl);t.searchParams.set("client_id",this.applicationId),t.searchParams.set("start_page",e&&e.startPage||"Profile"),t.searchParams.set("redirect_uri",e&&e.redirectUrl||i.getCurrentLocation().href),i.assign(t.toString()),await Promise.resolve()}async registerDevice(e={name:"",type:"",totp:{}}){const t=await this.getUserIdentity();if(!t){const e=Error("User must be logged to configure user profile data.");throw e.code="NotLoggedIn",e}if(!e){const e=Error("Register Device missing required parameter: 'Options'");throw e.code="InvalidInput",e}let r;if(e.type&&"WebAuthN"!==e.type)"TOTP"===e.type&&(r={name:e.name,code:e.totp.verificationCode,totpData:e.totp,type:"TOTP"});else{const n=t.sub,o={challenge:Uint8Array.from(n,(e=>e.charCodeAt(0))),rp:{id:this.hostUrl.split(".").slice(1).join("."),name:"WebAuthN Login"},user:{id:Uint8Array.from(n,(e=>e.charCodeAt(0))),name:n,displayName:`Generated User ID: ${n}`},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{residentKey:"discouraged",requireResidentKey:!1,userVerification:"discouraged"},timeout:6e4,attestation:"direct"},i=await navigator.credentials.create({publicKey:o}),a={authenticatorAttachment:i.authenticatorAttachment,credentialId:i.id,type:i.type,userId:n,attestation:btoa(String.fromCharCode(...new Uint8Array(i.response.attestationObject))),client:btoa(String.fromCharCode(...new Uint8Array(i.response.clientDataJSON)))};r={name:e&&e.name,code:a,type:"WebAuthN"}}try{const e=await this.ensureToken();return(await this.httpClient.post("/session/devices",this.enableCredentials,r,{Authorization:e&&`Bearer ${e}`})).data}catch(e){throw this.logger&&this.logger.log({title:"Failed to register new device",error:e,request:r}),e}}async waitForUserSession(){try{return await u,!0}catch(e){return!1}}userSessionExists(e){return h?Date.now()-this.lastSessionCheck<50?h:(this.lastSessionCheck=Date.now(),h=h.catch((()=>{})).then((()=>this.userSessionContinuation(e)))):(this.lastSessionCheck=Date.now(),h=this.userSessionContinuation(e))}async userSessionContinuation(e){const t=new URLSearchParams(i.getCurrentLocation().search),r=new URL(i.getCurrentLocation());let o={};if("undefined"!=typeof localStorage)try{o=JSON.parse(localStorage.getItem(p)||"{}"),localStorage.removeItem(p),Object.hasOwnProperty.call(o,"enableCredentials")&&(this.enableCredentials=o.enableCredentials)}catch(e){this.logger&&this.logger.debug&&this.logger.debug({title:"LocalStorage failed in Browser",error:e})}if(t.get("state")&&"oauthLogin"===t.get("flow"))return!1;if(o.nonce&&t.get("code")&&(r.searchParams.delete("nonce"),r.searchParams.delete("iss"),r.searchParams.delete("code"),history.replaceState({},void 0,r.toString()),o.nonce===t.get("nonce"))){const e="cookie"===t.get("code")?n.parse(document.cookie)["auth-code"]:t.get("code"),r={grant_type:"authorization_code",redirect_uri:o.redirectUrl,client_id:this.applicationId,code:e,code_verifier:o.codeVerifier};try{const e=await this.httpClient.post(`/authentication/${o.nonce}/tokens`,this.enableCredentials,r),t=s.decode(e.data.id_token),i=t.exp&&new Date(1e3*t.exp)||e.data.expires_in&&new Date(Date.now()+1e3*e.data.expires_in);return document.cookie=n.serialize("authorization",e.data.access_token||"",{expires:i,path:"/",sameSite:"strict"}),d.set(e.data.id_token,i),l(),!0}catch(e){if(this.logger&&this.logger.log({title:"Failed exchange authentication response for a token.",error:e}),e.data&&"invalid_request"===e.data.error)return!1;throw e.data||e}}if(i.isLocalHost()&&t.get("nonce")&&t.get("access_token")&&(r.searchParams.delete("iss"),r.searchParams.delete("nonce"),r.searchParams.delete("expires_in"),r.searchParams.delete("access_token"),r.searchParams.delete("id_token"),history.replaceState({},void 0,r.toString()),!o.nonce||o.nonce===t.get("nonce"))){const e=s.decode(t.get("id_token")),r=e.exp&&new Date(1e3*e.exp)||Number(t.get("expires_in"))&&new Date(Date.now()+1e3*Number(t.get("expires_in")));return document.cookie=n.serialize("authorization",t.get("access_token")||"",{expires:r,path:"/",sameSite:"strict"}),d.set(t.get("id_token"),r),l(),!0}if(this.getUserIdentity())return l(),!0;if(!i.isLocalHost()&&!e){try{const e=await this.httpClient.patch("/session",this.enableCredentials,{},null,!0);if(e.data.access_token){const t=s.decode(e.data.id_token),r=t.exp&&new Date(1e3*t.exp)||e.data.expires_in&&new Date(Date.now()+1e3*e.data.expires_in);document.cookie=n.serialize("authorization",e.data.access_token||"",{expires:r,path:"/",sameSite:"strict"}),d.set(e.data.id_token,r)}}catch(e){400!==e.status&&404!==e.status&&409!==e.status?this.logger&&this.logger.log&&this.logger.log({title:"User does not have an existing authentication session",error:e}):this.logger&&this.logger.log&&this.logger.log({title:"Failed attempting to check if the user has an existing authentication session",error:e})}if(this.getUserIdentity())return l(),!0}return!1}async updateExtensionAuthenticationRequest({state:e,connectionId:t,tenantLookupIdentifier:r,connectionProperties:n}){if(!t&&!r){const e=Error("connectionId or tenantLookupIdentifier must be specified");throw e.code="InvalidConnection",e}const o=new URLSearchParams(i.getCurrentLocation().search),a=e||o.get("state");if(!a){const e=Error("The `state` parameters must be specified to update this authentication request");throw e.code="InvalidAuthenticationRequest",e}try{const e=await this.httpClient.patch(`/authentication/${a}`,!0,{connectionId:t,tenantLookupIdentifier:r,connectionProperties:n});i.assign(e.data.authenticationUrl)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to update extension authentication request",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e.data||e}await new Promise((e=>setTimeout(e,5e3)))}async unlinkIdentity(e){if(!e){const e=Error("connectionId must be specified");throw e.code="InvalidConnection",e}if(!this.getUserIdentity()){const e=Error("User must be logged in to unlink an account.");throw e.code="NotLoggedIn",e}let t;try{t=await this.ensureToken({timeoutInMillis:100})}catch(e){if("TokenTimeout"===e.code){const e=Error("User must be logged into an existing account before linking a second account.");throw e.code="NotLoggedIn",e}}const r=this.enableCredentials&&!i.isLocalHost()?{}:{Authorization:`Bearer ${t}`};try{await this.httpClient.delete(`/identities/${encodeURIComponent(e)}`,this.enableCredentials,r)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to unlink user identity",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e.data||e}}async linkIdentity({connectionId:e,tenantLookupIdentifier:t,redirectUrl:r,connectionProperties:n}){if(!e&&!t){const e=Error("connectionId or tenantLookupIdentifier must be specified");throw e.code="InvalidConnection",e}if(!this.getUserIdentity()){const e=Error("User must be logged into an existing account before linking a second account.");throw e.code="NotLoggedIn",e}let o;try{o=await this.ensureToken({timeoutInMillis:100})}catch(e){if("TokenTimeout"===e.code){const e=Error("User must be logged into an existing account before linking a second account.");throw e.code="NotLoggedIn",e}}const{codeChallenge:a}=await s.getAuthCodes();try{const s=r&&new URL(r).toString()||i.getCurrentLocation().href,c=this.enableCredentials&&!i.isLocalHost()?{}:{Authorization:`Bearer ${o}`},d=await this.httpClient.post("/authentication",this.enableCredentials,{linkIdentity:!0,redirectUrl:s,codeChallengeMethod:"S256",codeChallenge:a,connectionId:e,tenantLookupIdentifier:t,connectionProperties:n,applicationId:this.applicationId},c);i.assign(d.data.authenticationUrl)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to start user identity link",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e}await new Promise((e=>setTimeout(e,5e3)))}async authenticate(e={}){const{connectionId:t,tenantLookupIdentifier:r,inviteId:n,redirectUrl:o,force:a,responseLocation:c,flowType:l,connectionProperties:u,openType:h,multiAccount:f,clearUserDataBeforeLogin:g}=e||{};if(c&&"cookie"!==c&&"query"!==c&&"none"!==c){const e=Error("Authentication response location is not valid");throw e.code="InvalidResponseLocation",e}if(!a&&!f&&await this.userSessionExists())return!0;const{codeVerifier:m,codeChallenge:w}=await s.getAuthCodes();try{const e=o&&new URL(o).toString()||i.getCurrentLocation().href;!1!