@authress/login 2.6.408 → 2.6.410

package/dist/authress.min.js

@@ -1,2 +1,2 @@
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).Authress={})}(this,function(e){"use strict";function t(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=Array(t);n<t;n++)r[n]=e[n];return r}function n(e,t,n,r,o,i,a){try{var s=e[i](a),c=s.value}catch(u){return void n(u)}s.done?t(c):Promise.resolve(c).then(r,o)}function r(e){return function(){var t=this,r=arguments;return new Promise(function(o,i){var a=e.apply(t,r);function s(e){n(a,o,i,s,c,"next",e)}function c(e){n(a,o,i,s,c,"throw",e)}s(void 0)})}}function o(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function i(e,t,n){return t&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,d(r.key),r)}}(e.prototype,t),Object.defineProperty(e,"prototype",{writable:!1}),e}function a(e,t){var n="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(!n){if(Array.isArray(e)||(n=f(e))||t){n&&(e=n);var r=0,o=function(){};return{s:o,n:function(){return r>=e.length?{done:!0}:{done:!1,value:e[r++]}},e:function(e){throw e},f:o}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var i,a=!0,s=!1;return{s:function(){n=n.call(e)},n:function(){var e=n.next();return a=e.done,e},e:function(e){s=!0,i=e},f:function(){try{a||null==n.return||n.return()}finally{if(s)throw i}}}}function s(){var e,t,n="function"==typeof Symbol?Symbol:{},r=n.iterator||"@@iterator",o=n.toStringTag||"@@toStringTag";function i(n,r,o,i){var s=r&&r.prototype instanceof u?r:u,l=Object.create(s.prototype);return c(l,"_invoke",function(n,r,o){var i,s,c,u=0,l=o||[],d=!1,h={p:0,n:0,v:e,a:f,f:f.bind(e,4),d:function(t,n){return i=t,s=0,c=e,h.n=n,a}};function f(n,r){for(s=n,c=r,t=0;!d&&u&&!o&&t<l.length;t++){var o,i=l[t],f=h.p,p=i[2];n>3?(o=p===r)&&(c=i[(s=i[4])?5:(s=3,3)],i[4]=i[5]=e):i[0]<=f&&((o=n<2&&f<i[1])?(s=0,h.v=r,h.n=i[1]):f<p&&(o=n<3||i[0]>r||r>p)&&(i[4]=n,i[5]=r,h.n=p,s=0))}if(o||n>1)return a;throw d=!0,r}return function(o,l,p){if(u>1)throw TypeError("Generator is already running");for(d&&1===l&&f(l,p),s=l,c=p;(t=s<2?e:c)||!d;){i||(s?s<3?(s>1&&(h.n=-1),f(s,c)):h.n=c:h.v=c);try{if(u=2,i){if(s||(o="next"),t=i[o]){if(!(t=t.call(i,c)))throw TypeError("iterator result is not an object");if(!t.done)return t;c=t.value,s<2&&(s=0)}else 1===s&&(t=i.return)&&t.call(i),s<2&&(c=TypeError("The iterator does not provide a '"+o+"' method"),s=1);i=e}else if((t=(d=h.n<0)?c:n.call(r,h))!==a)break}catch(g){i=e,s=1,c=g}finally{u=1}}return{value:t,done:d}}}(n,o,i),!0),l}var a={};function u(){}function l(){}function d(){}t=Object.getPrototypeOf;var h=[][r]?t(t([][r]())):(c(t={},r,function(){return this}),t),f=d.prototype=u.prototype=Object.create(h);function p(e){return Object.setPrototypeOf?Object.setPrototypeOf(e,d):(e.__proto__=d,c(e,o,"GeneratorFunction")),e.prototype=Object.create(f),e}return l.prototype=d,c(f,"constructor",d),c(d,"constructor",l),l.displayName="GeneratorFunction",c(d,o,"GeneratorFunction"),c(f),c(f,o,"Generator"),c(f,r,function(){return this}),c(f,"toString",function(){return"[object Generator]"}),(s=function(){return{w:i,m:p}})()}function c(e,t,n,r){var o=Object.defineProperty;try{o({},"",{})}catch(i){o=0}(c=function(e,t,n,r){function i(t,n){c(e,t,function(e){return this._invoke(t,n,e)})}t?o?o(e,t,{value:n,enumerable:!r,configurable:!r,writable:!r}):e[t]=n:(i("next",0),i("throw",1),i("return",2))})(e,t,n,r)}function u(e){if(null!=e){var t=e["function"==typeof Symbol&&Symbol.iterator||"@@iterator"],n=0;if(t)return t.call(e);if("function"==typeof e.next)return e;if(!isNaN(e.length))return{next:function(){return e&&n>=e.length&&(e=void 0),{value:e&&e[n++],done:!e}}}}throw new TypeError(typeof e+" is not iterable")}function l(e){return function(e){if(Array.isArray(e))return t(e)}(e)||function(e){if("undefined"!=typeof Symbol&&null!=e[Symbol.iterator]||null!=e["@@iterator"])return Array.from(e)}(e)||f(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function d(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t);if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(e,"string");return"symbol"==typeof t?t:t+""}function h(e){return(h="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function f(e,n){if(e){if("string"==typeof e)return t(e,n);var r={}.toString.call(e).slice(8,-1);return"Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r?Array.from(e):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?t(e,n):void 0}}function p(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}var g,v={};const y=p(function(){if(g)return v;g=1,v.parse=function(e,n){if("string"!=typeof e)throw new TypeError("argument str must be a string");var r={},o=e.length;if(o<2)return r;var i=n&&n.decode||c,l=0,d=0,h=0;do{if(-1===(d=e.indexOf("=",l)))break;if(-1===(h=e.indexOf(";",l)))h=o;else if(d>h){l=e.lastIndexOf(";",d-1)+1;continue}var f=a(e,l,d),p=s(e,d,f),g=e.slice(f,p);if(!t.call(r,g)){var v=a(e,d+1,h),y=s(e,h,v);34===e.charCodeAt(v)&&34===e.charCodeAt(y-1)&&(v++,y--);var w=e.slice(v,y);r[g]=u(w,i)}l=h+1}while(l<o);return r},v.serialize=function(t,a,s){var c=s&&s.encode||encodeURIComponent;if("function"!=typeof c)throw new TypeError("option encode is invalid");if(!n.test(t))throw new TypeError("argument name is invalid");var u=c(a);if(!r.test(u))throw new TypeError("argument val is invalid");var l=t+"="+u;if(!s)return l;if(null!=s.maxAge){var d=Math.floor(s.maxAge);if(!isFinite(d))throw new TypeError("option maxAge is invalid");l+="; Max-Age="+d}if(s.domain){if(!o.test(s.domain))throw new TypeError("option domain is invalid");l+="; Domain="+s.domain}if(s.path){if(!i.test(s.path))throw new TypeError("option path is invalid");l+="; Path="+s.path}if(s.expires){var h=s.expires;if(!function(t){return"[object Date]"===e.call(t)}(h)||isNaN(h.valueOf()))throw new TypeError("option expires is invalid");l+="; Expires="+h.toUTCString()}s.httpOnly&&(l+="; HttpOnly");s.secure&&(l+="; Secure");s.partitioned&&(l+="; Partitioned");if(s.priority){switch("string"==typeof s.priority?s.priority.toLowerCase():s.priority){case"low":l+="; Priority=Low";break;case"medium":l+="; Priority=Medium";break;case"high":l+="; Priority=High";break;default:throw new TypeError("option priority is invalid")}}if(s.sameSite){switch("string"==typeof s.sameSite?s.sameSite.toLowerCase():s.sameSite){case!0:l+="; SameSite=Strict";break;case"lax":l+="; SameSite=Lax";break;case"strict":l+="; SameSite=Strict";break;case"none":l+="; SameSite=None";break;default:throw new TypeError("option sameSite is invalid")}}return l};var e=Object.prototype.toString,t=Object.prototype.hasOwnProperty,n=/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/,r=/^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/,o=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,i=/^[\u0020-\u003A\u003D-\u007E]*$/;function a(e,t,n){do{var r=e.charCodeAt(t);if(32!==r&&9!==r)return t}while(++t<n);return n}function s(e,t,n){for(;t>n;){var r=e.charCodeAt(--t);if(32!==r&&9!==r)return t+1}return n}function c(e){return-1!==e.indexOf("%")?decodeURIComponent(e):e}function u(e,t){try{return t(e)}catch(n){return e}}return v}());var w,m;const k=p(function(){if(m)return w;m=1;var e=1/0,t=17976931348623157e292,n=NaN,r="[object Symbol]",o=/^\s+|\s+$/g,i=/^[-+]0x[0-9a-f]+$/i,a=/^0b[01]+$/i,s=/^0o[0-7]+$/i,c=parseInt,u=Object.prototype.toString;function l(e){var t=typeof e;return!!e&&("object"==t||"function"==t)}return w=function(d,h,f){return d&&d.length?function(e,t,n){var r=-1,o=e.length;t<0&&(t=-t>o?0:o+t),(n=n>o?o:n)<0&&(n+=o),o=t>n?0:n-t>>>0,t>>>=0;for(var i=Array(o);++r<o;)i[r]=e[r+t];return i}(d,0,(h=f||void 0===h?1:(p=function(d){return d?(d=function(e){if("number"==typeof e)return e;if(function(e){return"symbol"==typeof e||function(e){return!!e&&"object"==typeof e}(e)&&u.call(e)==r}(e))return n;if(l(e)){var t="function"==typeof e.valueOf?e.valueOf():e;e=l(t)?t+"":t}if("string"!=typeof e)return 0===e?e:+e;e=e.replace(o,"");var d=a.test(e);return d||s.test(e)?c(e.slice(2),d?2:8):i.test(e)?n:+e}(d))===e||d===-1/0?(d<0?-1:1)*t:d==d?d:0:0===d?d:0}(h),g=p%1,p==p?g?p-g:p:0))<0?0:h):[];var p,g}}());const b=new(function(){return i(function e(){o(this,e)},[{key:"onLoad",value:function(e){"undefined"!=typeof window&&(window.onload=e)}},{key:"isLocalHost",value:function(){return"undefined"!=typeof window&&window.location&&("localhost"===window.location.hostname||"127.0.0.1"===window.location.hostname)}},{key:"getCurrentLocation",value:function(){return"undefined"!=typeof window&&new URL(window.location)||new URL("http://localhost:8080")}},{key:"getDocument",value:function(){return"undefined"==typeof window||"undefined"==typeof document?null:document}},{key:"assign",value:function(e){return"undefined"==typeof window?null:window.location.assign(e.toString())}},{key:"open",value:function(e){return"undefined"==typeof window?null:window.open(e.toString())}}])}());function C(e){var t=e;t.startsWith("http")||(t="https://".concat(t));var n=new URL(t),r=n.host.match(/^([a-z0-9-]+)[.][a-z0-9-]+[.]authress[.]io$/);return r&&(n.host="".concat(r[1],".login.authress.io"),t=n.toString()),t.replace(/[/]+$/,"")}var S={"Content-Type":"application/json","X-Powered-By":"Authress Login SDK; Javascript; ".concat("2.6.408")},I=new Set(["Failed to fetch","NetworkError when attempting to fetch resource.","The Internet connection appears to be offline.","Network request failed","fetch failed","Load failed","<HTML DOCUMENT></HTML>"]);function A(e){return"Network Error"===e.message||"ERR_NETWORK"===e.code||!e.status||e.status>=500||"string"==typeof e.message&&I.has(e.message)||"string"==typeof e.data&&I.has(e.data)}function L(e){return U.apply(this,arguments)}function U(){return(U=r(s().m(function e(t){var n,r,o,i,a;return s().w(function(e){for(;;)switch(e.n){case 0:n=null,r=s().m(function e(r){var o,i;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,t();case 1:return o=e.v,e.a(2,{v:o});case 2:if(e.p=2,(i=e.v).retryCount=r,A(i)){e.n=3;break}throw i;case 3:return(n=i).isNetworkError=!0,e.n=4,new Promise(function(e){return setTimeout(e,10*Math.pow(2,r))});case 4:return e.a(2,0)}},e,null,[[0,2]])}),i=0;case 1:if(!(i<5)){e.n=5;break}return e.d(u(r(i)),2);case 2:if(0!==(o=e.v)){e.n=3;break}return e.a(3,4);case 3:if(!o){e.n=4;break}return e.a(2,o.v);case 4:i++,e.n=1;break;case 5:throw(a=new Error("[Authress Login SDK] Http Request failed due to a Network Error even after multiple retries",{cause:n})).code="AuthressSdkNetworkError",a;case 6:return e.a(2)}},e)}))).apply(this,arguments)}var T=function(){return i(function e(t,n){if(o(this,e),!t)throw Error("Custom Authress Domain Host is required");this.logger=n;var r=new URL(C(t));this.loginUrl="".concat(r.origin,"/api")},[{key:"get",value:function(e,t,n,r){var o=this;return L(function(){return o.fetchWrapper("GET",e,null,n,t,r)})}},{key:"delete",value:function(e,t,n,r){var o=this;return L(function(){return o.fetchWrapper("DELETE",e,null,n,t,r)})}},{key:"post",value:function(e,t,n,r,o){var i=this;return L(function(){return i.fetchWrapper("POST",e,n,r,t,o)})}},{key:"put",value:function(e,t,n,r,o){var i=this;return L(function(){return i.fetchWrapper("PUT",e,n,r,t,o)})}},{key:"patch",value:function(e,t,n,r,o){var i=this;return L(function(){return i.fetchWrapper("PATCH",e,n,r,t,o)})}},{key:"fetchWrapper",value:(e=r(s().m(function e(t,n,r,o,i,a){var c,u,l,d,h,f,p,g,v,y,w,m,k;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return c="".concat(this.loginUrl).concat(n.toString()),u=t.toUpperCase(),l=Object.assign({},S,o),e.p=1,this.logger.debug({title:"[Authress Login SDK] HttpClient Request",method:u,url:c}),d={method:u,headers:l},r&&(d.body=JSON.stringify(r)),!b.isLocalHost()&&i&&(d.credentials="include"),e.n=2,fetch(c,d);case 2:if((h=e.v).ok){e.n=3;break}throw h;case 3:return f={},e.p=4,e.n=5,h.text();case 5:f=e.v,f=JSON.parse(f),e.n=7;break;case 6:e.p=6,e.v;case 7:return e.a(2,{url:c,method:u,headers:h.headers,status:h.status,data:f});case 8:return e.p=8,k=e.v,p=k,e.p=9,e.n=10,k.text();case 10:p=e.v,p=JSON.parse(p),e.n=12;break;case 11:e.p=11,e.v;case 12:if(!