@civic/auth 0.0.1-beta.3 → 0.0.1-beta.31

package/test/unit/utils.test.ts

@@ -0,0 +1,48 @@
+import { isPopupBlocked } from "@/utils.js";
+import { vi } from "vitest";
+
+describe("isPopupBlocked", () => {
+  afterEach(() => {
+    // Reset mocks after each test
+    vi.restoreAllMocks();
+  });
+
+  it("should return true if window.open returns null", () => {
+    // Mock window.open to return null (popup blocked)
+    vi.spyOn(window, "open").mockReturnValue(null);
+
+    const result = isPopupBlocked();
+    expect(result).toBe(true);
+  });
+
+  it("should return false if window.open returns a valid popup", () => {
+    // Mock a valid popup window object
+    const mockPopup = { closed: false, close: vi.fn() } as unknown as Window;
+
+    vi.spyOn(window, "open").mockReturnValue(mockPopup);
+
+    const result = isPopupBlocked();
+    expect(result).toBe(false);
+    expect(mockPopup.close).toHaveBeenCalled(); // Ensure the popup is closed
+  });
+
+  it("should return true if window.open throws an error accessing properties", () => {
+    // Mock a popup window object that throws an error when accessing properties
+    const mockPopup = {
+      get closed() {
+        throw new Error("Blocked");
+      },
+      close: vi.fn(),
+    } as unknown as Window;
+
+    vi.spyOn(window, "open").mockReturnValue(mockPopup);
+
+    const result = isPopupBlocked();
+    expect(result).toBe(true);
+  });
+  it("should return true if popup properties are not defined", () => {
+    const mockPopup = {} as unknown as Window;
+    vi.spyOn(window, "open").mockReturnValue(mockPopup);
+    expect(isPopupBlocked()).toBe(true);
+  });
+});

package/tsconfig.build.json

@@ -0,0 +1,5 @@
+{
+  "extends": "./tsconfig.json",
+  "include": ["src"],
+  "exclude": ["test"]
+}

package/tsconfig.cjs.json

@@ -0,0 +1,8 @@
+{
+  "extends": "./tsconfig.build.json",
+  "compilerOptions": {
+    "module": "CommonJS",
+    "verbatimModuleSyntax": false,
+    "outDir": "dist/cjs"
+  }
+}

package/tsconfig.esm.json

@@ -0,0 +1,7 @@
+{
+  "extends": "./tsconfig.build.json",
+  "compilerOptions": {
+    "module": "NodeNext",
+    "outDir": "dist/esm"
+  }
+}

package/tsconfig.json

@@ -0,0 +1,42 @@
+{
+  "compilerOptions": {
+    "types": ["node"],
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/*"]
+    },
+    /* Base Options: */
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "target": "es2022",
+    "allowJs": true,
+    "resolveJsonModule": true,
+    "moduleDetection": "force",
+    "isolatedModules": true,
+    "verbatimModuleSyntax": true,
+
+    /* Strictness */
+    "strict": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    /* If transpiling with TypeScript: */
+    "module": "NodeNext",
+    "outDir": "dist",
+    "sourceMap": true,
+    "inlineSources": true,
+
+    /* AND if you're building for a library: */
+    "declaration": true,
+
+    /* AND if you're building for a library in a monorepo: */
+    "composite": true,
+    "declarationMap": true,
+
+    /* If your code runs in the DOM: */
+    "lib": ["es2022", "dom", "dom.iterable"],
+    "jsx": "react"
+  },
+  "include": ["src", "test", "test/support/*.json", "vitest.config.ts", "etc/scripts/**/*.ts"],
+  "exclude": ["node_modules"]
+}

package/vitest.config.ts

@@ -0,0 +1,41 @@
+/// <reference types='vitest' />
+import { defineConfig } from "vite";
+import path from "path";
+
+export default defineConfig({
+  resolve: {
+    alias: {
+      "@": path.resolve(__dirname, "./src"),
+    },
+  },
+
+  test: {
+    globals: true,
+    environment: "jsdom",
+    include: ["test/**/*.{test,spec}.{js,mjs,cjs,ts,mts,cts,jsx,tsx}"],
+    env: {
+      NODE_ENV: "development",
+    },
+    reporters: ["default"],
+    coverage: {
+      exclude: [
+        "**/node_modules/**",
+        "**/dist/**",
+        "**/build/**",
+        "postcss.config.cjs",
+        "tailwind.config.js",
+        ".eslintrc.js",
+        "tsup.config.ts",
+        "vitest.config.ts",
+      ],
+      reportsDirectory: "../../coverage/apps/civic-auth-client",
+      provider: "v8",
+      thresholds: {
+        lines: 80,
+        functions: 70,
+        branches: 85,
+        statements: 80,
+      },
+    },
+  },
+});

