npm - @authrim/core - Versions diffs - 0.1.11 → 0.1.12 - Mend

@authrim/core 0.1.11 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -1607,6 +1607,251 @@ declare class PKCEHelper {
     generateCodeChallenge(verifier: string): Promise<string>;
 }
+/**
+ * Debug Module Types
+ *
+ * Types for debugging and observability features.
+ */
+/**
+ * Debug options for SDK initialization
+ */
+interface DebugOptions {
+    /** Enable debug mode */
+    enabled: boolean;
+    /** Enable verbose logging */
+    verbose?: boolean;
+    /** Include timestamps in logs */
+    logTimestamps?: boolean;
+    /** Custom logger implementation */
+    logger?: DebugLogger;
+    /** Maximum events to keep in timeline (default: 100) */
+    maxTimelineEvents?: number;
+    /** Redaction level for sensitive data */
+    redactLevel?: RedactLevel;
+}
+/**
+ * Debug logger interface
+ */
+interface DebugLogger {
+    /** Log a message with optional data */
+    log(level: DebugLogLevel, message: string, data?: unknown): void;
+}
+/**
+ * Debug log levels
+ */
+type DebugLogLevel = 'debug' | 'info' | 'warn' | 'error';
+/**
+ * Redaction level for sensitive data
+ *
+ * - 'default': Mask token values, keep structure
+ * - 'none': No redaction (only for development)
+ * - 'aggressive': Mask tokens and URL parameters
+ */
+type RedactLevel = 'default' | 'none' | 'aggressive';
+/**
+ * Diagnostic Logger for SDK
+ *
+ * Provides diagnostic logging capabilities for debugging, troubleshooting,
+ * and OIDF conformance testing. Integrates with server-side diagnostic logs
+ * via diagnosticSessionId.
+ *
+ * Features:
+ * - ID Token validation step logging
+ * - Authentication decision logging
+ * - Session ID correlation with server logs
+ * - Console output and optional collection
+ */
+/**
+ * Diagnostic log level
+ */
+type DiagnosticLogLevel = 'debug' | 'info' | 'warn' | 'error';
+/**
+ * Token validation step
+ */
+type TokenValidationStep = 'issuer-check' | 'audience-check' | 'expiry-check' | 'nonce-check' | 'signature-check' | 'hash-check';
+/**
+ * Base diagnostic log entry
+ */
+interface BaseDiagnosticLogEntry {
+    /** Unique log entry ID */
+    id: string;
+    /** Diagnostic session ID (for correlation with server logs) */
+    diagnosticSessionId: string;
+    /** Log category */
+    category: string;
+    /** Log level */
+    level: DiagnosticLogLevel;
+    /** Timestamp (Unix epoch in milliseconds) */
+    timestamp: number;
+    /** Additional metadata */
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Token Validation Log Entry
+ */
+interface TokenValidationLogEntry extends BaseDiagnosticLogEntry {
+    category: 'token-validation';
+    /** Validation step */
+    step: TokenValidationStep;
+    /** Token type (id_token, access_token, etc.) */
+    tokenType: string;
+    /** Validation result */
+    result: 'pass' | 'fail';
+    /** Expected value (for validation) */
+    expected?: unknown;
+    /** Actual value (for validation) */
+    actual?: unknown;
+    /** Error message (if failed) */
+    errorMessage?: string;
+    /** Additional validation details */
+    details?: Record<string, unknown>;
+}
+/**
+ * Authentication Decision Log Entry
+ */
+interface AuthDecisionLogEntry extends BaseDiagnosticLogEntry {
+    category: 'auth-decision';
+    /** Final authentication decision */
+    decision: 'allow' | 'deny';
+    /** Reason for the decision */
+    reason: string;
+    /** Authentication flow */
+    flow?: string;
+    /** Additional decision context */
+    context?: Record<string, unknown>;
+}
+/**
+ * Union type of all diagnostic log entries
+ */
+type DiagnosticLogEntry = TokenValidationLogEntry | AuthDecisionLogEntry;
+/**
+ * Common interface for diagnostic loggers
+ *
+ * This interface allows different diagnostic logger implementations
+ * (Core SDK, Web SDK, Node SDK) to be used interchangeably.