(g=p.stack&&p.stack.match(/chrome-extension:[/][/](\w+)[/]/))){e.n=13;break}throw this.logger.debug({title:"[Authress Login SDK] Fetch failed due to a browser extension - ".concat(u," - ").concat(c),method:u,url:c,data:r,headers:l,error:k,resolvedError:p,extensionErrorId:g}),(v=new Error("Extension Error ID: ".concat(g))).code="BROWSER_EXTENSION_ERROR",v;case 13:throw y=k.status,w="warn",m="[Authress Login SDK] HttpClient Response Error",k?401===y?(m="[Authress Login SDK] HttpClient Response Error due to invalid token",w="debug"):404===y?(m="[Authress Login SDK] HttpClient Response: Not Found",w="debug"):y<500&&a&&(w="debug"):m="[Authress Login SDK] HttpClient Response Error - Unknown error occurred",this.logger&&this.logger[w]&&this.logger[w]({title:m,online:"undefined"==typeof navigator||navigator.onLine,method:u,url:c,status:y,data:r,headers:l,error:k,resolvedError:p}),{url:c,method:u,status:y,data:p,headers:k.headers};case 14:return e.a(2)}},e,this,[[9,11],[4,6],[1,8]])})),function(t,n,r,o,i,a){return e.apply(this,arguments)})}]);var e}();function E(e){return String.fromCharCode(parseInt(e.slice(1),16))}function x(e){return"%".concat("00".concat(e.charCodeAt(0).toString(16)).slice(-2))}const D={decode:function(e){return function(e){return decodeURIComponent(Array.from(atob(e),x).join(""))}(e.replace(/-/g,"+").replace(/_/g,"/"))},encode:function(e){return e&&"object"===h(e)?btoa(String.fromCharCode.apply(String,l(new Uint8Array(e)))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,""):function(e){return btoa(encodeURIComponent(e).replace(/%[0-9A-F]{2}/g,E))}(e).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,"")}};var O=function(){return i(function e(){o(this,e)},[{key:"decode",value:function(e){var t;return e?null===(t=this.decodeFull(e))||void 0===t?void 0:t.payload:null}},{key:"decodeOrParse",value:function(e){if(!e)return null;if("object"===h(e))return e;try{return JSON.parse(e)}catch(t){return this.decode(e)}}},{key:"decodeFull",value:function(e){if(!e)return null;var t=null;try{t=JSON.parse(D.decode(e.split(".")[0]))}catch(r){}try{var n=JSON.parse(D.decode(e.split(".")[1]));return n.exp&&(n.exp=n.exp-10),{header:t,payload:n}}catch(r){return null}}},{key:"getAuthCodes",value:(t=r(s().m(function e(){var t,n,r;return s().w(function(e){for(;;)switch(e.n){case 0:return t=D.encode((window.crypto||window.msCrypto).getRandomValues(new Uint32Array(16)).toString()),e.n=1,(window.crypto||window.msCrypto).subtle.digest("SHA-256",(new TextEncoder).encode(t));case 1:return n=e.v,r=D.encode(n),e.a(2,{codeVerifier:t,codeChallenge:r})}},e)})),function(){return t.apply(this,arguments)})},{key:"calculateAntiAbuseHash",value:(e=r(s().m(function e(t){var n,r,o,i,a;return s().w(function(e){for(;;)switch(e.n){case 0:n=Date.now(),r=Object.values(t).filter(function(e){return e}).join("|"),o=0,i=null;case 1:if(!++o){e.n=4;break}return a=D,e.n=2,(window.crypto||window.msCrypto).subtle.digest("SHA-256",(new TextEncoder).encode("".concat(n,";").concat(o,";").concat(r)));case 2:if(!(i=a.encode.call(a,e.v)).match(/^00/)){e.n=3;break}return e.a(3,4);case 3:e.n=1;break;case 4:return e.a(2,"v2;".concat(n,";").concat(o,";").concat(i))}},e)})),function(t){return e.apply(this,arguments)})}]);var e,t}();const P=new O;var R="AuthenticationCredentialsStorage",N={user:"user",authorization:"authorization",authCode:"auth-code",authUserId:"AuthUserId"};const _=new(function(){return i(function e(){o(this,e),this.retainUserCookie=!1},[{key:"getUserCookie",value:function(){var e=b.getDocument();return e&&e.cookie.split(";").filter(function(e){return e.split("=")[0].trim()===N.user}).map(function(e){return e.trim().replace(/^user=/,"")}).find(function(e){return e&&e.trim()})||null}},{key:"getAuthorizationTokens",value:function(){return"undefined"==typeof window||"undefined"==typeof document?[]:document.cookie.split(";").filter(function(e){return e.split("=")[0].trim()===N.authorization}).map(function(e){return e.trim().replace(/^authorization=/,"")}).filter(function(e){return e&&e.trim()})}},{key:"set",value:function(e,t){if("undefined"!=typeof window&&"undefined"!=typeof document)try{var n=y.parse(document.cookie);localStorage.setItem(R,JSON.stringify({idToken:e,expiry:t&&t.getTime(),jsCookies:!!n.authorization})),this.retainUserCookie||this.clearCookies(N.user)}catch(r){console.debug("LocalStorage failed in Browser",r)}}},{key:"get",value:function(){if("undefined"==typeof window||"undefined"==typeof document)return null;var e={};try{e=y.parse(document.cookie)}catch(i){console.debug("CookieManagement failed in Browser",i)}try{var t=JSON.parse(localStorage.getItem(R)||"{}"),n=t.idToken,r=t.expiry,o=t.jsCookies;return n?r<Date.now()||o&&!e.authorization?null:n:this.getUserCookie()}catch(i){return console.debug("LocalStorage failed in Browser",i),this.getUserCookie()}}},{key:"delete",value:function(){try{localStorage.removeItem(R)}catch(e){console.debug("LocalStorage failed in Browser",e)}try{this.clearCookies(N.user)}catch(e){console.debug("CookieManagement failed in Browser",e)}}},{key:"clear",value:function(){this.clearCookies(),this.delete()}},{key:"clearCookies",value:function(e){if("undefined"!=typeof window&&"undefined"!=typeof document){var t,n=a(document.cookie.split("; "));try{var r=function(){var n=t.value;if(!Object.values(N).includes(n.split("=")[0])||e&&n.split("=")[0]!==e)return 1;var r=window.location.hostname.split("."),o=l(Array(r.length-1)).map(function(e,t){return r.reverse().slice(0,t+2).reverse().join(".")}).map(function(e){return[e,".".concat(e)]}).flat(1).concat(null);"localhost"===window.location.hostname&&o.push("localhost");var i,s=a(o);try{for(s.s();!(i=s.n()).done;){var c=i.value,u=c?"domain=".concat(c,";"):"",d="".concat(encodeURIComponent(n.split(";")[0].split("=")[0]),"=; expires=Thu, 01-Jan-1970 00:00:01 GMT; ").concat(u," SameSite=Strict; path=");document.cookie="".concat(d,"/");for(var h=location.pathname.split("/");h.length>0;)document.cookie=d+h.join("/"),h.pop()}}catch(f){s.e(f)}finally{s.f()}};for(n.s();!(t=n.n()).done;)r()}catch(o){n.e(o)}finally{n.f()}}}}])}());var j,z=new Promise(function(e){return j=e}),H=Promise.resolve(),q=!1,K="AuthenticationRequestNonce",M=function(){return i(function e(t,n){var i,a=this;o(this,e);var c=Object.assign({applicationId:"app_default"},t),u=Object.assign({debug:function(){},log:function(){},error:function(){},warn:function(){},critical:function(){}},n||console);this.logger=u;var l=c.authressApiUrl||c.authressLoginHostUrl||c.authenticationServiceUrl||"";if(!l)throw Error('Missing required property "authressApiUrl" in LoginClient constructor. Custom Authress Domain Host is required.');if(this.applicationId=null===(i=c.applicationId)||void 0===i?void 0:i.trim(),!this.applicationId){var d=Error("Application ID is required.");throw d.code="InvalidApplication",d}if(this.applicationId.match(/^(sc_|ext_)/)){var h=Error("You have incorrectly specified an Authress Service Client or Extension as the applicationId instead of a valid application. The applicationId is your application that your users will log into, usually hosted on your domain https://example.yourdomain.com. Users cannot log *into* a Service Client, but they can log in *with* one. Users can use a Service Client to log in, by setting the connection ID in the *authenticate({ connectionId })* method to be the Authress Service Client.\n(1) If you are building an Custom Login Portal, then the application ID should correspond to this login portal.\n(2) If you are replacing or extending an Authress connection, then specify the Service Client as the connectionId and the end user application as the applicationId.\n(3) If you are building a platform or plugin marketplace, where users will log into third party extensions or apps, then distribute in your SDK a wrapper for the Authress Extension Client using: import { extensionClient } from '@authress/login' found within this SDK.\n(4) If you aren't sure what to do here to fix the problem, the fastest and usually correct solution is go to https://authress.io/app/#/settings?focus=applications create a new application, specify your site in the application url property and then update the value here.");throw h.code="InvalidApplication",h}this.hostUrl=C(l),this.httpClient=new T(this.hostUrl,u),this.lastSessionCheck=0,this.enableCredentials=this.getMatchingDomainInfo(this.hostUrl),_.retainUserCookie=t.retainUserCookie,c.skipBackgroundCredentialsCheck||b.onLoad(r(s().m(function e(){return s().w(function(e){for(;;)switch(e.n){case 0:return e.n=1,a.userSessionExists({backgroundTrigger:!0});case 1:return e.a(2)}},e)})))},[{key:"getMatchingDomainInfo",value:function(e){var t=new URL(e);if(b.isLocalHost())return!1;var n=b.getCurrentLocation();if("https:"!==n.protocol)return!1;var r,o=t.host.toLowerCase().split(".").reverse(),i=n.host.toLowerCase().split(".").reverse(),s=[],c=a(o);try{for(c.s();!(r=c.n()).done;){var u=r.value,l=k(i,s.length+1).join(".");if(s.concat(u).join(".")!==l)break;s.push(u)}}catch(d){c.e(d)}finally{c.f()}return s.length===o.length&&s.length===i.length||s.length>1}},{key:"getUserIdentity",value:function(){var e=_.getUserCookie(),t=P.decodeOrParse(e);if(t){var n=t.exp?new Date(1e3*t.exp):new Date(Date.now()+864e5);return _.set(e,n),t.userId=t.sub,t}var r=_.get(),o=P.decodeOrParse(r);if(!o)return null;var i=new URL(o.iss).hostname,a=new URL(this.hostUrl).hostname;return i.endsWith(a)||a.endsWith(i)?(o.userId=o.sub,o):(_.clear(),null)}},{key:"getConnectionCredentials",value:(I=r(s().m(function e(){var t,n;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.n=1,this.waitForUserSession();case 1:return e.p=1,e.n=2,this.ensureToken();case 2:return t=e.v,e.n=3,this.httpClient.get("/session/credentials",this.enableCredentials,{Authorization:t&&"Bearer ".concat(t)});case 3:return n=e.v,e.a(2,n.data);case 4:return e.p=4,e.v,e.a(2,null)}},e,this,[[1,4]])})),function(){return I.apply(this,arguments)})},{key:"getDevices",value:(S=r(s().m(function e(){var t,n;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,this.ensureToken();case 1:return t=e.v,e.n=2,this.httpClient.get("/session/devices",this.enableCredentials,{Authorization:t&&"Bearer ".concat(t)});case 2:return n=e.v,e.a(2,n.data.devices);case 3:return e.p=3,e.v,e.a(2,[])}},e,this,[[0,3]])})),function(){return S.apply(this,arguments)})},{key:"deleteDevice",value:(m=r(s().m(function e(t){var n,r;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,this.ensureToken();case 1:return n=e.v,e.n=2,this.httpClient.delete("/session/devices/".concat(encodeURIComponent(t)),this.enableCredentials,{Authorization:n&&"Bearer ".concat(n)});case 2:e.n=4;break;case 3:throw e.p=3,r=e.v,this.logger.log({title:"[Authress Login SDK] Failed to delete device",error:r}),r;case 4:return e.a(2)}},e,this,[[0,3]])})),function(e){return m.apply(this,arguments)})},{key:"openUserConfigurationScreen",value:(w=r(s().m(function e(){var t,n,r,o=arguments;return s().w(function(e){for(;;)switch(e.n){case 0:return t=o.length>0&&void 0!==o[0]?o[0]:{redirectUrl:null,startPage:"Profile"},e.n=1,this.userSessionExists();case 1:if(e.v){e.n=2;break}throw(n=Error("User must be logged to configure user profile data.")).code="NotLoggedIn",n;case 2:return(r=new URL("/settings",this.hostUrl)).searchParams.set("client_id",this.applicationId),r.searchParams.set("start_page",t&&t.startPage||"Profile"),r.searchParams.set("redirect_uri",t&&t.redirectUrl||b.getCurrentLocation().href),b.assign(r.toString()),e.n=3,Promise.resolve();case 3:return e.a(2)}},e,this)})),function(){return w.apply(this,arguments)})},{key:"registerDevice",value:(v=r(s().m(function e(){var t,n,r,o,i,a,c,u,d,h,f,p,g=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return t=g.length>0&&void 0!==g[0]?g[0]:{name:"",type:"",totp:{}},e.n=1,this.getUserIdentity();case 1:if(n=e.v){e.n=2;break}throw(r=Error("User must be logged to configure user profile data.")).code="NotLoggedIn",r;case 2:if(t){e.n=3;break}throw(o=Error("Register Device missing required parameter: 'Options'")).code="InvalidInput",o;case 3:if(t.type&&"WebAuthN"!