@descope/web-js-sdk 1.33.4 → 1.33.6

package/dist/cjs/index.cjs.js

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),r=require("@fingerprintjs/fingerprintjs-pro");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=i(n),s=i(o);const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||r,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:a,cookieSecure:c}=n,l=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:i,secure:c})}}function D(e=""){return h(`${e}${x}`)||""}function R(e=""){return s.default.get(O)||h(`${e}${O}`)||""}function C(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),s.default.remove(O)}const E=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",A="vsid",J="vrid",$="fp",N=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},L=async(e,t=E)=>{try{if(N())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=r.load({apiKey:e,endpoint:[o.toString(),r.defaultEndpoint],scriptUrlPattern:[a,r.defaultScriptUrlPattern]}),c=await s,{requestId:l}=await c.get({linkedId:n}),d=((e,t)=>({[A]:e,[J]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},q=e=>{const t=N(!0);return t&&e.body&&(e.body.fpData=t),e},K="descopeFlowNonce",P="X-Descope-Flow-Nonce",F="/v1/flow/start",V="/v1/flow/next",M=(e,t=K)=>`${t}${e}`,W=(e,t=K)=>{try{const n=M(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},H=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},B=e=>{var t;return e.path===V&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?H(e.body.executionId):null},G="dls_last_user_login_id",X="dls_last_user_display_name",Z=()=>h(G),Y=()=>h(X),z=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Z(),i=Y();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Q=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(G),v(X)),o};function ee(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const te=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function ne(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),n.publicKey.user.id=ce(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:le(o.rawId),type:o.type,response:{attestationObject:le(o.response.attestationObject),clientDataJSON:le(o.response.clientDataJSON)}});var o}async function oe(e){const t=ae(e);return se(await navigator.credentials.get(t))}async function re(e,t){const n=ae(e);n.signal=t.signal,n.mediation="conditional";return se(await navigator.credentials.get(n))}async function ie(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ae(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}function se(e){return JSON.stringify({id:e.id,rawId:le(e.rawId),type:e.type,response:{authenticatorData:le(e.response.authenticatorData),clientDataJSON:le(e.response.clientDataJSON),signature:le(e.response.signature),userHandle:e.response.userHandle?le(e.response.userHandle):void 0}})}function ce(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function le(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var de,ue=(de=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await oe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await oe(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:ne,get:oe,isSupported:ie,conditional:re}}),(...e)=>{const t=de(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},ge=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function fe(e,t){var n;try{await we(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function we(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=ge(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),a.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var he=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ie(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ve=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const me=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),a=document.createElement("script");a.src=i,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{me(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const be=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return me([k,_],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},Se=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await be(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),a=await r.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(i,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(ve())return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await r.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||C(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:a}=i;return window.localStorage.removeItem(r),t||window.location.replace(a),i}}},ke=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:r}=n,i=e.__rest(n,["fpKey","fpLoad"]);return b?(o&&r&&L(o).catch((()=>null)),t(u(i,{beforeRequest:q}))):t(i)}),(o=>r=>{var{autoRefresh:i}=r,a=e.__rest(r,["autoRefresh"]);if(!i||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(D()||d))}));const g=o(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:r,sessionExpiration:i}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||i){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,i),!l)return void y("Could not extract expiration time from session token");d=r;const e=I(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(D()||r)}),e)}}}));return n.wrapWith(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.4"},t.baseHeaders)}))),(e=>t=>{const o=ee(),r=ee(),i=ee(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))r.pub(null),i.pub(null),o.pub(null);else{const e=await g(t);e&&i.pub(e);const{sessionJwt:n,sessionExpiration:a}=await p(t);n&&r.pub(n),(a||n)&&o.pub(a||42)}}})),s=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return r.pub(null),i.pub(null),o.pub(null),n}));return Object.assign(s,{onSessionTokenChange:r.sub,onUserChange:i.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=K}=n,i=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(i);((e=K)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return t(u(i,{afterRequest:async(e,t)=>{if(e.path!==F&&e.path!==V)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(P);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=B(e)),{nonce:n,executionId:H(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=K)=>{try{const r=M(e,o),i=n?172800:10800,a={value:t,expiry:Date.now()+1e3*i,isStart:n};w(r,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===F,r)}},beforeRequest:e=>{if(e.path===V){const t=B(e);if(t){const n=((e,t=K)=>{try{const n=M(e,t),o=h(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(W(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[P]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:r=!0,keepLastAuthenticatedUserAfterLogout:i=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!r)return Object.assign(t(a),{getLastUserLoginId:Z,getLastUserDisplayName:Y});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{w(G,e)})(r),(e=>{w(X,e)})(i))}}));let c=n.wrapWith(s,["flow.start"],z);return c=n.wrapWith(c,["logout","logoutAll"],Q(i)),Object.assign(c,{getLastUserLoginId:Z,getLastUserDisplayName:Y})}),(t=>o=>{var{persistTokens:r,sessionTokenViaCookie:i,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!r||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||D(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&w(`${n}${x}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;j(O,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else w(`${n}${O}`,r);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),i,a)}}));var l;const d=n.wrapWith(c,["logout","logoutAll","oidc.logout"],te(a));return Object.assign(d,{getRefreshToken:()=>D(a),getSessionToken:()=>R(a),getIdToken:()=>C(a)})}))((e=>{const t=a.default(e),n=Se(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=R(),a=D();let s="";if(e.getExternalToken)try{s=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:a?"t":"f"},s)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:he(t),webauthn:ue(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){fe(o,e)},requestAuthentication(e){fe(o,e)}},async oneTap(e,t,n,r,i){await we(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+pe.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));exports.REFRESH_TOKEN_KEY=x,exports.SESSION_TOKEN_KEY=O,exports.clearFingerprintData=()=>{localStorage.removeItem($)},exports.default=ke,exports.ensureFingerprintIds=L,exports.hasOidcParamsInUrl=ve;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),r=require("@fingerprintjs/fingerprintjs-pro");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=i(n),s=i(o);const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||r,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:a,cookieSecure:c}=n,l=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:i,secure:c})}}function D(e=""){return h(`${e}${x}`)||""}function R(e=""){return s.default.get(O)||h(`${e}${O}`)||""}function C(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),s.default.remove(O)}const E=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",A="vsid",J="vrid",$="fp",N=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},L=async(e,t=E)=>{try{if(N())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=r.load({apiKey:e,endpoint:[o.toString(),r.defaultEndpoint],scriptUrlPattern:[a,r.defaultScriptUrlPattern]}),c=await s,{requestId:l}=await c.get({linkedId:n}),d=((e,t)=>({[A]:e,[J]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},q=e=>{const t=N(!0);return t&&e.body&&(e.body.fpData=t),e},K="descopeFlowNonce",P="X-Descope-Flow-Nonce",F="/v1/flow/start",V="/v1/flow/next",M=(e,t=K)=>`${t}${e}`,W=(e,t=K)=>{try{const n=M(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},H=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},B=e=>{var t;return e.path===V&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?H(e.body.executionId):null},G="dls_last_user_login_id",X="dls_last_user_display_name",Z=()=>h(G),Y=()=>h(X),z=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Z(),i=Y();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Q=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(G),v(X)),o};function ee(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const te=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function ne(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),n.publicKey.user.id=ce(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:le(o.rawId),type:o.type,response:{attestationObject:le(o.response.attestationObject),clientDataJSON:le(o.response.clientDataJSON)}});var o}async function oe(e){const t=ae(e);return se(await navigator.credentials.get(t))}async function re(e,t){const n=ae(e);n.signal=t.signal,n.mediation="conditional";return se(await navigator.credentials.get(n))}async function ie(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ae(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}function se(e){return JSON.stringify({id:e.id,rawId:le(e.rawId),type:e.type,response:{authenticatorData:le(e.response.authenticatorData),clientDataJSON:le(e.response.clientDataJSON),signature:le(e.response.signature),userHandle:e.response.userHandle?le(e.response.userHandle):void 0}})}function ce(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function le(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var de,ue=(de=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await oe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await oe(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:ne,get:oe,isSupported:ie,conditional:re}}),(...e)=>{const t=de(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},ge=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function fe(e,t){var n;try{await we(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function we(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=ge(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),a.