package/dist/chunk-4GIHS7LB.js

@@ -1,201 +0,0 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true});
-
-
-
-
-
-
-
-
-
-var _chunkVXIWRZWUjs = require('./chunk-VXIWRZWU.js');
-
-
-
-
-var _chunkCRTRMMJ7js = require('./chunk-CRTRMMJ7.js');
-
-// src/shared/storage.ts
-var DEFAULT_COOKIE_DURATION = 60 * 15;
-var CookieStorage = class {
-  constructor(settings = {}) {
-    var _a, _b, _c, _d, _e;
-    this.settings = {
-      httpOnly: (_a = settings.httpOnly) != null ? _a : true,
-      secure: (_b = settings.secure) != null ? _b : true,
-      // the callback request comes the auth server
-      // 'lax' ensures the code_verifier cookie is sent with the request
-      sameSite: (_c = settings.sameSite) != null ? _c : "lax",
-      expires: (_d = settings.expires) != null ? _d : new Date(Date.now() + 1e3 * DEFAULT_COOKIE_DURATION),
-      path: (_e = settings.path) != null ? _e : "/"
-    };
-  }
-};
-
-// src/services/PKCE.ts
-var _oauth2 = require('oslo/oauth2');
-var GenericPublicClientPKCEProducer = class {
-  constructor(storage) {
-    this.storage = storage;
-  }
-  // if there is already a verifier, return it,
-  // If not, create a new one and store it
-  getCodeChallenge() {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      const verifier = _oauth2.generateCodeVerifier.call(void 0, );
-      this.storage.set("code_verifier", verifier);
-      return _chunkVXIWRZWUjs.deriveCodeChallenge.call(void 0, verifier);
-    });
-  }
-  // if there is already a verifier, return it,
-  getCodeVerifier() {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      return this.storage.get("code_verifier");
-    });
-  }
-};
-
-// src/services/AuthenticationService.ts
-
-var GenericAuthenticationInitiator = class {
-  constructor(config) {
-    this.config = config;
-  }
-  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url
-  // and simply return the url
-  signIn() {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      return _chunkVXIWRZWUjs.generateOauthLoginUrl.call(void 0, this.config);
-    });
-  }
-  signOut() {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      return _chunkVXIWRZWUjs.generateOauthLogoutUrl.call(void 0, this.config);
-    });
-  }
-};
-
-// src/server/ServerAuthenticationResolver.ts
-
-var ServerAuthenticationResolver = class _ServerAuthenticationResolver {
-  constructor(authConfig, storage, endpointOverrides) {
-    this.authConfig = authConfig;
-    this.storage = storage;
-    this.endpointOverrides = endpointOverrides;
-    this.pkceProducer = new GenericPublicClientPKCEProducer(storage);
-  }
-  init() {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      this.endpoints = yield _chunkVXIWRZWUjs.getEndpointsWithOverrides.call(void 0, 
-        this.authConfig.oauthServer,
-        this.endpointOverrides
-      );
-      this.oauth2client = new (0, _oauth2.OAuth2Client)(
-        this.authConfig.clientId,
-        this.endpoints.auth,
-        this.endpoints.token,
-        {
-          redirectURI: this.authConfig.redirectUrl
-        }
-      );
-      return this;
-    });
-  }
-  tokenExchange(code, state) {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      if (!this.oauth2client) yield this.init();
-      const codeVerifier = yield this.pkceProducer.getCodeVerifier();
-      if (!codeVerifier) throw new Error("Code verifier not found in storage");
-      const tokens = yield _chunkVXIWRZWUjs.exchangeTokens.call(void 0, 
-        code,
-        state,
-        this.pkceProducer,
-        this.oauth2client,
-        // clean up types here to avoid the ! operator
-        this.authConfig.oauthServer,
-        this.endpoints
-        // clean up types here to avoid the ! operator
-      );
-      _chunkVXIWRZWUjs.storeTokens.call(void 0, this.storage, tokens);
-      return tokens;
-    });
-  }
-  getSessionData() {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      const storageData = _chunkVXIWRZWUjs.retrieveTokens.call(void 0, this.storage);
-      if (!storageData) return null;
-      return {
-        authenticated: !!storageData.id_token,
-        idToken: storageData.id_token,
-        accessToken: storageData.access_token,
-        refreshToken: storageData.refresh_token
-      };
-    });
-  }
-  static build(authConfig, storage, endpointOverrides) {
-    return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-      const resolver = new _ServerAuthenticationResolver(
-        authConfig,
-        storage,
-        endpointOverrides
-      );
-      yield resolver.init();
-      return resolver;
-    });
-  }
-};
-
-// src/server/login.ts
-function resolveOAuthAccessCode(code, state, storage, config) {
-  return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-    var _a;
-    const authSessionService = yield ServerAuthenticationResolver.build(
-      _chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
-        oauthServer: (_a = config.oauthServer) != null ? _a : _chunkVXIWRZWUjs.AUTH_SERVER
-      }),
-      storage,
-      config.endpointOverrides
-    );
-    return authSessionService.tokenExchange(code, state);
-  });
-}
-function isLoggedIn(storage) {
-  return !!storage.get("id_token");
-}
-function buildLoginUrl(config, storage) {
-  return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-    var _a, _b, _c;
-    const state = (_a = config.state) != null ? _a : Math.random().toString(36).substring(2);
-    const scopes = (_b = config.scopes) != null ? _b : _chunkVXIWRZWUjs.DEFAULT_SCOPES;
-    const pkceProducer = new GenericPublicClientPKCEProducer(storage);
-    const authInitiator = new GenericAuthenticationInitiator(_chunkCRTRMMJ7js.__spreadProps.call(void 0, _chunkCRTRMMJ7js.__spreadValues.call(void 0, {}, config), {
-      state,
-      scopes,
-      oauthServer: (_c = config.oauthServer) != null ? _c : _chunkVXIWRZWUjs.AUTH_SERVER,
-      // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session
-      pkceConsumer: pkceProducer
-    }));
-    return authInitiator.signIn();
-  });
-}
-
-// src/server/session.ts
-var _jwt = require('oslo/jwt');
-function getUser(storage) {
-  return _chunkCRTRMMJ7js.__async.call(void 0, this, null, function* () {
-    var _a, _b;
-    const tokens = _chunkVXIWRZWUjs.retrieveTokens.call(void 0, storage);
-    if (!tokens) return null;
-    return (_b = (_a = _jwt.parseJWT.call(void 0, tokens.id_token)) == null ? void 0 : _a.payload) != null ? _b : null;
-  });
-}
-
-
-
-
-
-
-
-
-exports.CookieStorage = CookieStorage; exports.GenericPublicClientPKCEProducer = GenericPublicClientPKCEProducer; exports.resolveOAuthAccessCode = resolveOAuthAccessCode; exports.isLoggedIn = isLoggedIn; exports.buildLoginUrl = buildLoginUrl; exports.getUser = getUser;
-//# sourceMappingURL=chunk-4GIHS7LB.js.map

