@descope/web-js-sdk 1.34.0 → 1.34.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/cjs/index.cjs.js +1 -1
  2. package/dist/index.d.ts +9 -279
  3. package/dist/index.esm.js +1 -1
  4. package/dist/index.umd.js +2 -2
  5. package/dist/index.umd.js.map +1 -1
  6. package/package.json +2 -2
package/dist/cjs/index.cjs.js CHANGED
@@ -1,2 +1,2 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),r=require("@fingerprintjs/fingerprintjs-pro");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=i(n),s=i(o);const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||r,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:a,cookieSecure:c}=n,l=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:i,secure:c})}}function D(e=""){return h(`${e}${x}`)||""}function R(e=""){return s.default.get(O)||h(`${e}${O}`)||""}function C(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),s.default.remove(O)}const E=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",A="vsid",J="vrid",$="fp",N=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},L=async(e,t=E)=>{try{if(N())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=r.load({apiKey:e,endpoint:[o.toString(),r.defaultEndpoint],scriptUrlPattern:[a,r.defaultScriptUrlPattern]}),c=await s,{requestId:l}=await c.get({linkedId:n}),d=((e,t)=>({[A]:e,[J]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},q=e=>{const t=N(!0);return t&&e.body&&(e.body.fpData=t),e},K="descopeFlowNonce",P="X-Descope-Flow-Nonce",F="/v1/flow/start",V="/v1/flow/next",M=(e,t=K)=>`${t}${e}`,W=(e,t=K)=>{try{const n=M(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},H=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},B=e=>{var t;return e.path===V&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?H(e.body.executionId):null},G="dls_last_user_login_id",X="dls_last_user_display_name",Z=()=>h(G),Y=()=>h(X),z=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Z(),i=Y();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Q=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(G),v(X)),o};function ee(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const te=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function ne(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),n.publicKey.user.id=ce(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:le(o.rawId),type:o.type,response:{attestationObject:le(o.response.attestationObject),clientDataJSON:le(o.response.clientDataJSON)}});var o}async function oe(e){const t=ae(e);return se(await navigator.credentials.get(t))}async function re(e,t){const n=ae(e);n.signal=t.signal,n.mediation="conditional";return se(await navigator.credentials.get(n))}async function ie(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ae(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}function se(e){return JSON.stringify({id:e.id,rawId:le(e.rawId),type:e.type,response:{authenticatorData:le(e.response.authenticatorData),clientDataJSON:le(e.response.clientDataJSON),signature:le(e.response.signature),userHandle:e.response.userHandle?le(e.response.userHandle):void 0}})}function ce(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function le(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var de,ue=(de=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await oe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await oe(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:ne,get:oe,isSupported:ie,conditional:re}}),(...e)=>{const t=de(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},ge=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function fe(e,t){var n;try{await we(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function we(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=ge(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),a.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var he=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ie(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ve=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const me=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),a=document.createElement("script");a.src=i,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{me(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const be=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return me([k,_],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},Se=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await be(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),a=await r.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(i,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(ve())return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await r.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||C(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:a}=i;return window.localStorage.removeItem(r),t||window.location.replace(a),i}}},ke=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:r}=n,i=e.