@civic/auth 0.1.2 → 0.1.4-beta.0

package/src/types.ts

@@ -1,227 +0,0 @@
-import type { TokenResponseBody } from "oslo/oauth2";
-import type { JWT } from "oslo/jwt";
-
-type UnknownObject = Record<string, unknown>;
-type EmptyObject = Record<string, never>;
-
-// Display modes for the auth flow
-type DisplayMode = "iframe" | "redirect" | "new_tab" | "custom_tab";
-
-// Combined Auth and Session Service
-interface AuthSessionService {
-  // TODO DK NOTES: Should be in BrowserAuthSessionService, not relevant on backend
-  loadAuthorizationUrl(
-    authorizationURL: string,
-    displayMode: DisplayMode,
-  ): void;
-  // TODO DK NOTES: overrideDisplayMode parameter not appropriate here - also - do we need both this and the above in the interface?
-  getAuthorizationUrl(
-    scopes: string[],
-    overrideDisplayMode: DisplayMode,
-    nonce?: string,
-  ): Promise<string>;
-  // TODO DK NOTES: display mode should be in browser version only. Also, do we need this and the above two in the top-level interface?
-  signIn(
-    displayMode: DisplayMode,
-    scopes: string[],
-    nonce?: string,
-  ): Promise<void>;
-  // TODO DK NOTES: Input should be an auth code - do not assume it comes via an url
-  tokenExchange(responseUrl: string): Promise<SessionData>;
-  // TODO DK NOTES: Should be async for flexibility
-  getSessionData(): SessionData;
-  // TODO DK NOTES: Should be async for flexibility
-  updateSessionData(data: SessionData): void;
-  getUserInfoService(): Promise<UserInfoService>;
-}
-
-// Token Service
-interface TokenService {
-  exchangeCodeForTokens(authCode: string): Promise<Tokens>;
-  validateIdToken(idToken: string, nonce: string): boolean;
-  refreshAccessToken(refreshToken: string): Promise<Tokens>;
-}
-
-// User Info Service
-interface UserInfoService {
-  getUserInfo<T extends UnknownObject>(
-    accessToken: string,
-    idToken: string | null,
-  ): Promise<User<T> | null>;
-}
-
-// Resource Service
-interface ResourceService {
-  getProtectedResource(accessToken: string): Promise<unknown>;
-}
-
-// Auth Request (for internal use in AuthSessionService)
-type AuthRequest = {
-  clientId: string;
-  redirectUri: string;
-  state: string;
-  nonce: string;
-  scope: string;
-};
-
-type Endpoints = {
-  jwks: string;
-  auth: string;
-  token: string;
-  userinfo: string;
-  challenge?: string;
-};
-
-type Config = {
-  oauthServer: string;
-  endpoints?: Endpoints;
-};
-
-type SessionData = {
-  authenticated: boolean; // TODO can this be inferred from the presence of the tokens?
-  state?: string;
-  accessToken?: string;
-  refreshToken?: string;
-  idToken?: string;
-  timestamp?: number;
-  expiresIn?: number;
-  codeVerifier?: string;
-  displayMode?: DisplayMode;
-  openerUrl?: string;
-};
-
-type OIDCTokenResponseBody = TokenResponseBody & { id_token: string };
-
-type ParsedTokens = {
-  id_token: JWTPayload;
-  access_token: JWTPayload;
-  refresh_token?: string;
-};
-
-// The format we expose to the frontend via hooks
-type ForwardedTokens = Record<
-  string,
-  {
-    idToken?: string;
-    accessToken?: string;
-    refreshToken?: string;
-  }
->;
-
-// The format in the JWT payload
-type ForwardedTokensJWT = Record<
-  string,
-  {
-    id_token?: string;
-    access_token?: string;
-    refresh_token?: string;
-    scope?: string;
-  }
->;
-
-type JWTPayload = JWT["payload"] & {
-  iss: string;
-  aud: string;
-  sub: string;
-  iat: number;
-  exp: number;
-};
-
-type IdTokenPayload = JWTPayload & {
-  forwardedTokens?: ForwardedTokensJWT;