+ */
+interface IDiagnosticLogger {
+    /**
+     * Get diagnostic session ID
+     */
+    getDiagnosticSessionId(): string;
+    /**
+     * Check if diagnostic logging is enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Log token validation step
+     */
+    logTokenValidation(options: {
+        step: TokenValidationStep;
+        tokenType: string;
+        result: 'pass' | 'fail';
+        expected?: unknown;
+        actual?: unknown;
+        errorMessage?: string;
+        details?: Record<string, unknown>;
+    }): void;
+    /**
+     * Log authentication decision
+     */
+    logAuthDecision(options: {
+        decision: 'allow' | 'deny';
+        reason: string;
+        flow?: string;
+        context?: Record<string, unknown>;
+    }): void;
+}
+/**
+ * Diagnostic logger options
+ */
+interface DiagnosticLoggerOptions {
+    /** Enable diagnostic logging */
+    enabled: boolean;
+    /** Underlying debug logger */
+    debugLogger?: DebugLogger;
+    /** Collect logs in memory for export */
+    collectLogs?: boolean;
+    /** Maximum number of logs to collect (default: 1000) */
+    maxLogs?: number;
+}
+/**
+ * Diagnostic Logger for SDK
+ */
+declare class DiagnosticLogger implements IDiagnosticLogger {
+    private diagnosticSessionId;
+    private enabled;
+    private debugLogger?;
+    private collectLogs;
+    private maxLogs;
+    private logs;
+    constructor(options: DiagnosticLoggerOptions);
+    /**
+     * Get diagnostic session ID
+     *
+     * This ID should be sent to the server via X-Diagnostic-Session-Id header
+     * to correlate SDK logs with server logs.
+     */
+    getDiagnosticSessionId(): string;
+    /**
+     * Check if diagnostic logging is enabled
+     */
+    isEnabled(): boolean;
+    /**
+     * Log token validation step
+     */
+    logTokenValidation(options: {
+        step: TokenValidationStep;
+        tokenType: string;
+        result: 'pass' | 'fail';
+        expected?: unknown;
+        actual?: unknown;
+        errorMessage?: string;
+        details?: Record<string, unknown>;
+    }): void;
+    /**
+     * Log authentication decision
+     */
+    logAuthDecision(options: {
+        decision: 'allow' | 'deny';
+        reason: string;
+        flow?: string;
+        context?: Record<string, unknown>;
+    }): void;
+    /**
+     * Get all collected logs
+     */
+    getLogs(): DiagnosticLogEntry[];
+    /**
+     * Export logs as JSON string
+     */
+    exportLogs(): string;
+    /**
+     * Clear collected logs
+     */
+    clearLogs(): void;
+    /**
+     * Write log entry (internal)
+     */
+    private writeLog;
+    /**
+     * Generate diagnostic session ID
+     */
+    private generateSessionId;
+    /**
+     * Generate log entry ID
+     */
+    private generateEntryId;
+}
+/**
+ * Create a diagnostic logger
+ *
+ * @param options - Logger options
+ * @returns DiagnosticLogger instance or null if disabled
+ */
+declare function createDiagnosticLogger(options: DiagnosticLoggerOptions): DiagnosticLogger | null;
 /**
  * Authorization Code Flow
  *
@@ -1706,7 +1951,12 @@ interface ExchangeCodeOptions {
 declare class AuthorizationCodeFlow {
     private readonly http;
     private readonly clientId;
+    private diagnosticLogger?;
     constructor(http: HttpClient, clientId: string);
+    /**
+     * Set diagnostic logger for this flow
+     */
+    setDiagnosticLogger(logger: IDiagnosticLogger | null | undefined): void;
     /**
      * Build authorization URL
      *
@@ -2060,6 +2310,8 @@ declare class AuthrimClient {
     private readonly normalizedIssuer;
     /** Whether the client has been initialized */
     private initialized;
+    /** Diagnostic logger (optional, for OIDF conformance testing) */
+    private diagnosticLogger;
     /**
      * Get the event emitter for subscribing to SDK events
      */
@@ -2333,6 +2585,24 @@ declare class AuthrimClient {
      * @returns Logout result
      */
     logout(options?: LogoutOptions): Promise<LogoutResult>;
+    /**
+     * Set diagnostic logger for OIDF conformance testing
+     *
+     * When a diagnostic logger is set, the SDK will log token validation steps,
+     * authentication decisions, and other diagnostic information.
+     *
+     * @param logger - Diagnostic logger instance (or null to disable)
+     */
+    setDiagnosticLogger(logger: IDiagnosticLogger | null): void;
+    /**
+     * Get diagnostic session ID (if diagnostic logging is enabled)
+     *
+     * This ID should be sent to the server via X-Diagnostic-Session-Id header
+     * to correlate SDK logs with server logs.