__rest(n,["fpKey","fpLoad"]);return b?(o&&r&&L(o).catch((()=>null)),t(u(i,{beforeRequest:q}))):t(i)}),(o=>r=>{var{autoRefresh:i}=r,a=e.__rest(r,["autoRefresh"]);if(!i||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(D()||d))}));const g=o(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:r,sessionExpiration:i}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||i){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,i),!l)return void y("Could not extract expiration time from session token");d=r;const e=I(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(D()||r)}),e)}}}));return n.wrapWith(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.34.0"},t.baseHeaders)}))),(e=>t=>{const o=ee(),r=ee(),i=ee(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))r.pub(null),i.pub(null),o.pub(null);else{const e=await g(t);e&&i.pub(e);const{sessionJwt:n,sessionExpiration:a}=await p(t);n&&r.pub(n),(a||n)&&o.pub(a||42)}}})),s=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return r.pub(null),i.pub(null),o.pub(null),n}));return Object.assign(s,{onSessionTokenChange:r.sub,onUserChange:i.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=K}=n,i=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(i);((e=K)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return t(u(i,{afterRequest:async(e,t)=>{if(e.path!==F&&e.path!==V)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(P);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=B(e)),{nonce:n,executionId:H(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=K)=>{try{const r=M(e,o),i=n?172800:10800,a={value:t,expiry:Date.now()+1e3*i,isStart:n};w(r,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===F,r)}},beforeRequest:e=>{if(e.path===V){const t=B(e);if(t){const n=((e,t=K)=>{try{const n=M(e,t),o=h(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(W(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[P]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:r=!0,keepLastAuthenticatedUserAfterLogout:i=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!r)return Object.assign(t(a),{getLastUserLoginId:Z,getLastUserDisplayName:Y});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{w(G,e)})(r),(e=>{w(X,e)})(i))}}));let c=n.wrapWith(s,["flow.start"],z);return c=n.wrapWith(c,["logout","logoutAll"],Q(i)),Object.assign(c,{getLastUserLoginId:Z,getLastUserDisplayName:Y})}),(t=>o=>{var{persistTokens:r,sessionTokenViaCookie:i,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!r||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||D(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&w(`${n}${x}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;j(O,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else w(`${n}${O}`,r);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),i,a)}}));var l;const d=n.wrapWith(c,["logout","logoutAll","oidc.logout"],te(a));return Object.assign(d,{getRefreshToken:()=>D(a),getSessionToken:()=>R(a),getIdToken:()=>C(a)})}))((e=>{const t=a.default(e),n=Se(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=R(),a=D();let s="";if(e.getExternalToken)try{s=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:a?"t":"f"},s)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:he(t),webauthn:ue(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){fe(o,e)},requestAuthentication(e){fe(o,e)}},async oneTap(e,t,n,r,i){await we(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+pe.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));exports.REFRESH_TOKEN_KEY=x,exports.SESSION_TOKEN_KEY=O,exports.clearFingerprintData=()=>{localStorage.removeItem($)},exports.default=ke,exports.ensureFingerprintIds=L,exports.hasOidcParamsInUrl=ve;
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),r=require("@fingerprintjs/fingerprintjs-pro");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=i(n),s=i(o);const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||r,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:a,cookieSecure:c}=n,l=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:i,secure:c})}}function D(e=""){return h(`${e}${x}`)||""}function R(e=""){return s.default.get(O)||h(`${e}${O}`)||""}function C(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),s.default.remove(O)}const E=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",A="vsid",J="vrid",$="fp",N=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},L=async(e,t=E)=>{try{if(N())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=r.load({apiKey:e,endpoint:[o.toString(),r.defaultEndpoint],scriptUrlPattern:[a,r.defaultScriptUrlPattern]}),c=await s,{requestId:l}=await c.get({linkedId:n}),d=((e,t)=>({[A]:e,[J]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},q=e=>{const t=N(!0);return