-  email?: string;
-  name?: string;
-  picture?: string;
-  nonce: string;
-  at_hash: string;
-};
-
-type IdToken = Omit<JWT, "payload"> & {
-  payload: IdTokenPayload;
-};
-
-type Tokens = {
-  idToken: string;
-  accessToken: string;
-  refreshToken: string;
-  forwardedTokens: ForwardedTokens;
-};
-
-// Base user interface
-type BaseUser = {
-  id: string;
-  email?: string;
-  name?: string;
-  given_name?: string;
-  family_name?: string;
-  picture?: string;
-  updated_at?: Date;
-};
-
-type User<T extends UnknownObject = EmptyObject> = BaseUser &
-  Partial<Tokens> &
-  T;
-
-type OpenIdConfiguration = {
-  authorization_endpoint: string;
-  claims_parameter_supported: boolean;
-  claims_supported: string[];
-  code_challenge_methods_supported: string[];
-  end_session_endpoint: string;
-  grant_types_supported: string[];
-  issuer: string;
-  jwks_uri: string;
-  authorization_response_iss_parameter_supported: boolean;
-  response_modes_supported: string[];
-  response_types_supported: string[];
-  scopes_supported: string[];
-  subject_types_supported: string[];
-  token_endpoint_auth_methods_supported: string[];
-  token_endpoint_auth_signing_alg_values_supported: string[];
-  token_endpoint: string;
-  id_token_signing_alg_values_supported: string[];
-  pushed_authorization_request_endpoint: string;
-  request_parameter_supported: boolean;
-  request_uri_parameter_supported: boolean;
-  userinfo_endpoint: string;
-  claim_types_supported: string[];
-};
-
-type LoginPostMessage = {
-  source: string;
-  type: string;
-  clientId: string;
-  data: {
-    url: string;
-  };
-};
-export type {
-  LoginPostMessage,
-  AuthSessionService,
-  TokenService,
-  UserInfoService,
-  ResourceService,
-  AuthRequest,
-  Tokens,
-  Endpoints,
-  Config,
-  SessionData,
-  OIDCTokenResponseBody,
-  ParsedTokens,
-  BaseUser,
-  User,
-  DisplayMode,
-  UnknownObject,
-  EmptyObject,
-  ForwardedTokens,
-  ForwardedTokensJWT,
-  JWTPayload,
-  IdTokenPayload,
-  IdToken,
-  OpenIdConfiguration,
-};
-
-export interface AuthStorage {
-  get(key: string): Promise<string | null>;
-  set(key: string, value: string): Promise<void>;
-}

package/src/utils.ts

@@ -1,58 +0,0 @@
-/**
- * Checks if a popup window is blocked by the browser.
- *
- * This function attempts to open a small popup window and then checks if it was successfully created.
- * If the popup is blocked by the browser, the function returns `true`. Otherwise, it returns `false`.
- *
- * @returns {boolean} - `true` if the popup is blocked, `false` otherwise.
- */
-const isPopupBlocked = (): boolean => {
-  // First we try to open a small popup window. It either returns a window object or null.
-  const popup = window.open("", "", "width=1,height=1");
-
-  // If window.open() returns null, popup is definitely blocked
-  if (!popup) {
-    return true;
-  }
-
-  try {
-    // Try to access a property of the popup to check if it's usable
-    if (typeof popup.closed === "undefined") {
-      throw new Error("Popup is blocked");
-    }
-  } catch {
-    // Accessing the popup's properties throws an error if the popup is blocked
-    return true;
-  }
-
-  // Close the popup immediately if it was opened
-  popup.close();
-  return false;
-};
-
-// This type narrows T as far as it can by:
-// - removing all keys where the value is `undefined`
-// - making keys that are not undefined required
-// So, for example: given { a: string | undefined, b: string | undefined },