+     *
+     * @returns Diagnostic session ID or null if diagnostic logging is disabled
+     */
+    getDiagnosticSessionId(): string | null;
     /**
      * Subscribe to an event
      *
@@ -4012,48 +4282,6 @@ declare class FrontChannelLogoutUrlBuilder {
     validateRequest(url: string | URL, expected?: FrontChannelLogoutValidationOptions): FrontChannelLogoutValidationResult;
 }
-/**
- * Debug Module Types
- *
- * Types for debugging and observability features.
- */
-/**
- * Debug options for SDK initialization
- */
-interface DebugOptions {
-    /** Enable debug mode */
-    enabled: boolean;
-    /** Enable verbose logging */
-    verbose?: boolean;
-    /** Include timestamps in logs */
-    logTimestamps?: boolean;
-    /** Custom logger implementation */
-    logger?: DebugLogger;
-    /** Maximum events to keep in timeline (default: 100) */
-    maxTimelineEvents?: number;
-    /** Redaction level for sensitive data */
-    redactLevel?: RedactLevel;
-}
-/**
- * Debug logger interface
- */
-interface DebugLogger {
-    /** Log a message with optional data */
-    log(level: DebugLogLevel, message: string, data?: unknown): void;
-}
-/**
- * Debug log levels
- */
-type DebugLogLevel = 'debug' | 'info' | 'warn' | 'error';
-/**
- * Redaction level for sensitive data
- *
- * - 'default': Mask token values, keep structure
- * - 'none': No redaction (only for development)
- * - 'aggressive': Mask tokens and URL parameters
- */
-type RedactLevel = 'default' | 'none' | 'aggressive';
 /**
  * Event Timeline
  *
@@ -5117,4 +5345,4 @@ interface SilentLoginStateData {
     rt: string;
 }
-export { type AddressClaim, type AttestationConveyancePreferenceType, type AuthCallbackCompleteEvent, type AuthCallbackEvent, type AuthCallbackProcessingEvent, type AuthFallbackEvent, type AuthInitEvent, type AuthLoginCompleteEvent, type AuthLogoutCompleteEvent, type AuthPopupBlockedEvent, type AuthRedirectingEvent, type AuthRequiredEvent, type AuthResult, type AuthState, type AuthStateSnapshot, type AuthState$1 as AuthStateType, type AuthenticationExtensionsClientInputsType, type AuthenticationResponseJSON, type AuthenticatorAssertionResponseJSON, type AuthenticatorAttachmentType, type AuthenticatorAttestationResponseJSON, type AuthenticatorSelectionCriteriaType, type AuthenticatorTransportType, AuthorizationCodeFlow, type AuthorizationContext, type AuthorizationUrlResult, AuthrimClient, type AuthrimClientConfig, AuthrimError, type AuthrimErrorCode, type AuthrimErrorMeta, type AuthrimErrorOptions, type AuthrimErrorRemediation, type AuthrimErrorSeverity, type AuthrimErrorUserAction, type AuthrimEventHandler, type AuthrimEventName, type AuthrimEvents, type AuthrimStorage, type AutoRefreshOptions, AutoRefreshScheduler, type BaseEventPayload, type BuildAuthorizationUrlOptions, type COSEAlgorithmIdentifier, type CheckSessionMessage, type CheckSessionResponse, type ClientAssertionClaims, type ClientAuthMethod, type ClientAuthResult, type ClientCredentials, ClientCredentialsClient, type ClientCredentialsClientOptions, type ClientCredentialsTokenOptions, type ClientSecretCredentials, type CodeChallengeMethod, type CoreEventName, type CryptoProvider, type DPoPCryptoProvider, type DPoPKeyPair, DPoPManager, type DPoPManagerConfig, type DPoPProofClaims, type DPoPProofHeader, type DPoPProofOptions, DebugContext, type DebugLogLevel, type DebugLogger, type DebugOptions, type DebugTimelineEvent, type DecodedJwt, type DeviceAuthorizationResponse, type DeviceFlowAccessDeniedResult, DeviceFlowClient, type DeviceFlowCompletedResult, type DeviceFlowExpiredResult, type DeviceFlowPendingResult, type DeviceFlowPollResult, type DeviceFlowSlowDownResult, type DeviceFlowStartOptions, type DeviceFlowState, type DirectAuthClient, type DirectAuthClientConfig, type