t&&e.body&&(e.body.fpData=t),e},K="descopeFlowNonce",P="X-Descope-Flow-Nonce",F="/v1/flow/start",V="/v1/flow/next",M=(e,t=K)=>`${t}${e}`,W=(e,t=K)=>{try{const n=M(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},H=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},B=e=>{var t;return e.path===V&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?H(e.body.executionId):null},G="dls_last_user_login_id",X="dls_last_user_display_name",Z=()=>h(G),Y=()=>h(X),z=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Z(),i=Y();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Q=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(G),v(X)),o};function ee(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const te=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function ne(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),n.publicKey.user.id=ce(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:le(o.rawId),type:o.type,response:{attestationObject:le(o.response.attestationObject),clientDataJSON:le(o.response.clientDataJSON)}});var o}async function oe(e){const t=ae(e);return se(await navigator.credentials.get(t))}async function re(e,t){const n=ae(e);n.signal=t.signal,n.mediation="conditional";return se(await navigator.credentials.get(n))}async function ie(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ae(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ce(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ce(e.id)})),n}function se(e){return JSON.stringify({id:e.id,rawId:le(e.rawId),type:e.type,response:{authenticatorData:le(e.response.authenticatorData),clientDataJSON:le(e.response.clientDataJSON),signature:le(e.response.signature),userHandle:e.response.userHandle?le(e.response.userHandle):void 0}})}function ce(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function le(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var de,ue=(de=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await oe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await ne(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await oe(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await ne(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:ne,get:oe,isSupported:ie,conditional:re}}),(...e)=>{const t=de(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const pe={config:"/fedcm/config"},ge=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function fe(e,t){var n;try{await we(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function we(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=ge(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),a.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var he=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ie(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ve=()=>window.location.search.includes("code")&&window.location.search.includes("state");let ye;const me=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),a=document.createElement("script");a.src=i,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{me(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const be=async(e,t,n)=>{ye||(ye=(async()=>{try{return require("oidc-client-ts")}catch(e){return me([k,_],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await ye;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${i}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new r({store:window.localStorage,prefix:i}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},Se=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await be(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),a=await r.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(i,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(ve())return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(i);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await r.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||C(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:a}=i;return window.localStorage.removeItem(r),t||window.location.replace(a),i}}},ke=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:r}=n,i=e.__rest(n,["fpKey","fpLoad"]);return b?(o&&r&&L(o).catch((()=>null)),t(u(i,{beforeRequest:q}))):t(i)}),(o=>r=>{var{autoRefresh:i}=r,a=e.__rest(r,["autoRefresh"]);if(!i||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(D()||d))}));const g=o(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:r,sessionExpiration:i}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||i){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,i),!l)return void y("Could not extract expiration time from session token");d=r;const e=I(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(D()||r)}),e)}}}));return n.wrapWith(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.34.1"},t.baseHeaders)}))),(e=>t=>{const o=ee(),r=ee(),i=ee(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))r.pub(null),i.pub(null),o.pub(null);else{const e=await g(t);e&&i.pub(e);const{sessionJwt:n,sessionExpiration:a}=await p(t);n&&r.pub(n),(a||n)&&o.pub(a||42)}}})),s=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return r.pub(null),i.pub(null),o.pub(null),n}));return Object.assign(s,{onSessionTokenChange:r.sub,onUserChange:i.