-// if you pass in { a: "foo" }, it returns an object of type: { a: string }
-type WithoutUndefined<T> = {
-  [K in keyof T as undefined extends T[K] ? never : K]: T[K];
-};
-export const withoutUndefined = <T extends { [K in keyof T]: unknown }>(
-  obj: T,
-): WithoutUndefined<T> => {
-  const result = {} as WithoutUndefined<T>;
-
-  for (const key in obj) {
-    if (obj[key] !== undefined) {
-      // TypeScript needs assurance that key is a valid key in WithoutUndefined<T>
-      // We use type assertion here
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      (result as any)[key] = obj[key];
-    }
-  }
-
-  return result;
-};
-
-export { isPopupBlocked };

package/test/integration/sdk.test.tsx

@@ -1,266 +0,0 @@
-import React from "react";
-import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
-import { OAuth2Client } from "oslo/oauth2";
-import { useAuth, useUser } from "@/reactjs/hooks/index.js";
-import { CivicAuthProvider } from "@/reactjs/providers/index.js";
-import {
-  render,
-  screen,
-  act,
-  fireEvent,
-  waitFor,
-} from "@testing-library/react";
-import { describe, it, expect, beforeEach, vi, afterEach } from "vitest";
-import "@testing-library/jest-dom";
-import * as jose from "jose";
-import tokensFixture from "../support/tokens.json";
-import * as oauthLib from "@/lib/oauth.js";
-import type { JWTVerifyResult, ResolvedKey } from "jose";
-
-const validTokens = { ...tokensFixture.local.validTokens };
-// Mock Component to test OAuth flow with useAuth
-const MockOAuthComponent = () => {
-  const { signIn, isAuthenticated } = useAuth();
-  const { user } = useUser();
-
-  const handleLogin = async () => {
-    try {
-      await signIn("redirect");
-      alert("Login Redirect Initiated");
-    } catch {
-      alert("Login Failed");
-    }
-  };
-
-  return (
-    <div>
-      <button onClick={handleLogin}>Login</button>
-      {user && (
-        <p data-testid="user-email">
-          User:
-          {user.email}
-        </p>
-      )}
-      {isAuthenticated && (
-        <p data-testid="session">Session authenticated:true</p>
-      )}
-    </div>
-  );
-};
-
-describe("OAuth login", () => {
-  const clientId = "test-client-id";
-  let mockOAuth2Client: OAuth2Client;
-  let originalWindowLocation: Location;
-  afterEach(vi.clearAllMocks);
-
-  vi.spyOn(oauthLib, "getOauthEndpoints").mockResolvedValue({
-    auth: "http://localhost:3001/oauth/auth",
-    token: "http://localhost:3001/oauth/token",
-    jwks: "http://localhost:3001/oauth/jwks",
-    userinfo: "http://localhost:3001/oauth/userinfo",
-  });
-  vi.mock("oslo/oauth2", () => ({
-    OAuth2Client: vi.fn(),
-    generateCodeVerifier: vi.fn(() => "mock-code-verifier"),
-    generateState: vi.fn(() => "mock-state"),
-  }));
-
-  vi.mock("jose", () => ({
-    jwtVerify: vi.fn(),
-    createRemoteJWKSet: vi.fn(),
-  }));
-
-  beforeEach(() => {
-    vi.clearAllMocks();
-    vi.resetModules();
-
-    // Setup mock implementations
-    mockOAuth2Client = {
-      createAuthorizationURL: vi.fn(),
-      validateAuthorizationCode: vi.fn(),
-      refreshAccessToken: vi.fn(),
-      clientId: "test-client-id",
-    } as unknown as OAuth2Client;
-    vi.mocked(OAuth2Client).mockImplementation(() => mockOAuth2Client);
-
-    // Setup jose mocks
-    const mockJWKS = {
-      getKey: vi.fn().mockResolvedValue({ alg: "RS256" }),
-    };
-    vi.mocked(jose.createRemoteJWKSet).mockReturnValue(mockJWKS as any);
-    vi.mocked(jose.jwtVerify).mockResolvedValue({