package/dist/chunk-4GIHS7LB.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-4GIHS7LB.js","../src/shared/storage.ts","../src/services/PKCE.ts","../src/services/AuthenticationService.ts","../src/server/ServerAuthenticationResolver.ts","../src/server/login.ts","../src/server/session.ts"],"names":["OAuth2Client"],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,sDAA4B;AAC5B;AACE;AACA;AACA;AACF,sDAA4B;AAC5B;AACA;ACQO,IAAM,wBAAA,EAA0B,GAAA,EAAK,EAAA;AAErC,IAAe,cAAA,EAAf,MAAoD;AAAA,EAE/C,WAAA,CAAY,SAAA,EAA2C,CAAC,CAAA,EAAG;AA7BvE,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AA8BI,IAAA,IAAA,CAAK,SAAA,EAAW;AAAA,MACd,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,IAAA;AAAA,MAC/B,MAAA,EAAA,CAAQ,GAAA,EAAA,QAAA,CAAS,MAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAmB,IAAA;AAAA;AAAA;AAAA,MAG3B,QAAA,EAAA,CAAU,GAAA,EAAA,QAAA,CAAS,QAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAqB,KAAA;AAAA,MAC/B,OAAA,EAAA,CACE,GAAA,EAAA,QAAA,CAAS,OAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EACA,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,CAAI,EAAA,EAAI,IAAA,EAAO,uBAAuB,CAAA;AAAA,MACtD,IAAA,EAAA,CAAM,GAAA,EAAA,QAAA,CAAS,IAAA,EAAA,GAAT,KAAA,EAAA,GAAA,EAAiB;AAAA,IACzB,CAAA;AAAA,EACF;AAGF,CAAA;ADXA;AACA;AEjCA,qCAAqC;AAgB9B,IAAM,gCAAA,EAAN,MAA8D;AAAA,EACnE,WAAA,CAAoB,OAAA,EAAsB;AAAtB,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AAAA,EAAuB;AAAA;AAAA;AAAA,EAIrC,gBAAA,CAAA,EAAoC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAGxC,MAAA,MAAM,SAAA,EAAW,0CAAA,CAAqB;AACtC,MAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,QAAQ,CAAA;AAE1C,MAAA,OAAO,kDAAA,QAA4B,CAAA;AAAA,IACrC,CAAA,CAAA;AAAA,EAAA;AAAA;AAAA,EAEM,eAAA,CAAA,EAA0C;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC9C,MAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AAAA,IACzC,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AFsBA;AACA;AGvCA;AAqEO,IAAM,+BAAA,EAAN,MAAwE;AAAA,EAa7E,WAAA,CAAY,MAAA,EAA4B;AACtC,IAAA,IAAA,CAAK,OAAA,EAAS,MAAA;AAAA,EAChB;AAAA;AAAA;AAAA,EAIM,MAAA,CAAA,EAAuB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC3B,MAAA,OAAO,oDAAA,IAAsB,CAAK,MAAM,CAAA;AAAA,IAC1C,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,OAAA,CAAA,EAAwB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAC5B,MAAA,OAAO,qDAAA,IAAuB,CAAK,MAAM,CAAA;AAAA,IAC3C,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AHrCA;AACA;AI5EA;AAYO,IAAM,6BAAA,EAAN,MAAM,8BAA+D;AAAA,EAKlE,WAAA,CACG,UAAA,EACA,OAAA,EACA,iBAAA,EACT;AAHS,IAAA,IAAA,CAAA,WAAA,EAAA,UAAA;AACA,IAAA,IAAA,CAAA,QAAA,EAAA,OAAA;AACA,IAAA,IAAA,CAAA,kBAAA,EAAA,iBAAA;AAET,IAAA,IAAA,CAAK,aAAA,EAAe,IAAI,+BAAA,CAAgC,OAAO,CAAA;AAAA,EACjE;AAAA,EAEM,IAAA,CAAA,EAAsB;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAE1B,MAAA,IAAA,CAAK,UAAA,EAAY,MAAM,wDAAA;AAAA,QACrB,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA,MACP,CAAA;AACA,MAAA,IAAA,CAAK,aAAA,EAAe,IAAIA,yBAAAA;AAAA,QACtB,IAAA,CAAK,UAAA,CAAW,QAAA;AAAA,QAChB,IAAA,CAAK,SAAA,CAAU,IAAA;AAAA,QACf,IAAA,CAAK,SAAA,CAAU,KAAA;AAAA,QACf;AAAA,UACE,WAAA,EAAa,IAAA,CAAK,UAAA,CAAW;AAAA,QAC/B;AAAA,MACF,CAAA;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,aAAA,CACJ,IAAA,EACA,KAAA,EACgC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAChC,MAAA,GAAA,CAAI,CAAC,IAAA,CAAK,YAAA,EAAc,MAAM,IAAA,CAAK,IAAA,CAAK,CAAA;AACxC,MAAA,MAAM,aAAA,EAAe,MAAM,IAAA,CAAK,YAAA,CAAa,eAAA,CAAgB,CAAA;AAC7D,MAAA,GAAA,CAAI,CAAC,YAAA,EAAc,MAAM,IAAI,KAAA,CAAM,oCAAoC,CAAA;AAGvE,MAAA,MAAM,OAAA,EAAS,MAAM,6CAAA;AAAA,QACnB,IAAA;AAAA,QACA,KAAA;AAAA,QACA,IAAA,CAAK,YAAA;AAAA,QACL,IAAA,CAAK,YAAA;AAAA;AAAA,QACL,IAAA,CAAK,UAAA,CAAW,WAAA;AAAA,QAChB,IAAA,CAAK;AAAA;AAAA,MACP,CAAA;AAEA,MAAA,0CAAA,IAAY,CAAK,OAAA,EAAS,MAAM,CAAA;AAEhC,MAAA,OAAO,MAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AAAA,EAEM,cAAA,CAAA,EAA8C;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAClD,MAAA,MAAM,YAAA,EAAc,6CAAA,IAAe,CAAK,OAAO,CAAA;AAE/C,MAAA,GAAA,CAAI,CAAC,WAAA,EAAa,OAAO,IAAA;AAEzB,MAAA,OAAO;AAAA,QACL,aAAA,EAAe,CAAC,CAAC,WAAA,CAAY,QAAA;AAAA,QAC7B,OAAA,EAAS,WAAA,CAAY,QAAA;AAAA,QACrB,WAAA,EAAa,WAAA,CAAY,YAAA;AAAA,QACzB,YAAA,EAAc,WAAA,CAAY;AAAA,MAC5B,CAAA;AAAA,IACF,CAAA,CAAA;AAAA,EAAA;AAAA,EAEA,OAAa,KAAA,CACX,UAAA,EACA,OAAA,EACA,iBAAA,EACiC;AAAA,IAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AACjC,MAAA,MAAM,SAAA,EAAW,IAAI,6BAAA;AAAA,QACnB,UAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,MACF,CAAA;AACA,MAAA,MAAM,QAAA,CAAS,IAAA,CAAK,CAAA;AAEpB,MAAA,OAAO,QAAA;AAAA,IACT,CAAA,CAAA;AAAA,EAAA;AACF,CAAA;AJoDA;AACA;AK7HA,SAAsB,sBAAA,CACpB,IAAA,EACA,KAAA,EACA,OAAA,EACA,MAAA,EACgC;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AA3BlC,IAAA,IAAA,EAAA;AA4BE,IAAA,MAAM,mBAAA,EAAqB,MAAM,4BAAA,CAA6B,KAAA;AAAA,MAC5D,4CAAA,6CAAA,CAAA,CAAA,EACK,MAAA,CAAA,EADL;AAAA,QAEE,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB;AAAA,MACrC,CAAA,CAAA;AAAA,MACA,OAAA;AAAA,MACA,MAAA,CAAO;AAAA,IACT,CAAA;AAEA,IAAA,OAAO,kBAAA,CAAmB,aAAA,CAAc,IAAA,EAAM,KAAK,CAAA;AAAA,EACrD,CAAA,CAAA;AAAA;AAEO,SAAS,UAAA,CAAW,OAAA,EAA+B;AACxD,EAAA,OAAO,CAAC,CAAC,OAAA,CAAQ,GAAA,CAAI,UAAU,CAAA;AACjC;AAEA,SAAsB,aAAA,CACpB,MAAA,EAKA,OAAA,EACc;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAnDhB,IAAA,IAAA,EAAA,EAAA,EAAA,EAAA,EAAA;AAqDE,IAAA,MAAM,MAAA,EAAA,CAAQ,GAAA,EAAA,MAAA,CAAO,KAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAgB,IAAA,CAAK,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAA,CAAU,CAAC,CAAA;AACpE,IAAA,MAAM,OAAA,EAAA,CAAS,GAAA,EAAA,MAAA,CAAO,MAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAiB,+BAAA;AAChC,IAAA,MAAM,aAAA,EAAe,IAAI,+BAAA,CAAgC,OAAO,CAAA;AAChE,IAAA,MAAM,cAAA,EAAgB,IAAI,8BAAA,CAA+B,4CAAA,6CAAA,CAAA,CAAA,EACpD,MAAA,CAAA,EADoD;AAAA,MAEvD,KAAA;AAAA,MACA,MAAA;AAAA,MACA,WAAA,EAAA,CAAa,GAAA,EAAA,MAAA,CAAO,WAAA,EAAA,GAAP,KAAA,EAAA,GAAA,EAAsB,4BAAA;AAAA;AAAA,MAEnC,YAAA,EAAc;AAAA,IAChB,CAAA,CAAC,CAAA;AAED,IAAA,OAAO,aAAA,CAAc,MAAA,CAAO,CAAA;AAAA,EAC9B,CAAA,CAAA;AAAA;ALkHA;AACA;AMpLA,+BAAyB;AAIzB,SAAsB,OAAA,CAAQ,OAAA,EAA4C;AAAA,EAAA,OAAA,sCAAA,IAAA,EAAA,IAAA,EAAA,QAAA,EAAA,CAAA,EAAA;AAL1E,IAAA,IAAA,EAAA,EAAA,EAAA;AAME,IAAA,MAAM,OAAA,EAAS,6CAAA,OAAsB,CAAA;AACrC,IAAA,GAAA,CAAI,CAAC,MAAA,EAAQ,OAAO,IAAA;AAGpB,IAAA,OAAA,CAAQ,GAAA,EAAA,CAAA,GAAA,EAAA,2BAAA,MAAS,CAAO,QAAQ,CAAA,EAAA,GAAxB,KAAA,EAAA,KAAA,EAAA,EAAA,EAAA,CAA2B,OAAA,EAAA,GAA3B,KAAA,EAAA,GAAA,EAA+C,IAAA;AAAA,EACzD,CAAA,CAAA;AAAA;ANoLA;AACA;AACE;AACA;AACA;AACA;AACA;AACA;AACF,6QAAC","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-4GIHS7LB.js","sourcesContent":[null,"import { SessionData, UnknownObject, User } from \"@/types.js\";\n\ntype SameSiteOption = \"strict\" | \"lax\" | \"none\";\n\nexport interface SessionStorage {\n  get(): SessionData;\n  getUser(): User<UnknownObject> | null;\n  set(data: Partial<SessionData>): void;\n  setUser(data: User<UnknownObject> | null): void;\n  clear(): void;\n}\n\nexport interface AuthStorage {\n  get(key: string): string | null;\n  set(key: string, value: string): void;\n}\n\nexport type CookieStorageSettings = {\n  httpOnly: boolean;\n  secure: boolean;\n  sameSite: SameSiteOption;\n  expires: Date;\n  path: string;\n};\n\nexport const DEFAULT_COOKIE_DURATION = 60 * 15; // 15 minutes\n\nexport abstract class CookieStorage implements AuthStorage {\n  protected settings: CookieStorageSettings;\n  protected constructor(settings: Partial<CookieStorageSettings> = {}) {\n    this.settings = {\n      httpOnly: settings.httpOnly ?? true,\n      secure: settings.secure ?? true,\n      // the callback request comes the auth server\n      // 'lax' ensures the code_verifier cookie is sent with the request\n      sameSite: settings.sameSite ?? \"lax\",\n      expires:\n        settings.expires ??