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=K}=n,i=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(i);((e=K)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(r);return t(u(i,{afterRequest:async(e,t)=>{if(e.path!==F&&e.path!==V)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(P);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=B(e)),{nonce:n,executionId:H(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=K)=>{try{const r=M(e,o),i=n?172800:10800,a={value:t,expiry:Date.now()+1e3*i,isStart:n};w(r,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===F,r)}},beforeRequest:e=>{if(e.path===V){const t=B(e);if(t){const n=((e,t=K)=>{try{const n=M(e,t),o=h(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(W(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[P]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:r=!0,keepLastAuthenticatedUserAfterLogout:i=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!r)return Object.assign(t(a),{getLastUserLoginId:Z,getLastUserDisplayName:Y});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],i=null==o?void 0:o.name;r&&((e=>{w(G,e)})(r),(e=>{w(X,e)})(i))}}));let c=n.wrapWith(s,["flow.start"],z);return c=n.wrapWith(c,["logout","logoutAll"],Q(i)),Object.assign(c,{getLastUserLoginId:Z,getLastUserDisplayName:Y})}),(t=>o=>{var{persistTokens:r,sessionTokenViaCookie:i,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!r||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||D(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:r,refreshJwt:i}=e;if(i&&w(`${n}${x}`,i),r)if(t){const n=t.sameSite||"Strict",i=null===(o=t.secure)||void 0===o||o;j(O,r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:i}))}else w(`${n}${O}`,r);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),i,a)}}));var l;const d=n.wrapWith(c,["logout","logoutAll","oidc.logout"],te(a));return Object.assign(d,{getRefreshToken:()=>D(a),getSessionToken:()=>R(a),getIdToken:()=>C(a)})}))((e=>{const t=a.default(e),n=Se(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async o=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const i=R(),a=D();let s="";if(e.getExternalToken)try{s=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:i?"t":"f",dcr:a?"t":"f"},s)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:he(t),webauthn:ue(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){fe(o,e)},requestAuthentication(e){fe(o,e)}},async oneTap(e,t,n,r,i){await we(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+pe.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+pe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));exports.REFRESH_TOKEN_KEY=x,exports.SESSION_TOKEN_KEY=O,exports.clearFingerprintData=()=>{localStorage.removeItem($)},exports.default=ke,exports.ensureFingerprintIds=L,exports.hasOidcParamsInUrl=ve;
2
2
  //# sourceMappingURL=index.cjs.js.map
package/dist/index.d.ts CHANGED
@@ -101,7 +101,7 @@ declare const clearFingerprintData: () => void;
101
101
 
102
102
  declare const hasOidcParamsInUrl: () => boolean;
103
103
 
104
- declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPersistTokens, sessionTokenViaCookie, storagePrefix, ...config }: Omit<{
104
+ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPersistTokens, sessionTokenViaCookie, storagePrefix, ...config }: {
105
105
  projectId: string;
106
106
  logger?: {
107
107
  error: {
@@ -123,20 +123,14 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
123
123
  };
124
124
  baseUrl?: string;
125
125
  hooks?: {
126
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
127
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
126
+ beforeRequest?: ((config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig) | ((config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig)[];
127
+ afterRequest?: ((req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>) | ((req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>)[];
128
128
  transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
129
129
  };
130
130
  cookiePolicy?: RequestCredentials;
131
131
  baseHeaders?: HeadersInit;
132
132
  refreshCookieName?: string;
133
133
  fetch?: typeof fetch;
134
- }, "hooks"> & {
135
- hooks?: {
136
- beforeRequest?: ((config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig) | ((config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig)[];
137
- afterRequest?: ((req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>) | ((req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>)[];
138
