npm - @descope/web-js-sdk - Versions diffs - 1.33.0 → 1.33.1 - Mend

@descope/web-js-sdk 1.33.0 → 1.33.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cjs/index.cjs.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),r=require("@fingerprintjs/fingerprintjs-pro");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=i(n),s=i(o);const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||r,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:a,cookieSecure:c}=n,l=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:i,secure:c})}}function D(e=""){return h(`${e}${x}`)||""}function R(e=""){return s.default.get(O)||h(`${e}${O}`)||""}function C(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),s.default.remove(O)}const E=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",A="vsid",J="vrid",$="fp",N=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},L=async(e,t=E)=>{try{if(N())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=r.load({apiKey:e,endpoint:[o.toString(),r.defaultEndpoint],scriptUrlPattern:[a,r.defaultScriptUrlPattern]}),c=await s,{requestId:l}=await c.get({linkedId:n}),d=((e,t)=>({[A]:e,[J]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},q=e=>{const t=N(!0);return t&&e.body&&(e.body.fpData=t),e},K="descopeFlowNonce",P="X-Descope-Flow-Nonce",F="/v1/flow/start",V="/v1/flow/next",M=(e,t=K)=>`${t}${e}`,W=(e,t=K)=>{try{const n=M(e,t);localStorage.removeItem(n)}catch(e){console.error("Error removing flow nonce:",e)}},H=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},B=e=>{var t;return e.path===V&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?H(e.body.executionId):null},G="dls_last_user_login_id",X="dls_last_user_display_name",Z=()=>h(G),Y=()=>h(X),z=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Z(),i=Y();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Q=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(G),v(X)),o};function ee(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const te=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function ne(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),n.publicKey.user.id=ce(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:le(o.rawId),type:o.type,response:{attestationObject:le(o.response.attestationObject),clientDataJSON:le(o.response.clientDataJSON)}});var o}async function oe(e){const t=ae(e);return se(await navigator.credentials.get(t))}async function re(e,t){const n=ae(e);n.signal=t.signal,n.mediation="conditional";return se(await navigator.credentials.get(n))}async function ie(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ae(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}function se(e){return JSON.stringify({id:e.id,rawId:le(e.rawId),type:e.type,response:{authenticatorData:le(e.response.authenticatorData),clientDataJSON:le(e.response.clientDataJSON),signature:le(e.response.signature),userHandle:e.response.userHandle?le(e.response.userHandle):void 0}})}function ce(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function le(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var de,ue=(de=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await oe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await oe(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:ne,get:oe,isSupported:ie,conditional:re}}),(...e)=>{const t=de(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},ge=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function fe(e,t){var n;try{await we(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function we(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=ge(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),a.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var he=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ie(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ve=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const me=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),a=document.createElement("script");a.src=i,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{me(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const be=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return me([k,_],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},Se=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await be(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),a=await r.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(i,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(ve())return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await r.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||C(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:a}=i;return window.localStorage.removeItem(r),t||window.location.replace(a),i}}},ke=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:r}=n,i=e.__rest(n,["fpKey","fpLoad"]);return b?(o&&r&&L(o).catch((()=>null)),t(u(i,{beforeRequest:q}))):t(i)}),(o=>r=>{var{autoRefresh:i}=r,a=e.__rest(r,["autoRefresh"]);if(!i||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(D()||d))}));const g=o(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:r,sessionExpiration:i}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||i){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,i),!l)return void y("Could not extract expiration time from session token");d=r;const e=I(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(D()||r)}),e)}}}));return n.wrapWith(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.0"},t.baseHeaders)}))),(e=>t=>{const o=ee(),r=ee(),i=ee(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))r.pub(null),i.pub(null),o.pub(null);else{const e=await g(t);e&&i.pub(e);const{sessionJwt:n,sessionExpiration:a}=await p(t);n&&r.pub(n),(a||n)&&o.pub(a||42)}}})),s=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return r.pub(null),i.pub(null),o.pub(null),n}));return Object.assign(s,{onSessionTokenChange:r.sub,onUserChange:i.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=K}=n,i=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(i);((e=K)=>{try{for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=localStorage.getItem(n);if(e)try{JSON.parse(e).expiry<Date.now()&&localStorage.removeItem(n)}catch(e){localStorage.removeItem(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return t(u(i,{afterRequest:async(e,t)=>{if(e.path!==F&&e.path!==V)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(P);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=B(e)),{nonce:n,executionId:H(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=K)=>{try{const r=M(e,o),i=n?172800:10800,a={value:t,expiry:Date.now()+1e3*i,isStart:n};localStorage.setItem(r,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===F,r)}},beforeRequest:e=>{if(e.path===V){const t=B(e);if(t){const n=((e,t=K)=>{try{const n=M(e,t),o=localStorage.getItem(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(W(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[P]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:r=!0,keepLastAuthenticatedUserAfterLogout:i=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!r)return Object.assign(t(a),{getLastUserLoginId:Z,getLastUserDisplayName:Y});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{w(G,e)})(r),(e=>{w(X,e)})(i))}}));let c=n.wrapWith(s,["flow.start"],z);return c=n.wrapWith(c,["logout","logoutAll"],Q(i)),Object.assign(c,{getLastUserLoginId:Z,getLastUserDisplayName:Y})}),(t=>o=>{var{persistTokens:r,sessionTokenViaCookie:i,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!r||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||D(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&w(`${n}${x}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;j(O,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else w(`${n}${O}`,r);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),i,a)}}));var l;const d=n.wrapWith(c,["logout","logoutAll","oidc.logout"],te(a));return Object.assign(d,{getRefreshToken:()=>D(a),getSessionToken:()=>R(a),getIdToken:()=>C(a)})}))((e=>{const t=a.default(e),n=Se(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=R(),a=D();let s="";if(e.getExternalToken)try{s=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:a?"t":"f"},s)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:he(t),webauthn:ue(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){fe(o,e)},requestAuthentication(e){fe(o,e)}},async oneTap(e,t,n,r,i){await we(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+pe.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));exports.REFRESH_TOKEN_KEY=x,exports.SESSION_TOKEN_KEY=O,exports.clearFingerprintData=()=>{localStorage.removeItem($)},exports.default=ke,exports.ensureFingerprintIds=L,exports.hasOidcParamsInUrl=ve;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),r=require("@fingerprintjs/fingerprintjs-pro");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=i(n),s=i(o);const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||r,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:a,cookieSecure:c}=n,l=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:i,secure:c})}}function D(e=""){return h(`${e}${x}`)||""}function R(e=""){return s.default.get(O)||h(`${e}${O}`)||""}function C(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),s.default.remove(O)}const E=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",A="vsid",J="vrid",$="fp",N=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},L=async(e,t=E)=>{try{if(N())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=r.load({apiKey:e,endpoint:[o.toString(),r.defaultEndpoint],scriptUrlPattern:[a,r.defaultScriptUrlPattern]}),c=await s,{requestId:l}=await c.get({linkedId:n}),d=((e,t)=>({[A]:e,[J]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},q=e=>{const t=N(!0);return t&&e.body&&(e.body.fpData=t),e},K="descopeFlowNonce",P="X-Descope-Flow-Nonce",F="/v1/flow/start",V="/v1/flow/next",M=(e,t=K)=>`${t}${e}`,W=(e,t=K)=>{try{const n=M(e,t);localStorage.removeItem(n)}catch(e){console.error("Error removing flow nonce:",e)}},H=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},B=e=>{var t;return e.path===V&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?H(e.body.executionId):null},G="dls_last_user_login_id",X="dls_last_user_display_name",Z=()=>h(G),Y=()=>h(X),z=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Z(),i=Y();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Q=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(G),v(X)),o};function