==g&&d.clear();const a=await this.httpClient.post("/authentication",!1,{redirectUrl:e,codeChallengeMethod:"S256",codeChallenge:w,connectionId:t,tenantLookupIdentifier:r,inviteId:n,connectionProperties:u,applicationId:this.applicationId,responseLocation:c,flowType:l,multiAccount:f});if(localStorage.setItem(p,JSON.stringify({nonce:a.data.authenticationRequestId,codeVerifier:m,lastConnectionId:t,tenantLookupIdentifier:r,redirectUrl:e,enableCredentials:a.data.enableCredentials,multiAccount:f})),"tab"===h){const e=i.open(a.data.authenticationUrl,"_blank");e&&!e.closed&&void 0!==e.closed||i.assign(a.data.authenticationUrl)}else i.assign(a.data.authenticationUrl)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to start authentication for user",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e.data||e}return await new Promise((e=>setTimeout(e,5e3))),!1}async ensureToken(e){await this.userSessionExists();const t=Object.assign({timeoutInMillis:5e3},e||{}),r=this.waitForUserSession(),o=new Promise(((e,r)=>setTimeout(r,t.timeoutInMillis||0)));try{await Promise.race([r,o])}catch(e){const t=Error("No token retrieved after timeout");throw t.code="TokenTimeout",t}const i=n.parse(document.cookie);return"undefined"!==i.authorization&&i.authorization}async logout(e){if(d.clear(),u=new Promise((e=>l=e)),this.enableCredentials)try{return await this.httpClient.delete("/session",this.enableCredentials),void(e&&e!==i.getCurrentLocation().href&&i.assign(e))}catch(e){}const t=new URL("/logout",this.hostUrl);t.searchParams.set("redirect_uri",e||i.getCurrentLocation().href),t.searchParams.set("client_id",this.applicationId),i.assign(t.toString())}},ExtensionClient:f,UserConfigurationScreen:{Profile:"Profile",MFA:"MFA"}}},836:(e,t,r)=>{const n=r(878);e.exports=new class{decode(e){if(!e)return null;try{const t=JSON.parse(n.decode(e.split(".")[1]));return t.exp&&(t.exp=t.exp-10),t}catch(e){return null}}decodeOrParse(e){if(!e)return null;if("object"==typeof e)return e;try{return JSON.parse(e)}catch(t){return this.decode(e)}}decodeFull(e){if(!e)return null;try{const t=JSON.parse(n.decode(e.split(".")[0])),r=JSON.parse(n.decode(e.split(".")[1]));return r.exp&&(r.exp=r.exp-10),{header:t,payload:r}}catch(e){return null}}async getAuthCodes(){const e=n.encode((window.crypto||window.msCrypto).getRandomValues(new Uint32Array(16)).toString()),t=await(window.crypto||window.msCrypto).subtle.digest("SHA-256",(new TextEncoder).encode(e));return{codeVerifier:e,codeChallenge:n.encode(t)}}}},160:(e,t,r)=>{const n=r(427),o="AuthenticationCredentialsStorage";e.exports=new class{getUserCookie(){if("undefined"==typeof window||"undefined"==typeof document)return null;return document.cookie.split(";").filter((e=>"user"===e.split("=")[0].trim())).map((e=>e.replace(/^user=/,""))).find((e=>e&&e.trim()))||null}set(e,t){if("undefined"!=typeof window&&"undefined"!=typeof document)try{const r=n.parse(document.cookie);localStorage.setItem(o,JSON.stringify({idToken:e,expiry:t&&t.getTime(),jsCookies:!!r.authorization})),this.clearCookies("user")}catch(e){console.debug("LocalStorage failed in Browser",e)}}get(){if("undefined"==typeof window||"undefined"==typeof document)return null;let e={};try{e=n.parse(document.cookie)}catch(e){console.debug("CookieManagement failed in Browser",e)}try{const{idToken:t,expiry:r,jsCookies:n}=JSON.parse(localStorage.getItem(o)||"{}");return t?r<Date.now()||n&&!e.authorization?null:t:this.getUserCookie()}catch(e){return console.debug("LocalStorage failed in Browser",e),this.getUserCookie()}}delete(){try{localStorage.removeItem(o)}catch(e){console.debug("LocalStorage failed in Browser",e)}try{this.clearCookies("user")}catch(e){console.debug("CookieManagement failed in Browser",e)}}clear(){this.clearCookies(),this.delete()}clearCookies(e){if("undefined"==typeof window||"undefined"==typeof document)return;const t=document.cookie.split("; ");for(const r of t){if(!["user","authorization","auth-code"].includes(r.split("=")[0])||e&&r.split("=")[0]!==e)continue;const t=window.location.hostname.split("."),n=[...Array(t.length-1)].map(((e,r)=>t.reverse().slice(0,r+2).reverse().join("."))).map((e=>[e,`.${e}`])).flat(1).concat(null);"localhost"===window.location.hostname&&n.push("localhost");for(const e of n){const t=e?`domain=${e};`:"",n=`${encodeURIComponent(r.split(";")[0].split("=")[0])}=; expires=Thu, 01-Jan-1970 00:00:01 GMT; ${t} SameSite=Strict; path=`;document.cookie=`${n}/`;const o=location.pathname.split("/");for(;o.length>0;)document.cookie=n+o.join("/"),o.pop()}}}}},332:e=>{e.exports.sanitizeUrl=function(e){let t=e;t.startsWith("http")||(t=`https://${t}`);const r=new URL(t),n=r.host.match(/^([a-z0-9-]+)[.][a-z0-9-]+[.]authress[.]io$/);return n&&(r.host=`${n[1]}.login.authress.io`,t=r.toString()),t.replace(/[/]+$/,"")}},629:e=>{e.exports=new class{onLoad(e){"undefined"!=typeof window&&(window.onload=e)}isLocalHost(){return"undefined"!=typeof window&&window.location&&("localhost"===window.location.hostname||"127.0.0.1"===window.location.hostname)}getCurrentLocation(){return"undefined"!=typeof window&&new URL(window.location)||new URL("http://localhost:8080")}assign(e){return"undefined"==typeof window?null:window.location.assign(e.toString())}open(e){return"undefined"==typeof window?null:window.open(e.toString())}}},427:(e,t)=>{"use strict";t.parse=function(e,t){if("string"!=typeof e)throw new TypeError("argument str must be a string");var r={},n=(t||{}).decode||o,i=0;for(;i<e.length;){var s=e.indexOf("=",i);if(-1===s)break;var c=e.indexOf(";",i);if(-1===c)c=e.length;else if(c<s){i=e.lastIndexOf(";",s-1)+1;continue}var d=e.slice(i,s).trim();if(void 0===r[d]){var l=e.slice(s+1,c).trim();34===l.charCodeAt(0)&&(l=l.slice(1,-1)),r[d]=a(l,n)}i=c+1}return r},t.serialize=function(e,t,o){var a=o||{},s=a.encode||i;if("function"!=typeof s)throw new TypeError("option encode is invalid");if(!n.test(e))throw new TypeError("argument name is invalid");var c=s(t);if(c&&!n.test(c))throw new TypeError("argument val is invalid");var d=e+"="+c;if(null!=a.maxAge){var l=a.maxAge-0;if(isNaN(l)||!isFinite(l))throw new TypeError("option maxAge is invalid");d+="; Max-Age="+Math.floor(l)}if(a.domain){if(!n.test(a.domain))throw new TypeError("option domain is invalid");d+="; Domain="+a.domain}if(a.path){if(!n.test(a.path))throw new TypeError("option path is invalid");d+="; Path="+a.path}if(a.expires){var u=a.expires;if(!function(e){return"[object Date]"===r.call(e)||e instanceof Date}(u)||isNaN(u.valueOf()))throw new TypeError("option expires is invalid");d+="; Expires="+u.toUTCString()}a.httpOnly&&(d+="; HttpOnly");a.secure&&(d+="; Secure");if(a.priority){switch("string"==typeof a.priority?a.priority.toLowerCase():a.priority){case"low":d+="; Priority=Low";break;case"medium":d+="; Priority=Medium";break;case"high":d+="; Priority=High";break;default:throw new TypeError("option priority is invalid")}}if(a.sameSite){switch("string"==typeof a.sameSite?a.sameSite.toLowerCase():a.sameSite){case!0:d+="; SameSite=Strict";break;case"lax":d+="; SameSite=Lax";break;case"strict":d+="; SameSite=Strict";break;case"none":d+="; SameSite=None";break;default:throw new TypeError("option sameSite is invalid")}}return d};var r=Object.prototype.toString,n=/^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;function o(e){return-1!==e.indexOf("%")?decodeURIComponent(e):e}function i(e){return encodeURIComponent(e)}function a(e,t){try{return t(e)}catch(t){return e}}},321:e=>{var t=1/0,r=17976931348623157e292,n=NaN,o="[object Symbol]",i=/^\s+|\s+$/g,a=/^[-+]0x[0-9a-f]+$/i,s=/^0b[01]+$/i,c=/^0o[0-7]+$/i,d=parseInt,l=Object.prototype.toString;function u(e){var t=typeof e;return!!e&&("object"==t||"function"==t)}e.exports=function(e,h,p){return e&&e.length?function(e,t,r){var n=-1,o=e.length;t<0&&(t=-t>o?0:o+t),(r=r>o?o:r)<0&&(r+=o),o=t>r?0:r-t>>>0,t>>>=0;for(var i=Array(o);++n<o;)i[n]=e[n+t];return i}(e,0,(h=p||void 0===h?1:(f=function(e){return e?(e=function(e){if("number"==typeof e)return e;if(function(e){return"symbol"==typeof e||function(e){return!!e&&"object"==typeof e}(e)&&l.call(e)==o}(e))return n;if(u(e)){var t="function"==typeof e.valueOf?e.valueOf():e;e=u(t)?t+"":t}if("string"!=typeof e)return 0===e?e:+e;e=e.replace(i,"");var r=s.test(e);return r||c.test(e)?d(e.slice(2),r?2:8):a.test(e)?n:+e}(e))===t||e===-t?(e<0?-1:1)*r:e==e?e:0:0===e?e:0}(h),g=f%1,f==f?g?f-g:f:0))<0?0:h):[];var f,g}}},n={};function o(e){var t=n[e];if(void 0!==t){if(void 0!==t.error)throw t.error;return t.exports}var i=n[e]={exports:{}};try{var a={id:e,module:i,factory:r[e],require:o};o.i.forEach((function(e){e(a)})),i=a.module,a.factory.call(i.exports,i,i.exports,a.require)}catch(e){throw i.error=e,e}return i.exports}return o.m=r,o.c=n,o.i=[],o.hu=e=>e+"."