\n        new Date(Date.now() + 1000 * DEFAULT_COOKIE_DURATION),\n      path: settings.path ?? \"/\",\n    };\n  }\n  abstract get(key: string): string | null;\n  abstract set(key: string, value: string): void;\n}\n","import { deriveCodeChallenge } from \"@/shared/util.js\";\nimport { generateCodeVerifier } from \"oslo/oauth2\";\nimport { AuthStorage } from \"@/shared/storage.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { PKCEConsumer, PKCEProducer } from \"@/services/types.ts\";\n\n/** A PKCE consumer that retrieves the challenge from a server endpoint */\nexport class ConfidentialClientPKCEConsumer implements PKCEConsumer {\n  constructor(private pkceChallengeEndpoint: string) {}\n  async getCodeChallenge(): Promise<string> {\n    const response = await fetch(this.pkceChallengeEndpoint);\n    const data = (await response.json()) as { challenge: string };\n    return data.challenge;\n  }\n}\n\n/** A PKCE Producer that can generate and store a code verifier, but is agnostic as to the storage location */\nexport class GenericPublicClientPKCEProducer implements PKCEProducer {\n  constructor(private storage: AuthStorage) {}\n\n  // if there is already a verifier, return it,\n  // If not, create a new one and store it\n  async getCodeChallenge(): Promise<string> {\n    // let verifier = await this.getCodeVerifier();\n    // if (!verifier) {\n    const verifier = generateCodeVerifier();\n    this.storage.set(\"code_verifier\", verifier);\n    // }\n    return deriveCodeChallenge(verifier);\n  }\n  // if there is already a verifier, return it,\n  async getCodeVerifier(): Promise<string | null> {\n    return this.storage.get(\"code_verifier\");\n  }\n}\n\n/** A PKCE Producer that is expected to run on a browser, and does not need a backend */\nexport class BrowserPublicClientPKCEProducer extends GenericPublicClientPKCEProducer {\n  constructor() {\n    super(new LocalStorageAdapter());\n  }\n}\n","// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport {\n  DisplayMode,\n  Endpoints,\n  OIDCTokenResponseBody,\n  SessionData,\n} from \"@/types.js\";\nimport { BrowserPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport {\n  exchangeTokens,\n  generateOauthLoginUrl,\n  generateOauthLogoutUrl,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/util.js\";\nimport { generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport {\n  AuthenticationInitiator,\n  AuthenticationResolver,\n  PKCEConsumer,\n} from \"@/services/types.js\";\n\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n *   pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n *   ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n *  pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n *  ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n    displayMode: DisplayMode;\n    oauthServer: string;\n    // the endpoints to use for the login (if not obtained from the auth server\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and then use the display mode to decide how to send the user there\n  async signIn(): Promise<URL> {\n    const url = await generateOauthLoginUrl(this.config);\n    // TODO open the iframe or new tab etc\n\n    return url;\n  }\n\n  async signOut(): Promise<URL> {\n    const url = await generateOauthLogoutUrl(this.config);\n    //  TODO open the iframe or new tab etc\n\n    return url;\n  }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n  protected config: {\n    clientId: string;\n    redirectUrl: string;\n    state: string;\n    scopes: string[];\n    oauthServer: string;\n    // the endpoints to use for the login (if not obtained from the auth server)\n    endpointOverrides?: Partial<Endpoints>;\n    // used to get the PKCE challenge\n    pkceConsumer: PKCEConsumer;\n  };\n\n  constructor(config: typeof this.config) {\n    this.config = config;\n  }\n\n  // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n  // and simply return the url\n  async signIn(): Promise<URL> {\n    return generateOauthLoginUrl(this.config);\n  }\n\n  async signOut(): Promise<URL> {\n    return generateOauthLogoutUrl(this.config);\n  }\n}\n\ntype BrowserAuthenticationConfig = {\n  clientId: string;\n  redirectUrl: string;\n  scopes: string[];\n  oauthServer: string;\n  endpointOverrides?: Partial<Endpoints>;\n  displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  // TODO WIP - perhaps we want to keep resolver and initiator separate here\n  constructor(\n    config: BrowserAuthenticationConfig,\n    // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n    protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n  ) {\n    super({\n      ...config,\n      state: generateState(config.displayMode),\n      // Store and retrieve the PKCE challenge in local storage\n      pkceConsumer: pkceProducer,\n    });\n  }\n\n  // TODO too much code duplication here between the browser and the server variant.\n  // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n  // function for generating an oauth2client from it\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.config.oauthServer,\n      this.config.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.config.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.config.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  // Two responsibilities:\n  // 1. resolve the auth code to get the tokens (should use library code)\n  // 2. store the tokens in local storage\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.config.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    storeTokens(new LocalStorageAdapter(), tokens);\n\n    return tokens;\n  }\n\n  // Get the session data from local storage\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = retrieveTokens(new LocalStorageAdapter());\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  static async build(\n    config: BrowserAuthenticationConfig,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new BrowserAuthenticationService(config);\n    await resolver.init();\n\n    return resolver;\n  }\n}\n","import { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { Endpoints, OIDCTokenResponseBody, SessionData } from \"@/types.js\";\nimport { AuthConfig } from \"@/server/config.js\";\nimport { AuthStorage } from \"@/shared/storage.js\";\nimport {\n  exchangeTokens,\n  getEndpointsWithOverrides,\n  retrieveTokens,\n  storeTokens,\n} from \"@/shared/util.js\";\nimport { AuthenticationResolver, PKCEProducer } from \"@/services/types.ts\";\n\nexport class ServerAuthenticationResolver implements AuthenticationResolver {\n  private pkceProducer: PKCEProducer;\n  private oauth2client: OAuth2Client | undefined;\n  private endpoints: Endpoints | undefined;\n\n  private constructor(\n    readonly authConfig: AuthConfig,\n    readonly storage: AuthStorage,\n    readonly endpointOverrides?: Partial<Endpoints>,\n  ) {\n    this.pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  }\n\n  async init(): Promise<this> {\n    // resolve oauth config\n    this.endpoints = await getEndpointsWithOverrides(\n      this.authConfig.oauthServer,\n      this.endpointOverrides,\n    );\n    this.oauth2client = new OAuth2Client(\n      this.authConfig.clientId,\n      this.endpoints.auth,\n      this.endpoints.token,\n      {\n        redirectURI: this.authConfig.redirectUrl,\n      },\n    );\n\n    return this;\n  }\n\n  async tokenExchange(\n    code: string,\n    state: string,\n  ): Promise<OIDCTokenResponseBody> {\n    if (!this.oauth2client) await this.init();\n    const codeVerifier = await this.pkceProducer.getCodeVerifier();\n    if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n    // exchange auth code for tokens\n    const tokens = await exchangeTokens(\n      code,\n      