==t.type){e.n=5;break}return a=n.sub,c={challenge:Uint8Array.from(a,function(e){return e.charCodeAt(0)}),rp:{id:this.hostUrl.split(".").slice(1).join("."),name:"WebAuthN Login"},user:{id:Uint8Array.from(a,function(e){return e.charCodeAt(0)}),name:a,displayName:"Generated User ID: ".concat(a)},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{residentKey:"discouraged",requireResidentKey:!1,userVerification:"discouraged"},timeout:6e4,attestation:"direct"},e.n=4,navigator.credentials.create({publicKey:c});case 4:u=e.v,d={authenticatorAttachment:u.authenticatorAttachment,credentialId:u.id,type:u.type,userId:a,attestation:btoa(String.fromCharCode.apply(String,l(new Uint8Array(u.response.attestationObject)))),client:btoa(String.fromCharCode.apply(String,l(new Uint8Array(u.response.clientDataJSON))))},i={name:t&&t.name,code:d,type:"WebAuthN"},e.n=6;break;case 5:"TOTP"===t.type&&(i={name:t.name,code:t.totp.verificationCode,totpData:t.totp,type:"TOTP"});case 6:return e.p=6,e.n=7,this.ensureToken();case 7:return h=e.v,e.n=8,this.httpClient.post("/session/devices",this.enableCredentials,i,{Authorization:h&&"Bearer ".concat(h)});case 8:return f=e.v,e.a(2,f.data);case 9:throw e.p=9,p=e.v,this.logger.log({title:"[Authress Login SDK] Failed to register new device",error:p,request:i}),p;case 10:return e.a(2)}},e,this,[[6,9]])})),function(){return v.apply(this,arguments)})},{key:"waitForUserSession",value:(g=r(s().m(function e(){return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,z;case 1:return e.a(2,!0);case 2:return e.p=2,e.v,e.a(2,!1)}},e,null,[[0,2]])})),function(){return g.apply(this,arguments)})},{key:"userSessionExists",value:function(){var e=this,t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{backgroundTrigger:!1};return Date.now()-this.lastSessionCheck<50||q?H:(this.lastSessionCheck=Date.now(),q=!0,H=H.catch(function(){}).then(r(s().m(function n(){var r,o;return s().w(function(n){for(;;)switch(n.p=n.n){case 0:return n.p=0,n.n=1,e.userSessionContinuation(null==t?void 0:t.backgroundTrigger);case 1:return r=n.v,q=!1,n.a(2,r);case 2:throw n.p=2,o=n.v,q=!1,o;case 3:return n.a(2)}},n,null,[[0,2]])}))))}},{key:"userSessionContinuation",value:(p=r(s().m(function e(){var t,n,r,o,i,a,c,u,l,d,h,f,p,g,v,w,m=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(t=m.length>0&&void 0!==m[0]&&m[0],n=new URLSearchParams(b.getCurrentLocation().search),r={},"undefined"!=typeof localStorage)try{r=JSON.parse(localStorage.getItem(K)||"{}"),localStorage.removeItem(K),Object.hasOwnProperty.call(r,"enableCredentials")&&(this.enableCredentials=r.enableCredentials)}catch(s){this.logger.debug({title:"[Authress Login SDK] LocalStorage failed in Browser",error:s})}if((r.nonce||n.get("iss")&&n.get("iss").includes(this.hostUrl))&&this.sanitizeQueryParameters(),!r.nonce||!n.get("code")){e.n=6;break}if(r.nonce!==n.get("nonce")){e.n=6;break}return o="cookie"===n.get("code")?y.parse(document.cookie)["auth-code"]:n.get("code"),e.n=1,P.calculateAntiAbuseHash({client_id:this.applicationId,authenticationRequestId:r.nonce,code:o});case 1:return i=e.v,a={grant_type:"authorization_code",redirect_uri:r.redirectUrl,client_id:this.applicationId,code:o,code_verifier:r.codeVerifier,antiAbuseHash:i},e.p=2,e.n=3,this.httpClient.post("/authentication/".concat(r.nonce,"/tokens"),this.enableCredentials,a);case 3:return c=e.v,u=P.decode(c.data.id_token),l=u.exp&&new Date(1e3*u.exp)||c.data.expires_in&&new Date(Date.now()+1e3*c.data.expires_in),document.cookie=y.serialize("authorization",c.data.access_token||"",{expires:l,path:"/",sameSite:"strict"}),_.set(c.data.id_token,l),j(),e.a(2,!0);case 4:if(e.p=4,v=e.v,this.logger.log({title:"[Authress Login SDK] Failed exchange authentication response for a token.",error:v}),!v.data||"invalid_request"!==v.data.error){e.n=5;break}return e.a(2,!1);case 5:throw v.data||v;case 6:if(!b.isLocalHost()){e.n=7;break}if(!n.get("nonce")||!n.get("access_token")){e.n=7;break}if(r.nonce&&r.nonce!==n.get("nonce")){e.n=7;break}return d=P.decode(n.get("id_token")),h=d.exp&&new Date(1e3*d.exp)||Number(n.get("expires_in"))&&new Date(Date.now()+1e3*Number(n.get("expires_in"))),document.cookie=y.serialize("authorization",n.get("access_token")||"",{expires:h,path:"/",sameSite:"strict"}),_.set(n.get("id_token"),h),j(),e.a(2,!0);case 7:if(!this.getUserIdentity()){e.n=8;break}return j(),e.a(2,!0);case 8:if(b.isLocalHost()||t){e.n=13;break}return e.p=9,e.n=10,this.httpClient.patch("/session",this.enableCredentials,{},null,!0);case 10:(f=e.v).data.access_token&&(p=P.decode(f.data.id_token),g=p.exp&&new Date(1e3*p.exp)||f.data.expires_in&&new Date(Date.now()+1e3*f.data.expires_in),document.cookie=y.serialize("authorization",f.data.access_token||"",{expires:g,path:"/",sameSite:"strict"}),_.set(f.data.id_token,g)),e.n=12;break;case 11:e.p=11,400===(w=e.v).status||404===w.status||409===w.status?this.logger.log({title:"[Authress Login SDK] User does not have an existing authentication session",error:w}):this.logger.log({title:"[Authress Login SDK] Failed attempting to check if the user has an existing authentication session",error:w});case 12:if(!this.getUserIdentity()){e.n=13;break}return j(),e.a(2,!0);case 13:return e.a(2,!1)}},e,this,[[9,11],[2,4]])})),function(){return p.apply(this,arguments)})},{key:"updateExtensionAuthenticationRequest",value:(f=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f,p,g,v,y;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(n=t.state,r=t.connectionId,o=t.tenantLookupIdentifier,i=t.connectionProperties,a=t.hint,r||o||a){e.n=1;break}throw(c=Error("connectionId or tenantLookupIdentifier must be specified")).code="InvalidConnection",c;case 1:if(u=new URLSearchParams(b.getCurrentLocation().search),l=n||u.get("state")){e.n=2;break}throw(d=Error("The `state` parameters must be specified to update this authentication request")).code="InvalidAuthenticationRequest",d;case 2:if(this.enableCredentials||b.isLocalHost()){e.n=3;break}throw(h=Error('"updateExtensionAuthenticationRequest()" can only be run on sites that match the login domain. '.concat(b.getCurrentLocation().host," Does not match ").concat(this.hostUrl))).code="OriginMismatch",h;case 3:return e.p=3,f=a||o,e.n=4,P.calculateAntiAbuseHash({connectionId:r,tenantLookupIdentifier:f,authenticationRequestId:l});case 4:return p=e.v,e.n=5,this.httpClient.patch("/authentication/".concat(l),this.enableCredentials,{antiAbuseHash:p,connectionId:r,tenantLookupIdentifier:f,connectionProperties:i});case 5:if(g=e.v,new URL(g.data.authenticationUrl).hostname!==b.getCurrentLocation().hostname){e.n=6;break}return e.a(2,{authenticationUrl:g.data.authenticationUrl});case 6:b.assign(g.data.authenticationUrl),e.n=9;break;case 7:if(e.p=7,y=e.v,this.logger.log({title:"[Authress Login SDK] Failed to update extension authentication request",error:y}),!(y.status&&y.status>=400&&y.status<500)){e.n=8;break}throw(v=Error(y.data&&(y.data.title||y.data.errorCode)||y.data||"Unknown Error")).code=y.data&&y.data.errorCode,v;case 8:throw y.data||y;case 9:return e.n=10,new Promise(function(e){return setTimeout(e,5e3)});case 10:return e.a(2,null)}},e,this,[[3,7]])})),function(e){return f.apply(this,arguments)})},{key:"unlinkIdentity",value:(h=r(s().m(function e(t){var n,r,o,i,a,c,u;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(t){e.n=1;break}throw(n=Error("connectionId must be specified")).code="InvalidConnection",n;case 1:if(this.getUserIdentity()){e.n=2;break}throw(r=Error("User must be logged in to unlink an account.")).code="NotLoggedIn",r;case 2:return e.p=2,e.n=3,this.ensureToken({timeoutInMillis:100});case 3:o=e.v,e.n=5;break;case 4:if(e.p=4,"TokenTimeout"!==e.v.code){e.n=5;break}throw(i=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",i;case 5:return a=this.enableCredentials&&!b.isLocalHost()?{}:{Authorization:"Bearer ".concat(o)},e.p=6,e.n=7,this.httpClient.delete("/identities/".concat(encodeURIComponent(t)),this.enableCredentials,a);case 7:e.n=10;break;case 8:if(e.p=8,u=e.v,this.logger.log({title:"[Authress Login SDK] Failed to unlink user identity",error:u}),!(u.status&&u.status>=400&&u.status<500)){e.n=9;break}throw(c=Error(u.data&&(u.data.title||u.data.errorCode)||u.data||"Unknown Error")).code=u.data&&u.data.errorCode,c;case 9:throw u.data||u;case 10:return e.a(2)}},e,this,[[6,8],[2,4]])})),function(e){return h.apply(this,arguments)})},{key:"linkIdentityWithOneTimeCode",value:(d=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f,p,g,v,y;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(n=t.connectionId,r=t.redirectUrl,n){e.n=1;break}throw(o=Error("connectionId must be specified")).code="InvalidConnection",o;case 1:if(this.getUserIdentity()){e.n=2;break}throw(i=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",i;case 2:return e.p=2,e.n=3,this.ensureToken({timeoutInMillis:100});case 3:a=e.v,e.n=5;break;case 4:if(e.p=4,"TokenTimeout"!==e.v.code){e.n=5;break}throw(c=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",c;case 5:return e.n=6,P.getAuthCodes();case 6:return u=e.v,l=u.codeChallenge,e.n=7,P.calculateAntiAbuseHash({connectionId:n,applicationId:this.applicationId});case 7:return d=e.v,e.p=8,h=r&&new URL(r).toString(),f=h||b.getCurrentLocation().href,p=this.enableCredentials&&!b.isLocalHost()?{}:{Authorization:"Bearer ".concat(a)},e.n=9,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:d,linkIdentity:!0,redirectUrl:f,codeChallengeMethod:"S256",codeChallenge:l,connectionId:n,applicationId:this.applicationId},p);case 9:return g=e.v,e.a(2,{authenticationUrl:g.data.authenticationUrl,authenticationRequestId:g.data.authenticationRequestId});case 10:if(e.p=10,y=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start user identity link",error:y}),!(y.status&&y.status>=400&&y.status<500)){e.n=11;break}throw(v=Error(y.data&&(y.data.title||y.data.errorCode)||y.data||"Unknown Error")).code=y.data&&y.data.errorCode,v;case 11:throw y;case 12:return e.a(2)}},e,this,[[8,10],[2,4]])})),function(e){return d.apply(this,arguments)})},{key:"linkIdentity",value:(u=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f,p,g,v,y,w,m;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(n=t.connectionId,r=t.tenantLookupIdentifier,o=t.redirectUrl,i=t.connectionProperties,n||r){e.n=1;break}throw(a=Error("connectionId or tenantLookupIdentifier must be specified")).code="InvalidConnection",a;case 1:if(this.getUserIdentity()){e.n=2;break}throw(c=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",c;case 2:return e.p=2,e.n=3,this.ensureToken({timeoutInMillis:100});case 3:u=e.v,e.n=5;break;case 4:if(e.p=4,"TokenTimeout"!==e.v.code){e.n=5;break}throw(l=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",l;case 5:return e.n=6,P.getAuthCodes();case 6:return d=e.v,h=d.codeChallenge,e.n=7,P.calculateAntiAbuseHash({connectionId:n,tenantLookupIdentifier:r,applicationId:this.applicationId});case 7:return f=e.v,e.p=8,p=o&&new URL(o).toString(),g=p||b.getCurrentLocation().href,v=this.enableCredentials&&!b.isLocalHost()?{}:{Authorization:"Bearer ".concat(u)},e.n=9,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:f,linkIdentity:!0,redirectUrl:g,codeChallengeMethod:"S256",codeChallenge:h,connectionId:n,tenantLookupIdentifier:r,connectionProperties:i,applicationId:this.applicationId},v);case 9:y=e.v,b.assign(y.data.authenticationUrl),e.n=12;break;case 10:if(e.p=10,m=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start user identity link",error:m}),!(m.status&&m.status>=400&&m.status<500)){e.n=11;break}throw(w=Error(m.data&&(m.data.title||m.data.errorCode)||m.data||"Unknown Error")).code=m.data&&m.data.errorCode,w;case 11:throw m;case 12:return e.n=13,new Promise(function(e){return setTimeout(e,5e3)});case 13:return e.a(2)}},e,this,[[8,10],[2,4]])})),function(e){return u.apply(this,arguments)})},{key:"authenticateWithOneTimeCode",value:(c=r(s().m(function e(){var t,n,r,o,i,a,c,u,l,d,h,f,p,g,v,y,w,m,k,C,S,I,A,L,U,T=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(r=(n=(t=T.length>0&&void 0!==T[0]?T[0]:{})||{}).serviceClientId,o=n.inviteId,i=n.redirectUrl,a=n.force,c=n.responseLocation,u=n.flowType,l=n.clearUserDataBeforeLogin,d=n.audiences,!c||"cookie"===c||"query"===c||"none"===c){e.n=1;break}throw(h=Error("Authentication response location is not valid")).code="InvalidResponseLocation",h;case 1:if(r){e.n=2;break}throw(f=Error("The Passwordless Service Client ID is required")).code="InvalidInput",f;case 2:if(!