+o.h()+".hot-update.js",o.hmrF=()=>"main."+o.h()+".hot-update.json",o.h=()=>"46d899f6f30a86f3746f",o.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),e={},t="authress:",o.l=(r,n,i,a)=>{if(e[r])e[r].push(n);else{var s,c;if(void 0!==i)for(var d=document.getElementsByTagName("script"),l=0;l<d.length;l++){var u=d[l];if(u.getAttribute("src")==r||u.getAttribute("data-webpack")==t+i){s=u;break}}s||(c=!0,(s=document.createElement("script")).charset="utf-8",s.timeout=120,o.nc&&s.setAttribute("nonce",o.nc),s.setAttribute("data-webpack",t+i),s.src=r),e[r]=[n];var h=(t,n)=>{s.onerror=s.onload=null,clearTimeout(p);var o=e[r];if(delete e[r],s.parentNode&&s.parentNode.removeChild(s),o&&o.forEach((e=>e(n))),t)return t(n)},p=setTimeout(h.bind(null,void 0,{type:"timeout",target:s}),12e4);s.onerror=h.bind(null,s.onerror),s.onload=h.bind(null,s.onload),c&&document.head.appendChild(s)}},(()=>{var e,t,r,n={},i=o.c,a=[],s=[],c="idle",d=0,l=[];function u(e){c=e;for(var t=[],r=0;r<s.length;r++)t[r]=s[r].call(null,e);return Promise.all(t).then((function(){}))}function h(){0==--d&&u("ready").then((function(){if(0===d){var e=l;l=[];for(var t=0;t<e.length;t++)e[t]()}}))}function p(e){if("idle"!==c)throw new Error("check() is only allowed in idle status");return u("check").then(o.hmrM).then((function(r){return r?u("prepare").then((function(){var n=[];return t=[],Promise.all(Object.keys(o.hmrC).reduce((function(e,i){return o.hmrC[i](r.c,r.r,r.m,e,t,n),e}),[])).then((function(){return t=function(){return e?g(e):u("ready").then((function(){return n}))},0===d?t():new Promise((function(e){l.push((function(){e(t())}))}));var t}))})):u(m()?"ready":"idle").then((function(){return null}))}))}function f(e){return"ready"!==c?Promise.resolve().then((function(){throw new Error("apply() is only allowed in ready status (state: "+c+")")})):g(e)}function g(e){e=e||{},m();var n=t.map((function(t){return t(e)}));t=void 0;var o=n.map((function(e){return e.error})).filter(Boolean);if(o.length>0)return u("abort").then((function(){throw o[0]}));var i=u("dispose");n.forEach((function(e){e.dispose&&e.dispose()}));var a,s=u("apply"),c=function(e){a||(a=e)},d=[];return n.forEach((function(e){if(e.apply){var t=e.apply(c);if(t)for(var r=0;r<t.length;r++)d.push(t[r])}})),Promise.all([i,s]).then((function(){return a?u("fail").then((function(){throw a})):r?g(e).then((function(e){return d.forEach((function(t){e.indexOf(t)<0&&e.push(t)})),e})):u("idle").then((function(){return d}))}))}function m(){if(r)return t||(t=[]),Object.keys(o.hmrI).forEach((function(e){r.forEach((function(r){o.hmrI[e](r,t)}))})),r=void 0,!0}o.hmrD=n,o.i.push((function(l){var g,m,w,y,v=l.module,C=function(t,r){var n=i[r];if(!n)return t;var o=function(o){if(n.hot.active){if(i[o]){var s=i[o].parents;-1===s.indexOf(r)&&s.push(r)}else a=[r],e=o;-1===n.children.indexOf(o)&&n.children.push(o)}else console.warn("[HMR] unexpected require("+o+") from disposed module "+r),a=[];return t(o)},s=function(e){return{configurable:!0,enumerable:!0,get:function(){return t[e]},set:function(r){t[e]=r}}};for(var l in t)Object.prototype.hasOwnProperty.call(t,l)&&"e"!==l&&Object.defineProperty(o,l,s(l));return o.e=function(e,r){return function(e){switch(c){case"ready":u("prepare");case"prepare":return d++,e.then(h,h),e;default:return e}}(t.e(e,r))},o}(l.require,l.id);v.hot=(g=l.id,m=v,y={_acceptedDependencies:{},_acceptedErrorHandlers:{},_declinedDependencies:{},_selfAccepted:!1,_selfDeclined:!1,_selfInvalidated:!1,_disposeHandlers:[],_main:w=e!==g,_requireSelf:function(){a=m.parents.slice(),e=w?void 0:g,o(g)},active:!0,accept:function(e,t,r){if(void 0===e)y._selfAccepted=!0;else if("function"==typeof e)y._selfAccepted=e;else if("object"==typeof e&&null!==e)for(var n=0;n<e.length;n++)y._acceptedDependencies[e[n]]=t||function(){},y._acceptedErrorHandlers[e[n]]=r;else y._acceptedDependencies[e]=t||function(){},y._acceptedErrorHandlers[e]=r},decline:function(e){if(void 0===e)y._selfDeclined=!0;else if("object"==typeof e&&null!==e)for(var t=0;t<e.length;t++)y._declinedDependencies[e[t]]=!0;else y._declinedDependencies[e]=!0},dispose:function(e){y._disposeHandlers.push(e)},addDisposeHandler:function(e){y._disposeHandlers.push(e)},removeDisposeHandler:function(e){var t=y._disposeHandlers.indexOf(e);t>=0&&y._disposeHandlers.splice(t,1)},invalidate:function(){switch(this._selfInvalidated=!0,c){case"idle":t=[],Object.keys(o.hmrI).forEach((function(e){o.hmrI[e](g,t)})),u("ready");break;case"ready":Object.keys(o.hmrI).forEach((function(e){o.hmrI[e](g,t)}));break;case"prepare":case"check":case"dispose":case"apply":(r=r||[]).push(g)}},check:p,apply:f,status:function(e){if(!e)return c;s.push(e)},addStatusHandler:function(e){s.push(e)},removeStatusHandler:function(e){var t=s.indexOf(e);t>=0&&s.splice(t,1)},data:n[g]},e=void 0,y),v.parents=a,v.children=[],a=[],l.require=C})),o.hmrC={},o.hmrI={}})(),o.p="",(()=>{var e,t,r,n,i,a=o.hmrS_jsonp=o.hmrS_jsonp||{792:0},s={};function c(t,r){return e=r,new Promise(((e,r)=>{s[t]=e;var n=o.p+o.hu(t),i=new Error;o.l(n,(e=>{if(s[t]){s[t]=void 0;var n=e&&("load"===e.type?"missing":e.type),o=e&&e.target&&e.target.src;i.message="Loading hot update chunk "+t+" failed.\n("+n+": "+o+")",i.name="ChunkLoadError",i.type=n,i.request=o,r(i)}}))}))}function d(e){function s(e){for(var t=[e],r={},n=t.map((function(e){return{chain:[e],id:e}}));n.length>0;){var i=n.pop(),a=i.id,s=i.chain,d=o.c[a];if(d&&(!d.hot._selfAccepted||d.hot._selfInvalidated)){if(d.hot._selfDeclined)return{type:"self-declined",chain:s,moduleId:a};if(d.hot._main)return{type:"unaccepted",chain:s,moduleId:a};for(var l=0;l<d.parents.length;l++){var u=d.parents[l],h=o.c[u];if(h){if(h.hot._declinedDependencies[a])return{type:"declined",chain:s.concat([u]),moduleId:a,parentId:u};-1===t.indexOf(u)&&(h.hot._acceptedDependencies[a]?(r[u]||(r[u]=[]),c(r[u],[a])):(delete r[u],t.push(u),n.push({chain:s.concat([u]),id:u})))}}}}return{type:"accepted",moduleId:e,outdatedModules:t,outdatedDependencies:r}}function c(e,t){for(var r=0;r<t.length;r++){var n=t[r];-1===e.indexOf(n)&&e.push(n)}}o.f&&delete o.f.jsonpHmr,t=void 0;var d={},l=[],u={},h=function(e){console.warn("[HMR] unexpected require("+e.id+") to disposed module")};for(var p in r)if(o.o(r,p)){var f,g=r[p],m=!1,w=!1,y=!1,v="";switch((f=g?s(p):{type:"disposed",moduleId:p}).chain&&(v="\nUpdate propagation: "+f.chain.join(" -> ")),f.type){case"self-declined":e.onDeclined&&e.onDeclined(f),e.ignoreDeclined||(m=new Error("Aborted because of self decline: "+f.moduleId+v));break;case"declined":e.onDeclined&&e.onDeclined(f),e.ignoreDeclined||(m=new Error("Aborted because of declined dependency: "+f.moduleId+" in "+f.parentId+v));break;case"unaccepted":e.onUnaccepted&&e.onUnaccepted(f),e.ignoreUnaccepted||(m=new Error("Aborted because "+p+" is not accepted"+v));break;case"accepted":e.onAccepted&&e.onAccepted(f),w=!0;break;case"disposed":e.onDisposed&&e.onDisposed(f),y=!0;break;default:throw new Error("Unexception type "+f.type)}if(m)return{error:m};if(w)for(p in u[p]=g,c(l,f.outdatedModules),f.outdatedDependencies)o.o(f.outdatedDependencies,p)&&(d[p]||(d[p]=[]),c(d[p],f.outdatedDependencies[p]));y&&(c(l,[f.moduleId]),u[p]=h)}r=void 0;for(var C,k=[],b=0;b<l.length;b++){var I=l[b],S=o.c[I];S&&(S.hot._selfAccepted||S.hot._main)&&u[I]!==h&&!S.hot._selfInvalidated&&k.push({module:I,require:S.hot._requireSelf,errorHandler:S.hot._selfAccepted})}return{dispose:function(){var e;n.forEach((function(e){delete a[e]})),n=void 0;for(var t,r=l.slice();r.length>0;){var i=r.pop(),s=o.c[i];if(s){var c={},u=s.hot._disposeHandlers;for(b=0;b<u.length;b++)u[b].call(null,c);for(o.hmrD[i]=c,s.hot.active=!1,delete o.c[i],delete d[i],b=0;b<s.children.length;b++){var h=o.c[s.children[b]];h&&((e=h.parents.indexOf(i))>=0&&h.parents.splice(e,1))}}}for(var p in d)if(o.o(d,p)&&(s=o.c[p]))for(C=d[p],b=0;b<C.length;b++)t=C[b],(e=s.children.indexOf(t))>=0&&s.children.splice(e,1)},apply:function(t){for(var r in u)o.o(u,r)&&(o.m[r]=u[r]);for(var n=0;n<i.length;n++)i[n](o);for(var a in d)if(o.o(d,a)){var s=o.c[a];if(s){C=d[a];for(var c=[],h=[],p=[],f=0;f<C.length;f++){var g=C[f],m=s.hot._acceptedDependencies[g],w=s.hot._acceptedErrorHandlers[g];if(m){if(-1!