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var he=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ie(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ve=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const me=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),a=document.createElement("script");a.src=i,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{me(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const be=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return me([k,_],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},Se=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await be(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),a=await r.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(i,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(ve())return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await r.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||C(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:a}=i;return window.localStorage.removeItem(r),t||window.location.replace(a),i}}},ke=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:r}=n,i=e.__rest(n,["fpKey","fpLoad"]);return b?(o&&r&&L(o).catch((()=>null)),t(u(i,{beforeRequest:q}))):t(i)}),(o=>r=>{var{autoRefresh:i}=r,a=e.__rest(r,["autoRefresh"]);if(!i||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(D()||d))}));const g=o(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:r,sessionExpiration:i}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||i){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,i),!l)return void y("Could not extract expiration time from session token");d=r;const e=I(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(D()||r)}),e)}}}));return n.wrapWith(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.6"},t.baseHeaders)}))),(e=>t=>{const o=ee(),r=ee(),i=ee(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))r.pub(null),i.pub(null),o.pub(null);else{const e=await g(t);e&&i.pub(e);const{sessionJwt:n,sessionExpiration:a}=await p(t);n&&r.pub(n),(a||n)&&o.pub(a||42)}}})),s=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return r.pub(null),i.pub(null),o.pub(null),n}));return Object.assign(s,{onSessionTokenChange:r.sub,onUserChange:i.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=K}=n,i=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(i);((e=K)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return t(u(i,{afterRequest:async(e,t)=>{if(e.path!==F&&e.path!==V)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(P);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=B(e)),{nonce:n,executionId:H(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=K)=>{try{const r=M(e,o),i=n?172800:10800,a={value:t,expiry:Date.now()+1e3*i,isStart:n};w(r,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===F,r)}},beforeRequest:e=>{if(e.path===V){const t=B(e);if(t){const n=((e,t=K)=>{try{const n=M(e,t),o=h(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(W(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[P]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:r=!0,keepLastAuthenticatedUserAfterLogout:i=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!r)return Object.assign(t(a),{getLastUserLoginId:Z,getLastUserDisplayName:Y});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{w(G,e)})(r),(e=>{w(X,e)})(i))}}));let c=n.wrapWith(s,["flow.start"],z);return c=n.wrapWith(c,["logout","logoutAll"],Q(i)),Object.assign(c,{getLastUserLoginId:Z,getLastUserDisplayName:Y})}),(t=>o=>{var{persistTokens:r,sessionTokenViaCookie:i,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!r||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||D(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&w(`${n}${x}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;j(O,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else w(`${n}${O}`,r);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),i,a)}}));var l;const d=n.wrapWith(c,["logout","logoutAll","oidc.logout"],te(a));return Object.assign(d,{getRefreshToken:()=>D(a),getSessionToken:()=>R(a),getIdToken:()=>C(a)})}))((e=>{const t=a.default(e),n=Se(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=R(),a=D();let s="";if(e.getExternalToken)try{s=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:a?"t":"f"},s)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:he(t),webauthn:ue(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){fe(o,e)},requestAuthentication(e){fe(o,e)}},async oneTap(e,t,n,r,i){await we(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+pe.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));exports.REFRESH_TOKEN_KEY=x,exports.SESSION_TOKEN_KEY=O,exports.clearFingerprintData=()=>{localStorage.removeItem($)},exports.default=ke,exports.ensureFingerprintIds=L,exports.hasOidcParamsInUrl=ve;
 //# sourceMappingURL=index.cjs.js.map

package/dist/index.d.ts

@@ -656,7 +656,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     };
     outbound: {
         connect: (appId: string, options?: {
-            redirectURL?: string;
+            redirectUrl?: string;
             scopes?: string[];
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
@@ -1327,7 +1327,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     };
     outbound: {
         connect: (appId: string, options?: {
-            redirectURL?: string;
+            redirectUrl?: string;
             scopes?: string[];
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
@@ -1998,7 +1998,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     };
     outbound: {
         connect: (appId: string, options?: {
-            redirectURL?: string;
+            redirectUrl?: string;
             scopes?: string[];
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
@@ -2676,7 +2676,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     };
     outbound: {
         connect: (appId: string, options?: {
-            redirectURL?: string;
+            redirectUrl?: string;
             scopes?: string[];
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
@@ -3347,7 +3347,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     };
     outbound: {
         connect: (appId: string, options?: {
-            redirectURL?: string;
+            redirectUrl?: string;
             scopes?: string[];
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
@@ -4018,7 +4018,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     };
     outbound: {
         connect: (appId: string, options?: {
-            redirectURL?: string;
+            redirectUrl?: string;
             scopes?: string[];
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };

package/dist/index.esm.js

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";const c=e=>{try{return t(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:c}=n,l=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:a,secure:c})}}function C(e=""){return h(`${e}${x}`)||""}function D(e=""){return i.get(O)||h(`${e}${O}`)||""}function R(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),i.remove(O)}const A=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",E="vsid",J="vrid",$="fp",L=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},N=async(e,t=A)=>{try{if(L())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const c=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",l=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[c,s]}),d=await l,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[E]:e,[J]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},P=()=>{localStorage.removeItem($)},K=e=>{const t=L(!0);return t&&e.body&&(e.body.fpData=t),e},q="descopeFlowNonce",F="X-Descope-Flow-Nonce",V="/v1/flow/start",M="/v1/flow/next",H=(e,t=q)=>`${t}${e}`,B=(e,t=q)=>{try{const n=H(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},G=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},W=e=>{var t;return e.path===M&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?G(e.body.executionId):null},X="dls_last_user_login_id",Z="dls_last_user_display_name",z=()=>h(X),Q=()=>h(Z),Y=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=z(),r=Q();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ee=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(X),v(Z)),o};function te(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ne=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function oe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),n.publicKey.user.id=le(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:de(o.rawId),type:o.type,response:{attestationObject:de(o.response.attestationObject),clientDataJSON:de(o.response.clientDataJSON)}});var o}async function ie(e){const t=se(e);return ce(await navigator.credentials.get(t))}async function