(L=!o&&!a)){e.n=4;break}return e.n=3,this.userSessionExists();case 3:L=e.v;case 4:if(!L){e.n=7;break}return e.n=5,this.ensureToken();case 5:if(p=e.v,!(g=P.decode(p))||!g.azp||r===g.azp){e.n=6;break}throw this.logger.log({title:"[Authress Login SDK] Authentication blocked because the user is already logged in, and the requested authentication parameters do not match the original session.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:g}),(v=Error('Authentication requested for user that is already logged in, but the connectionId specified does not match their existing session.\n        Recommended Options:\n          (1) If the goal is to force them to log in with this new connection and ignore their existing session, use the "force" flag.\n          (2) If the goal is link their current identity with a new from the new connection, use the linkIdentity() method.\n          (3) If the goal is skip log in if they are already logged in or force log in with the connectionId, first check if userSessionExists() and then only if "false", call authenticate().')).code="AuthenticationConstraintContention",v;case 6:return e.a(2,null);case 7:return e.n=8,P.getAuthCodes();case 8:return y=e.v,w=y.codeVerifier,m=y.codeChallenge,e.n=9,P.calculateAntiAbuseHash({serviceClientId:r,inviteId:o,applicationId:this.applicationId,audiences:d});case 9:return k=e.v,e.p=10,C=i&&new URL(i).toString(),S=C||b.getCurrentLocation().href,!1!==l&&_.clear(),e.n=11,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:k,redirectUrl:S,codeChallengeMethod:"S256",codeChallenge:m,audiences:d,connectionId:r,inviteId:o,applicationId:this.applicationId,responseLocation:c,flowType:u});case 11:return I=e.v,localStorage.setItem(K,JSON.stringify({nonce:I.data.authenticationRequestId,codeVerifier:w,lastConnectionId:r,redirectUrl:S,enableCredentials:I.data.enableCredentials})),e.a(2,{authenticationUrl:I.data.authenticationUrl,authenticationRequestId:I.data.authenticationRequestId});case 12:if(e.p=12,U=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start authentication for user",error:U}),!(U.status&&U.status>=400&&U.status<500)){e.n=13;break}throw(A=Error(U.data&&(U.data.title||U.data.errorCode)||U.data||"Unknown Error")).code=U.data&&U.data.errorCode,A;case 13:throw U.data||U;case 14:return e.a(2)}},e,this,[[10,12]])})),function(){return c.apply(this,arguments)})},{key:"authenticate",value:(n=r(s().m(function e(){var t,n,r,o,i,a,c,u,l,d,h,f,p,g,v,y,w,m,k,C,S,I,A,L,U,T,E,x,D,O=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(r=(n=(t=O.length>0&&void 0!==O[0]?O[0]:{})||{}).connectionId,o=n.tenantLookupIdentifier,i=n.inviteId,a=n.redirectUrl,c=n.force,u=n.responseLocation,l=n.flowType,d=n.connectionProperties,h=n.openType,f=n.multiAccount,p=n.clearUserDataBeforeLogin,g=n.audiences,!u||"cookie"===u||"query"===u||"none"===u){e.n=1;break}throw(v=Error("Authentication response location is not valid")).code="InvalidResponseLocation",v;case 1:if(!(x=!i&&!c&&!f)){e.n=3;break}return e.n=2,this.userSessionExists();case 2:x=e.v;case 3:if(!x){e.n=6;break}return e.n=4,this.ensureToken();case 4:if(y=e.v,w=P.decode(y),!(r&&w&&w.azp&&r!==w.azp)){e.n=5;break}throw this.logger.log({title:"[Authress Login SDK] Authentication blocked because the user is already logged in, and the requested authentication parameters do not match the original session.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:w}),(m=Error('Authentication requested for user that is already logged in, but the connectionId specified does not match their existing session.\n        Recommended Options:\n          (1) If the goal is to force them to log in with this new connection and ignore their existing session, use the "force" flag.\n          (2) If the goal is link their current identity with a new from the new connection, use the linkIdentity() method.\n          (3) If the goal is skip log in if they are already logged in or force log in with the connectionId, first check if userSessionExists() and then only if "false", call authenticate().')).code="AuthenticationConstraintContention",m;case 5:return e.a(2,null);case 6:return e.n=7,P.getAuthCodes();case 7:return k=e.v,C=k.codeVerifier,S=k.codeChallenge,e.n=8,P.calculateAntiAbuseHash({connectionId:r,tenantLookupIdentifier:o,inviteId:i,applicationId:this.applicationId,audiences:g});case 8:return I=e.v,e.p=9,A=a&&new URL(a).toString(),L=A||b.getCurrentLocation().href,!1!==p&&_.clear(),e.n=10,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:I,redirectUrl:L,codeChallengeMethod:"S256",codeChallenge:S,audiences:g,connectionId:r,tenantLookupIdentifier:o,inviteId:i,connectionProperties:d,applicationId:this.applicationId,responseLocation:u,flowType:l,multiAccount:f});case 10:if(U=e.v,localStorage.setItem(K,JSON.stringify({nonce:U.data.authenticationRequestId,codeVerifier:C,lastConnectionId:r,tenantLookupIdentifier:o,redirectUrl:L,enableCredentials:U.data.enableCredentials,multiAccount:f})),U.data.authenticationUrl&&new URL(U.data.authenticationUrl).hostname!==b.getCurrentLocation().hostname){e.n=11;break}return e.a(2,{authenticationUrl:U.data.authenticationUrl,authenticationRequestId:U.data.authenticationRequestId});case 11:"tab"===h&&(T=b.open(U.data.authenticationUrl,"_blank"))&&!T.closed&&void 0!==T.closed||b.assign(U.data.authenticationUrl),e.n=14;break;case 12:if(e.p=12,D=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start authentication for user",error:D}),!(D.status&&D.status>=400&&D.status<500)){e.n=13;break}throw(E=Error(D.data&&(D.data.title||D.data.errorCode)||D.data||"Unknown Error")).code=D.data&&D.data.errorCode,E;case 13:throw D.data||D;case 14:return e.n=15,new Promise(function(e){return setTimeout(e,5e3)});case 15:return e.a(2,null)}},e,this,[[9,12]])})),function(){return n.apply(this,arguments)})},{key:"ensureToken",value:(t=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f=this;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(!t||0!==t.timeoutInMillis){e.n=4;break}if(this.getUserIdentity()){e.n=1;break}throw(n=Error("No token available because the user is not logged in.")).code="TokenTimeout",n;case 1:if(r=_.getAuthorizationTokens(),!(o=r.find(function(e){try{var n=P.decode(e);return(null==n?void 0:n.iss)===f.hostUrl||(f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because the issuer does not match the library configured value.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:n}),!1)}catch(r){return f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because it is no longer a valid token.",requestedAuthenticationOptions:t,currentAuthenticationSessionDataToken:e,error:r}),!1}}))){e.n=2;break}return e.a(2,o);case 2:if(!r.length){e.n=3;break}return this.logger.log({title:"[Authress Login SDK] No matching issuer token found, returning the first valid token instead."}),e.a(2,r[0]);case 3:return this.logger.error({title:"[Authress Login SDK] HttpOnly access token configuration has blocked the returning of a valid token. The application specified in the Authress LoginClient constructor has been configured to block returning access tokens via the enableAccessToToken property. To use the loginClient.ensureToken() method in production, please set the enableAccessToToken to true. Note: This setting does not affect localhost.",options:t}),e.a(2,null);case 4:return e.n=5,this.userSessionExists();case 5:return i=Object.assign({timeoutInMillis:5e3},t||{}),a=this.waitForUserSession(),c=-1===i.timeoutInMillis||i.timeoutInMillis>Math.pow(2,31)-1?Math.pow(2,31)-1:i.timeoutInMillis,u=new Promise(function(e,t){return setTimeout(t,c||0)}),e.p=6,e.n=7,Promise.race([a,u]);case 7:e.n=9;break;case 8:throw e.p=8,e.v,(l=Error("No token available because the user is still not logged in and the timeout has been exceeded. If you are seeing this error, it is because you have called ensureToken() without first validating that the user is logged. Review the route guards and checks for user sessions in your source code. ensureToken() should only ever be called after you have verified that the user is logged in.")).code="TokenTimeout",l;case 9:if(d=_.getAuthorizationTokens(),!(h=d.find(function(e){try{var n=P.decode(e);return(null==n?void 0:n.iss)===f.hostUrl||(f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because the issuer does not match the library configured value.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:n}),!1)}catch(r){return f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because it is no longer a valid token.",requestedAuthenticationOptions:t,currentAuthenticationSessionDataToken:e,error:r}),!1}}))){e.n=10;break}return e.a(2,h);case 10:if(!d.length){e.n=11;break}return this.logger.log({title:"[Authress Login SDK] No matching issuer token found, returning the first valid token instead."}),e.a(2,d[0]);case 11:if(this.getUserIdentity()){e.n=12;break}return this.logger.error({title:"[Authress Login SDK] User completed login but the user identity still does not exist. This happened because there is a race condition in your code and why waiting for ensureToken() to complete, the user was logged out. Returning null."}),e.a(2,null);case 12:return this.logger.error({title:"[Authress Login SDK] Your Authress Application access token configuration has blocked the returning of a valid token because the setting HttpOnly has been enabled. The application specified in the Authress LoginClient constructor has been configured to block returning access tokens via the enableAccessToToken property. To use the loginClient.ensureToken() method in production, please set the enableAccessToToken to true. (LocalHost Note: This setting does not affect localhost development, and you may still see ensureToken work successfully during development, but fail with this error in production. This is because HttpOnly does not work for LocalHost)",options:t}),e.a(2,null)}},e,this,[[6,8]])})),function(e){return t.apply(this,arguments)})},{key:"logout",value:(e=r(s().m(function e(t){var n,r,o;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(!t){e.n=5;break}e.p=1,new URL(t),n=t,e.n=5;break;case 2:e.p=2,e.v,e.p=3,n=new URL(t,b.getCurrentLocation().href).toString(),e.n=5;break;case 4:throw e.p=4,e.v,(r=Error("The logout redirect url is not valid URL: ".concat(t))).code="InvalidRedirectUrl",r;case 5:if(_.clear(),this.sanitizeQueryParameters(),z=new Promise(function(e){return j=e}),!this.enableCredentials){e.n=9;break}return e.p=6,e.n=7,this.httpClient.delete("/session",this.enableCredentials);case 7:return this.lastSessionCheck=0,t&&t!==b.getCurrentLocation().href&&b.assign(t),e.a(2);case 8:e.p=8,e.v;case 9:return(o=new URL("/logout",this.hostUrl)).searchParams.set("redirect_uri",n||b.getCurrentLocation().href),o.searchParams.set("client_id",this.applicationId),b.assign(o.toString()),this.lastSessionCheck=0,e.n=10,new Promise(function(e){return setTimeout(e,500)});case 10:return e.a(2)}},e,this,[[6,8],[3,4],[1,2]])})),function(t){return e.apply(this,arguments)})},{key:"sanitizeQueryParameters",value:function(){var e=new URL(b.getCurrentLocation());e.searchParams.delete("iss"),e.searchParams.delete("nonce"),e.searchParams.delete("code"),e.searchParams.delete("expires_in"),e.searchParams.delete("access_token"),e.searchParams.delete("id_token"),history.replaceState({},void 0,e.toString())}}]);var e,t,n,c,u,d,h,f,p,g,v,w,m,S,I}();e.LoginClient=M,e.UserConfigurationScreen={Profile:"Profile",MFA:"MFA"},Object.defineProperty(e,Symbol.toStringTag,{value:"Module"})});