==c.indexOf(m))continue;c.push(m),h.push(w),p.push(g)}}for(var y=0;y<c.length;y++)try{c[y].call(null,C)}catch(r){if("function"==typeof h[y])try{h[y](r,{moduleId:a,dependencyId:p[y]})}catch(n){e.onErrored&&e.onErrored({type:"accept-error-handler-errored",moduleId:a,dependencyId:p[y],error:n,originalError:r}),e.ignoreErrored||(t(n),t(r))}else e.onErrored&&e.onErrored({type:"accept-errored",moduleId:a,dependencyId:p[y],error:r}),e.ignoreErrored||t(r)}}}for(var v=0;v<k.length;v++){var b=k[v],I=b.module;try{b.require(I)}catch(r){if("function"==typeof b.errorHandler)try{b.errorHandler(r,{moduleId:I,module:o.c[I]})}catch(n){e.onErrored&&e.onErrored({type:"self-accept-error-handler-errored",moduleId:I,error:n,originalError:r}),e.ignoreErrored||(t(n),t(r))}else e.onErrored&&e.onErrored({type:"self-accept-errored",moduleId:I,error:r}),e.ignoreErrored||t(r)}}return l}}}this.webpackHotUpdateauthress=(t,n,a)=>{for(var c in n)o.o(n,c)&&(r[c]=n[c],e&&e.push(c));a&&i.push(a),s[t]&&(s[t](),s[t]=void 0)},o.hmrI.jsonp=function(e,t){r||(r={},i=[],n=[],t.push(d)),o.o(r,e)||(r[e]=o.m[e])},o.hmrC.jsonp=function(e,s,l,u,h,p){h.push(d),t={},n=s,r=l.reduce((function(e,t){return e[t]=!1,e}),{}),i=[],e.forEach((function(e){o.o(a,e)&&void 0!==a[e]?(u.push(c(e,p)),t[e]=!0):t[e]=!1})),o.f&&(o.f.jsonpHmr=function(e,r){t&&o.o(t,e)&&!t[e]&&(r.push(c(e)),t[e]=!0)})},o.hmrM=()=>{if("undefined"==typeof fetch)throw new Error("No browser support: need fetch API");return fetch(o.p+o.hmrF()).then((e=>{if(404!==e.status){if(!e.ok)throw new Error("Failed to fetch update manifest "+e.statusText);return e.json()}}))}})(),o(354)})()));
+/*! Authress Login SDK 2.4.309 | Author - Authress Developers | License information can be found at https://github.com/Authress/login-sdk.js */
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.authress=t():e.authress=t()}(this,(()=>(()=>{var e,t,r={878:e=>{function t(e){return String.fromCharCode(parseInt(e.slice(1),16))}function r(e){return`%${`00${e.charCodeAt(0).toString(16)}`.slice(-2)}`}e.exports.decode=function(e){return function(e){return decodeURIComponent(Array.from(atob(e),r).join(""))}(e.replace(/-/g,"+").replace(/_/g,"/"))},e.exports.encode=function(e){return e&&"object"==typeof e?btoa(String.fromCharCode(...new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,""):function(e){return btoa(encodeURIComponent(e).replace(/%[0-9A-F]{2}/g,t))}(e).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,"")}},568:(e,t,r)=>{const n=r(836),{sanitizeUrl:o}=r(332),i=r(629),s="ExtensionRequestNonce";let a=null;e.exports=class{constructor(e,t){if(this.extensionId=t,!e)throw Error('Missing required property "authressCustomDomain" in ExtensionClient constructor. The Custom Authress Domain Host is required.');if(!t)throw Error('Missing required property "extensionId" in ExtensionClient constructor. The extension is required for selecting the correct login method.');this.authressCustomDomain=o(e),this.accessToken=null,i.onLoad((async()=>{await this.requestToken({silent:!0})}))}async getUserIdentity(){const e=this.accessToken&&await n.decode(this.accessToken);return e?1e3*e.exp<Date.now()?(this.accessToken=null,null):e:null}async getTokenResponse(){return await this.getUserIdentity()?{accessToken:this.accessToken}:null}requestToken(e={code:null,silent:!1}){if(a)return a=a.catch((()=>{})).then((()=>this.requestTokenContinuation(e)));const t=this.requestTokenContinuation(e);return t.catch((()=>{})),a=t}async requestTokenContinuation(e={code:null,silent:!1}){const t=e&&e.code||new URLSearchParams(i.getCurrentLocation().search).get("code");if(!t){if(!e||!e.silent){const e=Error("OAuth Authorization code is required");throw e.code="InvalidAuthorizationCode",e}return this.getTokenResponse()}const r=new URL(this.authressCustomDomain);r.pathname="/api/authentication/oauth/tokens";const{codeVerifier:n,redirectUrl:o}=JSON.parse(localStorage.getItem(s)||"{}"),a=await fetch(r.toString(),{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({code_verifier:n,code:t,grant_type:"authorization_code",client_id:this.extensionId,redirect_uri:o})}),c=await a.json();this.accessToken=c.access_token;const d=new URL(i.getCurrentLocation());return d.searchParams.delete("code"),d.searchParams.delete("iss"),d.searchParams.delete("nonce"),d.searchParams.delete("expires_in"),d.searchParams.delete("access_token"),d.searchParams.delete("id_token"),history.replaceState({},void 0,d.toString()),this.getTokenResponse()}async login(e){const t=await this.getTokenResponse();if(t)return t;const r=await this.requestToken({silent:!0});if(r)return r;const o=new URL(this.authressCustomDomain),{codeVerifier:a,codeChallenge:c}=n.getAuthCodes(),d=e||i.getCurrentLocation().href;return localStorage.setItem(s,JSON.stringify({codeVerifier:a,redirectUrl:d})),o.searchParams.set("client_id",this.extensionId),o.searchParams.set("code_challenge",c),o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("redirect_uri",d),i.assign(o.toString()),await new Promise((e=>setTimeout(e,5e3))),null}}},75:(e,t,r)=>{const{sanitizeUrl:n}=r(332),o=r(629),i={"Content-Type":"application/json","X-Powered-By":`Authress Login SDK; Javascript; ${r(330).version}`},s=new Set(["Failed to fetch","NetworkError when attempting to fetch resource.","The Internet connection appears to be offline.","Network request failed","fetch failed","<HTML DOCUMENT></HTML>"]);function a(e){return e&&e.message&&s.has(e.message)}async function c(e){let t=null;for(let r=0;r<5;r++)try{return await e()}catch(e){if(e.retryCount=r,t=e,a(e)||"Network Error"===e.message||"ERR_NETWORK"===e.code||!e.status||e.status>=500){t.isNetworkError=!0,await new Promise((e=>setTimeout(e,10*2**r)));continue}throw e}throw t}e.exports=class{constructor(e,t){if(!e)throw Error("Custom Authress Domain Host is required");const r=t||{debug(){},warn(){},critical(){}};this.logger=r;const o=new URL(n(e));this.loginUrl=`${o.origin}/api`}get(e,t,r,n){return c((()=>this.fetchWrapper("GET",e,null,r,t,n)))}delete(e,t,r,n){return c((()=>this.fetchWrapper("DELETE",e,null,r,t,n)))}post(e,t,r,n,o){return c((()=>this.fetchWrapper("POST",e,r,n,t,o)))}put(e,t,r,n,o){return c((()=>this.fetchWrapper("PUT",e,r,n,t,o)))}patch(e,t,r,n,o){return c((()=>this.fetchWrapper("PATCH",e,r,n,t,o)))}async fetchWrapper(e,t,r,n,s,a){const c=`${this.loginUrl}${t.toString()}`,d=e.toUpperCase(),l=Object.assign({},i,n);try{this.logger&&this.logger.debug&&this.logger.debug({title:"HttpClient Request",method:d,url:c});const e={method:d,headers:l};r&&(e.body=JSON.stringify(r)),!o.isLocalHost()&&s&&(e.credentials="include");const t=await fetch(c,e);if(!t.ok)throw t;let n={};try{n=await t.text(),n=JSON.parse(n)}catch(e){}return{url:c,headers:t.headers,status:t.status,data:n}}catch(e){let t=e;try{t=await e.text(),t=JSON.parse(t)}catch(e){}const n=t.stack&&t.stack.match(/chrome-extension:[/][/](\w+)[/]/);if(n){this.logger&&this.logger.debug&&this.logger.debug({title:`Fetch failed due to a browser extension - ${d} - ${c}`,method:d,url:c,data:r,headers:l,error:e,resolvedError:t,extensionErrorId:n});const o=new Error(`Extension Error ID: ${n}`);throw o.code="BROWSER_EXTENSION_ERROR",o}const o=e.status;let i="warn",s="HttpClient Response Error";e?401===o?(s="HttpClient Response Error due to invalid token",i="debug"):404===o?(s="HttpClient Response: Not Found",i="debug"):o<500&&a&&(i="debug"):s="HttpClient Response Error - Unknown error occurred",this.logger&&this.logger[i]&&this.logger[i]({title:s,online:"undefined"==typeof navigator||navigator.onLine,method:d,url:c,status:o,data:r,headers:l,error:e,resolvedError:t});throw{url:c,status:o,data:t,headers:e.headers}}}}},354:(e,t,r)=>{const n=r(427),o=r(321),i=r(629),s=r(75),a=r(836),{sanitizeUrl:c}=r(332),d=r(160);let l,u=new Promise((e=>l=e)),h=null;const p="AuthenticationRequestNonce";const f=r(568);e.exports={LoginClient:class{constructor(e,t){const r=Object.assign({applicationId:"app_default"},e);this.logger=t||console;const n=r.authressApiUrl||r.authressLoginHostUrl||r.authenticationServiceUrl||"";if(!n)throw Error('Missing required property "authressApiUrl" in LoginClient constructor. Custom Authress Domain Host is required.');this.applicationId=r.applicationId,this.hostUrl=c(n),this.httpClient=new s(this.hostUrl,t),this.lastSessionCheck=0,this.enableCredentials=this.getMatchingDomainInfo(this.hostUrl),r.skipBackgroundCredentialsCheck||i.onLoad((async()=>{await this.userSessionExists(!0)}))}getMatchingDomainInfo(e){const t=new URL(e);if(i.isLocalHost())return!1;const r=i.getCurrentLocation();if("https:"!==r.protocol)return!1;const n=t.host.toLowerCase().split(".").reverse(),s=r.host.toLowerCase().split(".").reverse();let a=[];for(let e of n){const t=o(s,a.length+1).join(".");if(a.concat(e).join(".")!