re(e,t){const n=se(e);n.signal=t.signal,n.mediation="conditional";return ce(await navigator.credentials.get(n))}async function ae(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function se(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}function ce(e){return JSON.stringify({id:e.id,rawId:de(e.rawId),type:e.type,response:{authenticatorData:de(e.response.authenticatorData),clientDataJSON:de(e.response.clientDataJSON),signature:de(e.response.signature),userHandle:e.response.userHandle?de(e.response.userHandle):void 0}})}function le(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function de(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ue,pe=(ue=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ie(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ie(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:oe,get:ie,isSupported:ae,conditional:re}}),(...e)=>{const t=ue(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ge={config:"/fedcm/config"},fe=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function we(e,t){var n;try{await he(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function he(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=fe(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ve=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ae(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ye=()=>window.location.search.includes("code")&&window.location.search.includes("state");let me;const be=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{be(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Se=async(e,t,n)=>{me||(me=(async()=>{try{return require("oidc-client-ts")}catch(e){return be([k,I],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await me;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${r}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},ke=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Se(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(ye())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||R(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return window.localStorage.removeItem(i),t||window.location.replace(a),r}}},Ie=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return b?(o&&i&&N(o).catch((()=>null)),t(u(r,{beforeRequest:K}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return n(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(C()||d))}));const g=n(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||r){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!l)return void y("Could not extract expiration time from session token");d=i;const e=_(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(C()||i)}),e)}}}));return o(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.4"},t.baseHeaders)}))),(e=>t=>{const n=te(),i=te(),r=te(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null);else{const e=await g(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a}=await p(t);o&&i.pub(o),(a||o)&&n.pub(a||42)}}})),s=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),o}));return Object.assign(s,{onSessionTokenChange:i.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=q}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=q)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(i);return t(u(r,{afterRequest:async(e,t)=>{if(e.path!==V&&e.path!==M)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(F);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=W(e)),{nonce:n,executionId:G(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=q)=>{try{const i=H(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};w(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===V,i)}},beforeRequest:e=>{if(e.path===M){const t=W(e);if(t){const n=((e,t=q)=>{try{const n=H(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(B(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[F]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:z,getLastUserDisplayName:Q});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{w(X,e)})(i),(e=>{w(Z,e)})(r))}}));let c=o(s,["flow.start"],Y);return c=o(c,["logout","logoutAll"],ee(r)),Object.assign(c,{getLastUserLoginId:z,getLastUserDisplayName:Q})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||C(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&w(`${n}${x}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;j(O,i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else w(`${n}${O}`,i);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),r,a)}}));var l;const d=o(c,["logout","logoutAll","oidc.logout"],ne(a));return Object.assign(d,{getRefreshToken:()=>C(a),getSessionToken:()=>D(a),getIdToken:()=>R(a)})}))((e=>{const t=n(e),o=ke(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async n=>{var i;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const r=D(),a=C();let s="";if(e.getExternalToken)try{s=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:r?"t":"f",dcr:a?"t":"f"},s)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:ve(t),webauthn:pe(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){we(i,e)},requestAuthentication(e){we(i,e)}},async oneTap(e,t,n,o,r){await he(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ge.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ge.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{x as REFRESH_TOKEN_KEY,O as SESSION_TOKEN_KEY,P as clearFingerprintData,Ie as default,N as ensureFingerprintIds,ye as hasOidcParamsInUrl};
+import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";const c=e=>{try{return t(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:c}=n,l=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:a,secure:c})}}function C(e=""){return h(`${e}${x}`)||""}function D(e=""){return i.get(O)||h(`${e}${O}`)||""}function R(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),i.remove(O)}const A=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",E="vsid",J="vrid",$="fp",L=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},N=async(e,t=A)=>{try{if(L())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const c=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",l=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[c,s]}),d=await l,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[E]:e,[J]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},P=()=>{localStorage.removeItem($)},K=e=>{const t=L(!0);return t&&e.body&&(e.body.fpData=t),e},q="descopeFlowNonce",F="X-Descope-Flow-Nonce",V="/v1/flow/start",M="/v1/flow/next",H=(e,t=q)=>`${t}${e}`,B=(e,t=q)=>{try{const n=H(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},G=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},W=e=>{var t;return e.path===M&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?G(e.body.executionId):null},X="dls_last_user_login_id",Z="dls_last_user_display_name",z=()=>h(X),Q=()=>h(Z),Y=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=z(),r=Q();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ee=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(X),v(Z)),o};function te(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ne=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function oe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),n.publicKey.user.id=le(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:de(o.rawId),type:o.type,response:{attestationObject:de(o.response.attestationObject),clientDataJSON:de(o.response.clientDataJSON)}});var o}async function ie(e){const t=se(e);return ce(await navigator.credentials.get(t))}async function re(e,t){const n=se(e);n.signal=t.signal,n.mediation="conditional";return ce(await navigator.credentials.get(n))}async function ae(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function se(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}function ce(e){return JSON.stringify({id:e.id,rawId:de(e.rawId),type:e.type,response:{authenticatorData:de(e.response.authenticatorData),clientDataJSON:de(e.response.clientDataJSON),signature:de(e.response.signature),userHandle:e.response.userHandle?de(e.response.userHandle):void 0}})}function le(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function de(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ue,pe=(ue=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ie(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ie(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:oe,get:ie,isSupported:ae,conditional:re}}),(...e)=>{const t=ue(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ge={config:"/fedcm/config"},fe=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function we(e,t){var n;try{await he(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function he(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=fe(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ve=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ae(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ye=()=>window.location.search.includes("code")&&window.location.search.includes("state");let me;const be=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{be(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Se=async(e,t,n)=>{me||(me=(async()=>{try{return require("oidc-client-ts")}catch(e){return be([k,I],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await me;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${r}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},ke=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Se(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(ye())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||R(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return window.localStorage.removeItem(i),t||window.location.replace(a),r}}},Ie=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return b?(o&&i&&N(o).catch((()=>null)),t(u(r,{beforeRequest:K}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return n(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(C()||d))}));const g=n(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||r){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!l)return void y("Could not extract expiration time from session token");d=i;const e=_(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(C()||i)}),e)}}}));return o(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.6"},t.baseHeaders)}))),(e=>t=>{const n=te(),i=te(),r=te(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null);else{const e=await g(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a}=await p(t);o&&i.pub(o),(a||o)&&n.pub(a||42)}}})),s=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),o}));return Object.assign(s,{onSessionTokenChange:i.