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).Authress={})}(this,function(e){"use strict";function t(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=Array(t);n<t;n++)r[n]=e[n];return r}function n(e,t,n,r,o,i,a){try{var s=e[i](a),c=s.value}catch(u){return void n(u)}s.done?t(c):Promise.resolve(c).then(r,o)}function r(e){return function(){var t=this,r=arguments;return new Promise(function(o,i){var a=e.apply(t,r);function s(e){n(a,o,i,s,c,"next",e)}function c(e){n(a,o,i,s,c,"throw",e)}s(void 0)})}}function o(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function i(e,t,n){return t&&function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,d(r.key),r)}}(e.prototype,t),Object.defineProperty(e,"prototype",{writable:!1}),e}function a(e,t){var n="undefined"!=typeof Symbol&&e[Symbol.iterator]||e["@@iterator"];if(!n){if(Array.isArray(e)||(n=f(e))||t){n&&(e=n);var r=0,o=function(){};return{s:o,n:function(){return r>=e.length?{done:!0}:{done:!1,value:e[r++]}},e:function(e){throw e},f:o}}throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}var i,a=!0,s=!1;return{s:function(){n=n.call(e)},n:function(){var e=n.next();return a=e.done,e},e:function(e){s=!0,i=e},f:function(){try{a||null==n.return||n.return()}finally{if(s)throw i}}}}function s(){var e,t,n="function"==typeof Symbol?Symbol:{},r=n.iterator||"@@iterator",o=n.toStringTag||"@@toStringTag";function i(n,r,o,i){var s=r&&r.prototype instanceof u?r:u,l=Object.create(s.prototype);return c(l,"_invoke",function(n,r,o){var i,s,c,u=0,l=o||[],d=!1,h={p:0,n:0,v:e,a:f,f:f.bind(e,4),d:function(t,n){return i=t,s=0,c=e,h.n=n,a}};function f(n,r){for(s=n,c=r,t=0;!d&&u&&!o&&t<l.length;t++){var o,i=l[t],f=h.p,p=i[2];n>3?(o=p===r)&&(c=i[(s=i[4])?5:(s=3,3)],i[4]=i[5]=e):i[0]<=f&&((o=n<2&&f<i[1])?(s=0,h.v=r,h.n=i[1]):f<p&&(o=n<3||i[0]>r||r>p)&&(i[4]=n,i[5]=r,h.n=p,s=0))}if(o||n>1)return a;throw d=!0,r}return function(o,l,p){if(u>1)throw TypeError("Generator is already running");for(d&&1===l&&f(l,p),s=l,c=p;(t=s<2?e:c)||!d;){i||(s?s<3?(s>1&&(h.n=-1),f(s,c)):h.n=c:h.v=c);try{if(u=2,i){if(s||(o="next"),t=i[o]){if(!(t=t.call(i,c)))throw TypeError("iterator result is not an object");if(!t.done)return t;c=t.value,s<2&&(s=0)}else 1===s&&(t=i.return)&&t.call(i),s<2&&(c=TypeError("The iterator does not provide a '"+o+"' method"),s=1);i=e}else if((t=(d=h.n<0)?c:n.call(r,h))!==a)break}catch(g){i=e,s=1,c=g}finally{u=1}}return{value:t,done:d}}}(n,o,i),!0),l}var a={};function u(){}function l(){}function d(){}t=Object.getPrototypeOf;var h=[][r]?t(t([][r]())):(c(t={},r,function(){return this}),t),f=d.prototype=u.prototype=Object.create(h);function p(e){return Object.setPrototypeOf?Object.setPrototypeOf(e,d):(e.__proto__=d,c(e,o,"GeneratorFunction")),e.prototype=Object.create(f),e}return l.prototype=d,c(f,"constructor",d),c(d,"constructor",l),l.displayName="GeneratorFunction",c(d,o,"GeneratorFunction"),c(f),c(f,o,"Generator"),c(f,r,function(){return this}),c(f,"toString",function(){return"[object Generator]"}),(s=function(){return{w:i,m:p}})()}function c(e,t,n,r){var o=Object.defineProperty;try{o({},"",{})}catch(i){o=0}(c=function(e,t,n,r){function i(t,n){c(e,t,function(e){return this._invoke(t,n,e)})}t?o?o(e,t,{value:n,enumerable:!r,configurable:!r,writable:!r}):e[t]=n:(i("next",0),i("throw",1),i("return",2))})(e,t,n,r)}function u(e){if(null!=e){var t=e["function"==typeof Symbol&&Symbol.iterator||"@@iterator"],n=0;if(t)return t.call(e);if("function"==typeof e.next)return e;if(!isNaN(e.length))return{next:function(){return e&&n>=e.length&&(e=void 0),{value:e&&e[n++],done:!e}}}}throw new TypeError(typeof e+" is not iterable")}function l(e){return function(e){if(Array.isArray(e))return t(e)}(e)||function(e){if("undefined"!=typeof Symbol&&null!=e[Symbol.iterator]||null!=e["@@iterator"])return Array.from(e)}(e)||f(e)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function d(e){var t=function(e,t){if("object"!=typeof e||!e)return e;var n=e[Symbol.toPrimitive];if(void 0!==n){var r=n.call(e,t);if("object"!=typeof r)return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}(e,"string");return"symbol"==typeof t?t:t+""}function h(e){return(h="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e})(e)}function f(e,n){if(e){if("string"==typeof e)return t(e,n);var r={}.toString.call(e).slice(8,-1);return"Object"===r&&e.constructor&&(r=e.constructor.name),"Map"===r||"Set"===r?Array.from(e):"Arguments"===r||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(r)?t(e,n):void 0}}function p(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}var g,v={};const y=p(function(){if(g)return v;g=1,v.parse=function(e,n){if("string"!=typeof e)throw new TypeError("argument str must be a string");var r={},o=e.length;if(o<2)return r;var i=n&&n.decode||c,l=0,d=0,h=0;do{if(-1===(d=e.indexOf("=",l)))break;if(-1===(h=e.indexOf(";",l)))h=o;else if(d>h){l=e.lastIndexOf(";",d-1)+1;continue}var f=a(e,l,d),p=s(e,d,f),g=e.slice(f,p);if(!t.call(r,g)){var v=a(e,d+1,h),y=s(e,h,v);34===e.charCodeAt(v)&&34===e.charCodeAt(y-1)&&(v++,y--);var w=e.slice(v,y);r[g]=u(w,i)}l=h+1}while(l<o);return r},v.serialize=function(t,a,s){var c=s&&s.encode||encodeURIComponent;if("function"!=typeof c)throw new TypeError("option encode is invalid");if(!n.test(t))throw new TypeError("argument name is invalid");var u=c(a);if(!r.test(u))throw new TypeError("argument val is invalid");var l=t+"="+u;if(!s)return l;if(null!=s.maxAge){var d=Math.floor(s.maxAge);if(!isFinite(d))throw new TypeError("option maxAge is invalid");l+="; Max-Age="+d}if(s.domain){if(!o.test(s.domain))throw new TypeError("option domain is invalid");l+="; Domain="+s.domain}if(s.path){if(!i.test(s.path))throw new TypeError("option path is invalid");l+="; Path="+s.path}if(s.expires){var h=s.expires;if(!function(t){return"[object Date]"===e.call(t)}(h)||isNaN(h.valueOf()))throw new TypeError("option expires is invalid");l+="; Expires="+h.toUTCString()}s.httpOnly&&(l+="; HttpOnly");s.secure&&(l+="; Secure");s.partitioned&&(l+="; Partitioned");if(s.priority){switch("string"==typeof s.priority?s.priority.toLowerCase():s.priority){case"low":l+="; Priority=Low";break;case"medium":l+="; Priority=Medium";break;case"high":l+="; Priority=High";break;default:throw new TypeError("option priority is invalid")}}if(s.sameSite){switch("string"==typeof s.sameSite?s.sameSite.toLowerCase():s.sameSite){case!0:l+="; SameSite=Strict";break;case"lax":l+="; SameSite=Lax";break;case"strict":l+="; SameSite=Strict";break;case"none":l+="; SameSite=None";break;default:throw new TypeError("option sameSite is invalid")}}return l};var e=Object.prototype.toString,t=Object.prototype.hasOwnProperty,n=/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/,r=/^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/,o=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,i=/^[\u0020-\u003A\u003D-\u007E]*$/;function a(e,t,n){do{var r=e.charCodeAt(t);if(32!==r&&9!==r)return t}while(++t<n);return n}function s(e,t,n){for(;t>n;){var r=e.charCodeAt(--t);if(32!==r&&9!==r)return t+1}return n}function c(e){return-1!==e.indexOf("%")?decodeURIComponent(e):e}function u(e,t){try{return t(e)}catch(n){return e}}return v}());var w,m;const k=p(function(){if(m)return w;m=1;var e=1/0,t=17976931348623157e292,n=NaN,r="[object Symbol]",o=/^\s+|\s+$/g,i=/^[-+]0x[0-9a-f]+$/i,a=/^0b[01]+$/i,s=/^0o[0-7]+$/i,c=parseInt,u=Object.prototype.toString;function l(e){var t=typeof e;return!!e&&("object"==t||"function"==t)}return w=function(d,h,f){return d&&d.length?function(e,t,n){var r=-1,o=e.length;t<0&&(t=-t>o?0:o+t),(n=n>o?o:n)<0&&(n+=o),o=t>n?0:n-t>>>0,t>>>=0;for(var i=Array(o);++r<o;)i[r]=e[r+t];return i}(d,0,(h=f||void 0===h?1:(p=function(d){return d?(d=function(e){if("number"==typeof e)return e;if(function(e){return"symbol"==typeof e||function(e){return!!e&&"object"==typeof e}(e)&&u.call(e)==r}(e))return n;if(l(e)){var t="function"==typeof e.valueOf?e.valueOf():e;e=l(t)?t+"":t}if("string"!=typeof e)return 0===e?e:+e;e=e.replace(o,"");var d=a.test(e);return d||s.test(e)?c(e.slice(2),d?2:8):i.test(e)?n:+e}(d))===e||d===-1/0?(d<0?-1:1)*t:d==d?d:0:0===d?d:0}(h),g=p%1,p==p?g?p-g:p:0))<0?0:h):[];var p,g}}());const b=new(function(){return i(function e(){o(this,e)},[{key:"onLoad",value:function(e){"undefined"!=typeof window&&(window.onload=e)}},{key:"isLocalHost",value:function(){return"undefined"!=typeof window&&window.location&&("localhost"===window.location.hostname||"127.0.0.1"===window.location.hostname)}},{key:"getCurrentLocation",value:function(){return"undefined"!=typeof window&&new URL(window.location)||new URL("http://localhost:8080")}},{key:"getDocument",value:function(){return"undefined"==typeof window||"undefined"==typeof document?null:document}},{key:"assign",value:function(e){return"undefined"==typeof window?null:window.location.assign(e.toString())}},{key:"open",value:function(e){return"undefined"==typeof window?null:window.open(e.toString())}}])}());function C(e){var t=e;t.startsWith("http")||(t="https://".concat(t));var n=new URL(t),r=n.host.match(/^([a-z0-9-]+)[.][a-z0-9-]+[.]authress[.]io$/);return r&&(n.host="".concat(r[1],".login.authress.io"),t=n.toString()),t.replace(/[/]+$/,"")}var S={"Content-Type":"application/json","X-Powered-By":"Authress Login SDK; Javascript; ".concat("2.6.410")},I=new Set(["Failed to fetch","NetworkError when attempting to fetch resource.","The Internet connection appears to be offline.","Network request failed","fetch failed","Load failed","<HTML DOCUMENT></HTML>"]);function A(e){return"Network Error"===e.message||"ERR_NETWORK"===e.code||!e.status||e.status>=500||"string"==typeof e.message&&I.has(e.message)||"string"==typeof e.data&&I.has(e.data)}function L(e){return U.apply(this,arguments)}function U(){return(U=r(s().m(function e(t){var n,r,o,i,a;return s().w(function(e){for(;;)switch(e.n){case 0:n=null,r=s().m(function e(r){var o,i;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,t();case 1:return o=e.v,e.a(2,{v:o});case 2:if(e.p=2,(i=e.v).retryCount=r,A(i)){e.n=3;break}throw i;case 3:return(n=i).isNetworkError=!0,e.n=4,new Promise(function(e){return setTimeout(e,10*Math.pow(2,r))});case 4:return e.a(2,0)}},e,null,[[0,2]])}),i=0;case 1:if(!(i<5)){e.n=5;break}return e.d(u(r(i)),2);case 2:if(0!==(o=e.v)){e.n=3;break}return e.a(3,4);case 3:if(!o){e.n=4;break}return e.a(2,o.v);case 4:i++,e.n=1;break;case 5:throw(a=new Error("[Authress Login SDK] Http Request failed due to a Network Error even after multiple retries",{cause:n})).code="AuthressSdkNetworkError",a;case 6:return e.a(2)}},e)}))).apply(this,arguments)}var T=function(){return i(function e(t,n){if(o(this,e),!t)throw Error("Custom Authress Domain Host is required");this.logger=n;var r=new URL(C(t));this.loginUrl="".concat(r.origin,"/api")},[{key:"get",value:function(e,t,n,r){var o=this;return L(function(){return o.fetchWrapper("GET",e,null,n,t,r)})}},{key:"delete",value:function(e,t,n,r){var o=this;return L(function(){return o.fetchWrapper("DELETE",e,null,n,t,r)})}},{key:"post",value:function(e,t,n,r,o){var i=this;return L(function(){return i.fetchWrapper("POST",e,n,r,t,o)})}},{key:"put",value:function(e,t,n,r,o){var i=this;return L(function(){return i.fetchWrapper("PUT",e,n,r,t,o)})}},{key:"patch",value:function(e,t,n,r,o){var i=this;return L(function(){return i.fetchWrapper("PATCH",e,n,r,t,o)})}},{key:"fetchWrapper",value:(e=r(s().m(function e(t,n,r,o,i,a){var c,u,l,d,h,f,p,g,v,y,w,m,k;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return c="".concat(this.loginUrl).concat(n.toString()),u=t.toUpperCase(),l=Object.assign({},S,o),e.p=1,this.logger.debug({title:"[Authress Login SDK] HttpClient Request",method:u,url:c}),d={method:u,headers:l},r&&(d.body=JSON.stringify(r)),!b.isLocalHost()&&i&&(d.credentials="include"),e.n=2,fetch(c,d);case 2:if((h=e.v).ok){e.n=3;break}throw h;case 3:return f={},e.p=4,e.n=5,h.text();case 5:f=e.v,f=JSON.parse(f),e.n=7;break;case 6:e.p=6,e.v;case 7:return e.a(2,{url:c,method:u,headers:h.headers,status:h.status,data:f});case 8:return e.p=8,k=e.v,p=k,e.p=9,e.n=10,k.text();case 10:p=e.v,p=JSON.parse(p),e.n=12;break;case 11:e.p=11,e.v;case 12:if(!(g=p.stack&&p.stack.match(/chrome-extension:[/][/](\w+)[/]/))){e.n=13;break}throw this.logger.debug({title:"[Authress Login SDK] Fetch failed due to a browser extension - ".concat(u," - ").concat(c),method:u,url:c,data:r,headers:l,error:k,resolvedError:p,extensionErrorId:g}),(v=new Error("Extension Error ID: ".concat(g))).code="BROWSER_EXTENSION_ERROR",v;case 13:throw y=k.status,w="warn",m="[Authress Login SDK] HttpClient Response Error",k?401===y?