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
139
- };
140
134
  } & {
141
135
  oidcConfig?: OidcConfig;
142
136
  getExternalToken?: () => Promise<string>;
@@ -767,51 +761,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
767
761
  getJwtPermissions: (token: string, tenant?: string) => string[];
768
762
  getJwtRoles: (token: string, tenant?: string) => string[];
769
763
  getCurrentTenant: (token: string) => string;
770
- httpClient: {
771
- get: (path: string, config?: {
772
- headers?: HeadersInit;
773
- queryParams?: {
774
- [key: string]: string;
775
- };
776
- token?: string;
777
- }) => Promise<Response>;
778
- post: (path: string, body?: any, config?: {
779
- headers?: HeadersInit;
780
- queryParams?: {
781
- [key: string]: string;
782
- };
783
- token?: string;
784
- }) => Promise<Response>;
785
- patch: (path: string, body?: any, config?: {
786
- headers?: HeadersInit;
787
- queryParams?: {
788
- [key: string]: string;
789
- };
790
- token?: string;
791
- }) => Promise<Response>;
792
- put: (path: string, body?: any, config?: {
793
- headers?: HeadersInit;
794
- queryParams?: {
795
- [key: string]: string;
796
- };
797
- token?: string;
798
- }) => Promise<Response>;
799
- delete: (path: string, config?: {
800
- headers?: HeadersInit;
801
- queryParams?: {
802
- [key: string]: string;
803
- };
804
- token?: string;
805
- }) => Promise<Response>;
806
- hooks?: {
807
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
808
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
809
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
810
- };
811
- buildUrl: (path: string, queryParams?: {
812
- [key: string]: string;
813
- }) => string;
814
- };
764
+ httpClient: _descope_core_js_sdk.HttpClient;
815
765
  } | {
816
766
  refresh: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
817
767
  logout: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<never>>;
@@ -1439,51 +1389,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
1439
1389
  getJwtPermissions: (token: string, tenant?: string) => string[];
1440
1390
  getJwtRoles: (token: string, tenant?: string) => string[];
1441
1391
  getCurrentTenant: (token: string) => string;
1442
- httpClient: {
1443
- get: (path: string, config?: {
1444
- headers?: HeadersInit;
1445
- queryParams?: {
1446
- [key: string]: string;
1447
- };
1448
- token?: string;
1449
- }) => Promise<Response>;
1450
- post: (path: string, body?: any, config?: {
1451
- headers?: HeadersInit;
1452
- queryParams?: {
1453
- [key: string]: string;
1454
- };
1455
- token?: string;
1456
- }) => Promise<Response>;
1457
- patch: (path: string, body?: any, config?: {
1458
- headers?: HeadersInit;
1459
- queryParams?: {
1460
- [key: string]: string;
1461
- };
1462
- token?: string;
1463
- }) => Promise<Response>;
1464
- put: (path: string, body?: any, config?: {
1465
- headers?: HeadersInit;
1466
- queryParams?: {
1467
- [key: string]: string;
1468
- };
1469
- token?: string;
1470
- }) => Promise<Response>;
1471
- delete: (path: string, config?: {
1472
- headers?: HeadersInit;
1473
- queryParams?: {
1474
- [key: string]: string;
1475
- };
1476
- token?: string;
1477
- }) => Promise<Response>;
1478
- hooks?: {
1479
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
1480
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
1481
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
1482
- };
1483
- buildUrl: (path: string, queryParams?: {
1484
- [key: string]: string;
1485
- }) => string;
1486
- };
1392
+ httpClient: _descope_core_js_sdk.HttpClient;
1487
1393
  } | {
1488
1394
  refresh: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1489
1395
  logout: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<never>>;
@@ -2111,51 +2017,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
2111
2017
  getJwtPermissions: (token: string, tenant?: string) => string[];
2112
2018
  getJwtRoles: (token: string, tenant?: string) => string[];
2113
2019
  getCurrentTenant: (token: string) => string;
2114
- httpClient: {
2115
- get: (path: string, config?: {
2116
- headers?: HeadersInit;
2117
- queryParams?: {
2118
- [key: string]: string;
2119
- };
2120
- token?: string;
2121
- }) => Promise<Response>;
2122
- post: (path: string, body?: any, config?: {
2123
- headers?: HeadersInit;
2124
- queryParams?: {
2125
- [key: string]: string;
2126
- };
2127
- token?: string;
2128
- }) => Promise<Response>;
2129
- patch: (path: string, body?: any, config?: {
2130
- headers?: HeadersInit;
2131
- queryParams?: {
2132
- [key: string]: string;
2133
- };
2134
- token?: string;
2135
- }) => Promise<Response>;
2136
- put: (path: string, body?: any, config?: {
2137
- headers?: HeadersInit;
2138
- queryParams?: {
2139
- [key: string]: string;
2140
- };
2141
- token?: string;
2142
- }) => Promise<Response>;
2143
- delete: (path: string, config?: {
2144
- headers?: HeadersInit;