DirectAuthError, type DirectAuthLogoutOptions, type DirectAuthTokenRequest, type DirectAuthTokenResponse, DiscoveryClient, type EmailCodeAuth, type EmailCodeSendOptions, type EmailCodeSendRequest, type EmailCodeSendResponse, type EmailCodeSendResult, type EmailCodeVerifyOptions, type EmailCodeVerifyRequest, type EmailCodeVerifyResponse, type EmitClassifiedErrorOptions, type EndpointOverrides, type ErrorClassification, type ErrorEvent, type ErrorEventEmitter, type ErrorEventPayload, type ErrorFatalEvent, type ErrorRecoverableEvent, type ErrorSeverity, EventEmitter, EventTimeline, type ExchangeCodeOptions, type FrontChannelLogoutBuildParams, type FrontChannelLogoutParams, FrontChannelLogoutUrlBuilder, type FrontChannelLogoutUrlOptions, type FrontChannelLogoutUrlResult, type FrontChannelLogoutValidationOptions, type FrontChannelLogoutValidationResult, type GenerateAuthStateOptions, type HashOptions, type HttpClient, type HttpOptions, type HttpResponse, type IntrospectTokenOptions, type IntrospectionResponse, type IntrospectionTokenTypeHint, JARBuilder, type JARBuilderConfig, type JARMResponseClaims, type JARMValidationOptions, type JARMValidationResult, JARMValidator, type JARMValidatorConfig, type JARRequestObjectClaims, type JARRequestOptions, type JWK, type JwtHeader, LogoutHandler, type LogoutHandlerOptions, type LogoutOptions, type LogoutResult, type LogoutTokenClaims, type MfaMethod, type NextAction, type NoClientCredentials, type OAuthErrorResponse, type OIDCDiscoveryDocument, PARClient, type PARClientOptions, type PARRequest, type PARResponse, type PARResult, PKCEHelper, type PKCEPair, type PasskeyAuth, type PasskeyCredential, type PasskeyLoginFinishRequest, type PasskeyLoginFinishResponse, type PasskeyLoginOptions, type PasskeyLoginStartRequest, type PasskeyLoginStartResponse, type PasskeyRegisterOptions, type PasskeySignUpOptions, type PasskeySignupFinishRequest, type PasskeySignupFinishResponse, type PasskeySignupStartRequest, type PasskeySignupStartResponse, type PrivateKeyJwtCredentials, type PublicKeyCredentialCreationOptionsJSON, type PublicKeyCredentialDescriptorJSON, type PublicKeyCredentialParametersType, type PublicKeyCredentialRequestOptionsJSON, type PublicKeyCredentialRpEntityType, type PublicKeyCredentialType, type PublicKeyCredentialUserEntityJSON, type RedactLevel, type RegistrationResponseJSON, type ResidentKeyRequirementType, type ResolvedConfig, type RetryOptions, type RevokeTokenOptions, STORAGE_KEYS, type Session, type SessionAuth, type SessionChangeEvent, type SessionChangedEvent, type SessionCheckResult, type SessionEndedEvent, type SessionLogoutBroadcastEvent, type SessionManagementConfig, SessionManager, type SessionManagerOptions, type SessionStartedEvent, type SessionState, SessionStateCalculator, type SessionStateCalculatorOptions, type SessionStateParams, type SessionStateResult, type SessionSyncEvent, SilentAuthHandler, type SilentAuthOptions, type SilentAuthResult, type SilentAuthUrlResult, type SilentLoginResult, type SilentLoginStateData, type SocialAuth, type SocialLoginOptions, type SocialProvider, type StandardClaims, type StateChangeEvent, StateManager, TOKEN_TYPE_URIS, type TimelineEntry, TokenApiClient, type TokenApiClientOptions, type TokenErrorEvent, type TokenExchangeRequest, type TokenExchangeResponse, type TokenExchangeResult, type TokenExchangedEvent, type TokenExpiredEvent, type TokenExpiringEvent, TokenIntrospector, type TokenIntrospectorOptions, TokenManager, type TokenManagerOptions, type TokenRefreshFailedEvent, type TokenRefreshedEvent, type TokenRefreshingEvent, type TokenResponse, TokenRevoker, type TokenRevokerOptions, type TokenSet, type TokenTypeHint, type TokenTypeUri, type TrySilentLoginOptions, type User, type UserInfo, type