ee(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const te=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function ne(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),n.publicKey.user.id=ce(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:le(o.rawId),type:o.type,response:{attestationObject:le(o.response.attestationObject),clientDataJSON:le(o.response.clientDataJSON)}});var o}async function oe(e){const t=ae(e);return se(await navigator.credentials.get(t))}async function re(e,t){const n=ae(e);n.signal=t.signal,n.mediation="conditional";return se(await navigator.credentials.get(n))}async function ie(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ae(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}function se(e){return JSON.stringify({id:e.id,rawId:le(e.rawId),type:e.type,response:{authenticatorData:le(e.response.authenticatorData),clientDataJSON:le(e.response.clientDataJSON),signature:le(e.response.signature),userHandle:e.response.userHandle?le(e.response.userHandle):void 0}})}function ce(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function le(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var de,ue=(de=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await oe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await oe(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:ne,get:oe,isSupported:ie,conditional:re}}),(...e)=>{const t=de(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},ge=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function fe(e,t){var n;try{await we(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function we(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=ge(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),a.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var he=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ie(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ve=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const me=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),a=document.createElement("script");a.src=i,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{me(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const be=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return me([k,_],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},Se=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await be(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),a=await r.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(i,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(ve())return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await r.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||C(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:a}=i;return window.localStorage.removeItem(r),t||window.location.replace(a),i}}},ke=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:r}=n,i=e.__rest(n,["fpKey","fpLoad"]);return b?(o&&r&&L(o).catch((()=>null)),t(u(i,{beforeRequest:q}))):t(i)}),(o=>r=>{var{autoRefresh:i}=r,a=e.__rest(r,["autoRefresh"]);if(!i||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(D()||d))}));const g=o(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:r,sessionExpiration:i}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||i){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,i),!l)return void y("Could not extract expiration time from session token");d=r;const e=I(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(D()||r)}),e)}}}));return n.wrapWith(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.1"},t.baseHeaders)}))),(e=>t=>{const o=ee(),r=ee(),i=ee(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))r.pub(null),i.pub(null),o.pub(null);else{const e=await g(t);e&&i.pub(e);const{sessionJwt:n,sessionExpiration:a}=await p(t);n&&r.pub(n),(a||n)&&o.pub(a||42)}}})),s=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return r.pub(null),i.pub(null),o.pub(null),n}));return Object.assign(s,{onSessionTokenChange:r.sub,onUserChange:i.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=K}=n,i=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(i);((e=K)=>{try{for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=localStorage.getItem(n);if(e)try{JSON.parse(e).expiry<Date.now()&&localStorage.removeItem(n)}catch(e){localStorage.removeItem(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return t(u(i,{afterRequest:async(e,t)=>{if(e.path!==F&&e.path!==V)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(P);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=B(e)),{nonce:n,executionId:H(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=K)=>{try{const r=M(e,o),i=n?172800:10800,a={value:t,expiry:Date.now()+1e3*i,isStart:n};localStorage.setItem(r,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===F,r)}},beforeRequest:e=>{if(e.path===V){const t=B(e);if(t){const n=((e,t=K)=>{try{const n=M(e,t),o=localStorage.getItem(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(W(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[P]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:r=!0,keepLastAuthenticatedUserAfterLogout:i=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!r)return Object.assign(t(a),{getLastUserLoginId:Z,getLastUserDisplayName:Y});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{w(G,e)})(r),(e=>{w(X,e)})(i))}}));let c=n.wrapWith(s,["flow.start"],z);return c=n.wrapWith(c,["logout","logoutAll"],Q(i)),Object.assign(c,{getLastUserLoginId:Z,getLastUserDisplayName:Y})}),(t=>o=>{var{persistTokens:r,sessionTokenViaCookie:i,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!r||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||D(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&w(`${n}${x}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;j(O,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else w(`${n}${O}`,r);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),i,a)}}));var l;const d=n.wrapWith(c,["logout","logoutAll","oidc.logout"],te(a));return Object.assign(d,{getRefreshToken:()=>D(a),getSessionToken:()=>R(a),getIdToken:()=>C(a)})}))((e=>{const t=a.default(e),n=Se(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=R(),a=D();let s="";if(e.getExternalToken)try{s=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:a?"t":"f"},s)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:he(t),webauthn:ue(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){fe(o,e)},requestAuthentication(e){fe(o,e)}},async oneTap(e,t,n,r,i){await we(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+pe.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));exports.REFRESH_TOKEN_KEY=x,exports.SESSION_TOKEN_KEY=O,exports.clearFingerprintData=()=>{localStorage.removeItem($)},exports.default=ke,exports.ensureFingerprintIds=L,exports.hasOidcParamsInUrl=ve;
 //# sourceMappingURL=index.cjs.js.map

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";const c=e=>{try{return t(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},g=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},p=async e=>{const t=await g(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),m=(...e)=>{console.debug(...e)},y="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${y}/dist/browser/oidc-client-ts.min.js`,I=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${y}/dist/browser/oidc-client-ts.min.js`,_=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(m(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:c}=n,l=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:a,secure:c})}}function C(e=""){return h(`${e}${x}`)||""}function D(e=""){return i.get(O)||h(`${e}${O}`)||""}function R(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),i.remove(O)}const A=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",E="vsid",J="vrid",$="fp",L=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},N=async(e,t=A)=>{try{if(L())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const c=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",l=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[c,s]}),d=await l,{requestId:u}=await d.get({linkedId:n}),g=((e,t)=>({[E]:e,[J]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(g)}catch(e){console.warn("Could not load fingerprint",e)}},P=()=>{localStorage.removeItem($)},K=e=>{const t=L(!0);return t&&e.body&&(e.body.fpData=t),e},q="descopeFlowNonce",F="X-Descope-Flow-Nonce",V="/v1/flow/start",M="/v1/flow/next",H=(e,t=q)=>`${t}${e}`,B=(e,t=q)=>{try{const n=H(e,t);localStorage.removeItem(n)}catch(e){console.error("Error removing flow nonce:",e)}},G=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},W=e=>{var t;return e.path===M&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?G(e.body.executionId):null},X="dls_last_user_login_id",Z="dls_last_user_display_name",z=()=>h(X),Q=()=>h(Z),Y=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=z(),r=Q();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ee=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(X),v(Z)),o};function te(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ne=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function oe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),n.publicKey.user.id=le(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:de(o.rawId),type:o.type,response:{attestationObject:de(o.response.attestationObject),clientDataJSON:de(o.response.clientDataJSON)}});var o}async function ie(e){const t=se(e);return ce(await navigator.credentials.get(t))}async function re(e,t){const n=se(e);n.signal=t.signal,n.mediation="conditional";return ce(await navigator.credentials.get(n))}async function ae(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function se(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}function ce(e){return JSON.stringify({id:e.id,rawId:de(e.rawId),type:e.type,response:{authenticatorData:de(e.response.authenticatorData),clientDataJSON:de(e.response.clientDataJSON),signature:de(e.response.signature),userHandle:e.response.userHandle?de(e.response.userHandle):void 0}})}function le(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function de(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ue,ge=(ue=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ie(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ie(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:oe,get:ie,isSupported:ae,conditional:re}}),(...e)=>{const t=ue(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},fe=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function we(e,t){var n;try{await he(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function he(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=fe(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ve=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ae(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const me=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const be=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{be(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Se=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return be([k,I],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${r}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},ke=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Se(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(me())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||R(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return window.localStorage.removeItem(i),t||window.location.replace(a),r}}},Ie=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return b?