-      payload: { sub: "user123", name: "Test User", email: "test@example.com" },
-      protectedHeader: { alg: "RS256" },
-    } as unknown as JWTVerifyResult<unknown> & ResolvedKey);
-
-    originalWindowLocation = window.location;
-    window.location = { href: "" } as Location;
-    global.alert = vi.fn();
-    // Mock window.open to prevent errors.
-    vi.spyOn(window, "open").mockReturnValue(null);
-  });
-
-  afterEach(() => {
-    window.location = originalWindowLocation;
-  });
-
-  it("should set the correct auth url for login with redirect", async () => {
-    const windowAssign = vi.fn();
-    const redirectUri = "http://localhost:3001/callback";
-
-    vi.mocked(mockOAuth2Client.createAuthorizationURL).mockResolvedValue(
-      new URL(
-        "http://localhost:3001/oauth/auth?response_type=code&client_id=" +
-          clientId +
-          "&redirect_uri=" +
-          encodeURIComponent(redirectUri) +
-          "&scope=openid%20profile%20email&state=mock-state&code_challenge=mock-code-challenge&code_challenge_method=S256",
-      ),
-    );
-
-    window.location = {
-      ...originalWindowLocation,
-      assign: windowAssign,
-      replace: vi.fn(),
-      reload: vi.fn(),
-    };
-
-    const queryClient = new QueryClient();
-    render(
-      <QueryClientProvider client={queryClient}>
-        <CivicAuthProvider
-          clientId={clientId}
-          redirectUrl={redirectUri}
-          config={{
-            oauthServer: "http://localhost:3001",
-          }}
-        >
-          <MockOAuthComponent />
-        </CivicAuthProvider>
-      </QueryClientProvider>,
-    );
-
-    // Trigger the login button click, which initiates the OAuth flow
-    await act(async () => {
-      fireEvent.click(screen.getByText("Login"));
-    });
-
-    // Confirm that the sdk set the window.location.href to the auth url
-    const url = new URL(window.location.href);
-    expect(url.origin + url.pathname).toEqual(
-      "http://localhost:3001/oauth/auth",
-    );
-    expect(url.searchParams.get("response_type")).toEqual("code");
-    expect(url.searchParams.get("client_id")).toEqual(clientId);
-    expect(url.searchParams.get("redirect_uri")).toEqual(redirectUri);
-    expect(url.searchParams.get("scope")).toEqual("openid profile email");
-    expect(url.searchParams.get("state")).toBeTruthy(); // Ensure state is present
-    expect(url.searchParams.get("code_challenge")).toBeTruthy(); // Ensure code_challenge is present
-    expect(url.searchParams.get("code_challenge_method")).toEqual("S256");
-    expect(screen.queryByTestId("session")).not.toBeInTheDocument();
-  });
-
-  it("should initiate code exchange, validate tokens, and derive user from ID token", async () => {
-    const queryClient = new QueryClient();
-    const redirectUri = "http://localhost:3001/callback";
-
-    // Mock ID token with user information
-    const mockIdToken = validTokens.idToken;
-    const mockAccessToken = validTokens.accessToken;
-
-    // Mock oslo token exchange
-    const mockTokens = {
-      access_token: mockAccessToken,
-      id_token: mockIdToken,
-      refresh_token: "mock-refresh-token",
-      expires_in: 3600,
-    };
-    vi.mocked(mockOAuth2Client.validateAuthorizationCode).mockResolvedValue(
-      mockTokens,
-    );
-
-    // Prime storage and simulate redirect
-    await act(async () => {
-      localStorage.setItem(
-        "civic-auth:test-client-id",
-        JSON.stringify({
-          authenticated: false,
-          state: "mock-state",
-          codeVerifier: "mock-code-verifier",