(m="[Authress Login SDK] HttpClient Response Error due to invalid token",w="debug"):404===y?(m="[Authress Login SDK] HttpClient Response: Not Found",w="debug"):y<500&&a&&(w="debug"):m="[Authress Login SDK] HttpClient Response Error - Unknown error occurred",this.logger&&this.logger[w]&&this.logger[w]({title:m,online:"undefined"==typeof navigator||navigator.onLine,method:u,url:c,status:y,data:r,headers:l,error:k,resolvedError:p}),{url:c,method:u,status:y,data:p,headers:k.headers};case 14:return e.a(2)}},e,this,[[9,11],[4,6],[1,8]])})),function(t,n,r,o,i,a){return e.apply(this,arguments)})}]);var e}();function E(e){return String.fromCharCode(parseInt(e.slice(1),16))}function x(e){return"%".concat("00".concat(e.charCodeAt(0).toString(16)).slice(-2))}const D={decode:function(e){return function(e){return decodeURIComponent(Array.from(atob(e),x).join(""))}(e.replace(/-/g,"+").replace(/_/g,"/"))},encode:function(e){return e&&"object"===h(e)?btoa(String.fromCharCode.apply(String,l(new Uint8Array(e)))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,""):function(e){return btoa(encodeURIComponent(e).replace(/%[0-9A-F]{2}/g,E))}(e).replace(/\//g,"_").replace(/\+/g,"-").replace(/=+$/,"")}};var O=function(){return i(function e(){o(this,e)},[{key:"decode",value:function(e){var t;return e?null===(t=this.decodeFull(e))||void 0===t?void 0:t.payload:null}},{key:"decodeOrParse",value:function(e){if(!e)return null;if("object"===h(e))return e;try{return JSON.parse(e)}catch(t){return this.decode(e)}}},{key:"decodeFull",value:function(e){if(!e)return null;var t=null;try{t=JSON.parse(D.decode(e.split(".")[0]))}catch(r){}try{var n=JSON.parse(D.decode(e.split(".")[1]));return n.exp&&(n.exp=n.exp-10),{header:t,payload:n}}catch(r){return null}}},{key:"getAuthCodes",value:(t=r(s().m(function e(){var t,n,r;return s().w(function(e){for(;;)switch(e.n){case 0:return t=D.encode((window.crypto||window.msCrypto).getRandomValues(new Uint32Array(16)).toString()),e.n=1,(window.crypto||window.msCrypto).subtle.digest("SHA-256",(new TextEncoder).encode(t));case 1:return n=e.v,r=D.encode(n),e.a(2,{codeVerifier:t,codeChallenge:r})}},e)})),function(){return t.apply(this,arguments)})},{key:"calculateAntiAbuseHash",value:(e=r(s().m(function e(t){var n,r,o,i,a;return s().w(function(e){for(;;)switch(e.n){case 0:n=Date.now(),r=Object.values(t).filter(function(e){return e}).join("|"),o=0,i=null;case 1:if(!++o){e.n=4;break}return a=D,e.n=2,(window.crypto||window.msCrypto).subtle.digest("SHA-256",(new TextEncoder).encode("".concat(n,";").concat(o,";").concat(r)));case 2:if(!(i=a.encode.call(a,e.v)).match(/^00/)){e.n=3;break}return e.a(3,4);case 3:e.n=1;break;case 4:return e.a(2,"v2;".concat(n,";").concat(o,";").concat(i))}},e)})),function(t){return e.apply(this,arguments)})}]);var e,t}();const P=new O;var R="AuthenticationCredentialsStorage",N={user:"user",authorization:"authorization",authCode:"auth-code",authUserId:"AuthUserId"};const _=new(function(){return i(function e(){o(this,e),this.retainUserCookie=!1},[{key:"getUserCookie",value:function(){var e=b.getDocument();return e&&e.cookie.split(";").filter(function(e){return e.split("=")[0].trim()===N.user}).map(function(e){return e.trim().replace(/^user=/,"")}).find(function(e){return e&&e.trim()})||null}},{key:"getAuthorizationTokens",value:function(){return"undefined"==typeof window||"undefined"==typeof document?[]:document.cookie.split(";").filter(function(e){return e.split("=")[0].trim()===N.authorization}).map(function(e){return e.trim().replace(/^authorization=/,"")}).filter(function(e){return e&&e.trim()})}},{key:"set",value:function(e,t){if("undefined"!=typeof window&&"undefined"!=typeof document)try{var n=y.parse(document.cookie);localStorage.setItem(R,JSON.stringify({idToken:e,expiry:t&&t.getTime(),jsCookies:!!n.authorization})),this.retainUserCookie||this.clearCookies(N.user)}catch(r){console.debug("LocalStorage failed in Browser",r)}}},{key:"get",value:function(){if("undefined"==typeof window||"undefined"==typeof document)return null;var e={};try{e=y.parse(document.cookie)}catch(i){console.debug("CookieManagement failed in Browser",i)}try{var t=JSON.parse(localStorage.getItem(R)||"{}"),n=t.idToken,r=t.expiry,o=t.jsCookies;return n?r<Date.now()||o&&!e.authorization?null:n:this.getUserCookie()}catch(i){return console.debug("LocalStorage failed in Browser",i),this.getUserCookie()}}},{key:"delete",value:function(){try{localStorage.removeItem(R)}catch(e){console.debug("LocalStorage failed in Browser",e)}try{this.clearCookies(N.user)}catch(e){console.debug("CookieManagement failed in Browser",e)}}},{key:"clear",value:function(){this.clearCookies(),this.delete()}},{key:"clearCookies",value:function(e){if("undefined"!=typeof window&&"undefined"!=typeof document){var t,n=a(document.cookie.split("; "));try{var r=function(){var n=t.value;if(!Object.values(N).includes(n.split("=")[0])||e&&n.split("=")[0]!==e)return 1;var r=window.location.hostname.split("."),o=l(Array(r.length-1)).map(function(e,t){return r.reverse().slice(0,t+2).reverse().join(".")}).map(function(e){return[e,".".concat(e)]}).flat(1).concat(null);"localhost"===window.location.hostname&&o.push("localhost");var i,s=a(o);try{for(s.s();!(i=s.n()).done;){var c=i.value,u=c?"domain=".concat(c,";"):"",d="".concat(encodeURIComponent(n.split(";")[0].split("=")[0]),"=; expires=Thu, 01-Jan-1970 00:00:01 GMT; ").concat(u," SameSite=Strict; path=");document.cookie="".concat(d,"/");for(var h=location.pathname.split("/");h.length>0;)document.cookie=d+h.join("/"),h.pop()}}catch(f){s.e(f)}finally{s.f()}};for(n.s();!(t=n.n()).done;)r()}catch(o){n.e(o)}finally{n.f()}}}}])}());var j,z=new Promise(function(e){return j=e}),H=Promise.resolve(),q=!1,K="AuthenticationRequestNonce",M=function(){return i(function e(t,n){var i,a=this;o(this,e);var c=Object.assign({applicationId:"app_default"},t),u=Object.assign({debug:function(){},log:function(){},error:function(){},warn:function(){},critical:function(){}},n||console);this.logger=u;var l=c.authressApiUrl||c.authressLoginHostUrl||c.authenticationServiceUrl||"";if(!l)throw Error('Missing required property "authressApiUrl" in LoginClient constructor. Custom Authress Domain Host is required.');if(this.applicationId=null===(i=c.applicationId)||void 0===i?void 0:i.trim(),!this.applicationId){var d=Error("Application ID is required.");throw d.code="InvalidApplication",d}if(this.applicationId.match(/^(sc_|ext_)/)){var h=Error("You have incorrectly specified an Authress Service Client or Extension as the applicationId instead of a valid application. The applicationId is your application that your users will log into, usually hosted on your domain https://example.yourdomain.com. Users cannot log *into* a Service Client, but they can log in *with* one. Users can use a Service Client to log in, by setting the connection ID in the *authenticate({ connectionId })* method to be the Authress Service Client.\n(1) If you are building an Custom Login Portal, then the application ID should correspond to this login portal.\n(2) If you are replacing or extending an Authress connection, then specify the Service Client as the connectionId and the end user application as the applicationId.\n(3) If you are building a platform or plugin marketplace, where users will log into third party extensions or apps, then distribute in your SDK a wrapper for the Authress Extension Client using: import { extensionClient } from '@authress/login' found within this SDK.\n(4) If you aren't sure what to do here to fix the problem, the fastest and usually correct solution is go to https://authress.io/app/#/settings?focus=applications create a new application, specify your site in the application url property and then update the value here.");throw h.code="InvalidApplication",h}this.hostUrl=C(l),this.httpClient=new T(this.hostUrl,u),this.lastSessionCheck=0,this.enableCredentials=this.getMatchingDomainInfo(this.hostUrl),_.retainUserCookie=t.retainUserCookie,c.skipBackgroundCredentialsCheck||b.onLoad(r(s().m(function e(){return s().w(function(e){for(;;)switch(e.n){case 0:return e.n=1,a.userSessionExists({backgroundTrigger:!0});case 1:return e.a(2)}},e)})))},[{key:"getMatchingDomainInfo",value:function(e){var t=new URL(e);if(b.isLocalHost())return!1;var n=b.getCurrentLocation();if("https:"!==n.protocol)return!1;var r,o=t.host.toLowerCase().split(".").reverse(),i=n.host.toLowerCase().split(".").reverse(),s=[],c=a(o);try{for(c.s();!(r=c.n()).done;){var u=r.value,l=k(i,s.length+1).join(".");if(s.concat(u).join(".")!==l)break;s.push(u)}}catch(d){c.e(d)}finally{c.f()}return s.length===o.length&&s.length===i.length||s.length>1}},{key:"getUserIdentity",value:function(){var e=_.getUserCookie(),t=P.decodeOrParse(e);if(t){var n=t.exp?new Date(1e3*t.exp):new Date(Date.now()+864e5);return _.set(e,n),t.userId=t.sub,t}var r=_.get(),o=P.decodeOrParse(r);if(!o)return null;var i=new URL(o.iss).hostname,a=new URL(this.hostUrl).hostname;return i.endsWith(a)||a.endsWith(i)?(o.userId=o.sub,o):(_.clear(),null)}},{key:"getConnectionCredentials",value:(I=r(s().m(function e(){var t,n;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.n=1,this.waitForUserSession();case 1:return e.p=1,e.n=2,this.ensureToken();case 2:return t=e.v,e.n=3,this.httpClient.get("/session/credentials",this.enableCredentials,{Authorization:t&&"Bearer ".concat(t)});case 3:return n=e.v,e.a(2,n.data);case 4:return e.p=4,e.v,e.a(2,null)}},e,this,[[1,4]])})),function(){return I.apply(this,arguments)})},{key:"getDevices",value:(S=r(s().m(function e(){var t,n;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,this.ensureToken();case 1:return t=e.v,e.n=2,this.httpClient.get("/session/devices",this.enableCredentials,{Authorization:t&&"Bearer ".concat(t)});case 2:return n=e.v,e.a(2,n.data.devices);case 3:return e.p=3,e.v,e.a(2,[])}},e,this,[[0,3]])})),function(){return S.apply(this,arguments)})},{key:"deleteDevice",value:(m=r(s().m(function e(t){var n,r;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,this.ensureToken();case 1:return n=e.v,e.n=2,this.httpClient.delete("/session/devices/".concat(encodeURIComponent(t)),this.enableCredentials,{Authorization:n&&"Bearer ".concat(n)});case 2:e.n=4;break;case 3:throw e.p=3,r=e.v,this.logger.log({title:"[Authress Login SDK] Failed to delete device",error:r}),r;case 4:return e.a(2)}},e,this,[[0,3]])})),function(e){return m.apply(this,arguments)})},{key:"openUserConfigurationScreen",value:(w=r(s().m(function e(){var t,n,r,o=arguments;return s().w(function(e){for(;;)switch(e.n){case 0:return t=o.length>0&&void 0!==o[0]?o[0]:{redirectUrl:null,startPage:"Profile"},e.n=1,this.userSessionExists();case 1:if(e.v){e.n=2;break}throw(n=Error("User must be logged to configure user profile data.")).code="NotLoggedIn",n;case 2:return(r=new URL("/settings",this.hostUrl)).searchParams.set("client_id",this.applicationId),r.searchParams.set("start_page",t&&t.startPage||"Profile"),r.searchParams.set("redirect_uri",t&&t.redirectUrl||b.getCurrentLocation().href),b.assign(r.toString()),e.n=3,Promise.resolve();case 3:return e.a(2)}},e,this)})),function(){return w.apply(this,arguments)})},{key:"registerDevice",value:(v=r(s().m(function e(){var t,n,r,o,i,a,c,u,d,h,f,p,g=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return t=g.length>0&&void 0!==g[0]?g[0]:{name:"",type:"",totp:{}},e.n=1,this.getUserIdentity();case 1:if(n=e.v){e.n=2;break}throw(r=Error("User must be logged to configure user profile data.")).code="NotLoggedIn",r;case 2:if(t){e.n=3;break}throw(o=Error("Register Device missing required parameter: 'Options'")).code="InvalidInput",o;case 3:if(t.type&&"WebAuthN"!