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=q}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=q)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(i);return t(u(r,{afterRequest:async(e,t)=>{if(e.path!==V&&e.path!==M)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(F);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=W(e)),{nonce:n,executionId:G(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=q)=>{try{const i=H(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};w(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===V,i)}},beforeRequest:e=>{if(e.path===M){const t=W(e);if(t){const n=((e,t=q)=>{try{const n=H(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(B(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[F]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:z,getLastUserDisplayName:Q});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{w(X,e)})(i),(e=>{w(Z,e)})(r))}}));let c=o(s,["flow.start"],Y);return c=o(c,["logout","logoutAll"],ee(r)),Object.assign(c,{getLastUserLoginId:z,getLastUserDisplayName:Q})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||C(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&w(`${n}${x}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;j(O,i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else w(`${n}${O}`,i);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),r,a)}}));var l;const d=o(c,["logout","logoutAll","oidc.logout"],ne(a));return Object.assign(d,{getRefreshToken:()=>C(a),getSessionToken:()=>D(a),getIdToken:()=>R(a)})}))((e=>{const t=n(e),o=ke(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async n=>{var i;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const r=D(),a=C();let s="";if(e.getExternalToken)try{s=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:r?"t":"f",dcr:a?"t":"f"},s)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:ve(t),webauthn:pe(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){we(i,e)},requestAuthentication(e){we(i,e)}},async oneTap(e,t,n,o,r){await he(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ge.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ge.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{x as REFRESH_TOKEN_KEY,O as SESSION_TOKEN_KEY,P as clearFingerprintData,Ie as default,N as ensureFingerprintIds,ye as hasOidcParamsInUrl};
 //# sourceMappingURL=index.esm.js.map

package/dist/index.umd.js

@@ -1,4 +1,4 @@
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i=e=>{try{return r(e).exp}catch(e){return null}},s=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:i(n)},a=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?i(o):void 0)},c=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},l=async e=>{if(!(null==e?void 0:e.ok))return{};const n=await(null==e?void 0:e.clone().json());return(e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,c=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||a(e),cookieExpiration:e.cookieExpiration||s(e)},c)})((null==n?void 0:n.authInfo)||n||{})},u=async e=>{const t=await l(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},d="undefined"!=typeof localStorage,p=(e,t)=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),g=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),h=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e));var f={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const v="<region>",w=`https://api.${v}descope.com`,m=6e5,y="dct",b=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}};let k;const I=()=>{if(k)return k;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return k=`${t}-${n}`,k};var O,S;(S=O||(O={})).get="GET",S.delete="DELETE",S.post="POST",S.put="PUT",S.patch="PATCH";const j=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(v,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},U=(...e)=>new Headers(e.reduce(((e,t)=>{const n=(e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t);return n.reduce(((t,[n,o])=>(e[n]=o,e)),e),e}),{})),x={"Content-Type":"application/json"},T=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},R=(e,t)=>{const n={"x-descope-sdk-session-id":I(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.44.3","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},C=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e},E=({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=((e,t)=>{const n=(e=>async(...t)=>{const n=await e(...t),o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n})(t||fetch);return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>b().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await n(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return b().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).build()})(o)),o}:n})(r,a),l=async r=>{var a;const l=(null==i?void 0:i.beforeRequest)?i.beforeRequest(r):r,{path:u,body:d,headers:p,queryParams:g,method:h,token:f}=l,v=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:U(T(t,f),R(t,o),(null==n?void 0:n.baseHeaders)||{},C(v)?x:{},p),method:h,body:v};null!==s&&(w.credentials=s||"include");const m=await c(j({path:u,baseUrl:e,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(r,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(a=m.headers)||void 0===a?void 0:a.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:O.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:O.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:O.delete,token:o}),hooks:i,buildUrl:(n,o)=>j({projectId:t,baseUrl:e,path:n,queryParams:o})}};var P=429;function _(e,t,n){var o;let r=$(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[y])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function $(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function D(e){const{exp:t}=$(e);return(new Date).getTime()/1e3>t}function A(e){let t=$(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function L(e,t){return _(e,t,"permissions")}function q(e,t){return _(e,t,"roles")}const N=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function J(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===P&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function K(e){var t;return(null===(t=$(e))||void 0===t?void 0:t[y])||""}const M=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),F=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},H=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),V=e=>t=>e.test(t),B=V(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),z=V(/^\+[1-9]{1}[0-9]{3,14}$/),Z=M(B,'"{val}" is not a valid email'),G=M(z,'"{val}" is not a valid phone number'),W=M((e=>e.length>=1),"Minimum length is 1");const X=M((e=>"string"==typeof e),"Input is not a string"),Y=M((e=>Array.isArray(e)),"Input is not an array"),Q=M((e=>"boolean"==typeof e),"Input is not a boolean"),ee=M((e=>void 0===e),"Input is defined"),te=F([X(),ee()],"Input is not a string or undefined"),ne=F([Y(),Q()],"Input is not an array or boolean"),oe=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>H(...e).validate(n[t]))),t(...n)),re=e=>[X(`"${e}" must be a string`)],ie=e=>[te(`"${e}" must be string or undefined`)],se=e=>[X(`"${e}" must be a string`),W(`"${e}" must not be empty`)],ae=e=>[X(`"${e}" must be a string`),Z()],ce=e=>[X(`"${e}" must be a string`),G()],le=oe(se("accessKey")),ue=e=>({exchange:le(((t,n)=>J(e.post(f.accessKey.exchange,{loginOptions:n},{token:t}))))}),de=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),pe=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||m,m)});var ge,he;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp"}(ge||(ge={})),function(e){e.email="email"}(he||(he={}));const fe=Object.assign(Object.assign({},ge),he);var ve;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(ve||(ve={}));const we=se("loginId"),me=oe(se("token")),ye=oe(we),be=oe(se("pendingRef")),ke=oe(we,ae("email")),Ie=e=>({verify:me((t=>J(e.post(f.enchantedLink.verify,{token:t})))),signIn:ye(((t,n,o,r)=>J(e.post(N(f.enchantedLink.signIn,fe.email),{loginId:t,URI:n,loginOptions:o},{token:r})))),signUpOrIn:ye(((t,n,o)=>J(e.post(N(f.enchantedLink.signUpOrIn,fe.email),{loginId:t,URI:n,loginOptions:o})))),signUp:ye(((t,n,o,r)=>J(e.post(N(f.enchantedLink.signUp,fe.email),{loginId:t,URI:n,user:o,loginOptions:r})))),waitForSession:be(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=pe(n);let s;const a=setInterval((async()=>{const n=await e.post(f.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(J(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:ke(((t,n,o,r,i)=>J(e.post(f.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Oe=oe(se("flowId")),Se=oe(se("executionId"),se("stepId"),se("interactionId")),je=e=>({start:Oe(((t,n,o,r,i,s,a)=>J(e.post(f.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a})))),next:Se(((t,n,o,r,i,s)=>J(e.post(f.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s}))))}),Ue=se("loginId"),xe=oe(se("token")),Te=oe(Ue),Re=oe(Ue,ce("phone")),Ce=oe(Ue,ae("email")),Ee=Object.keys(fe).filter((e=>e!==ge.voice)),Pe=e=>({verify:xe((t=>J(e.post(f.magicLink.verify,{token:t})))),signIn:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r,i)=>J(e.post(N(f.magicLink.signIn,n),{loginId:t,URI:o,loginOptions:r},{token:i}))))})),{}),signUp:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r,i)=>J(e.post(N(f.magicLink.signUp,n),{loginId:t,URI:o,user:r,loginOptions:i}))))})),{}),signUpOrIn:Ee.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Te(((t,o,r)=>J(e.post(N(f.magicLink.signUpOrIn,n),{loginId:t,URI:o,loginOptions:r}))))})),{}),update:{email:Ce(((t,n,o,r,i)=>J(e.post(f.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(ge).filter((e=>e!==ge.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Re(((t,o,r,i,s)=>J(e.post(N(f.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var _e;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(_e||(_e={}));const $e=oe(se("code")),De=e=>({start:Object.assign(((t,n,o,r,i)=>J(e.post(f.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(_e).