-          displayMode: "redirect",
-        }),
-      );
-      window.location.pathname = "test-pathName";
-
-      // Configure window.location to simulate redirect
-      Object.defineProperty(window, "location", {
-        value: {
-          ...window.location,
-          origin: "http://mock-origin",
-        },
-        writable: true,
-      });
-      window.location.href = `${redirectUri}?code=test-code&state=mock-state`;
-
-      // Render the AuthProvider with the mock OAuth component
-      render(
-        <QueryClientProvider client={queryClient}>
-          <CivicAuthProvider
-            clientId={clientId}
-            redirectUrl={redirectUri}
-            config={{
-              oauthServer: "http://localhost:3001",
-            }}
-          >
-            <MockOAuthComponent />
-          </CivicAuthProvider>
-        </QueryClientProvider>,
-      );
-    });
-
-    expect(mockOAuth2Client.validateAuthorizationCode).toHaveBeenCalledWith(
-      "test-code",
-      {
-        codeVerifier: "mock-code-verifier",
-      },
-    );
-
-    // Check that jose.jwtVerify was called for id_token validation
-    await waitFor(() => {
-      expect(jose.jwtVerify).toHaveBeenCalledWith(
-        mockIdToken,
-        expect.any(Object),
-        {
-          issuer: ["http://localhost:3001", "http://localhost:3001/"],
-          audience: clientId,
-        },
-      );
-    });
-
-    // Check that jose.jwtVerify was called for access_token validation
-    await waitFor(() => {
-      expect(jose.jwtVerify).toHaveBeenCalledWith(
-        mockAccessToken,
-        expect.any(Object),
-        {
-          issuer: ["http://localhost:3001", "http://localhost:3001/"],
-        },
-      );
-    });
-
-    // Check that the authenticated flag is set in the session
-    await waitFor(() => {
-      expect(screen.queryByTestId("session")).toHaveTextContent(
-        "Session authenticated:true",
-      );
-    });
-
-    // Check that the user info derived from the ID token is displayed
-    await waitFor(() => {
-      expect(screen.queryByTestId("user-email")).toHaveTextContent(
-        "User:ghost@civic.com",
-      );
-    });
-  });
-});

package/test/support/fixtures.ts

@@ -1,56 +0,0 @@
-const oauthWellKnownResponse = {
-  authorization_endpoint: "https://auth-dev.civic.com/oauth/auth",
-  claims_parameter_supported: false,
-  claims_supported: [
-    "sub",
-    "forwardedTokens",
-    "email",
-    "name",
-    "family_name",
-    "picture",
-    "login_method",
-    "sid",
-    "auth_time",
-    "iss",
-  ],
-  code_challenge_methods_supported: ["S256"],
-  end_session_endpoint: "https://auth-dev.civic.com/oauth/session/end",
-  grant_types_supported: ["implicit", "authorization_code", "refresh_token"],
-  issuer: "https://auth-dev.civic.com/oauth/",
-  jwks_uri: "https://auth-dev.civic.com/oauth/jwks",
-  authorization_response_iss_parameter_supported: true,
-  response_modes_supported: ["form_post", "fragment", "query"],
-  response_types_supported: ["code id_token", "code", "id_token", "none"],
-  scopes_supported: [
-    "openid",
-    "offline_access",
-    "forwardedTokens",
-    "email",
-    "profile",
-  ],
-  subject_types_supported: ["public"],
-  token_endpoint_auth_methods_supported: [
-    "client_secret_basic",
-    "client_secret_jwt",
-    "client_secret_post",
-    "private_key_jwt",
-    "none",
-  ],
-  token_endpoint_auth_signing_alg_values_supported: [
-    "HS256",
-    "RS256",
-    "PS256",