==t.type){e.n=5;break}return a=n.sub,c={challenge:Uint8Array.from(a,function(e){return e.charCodeAt(0)}),rp:{id:this.hostUrl.split(".").slice(1).join("."),name:"WebAuthN Login"},user:{id:Uint8Array.from(a,function(e){return e.charCodeAt(0)}),name:a,displayName:"Generated User ID: ".concat(a)},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{residentKey:"discouraged",requireResidentKey:!1,userVerification:"discouraged"},timeout:6e4,attestation:"direct"},e.n=4,navigator.credentials.create({publicKey:c});case 4:u=e.v,d={authenticatorAttachment:u.authenticatorAttachment,credentialId:u.id,type:u.type,userId:a,attestation:btoa(String.fromCharCode.apply(String,l(new Uint8Array(u.response.attestationObject)))),client:btoa(String.fromCharCode.apply(String,l(new Uint8Array(u.response.clientDataJSON))))},i={name:t&&t.name,code:d,type:"WebAuthN"},e.n=6;break;case 5:"TOTP"===t.type&&(i={name:t.name,code:t.totp.verificationCode,totpData:t.totp,type:"TOTP"});case 6:return e.p=6,e.n=7,this.ensureToken();case 7:return h=e.v,e.n=8,this.httpClient.post("/session/devices",this.enableCredentials,i,{Authorization:h&&"Bearer ".concat(h)});case 8:return f=e.v,e.a(2,f.data);case 9:throw e.p=9,p=e.v,this.logger.log({title:"[Authress Login SDK] Failed to register new device",error:p,request:i}),p;case 10:return e.a(2)}},e,this,[[6,9]])})),function(){return v.apply(this,arguments)})},{key:"waitForUserSession",value:(g=r(s().m(function e(){return s().w(function(e){for(;;)switch(e.p=e.n){case 0:return e.p=0,e.n=1,z;case 1:return e.a(2,!0);case 2:return e.p=2,e.v,e.a(2,!1)}},e,null,[[0,2]])})),function(){return g.apply(this,arguments)})},{key:"userSessionExists",value:function(){var e=this,t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:{backgroundTrigger:!1};return Date.now()-this.lastSessionCheck<50||q?H:(this.lastSessionCheck=Date.now(),q=!0,H=H.catch(function(){}).then(r(s().m(function n(){var r,o;return s().w(function(n){for(;;)switch(n.p=n.n){case 0:return n.p=0,n.n=1,e.userSessionContinuation(null==t?void 0:t.backgroundTrigger);case 1:return r=n.v,q=!1,n.a(2,r);case 2:throw n.p=2,o=n.v,q=!1,o;case 3:return n.a(2)}},n,null,[[0,2]])}))))}},{key:"userSessionContinuation",value:(p=r(s().m(function e(){var t,n,r,o,i,a,c,u,l,d,h,f,p,g,v,w,m=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(t=m.length>0&&void 0!==m[0]&&m[0],n=new URLSearchParams(b.getCurrentLocation().search),r={},"undefined"!=typeof localStorage)try{r=JSON.parse(localStorage.getItem(K)||"{}"),localStorage.removeItem(K),Object.hasOwnProperty.call(r,"enableCredentials")&&(this.enableCredentials=r.enableCredentials)}catch(s){this.logger.debug({title:"[Authress Login SDK] LocalStorage failed in Browser",error:s})}if((r.nonce||n.get("iss")&&n.get("iss").includes(this.hostUrl))&&this.sanitizeQueryParameters(),!r.nonce||!n.get("code")){e.n=6;break}if(r.nonce!==n.get("nonce")){e.n=6;break}return o="cookie"===n.get("code")?y.parse(document.cookie)["auth-code"]:n.get("code"),e.n=1,P.calculateAntiAbuseHash({client_id:this.applicationId,authenticationRequestId:r.nonce,code:o});case 1:return i=e.v,a={grant_type:"authorization_code",redirect_uri:r.redirectUrl,client_id:this.applicationId,code:o,code_verifier:r.codeVerifier,antiAbuseHash:i},e.p=2,e.n=3,this.httpClient.post("/authentication/".concat(r.nonce,"/tokens"),this.enableCredentials,a);case 3:return c=e.v,u=P.decode(c.data.id_token),l=u.exp&&new Date(1e3*u.exp)||c.data.expires_in&&new Date(Date.now()+1e3*c.data.expires_in),document.cookie=y.serialize("authorization",c.data.access_token||"",{expires:l,path:"/",sameSite:"strict"}),_.set(c.data.id_token,l),j(),e.a(2,!0);case 4:if(e.p=4,v=e.v,this.logger.log({title:"[Authress Login SDK] Failed exchange authentication response for a token.",error:v}),!v.data||"invalid_request"!==v.data.error){e.n=5;break}return e.a(2,!1);case 5:throw v.data||v;case 6:if(!b.isLocalHost()){e.n=7;break}if(!n.get("nonce")||!n.get("access_token")){e.n=7;break}if(r.nonce&&r.nonce!==n.get("nonce")){e.n=7;break}return d=P.decode(n.get("id_token")),h=d.exp&&new Date(1e3*d.exp)||Number(n.get("expires_in"))&&new Date(Date.now()+1e3*Number(n.get("expires_in"))),document.cookie=y.serialize("authorization",n.get("access_token")||"",{expires:h,path:"/",sameSite:"strict"}),_.set(n.get("id_token"),h),j(),e.a(2,!0);case 7:if(!this.getUserIdentity()){e.n=8;break}return j(),e.a(2,!0);case 8:if(b.isLocalHost()||t){e.n=13;break}return e.p=9,e.n=10,this.httpClient.patch("/session",this.enableCredentials,{},null,!0);case 10:(f=e.v).data.access_token&&(p=P.decode(f.data.id_token),g=p.exp&&new Date(1e3*p.exp)||f.data.expires_in&&new Date(Date.now()+1e3*f.data.expires_in),document.cookie=y.serialize("authorization",f.data.access_token||"",{expires:g,path:"/",sameSite:"strict"}),_.set(f.data.id_token,g)),e.n=12;break;case 11:e.p=11,400===(w=e.v).status||404===w.status||409===w.status?this.logger.log({title:"[Authress Login SDK] User does not have an existing authentication session",error:w}):this.logger.log({title:"[Authress Login SDK] Failed attempting to check if the user has an existing authentication session",error:w});case 12:if(!this.getUserIdentity()){e.n=13;break}return j(),e.a(2,!0);case 13:return e.a(2,!1)}},e,this,[[9,11],[2,4]])})),function(){return p.apply(this,arguments)})},{key:"updateExtensionAuthenticationRequest",value:(f=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f,p,g,v,y;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(n=t.state,r=t.connectionId,o=t.tenantLookupIdentifier,i=t.connectionProperties,a=t.hint,r||o||a){e.n=1;break}throw(c=Error("connectionId or tenantLookupIdentifier must be specified")).code="InvalidConnection",c;case 1:if(u=new URLSearchParams(b.getCurrentLocation().search),l=n||u.get("state")){e.n=2;break}throw(d=Error("The `state` parameters must be specified to update this authentication request")).code="InvalidAuthenticationRequest",d;case 2:if(this.enableCredentials||b.isLocalHost()){e.n=3;break}throw(h=Error('"updateExtensionAuthenticationRequest()" can only be run on sites that match the login domain. '.concat(b.getCurrentLocation().host," Does not match ").concat(this.hostUrl))).code="OriginMismatch",h;case 3:return e.p=3,f=a||o,e.n=4,P.calculateAntiAbuseHash({connectionId:r,tenantLookupIdentifier:f,authenticationRequestId:l});case 4:return p=e.v,e.n=5,this.httpClient.patch("/authentication/".concat(l),this.enableCredentials,{antiAbuseHash:p,connectionId:r,tenantLookupIdentifier:f,connectionProperties:i});case 5:if(g=e.v,new URL(g.data.authenticationUrl).hostname!==b.getCurrentLocation().hostname){e.n=6;break}return e.a(2,{authenticationUrl:g.data.authenticationUrl});case 6:b.assign(g.data.authenticationUrl),e.n=9;break;case 7:if(e.p=7,y=e.v,this.logger.log({title:"[Authress Login SDK] Failed to update extension authentication request",error:y}),!(y.status&&y.status>=400&&y.status<500)){e.n=8;break}throw(v=Error(y.data&&(y.data.title||y.data.errorCode)||y.data||"Unknown Error")).code=y.data&&y.data.errorCode,v;case 8:throw y.data||y;case 9:return e.n=10,new Promise(function(e){return setTimeout(e,5e3)});case 10:return e.a(2,null)}},e,this,[[3,7]])})),function(e){return f.apply(this,arguments)})},{key:"unlinkIdentity",value:(h=r(s().m(function e(t){var n,r,o,i,a,c,u;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(t){e.n=1;break}throw(n=Error("connectionId must be specified")).code="InvalidConnection",n;case 1:if(this.getUserIdentity()){e.n=2;break}throw(r=Error("User must be logged in to unlink an account.")).code="NotLoggedIn",r;case 2:return e.p=2,e.n=3,this.ensureToken({timeoutInMillis:100});case 3:o=e.v,e.n=5;break;case 4:if(e.p=4,"TokenTimeout"!==e.v.code){e.n=5;break}throw(i=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",i;case 5:return a=this.enableCredentials&&!b.isLocalHost()?{}:{Authorization:"Bearer ".concat(o)},e.p=6,e.n=7,this.httpClient.delete("/identities/".concat(encodeURIComponent(t)),this.enableCredentials,a);case 7:e.n=10;break;case 8:if(e.p=8,u=e.v,this.logger.log({title:"[Authress Login SDK] Failed to unlink user identity",error:u}),!(u.status&&u.status>=400&&u.status<500)){e.n=9;break}throw(c=Error(u.data&&(u.data.title||u.data.errorCode)||u.data||"Unknown Error")).code=u.data&&u.data.errorCode,c;case 9:throw u.data||u;case 10:return e.a(2)}},e,this,[[6,8],[2,4]])})),function(e){return h.apply(this,arguments)})},{key:"linkIdentityWithOneTimeCode",value:(d=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f,p,g,v,y;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(n=t.connectionId,r=t.redirectUrl,n){e.n=1;break}throw(o=Error("connectionId must be specified")).code="InvalidConnection",o;case 1:if(this.getUserIdentity()){e.n=2;break}throw(i=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",i;case 2:return e.p=2,e.n=3,this.ensureToken({timeoutInMillis:100});case 3:a=e.v,e.n=5;break;case 4:if(e.p=4,"TokenTimeout"!==e.v.code){e.n=5;break}throw(c=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",c;case 5:return e.n=6,P.getAuthCodes();case 6:return u=e.v,l=u.codeChallenge,e.n=7,P.calculateAntiAbuseHash({connectionId:n,applicationId:this.applicationId});case 7:return d=e.v,e.p=8,h=r&&new URL(r).toString(),f=h||b.getCurrentLocation().href,p=this.enableCredentials&&!b.isLocalHost()?{}:{Authorization:"Bearer ".concat(a)},e.n=9,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:d,linkIdentity:!0,redirectUrl:f,codeChallengeMethod:"S256",codeChallenge:l,connectionId:n,applicationId:this.applicationId},p);case 9:return g=e.v,e.a(2,{authenticationUrl:g.data.authenticationUrl,authenticationRequestId:g.data.authenticationRequestId});case 10:if(e.p=10,y=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start user identity link",error:y}),!(y.status&&y.status>=400&&y.status<500)){e.n=11;break}throw(v=Error(y.data&&(y.data.title||y.data.errorCode)||y.data||"Unknown Error")).code=y.data&&y.data.errorCode,v;case 11:throw y;case 12:return e.a(2)}},e,this,[[8,10],[2,4]])})),function(e){return d.apply(this,arguments)})},{key:"linkIdentity",value:(u=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f,p,g,v,y,w,m;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(n=t.connectionId,r=t.tenantLookupIdentifier,o=t.redirectUrl,i=t.connectionProperties,n||r){e.n=1;break}throw(a=Error("connectionId or tenantLookupIdentifier must be specified")).code="InvalidConnection",a;case 1:if(this.getUserIdentity()){e.n=2;break}throw(c=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",c;case 2:return e.p=2,e.n=3,this.ensureToken({timeoutInMillis:100});case 3:u=e.v,e.n=5;break;case 4:if(e.p=4,"TokenTimeout"!==e.v.code){e.n=5;break}throw(l=Error("User must be logged into an existing account before linking a second account.")).code="NotLoggedIn",l;case 5:return e.n=6,P.getAuthCodes();case 6:return d=e.v,h=d.codeChallenge,e.n=7,P.calculateAntiAbuseHash({connectionId:n,tenantLookupIdentifier:r,applicationId:this.applicationId});case 7:return f=e.v,e.p=8,p=o&&new URL(o).toString(),g=p||b.getCurrentLocation().href,v=this.enableCredentials&&!b.isLocalHost()?{}:{Authorization:"Bearer ".concat(u)},e.n=9,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:f,linkIdentity:!0,redirectUrl:g,codeChallengeMethod:"S256",codeChallenge:h,connectionId:n,tenantLookupIdentifier:r,connectionProperties:i,applicationId:this.applicationId},v);case 9:y=e.v,b.assign(y.data.authenticationUrl),e.n=12;break;case 10:if(e.p=10,m=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start user identity link",error:m}),!(m.status&&m.status>=400&&m.status<500)){e.n=11;break}throw(w=Error(m.data&&(m.data.title||m.data.errorCode)||m.data||"Unknown Error")).code=m.data&&m.data.errorCode,w;case 11:throw m;case 12:return e.n=13,new Promise(function(e){return setTimeout(e,5e3)});case 13:return e.a(2)}},e,this,[[8,10],[2,4]])})),function(e){return u.apply(this,arguments)})},{key:"authenticateWithOneTimeCode",value:(c=r(s().m(function e(){var t,n,r,o,i,a,c,u,l,d,h,f,p,g,v,y,w,m,k,C,S,I,A,L,U,T=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(r=(n=(t=T.length>0&&void 0!==T[0]?T[0]:{})||{}).serviceClientId,o=n.inviteId,i=n.redirectUrl,a=n.force,c=n.responseLocation,u=n.flowType,l=n.clearUserDataBeforeLogin,d=n.audiences,!c||"cookie"===c||"query"===c||"none"===c){e.n=1;break}throw(h=Error("Authentication response location is not valid")).code="InvalidResponseLocation",h;case 1:if(r){e.n=2;break}throw(f=Error("The Passwordless Service Client ID is required")).code="InvalidInput",f;case 2:if(!(L=!o&&!a)){e.n=4;break}return e.n=3,this.userSessionExists();case 3:L=e.v;case 4:if(!L){e.n=7;break}return e.n=5,this.ensureToken();case 5:if(p=e.v,!