UserVerificationRequirementType, type WarningITPEvent, type WarningPrivateModeEvent, type WarningStorageFallbackEvent, type WebOnlyEventName, base64urlDecode, base64urlEncode, base64urlToString, buildClientAuthentication, calculateBackoffDelay, calculateDsHash, classifyError, createAuthrimClient, createCancellableOperation, createConsoleLogger, createDebugLogger, createRetryFunction, decodeIdToken, decodeJwt, emitClassifiedError, getErrorMeta, getIdTokenNonce, isCancellationError, isJarRequired, isJwtExpired, isRetryableError, noopLogger, normalizeIssuer, parseRetryAfterHeader, raceWithCancellation, resolveConfig, sleep, stringToBase64url, timingSafeEqual, withAbortSignal, withRetry };
+export { type AddressClaim, type AttestationConveyancePreferenceType, type AuthCallbackCompleteEvent, type AuthCallbackEvent, type AuthCallbackProcessingEvent, type AuthDecisionLogEntry, type AuthFallbackEvent, type AuthInitEvent, type AuthLoginCompleteEvent, type AuthLogoutCompleteEvent, type AuthPopupBlockedEvent, type AuthRedirectingEvent, type AuthRequiredEvent, type AuthResult, type AuthState, type AuthStateSnapshot, type AuthState$1 as AuthStateType, type AuthenticationExtensionsClientInputsType, type AuthenticationResponseJSON, type AuthenticatorAssertionResponseJSON, type AuthenticatorAttachmentType, type AuthenticatorAttestationResponseJSON, type AuthenticatorSelectionCriteriaType, type AuthenticatorTransportType, AuthorizationCodeFlow, type AuthorizationContext, type AuthorizationUrlResult, AuthrimClient, type AuthrimClientConfig, AuthrimError, type AuthrimErrorCode, type AuthrimErrorMeta, type AuthrimErrorOptions, type AuthrimErrorRemediation, type AuthrimErrorSeverity, type AuthrimErrorUserAction, type AuthrimEventHandler, type AuthrimEventName, type AuthrimEvents, type AuthrimStorage, type AutoRefreshOptions, AutoRefreshScheduler, type BaseDiagnosticLogEntry, type BaseEventPayload, type BuildAuthorizationUrlOptions, type COSEAlgorithmIdentifier, type CheckSessionMessage, type CheckSessionResponse, type ClientAssertionClaims, type ClientAuthMethod, type ClientAuthResult, type ClientCredentials, ClientCredentialsClient, type ClientCredentialsClientOptions, type ClientCredentialsTokenOptions, type ClientSecretCredentials, type CodeChallengeMethod, type CoreEventName, type CryptoProvider, type DPoPCryptoProvider, type DPoPKeyPair, DPoPManager, type DPoPManagerConfig, type DPoPProofClaims, type DPoPProofHeader, type DPoPProofOptions, DebugContext, type DebugLogLevel, type DebugLogger, type DebugOptions, type DebugTimelineEvent, type DecodedJwt, type DeviceAuthorizationResponse, type DeviceFlowAccessDeniedResult, DeviceFlowClient, type DeviceFlowCompletedResult, type DeviceFlowExpiredResult, type DeviceFlowPendingResult, type DeviceFlowPollResult, type DeviceFlowSlowDownResult, type DeviceFlowStartOptions, type DeviceFlowState, type DiagnosticLogEntry, type DiagnosticLogLevel, DiagnosticLogger, type DiagnosticLoggerOptions, type DirectAuthClient, type DirectAuthClientConfig, type DirectAuthError, type DirectAuthLogoutOptions, type DirectAuthTokenRequest, type DirectAuthTokenResponse, DiscoveryClient, type EmailCodeAuth, type EmailCodeSendOptions, type EmailCodeSendRequest, type EmailCodeSendResponse, type EmailCodeSendResult, type EmailCodeVerifyOptions, type EmailCodeVerifyRequest, type EmailCodeVerifyResponse, type EmitClassifiedErrorOptions, type EndpointOverrides, type ErrorClassification, type ErrorEvent, type ErrorEventEmitter, type ErrorEventPayload, type ErrorFatalEvent, type ErrorRecoverableEvent, type ErrorSeverity, EventEmitter, EventTimeline, type ExchangeCodeOptions, type FrontChannelLogoutBuildParams, type FrontChannelLogoutParams, FrontChannelLogoutUrlBuilder, type FrontChannelLogoutUrlOptions, type FrontChannelLogoutUrlResult, type