-    "ES256",
-    "EdDSA",
-  ],
-  token_endpoint: "https://auth-dev.civic.com/oauth/token",
-  id_token_signing_alg_values_supported: ["PS256", "RS256"],
-  pushed_authorization_request_endpoint:
-    "https://auth-dev.civic.com/oauth/request",
-  request_parameter_supported: false,
-  request_uri_parameter_supported: false,
-  userinfo_endpoint: "https://auth-dev.civic.com/oauth/me",
-  claim_types_supported: ["normal"],
-};
-
-export { oauthWellKnownResponse };

package/test/support/tokens.json

@@ -1,26 +0,0 @@
-{
-    "local": {
-        "validTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImNpdmljLWF1dGgtdG9rZW4tc2lnbmVyLWtleSJ9.eyJzdWIiOiIzMzZmNDQ1Zi1hZjcxLTQxYzYtODNlZC00NjJhY2ZiNTU1YjYiLCJlbWFpbCI6Imdob3N0QGNpdmljLmNvbSIsImZvcndhcmRlZFRva2VucyI6eyJkdW1teSI6eyJhY2Nlc3NfdG9rZW4iOiIiLCJleHBpcmVzX2luIjozNjAwLCJpZF90b2tlbiI6ImV5SmhiR2NpT2lKU1V6STFOaUlzSW5SNWNDSTZJa3BYVkNJc0ltdHBaQ0k2SW10bGVYTjBiM0psTFVOSVFVNUhSUzFOUlNKOS5leUp6ZFdJaU9pSjBaWE4wSWl3aVlYUmZhR0Z6YUNJNklrcEdVbkZRZUhsZmJGYzFVaTFIV0dabE9Ia3lja0VpTENKaGRXUWlPaUp0ZVMxamJHbGxiblFpTENKbGVIQWlPakUzTWprd05qZ3hOVFVzSW1saGRDSTZNVGN5T1RBMk5EVTFOU3dpYVhOeklqb2lhSFIwY0RvdkwyeHZZMkZzYUc5emREbzVNRGt3SW4wLm11TGg2T2s0YVIyb0V3RC1yUFZXck5RY24xMFZqSjVmN0hUUHVNSk50NFBFVUEyVkttZnRKdHdEOXB5WVVNUngybkhHaWRIMVIyemhwbUpWclVUaDl4SDVpNkQxckx5VHA2UXFTbm9RQ1lYTFA3bzdJRWdLcTkta1R0TUhWS2t1LU1qX2FvNk05TUFaN3llYnpCR3dJcHVYcFRZY3JwMC1EQVZLSW94LVV1b0lfSkljbURWSExtbjJfUEhMZ0Z1Y3ctMTlVZFgyYUlTM19kSDRqQ01CLXp4Y0xGTmV6SlVfV1BRVTNYUEhyQk83M3lMWTU2NmEyb1RVczV3Tkh4bWJKOXdBWXJSRHJSQVBrcml2R2s1WEhNSG5RX21OUlUxNGhSc2N3Y25vOC1NZnNlZlRHc1JsbDdSRXpiaUFWUzZjY2hHV0ItVXJJWk92R0p6UjFlZGRjQSIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJ0b2tlbl90eXBlIjoiQmVhcmVyIn19LCJub25jZSI6IjEyMzQ1Njc4OTAiLCJhdF9oYXNoIjoiVFZjelNRMERIeElHY2t1VzducDYydyIsImF1ZCI6ImRlbW8tY2xpZW50LTEiLCJleHAiOjE3MjkwNjgxNTYsImlhdCI6MTcyOTA2NDU1NiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDozMDAxIn0.NNvOtkls3wjivcCWYanqWr8_cHzf7by2_6mSF_qeNqJ8zt7ZPmKh2R6WbnrlYVsym0sMYueR9m_bDGsNZNrwXGPABz4ff7TV5LH8LO1W_fdPemMBlIDdRwc0DZx7BUIKqwvciQ1lHx-2xv-6gH7TZVX7Dwvv-zArLpLkmzrec4EV0Wyn-WYAZFqMMpPvEUCCxkp_AWMh9P8ax3ExSHPAMu5_skJo1nJTK5lri3DNU31IuXvLz2JFYusDViFDwu5wx_TSC1S-hsRQd_aK_wGGifqfuwuGRX43ZEDqRcB5lgBAfc8v1kxYu5HhF07C63zMLZjJg66pGBHwNWp5r-Q4K-2xBXDU6TP-4YYikvwqIOjlRiz_RP_kEBrioqNRvwk8SU2laJ7g7st_4q86RiXPS4uN31o5eDSCiM5dd0OdC2IUZorC5pMym-IzuHEJhWr68psczj3dUKxbLbuoH-827CQt-8Vv8znfS7ck8I0YDXjVSKhBYXoCnzXpwJ-c9OcPIbquTQrqeogGqTlA6Nt-23rC7Ave8xOcRQZrJ1Ec5c5eD_4MoSYw3q90b6AT6U3tY3ewYQMdg4Ro9x-hFu7uCuurDZgnyugpM7dBATaFfR3ar9nRtdMyPrU2LhEeZS2iwSvP7wuWJpIkjxFy3znFrsFBTa_WbD0BJSOfl1j5G94",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6ImF0K2p3dCIsImtpZCI6ImNpdmljLWF1dGgtdG9rZW4tc2lnbmVyLWtleSJ9.eyJqdGkiOiJjS2xCVW1jZW0tVjE3RzM4N1AyTUIiLCJzdWIiOiIzMzZmNDQ1Zi1hZjcxLTQxYzYtODNlZC00NjJhY2ZiNTU1YjYiLCJpYXQiOjE3MjkwNjQ1NTYsImV4cCI6MTcyOTA2ODE1NiwiY2xpZW50X2lkIjoiZGVtby1jbGllbnQtMSIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMSIsImF1ZCI6ImNpdmljIn0.gsX--7GtdF1JYQi5Spt6GfcvZ_8EZxkpO8GljfoXJw-cRYhP98-w9IADZBn87ekH914pnUTxp1x_oLhTWGBrR_yMsHRYim_gkVv8t-dnOEAR4IzDByG7kd58TM_blbY-yma0Cb-O3XRGgrdkvw2PjMeHfTSl3tlYx0c47PS8WegOkYkQcfyPUUNEsUFA8e5qzmkMCdwFWHaox-fQaaNpFrO0wCRWOvYr3vFnrLU87Ds7AOaurZUYaFgxqcMsg3zhZXB2pslqS2p9pmQO3Yi0m8-ntX5P18TWX6oOdBbOLqJX3R5s2GAAm9tYJOeBz-JpTucmn4OaL3OyJvIZqM-7EAVtHdnVYUjzGarNu4_b-rcj66mkSNBbquqjAmRBQ5nnRMkmWZxkf6BKgOwmuONLaU4soZEc_AUNtcKIRzbYmBvrgBlPZr5lvkSKIynKlDCbhsB7O_yBRijVesQrau5ReUcXdbJMRj1U5goBnWXV8y8xZFVKwJvx5WdQVUz2tjmtTO8xMK0ORcWdJShIzlhvQrUsjuiFKWytlbRckIdrllsNLfTFbIvQLa9Pmi-FgrJtm-wD3RoHlNgtjGiHjN-YfWCauTcSn9Xd8TbjIc8D43LuRR2Oh3c78GrEVerbnmTjXh6UFZ6ZXkrkarVst8KQMtPiUo9_DdtJP6ghXLXdo6A"