state,\n      this.pkceProducer,\n      this.oauth2client!, // clean up types here to avoid the ! operator\n      this.authConfig.oauthServer,\n      this.endpoints!, // clean up types here to avoid the ! operator\n    );\n\n    storeTokens(this.storage, tokens);\n\n    return tokens;\n  }\n\n  async getSessionData(): Promise<SessionData | null> {\n    const storageData = retrieveTokens(this.storage);\n\n    if (!storageData) return null;\n\n    return {\n      authenticated: !!storageData.id_token,\n      idToken: storageData.id_token,\n      accessToken: storageData.access_token,\n      refreshToken: storageData.refresh_token,\n    };\n  }\n\n  static async build(\n    authConfig: AuthConfig,\n    storage: AuthStorage,\n    endpointOverrides?: Partial<Endpoints>,\n  ): Promise<AuthenticationResolver> {\n    const resolver = new ServerAuthenticationResolver(\n      authConfig,\n      storage,\n      endpointOverrides,\n    );\n    await resolver.init();\n\n    return resolver;\n  }\n}\n","import { AuthStorage } from \"@/shared/storage.js\";\nimport { Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport { AUTH_SERVER, DEFAULT_SCOPES } from \"@/constants.js\";\nimport { GenericAuthenticationInitiator } from \"@/services/AuthenticationService.js\";\nimport { GenericPublicClientPKCEProducer } from \"@/services/PKCE.js\";\nimport { ServerAuthenticationResolver } from \"@/server/ServerAuthenticationResolver.js\";\n\ntype Config = {\n  clientId: string;\n  redirectUrl: string;\n  challengeUrl: string;\n  oauthServer?: string;\n  endpointOverrides?: Partial<Endpoints> | undefined;\n};\n\n/**\n * Resolve an OAuth access code to a set of OIDC tokens\n * @param code The access code, typically from a query parameter in the redirect url\n * @param state The oauth random state string, used to distinguish between requests. Typically also passed in the redirect url\n * @param storage The place that this server uses to store session data (e.g. a cookie store)\n * @param config Oauth Server configuration\n */\nexport async function resolveOAuthAccessCode(\n  code: string,\n  state: string,\n  storage: AuthStorage,\n  config: Config,\n): Promise<OIDCTokenResponseBody> {\n  const authSessionService = await ServerAuthenticationResolver.build(\n    {\n      ...config,\n      oauthServer: config.oauthServer ?? AUTH_SERVER,\n    },\n    storage,\n    config.endpointOverrides,\n  );\n\n  return authSessionService.tokenExchange(code, state);\n}\n\nexport function isLoggedIn(storage: AuthStorage): boolean {\n  return !!storage.get(\"id_token\");\n}\n\nexport async function buildLoginUrl(\n  config: Omit<Config, \"challengeUrl\"> & {\n    scopes?: string[];\n    state?: string;\n    nonce?: string;\n  },\n  storage: AuthStorage,\n): Promise<URL> {\n  // generate a random state if not provided\n  const state = config.state ?? Math.random().toString(36).substring(2);\n  const scopes = config.scopes ?? DEFAULT_SCOPES;\n  const pkceProducer = new GenericPublicClientPKCEProducer(storage);\n  const authInitiator = new GenericAuthenticationInitiator({\n    ...config,\n    state,\n    scopes,\n    oauthServer: config.oauthServer ?? AUTH_SERVER,\n    // When retrieving the PKCE challenge on the server-side, we produce it and store it in the session\n    pkceConsumer: pkceProducer,\n  });\n\n  return authInitiator.signIn();\n}\n","import { retrieveTokens } from \"@/shared/util.js\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { User } from \"@/types.js\";\nimport { AuthStorage } from \"@/shared/storage.js\";\n\nexport async function getUser(storage: AuthStorage): Promise<User | null> {\n  const tokens = retrieveTokens(storage);\n  if (!tokens) return null;\n\n  // Assumes all information is in the ID token\n  return (parseJWT(tokens.id_token)?.payload as User) ?? null;\n}\n"]}