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>J(e.post(f.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:$e((t=>J(e.post(f.oauth.exchange,{code:t})))),startNative:(t,n,o)=>J(e.post(f.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>J(e.post(f.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>J(e.get(f.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>J(e.post(f.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>J(e.post(f.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Ae=se("appId"),Le=oe(Ae),qe=e=>({connect:Le(((t,n,o)=>J(e.post(f.outbound.connect,{appId:t,options:n},{token:o}))))}),Ne=se("loginId"),Je=oe(Ne,se("code")),Ke=oe(Ne),Me=oe(Ne,ce("phone")),Fe=oe(Ne,ae("email")),He=e=>({verify:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Je(((t,o)=>J(e.post(N(f.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o,r)=>J(e.post(N(f.otp.signIn,n),{loginId:t,loginOptions:o},{token:r}))))})),{}),signUp:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o,r)=>J(e.post(N(f.otp.signUp,n),{loginId:t,user:o,loginOptions:r}))))})),{}),signUpOrIn:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ke(((t,o)=>J(e.post(N(f.otp.signUpOrIn,n),{loginId:t,loginOptions:o}))))})),{}),update:{email:Fe(((t,n,o,r)=>J(e.post(f.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(ge).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Me(((t,o,r,i)=>J(e.post(N(f.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),Ve=oe(se("tenant")),Be=oe(se("code")),ze=e=>({start:Ve(((t,n,o,r,i)=>J(e.post(f.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i})},r&&{token:r}))))),exchange:Be((t=>J(e.post(f.saml.exchange,{code:t}))))}),Ze=se("loginId"),Ge=oe(Ze,se("code")),We=oe(Ze),Xe=oe(Ze),Ye=e=>({signUp:We(((t,n)=>J(e.post(f.totp.signUp,{loginId:t,user:n})))),verify:Ge(((t,n,o,r)=>J(e.post(f.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:Xe(((t,n)=>J(e.post(f.totp.update,{loginId:t},{token:n}))))}),Qe=se("loginId"),et=se("newPassword"),tt=oe(Qe,se("password")),nt=oe(Qe),ot=oe(Qe,et),rt=oe(Qe,se("oldPassword"),et),it=e=>({signUp:tt(((t,n,o,r)=>J(e.post(f.password.signUp,{loginId:t,password:n,user:o,loginOptions:r})))),signIn:tt(((t,n,o)=>J(e.post(f.password.signIn,{loginId:t,password:n,loginOptions:o})))),sendReset:nt(((t,n,o)=>J(e.post(f.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:ot(((t,n,o)=>J(e.post(f.password.update,{loginId:t,newPassword:n},{token:o})))),replace:rt(((t,n,o)=>J(e.post(f.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>J(e.get(f.password.policy))}),st=re("loginId"),at=se("loginId"),ct=se("origin"),lt=oe(at,ct,se("name")),ut=oe(at,ct),dt=oe(st,ct),pt=oe(at,ct,ie("token")),gt=oe(se("transactionId"),se("response")),ht=e=>({signUp:{start:lt(((t,n,o,r)=>J(e.post(f.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:gt(((t,n)=>J(e.post(f.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:dt(((t,n,o,r,i)=>J(e.post(f.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:gt(((t,n)=>J(e.post(f.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:ut(((t,n,o)=>J(e.post(f.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:pt(((t,n,o,r)=>J(e.post(f.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:gt(((t,n)=>J(e.post(f.webauthn.update.finish,{transactionId:t,response:n}))))}}),ft=re("loginId"),vt=oe(ft),wt=oe(se("pendingRef")),mt=e=>({signUpOrIn:vt(((t,n)=>J(e.post(f.notp.signUpOrIn,{loginId:t,loginOptions:n})))),signUp:vt(((t,n,o)=>J(e.post(f.notp.signUp,{loginId:t,user:n,loginOptions:o})))),signIn:vt(((t,n,o)=>J(e.post(f.notp.signIn,{loginId:t,loginOptions:n},{token:o})))),waitForSession:wt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=pe(n);let s;const a=setInterval((async()=>{const n=await e.post(f.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(J(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),yt=oe(se("token")),bt=oe(ie("token"));var kt,It=oe([(kt=se("projectId"),M(((e,t)=>n=>H(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",kt))())])((e=>t=>{var n;return e(Object.assign(Object.assign({},t),{hooks:{beforeRequest:e=>{var n;const o=[].concat((null===(n=t.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),e)},afterRequest:async(e,n)=>{var o;const r=[].concat((null===(o=t.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((t=>t(e,null==n?void 0:n.clone()))))).forEach((e=>{var n;return"rejected"===e.status&&(null===(n=t.logger)||void 0===n?void 0:n.error(e.reason))}))},transformResponse:null===(n=t.hooks)||void 0===n?void 0:n.transformResponse}}))})((({projectId:e,logger:t,baseUrl:n,hooks:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a})=>{return c=E({baseUrl:n||w,projectId:e,logger:t,hooks:o,cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:ue(c),otp:He(c),magicLink:Pe(c),enchantedLink:Ie(c),oauth:De(c),outbound:qe(c),saml:ze(c),totp:Ye(c),notp:mt(c),webauthn:ht(c),password:it(c),flow:je(c),refresh:bt(((e,t,n)=>{const o={};return n&&(o.externalToken=n),J(c.post(f.refresh,o,{token:e,queryParams:t}))})),selectTenant:oe([X("tenantId")],[te('"token" must be string or undefined')])(((e,t)=>J(c.post(f.selectTenant,{tenant:e},{token:t})))),logout:bt((e=>J(c.post(f.logout,{},{token:e})))),logoutAll:bt((e=>J(c.post(f.logoutAll,{},{token:e})))),me:bt((e=>J(c.get(f.me,{token:e})))),myTenants:oe([ne('"tenants" must a string array or a boolean')],[te('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,J(c.post(f.myTenants,n,{token:t}))})),history:bt((e=>J(c.get(f.history,{token:e})))),isJwtExpired:yt(D),getTenants:yt(A),getJwtPermissions:yt(L),getJwtRoles:yt(q),getCurrentTenant:yt(K),httpClient:c};var c}))),Ot=Object.assign(It,{DeliveryMethods:fe});const St=(...e)=>{console.debug(...e)},jt="3.2.0",Ut="undefined"!=typeof window,xt=Math.pow(2,31)-1,Tt=`https://descopecdn.com/npm/oidc-client-ts@${jt}/dist/browser/oidc-client-ts.min.js`,Rt=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${jt}/dist/browser/oidc-client-ts.min.js`,Ct=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>xt&&(St(`Timeout is too large (${t}ms), setting it to ${xt}ms`),t=xt),t};
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i=e=>{try{return r(e).exp}catch(e){return null}},s=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:i(n)},a=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?i(o):void 0)},c=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},l=async e=>{if(!(null==e?void 0:e.ok))return{};const n=await(null==e?void 0:e.clone().json());return(e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,c=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||a(e),cookieExpiration:e.cookieExpiration||s(e)},c)})((null==n?void 0:n.authInfo)||n||{})},u=async e=>{const t=await l(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},d="undefined"!=typeof localStorage,p=(e,t)=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),g=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),h=e=>d&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e));var f={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const v="<region>",w=`https://api.${v}descope.com`,m=6e5,y="dct",b=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},k=[521,524],I=e=>async(...t)=>{let n=await e(...t);k.includes(n.status)&&(n=await e(...t),n.retries=1);const o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n};let O;const S=()=>{if(O)return O;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return O=`${t}-${n}`,O};var j,U;(U=j||(j={})).get="GET",U.delete="DELETE",U.post="POST",U.put="PUT",U.patch="PATCH";const x=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(v,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},T=(...e)=>new Headers(e.reduce(((e,t)=>{const n=(e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t);return n.reduce(((t,[n,o])=>(e[n]=o,e)),e),e}),{})),R={"Content-Type":"application/json"},C=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},E=(e,t)=>{const n={"x-descope-sdk-session-id":S(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.44.5","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},P=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e},_=({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=((e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>b().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await I(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return b().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:I(n)})(r,a),l=async r=>{var a;const l=(null==i?void 0:i.beforeRequest)?i.beforeRequest(r):r,{path:u,body:d,headers:p,queryParams:g,method:h,token:f}=l,v=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:T(C(t,f),E(t,o),(null==n?void 0:n.baseHeaders)||{},P(v)?R:{},p),method:h,body:v};null!==s&&(w.credentials=s||"include");const m=await c(x({path:u,baseUrl:e,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(r,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(a=m.headers)||void 0===a?void 0:a.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:j.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:j.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:j.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>l({path:e,headers:n,queryParams:o,body:t,method:j.