-        },
-        "expiredTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjoxNjk3OTU5OTI1LCJpYXQiOjE2NjY0MjM5MjUsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyJ9.MO0IdxEyNiOq4E5QdtpfSbnXQKiN8euC2ac0E0VWggUP4o5yoz29gqAzETP_omvOBfOn4hJjXTDPGqKXKg-Lz-oLdzF71aztskCerwDuB5PdqyCGMS9Qa2j40FTJ7RkuBG9PISUpGWYfZ28q7u94h8GyWtqRtPAF2aPD1rvckk-WTXLeMqEWtfEy0yCJ4MvEwp6MUgeb7EwRKUZ_cuVCE5Xm8rNebO9b2I3Jqdg8cNNyAxEYkWERBcfFtOfaQYD_8DNJvpNpJvZXAowaab7dzNgGBAxhTQ7s4S9h-Ly2nQIAIpbff_A4baI6rOqWfFxdzrxcFt34x0S_90Z3MXNziAb-ocG0WkPewRm0hvrF4E-zFTM4guTvtol0cKw9qWLb_JE-Idm9Zq-abkOS6FvM2E0j1iqKjT1GqM_EhOdIMzOidqxlls5v2UaaJ34PvR_1yTopm6Lguhr6uX3CW_F4A5tGAxsReeUDdGQAhkPYqZp8zjPUxjCA3cJEnMSGWHgqiBJ5lCLeH-SaccT828pSqYL8FrN0Qts3ILaElVVECHiWhN90lGaBSPw8pn19odH70wH651C2eonWKAKQMpNheGmyjrGE8n0jPwz-p-8ISp5H793wlWiTH2ay33METj0Vbgg-G1p1xcWD5WR4X-uyH1f-iNupvVNYn8mf0iPxM-I",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJleHAiOjE2OTc5NTk5MjUsImlhdCI6MTY2NjQyMzkyNSwiY2xpZW50X2lkIjoiZGVtby1jbGllbnQtMSIsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyIsImF1ZCI6ImNpdmljIn0.HxnjNL8P7K0WHoCQXpvbxtu_yTrcdudj4GI4fjQZEoVXJ14IkssKUa3aJGWZ2vJkxqIogoLmywYFBjvLZqcc1vo3Q-aLlVEb7EkjsQU4Qo8BMsJ0ZS2_4cDewt9WBUrMA-fDy3UwgoxHlM5OCjQ5lKAPLLm2FJDJ-djFOf_z0le9FOZ4MqkU7u_lc57e0jdCwSZmIRIU5DPX90jh-p2r8OxBwRorjAwuiiu59wTtYyEpfdicSwb7mM7hM6nFp-zl14ogWGCiW20_Lx0sz-1EfzUgw-rH2xW5R_QDUQtHJ15Pq0mtck77i608y2IElnQgwYlmSmn7gpSUoNB7Bh7cBckRfV1YHh8CoReQOKjtfCbhZYVdFDuuUaIEYmI_E9W-C4BKWJkdtX3kCy576jCx15-N7VBzVYIpkOVHHeZdRkMLVJCts2W84it0lCXgMg7KfOcuv8Lzqj_IrSBmP6jgKiOhWJ0eWQLrKGBKOS5IxhK6kyQjZSKy8Yj-N_iBt1PP4e-EWBL2jlQ81ycm4_qgUmiADryUVRchUUAyT-y5TD_LTb2gu-7h_ElKFJ_9scWjxn-SguJi2ObYaFqTes9cNtMFLP3mi9wHhlCngb5_Bw1goV0XHR1H-PSX-XOQ0MzTK7KA8uT1PHbRCsHEFkjMaZgWEwfxTqXVt2LzT6PH_Qs"
-        }
-    },
-    "dev": {
-        "validTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjozMjUyODU5NDc1NCwiaWF0IjoxNzI5MDY2NTY4LCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8ifQ.vRQtCQqzV_m62rClHrOtiV7C2zBDOp6h51IgPvlX4-z9x5BDmgckZpNfxPo-Skl7Un5HwTmnqfEyrdsIUScI86Nf_jVt6oEwM1YE2PwygHPW6oE4-Nlipcpll7zNaQQTBVpfuz1bEC7xRqM3quH-RT_hEB4em8YrN0uIBtPrBJ3JpzSnjrLkdziLiSQbejYMLM69WCRCc0pT1V8oBRWxq3fd6s71ajZ8X-KIf5p5Nc24FzidK6X3Yb7pD9sq8BlqbGIDpdXJXNCPJz8kpN9AiggAJUpYeNV2zi0rm5O5-C8UHwOVkAd7SCc_rBxoUxJ9K8B_RX3mo0wKzjY_BVLrvba4R9Nbl5JYkaWPnvKaZDEebjdb3eHdljeomEtP1uYNOqTGqY0Pj8312WNjC6-HtDQFevzmZKYqLtExGuGMuj81V9QUO_SAWzPKZ_wgscJzdR_lFgCqL2uOE0CL6LcnXefyqiMMtsIh2BuBKBJHzCmBf26ezaOuR_hRH4wbJ2rawiqSInhwedeHC1MoVsEWcjealUJspWCfbTqGF-ewTmRAvXffkNjOiQNtclt63ap9gbE89tsNlG_TFICbHFAbn4rNTq6e1gpgke1Ouf9ex1UXrZb9HdfeN5o9-7IsPlEWblkxDKxqcj6YAukETfW7wYzt4tV_sxqO_uxiHhczRU8",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJpYXQiOjE3MjkwNjY1NjgsImV4cCI6MzI1Mjg1OTQ3NTQsImNsaWVudF9pZCI6ImRlbW8tY2xpZW50LTEiLCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8iLCJhdWQiOiJjaXZpYyJ9.CzQ_WXqFobV_fafE3K2dIUttvcFDxOGMT_GnUmdyg5HLB1MRCQYZItwZof_h-LdQp8suo4XyneclOJnQhCzlmDjOcEZOns_joh91t-zDX1jXIQNqC_evpzvfr5Rubz26gsKljk642ru0gkaH8cLHPJx3jgvtBrQzbLbzKJZRIhWqthrqdcKHKeUxN6g-LAFqQG7d-tP6cL_X1Q29IBpJ49SkpYFEDslLwQ_LU5zal_k-2tEyU6DfoFWB9hbNfBQy16SJzgDBDnZ3DadDSRjpXBwRa7m9ALa3A_qVln3K4wuTR46LFDqMKNAqf_sfy5tIJ6Zja5ehwxqmMwXtHomZY9OtfHDE511AZ6wGSagEpexe3eV-2TVwTvJBZnqfeLnnzlF9Z6qqq65lJ5XhO34Ylxnt-kqLqPOPwp-rYCJna-tUsEKAokkqKnHf2FycMQAaBx0grk5yyD2Y4CttlCfbdehoFSyWtTFvkjkk7MebLXqvMbqxXSmKaBn7Of0W6E9Qs6nJ5gWMaVuD9gc2H-BvQAQBUSYpl0TB_yPJKbiRb03HvvgZUdgB9XI9e5YFSMA0K_0SPtx4AgSLH2Coz-NxwLUtP22PUTNmm-04r8Sj0SVWw9w9mW4YXU3U4BGI_0fmIW3BMGgDk_9ghsumaNYKSe1P4qFLqh2jqEov0MagLck"