(o&&i&&N(o).catch((()=>null)),t(u(r,{beforeRequest:K}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return n(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(m("Expiration time passed, refreshing session"),p.refresh(C()||d))}));const p=n(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await g(n);if(401===(null==n?void 0:n.status))m("Received 401, canceling all timers"),s();else if(o||r){if(l=((e,n)=>{if(n)return new Date(1e3*n);m("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!l)return void m("Could not extract expiration time from session token");d=i;const e=_(l);if(s(),e<=2e4)return void m("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});m(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{m("Refreshing session due to timer"),p.refresh(C()||i)}),e)}}}));return o(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return m("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.0"},t.baseHeaders)}))),(e=>t=>{const n=te(),i=te(),r=te(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null);else{const e=await p(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a}=await g(t);o&&i.pub(o),(a||o)&&n.pub(a||42)}}})),s=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),o}));return Object.assign(s,{onSessionTokenChange:i.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=q}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=q)=>{try{for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=localStorage.getItem(n);if(e)try{JSON.parse(e).expiry<Date.now()&&localStorage.removeItem(n)}catch(e){localStorage.removeItem(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(i);return t(u(r,{afterRequest:async(e,t)=>{if(e.path!==V&&e.path!==M)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(F);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=W(e)),{nonce:n,executionId:G(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=q)=>{try{const i=H(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};localStorage.setItem(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===V,i)}},beforeRequest:e=>{if(e.path===M){const t=W(e);if(t){const n=((e,t=q)=>{try{const n=H(e,t),o=localStorage.getItem(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(B(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[F]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:z,getLastUserDisplayName:Q});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await p(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{w(X,e)})(i),(e=>{w(Z,e)})(r))}}));let c=o(s,["flow.start"],Y);return c=o(c,["logout","logoutAll"],ee(r)),Object.assign(c,{getLastUserLoginId:z,getLastUserDisplayName:Q})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||C(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&w(`${n}${x}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;j(O,i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else w(`${n}${O}`,i);e.idToken&&w(`${n}${U}`,e.idToken)})(await g(t),r,a)}}));var l;const d=o(c,["logout","logoutAll","oidc.logout"],ne(a));return Object.assign(d,{getRefreshToken:()=>C(a),getSessionToken:()=>D(a),getIdToken:()=>R(a)})}))((e=>{const t=n(e),o=ke(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async n=>{var i;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const r=D(),a=C();let s="";if(e.getExternalToken)try{s=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){m("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:r?"t":"f",dcr:a?"t":"f"},s)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:ve(t),webauthn:ge(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){we(i,e)},requestAuthentication(e){we(i,e)}},async oneTap(e,t,n,o,r){await he(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+pe.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{x as REFRESH_TOKEN_KEY,O as SESSION_TOKEN_KEY,P as clearFingerprintData,Ie as default,N as ensureFingerprintIds,me as hasOidcParamsInUrl};
+import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";const c=e=>{try{return t(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},g=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},p=async e=>{const t=await g(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),m=(...e)=>{console.debug(...e)},y="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${y}/dist/browser/oidc-client-ts.min.js`,I=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${y}/dist/browser/oidc-client-ts.min.js`,_=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(m(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:c}=n,l=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:a,secure:c})}}function C(e=""){return h(`${e}${x}`)||""}function D(e=""){return i.get(O)||h(`${e}${O}`)||""}function R(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),i.remove(O)}const A=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",E="vsid",J="vrid",$="fp",L=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},N=async(e,t=A)=>{try{if(L())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const c=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",l=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[c,s]}),d=await l,{requestId:u}=await d.get({linkedId:n}),g=((e,t)=>({[E]:e,[J]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(g)}catch(e){console.warn("Could not load fingerprint",e)}},P=()=>{localStorage.removeItem($)},K=e=>{const t=L(!0);return t&&e.body&&(e.body.fpData=t),e},q="descopeFlowNonce",F="X-Descope-Flow-Nonce",V="/v1/flow/start",M="/v1/flow/next",H=(e,t=q)=>`${t}${e}`,B=(e,t=q)=>{try{const n=H(e,t);localStorage.removeItem(n)}catch(e){console.error("Error removing flow nonce:",e)}},G=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},W=e=>{var t;return e.path===M&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?G(e.body.executionId):null},X="dls_last_user_login_id",Z="dls_last_user_display_name",z=()=>h(X),Q=()=>h(Z),Y=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=z(),r=Q();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ee=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(X),v(Z)),o};function te(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ne=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function oe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),n.publicKey.user.id=le(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:de(o.rawId),type:o.type,response:{attestationObject:de(o.response.attestationObject),clientDataJSON:de(o.response.clientDataJSON)}});var o}async function ie(e){const t=se(e);return ce(await navigator.credentials.get(t))}async function re(e,t){const n=se(e);n.signal=t.signal,n.mediation="conditional";return ce(await navigator.credentials.get(n))}async function ae(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function se(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}function ce(e){return JSON.stringify({id:e.id,rawId:de(e.rawId),type:e.type,response:{authenticatorData:de(e.response.authenticatorData),clientDataJSON:de(e.response.clientDataJSON),signature:de(e.response.signature),userHandle:e.response.userHandle?de(e.response.userHandle):void 0}})}function le(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function de(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ue,ge=(ue=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ie(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ie(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:oe,get:ie,isSupported:ae,conditional:re}}),(...e)=>{const t=ue(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},fe=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function we(e,t){var n;try{await he(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function he(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=fe(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ve=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ae(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const me=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const be=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{be(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Se=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return be([k,I],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${r}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},ke=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Se(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(me())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||R(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return window.localStorage.removeItem(i),t||window.location.replace(a),r}}},Ie=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return b?