(g=P.decode(p))||!g.azp||r===g.azp){e.n=6;break}throw this.logger.log({title:"[Authress Login SDK] Authentication blocked because the user is already logged in, and the requested authentication parameters do not match the original session.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:g}),(v=Error('Authentication requested for user that is already logged in, but the connectionId specified does not match their existing session.\n        Recommended Options:\n          (1) If the goal is to force them to log in with this new connection and ignore their existing session, use the "force" flag.\n          (2) If the goal is link their current identity with a new from the new connection, use the linkIdentity() method.\n          (3) If the goal is skip log in if they are already logged in or force log in with the connectionId, first check if userSessionExists() and then only if "false", call authenticate().')).code="AuthenticationConstraintContention",v;case 6:return e.a(2,null);case 7:return e.n=8,P.getAuthCodes();case 8:return y=e.v,w=y.codeVerifier,m=y.codeChallenge,e.n=9,P.calculateAntiAbuseHash({serviceClientId:r,inviteId:o,applicationId:this.applicationId,audiences:d});case 9:return k=e.v,e.p=10,C=i&&new URL(i).toString(),S=C||b.getCurrentLocation().href,!1!==l&&_.clear(),e.n=11,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:k,redirectUrl:S,codeChallengeMethod:"S256",codeChallenge:m,audiences:d,connectionId:r,inviteId:o,applicationId:this.applicationId,responseLocation:c,flowType:u});case 11:return I=e.v,localStorage.setItem(K,JSON.stringify({nonce:I.data.authenticationRequestId,codeVerifier:w,lastConnectionId:r,redirectUrl:S,enableCredentials:I.data.enableCredentials})),e.a(2,{authenticationUrl:I.data.authenticationUrl,authenticationRequestId:I.data.authenticationRequestId});case 12:if(e.p=12,U=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start authentication for user",error:U}),!(U.status&&U.status>=400&&U.status<500)){e.n=13;break}throw(A=Error(U.data&&(U.data.title||U.data.errorCode)||U.data||"Unknown Error")).code=U.data&&U.data.errorCode,A;case 13:throw U.data||U;case 14:return e.a(2)}},e,this,[[10,12]])})),function(){return c.apply(this,arguments)})},{key:"authenticate",value:(n=r(s().m(function e(){var t,n,r,o,i,a,c,u,l,d,h,f,p,g,v,y,w,m,k,C,S,I,A,L,U,T,E,x,D,O=arguments;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(r=(n=(t=O.length>0&&void 0!==O[0]?O[0]:{})||{}).connectionId,o=n.tenantLookupIdentifier,i=n.inviteId,a=n.redirectUrl,c=n.force,u=n.responseLocation,l=n.flowType,d=n.connectionProperties,h=n.openType,f=n.multiAccount,p=n.clearUserDataBeforeLogin,g=n.audiences,!u||"cookie"===u||"query"===u||"none"===u){e.n=1;break}throw(v=Error("Authentication response location is not valid")).code="InvalidResponseLocation",v;case 1:if(!(x=!i&&!c&&!f)){e.n=3;break}return e.n=2,this.userSessionExists();case 2:x=e.v;case 3:if(!x){e.n=6;break}return e.n=4,this.ensureToken();case 4:if(y=e.v,w=P.decode(y),!(r&&w&&w.azp&&r!==w.azp)){e.n=5;break}throw this.logger.log({title:"[Authress Login SDK] Authentication blocked because the user is already logged in, and the requested authentication parameters do not match the original session.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:w}),(m=Error('Authentication requested for user that is already logged in, but the connectionId specified does not match their existing session.\n        Recommended Options:\n          (1) If the goal is to force them to log in with this new connection and ignore their existing session, use the "force" flag.\n          (2) If the goal is link their current identity with a new from the new connection, use the linkIdentity() method.\n          (3) If the goal is skip log in if they are already logged in or force log in with the connectionId, first check if userSessionExists() and then only if "false", call authenticate().')).code="AuthenticationConstraintContention",m;case 5:return e.a(2,null);case 6:return e.n=7,P.getAuthCodes();case 7:return k=e.v,C=k.codeVerifier,S=k.codeChallenge,e.n=8,P.calculateAntiAbuseHash({connectionId:r,tenantLookupIdentifier:o,inviteId:i,applicationId:this.applicationId,audiences:g});case 8:return I=e.v,e.p=9,A=a&&new URL(a).toString(),L=A||b.getCurrentLocation().href,!1!==p&&_.clear(),e.n=10,this.httpClient.post("/authentication",this.enableCredentials,{antiAbuseHash:I,redirectUrl:L,codeChallengeMethod:"S256",codeChallenge:S,audiences:g,connectionId:r,tenantLookupIdentifier:o,inviteId:i,connectionProperties:d,applicationId:this.applicationId,responseLocation:u,flowType:l,multiAccount:f});case 10:if(U=e.v,localStorage.setItem(K,JSON.stringify({nonce:U.data.authenticationRequestId,codeVerifier:C,lastConnectionId:r,tenantLookupIdentifier:o,redirectUrl:L,enableCredentials:U.data.enableCredentials,multiAccount:f})),U.data.authenticationUrl&&new URL(U.data.authenticationUrl).hostname!==b.getCurrentLocation().hostname){e.n=11;break}return e.a(2,{authenticationUrl:U.data.authenticationUrl,authenticationRequestId:U.data.authenticationRequestId});case 11:"tab"===h&&(T=b.open(U.data.authenticationUrl,"_blank"))&&!T.closed&&void 0!==T.closed||b.assign(U.data.authenticationUrl),e.n=14;break;case 12:if(e.p=12,D=e.v,this.logger.log({title:"[Authress Login SDK] Failed to start authentication for user",error:D}),!(D.status&&D.status>=400&&D.status<500)){e.n=13;break}throw(E=Error(D.data&&(D.data.title||D.data.errorCode)||D.data||"Unknown Error")).code=D.data&&D.data.errorCode,E;case 13:throw D.data||D;case 14:return e.n=15,new Promise(function(e){return setTimeout(e,5e3)});case 15:return e.a(2,null)}},e,this,[[9,12]])})),function(){return n.apply(this,arguments)})},{key:"ensureToken",value:(t=r(s().m(function e(t){var n,r,o,i,a,c,u,l,d,h,f=this;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(!t||0!==t.timeoutInMillis){e.n=4;break}if(this.getUserIdentity()){e.n=1;break}throw(n=Error("No token available because the user is not logged in.")).code="TokenTimeout",n;case 1:if(r=_.getAuthorizationTokens(),!(o=r.find(function(e){try{var n=P.decode(e);return(null==n?void 0:n.iss)===f.hostUrl||(f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because the issuer does not match the library configured value.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:n}),!1)}catch(r){return f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because it is no longer a valid token.",requestedAuthenticationOptions:t,currentAuthenticationSessionDataToken:e,error:r}),!1}}))){e.n=2;break}return e.a(2,o);case 2:if(!r.length){e.n=3;break}return this.logger.log({title:"[Authress Login SDK] No matching issuer token found, returning the first valid token instead."}),e.a(2,r[0]);case 3:return this.logger.error({title:"[Authress Login SDK] HttpOnly access token configuration has blocked the returning of a valid token. The application specified in the Authress LoginClient constructor has been configured to block returning access tokens via the enableAccessToToken property. To use the loginClient.ensureToken() method in production, please set the enableAccessToToken to true. Note: This setting does not affect localhost.",options:t}),e.a(2,null);case 4:return e.n=5,this.userSessionExists();case 5:return i=Object.assign({timeoutInMillis:5e3},t||{}),a=this.waitForUserSession(),c=-1===i.timeoutInMillis||i.timeoutInMillis>Math.pow(2,31)-1?Math.pow(2,31)-1:i.timeoutInMillis,u=new Promise(function(e,t){return setTimeout(t,c||0)}),e.p=6,e.n=7,Promise.race([a,u]);case 7:e.n=9;break;case 8:throw e.p=8,e.v,(l=Error("No token available because the user is still not logged in and the timeout has been exceeded. If you are seeing this error, it is because you have called ensureToken() without first validating that the user is logged. Review the route guards and checks for user sessions in your source code. ensureToken() should only ever be called after you have verified that the user is logged in.")).code="TokenTimeout",l;case 9:if(d=_.getAuthorizationTokens(),!(h=d.find(function(e){try{var n=P.decode(e);return(null==n?void 0:n.iss)===f.hostUrl||(f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because the issuer does not match the library configured value.",requestedAuthenticationOptions:t,currentAuthenticationSessionData:n}),!1)}catch(r){return f.logger.log({title:"[Authress Login SDK] Skipping stored authorization cookie because it is no longer a valid token.",requestedAuthenticationOptions:t,currentAuthenticationSessionDataToken:e,error:r}),!1}}))){e.n=10;break}return e.a(2,h);case 10:if(!d.length){e.n=11;break}return this.logger.log({title:"[Authress Login SDK] No matching issuer token found, returning the first valid token instead."}),e.a(2,d[0]);case 11:if(this.getUserIdentity()){e.n=12;break}return this.logger.error({title:"[Authress Login SDK] User completed login but the user identity still does not exist. This happened because there is a race condition in your code and why waiting for ensureToken() to complete, the user was logged out. Returning null."}),e.a(2,null);case 12:return this.logger.error({title:"[Authress Login SDK] Your Authress Application access token configuration has blocked the returning of a valid token because the setting HttpOnly has been enabled. The application specified in the Authress LoginClient constructor has been configured to block returning access tokens via the enableAccessToToken property. To use the loginClient.ensureToken() method in production, please set the enableAccessToToken to true. (LocalHost Note: This setting does not affect localhost development, and you may still see ensureToken work successfully during development, but fail with this error in production. This is because HttpOnly does not work for LocalHost)",options:t}),e.a(2,null)}},e,this,[[6,8]])})),function(e){return t.apply(this,arguments)})},{key:"logout",value:(e=r(s().m(function e(t){var n,r,o;return s().w(function(e){for(;;)switch(e.p=e.n){case 0:if(!t){e.n=5;break}e.p=1,new URL(t),n=t,e.n=5;break;case 2:e.p=2,e.v,e.p=3,n=new URL(t,b.getCurrentLocation().href).toString(),e.n=5;break;case 4:throw e.p=4,e.v,(r=Error("The logout redirect url is not valid URL: ".concat(t))).code="InvalidRedirectUrl",r;case 5:if(_.clear(),this.sanitizeQueryParameters(),z=new Promise(function(e){return j=e}),!this.enableCredentials){e.n=9;break}return e.p=6,e.n=7,this.httpClient.delete("/session",this.enableCredentials);case 7:return this.lastSessionCheck=0,t&&t!==b.getCurrentLocation().href&&b.assign(t),e.a(2);case 8:e.p=8,e.v;case 9:return(o=new URL("/logout",this.hostUrl)).searchParams.set("redirect_uri",n||b.getCurrentLocation().href),o.searchParams.set("client_id",this.applicationId),b.assign(o.toString()),this.lastSessionCheck=0,e.n=10,new Promise(function(e){return setTimeout(e,500)});case 10:return e.a(2)}},e,this,[[6,8],[3,4],[1,2]])})),function(t){return e.apply(this,arguments)})},{key:"sanitizeQueryParameters",value:function(){var e=new URL(b.getCurrentLocation());e.searchParams.delete("iss"),e.searchParams.delete("nonce"),e.searchParams.delete("code"),e.searchParams.delete("expires_in"),e.searchParams.delete("access_token"),e.searchParams.delete("id_token"),history.replaceState({},void 0,e.toString())}}]);var e,t,n,c,u,d,h,f,p,g,v,w,m,S,I}();e.LoginClient=M,e.UserConfigurationScreen={Profile:"Profile",MFA:"MFA"},Object.defineProperty(e,Symbol.toStringTag,{value:"Module"})});
 //# sourceMappingURL=authress.min.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@authress/login",
-  "version": "2.6.408",
+  "version": "2.6.410",
   "description": "Universal login sdk for Authress authentication as a service. Provides managed authentication for user identity, authentication, and token verification.",
   "type": "module",
   "module": "./src/index.js",
@@ -39,12 +39,10 @@
     "commander": "^4.0.1",
     "eslint": "^9.39.1",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-mocha": "^7.0.1",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "^6.1.1",
     "fs-extra": "^8.1.0",
     "glob": "^7.1.6",
-    "mocha": "^11.1.0",
     "sinon": "^7.5.0",
     "sinon-chai": "^3.3.0",
     "terser": "^5.44.1",