-        },
-        "differentSignerTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjozMjUyODU5NDc1NCwiaWF0IjoxNzI5MDY2NTY4LCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8ifQ.hEPfoJRHEttdCUttpFI1e5fVrPIboOsAqwNsnXR0ANpl9qJjbYgkwPhpTaoujCI2LoNmTNqTxdFuq19g03-EMIJCvfv2hi4NOSXCzk94EFumDLaKQNvSnyXBb3LolD45-OqRBUycvQcWgynRSCS_GaGncJ_qPfFarThwYuzRKF7XvBlQf7FbdnVAWwpuP9AU6dJDLZNJChm3wRrubsbMLzhtWbFhTAlrp7ACLoCkx6c3_IZs35Wcn-5DfdBRGYicrJvaqQ4xBTTLR0lE23VsLMPDAqgdcCOIduCobq6FuY8hAGkJwOZ-cW81KYrCGQn_47GDfaP_BsAUM4YblcCuAQ",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJpYXQiOjE3MjkwNjY1NjgsImV4cCI6MzI1Mjg1OTQ3NTQsImNsaWVudF9pZCI6ImRlbW8tY2xpZW50LTEiLCJpc3MiOiJodHRwczovL2F1dGgtZGV2LmNpdmljLmNvbS9vYXV0aC8iLCJhdWQiOiJjaXZpYyJ9.VXHpr2yV7fk7ggPurT5zSlfcTrC6VfMGqt5KUi9bw3raetbwC7zdPNtNdcwLEGL1O-JvQB2JH6aDc24bLv6h2yyxNZufoq9LHQKZpJYEe6nEaeTIZkWG0TeKa1Kpj4Gq2C7ooNMPKdjb8hYu_4PN8uaB7z1jM55CLPr-SvSiOqpyZDDc92zShlYTGcUVKFUIM4mQ-vZv8064ck4L1ca0H3LvMegdiUg0WUcDttzcfRpqv9jw1g-CNGx4I-0Bqlb_EqGuY345-0_iH3AsMvFuhQn1SltYYrLLWm9drMpQh3YGtFGqu21Oz-geRrpfAmxRBF7fcgDC-0kwroP2ARymDw"
-        },
-        "expiredTokens": {
-            "idToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJlbWFpbCI6ImVkMjEyNTczLTgxMGEtNDliZS1iNzdiLTg2OWMyOWM2ZWRkZEBleGFtcGxlLmV4YW1wbGUiLCJmb3J3YXJkZWRUb2tlbnMiOnsiZHVtbXkiOnsiYWNjZXNzX3Rva2VuIjoidGVzdC1mb3J3YXJkZWQtYWNjZXNzLXRva2VuIiwiaWRfdG9rZW4iOiJ0ZXN0LWZvcndhcmRlZC1pZC10b2tlbiJ9fSwibm9uY2UiOiIxMjM0NTY3ODkwIiwiYXRfaGFzaCI6Ikh3T3JXdldWRV9UR3h3c2ZCN0NyRlEiLCJhdWQiOiJkZW1vLWNsaWVudC0xIiwiZXhwIjoxNjk3OTU5OTI1LCJpYXQiOjE2NjY0MjM5MjUsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyJ9.MO0IdxEyNiOq4E5QdtpfSbnXQKiN8euC2ac0E0VWggUP4o5yoz29gqAzETP_omvOBfOn4hJjXTDPGqKXKg-Lz-oLdzF71aztskCerwDuB5PdqyCGMS9Qa2j40FTJ7RkuBG9PISUpGWYfZ28q7u94h8GyWtqRtPAF2aPD1rvckk-WTXLeMqEWtfEy0yCJ4MvEwp6MUgeb7EwRKUZ_cuVCE5Xm8rNebO9b2I3Jqdg8cNNyAxEYkWERBcfFtOfaQYD_8DNJvpNpJvZXAowaab7dzNgGBAxhTQ7s4S9h-Ly2nQIAIpbff_A4baI6rOqWfFxdzrxcFt34x0S_90Z3MXNziAb-ocG0WkPewRm0hvrF4E-zFTM4guTvtol0cKw9qWLb_JE-Idm9Zq-abkOS6FvM2E0j1iqKjT1GqM_EhOdIMzOidqxlls5v2UaaJ34PvR_1yTopm6Lguhr6uX3CW_F4A5tGAxsReeUDdGQAhkPYqZp8zjPUxjCA3cJEnMSGWHgqiBJ5lCLeH-SaccT828pSqYL8FrN0Qts3ILaElVVECHiWhN90lGaBSPw8pn19odH70wH651C2eonWKAKQMpNheGmyjrGE8n0jPwz-p-8ISp5H793wlWiTH2ay33METj0Vbgg-G1p1xcWD5WR4X-uyH1f-iNupvVNYn8mf0iPxM-I",
-            "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJ0Wk9RdjQ0Unh2MzJ4dTJReElzTnEiLCJzdWIiOiIzZmJlM2QwMy0yZDM4LTRjZjgtYjAzNy1kZDVjMjdkOWFmODAiLCJleHAiOjE2OTc5NTk5MjUsImlhdCI6MTY2NjQyMzkyNSwiY2xpZW50X2lkIjoiZGVtby1jbGllbnQtMSIsImlzcyI6Imh0dHBzOi8vYXV0aC1kZXYuY2l2aWMuY29tL29hdXRoLyIsImF1ZCI6ImNpdmljIn0.HxnjNL8P7K0WHoCQXpvbxtu_yTrcdudj4GI4fjQZEoVXJ14IkssKUa3aJGWZ2vJkxqIogoLmywYFBjvLZqcc1vo3Q-aLlVEb7EkjsQU4Qo8BMsJ0ZS2_4cDewt9WBUrMA-fDy3UwgoxHlM5OCjQ5lKAPLLm2FJDJ-djFOf_z0le9FOZ4MqkU7u_lc57e0jdCwSZmIRIU5DPX90jh-p2r8OxBwRorjAwuiiu59wTtYyEpfdicSwb7mM7hM6nFp-zl14ogWGCiW20_Lx0sz-1EfzUgw-rH2xW5R_QDUQtHJ15Pq0mtck77i608y2IElnQgwYlmSmn7gpSUoNB7Bh7cBckRfV1YHh8CoReQOKjtfCbhZYVdFDuuUaIEYmI_E9W-C4BKWJkdtX3kCy576jCx15-N7VBzVYIpkOVHHeZdRkMLVJCts2W84it0lCXgMg7KfOcuv8Lzqj_IrSBmP6jgKiOhWJ0eWQLrKGBKOS5IxhK6kyQjZSKy8Yj-N_iBt1PP4e-EWBL2jlQ81ycm4_qgUmiADryUVRchUUAyT-y5TD_LTb2gu-7h_ElKFJ_9scWjxn-SguJi2ObYaFqTes9cNtMFLP3mi9wHhlCngb5_Bw1goV0XHR1H-PSX-XOQ0MzTK7KA8uT1PHbRCsHEFkjMaZgWEwfxTqXVt2LzT6PH_Qs"
-        }
-    }
-}