(o&&i&&N(o).catch((()=>null)),t(u(r,{beforeRequest:K}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return n(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(m("Expiration time passed, refreshing session"),p.refresh(C()||d))}));const p=n(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await g(n);if(401===(null==n?void 0:n.status))m("Received 401, canceling all timers"),s();else if(o||r){if(l=((e,n)=>{if(n)return new Date(1e3*n);m("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!l)return void m("Could not extract expiration time from session token");d=i;const e=_(l);if(s(),e<=2e4)return void m("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});m(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{m("Refreshing session due to timer"),p.refresh(C()||i)}),e)}}}));return o(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return m("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.1"},t.baseHeaders)}))),(e=>t=>{const n=te(),i=te(),r=te(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null);else{const e=await p(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a}=await g(t);o&&i.pub(o),(a||o)&&n.pub(a||42)}}})),s=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),o}));return Object.assign(s,{onSessionTokenChange:i.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=q}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=q)=>{try{for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=localStorage.getItem(n);if(e)try{JSON.parse(e).expiry<Date.now()&&localStorage.removeItem(n)}catch(e){localStorage.removeItem(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(i);return t(u(r,{afterRequest:async(e,t)=>{if(e.path!==V&&e.path!==M)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(F);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=W(e)),{nonce:n,executionId:G(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=q)=>{try{const i=H(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};localStorage.setItem(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===V,i)}},beforeRequest:e=>{if(e.path===M){const t=W(e);if(t){const n=((e,t=q)=>{try{const n=H(e,t),o=localStorage.getItem(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(B(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[F]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:z,getLastUserDisplayName:Q});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await p(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{w(X,e)})(i),(e=>{w(Z,e)})(r))}}));let c=o(s,["flow.start"],Y);return c=o(c,["logout","logoutAll"],ee(r)),Object.assign(c,{getLastUserLoginId:z,getLastUserDisplayName:Q})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||C(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&w(`${n}${x}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;j(O,i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else w(`${n}${O}`,i);e.idToken&&w(`${n}${U}`,e.idToken)})(await g(t),r,a)}}));var l;const d=o(c,["logout","logoutAll","oidc.logout"],ne(a));return Object.assign(d,{getRefreshToken:()=>C(a),getSessionToken:()=>D(a),getIdToken:()=>R(a)})}))((e=>{const t=n(e),o=ke(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async n=>{var i;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const r=D(),a=C();let s="";if(e.getExternalToken)try{s=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){m("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:r?"t":"f",dcr:a?"t":"f"},s)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:ve(t),webauthn:ge(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){we(i,e)},requestAuthentication(e){we(i,e)}},async oneTap(e,t,n,o,r){await he(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+pe.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{x as REFRESH_TOKEN_KEY,O as SESSION_TOKEN_KEY,P as clearFingerprintData,Ie as default,N as ensureFingerprintIds,me as hasOidcParamsInUrl};
 //# sourceMappingURL=index.esm.js.map

package/dist/index.umd.js CHANGED Viewed

@@ -1,4 +1,4 @@
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i=e=>{try{return r(e).exp}catch(e){return null}},s=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:i(n)},a=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?i(o):void 0)},c=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},l=async e=>{if(!(null==e?void 0:e.ok))return{};const n=await(null==e?void 0:e.clone().json());return(e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,c=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||a(e),cookieExpiration:e.cookieExpiration||s(e)},c)})((null==n?void 0:n.authInfo)||n||{})},u=async e=>{const t=await l(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},d="undefined"!=typeof localStorage,p=(e,t)=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),g=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),h=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e));var f={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const v="<region>",w=`https://api.${v}descope.com`,m=6e5,y="dct",b=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}};let k;const I=()=>{if(k)return k;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return k=`${t}-${n}`,k};var O,S;(S=O||(O={})).get="GET",S.delete="DELETE",S.post="POST",S.put="PUT",S.patch="PATCH";const U=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(v,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},j=(...e)=>new Headers(e.reduce(((e,t)=>{const n=(e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t);return n.reduce(((t,[n,o])=>(e[n]=o,e)),e),e}),{})),x={"Content-Type":"application/json"},T=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},R=(e,t)=>{const n={"x-descope-sdk-session-id":I(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.44.0","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},C=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e},E=({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=((e,t)=>{const n=(e=>async(...t)=>{const n=await e(...t),o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n})(t||fetch);return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>b().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await n(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return b().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).build()})(o)),o}:n})(r,a),l=async r=>{var a;const l=(null==i?void 0:i.beforeRequest)?i.beforeRequest(r):r,{path:u,body:d,headers:p,queryParams:g,method:h,token:f}=l,v=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:j(T(t,f),R(t,o),(null==n?void 0:n.baseHeaders)||{},C(v)?x:{},p),method:h,body:v};null!==s&&(w.credentials=s||"include");const m=await c(U({path:u,baseUrl:e,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(r,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(a=m.headers)||void 0===a?void 0:a.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:O.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:O.delete,token:o}),hooks:i,buildUrl:(n,o)=>U({projectId:t,baseUrl:e,path:n,queryParams:o})}};var P=429;function _(e,t,n){var o;let r=$(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[y])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function $(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function D(e){const{exp:t}=$(e);return(new Date).getTime()/1e3>t}function A(e){let t=$(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function L(e,t){return _(e,t,"permissions")}function q(e,t){return _(e,t,"roles")}const N=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function J(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===P&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function K(e){var t;return(null===(t=$(e))||void 0===t?void 0:t[y])||""}const M=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),F=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},V=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),H=e=>t=>e.test(t),B=H(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),z=H(/^\+[1-9]{1}[0-9]{3,14}$/),Z=M(B,'"{val}" is not a valid email'),G=M(z,'"{val}" is not a valid phone number'),W=M((e=>e.length>=1),"Minimum length is 1");const X=M((e=>"string"==typeof e),"Input is not a string"),Y=M((e=>Array.isArray(e)),"Input is not an array"),Q=M((e=>"boolean"==typeof e),"Input is not a boolean"),ee=M((e=>void 0===e),"Input is defined"),te=F([X(),ee()],"Input is not a string or undefined"),ne=F([Y(),Q()],"Input is not an array or boolean"),oe=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>V(...e).validate(n[t]))),t(...n)),re=e=>[X(`"${e}" must be a string`)],ie=e=>[te(`"${e}" must be string or undefined`)],se=e=>[X(`"${e}" must be a string`),W(`"${e}" must not be empty`)],ae=e=>[X(`"${e}" must be a string`),Z()],ce=e=>[X(`"${e}" must be a string`),G()],le=oe(se("accessKey")),ue=e=>({exchange:le(((t,n)=>J(e.post(f.accessKey.exchange,{loginOptions:n},{token:t}))))}),de=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),pe=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||m,m)});var ge,he;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp"}(ge||(ge={})),function(e){e.email="email"}(he||(he={}));const fe=Object.assign(Object.assign({},ge),he);var ve;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(ve||(ve={}));const we=se("loginId"),me=oe(se("token")),ye=oe(we),be=oe(se("pendingRef")),ke=oe(we,ae("email")),Ie=e=>({verify:me((t=>J(e.post(f.enchantedLink.verify,{token:t})))),signIn:ye(((t,n,o,r)=>J(e.post(N(f.enchantedLink.signIn,fe.email),{loginId:t,URI:n,loginOptions:o},{token:r})))),signUpOrIn:ye(((t,n,o)=>J(e.post(N(f.enchantedLink.signUpOrIn,fe.email),{loginId:t,URI:n,loginOptions:o})))),signUp:ye(((t,n,o,r)=>J(e.post(N(f.enchantedLink.signUp,fe.email),{loginId:t,URI:n,user:o,loginOptions:r})))),waitForSession:be(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=pe(n);let s;const a=setInterval((async()=>{const n=await e.post(f.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(J(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:ke(((t,n,o,r,i)=>J(e.post(f.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Oe=oe(se("flowId")),Se=oe(se("executionId"),se("stepId"),se("interactionId")),Ue=e=>({start:Oe(((t,n,o,r,i,s,a)=>J(e.post(f.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a})))),next:Se(((t,n,o,r,i,s)=>J(e.post(f.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s}))))}),je=se("loginId"),xe=oe(se("token")),Te=oe(je),Re=oe(je,ce("phone")),Ce=oe(je,ae("email")),Ee=Object.keys(fe).filter((e=>e!==ge.voice)),Pe=e=>({verify:xe((t=>J(e.post(f.magicLink.verify,{token:t})))),signIn:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r,i)=>J(e.post(N(f.magicLink.signIn,n),{loginId:t,URI:o,loginOptions:r},{token:i}))))})),{}),signUp:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r,i)=>J(e.post(N(f.magicLink.signUp,n),{loginId:t,URI:o,user:r,loginOptions:i}))))})),{}),signUpOrIn:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r)=>J(e.post(N(f.magicLink.signUpOrIn,n),{loginId:t,URI:o,loginOptions:r}))))})),{}),update:{email:Ce(((t,n,o,r,i)=>J(e.post(f.