==t)break;a.push(e)}return a.length===n.length&&a.length===s.length||a.length>1}getUserIdentity(){const e=d.getUserCookie(),t=a.decodeOrParse(e);if(t){const r=t.exp?new Date(1e3*t.exp):new Date(Date.now()+864e5);return d.set(e,r),t.userId=t.sub,t}const r=d.get(),n=a.decodeOrParse(r);if(!n)return null;const o=new URL(n.iss).hostname,i=new URL(this.hostUrl).hostname;return o.endsWith(i)||i.endsWith(o)?(n.userId=n.sub,n):(this.logger&&this.logger.error&&this.logger.error({title:"Token saved in browser is for a different issuer, discarding",issuerOrigin:o,hostUrlOrigin:i,savedUserData:n}),d.clear(),null)}async getConnectionCredentials(){await this.waitForUserSession();try{const e=await this.ensureToken();return(await this.httpClient.get("/session/credentials",this.enableCredentials,{Authorization:e&&`Bearer ${e}`})).data}catch(e){return null}}async getDevices(){try{const e=await this.ensureToken();return(await this.httpClient.get("/session/devices",this.enableCredentials,{Authorization:e&&`Bearer ${e}`})).data.devices}catch(e){return[]}}async deleteDevice(e){try{const t=await this.ensureToken();await this.httpClient.delete(`/session/devices/${encodeURIComponent(e)}`,this.enableCredentials,{Authorization:t&&`Bearer ${t}`})}catch(e){throw this.logger&&this.logger.log({title:"Failed to delete device",error:e}),e}}async openUserConfigurationScreen(e={redirectUrl:null,startPage:"Profile"}){if(!await this.userSessionExists()){const e=Error("User must be logged to configure user profile data.");throw e.code="NotLoggedIn",e}const t=new URL("/settings",this.hostUrl);t.searchParams.set("client_id",this.applicationId),t.searchParams.set("start_page",e&&e.startPage||"Profile"),t.searchParams.set("redirect_uri",e&&e.redirectUrl||i.getCurrentLocation().href),i.assign(t.toString()),await Promise.resolve()}async registerDevice(e={name:"",type:"",totp:{}}){const t=await this.getUserIdentity();if(!t){const e=Error("User must be logged to configure user profile data.");throw e.code="NotLoggedIn",e}if(!e){const e=Error("Register Device missing required parameter: 'Options'");throw e.code="InvalidInput",e}let r;if(e.type&&"WebAuthN"!==e.type)"TOTP"===e.type&&(r={name:e.name,code:e.totp.verificationCode,totpData:e.totp,type:"TOTP"});else{const n=t.sub,o={challenge:Uint8Array.from(n,(e=>e.charCodeAt(0))),rp:{id:this.hostUrl.split(".").slice(1).join("."),name:"WebAuthN Login"},user:{id:Uint8Array.from(n,(e=>e.charCodeAt(0))),name:n,displayName:`Generated User ID: ${n}`},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{residentKey:"discouraged",requireResidentKey:!1,userVerification:"discouraged"},timeout:6e4,attestation:"direct"},i=await navigator.credentials.create({publicKey:o}),s={authenticatorAttachment:i.authenticatorAttachment,credentialId:i.id,type:i.type,userId:n,attestation:btoa(String.fromCharCode(...new Uint8Array(i.response.attestationObject))),client:btoa(String.fromCharCode(...new Uint8Array(i.response.clientDataJSON)))};r={name:e&&e.name,code:s,type:"WebAuthN"}}try{const e=await this.ensureToken();return(await this.httpClient.post("/session/devices",this.enableCredentials,r,{Authorization:e&&`Bearer ${e}`})).data}catch(e){throw this.logger&&this.logger.log({title:"Failed to register new device",error:e,request:r}),e}}async waitForUserSession(){try{return await u,!0}catch(e){return!1}}userSessionExists(e){return h?Date.now()-this.lastSessionCheck<50?h:(this.lastSessionCheck=Date.now(),h=h.catch((()=>{})).then((()=>this.userSessionContinuation(e)))):(this.lastSessionCheck=Date.now(),h=this.userSessionContinuation(e))}async userSessionContinuation(e){const t=new URLSearchParams(i.getCurrentLocation().search),r=new URL(i.getCurrentLocation());let o={};if("undefined"!=typeof localStorage)try{o=JSON.parse(localStorage.getItem(p)||"{}"),localStorage.removeItem(p),Object.hasOwnProperty.call(o,"enableCredentials")&&(this.enableCredentials=o.enableCredentials)}catch(e){this.logger&&this.logger.debug&&this.logger.debug({title:"LocalStorage failed in Browser",error:e})}if(t.get("state")&&"oauthLogin"===t.get("flow"))return!1;if(o.nonce&&t.get("code")&&(r.searchParams.delete("nonce"),r.searchParams.delete("iss"),r.searchParams.delete("code"),history.replaceState({},void 0,r.toString()),o.nonce===t.get("nonce"))){const e="cookie"===t.get("code")?n.parse(document.cookie)["auth-code"]:t.get("code"),r={grant_type:"authorization_code",redirect_uri:o.redirectUrl,client_id:this.applicationId,code:e,code_verifier:o.codeVerifier};try{const e=await this.httpClient.post(`/authentication/${o.nonce}/tokens`,this.enableCredentials,r),t=a.decode(e.data.id_token),i=t.exp&&new Date(1e3*t.exp)||e.data.expires_in&&new Date(Date.now()+1e3*e.data.expires_in);return document.cookie=n.serialize("authorization",e.data.access_token||"",{expires:i,path:"/",sameSite:"strict"}),d.set(e.data.id_token,i),l(),!0}catch(e){if(this.logger&&this.logger.log({title:"Failed exchange authentication response for a token.",error:e}),e.data&&"invalid_request"===e.data.error)return!1;throw e.data||e}}if(i.isLocalHost()&&t.get("nonce")&&t.get("access_token")&&(r.searchParams.delete("iss"),r.searchParams.delete("nonce"),r.searchParams.delete("expires_in"),r.searchParams.delete("access_token"),r.searchParams.delete("id_token"),history.replaceState({},void 0,r.toString()),!o.nonce||o.nonce===t.get("nonce"))){const e=a.decode(t.get("id_token")),r=e.exp&&new Date(1e3*e.exp)||Number(t.get("expires_in"))&&new Date(Date.now()+1e3*Number(t.get("expires_in")));return document.cookie=n.serialize("authorization",t.get("access_token")||"",{expires:r,path:"/",sameSite:"strict"}),d.set(t.get("id_token"),r),l(),!0}if(this.getUserIdentity())return l(),!0;if(!i.isLocalHost()&&!e){try{const e=await this.httpClient.patch("/session",this.enableCredentials,{},null,!0);if(e.data.access_token){const t=a.decode(e.data.id_token),r=t.exp&&new Date(1e3*t.exp)||e.data.expires_in&&new Date(Date.now()+1e3*e.data.expires_in);document.cookie=n.serialize("authorization",e.data.access_token||"",{expires:r,path:"/",sameSite:"strict"}),d.set(e.data.id_token,r)}}catch(e){400!==e.status&&404!==e.status&&409!==e.status?this.logger&&this.logger.log&&this.logger.log({title:"User does not have an existing authentication session",error:e}):this.logger&&this.logger.log&&this.logger.log({title:"Failed attempting to check if the user has an existing authentication session",error:e})}if(this.getUserIdentity())return l(),!0}return!1}async updateExtensionAuthenticationRequest({state:e,connectionId:t,tenantLookupIdentifier:r,connectionProperties:n}){if(!t&&!r){const e=Error("connectionId or tenantLookupIdentifier must be specified");throw e.code="InvalidConnection",e}const o=new URLSearchParams(i.getCurrentLocation().search),s=e||o.get("state");if(!s){const e=Error("The `state` parameters must be specified to update this authentication request");throw e.code="InvalidAuthenticationRequest",e}try{const e=await this.httpClient.patch(`/authentication/${s}`,!0,{connectionId:t,tenantLookupIdentifier:r,connectionProperties:n});i.assign(e.data.authenticationUrl)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to update extension authentication request",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e.data||e}await new Promise((e=>setTimeout(e,5e3)))}async unlinkIdentity(e){if(!e){const e=Error("connectionId must be specified");throw e.code="InvalidConnection",e}if(!this.getUserIdentity()){const e=Error("User must be logged in to unlink an account.");throw e.code="NotLoggedIn",e}let t;try{t=await this.ensureToken({timeoutInMillis:100})}catch(e){if("TokenTimeout"===e.code){const e=Error("User must be logged into an existing account before linking a second account.");throw e.code="NotLoggedIn",e}}const r=this.enableCredentials&&!i.isLocalHost()?{}:{Authorization:`Bearer ${t}`};try{await this.httpClient.delete(`/identities/${encodeURIComponent(e)}`,this.enableCredentials,r)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to unlink user identity",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e.data||e}}async linkIdentity({connectionId:e,tenantLookupIdentifier:t,redirectUrl:r,connectionProperties:n}){if(!e&&!t){const e=Error("connectionId or tenantLookupIdentifier must be specified");throw e.code="InvalidConnection",e}if(!this.getUserIdentity()){const e=Error("User must be logged into an existing account before linking a second account.");throw e.code="NotLoggedIn",e}let o;try{o=await this.ensureToken({timeoutInMillis:100})}catch(e){if("TokenTimeout"===e.code){const e=Error("User must be logged into an existing account before linking a second account.");throw e.code="NotLoggedIn",e}}const{codeChallenge:s}=await a.getAuthCodes();try{const a=r&&new URL(r).toString()||i.getCurrentLocation().href,c=this.enableCredentials&&!i.isLocalHost()?