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>l({path:e,headers:t,queryParams:n,body:void 0,method:j.delete,token:o}),hooks:i,buildUrl:(n,o)=>x({projectId:t,baseUrl:e,path:n,queryParams:o})}};var $=429;function D(e,t,n){var o;let r=A(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[y])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function A(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function L(e){const{exp:t}=A(e);return(new Date).getTime()/1e3>t}function q(e){let t=A(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function N(e,t){return D(e,t,"permissions")}function J(e,t){return D(e,t,"roles")}const K=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function M(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===$&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function F(e){var t;return(null===(t=A(e))||void 0===t?void 0:t[y])||""}const H=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),V=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},B=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),z=e=>t=>e.test(t),Z=z(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),G=z(/^\+[1-9]{1}[0-9]{3,14}$/),W=H(Z,'"{val}" is not a valid email'),X=H(G,'"{val}" is not a valid phone number'),Y=H((e=>e.length>=1),"Minimum length is 1");const Q=H((e=>"string"==typeof e),"Input is not a string"),ee=H((e=>Array.isArray(e)),"Input is not an array"),te=H((e=>"boolean"==typeof e),"Input is not a boolean"),ne=H((e=>void 0===e),"Input is defined"),oe=V([Q(),ne()],"Input is not a string or undefined"),re=V([ee(),te()],"Input is not an array or boolean"),ie=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>B(...e).validate(n[t]))),t(...n)),se=e=>[Q(`"${e}" must be a string`)],ae=e=>[oe(`"${e}" must be string or undefined`)],ce=e=>[Q(`"${e}" must be a string`),Y(`"${e}" must not be empty`)],le=e=>[Q(`"${e}" must be a string`),W()],ue=e=>[Q(`"${e}" must be a string`),X()],de=ie(ce("accessKey")),pe=e=>({exchange:de(((t,n)=>M(e.post(f.accessKey.exchange,{loginOptions:n},{token:t}))))}),ge=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),he=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||m,m)});var fe,ve;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp"}(fe||(fe={})),function(e){e.email="email"}(ve||(ve={}));const we=Object.assign(Object.assign({},fe),ve);var me;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(me||(me={}));const ye=ce("loginId"),be=ie(ce("token")),ke=ie(ye),Ie=ie(ce("pendingRef")),Oe=ie(ye,le("email")),Se=e=>({verify:be((t=>M(e.post(f.enchantedLink.verify,{token:t})))),signIn:ke(((t,n,o,r)=>M(e.post(K(f.enchantedLink.signIn,we.email),{loginId:t,URI:n,loginOptions:o},{token:r})))),signUpOrIn:ke(((t,n,o)=>M(e.post(K(f.enchantedLink.signUpOrIn,we.email),{loginId:t,URI:n,loginOptions:o})))),signUp:ke(((t,n,o,r)=>M(e.post(K(f.enchantedLink.signUp,we.email),{loginId:t,URI:n,user:o,loginOptions:r})))),waitForSession:Ie(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=he(n);let s;const a=setInterval((async()=>{const n=await e.post(f.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(M(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:Oe(((t,n,o,r,i)=>M(e.post(f.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),je=ie(ce("flowId")),Ue=ie(ce("executionId"),ce("stepId"),ce("interactionId")),xe=e=>({start:je(((t,n,o,r,i,s,a)=>M(e.post(f.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a})))),next:Ue(((t,n,o,r,i,s)=>M(e.post(f.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s}))))}),Te=ce("loginId"),Re=ie(ce("token")),Ce=ie(Te),Ee=ie(Te,ue("phone")),Pe=ie(Te,le("email")),_e=Object.keys(we).filter((e=>e!==fe.voice)),$e=e=>({verify:Re((t=>M(e.post(f.magicLink.verify,{token:t})))),signIn:_e.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ce(((t,o,r,i)=>M(e.post(K(f.magicLink.signIn,n),{loginId:t,URI:o,loginOptions:r},{token:i}))))})),{}),signUp:_e.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ce(((t,o,r,i)=>M(e.post(K(f.magicLink.signUp,n),{loginId:t,URI:o,user:r,loginOptions:i}))))})),{}),signUpOrIn:_e.reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ce(((t,o,r)=>M(e.post(K(f.magicLink.signUpOrIn,n),{loginId:t,URI:o,loginOptions:r}))))})),{}),update:{email:Pe(((t,n,o,r,i)=>M(e.post(f.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(fe).filter((e=>e!==fe.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ee(((t,o,r,i,s)=>M(e.post(K(f.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var De;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(De||(De={}));const Ae=ie(ce("code")),Le=e=>({start:Object.assign(((t,n,o,r,i)=>M(e.post(f.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(De).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>M(e.post(f.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:Ae((t=>M(e.post(f.oauth.exchange,{code:t})))),startNative:(t,n,o)=>M(e.post(f.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>M(e.post(f.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>M(e.get(f.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>M(e.post(f.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>M(e.post(f.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),qe=ce("appId"),Ne=ie(qe),Je=e=>({connect:Ne(((t,n,o)=>M(e.post(f.outbound.connect,{appId:t,options:n},{token:o}))))}),Ke=ce("loginId"),Me=ie(Ke,ce("code")),Fe=ie(Ke),He=ie(Ke,ue("phone")),Ve=ie(Ke,le("email")),Be=e=>({verify:Object.keys(we).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Me(((t,o)=>M(e.post(K(f.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(we).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Fe(((t,o,r)=>M(e.post(K(f.otp.signIn,n),{loginId:t,loginOptions:o},{token:r}))))})),{}),signUp:Object.keys(we).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Fe(((t,o,r)=>M(e.post(K(f.otp.signUp,n),{loginId:t,user:o,loginOptions:r}))))})),{}),signUpOrIn:Object.keys(we).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Fe(((t,o)=>M(e.post(K(f.otp.signUpOrIn,n),{loginId:t,loginOptions:o}))))})),{}),update:{email:Ve(((t,n,o,r)=>M(e.post(f.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(fe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:He(((t,o,r,i)=>M(e.post(K(f.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),ze=ie(ce("tenant")),Ze=ie(ce("code")),Ge=e=>({start:ze(((t,n,o,r,i)=>M(e.post(f.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i})},r&&{token:r}))))),exchange:Ze((t=>M(e.post(f.saml.exchange,{code:t}))))}),We=ce("loginId"),Xe=ie(We,ce("code")),Ye=ie(We),Qe=ie(We),et=e=>({signUp:Ye(((t,n)=>M(e.post(f.totp.signUp,{loginId:t,user:n})))),verify:Xe(((t,n,o,r)=>M(e.post(f.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:Qe(((t,n)=>M(e.post(f.totp.update,{loginId:t},{token:n}))))}),tt=ce("loginId"),nt=ce("newPassword"),ot=ie(tt,ce("password")),rt=ie(tt),it=ie(tt,nt),st=ie(tt,ce("oldPassword"),nt),at=e=>({signUp:ot(((t,n,o,r)=>M(e.post(f.password.signUp,{loginId:t,password:n,user:o,loginOptions:r})))),signIn:ot(((t,n,o)=>M(e.post(f.password.signIn,{loginId:t,password:n,loginOptions:o})))),sendReset:rt(((t,n,o)=>M(e.post(f.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:it(((t,n,o)=>M(e.post(f.password.update,{loginId:t,newPassword:n},{token:o})))),replace:st(((t,n,o)=>M(e.post(f.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>M(e.get(f.password.policy))}),ct=se("loginId"),lt=ce("loginId"),ut=ce("origin"),dt=ie(lt,ut,ce("name")),pt=ie(lt,ut),gt=ie(ct,ut),ht=ie(lt,ut,ae("token")),ft=ie(ce("transactionId"),ce("response")),vt=e=>({signUp:{start:dt(((t,n,o,r)=>M(e.post(f.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:ft(((t,n)=>M(e.post(f.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:gt(((t,n,o,r,i)=>M(e.post(f.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:ft(((t,n)=>M(e.post(f.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:pt(((t,n,o)=>M(e.post(f.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:ht(((t,n,o,r)=>M(e.post(f.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:ft(((t,n)=>M(e.post(f.webauthn.update.finish,{transactionId:t,response:n}))))}}),wt=se("loginId"),mt=ie(wt),yt=ie(ce("pendingRef")),bt=e=>({signUpOrIn:mt(((t,n)=>M(e.post(f.notp.signUpOrIn,{loginId:t,loginOptions:n})))),signUp:mt(((t,n,o)=>M(e.post(f.notp.signUp,{loginId:t,user:n,loginOptions:o})))),signIn:mt(((t,n,o)=>M(e.post(f.notp.signIn,{loginId:t,loginOptions:n},{token:o})))),waitForSession:yt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=he(n);let s;const a=setInterval((async()=>{const n=await e.post(f.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(M(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),kt=ie(ce("token")),It=ie(ae("token"));var Ot,St=ie([(Ot=ce("projectId"),H(((e,t)=>n=>B(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",Ot))())])((e=>t=>{var n;return e(Object.assign(Object.assign({},t),{hooks:{beforeRequest:e=>{var n;const o=[].concat((null===(n=t.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),e)},afterRequest:async(e,n)=>{var o;const r=[].concat((null===(o=t.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((t=>t(e,null==n?void 0:n.clone()))))).forEach((e=>{var n;return"rejected"===e.status&&(null===(n=t.logger)||void 0===n?void 0:n.error(e.reason))}))},transformResponse:null===(n=t.hooks)||void 0===n?void 0:n.transformResponse}}))})((({projectId:e,logger:t,baseUrl:n,hooks:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a})=>{return c=_({baseUrl:n||w,projectId:e,logger:t,hooks:o,cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:pe(c),otp:Be(c),magicLink:$e(c),enchantedLink:Se(c),oauth:Le(c),outbound:Je(c),saml:Ge(c),totp:et(c),notp:bt(c),webauthn:vt(c),password:at(c),flow:xe(c),refresh:It(((e,t,n)=>{const o={};return n&&(o.externalToken=n),M(c.post(f.refresh,o,{token:e,queryParams:t}))})),selectTenant:ie([Q("tenantId")],[oe('"token" must be string or undefined')])(((e,t)=>M(c.post(f.selectTenant,{tenant:e},{token:t})))),logout:It((e=>M(c.post(f.logout,{},{token:e})))),logoutAll:It((e=>M(c.post(f.logoutAll,{},{token:e})))),me:It((e=>M(c.get(f.me,{token:e})))),myTenants:ie([re('"tenants" must a string array or a boolean')],[oe('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,M(c.post(f.myTenants,n,{token:t}))})),history:It((e=>M(c.get(f.history,{token:e})))),isJwtExpired:kt(L),getTenants:kt(q),getJwtPermissions:kt(N),getJwtRoles:kt(J),getCurrentTenant:kt(F),httpClient:c};var c}))),jt=Object.assign(St,{DeliveryMethods:we});const Ut=(...e)=>{console.debug(...e)},xt="3.2.0",Tt="undefined"!=typeof window,Rt=Math.pow(2,31)-1,Ct=`https://descopecdn.com/npm/oidc-client-ts@${xt}/dist/browser/oidc-client-ts.min.js`,Et=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${xt}/dist/browser/oidc-client-ts.min.js`,Pt=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>Rt&&(Ut(`Timeout is too large (${t}ms), setting it to ${Rt}ms`),t=Rt),t};
 /*! js-cookie v3.0.5 | MIT */