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(ge).filter((e=>e!==ge.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Re(((t,o,r,i,s)=>J(e.post(N(f.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var _e;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(_e||(_e={}));const $e=oe(se("code")),De=e=>({start:Object.assign(((t,n,o,r)=>J(e.post(f.oauth.start,o||{},{queryParams:Object.assign({provider:t},n&&{redirectURL:n}),token:r}))),Object.keys(_e).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r)=>J(e.post(f.oauth.start,o||{},{queryParams:Object.assign({provider:n},t&&{redirectURL:t}),token:r}))})),{})),exchange:$e((t=>J(e.post(f.oauth.exchange,{code:t})))),startNative:(t,n,o)=>J(e.post(f.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>J(e.post(f.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>J(e.get(f.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>J(e.post(f.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>J(e.post(f.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Ae=se("appId"),Le=oe(Ae),qe=e=>({connect:Le(((t,n,o)=>J(e.post(f.outbound.connect,{appId:t,options:n},{token:o}))))}),Ne=se("loginId"),Je=oe(Ne,se("code")),Ke=oe(Ne),Me=oe(Ne,ce("phone")),Fe=oe(Ne,ae("email")),Ve=e=>({verify:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Je(((t,o)=>J(e.post(N(f.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o,r)=>J(e.post(N(f.otp.signIn,n),{loginId:t,loginOptions:o},{token:r}))))})),{}),signUp:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o,r)=>J(e.post(N(f.otp.signUp,n),{loginId:t,user:o,loginOptions:r}))))})),{}),signUpOrIn:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o)=>J(e.post(N(f.otp.signUpOrIn,n),{loginId:t,loginOptions:o}))))})),{}),update:{email:Fe(((t,n,o,r)=>J(e.post(f.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(ge).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Me(((t,o,r,i)=>J(e.post(N(f.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),He=oe(se("tenant")),Be=oe(se("code")),ze=e=>({start:He(((t,n,o,r,i)=>J(e.post(f.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i})},r&&{token:r}))))),exchange:Be((t=>J(e.post(f.saml.exchange,{code:t}))))}),Ze=se("loginId"),Ge=oe(Ze,se("code")),We=oe(Ze),Xe=oe(Ze),Ye=e=>({signUp:We(((t,n)=>J(e.post(f.totp.signUp,{loginId:t,user:n})))),verify:Ge(((t,n,o,r)=>J(e.post(f.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:Xe(((t,n)=>J(e.post(f.totp.update,{loginId:t},{token:n}))))}),Qe=se("loginId"),et=se("newPassword"),tt=oe(Qe,se("password")),nt=oe(Qe),ot=oe(Qe,et),rt=oe(Qe,se("oldPassword"),et),it=e=>({signUp:tt(((t,n,o,r)=>J(e.post(f.password.signUp,{loginId:t,password:n,user:o,loginOptions:r})))),signIn:tt(((t,n,o)=>J(e.post(f.password.signIn,{loginId:t,password:n,loginOptions:o})))),sendReset:nt(((t,n,o)=>J(e.post(f.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:ot(((t,n,o)=>J(e.post(f.password.update,{loginId:t,newPassword:n},{token:o})))),replace:rt(((t,n,o)=>J(e.post(f.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>J(e.get(f.password.policy))}),st=re("loginId"),at=se("loginId"),ct=se("origin"),lt=oe(at,ct,se("name")),ut=oe(at,ct),dt=oe(st,ct),pt=oe(at,ct,ie("token")),gt=oe(se("transactionId"),se("response")),ht=e=>({signUp:{start:lt(((t,n,o,r)=>J(e.post(f.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:gt(((t,n)=>J(e.post(f.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:dt(((t,n,o,r,i)=>J(e.post(f.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:gt(((t,n)=>J(e.post(f.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:ut(((t,n,o)=>J(e.post(f.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:pt(((t,n,o,r)=>J(e.post(f.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:gt(((t,n)=>J(e.post(f.webauthn.update.finish,{transactionId:t,response:n}))))}}),ft=re("loginId"),vt=oe(ft),wt=oe(se("pendingRef")),mt=e=>({signUpOrIn:vt(((t,n)=>J(e.post(f.notp.signUpOrIn,{loginId:t,loginOptions:n})))),signUp:vt(((t,n,o)=>J(e.post(f.notp.signUp,{loginId:t,user:n,loginOptions:o})))),signIn:vt(((t,n,o)=>J(e.post(f.notp.signIn,{loginId:t,loginOptions:n},{token:o})))),waitForSession:wt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=pe(n);let s;const a=setInterval((async()=>{const n=await e.post(f.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(J(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),yt=oe(se("token")),bt=oe(ie("token"));var kt,It=oe([(kt=se("projectId"),M(((e,t)=>n=>V(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",kt))())])((e=>t=>{var n;return e(Object.assign(Object.assign({},t),{hooks:{beforeRequest:e=>{var n;const o=[].concat((null===(n=t.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),e)},afterRequest:async(e,n)=>{var o;const r=[].concat((null===(o=t.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((t=>t(e,null==n?void 0:n.clone()))))).forEach((e=>{var n;return"rejected"===e.status&&(null===(n=t.logger)||void 0===n?void 0:n.error(e.reason))}))},transformResponse:null===(n=t.hooks)||void 0===n?void 0:n.transformResponse}}))})((({projectId:e,logger:t,baseUrl:n,hooks:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a})=>{return c=E({baseUrl:n||w,projectId:e,logger:t,hooks:o,cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:ue(c),otp:Ve(c),magicLink:Pe(c),enchantedLink:Ie(c),oauth:De(c),outbound:qe(c),saml:ze(c),totp:Ye(c),notp:mt(c),webauthn:ht(c),password:it(c),flow:Ue(c),refresh:bt(((e,t,n)=>{const o={};return n&&(o.externalToken=n),J(c.post(f.refresh,o,{token:e,queryParams:t}))})),selectTenant:oe([X("tenantId")],[te('"token" must be string or undefined')])(((e,t)=>J(c.post(f.selectTenant,{tenant:e},{token:t})))),logout:bt((e=>J(c.post(f.logout,{},{token:e})))),logoutAll:bt((e=>J(c.post(f.logoutAll,{},{token:e})))),me:bt((e=>J(c.get(f.me,{token:e})))),myTenants:oe([ne('"tenants" must a string array or a boolean')],[te('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,J(c.post(f.myTenants,n,{token:t}))})),history:bt((e=>J(c.get(f.history,{token:e})))),isJwtExpired:yt(D),getTenants:yt(A),getJwtPermissions:yt(L),getJwtRoles:yt(q),getCurrentTenant:yt(K),httpClient:c};var c}))),Ot=Object.assign(It,{DeliveryMethods:fe});const St=(...e)=>{console.debug(...e)},Ut="3.2.0",jt="undefined"!=typeof window,xt=Math.pow(2,31)-1,Tt=`https://descopecdn.com/npm/oidc-client-ts@${Ut}/dist/browser/oidc-client-ts.min.js`,Rt=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${Ut}/dist/browser/oidc-client-ts.min.js`,Ct=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>xt&&(St(`Timeout is too large (${t}ms), setting it to ${xt}ms`),t=xt),t};
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i=e=>{try{return r(e).exp}catch(e){return null}},s=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:i(n)},a=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?i(o):void 0)},c=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},l=async e=>{if(!(null==e?void 0:e.ok))return{};const n=await(null==e?void 0:e.clone().json());return(e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,c=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||a(e),cookieExpiration:e.cookieExpiration||s(e)},c)})((null==n?void 0:n.authInfo)||n||{})},u=async e=>{const t=await l(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},d="undefined"!=typeof localStorage,p=(e,t)=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),g=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),h=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e));var f={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const v="<region>",w=`https://api.${v}descope.com`,m=6e5,y="dct",b=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}};let k;const I=()=>{if(k)return k;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return k=`${t}-${n}`,k};var O,S;(S=O||(O={})).get="GET",S.delete="DELETE",S.post="POST",S.put="PUT",S.patch="PATCH";const U=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(v,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},j=(...e)=>new Headers(e.reduce(((e,t)=>{const n=(e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t);return n.reduce(((t,[n,o])=>(e[n]=o,e)),e),e}),{})),x={"Content-Type":"application/json"},T=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},R=(e,t)=>{const n={"x-descope-sdk-session-id":I(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.44.1","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},C=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e},E=({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=((e,t)=>{const n=(e=>async(...t)=>{const n=await e(...t),o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n})(t||fetch);return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>b().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await n(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return b().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).build()})(o)),o}:n})(r,a),l=async r=>{var a;const l=(null==i?void 0:i.beforeRequest)?i.beforeRequest(r):r,{path:u,body:d,headers:p,queryParams:g,method:h,token:f}=l,v=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:j(T(t,f),R(t,o),(null==n?void 0:n.baseHeaders)||{},C(v)?x:{},p),method:h,body:v};null!==s&&(w.credentials=s||"include");const m=await c(U({path:u,baseUrl:e,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(r,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(a=m.headers)||void 0===a?void 0:a.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:O.