{}:{Authorization:`Bearer ${o}`},d=await this.httpClient.post("/authentication",this.enableCredentials,{linkIdentity:!0,redirectUrl:a,codeChallengeMethod:"S256",codeChallenge:s,connectionId:e,tenantLookupIdentifier:t,connectionProperties:n,applicationId:this.applicationId},c);i.assign(d.data.authenticationUrl)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to start user identity link",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e}await new Promise((e=>setTimeout(e,5e3)))}async authenticate(e={}){const{connectionId:t,tenantLookupIdentifier:r,inviteId:n,redirectUrl:o,force:s,responseLocation:c,flowType:l,connectionProperties:u,openType:h,multiAccount:f,clearUserDataBeforeLogin:g}=e||{};if(c&&"cookie"!==c&&"query"!==c&&"none"!==c){const e=Error("Authentication response location is not valid");throw e.code="InvalidResponseLocation",e}if(!s&&!f&&await this.userSessionExists()){const r=await this.ensureToken(),n=a.decode(r);if(t&&n&&n.azp&&t!==n.azp){this.logger&&this.logger.log&&this.logger.log({title:"Authentication blocked because the user is already logged in, and the requested authentication parameters do not match the original session.",requestedAuthenticationOptions:e,currentAuthenticationSessionData:n});const t=Error('Authentication requested for user that is already logged in, but the connectionId specified does not match their existing session.\n        Recommended Options:\n          (1) If the goal is to force them to log in with this new connection and ignore their existing session, use the "force" flag.\n          (2) If the goal is link their current identity with a new from the new connection, use the linkIdentity() method.\n          (3) If the goal is skip log in if they are already logged in or force log in with the connectionId, first check if userSessionExists() and then only if "false", call authenticate().');throw t.code="AuthenticationConstraintContention",t}return!0}const{codeVerifier:m,codeChallenge:w}=await a.getAuthCodes();try{const e=o&&new URL(o).toString()||i.getCurrentLocation().href;!1!==g&&d.clear();const s=await this.httpClient.post("/authentication",!1,{redirectUrl:e,codeChallengeMethod:"S256",codeChallenge:w,connectionId:t,tenantLookupIdentifier:r,inviteId:n,connectionProperties:u,applicationId:this.applicationId,responseLocation:c,flowType:l,multiAccount:f});if(localStorage.setItem(p,JSON.stringify({nonce:s.data.authenticationRequestId,codeVerifier:m,lastConnectionId:t,tenantLookupIdentifier:r,redirectUrl:e,enableCredentials:s.data.enableCredentials,multiAccount:f})),"tab"===h){const e=i.open(s.data.authenticationUrl,"_blank");e&&!e.closed&&void 0!==e.closed||i.assign(s.data.authenticationUrl)}else i.assign(s.data.authenticationUrl)}catch(e){if(this.logger&&this.logger.log&&this.logger.log({title:"Failed to start authentication for user",error:e}),e.status&&e.status>=400&&e.status<500){const t=Error(e.data&&(e.data.title||e.data.errorCode)||e.data||"Unknown Error");throw t.code=e.data&&e.data.errorCode,t}throw e.data||e}return await new Promise((e=>setTimeout(e,5e3))),!1}async ensureToken(e){await this.userSessionExists();const t=Object.assign({timeoutInMillis:5e3},e||{}),r=this.waitForUserSession(),o=new Promise(((e,r)=>setTimeout(r,t.timeoutInMillis||0)));try{await Promise.race([r,o])}catch(e){const t=Error("No token retrieved after timeout");throw t.code="TokenTimeout",t}const i=n.parse(document.cookie);return"undefined"!==i.authorization&&i.authorization}async logout(e){if(d.clear(),u=new Promise((e=>l=e)),this.enableCredentials)try{return await this.httpClient.delete("/session",this.enableCredentials),void(e&&e!==i.getCurrentLocation().href&&i.assign(e))}catch(e){}const t=new URL("/logout",this.hostUrl);t.searchParams.set("redirect_uri",e||i.getCurrentLocation().href),t.searchParams.set("client_id",this.applicationId),i.assign(t.toString())}},ExtensionClient:f,UserConfigurationScreen:{Profile:"Profile",MFA:"MFA"}}},836:(e,t,r)=>{const n=r(878);e.exports=new class{decode(e){if(!e)return null;try{const t=JSON.parse(n.decode(e.split(".")[1]));return t.exp&&(t.exp=t.exp-10),t}catch(e){return null}}decodeOrParse(e){if(!e)return null;if("object"==typeof e)return e;try{return JSON.parse(e)}catch(t){return this.decode(e)}}decodeFull(e){if(!e)return null;try{const t=JSON.parse(n.decode(e.split(".")[0])),r=JSON.parse(n.decode(e.split(".")[1]));return r.exp&&(r.exp=r.exp-10),{header:t,payload:r}}catch(e){return null}}async getAuthCodes(){const e=n.encode((window.crypto||window.msCrypto).getRandomValues(new Uint32Array(16)).toString()),t=await(window.crypto||window.msCrypto).subtle.digest("SHA-256",(new TextEncoder).encode(e));return{codeVerifier:e,codeChallenge:n.encode(t)}}}},160:(e,t,r)=>{const n=r(427),o="AuthenticationCredentialsStorage";e.exports=new class{getUserCookie(){if("undefined"==typeof window||"undefined"==typeof document)return null;return document.cookie.split(";").filter((e=>"user"===e.split("=")[0].trim())).map((e=>e.replace(/^user=/,""))).find((e=>e&&e.trim()))||null}set(e,t){if("undefined"!=typeof window&&"undefined"!=typeof document)try{const r=n.parse(document.cookie);localStorage.setItem(o,JSON.stringify({idToken:e,expiry:t&&t.getTime(),jsCookies:!!r.authorization})),this.clearCookies("user")}catch(e){console.debug("LocalStorage failed in Browser",e)}}get(){if("undefined"==typeof window||"undefined"==typeof document)return null;let e={};try{e=n.parse(document.cookie)}catch(e){console.debug("CookieManagement failed in Browser",e)}try{const{idToken:t,expiry:r,jsCookies:n}=JSON.parse(localStorage.getItem(o)||"{}");return t?r<Date.now()||n&&!e.authorization?null:t:this.getUserCookie()}catch(e){return console.debug("LocalStorage failed in Browser",e),this.getUserCookie()}}delete(){try{localStorage.removeItem(o)}catch(e){console.debug("LocalStorage failed in Browser",e)}try{this.clearCookies("user")}catch(e){console.debug("CookieManagement failed in Browser",e)}}clear(){this.clearCookies(),this.delete()}clearCookies(e){if("undefined"==typeof window||"undefined"==typeof document)return;const t=document.cookie.split("; ");for(const r of t){if(!["user","authorization","auth-code"].includes(r.split("=")[0])||e&&r.split("=")[0]!==e)continue;const t=window.location.hostname.split("."),n=[...Array(t.length-1)].map(((e,r)=>t.reverse().slice(0,r+2).reverse().join("."))).map((e=>[e,`.${e}`])).flat(1).concat(null);"localhost"===window.location.hostname&&n.push("localhost");for(const e of n){const t=e?`domain=${e};`:"",n=`${encodeURIComponent(r.split(";")[0].split("=")[0])}=; expires=Thu, 01-Jan-1970 00:00:01 GMT; ${t} SameSite=Strict; path=`;document.cookie=`${n}/`;const o=location.pathname.split("/");for(;o.length>0;)document.cookie=n+o.join("/"),o.pop()}}}}},332:e=>{e.exports.sanitizeUrl=function(e){let t=e;t.startsWith("http")||(t=`https://${t}`);const r=new URL(t),n=r.host.match(/^([a-z0-9-]+)[.][a-z0-9-]+[.]authress[.]io$/);return n&&(r.host=`${n[1]}.login.authress.io`,t=r.toString()),t.replace(/[/]+$/,"")}},629:e=>{e.exports=new class{onLoad(e){"undefined"!=typeof window&&(window.onload=e)}isLocalHost(){return"undefined"!=typeof window&&window.location&&("localhost"===window.location.hostname||"127.0.0.1"===window.location.hostname)}getCurrentLocation(){return"undefined"!=typeof window&&new URL(window.location)||new URL("http://localhost:8080")}assign(e){return"undefined"==typeof window?null:window.location.assign(e.toString())}open(e){return"undefined"==typeof window?null:window.open(e.toString())}}},427:(e,t)=>{"use strict";t.parse=function(e,t){if("string"!=typeof e)throw new TypeError("argument str must be a string");var r={},n=(t||{}).decode||o,i=0;for(;i<e.length;){var a=e.indexOf("=",i);if(-1===a)break;var c=e.indexOf(";",i);if(-1===c)c=e.length;else if(c<a){i=e.lastIndexOf(";",a-1)+1;continue}var d=e.slice(i,a).trim();if(void 0===r[d]){var l=e.slice(a+1,c).trim();34===l.charCodeAt(0)&&(l=l.slice(1,-1)),r[d]=s(l,n)}i=c+1}return r},t.serialize=function(e,t,o){var s=o||{},a=s.encode||i;if("function"!=typeof a)throw new TypeError("option encode is invalid");if(!n.test(e))throw new TypeError("argument name is invalid");var c=a(t);if(c&&!n.test(c))throw new TypeError("argument val is invalid");var d=e+"="+c;if(null!