-function Et(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var Pt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Et({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Et({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Et({},this.attributes,t))},withConverter:function(t){return e(Et({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const _t="DS",$t="DSR",Dt="DSI";function At(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);Pt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Lt(e=""){return g(`${e}${$t}`)||""}function qt(e=""){return Pt.get(_t)||g(`${e}${_t}`)||""}function Nt(e=""){return g(`${e}${Dt}`)||""}function Jt(e=""){h(`${e}${$t}`),h(`${e}${_t}`),h(`${e}${Dt}`),Pt.remove(_t)}const Kt=Ut&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Mt="vsid",Ft="vrid";var Ht={default:"endpoint"},Vt="Blocked by CSP",Bt="The endpoint parameter is not a valid URL",zt="Failed to load the JS script of the agent",Zt="9319";function Gt(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===Vt||s===Bt)n.exclude(),i=0;else if(s===Zt)n.exclude();else if(s===zt){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],u=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(l).then((function(e){return[e,a]}))}var Wt="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",Xt=Wt;function Yt(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:Wt,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=l[0],d=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return Gt(e,Qt)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===Zt?new Error(zt):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function Qt(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(Bt);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(zt))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(Vt)})).then(en)}function en(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(Zt);return n}const tn=(e=!1)=>{const t=localStorage.getItem("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},nn=async(e,t=Kt)=>{try{if(tn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=Yt({apiKey:e,endpoint:[o.toString(),Ht],scriptUrlPattern:[i,Xt]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[Mt]:e,[Ft]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},on=e=>{const t=tn(!0);return t&&e.body&&(e.body.fpData=t),e},rn="descopeFlowNonce",sn="X-Descope-Flow-Nonce",an="/v1/flow/start",cn="/v1/flow/next",ln=(e,t=rn)=>`${t}${e}`,un=(e,t=rn)=>{try{const n=ln(e,t);h(n)}catch(e){console.error("Error removing flow nonce:",e)}},dn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},pn=e=>{var t;return e.path===cn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?dn(e.body.executionId):null},gn="dls_last_user_login_id",hn="dls_last_user_display_name",fn=()=>g(gn),vn=()=>g(hn),wn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=fn(),i=vn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},mn=e=>t=>async(...n)=>{const o=await t(...n);return e||(h(gn),h(hn)),o};function yn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const bn=e=>t=>async(...n)=>{const o=await t(...n);return Jt(e),o};async function kn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=xn(n.publicKey.challenge),n.publicKey.user.id=xn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=xn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Tn(o.rawId),type:o.type,response:{attestationObject:Tn(o.response.attestationObject),clientDataJSON:Tn(o.response.clientDataJSON)}});var o}async function In(e){const t=jn(e);return Un(await navigator.credentials.get(t))}async function On(e,t){const n=jn(e);n.signal=t.signal,n.mediation="conditional";return Un(await navigator.credentials.get(n))}async function Sn(e=!1){if(!Ut)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function jn(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=xn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=xn(e.id)})),n}function Un(e){return JSON.stringify({id:e.id,rawId:Tn(e.rawId),type:e.type,response:{authenticatorData:Tn(e.response.authenticatorData),clientDataJSON:Tn(e.response.clientDataJSON),signature:Tn(e.response.signature),userHandle:e.response.userHandle?Tn(e.response.userHandle):void 0}})}function xn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Tn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Rn,Cn=(Rn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await kn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await In(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await kn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await In(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await kn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:kn,get:In,isSupported:Sn,conditional:On}}),(...e)=>{const t=Rn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const En={config:"/fedcm/config"},Pn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function _n(e,t){var n;try{await $n(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function $n(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Pn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Dn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Sn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let An;const Ln=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Ln(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const qn=async(e,t,n)=>{An||(An=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ln([Tt,Rt],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await An;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,s=(null==n?void 0:n.redirectUri)||window.location.href,a=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const u={authority:l,client_id:t,redirect_uri:s,response_type:"code",scope:a,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(u.scope=n.scope),{client:new o(u),stateUserKey:c}},Nn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await qn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),window.localStorage.setItem(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Nt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return window.localStorage.removeItem(r),t||window.location.replace(s),i}}},Jn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return Ut?(o&&r&&nn(o).catch((()=>null)),e(c(i,{beforeRequest:on}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||"undefined"!=typeof window&&window.descopeBridge)return e(i);const{clearAllTimers:s,setTimer:a}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let u,d;Ut&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&u&&new Date>u&&(St("Expiration time passed, refreshing session"),p.refresh(Lt()||d))}));const p=e(c(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i}=await l(t);if(401===(null==t?void 0:t.status))St("Received 401, canceling all timers"),s();else if(n||i){if(u=((e,t)=>{if(t)return new Date(1e3*t);St("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!u)return void St("Could not extract expiration time from session token");d=o;const e=Ct(u);if(s(),e<=2e4)return void St("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});St(`Setting refresh timer for ${t}. (${e}ms)`),a((()=>{St("Refreshing session due to timer"),p.refresh(Lt()||o)}),e)}}}));return de(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return St("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.4"},t.baseHeaders)}))),(e=>t=>{const n=yn(),o=yn(),r=yn(),i=e(c(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null);else{const e=await u(t);e&&r.pub(e);const{sessionJwt:i,sessionExpiration:s}=await l(t);i&&o.pub(i),(s||i)&&n.pub(s||42)}}})),s=de(i,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const i=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i}));return Object.assign(s,{onSessionTokenChange:o.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=rn}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=rn)=>{try{if(!d)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=g(n);if(e)try{JSON.parse(e).expiry<Date.now()&&h(n)}catch(e){h(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return e(c(i,{afterRequest:async(e,t)=>{if(e.path!==an&&e.path!==cn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(sn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=pn(e)),{nonce:n,executionId:dn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=rn)=>{try{const r=ln(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};p(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===an,r)}},beforeRequest:e=>{if(e.path===cn){const t=pn(e);if(t){const n=((e,t=rn)=>{try{const n=ln(e,t),o=g(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(un(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[sn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:fn,getLastUserDisplayName:vn});const s=e(c(i,{afterRequest:async(e,t)=>{var n;const o=await u(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{p(gn,e)})(r),(e=>{p(hn,e)})(i))}}));let a=de(s,["flow.start"],wn);return a=de(a,["logout","logoutAll"],mn(r)),Object.assign(a,{getLastUserLoginId:fn,getLastUserDisplayName:vn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,storagePrefix:i}=n,s=t(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!o||!Ut)return e(s);const a=e(c(s,{beforeRequest:(u=i,e=>Object.assign(e,{token:e.token||Lt(u)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||Jt(i):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&p(`${n}${$t}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;At(_t,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else p(`${n}${_t}`,r);e.idToken&&p(`${n}${Dt}`,e.idToken)})(await l(t),r,i)}}));var u;const d=de(a,["logout","logoutAll","oidc.logout"],bn(i));return Object.assign(d,{getRefreshToken:()=>Lt(i),getSessionToken:()=>qt(i),getIdToken:()=>Nt(i)})}))((e=>{const t=Ot(e),n=Nn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=qt(),s=Lt();let a="";if(e.getExternalToken)try{a=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){St("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:s?"t":"f"},a)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Dn(t),webauthn:Cn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){_n(o,e)},requestAuthentication(e){_n(o,e)}},async oneTap(e,t,n,r,i){await $n(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+En.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>Ut&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+En.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Jn.REFRESH_TOKEN_KEY=$t,Jn.SESSION_TOKEN_KEY=_t,Jn}));