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:O.delete,token:o}),hooks:i,buildUrl:(n,o)=>U({projectId:t,baseUrl:e,path:n,queryParams:o})}};var P=429;function _(e,t,n){var o;let r=$(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[y])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function $(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function D(e){const{exp:t}=$(e);return(new Date).getTime()/1e3>t}function A(e){let t=$(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function L(e,t){return _(e,t,"permissions")}function q(e,t){return _(e,t,"roles")}const N=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function J(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===P&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function K(e){var t;return(null===(t=$(e))||void 0===t?void 0:t[y])||""}const M=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),F=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},V=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),H=e=>t=>e.test(t),B=H(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),z=H(/^\+[1-9]{1}[0-9]{3,14}$/),Z=M(B,'"{val}" is not a valid email'),G=M(z,'"{val}" is not a valid phone number'),W=M((e=>e.length>=1),"Minimum length is 1");const X=M((e=>"string"==typeof e),"Input is not a string"),Y=M((e=>Array.isArray(e)),"Input is not an array"),Q=M((e=>"boolean"==typeof e),"Input is not a boolean"),ee=M((e=>void 0===e),"Input is defined"),te=F([X(),ee()],"Input is not a string or undefined"),ne=F([Y(),Q()],"Input is not an array or boolean"),oe=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>V(...e).validate(n[t]))),t(...n)),re=e=>[X(`"${e}" must be a string`)],ie=e=>[te(`"${e}" must be string or undefined`)],se=e=>[X(`"${e}" must be a string`),W(`"${e}" must not be empty`)],ae=e=>[X(`"${e}" must be a string`),Z()],ce=e=>[X(`"${e}" must be a string`),G()],le=oe(se("accessKey")),ue=e=>({exchange:le(((t,n)=>J(e.post(f.accessKey.exchange,{loginOptions:n},{token:t}))))}),de=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),pe=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||m,m)});var ge,he;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp"}(ge||(ge={})),function(e){e.email="email"}(he||(he={}));const fe=Object.assign(Object.assign({},ge),he);var ve;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(ve||(ve={}));const we=se("loginId"),me=oe(se("token")),ye=oe(we),be=oe(se("pendingRef")),ke=oe(we,ae("email")),Ie=e=>({verify:me((t=>J(e.post(f.enchantedLink.verify,{token:t})))),signIn:ye(((t,n,o,r)=>J(e.post(N(f.enchantedLink.signIn,fe.email),{loginId:t,URI:n,loginOptions:o},{token:r})))),signUpOrIn:ye(((t,n,o)=>J(e.post(N(f.enchantedLink.signUpOrIn,fe.email),{loginId:t,URI:n,loginOptions:o})))),signUp:ye(((t,n,o,r)=>J(e.post(N(f.enchantedLink.signUp,fe.email),{loginId:t,URI:n,user:o,loginOptions:r})))),waitForSession:be(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=pe(n);let s;const a=setInterval((async()=>{const n=await e.post(f.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(J(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:ke(((t,n,o,r,i)=>J(e.post(f.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Oe=oe(se("flowId")),Se=oe(se("executionId"),se("stepId"),se("interactionId")),Ue=e=>({start:Oe(((t,n,o,r,i,s,a)=>J(e.post(f.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a})))),next:Se(((t,n,o,r,i,s)=>J(e.post(f.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s}))))}),je=se("loginId"),xe=oe(se("token")),Te=oe(je),Re=oe(je,ce("phone")),Ce=oe(je,ae("email")),Ee=Object.keys(fe).filter((e=>e!==ge.voice)),Pe=e=>({verify:xe((t=>J(e.post(f.magicLink.verify,{token:t})))),signIn:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r,i)=>J(e.post(N(f.magicLink.signIn,n),{loginId:t,URI:o,loginOptions:r},{token:i}))))})),{}),signUp:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r,i)=>J(e.post(N(f.magicLink.signUp,n),{loginId:t,URI:o,user:r,loginOptions:i}))))})),{}),signUpOrIn:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r)=>J(e.post(N(f.magicLink.signUpOrIn,n),{loginId:t,URI:o,loginOptions:r}))))})),{}),update:{email:Ce(((t,n,o,r,i)=>J(e.post(f.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(ge).filter((e=>e!==ge.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Re(((t,o,r,i,s)=>J(e.post(N(f.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var _e;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(_e||(_e={}));const $e=oe(se("code")),De=e=>({start:Object.assign(((t,n,o,r)=>J(e.post(f.oauth.start,o||{},{queryParams:Object.assign({provider:t},n&&{redirectURL:n}),token:r}))),Object.keys(_e).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r)=>J(e.post(f.oauth.start,o||{},{queryParams:Object.assign({provider:n},t&&{redirectURL:t}),token:r}))})),{})),exchange:$e((t=>J(e.post(f.oauth.exchange,{code:t})))),startNative:(t,n,o)=>J(e.post(f.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>J(e.post(f.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>J(e.get(f.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>J(e.post(f.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>J(e.post(f.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Ae=se("appId"),Le=oe(Ae),qe=e=>({connect:Le(((t,n,o)=>J(e.post(f.outbound.connect,{appId:t,options:n},{token:o}))))}),Ne=se("loginId"),Je=oe(Ne,se("code")),Ke=oe(Ne),Me=oe(Ne,ce("phone")),Fe=oe(Ne,ae("email")),Ve=e=>({verify:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Je(((t,o)=>J(e.post(N(f.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o,r)=>J(e.post(N(f.otp.signIn,n),{loginId:t,loginOptions:o},{token:r}))))})),{}),signUp:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o,r)=>J(e.post(N(f.otp.signUp,n),{loginId:t,user:o,loginOptions:r}))))})),{}),signUpOrIn:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o)=>J(e.post(N(f.otp.signUpOrIn,n),{loginId:t,loginOptions:o}))))})),{}),update:{email:Fe(((t,n,o,r)=>J(e.post(f.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(ge).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Me(((t,o,r,i)=>J(e.post(N(f.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),He=oe(se("tenant")),Be=oe(se("code")),ze=e=>({start:He(((t,n,o,r,i)=>J(e.post(f.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i})},r&&{token:r}))))),exchange:Be((t=>J(e.post(f.saml.exchange,{code:t}))))}),Ze=se("loginId"),Ge=oe(Ze,se("code")),We=oe(Ze),Xe=oe(Ze),Ye=e=>({signUp:We(((t,n)=>J(e.post(f.totp.signUp,{loginId:t,user:n})))),verify:Ge(((t,n,o,r)=>J(e.post(f.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:Xe(((t,n)=>J(e.post(f.totp.update,{loginId:t},{token:n}))))}),Qe=se("loginId"),et=se("newPassword"),tt=oe(Qe,se("password")),nt=oe(Qe),ot=oe(Qe,et),rt=oe(Qe,se("oldPassword"),et),it=e=>({signUp:tt(((t,n,o,r)=>J(e.post(f.password.signUp,{loginId:t,password:n,user:o,loginOptions:r})))),signIn:tt(((t,n,o)=>J(e.post(f.password.signIn,{loginId:t,password:n,loginOptions:o})))),sendReset:nt(((t,n,o)=>J(e.post(f.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:ot(((t,n,o)=>J(e.post(f.password.update,{loginId:t,newPassword:n},{token:o})))),replace:rt(((t,n,o)=>J(e.post(f.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>J(e.get(f.password.policy))}),st=re("loginId"),at=se("loginId"),ct=se("origin"),lt=oe(at,ct,se("name")),ut=oe(at,ct),dt=oe(st,ct),pt=oe(at,ct,ie("token")),gt=oe(se("transactionId"),se("response")),ht=e=>({signUp:{start:lt(((t,n,o,r)=>J(e.post(f.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:gt(((t,n)=>J(e.post(f.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:dt(((t,n,o,r,i)=>J(e.post(f.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:gt(((t,n)=>J(e.post(f.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:ut(((t,n,o)=>J(e.post(f.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:pt(((t,n,o,r)=>J(e.post(f.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:gt(((t,n)=>J(e.post(f.webauthn.update.finish,{transactionId:t,response:n}))))}}),ft=re("loginId"),vt=oe(ft),wt=oe(se("pendingRef")),mt=e=>({signUpOrIn:vt(((t,n)=>J(e.post(f.notp.signUpOrIn,{loginId:t,loginOptions:n})))),signUp:vt(((t,n,o)=>J(e.post(f.notp.signUp,{loginId:t,user:n,loginOptions:o})))),signIn:vt(((t,n,o)=>J(e.post(f.notp.signIn,{loginId:t,loginOptions:n},{token:o})))),waitForSession:wt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=pe(n);let s;const a=setInterval((async()=>{const n=await e.post(f.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(J(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),yt=oe(se("token")),bt=oe(ie("token"));var kt,It=oe([(kt=se("projectId"),M(((e,t)=>n=>V(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",kt))())])((e=>t=>{var n;return e(Object.assign(Object.assign({},t),{hooks:{beforeRequest:e=>{var n;const o=[].concat((null===(n=t.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),e)},afterRequest:async(e,n)=>{var o;const r=[].concat((null===(o=t.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((t=>t(e,null==n?void 0:n.clone()))))).forEach((e=>{var n;return"rejected"===e.status&&(null===(n=t.logger)||void 0===n?void 0:n.error(e.reason))}))},transformResponse:null===(n=t.hooks)||void 0===n?void 0:n.transformResponse}}))})((({projectId:e,logger:t,baseUrl:n,hooks:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a})=>{return c=E({baseUrl:n||w,projectId:e,logger:t,hooks:o,cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:ue(c),otp:Ve(c),magicLink:Pe(c),enchantedLink:Ie(c),oauth:De(c),outbound:qe(c),saml:ze(c),totp:Ye(c),notp:mt(c),webauthn:ht(c),password:it(c),flow:Ue(c),refresh:bt(((e,t,n)=>{const o={};return n&&(o.externalToken=n),J(c.post(f.refresh,o,{token:e,queryParams:t}))})),selectTenant:oe([X("tenantId")],[te('"token" must be string or undefined')])(((e,t)=>J(c.post(f.selectTenant,{tenant:e},{token:t})))),logout:bt((e=>J(c.post(f.logout,{},{token:e})))),logoutAll:bt((e=>J(c.post(f.logoutAll,{},{token:e})))),me:bt((e=>J(c.get(f.me,{token:e})))),myTenants:oe([ne('"tenants" must a string array or a boolean')],[te('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,J(c.post(f.myTenants,n,{token:t}))})),history:bt((e=>J(c.get(f.history,{token:e})))),isJwtExpired:yt(D),getTenants:yt(A),getJwtPermissions:yt(L),getJwtRoles:yt(q),getCurrentTenant:yt(K),httpClient:c};var c}))),Ot=Object.assign(It,{DeliveryMethods:fe});const St=(...e)=>{console.debug(...e)},Ut="3.2.0",jt="undefined"!=typeof window,xt=Math.pow(2,31)-1,Tt=`https://descopecdn.com/npm/oidc-client-ts@${Ut}/dist/browser/oidc-client-ts.min.js`,Rt=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${Ut}/dist/browser/oidc-client-ts.min.js`,Ct=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>xt&&(St(`Timeout is too large (${t}ms), setting it to ${xt}ms`),t=xt),t};
 /*! js-cookie v3.0.5 | MIT */