=s.maxAge){var l=s.maxAge-0;if(isNaN(l)||!isFinite(l))throw new TypeError("option maxAge is invalid");d+="; Max-Age="+Math.floor(l)}if(s.domain){if(!n.test(s.domain))throw new TypeError("option domain is invalid");d+="; Domain="+s.domain}if(s.path){if(!n.test(s.path))throw new TypeError("option path is invalid");d+="; Path="+s.path}if(s.expires){var u=s.expires;if(!function(e){return"[object Date]"===r.call(e)||e instanceof Date}(u)||isNaN(u.valueOf()))throw new TypeError("option expires is invalid");d+="; Expires="+u.toUTCString()}s.httpOnly&&(d+="; HttpOnly");s.secure&&(d+="; Secure");if(s.priority){switch("string"==typeof s.priority?s.priority.toLowerCase():s.priority){case"low":d+="; Priority=Low";break;case"medium":d+="; Priority=Medium";break;case"high":d+="; Priority=High";break;default:throw new TypeError("option priority is invalid")}}if(s.sameSite){switch("string"==typeof s.sameSite?s.sameSite.toLowerCase():s.sameSite){case!0:d+="; SameSite=Strict";break;case"lax":d+="; SameSite=Lax";break;case"strict":d+="; SameSite=Strict";break;case"none":d+="; SameSite=None";break;default:throw new TypeError("option sameSite is invalid")}}return d};var r=Object.prototype.toString,n=/^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;function o(e){return-1!==e.indexOf("%")?decodeURIComponent(e):e}function i(e){return encodeURIComponent(e)}function s(e,t){try{return t(e)}catch(t){return e}}},321:e=>{var t=1/0,r=17976931348623157e292,n=NaN,o="[object Symbol]",i=/^\s+|\s+$/g,s=/^[-+]0x[0-9a-f]+$/i,a=/^0b[01]+$/i,c=/^0o[0-7]+$/i,d=parseInt,l=Object.prototype.toString;function u(e){var t=typeof e;return!!e&&("object"==t||"function"==t)}e.exports=function(e,h,p){return e&&e.length?function(e,t,r){var n=-1,o=e.length;t<0&&(t=-t>o?0:o+t),(r=r>o?o:r)<0&&(r+=o),o=t>r?0:r-t>>>0,t>>>=0;for(var i=Array(o);++n<o;)i[n]=e[n+t];return i}(e,0,(h=p||void 0===h?1:(f=function(e){return e?(e=function(e){if("number"==typeof e)return e;if(function(e){return"symbol"==typeof e||function(e){return!!e&&"object"==typeof e}(e)&&l.call(e)==o}(e))return n;if(u(e)){var t="function"==typeof e.valueOf?e.valueOf():e;e=u(t)?t+"":t}if("string"!=typeof e)return 0===e?e:+e;e=e.replace(i,"");var r=a.test(e);return r||c.test(e)?d(e.slice(2),r?2:8):s.test(e)?n:+e}(e))===t||e===-t?(e<0?-1:1)*r:e==e?e:0:0===e?e:0}(h),g=f%1,f==f?g?f-g:f:0))<0?0:h):[];var f,g}},330:e=>{"use strict";e.exports=JSON.parse('{"name":"@authress/login","version":"2.4.309","description":"Universal login sdk for Authress authentication as a service. Provides managed authentication for user identity, authentication, and token verification.","main":"./src/index.js","types":"./index.d.ts","files":["index.d.ts","src","dist"],"scripts":{"build":"node make.js build && NODE_ENV=production webpack --mode=production","lint":"eslint --ext .js,.ts src tests make.js index.d.ts","test":"check-dts index.d.ts && mocha tests/**/*.test.js -R spec"},"dependencies":{"cookie":"^0.5.0","lodash.take":"^4.1.1"},"devDependencies":{"@babel/core":"^7.17.5","@babel/preset-env":"^7.16.11","@types/node":"^14.14.35","@typescript-eslint/eslint-plugin":"^3.1.0","@typescript-eslint/parser":"^3.1.0","babel-loader":"^8.2.3","chai":"^4.2.0","check-dts":"^0.4.4","ci-build-tools":"^1.0.13","commander":"^4.0.1","compression-webpack-plugin":"^9.2.0","eslint":"^7.12.1","eslint-config-cimpress-atsquad":"^1.0.67","eslint-loader":"^4.0.2","eslint-plugin-mocha":"^7.0.1","eslint-plugin-node":"^11.1.0","eslint-plugin-promise":"^6.1.1","fs-extra":"^8.1.0","glob":"^7.1.6","mocha":"^10.1.0","path-browserify":"^1.0.1","sinon":"^7.5.0","sinon-chai":"^3.3.0","terser-webpack-plugin":"^5.3.1","typescript":"^3.9.5","webpack":"^5.69.1","webpack-cli":"^4.9.2"},"repository":{"type":"git","url":"git+https://github.com/Authress/authress-login.js"},"keywords":["authentication","authentication as a service","Login","Login Client","universal login","auth","federated login","secure login","application security","IDaaS","authentication","user authentication","user identity","Oauth2","Oauth2.1","Oauth3","platform","platform login","extension","Authress","Authress client","user security"],"author":"Authress Developers <developers@authress.io> (https://authress.io)","license":"Apache-2.0","bugs":{"url":"https://github.com/Authress/authress-login.js/issues"},"homepage":"https://authress.io","engines":{"node":">=14"}}')}},n={};function o(e){var t=n[e];if(void 0!==t){if(void 0!==t.error)throw t.error;return t.exports}var i=n[e]={exports:{}};try{var s={id:e,module:i,factory:r[e],require:o};o.i.forEach((function(e){e(s)})),i=s.module,s.factory.call(i.exports,i,i.exports,s.require)}catch(e){throw i.error=e,e}return i.exports}return o.m=r,o.c=n,o.i=[],o.hu=e=>e+"."+o.h()+".hot-update.js",o.hmrF=()=>"main."+o.h()+".hot-update.json",o.h=()=>"6bae3037a03907d95f77",o.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),e={},t="authress:",o.l=(r,n,i,s)=>{if(e[r])e[r].push(n);else{var a,c;if(void 0!==i)for(var d=document.getElementsByTagName("script"),l=0;l<d.length;l++){var u=d[l];if(u.getAttribute("src")==r||u.getAttribute("data-webpack")==t+i){a=u;break}}a||(c=!0,(a=document.createElement("script")).charset="utf-8",a.timeout=120,o.nc&&a.setAttribute("nonce",o.nc),a.setAttribute("data-webpack",t+i),a.src=r),e[r]=[n];var h=(t,n)=>{a.onerror=a.onload=null,clearTimeout(p);var o=e[r];if(delete e[r],a.parentNode&&a.parentNode.removeChild(a),o&&o.forEach((e=>e(n))),t)return t(n)},p=setTimeout(h.bind(null,void 0,{type:"timeout",target:a}),12e4);a.onerror=h.bind(null,a.onerror),a.onload=h.bind(null,a.onload),c&&document.head.appendChild(a)}},(()=>{var e,t,r,n={},i=o.c,s=[],a=[],c="idle",d=0,l=[];function u(e){c=e;for(var t=[],r=0;r<a.length;r++)t[r]=a[r].call(null,e);return Promise.all(t).then((function(){}))}function h(){0==--d&&u("ready").then((function(){if(0===d){var e=l;l=[];for(var t=0;t<e.length;t++)e[t]()}}))}function p(e){if("idle"!==c)throw new Error("check() is only allowed in idle status");return u("check").then(o.hmrM).then((function(r){return r?u("prepare").then((function(){var n=[];return t=[],Promise.all(Object.keys(o.hmrC).reduce((function(e,i){return o.hmrC[i](r.c,r.r,r.m,e,t,n),e}),[])).then((function(){return t=function(){return e?g(e):u("ready").then((function(){return n}))},0===d?t():new Promise((function(e){l.push((function(){e(t())}))}));var t}))})):u(m()?"ready":"idle").then((function(){return null}))}))}function f(e){return"ready"!==c?Promise.resolve().then((function(){throw new Error("apply() is only allowed in ready status (state: "+c+")")})):g(e)}function g(e){e=e||{},m();var n=t.map((function(t){return t(e)}));t=void 0;var o=n.map((function(e){return e.error})).filter(Boolean);if(o.length>0)return u("abort").then((function(){throw o[0]}));var i=u("dispose");n.forEach((function(e){e.dispose&&e.dispose()}));var s,a=u("apply"),c=function(e){s||(s=e)},d=[];return n.forEach((function(e){if(e.apply){var t=e.apply(c);if(t)for(var r=0;r<t.length;r++)d.push(t[r])}})),Promise.all([i,a]).then((function(){return s?u("fail").then((function(){throw s})):r?g(e).then((function(e){return d.forEach((function(t){e.indexOf(t)<0&&e.push(t)})),e})):u("idle").then((function(){return d}))}))}function m(){if(r)return t||(t=[]),Object.keys(o.hmrI).forEach((function(e){r.forEach((function(r){o.hmrI[e](r,t)}))})),r=void 0,!0}o.hmrD=n,o.i.push((function(l){var g,m,w,y,v=l.module,k=function(t,r){var n=i[r];if(!n)return t;var o=function(o){if(n.hot.active){if(i[o]){var a=i[o].parents;-1===a.indexOf(r)&&a.push(r)}else s=[r],e=o;-1===n.children.indexOf(o)&&n.children.push(o)}else console.warn("[HMR] unexpected require("+o+") from disposed module "+r),s=[];return t(o)},a=function(e){return{configurable:!0,enumerable:!0,get:function(){return t[e]},set:function(r){t[e]=r}}};for(var l in t)Object.prototype.hasOwnProperty.call(t,l)&&"e"!==l&&Object.defineProperty(o,l,a(l));return o.e=function(e,r){return function(e){switch(c){case"ready":u("prepare");case"prepare":return d++,e.then(h,h),e;default:return e}}(t.e(e,r))},o}(l.require,l.id);v.hot=(g=l.id,m=v,y={_acceptedDependencies:{},_acceptedErrorHandlers:{},_declinedDependencies:{},_selfAccepted:!1,_selfDeclined:!1,_selfInvalidated:!1,_disposeHandlers:[],_main:w=e!==g,_requireSelf:function(){s=m.parents.slice(),e=w?void 0:g,o(g)},active:!0,accept:function(e,t,r){if(void 0===e)y._selfAccepted=!0;else if("function"==typeof e)y._selfAccepted=e;else if("object"==typeof e&&null!==e)for(var n=0;n<e.length;n++)y._acceptedDependencies[e[n]]=t||function(){},y._acceptedErrorHandlers[e[n]]=r;else y._acceptedDependencies[e]=t||function(){},y._acceptedErrorHandlers[e]=r},decline:function(e){if(void 0===e)y._selfDeclined=!0;else if("object"==typeof e&&null!