+function _t(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var $t=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=_t({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",_t({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,_t({},this.attributes,t))},withConverter:function(t){return e(_t({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Dt="DS",At="DSR",Lt="DSI";function qt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);$t.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Nt(e=""){return g(`${e}${At}`)||""}function Jt(e=""){return $t.get(Dt)||g(`${e}${Dt}`)||""}function Kt(e=""){return g(`${e}${Lt}`)||""}function Mt(e=""){h(`${e}${At}`),h(`${e}${Dt}`),h(`${e}${Lt}`),$t.remove(Dt)}const Ft=Tt&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Ht="vsid",Vt="vrid";var Bt={default:"endpoint"},zt="Blocked by CSP",Zt="The endpoint parameter is not a valid URL",Gt="Failed to load the JS script of the agent",Wt="9319";function Xt(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===zt||s===Zt)n.exclude(),i=0;else if(s===Wt)n.exclude();else if(s===Gt){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],u=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(l).then((function(e){return[e,a]}))}var Yt="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",Qt=Yt;function en(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:Yt,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=l[0],d=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return Xt(e,tn)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===Wt?new Error(Gt):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function tn(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(Zt);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(Gt))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(zt)})).then(nn)}function nn(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(Wt);return n}const on=(e=!1)=>{const t=localStorage.getItem("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},rn=async(e,t=Ft)=>{try{if(on())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=en({apiKey:e,endpoint:[o.toString(),Bt],scriptUrlPattern:[i,Qt]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[Ht]:e,[Vt]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},sn=e=>{const t=on(!0);return t&&e.body&&(e.body.fpData=t),e},an="descopeFlowNonce",cn="X-Descope-Flow-Nonce",ln="/v1/flow/start",un="/v1/flow/next",dn=(e,t=an)=>`${t}${e}`,pn=(e,t=an)=>{try{const n=dn(e,t);h(n)}catch(e){console.error("Error removing flow nonce:",e)}},gn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},hn=e=>{var t;return e.path===un&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?gn(e.body.executionId):null},fn="dls_last_user_login_id",vn="dls_last_user_display_name",wn=()=>g(fn),mn=()=>g(vn),yn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=wn(),i=mn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},bn=e=>t=>async(...n)=>{const o=await t(...n);return e||(h(fn),h(vn)),o};function kn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const In=e=>t=>async(...n)=>{const o=await t(...n);return Mt(e),o};async function On(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=Rn(n.publicKey.challenge),n.publicKey.user.id=Rn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=Rn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Cn(o.rawId),type:o.type,response:{attestationObject:Cn(o.response.attestationObject),clientDataJSON:Cn(o.response.clientDataJSON)}});var o}async function Sn(e){const t=xn(e);return Tn(await navigator.credentials.get(t))}async function jn(e,t){const n=xn(e);n.signal=t.signal,n.mediation="conditional";return Tn(await navigator.credentials.get(n))}async function Un(e=!1){if(!Tt)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function xn(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=Rn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=Rn(e.id)})),n}function Tn(e){return JSON.stringify({id:e.id,rawId:Cn(e.rawId),type:e.type,response:{authenticatorData:Cn(e.response.authenticatorData),clientDataJSON:Cn(e.response.clientDataJSON),signature:Cn(e.response.signature),userHandle:e.response.userHandle?Cn(e.response.userHandle):void 0}})}function Rn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Cn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var En,Pn=(En=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await On(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await Sn(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await On(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await Sn(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await On(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:On,get:Sn,isSupported:Un,conditional:jn}}),(...e)=>{const t=En(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const _n={config:"/fedcm/config"},$n=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Dn(e,t){var n;try{await An(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function An(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=$n(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Ln=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Un(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let qn;const Nn=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Nn(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Jn=async(e,t,n)=>{qn||(qn=(async()=>{try{return require("oidc-client-ts")}catch(e){return Nn([Ct,Et],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await qn;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,s=(null==n?void 0:n.redirectUri)||window.location.href,a=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const u={authority:l,client_id:t,redirect_uri:s,response_type:"code",scope:a,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(u.scope=n.scope),{client:new o(u),stateUserKey:c}},Kn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await Jn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),window.localStorage.setItem(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Kt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return window.localStorage.removeItem(r),t||window.location.replace(s),i}}},Mn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return Tt?(o&&r&&rn(o).catch((()=>null)),e(c(i,{beforeRequest:sn}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||"undefined"!=typeof window&&window.descopeBridge)return e(i);const{clearAllTimers:s,setTimer:a}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let u,d;Tt&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&u&&new Date>u&&(Ut("Expiration time passed, refreshing session"),p.refresh(Nt()||d))}));const p=e(c(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i}=await l(t);if(401===(null==t?void 0:t.status))Ut("Received 401, canceling all timers"),s();else if(n||i){if(u=((e,t)=>{if(t)return new Date(1e3*t);Ut("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!u)return void Ut("Could not extract expiration time from session token");d=o;const e=Pt(u);if(s(),e<=2e4)return void Ut("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});Ut(`Setting refresh timer for ${t}. (${e}ms)`),a((()=>{Ut("Refreshing session due to timer"),p.refresh(Nt()||o)}),e)}}}));return ge(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return Ut("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.33.6"},t.baseHeaders)}))),(e=>t=>{const n=kn(),o=kn(),r=kn(),i=e(c(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null);else{const e=await u(t);e&&r.pub(e);const{sessionJwt:i,sessionExpiration:s}=await l(t);i&&o.pub(i),(s||i)&&n.pub(s||42)}}})),s=ge(i,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const i=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i}));return Object.assign(s,{onSessionTokenChange:o.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=an}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=an)=>{try{if(!d)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=g(n);if(e)try{JSON.parse(e).expiry<Date.now()&&h(n)}catch(e){h(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return e(c(i,{afterRequest:async(e,t)=>{if(e.path!==ln&&e.path!==un)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(cn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=hn(e)),{nonce:n,executionId:gn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=an)=>{try{const r=dn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};p(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===ln,r)}},beforeRequest:e=>{if(e.path===un){const t=hn(e);if(t){const n=((e,t=an)=>{try{const n=dn(e,t),o=g(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(pn(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[cn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:wn,getLastUserDisplayName:mn});const s=e(c(i,{afterRequest:async(e,t)=>{var n;const o=await u(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{p(fn,e)})(r),(e=>{p(vn,e)})(i))}}));let a=ge(s,["flow.start"],yn);return a=ge(a,["logout","logoutAll"],bn(r)),Object.assign(a,{getLastUserLoginId:wn,getLastUserDisplayName:mn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,storagePrefix:i}=n,s=t(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!o||!Tt)return e(s);const a=e(c(s,{beforeRequest:(u=i,e=>Object.assign(e,{token:e.token||Nt(u)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||Mt(i):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&p(`${n}${At}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;qt(Dt,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else p(`${n}${Dt}`,r);e.idToken&&p(`${n}${Lt}`,e.idToken)})(await l(t),r,i)}}));var u;const d=ge(a,["logout","logoutAll","oidc.logout"],In(i));return Object.assign(d,{getRefreshToken:()=>Nt(i),getSessionToken:()=>Jt(i),getIdToken:()=>Kt(i)})}))((e=>{const t=jt(e),n=Kn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=Jt(),s=Nt();let a="";if(e.getExternalToken)try{a=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){Ut("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:s?"t":"f"},a)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Ln(t),webauthn:Pn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Dn(o,e)},requestAuthentication(e){Dn(o,e)}},async oneTap(e,t,n,r,i){await An(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+_n.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>Tt&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+_n.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Mn.REFRESH_TOKEN_KEY=At,Mn.SESSION_TOKEN_KEY=Dt,Mn}));
 //# sourceMappingURL=index.umd.js.map