-function Et(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var Pt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Et({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Et({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Et({},this.attributes,t))},withConverter:function(t){return e(Et({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const _t="DS",$t="DSR",Dt="DSI";function At(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);Pt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Lt(e=""){return g(`${e}${$t}`)||""}function qt(e=""){return Pt.get(_t)||g(`${e}${_t}`)||""}function Nt(e=""){return g(`${e}${Dt}`)||""}function Jt(e=""){h(`${e}${$t}`),h(`${e}${_t}`),h(`${e}${Dt}`),Pt.remove(_t)}const Kt=jt&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Mt="vsid",Ft="vrid";var Vt={default:"endpoint"},Ht="Blocked by CSP",Bt="The endpoint parameter is not a valid URL",zt="Failed to load the JS script of the agent",Zt="9319";function Gt(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===Ht||s===Bt)n.exclude(),i=0;else if(s===Zt)n.exclude();else if(s===zt){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],u=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(l).then((function(e){return[e,a]}))}var Wt="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",Xt=Wt;function Yt(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:Wt,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=l[0],d=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return Gt(e,Qt)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===Zt?new Error(zt):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function Qt(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(Bt);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(zt))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(Ht)})).then(en)}function en(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(Zt);return n}const tn=(e=!1)=>{const t=localStorage.getItem("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},nn=async(e,t=Kt)=>{try{if(tn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=Yt({apiKey:e,endpoint:[o.toString(),Vt],scriptUrlPattern:[i,Xt]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[Mt]:e,[Ft]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},on=e=>{const t=tn(!0);return t&&e.body&&(e.body.fpData=t),e},rn="descopeFlowNonce",sn="X-Descope-Flow-Nonce",an="/v1/flow/start",cn="/v1/flow/next",ln=(e,t=rn)=>`${t}${e}`,un=(e,t=rn)=>{try{const n=ln(e,t);localStorage.removeItem(n)}catch(e){console.error("Error removing flow nonce:",e)}},dn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},pn=e=>{var t;return e.path===cn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?dn(e.body.executionId):null},gn="dls_last_user_login_id",hn="dls_last_user_display_name",fn=()=>g(gn),vn=()=>g(hn),wn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=fn(),i=vn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},mn=e=>t=>async(...n)=>{const o=await t(...n);return e||(h(gn),h(hn)),o};function yn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const bn=e=>t=>async(...n)=>{const o=await t(...n);return Jt(e),o};async function kn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=xn(n.publicKey.challenge),n.publicKey.user.id=xn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=xn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Tn(o.rawId),type:o.type,response:{attestationObject:Tn(o.response.attestationObject),clientDataJSON:Tn(o.response.clientDataJSON)}});var o}async function In(e){const t=Un(e);return jn(await navigator.credentials.get(t))}async function On(e,t){const n=Un(e);n.signal=t.signal,n.mediation="conditional";return jn(await navigator.credentials.get(n))}async function Sn(e=!1){if(!jt)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function Un(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=xn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=xn(e.id)})),n}function jn(e){return JSON.stringify({id:e.id,rawId:Tn(e.rawId),type:e.type,response:{authenticatorData:Tn(e.response.authenticatorData),clientDataJSON:Tn(e.response.clientDataJSON),signature:Tn(e.response.signature),userHandle:e.response.userHandle?Tn(e.response.userHandle):void 0}})}function xn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Tn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Rn,Cn=(Rn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await kn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await In(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await kn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await In(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await kn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:kn,get:In,isSupported:Sn,conditional:On}}),(...e)=>{const t=Rn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const En={config:"/fedcm/config"},Pn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function _n(e,t){var n;try{await $n(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function $n(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Pn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Dn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Sn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let An;const Ln=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Ln(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const qn=async(e,t,n)=>{An||(An=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ln([Tt,Rt],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await An;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,s=(null==n?void 0:n.redirectUri)||window.location.href,a=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const u={authority:l,client_id:t,redirect_uri:s,response_type:"code",scope:a,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(u.scope=n.scope),{client:new o(u),stateUserKey:c}},Nn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await qn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),window.localStorage.setItem(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Nt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return window.localStorage.removeItem(r),t||window.location.replace(s),i}}},Jn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return jt?(o&&r&&nn(o).catch((()=>null)),e(c(i,{beforeRequest:on}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||"undefined"!=typeof window&&window.descopeBridge)return e(i);const{clearAllTimers:s,setTimer:a}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let u,d;jt&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&u&&new Date>u&&(St("Expiration time passed, refreshing session"),p.refresh(Lt()||d))}));const p=e(c(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i}=await l(t);if(401===(null==t?void 0:t.status))St("Received 401, canceling all timers"),s();else if(n||i){if(u=((e,t)=>{if(t)return new Date(1e3*t);St("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!u)return void St("Could not extract expiration time from session token");d=o;const e=Ct(u);if(s(),e<=2e4)return void St("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});St(`Setting refresh timer for ${t}. (${e}ms)`),a((()=>{St("Refreshing session due to timer"),p.refresh(Lt()||o)}),e)}}}));return de(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return St("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.0"},t.baseHeaders)}))),(e=>t=>{const n=yn(),o=yn(),r=yn(),i=e(c(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null);else{const e=await u(t);e&&r.pub(e);const{sessionJwt:i,sessionExpiration:s}=await l(t);i&&o.pub(i),(s||i)&&n.pub(s||42)}}})),s=de(i,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const i=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i}));return Object.assign(s,{onSessionTokenChange:o.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=rn}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=rn)=>{try{for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=localStorage.getItem(n);if(e)try{JSON.parse(e).expiry<Date.now()&&localStorage.removeItem(n)}catch(e){localStorage.removeItem(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return e(c(i,{afterRequest:async(e,t)=>{if(e.path!==an&&e.path!==cn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(sn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=pn(e)),{nonce:n,executionId:dn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=rn)=>{try{const r=ln(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};localStorage.setItem(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===an,r)}},beforeRequest:e=>{if(e.path===cn){const t=pn(e);if(t){const n=((e,t=rn)=>{try{const n=ln(e,t),o=localStorage.getItem(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(un(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[sn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:fn,getLastUserDisplayName:vn});const s=e(c(i,{afterRequest:async(e,t)=>{var n;const o=await u(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{p(gn,e)})(r),(e=>{p(hn,e)})(i))}}));let a=de(s,["flow.start"],wn);return a=de(a,["logout","logoutAll"],mn(r)),Object.assign(a,{getLastUserLoginId:fn,getLastUserDisplayName:vn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,storagePrefix:i}=n,s=t(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!o||!jt)return e(s);const a=e(c(s,{beforeRequest:(u=i,e=>Object.assign(e,{token:e.token||Lt(u)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||Jt(i):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&p(`${n}${$t}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;At(_t,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else p(`${n}${_t}`,r);e.idToken&&p(`${n}${Dt}`,e.idToken)})(await l(t),r,i)}}));var u;const d=de(a,["logout","logoutAll","oidc.logout"],bn(i));return Object.assign(d,{getRefreshToken:()=>Lt(i),getSessionToken:()=>qt(i),getIdToken:()=>Nt(i)})}))((e=>{const t=Ot(e),n=Nn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=qt(),s=Lt();let a="";if(e.getExternalToken)try{a=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){St("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:s?"t":"f"},a)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Dn(t),webauthn:Cn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){_n(o,e)},requestAuthentication(e){_n(o,e)}},async oneTap(e,t,n,r,i){await $n(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+En.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>jt&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+En.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Jn.REFRESH_TOKEN_KEY=$t,Jn.SESSION_TOKEN_KEY=_t,Jn}));