==e)for(var t=0;t<e.length;t++)y._declinedDependencies[e[t]]=!0;else y._declinedDependencies[e]=!0},dispose:function(e){y._disposeHandlers.push(e)},addDisposeHandler:function(e){y._disposeHandlers.push(e)},removeDisposeHandler:function(e){var t=y._disposeHandlers.indexOf(e);t>=0&&y._disposeHandlers.splice(t,1)},invalidate:function(){switch(this._selfInvalidated=!0,c){case"idle":t=[],Object.keys(o.hmrI).forEach((function(e){o.hmrI[e](g,t)})),u("ready");break;case"ready":Object.keys(o.hmrI).forEach((function(e){o.hmrI[e](g,t)}));break;case"prepare":case"check":case"dispose":case"apply":(r=r||[]).push(g)}},check:p,apply:f,status:function(e){if(!e)return c;a.push(e)},addStatusHandler:function(e){a.push(e)},removeStatusHandler:function(e){var t=a.indexOf(e);t>=0&&a.splice(t,1)},data:n[g]},e=void 0,y),v.parents=s,v.children=[],s=[],l.require=k})),o.hmrC={},o.hmrI={}})(),o.p="",(()=>{var e,t,r,n,i,s=o.hmrS_jsonp=o.hmrS_jsonp||{792:0},a={};function c(t,r){return e=r,new Promise(((e,r)=>{a[t]=e;var n=o.p+o.hu(t),i=new Error;o.l(n,(e=>{if(a[t]){a[t]=void 0;var n=e&&("load"===e.type?"missing":e.type),o=e&&e.target&&e.target.src;i.message="Loading hot update chunk "+t+" failed.\n("+n+": "+o+")",i.name="ChunkLoadError",i.type=n,i.request=o,r(i)}}))}))}function d(e){function a(e){for(var t=[e],r={},n=t.map((function(e){return{chain:[e],id:e}}));n.length>0;){var i=n.pop(),s=i.id,a=i.chain,d=o.c[s];if(d&&(!d.hot._selfAccepted||d.hot._selfInvalidated)){if(d.hot._selfDeclined)return{type:"self-declined",chain:a,moduleId:s};if(d.hot._main)return{type:"unaccepted",chain:a,moduleId:s};for(var l=0;l<d.parents.length;l++){var u=d.parents[l],h=o.c[u];if(h){if(h.hot._declinedDependencies[s])return{type:"declined",chain:a.concat([u]),moduleId:s,parentId:u};-1===t.indexOf(u)&&(h.hot._acceptedDependencies[s]?(r[u]||(r[u]=[]),c(r[u],[s])):(delete r[u],t.push(u),n.push({chain:a.concat([u]),id:u})))}}}}return{type:"accepted",moduleId:e,outdatedModules:t,outdatedDependencies:r}}function c(e,t){for(var r=0;r<t.length;r++){var n=t[r];-1===e.indexOf(n)&&e.push(n)}}o.f&&delete o.f.jsonpHmr,t=void 0;var d={},l=[],u={},h=function(e){console.warn("[HMR] unexpected require("+e.id+") to disposed module")};for(var p in r)if(o.o(r,p)){var f,g=r[p],m=!1,w=!1,y=!1,v="";switch((f=g?a(p):{type:"disposed",moduleId:p}).chain&&(v="\nUpdate propagation: "+f.chain.join(" -> ")),f.type){case"self-declined":e.onDeclined&&e.onDeclined(f),e.ignoreDeclined||(m=new Error("Aborted because of self decline: "+f.moduleId+v));break;case"declined":e.onDeclined&&e.onDeclined(f),e.ignoreDeclined||(m=new Error("Aborted because of declined dependency: "+f.moduleId+" in "+f.parentId+v));break;case"unaccepted":e.onUnaccepted&&e.onUnaccepted(f),e.ignoreUnaccepted||(m=new Error("Aborted because "+p+" is not accepted"+v));break;case"accepted":e.onAccepted&&e.onAccepted(f),w=!0;break;case"disposed":e.onDisposed&&e.onDisposed(f),y=!0;break;default:throw new Error("Unexception type "+f.type)}if(m)return{error:m};if(w)for(p in u[p]=g,c(l,f.outdatedModules),f.outdatedDependencies)o.o(f.outdatedDependencies,p)&&(d[p]||(d[p]=[]),c(d[p],f.outdatedDependencies[p]));y&&(c(l,[f.moduleId]),u[p]=h)}r=void 0;for(var k,b=[],C=0;C<l.length;C++){var I=l[C],S=o.c[I];S&&(S.hot._selfAccepted||S.hot._main)&&u[I]!==h&&!S.hot._selfInvalidated&&b.push({module:I,require:S.hot._requireSelf,errorHandler:S.hot._selfAccepted})}return{dispose:function(){var e;n.forEach((function(e){delete s[e]})),n=void 0;for(var t,r=l.slice();r.length>0;){var i=r.pop(),a=o.c[i];if(a){var c={},u=a.hot._disposeHandlers;for(C=0;C<u.length;C++)u[C].call(null,c);for(o.hmrD[i]=c,a.hot.active=!1,delete o.c[i],delete d[i],C=0;C<a.children.length;C++){var h=o.c[a.children[C]];h&&((e=h.parents.indexOf(i))>=0&&h.parents.splice(e,1))}}}for(var p in d)if(o.o(d,p)&&(a=o.c[p]))for(k=d[p],C=0;C<k.length;C++)t=k[C],(e=a.children.indexOf(t))>=0&&a.children.splice(e,1)},apply:function(t){for(var r in u)o.o(u,r)&&(o.m[r]=u[r]);for(var n=0;n<i.length;n++)i[n](o);for(var s in d)if(o.o(d,s)){var a=o.c[s];if(a){k=d[s];for(var c=[],h=[],p=[],f=0;f<k.length;f++){var g=k[f],m=a.hot._acceptedDependencies[g],w=a.hot._acceptedErrorHandlers[g];if(m){if(-1!==c.indexOf(m))continue;c.push(m),h.push(w),p.push(g)}}for(var y=0;y<c.length;y++)try{c[y].call(null,k)}catch(r){if("function"==typeof h[y])try{h[y](r,{moduleId:s,dependencyId:p[y]})}catch(n){e.onErrored&&e.onErrored({type:"accept-error-handler-errored",moduleId:s,dependencyId:p[y],error:n,originalError:r}),e.ignoreErrored||(t(n),t(r))}else e.onErrored&&e.onErrored({type:"accept-errored",moduleId:s,dependencyId:p[y],error:r}),e.ignoreErrored||t(r)}}}for(var v=0;v<b.length;v++){var C=b[v],I=C.module;try{C.require(I)}catch(r){if("function"==typeof C.errorHandler)try{C.errorHandler(r,{moduleId:I,module:o.c[I]})}catch(n){e.onErrored&&e.onErrored({type:"self-accept-error-handler-errored",moduleId:I,error:n,originalError:r}),e.ignoreErrored||(t(n),t(r))}else e.onErrored&&e.onErrored({type:"self-accept-errored",moduleId:I,error:r}),e.ignoreErrored||t(r)}}return l}}}this.webpackHotUpdateauthress=(t,n,s)=>{for(var c in n)o.o(n,c)&&(r[c]=n[c],e&&e.push(c));s&&i.push(s),a[t]&&(a[t](),a[t]=void 0)},o.hmrI.jsonp=function(e,t){r||(r={},i=[],n=[],t.push(d)),o.o(r,e)||(r[e]=o.m[e])},o.hmrC.jsonp=function(e,a,l,u,h,p){h.push(d),t={},n=a,r=l.reduce((function(e,t){return e[t]=!1,e}),{}),i=[],e.forEach((function(e){o.o(s,e)&&void 0!==s[e]?(u.push(c(e,p)),t[e]=!0):t[e]=!1})),o.f&&(o.f.jsonpHmr=function(e,r){t&&o.o(t,e)&&!t[e]&&(r.push(c(e)),t[e]=!0)})},o.hmrM=()=>{if("undefined"==typeof fetch)throw new Error("No browser support: need fetch API");return fetch(o.p+o.hmrF()).then((e=>{if(404!==e.status){if(!e.ok)throw new Error("Failed to fetch update manifest "+e.statusText);return e.json()}}))}})(),o(354)})()));

package/dist/authress.min.js.LICENSE.txt CHANGED Viewed

@@ -7,7 +7,7 @@
 /**
 * @preserve
-* Authress Login SDK 2.4.306
+* Authress Login SDK 2.4.309
 * License: Apache-2.0
 * Repo   : https://github.com/Authress/login-sdk.js
 * Author : Authress Developers

package/dist/authress.min.js.LICENSE.txt.gz CHANGED Viewed

Binary file

package/dist/authress.min.js.gz CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@authress/login",
-  "version": "2.4.306",
+  "version": "2.4.309",
   "description": "Universal login sdk for Authress authentication as a service. Provides managed authentication for user identity, authentication, and token verification.",
   "main": "./src/index.js",
   "types": "./index.d.ts",

package/src/httpClient.js CHANGED Viewed

@@ -1,8 +1,10 @@
 const { sanitizeUrl } = require('./util');
 const windowManager = require('./windowManager');
+const packageInfo = require('../package.json');
 const defaultHeaders = {
-  'Content-Type': 'application/json'
+  'Content-Type': 'application/json',
+  'X-Powered-By': `Authress Login SDK; Javascript; ${packageInfo.version}`
 };
 const errorMessages = new Set([

package/src/index.js CHANGED Viewed

@@ -585,6 +585,19 @@ class LoginClient {
     }
     if (!force && !multiAccount && await this.userSessionExists()) {
+      const existingJwtTokenString = await this.ensureToken();
+      const jwtPayload = jwtManager.decode(existingJwtTokenString);
+      if (connectionId && jwtPayload && jwtPayload.azp && connectionId !== jwtPayload.azp) {
+        this.logger && this.logger.log && this.logger.log({ title: 'Authentication blocked because the user is already logged in, and the requested authentication parameters do not match the original session.', requestedAuthenticationOptions: options, currentAuthenticationSessionData: jwtPayload });
+        const e = Error(`Authentication requested for user that is already logged in, but the connectionId specified does not match their existing session.
+        Recommended Options:
+          (1) If the goal is to force them to log in with this new connection and ignore their existing session, use the "force" flag.
+          (2) If the goal is link their current identity with a new from the new connection, use the linkIdentity() method.
+          (3) If the goal is skip log in if they are already logged in or force log in with the connectionId, first check if userSessionExists() and then only if "false", call authenticate().`);
+        e.code = 'AuthenticationConstraintContention';
+        throw e;
+      }
       return true;
     }