package/dist/chunk-CRTRMMJ7.js

@@ -1,59 +0,0 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true});var __defProp = Object.defineProperty;
-var __defProps = Object.defineProperties;
-var __getOwnPropDescs = Object.getOwnPropertyDescriptors;
-var __getOwnPropSymbols = Object.getOwnPropertySymbols;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __propIsEnum = Object.prototype.propertyIsEnumerable;
-var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
-var __spreadValues = (a, b) => {
-  for (var prop in b || (b = {}))
-    if (__hasOwnProp.call(b, prop))
-      __defNormalProp(a, prop, b[prop]);
-  if (__getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(b)) {
-      if (__propIsEnum.call(b, prop))
-        __defNormalProp(a, prop, b[prop]);
-    }
-  return a;
-};
-var __spreadProps = (a, b) => __defProps(a, __getOwnPropDescs(b));
-var __objRest = (source, exclude) => {
-  var target = {};
-  for (var prop in source)
-    if (__hasOwnProp.call(source, prop) && exclude.indexOf(prop) < 0)
-      target[prop] = source[prop];
-  if (source != null && __getOwnPropSymbols)
-    for (var prop of __getOwnPropSymbols(source)) {
-      if (exclude.indexOf(prop) < 0 && __propIsEnum.call(source, prop))
-        target[prop] = source[prop];
-    }
-  return target;
-};
-var __async = (__this, __arguments, generator) => {
-  return new Promise((resolve, reject) => {
-    var fulfilled = (value) => {
-      try {
-        step(generator.next(value));
-      } catch (e) {
-        reject(e);
-      }
-    };
-    var rejected = (value) => {
-      try {
-        step(generator.throw(value));
-      } catch (e) {
-        reject(e);
-      }
-    };
-    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
-    step((generator = generator.apply(__this, __arguments)).next());
-  });
-};
-
-
-
-
-
-
-exports.__spreadValues = __spreadValues; exports.__spreadProps = __spreadProps; exports.__objRest = __objRest; exports.__async = __async;
-//# sourceMappingURL=chunk-CRTRMMJ7.js.map

package/dist/chunk-CRTRMMJ7.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-CRTRMMJ7.js"],"names":[],"mappings":"AAAA,6EAAI,UAAU,EAAE,MAAM,CAAC,cAAc;AACrC,IAAI,WAAW,EAAE,MAAM,CAAC,gBAAgB;AACxC,IAAI,kBAAkB,EAAE,MAAM,CAAC,yBAAyB;AACxD,IAAI,oBAAoB,EAAE,MAAM,CAAC,qBAAqB;AACtD,IAAI,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,cAAc;AAClD,IAAI,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,oBAAoB;AACxD,IAAI,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,EAAE,EAAE,KAAK;AAC/J,IAAI,eAAe,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG;AAC/B,EAAE,IAAI,CAAC,IAAI,KAAK,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAChC,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;AAClC,MAAM,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACvC,EAAE,GAAG,CAAC,mBAAmB;AACzB,IAAI,IAAI,CAAC,IAAI,KAAK,GAAG,mBAAmB,CAAC,CAAC,CAAC,EAAE;AAC7C,MAAM,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC;AACpC,QAAQ,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACzC,IAAI;AACJ,EAAE,OAAO,CAAC;AACV,CAAC;AACD,IAAI,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC;AACjE,IAAI,UAAU,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG;AACrC,EAAE,IAAI,OAAO,EAAE,CAAC,CAAC;AACjB,EAAE,IAAI,CAAC,IAAI,KAAK,GAAG,MAAM;AACzB,IAAI,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACpE,MAAM,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC;AACjC,EAAE,GAAG,CAAC,OAAO,GAAG,KAAK,GAAG,mBAAmB;AAC3C,IAAI,IAAI,CAAC,IAAI,KAAK,GAAG,mBAAmB,CAAC,MAAM,CAAC,EAAE;AAClD,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;AACtE,QAAQ,MAAM,CAAC,IAAI,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC;AACnC,IAAI;AACJ,EAAE,OAAO,MAAM;AACf,CAAC;AACD,IAAI,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG;AAClD,EAAE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG;AAC1C,IAAI,IAAI,UAAU,EAAE,CAAC,KAAK,EAAE,GAAG;AAC/B,MAAM,IAAI;AACV,QAAQ,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACnC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE;AAClB,QAAQ,MAAM,CAAC,CAAC,CAAC;AACjB,MAAM;AACN,IAAI,CAAC;AACL,IAAI,IAAI,SAAS,EAAE,CAAC,KAAK,EAAE,GAAG;AAC9B,MAAM,IAAI;AACV,QAAQ,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AACpC,MAAM,EAAE,MAAM,CAAC,CAAC,EAAE;AAClB,QAAQ,MAAM,CAAC,CAAC,CAAC;AACjB,MAAM;AACN,IAAI,CAAC;AACL,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC;AACpG,IAAI,IAAI,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;AACnE,EAAE,CAAC,CAAC;AACJ,CAAC;AACD;AACA;AACE;AACA;AACA;AACA;AACF,yIAAC","file":"/Users/lucas/dev/civic/civic-auth/packages/civic-auth-client/dist/chunk-CRTRMMJ7.js"}