+function Et(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var Pt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Et({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Et({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Et({},this.attributes,t))},withConverter:function(t){return e(Et({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const _t="DS",$t="DSR",Dt="DSI";function At(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);Pt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Lt(e=""){return g(`${e}${$t}`)||""}function qt(e=""){return Pt.get(_t)||g(`${e}${_t}`)||""}function Nt(e=""){return g(`${e}${Dt}`)||""}function Jt(e=""){h(`${e}${$t}`),h(`${e}${_t}`),h(`${e}${Dt}`),Pt.remove(_t)}const Kt=jt&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Mt="vsid",Ft="vrid";var Vt={default:"endpoint"},Ht="Blocked by CSP",Bt="The endpoint parameter is not a valid URL",zt="Failed to load the JS script of the agent",Zt="9319";function Gt(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===Ht||s===Bt)n.exclude(),i=0;else if(s===Zt)n.exclude();else if(s===zt){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],u=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(l).then((function(e){return[e,a]}))}var Wt="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",Xt=Wt;function Yt(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:Wt,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=l[0],d=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return Gt(e,Qt)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===Zt?new Error(zt):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function Qt(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(Bt);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(zt))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(Ht)})).then(en)}function en(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(Zt);return n}const tn=(e=!1)=>{const t=localStorage.getItem("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},nn=async(e,t=Kt)=>{try{if(tn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=Yt({apiKey:e,endpoint:[o.toString(),Vt],scriptUrlPattern:[i,Xt]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[Mt]:e,[Ft]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},on=e=>{const t=tn(!0);return t&&e.body&&(e.body.fpData=t),e},rn="descopeFlowNonce",sn="X-Descope-Flow-Nonce",an="/v1/flow/start",cn="/v1/flow/next",ln=(e,t=rn)=>`${t}${e}`,un=(e,t=rn)=>{try{const n=ln(e,t);localStorage.removeItem(n)}catch(e){console.error("Error removing flow nonce:",e)}},dn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},pn=e=>{var t;return e.path===cn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?dn(e.body.executionId):null},gn="dls_last_user_login_id",hn="dls_last_user_display_name",fn=()=>g(gn),vn=()=>g(hn),wn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=fn(),i=vn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},mn=e=>t=>async(...n)=>{const o=await t(...n);return e||(h(gn),h(hn)),o};function yn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const bn=e=>t=>async(...n)=>{const o=await t(...n);return Jt(e),o};async function kn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=xn(n.publicKey.challenge),n.publicKey.user.id=xn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=xn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Tn(o.rawId),type:o.type,response:{attestationObject:Tn(o.response.attestationObject),clientDataJSON:Tn(o.response.clientDataJSON)}});var o}async function In(e){const t=Un(e);return jn(await navigator.credentials.get(t))}async function On(e,t){const n=Un(e);n.signal=t.signal,n.mediation="conditional";return jn(await navigator.credentials.get(n))}async function Sn(e=!1){if(!jt)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function Un(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=xn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=xn(e.id)})),n}function jn(e){return JSON.stringify({id:e.id,rawId:Tn(e.rawId),type:e.type,response:{authenticatorData:Tn(e.response.authenticatorData),clientDataJSON:Tn(e.response.clientDataJSON),signature:Tn(e.response.signature),userHandle:e.response.userHandle?Tn(e.response.userHandle):void 0}})}function xn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Tn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Rn,Cn=(Rn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await kn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await In(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await kn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await In(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await kn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:kn,get:In,isSupported:Sn,conditional:On}}),(...e)=>{const t=Rn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const En={config:"/fedcm/config"},Pn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function _n(e,t){var n;try{await $n(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function $n(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Pn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Dn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Sn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let An;const Ln=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Ln(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const qn=async(e,t,n)=>{An||(An=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ln([Tt,Rt],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await An;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,s=(null==n?void 0:n.redirectUri)||window.location.href,a=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const u={authority:l,client_id:t,redirect_uri:s,response_type:"code",scope:a,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(u.scope=n.scope),{client:new o(u),stateUserKey:c}},Nn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await qn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),window.localStorage.setItem(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Nt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return window.localStorage.removeItem(r),t||window.location.replace(s),i}}},Jn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return jt?(o&&r&&nn(o).catch((()=>null)),e(c(i,{beforeRequest:on}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||"undefined"!=typeof window&&window.descopeBridge)return e(i);const{clearAllTimers:s,setTimer:a}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let u,d;jt&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&u&&new Date>u&&(St("Expiration time passed, refreshing session"),p.refresh(Lt()||d))}));const p=e(c(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i}=await l(t);if(401===(null==t?void 0:t.status))St("Received 401, canceling all timers"),s();else if(n||i){if(u=((e,t)=>{if(t)return new Date(1e3*t);St("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!u)return void St("Could not extract expiration time from session token");d=o;const e=Ct(u);if(s(),e<=2e4)return void St("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});St(`Setting refresh timer for ${t}. (${e}ms)`),a((()=>{St("Refreshing session due to timer"),p.refresh(Lt()||o)}),e)}}}));return de(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return St("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.1"},t.baseHeaders)}))),(e=>t=>{const n=yn(),o=yn(),r=yn(),i=e(c(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null);else{const e=await u(t);e&&r.pub(e);const{sessionJwt:i,sessionExpiration:s}=await l(t);i&&o.pub(i),(s||i)&&n.pub(s||42)}}})),s=de(i,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const i=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i}));return Object.assign(s,{onSessionTokenChange:o.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=rn}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=rn)=>{try{for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=localStorage.getItem(n);if(e)try{JSON.parse(e).expiry<Date.now()&&localStorage.removeItem(n)}catch(e){localStorage.removeItem(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return e(c(i,{afterRequest:async(e,t)=>{if(e.path!==an&&e.path!==cn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(sn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=pn(e)),{nonce:n,executionId:dn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=rn)=>{try{const r=ln(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};localStorage.setItem(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===an,r)}},beforeRequest:e=>{if(e.path===cn){const t=pn(e);if(t){const n=((e,t=rn)=>{try{const n=ln(e,t),o=localStorage.getItem(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(un(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[sn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:fn,getLastUserDisplayName:vn});const s=e(c(i,{afterRequest:async(e,t)=>{var n;const o=await u(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{p(gn,e)})(r),(e=>{p(hn,e)})(i))}}));let a=de(s,["flow.start"],wn);return a=de(a,["logout","logoutAll"],mn(r)),Object.assign(a,{getLastUserLoginId:fn,getLastUserDisplayName:vn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,storagePrefix:i}=n,s=t(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!o||!jt)return e(s);const a=e(c(s,{beforeRequest:(u=i,e=>Object.assign(e,{token:e.token||Lt(u)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||Jt(i):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&p(`${n}${$t}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;At(_t,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else p(`${n}${_t}`,r);e.idToken&&p(`${n}${Dt}`,e.idToken)})(await l(t),r,i)}}));var u;const d=de(a,["logout","logoutAll","oidc.logout"],bn(i));return Object.assign(d,{getRefreshToken:()=>Lt(i),getSessionToken:()=>qt(i),getIdToken:()=>Nt(i)})}))((e=>{const t=Ot(e),n=Nn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=qt(),s=Lt();let a="";if(e.getExternalToken)try{a=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){St("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:s?"t":"f"},a)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Dn(t),webauthn:Cn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){_n(o,e)},requestAuthentication(e){_n(o,e)}},async oneTap(e,t,n,r,i){await $n(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+En.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>jt&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+En.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Jn.REFRESH_TOKEN_KEY=$t,Jn.SESSION_TOKEN_KEY=_t,Jn}));
 //# sourceMappingURL=index.umd.js.map