FrontChannelLogoutValidationOptions, type FrontChannelLogoutValidationResult, type GenerateAuthStateOptions, type HashOptions, type HttpClient, type HttpOptions, type HttpResponse, type IDiagnosticLogger, type IntrospectTokenOptions, type IntrospectionResponse, type IntrospectionTokenTypeHint, JARBuilder, type JARBuilderConfig, type JARMResponseClaims, type JARMValidationOptions, type JARMValidationResult, JARMValidator, type JARMValidatorConfig, type JARRequestObjectClaims, type JARRequestOptions, type JWK, type JwtHeader, LogoutHandler, type LogoutHandlerOptions, type LogoutOptions, type LogoutResult, type LogoutTokenClaims, type MfaMethod, type NextAction, type NoClientCredentials, type OAuthErrorResponse, type OIDCDiscoveryDocument, PARClient, type PARClientOptions, type PARRequest, type PARResponse, type PARResult, PKCEHelper, type PKCEPair, type PasskeyAuth, type PasskeyCredential, type PasskeyLoginFinishRequest, type PasskeyLoginFinishResponse, type PasskeyLoginOptions, type PasskeyLoginStartRequest, type PasskeyLoginStartResponse, type PasskeyRegisterOptions, type PasskeySignUpOptions, type PasskeySignupFinishRequest, type PasskeySignupFinishResponse, type PasskeySignupStartRequest, type PasskeySignupStartResponse, type PrivateKeyJwtCredentials, type PublicKeyCredentialCreationOptionsJSON, type PublicKeyCredentialDescriptorJSON, type PublicKeyCredentialParametersType, type PublicKeyCredentialRequestOptionsJSON, type PublicKeyCredentialRpEntityType, type PublicKeyCredentialType, type PublicKeyCredentialUserEntityJSON, type RedactLevel, type RegistrationResponseJSON, type ResidentKeyRequirementType, type ResolvedConfig, type RetryOptions, type RevokeTokenOptions, STORAGE_KEYS, type Session, type SessionAuth, type SessionChangeEvent, type SessionChangedEvent, type SessionCheckResult, type SessionEndedEvent, type SessionLogoutBroadcastEvent, type SessionManagementConfig, SessionManager, type SessionManagerOptions, type SessionStartedEvent, type SessionState, SessionStateCalculator, type SessionStateCalculatorOptions, type SessionStateParams, type SessionStateResult, type SessionSyncEvent, SilentAuthHandler, type SilentAuthOptions, type SilentAuthResult, type SilentAuthUrlResult, type SilentLoginResult, type SilentLoginStateData, type SocialAuth, type SocialLoginOptions, type SocialProvider, type StandardClaims, type StateChangeEvent, StateManager, TOKEN_TYPE_URIS, type TimelineEntry, TokenApiClient, type TokenApiClientOptions, type TokenErrorEvent, type TokenExchangeRequest, type TokenExchangeResponse, type TokenExchangeResult, type TokenExchangedEvent, type TokenExpiredEvent, type TokenExpiringEvent, TokenIntrospector, type TokenIntrospectorOptions, TokenManager, type TokenManagerOptions, type TokenRefreshFailedEvent, type TokenRefreshedEvent, type TokenRefreshingEvent, type TokenResponse, TokenRevoker, type TokenRevokerOptions, type TokenSet, type TokenTypeHint, type TokenTypeUri, type TokenValidationLogEntry, type TokenValidationStep, type TrySilentLoginOptions, type User, type UserInfo, type UserVerificationRequirementType, type WarningITPEvent, type WarningPrivateModeEvent, type WarningStorageFallbackEvent, type WebOnlyEventName, base64urlDecode, base64urlEncode, base64urlToString, buildClientAuthentication, calculateBackoffDelay, calculateDsHash, classifyError, createAuthrimClient, createCancellableOperation, createConsoleLogger, createDebugLogger, createDiagnosticLogger, createRetryFunction, decodeIdToken, decodeJwt, emitClassifiedError, getErrorMeta, getIdTokenNonce, isCancellationError, isJarRequired, isJwtExpired, isRetryableError, noopLogger, normalizeIssuer, parseRetryAfterHeader, raceWithCancellation, resolveConfig, sleep, stringToBase64url, timingSafeEqual, withAbortSignal, withRetry };