2145
- queryParams?: {
2146
- [key: string]: string;
2147
- };
2148
- token?: string;
2149
- }) => Promise<Response>;
2150
- hooks?: {
2151
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
2152
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
2153
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
2154
- };
2155
- buildUrl: (path: string, queryParams?: {
2156
- [key: string]: string;
2157
- }) => string;
2158
- };
2020
+ httpClient: _descope_core_js_sdk.HttpClient;
2159
2021
  }) & {
2160
2022
  onSessionTokenChange: (cb: (data: string) => void) => () => any[];
2161
2023
  onUserChange: (cb: (data: _descope_core_js_sdk.UserResponse) => void) => () => any[];
@@ -2790,51 +2652,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
2790
2652
  getJwtPermissions: (token: string, tenant?: string) => string[];
2791
2653
  getJwtRoles: (token: string, tenant?: string) => string[];
2792
2654
  getCurrentTenant: (token: string) => string;
2793
- httpClient: {
2794
- get: (path: string, config?: {
2795
- headers?: HeadersInit;
2796
- queryParams?: {
2797
- [key: string]: string;
2798
- };
2799
- token?: string;
2800
- }) => Promise<Response>;
2801
- post: (path: string, body?: any, config?: {
2802
- headers?: HeadersInit;
2803
- queryParams?: {
2804
- [key: string]: string;
2805
- };
2806
- token?: string;
2807
- }) => Promise<Response>;
2808
- patch: (path: string, body?: any, config?: {
2809
- headers?: HeadersInit;
2810
- queryParams?: {
2811
- [key: string]: string;
2812
- };
2813
- token?: string;
2814
- }) => Promise<Response>;
2815
- put: (path: string, body?: any, config?: {
2816
- headers?: HeadersInit;
2817
- queryParams?: {
2818
- [key: string]: string;
2819
- };
2820
- token?: string;
2821
- }) => Promise<Response>;
2822
- delete: (path: string, config?: {
2823
- headers?: HeadersInit;
2824
- queryParams?: {
2825
- [key: string]: string;
2826
- };
2827
- token?: string;
2828
- }) => Promise<Response>;
2829
- hooks?: {
2830
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
2831
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
2832
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
2833
- };
2834
- buildUrl: (path: string, queryParams?: {
2835
- [key: string]: string;
2836
- }) => string;
2837
- };
2655
+ httpClient: _descope_core_js_sdk.HttpClient;
2838
2656
  } | {
2839
2657
  refresh: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
2840
2658
  logout: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<never>>;
@@ -3462,51 +3280,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
3462
3280
  getJwtPermissions: (token: string, tenant?: string) => string[];
3463
3281
  getJwtRoles: (token: string, tenant?: string) => string[];
3464
3282
  getCurrentTenant: (token: string) => string;
3465
- httpClient: {
3466
- get: (path: string, config?: {
3467
- headers?: HeadersInit;
3468
- queryParams?: {
3469
- [key: string]: string;
3470
- };
3471
- token?: string;
3472
- }) => Promise<Response>;
3473
- post: (path: string, body?: any, config?: {
3474
- headers?: HeadersInit;
3475
- queryParams?: {
3476
- [key: string]: string;
3477
- };
3478
- token?: string;
3479
- }) => Promise<Response>;
3480
- patch: (path: string, body?: any, config?: {
3481
- headers?: HeadersInit;
3482
- queryParams?: {
3483
- [key: string]: string;
3484
- };
3485
- token?: string;
3486
- }) => Promise<Response>;
3487
- put: (path: string, body?: any, config?: {
3488
- headers?: HeadersInit;
3489
- queryParams?: {
3490
- [key: string]: string;
3491
- };
3492
- token?: string;
3493
- }) => Promise<Response>;
3494
- delete: (path: string, config?: {
3495
- headers?: HeadersInit;
3496
- queryParams?: {
3497
- [key: string]: string;
3498
- };
3499
- token?: string;
3500
- }) => Promise<Response>;
3501
- hooks?: {
3502
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
3503
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
3504
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
3505
- };
3506
- buildUrl: (path: string, queryParams?: {
3507
- [key: string]: string;
3508
- }) => string;
3509
- };
3283
+ httpClient: _descope_core_js_sdk.HttpClient;
3510
3284
  } | {
3511
3285
  refresh: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
3512
3286
  logout: (token?: string) => Promise<_descope_core_js_sdk.SdkResponse<never>>;
@@ -4134,51 +3908,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
4134
3908
  getJwtPermissions: (token: string, tenant?: string) => string[];
4135
3909
  getJwtRoles: (token: string, tenant?: string) => string[];
4136
3910
  getCurrentTenant: (token: string) => string;
4137
- httpClient: {
4138
- get: (path: string, config?: {
4139
- headers?: HeadersInit;
4140
- queryParams?: {
4141
- [key: string]: string;
4142
- };
4143
- token?: string;
4144
- }) => Promise<Response>;
4145
- post: (path: string, body?: any, config?: {
4146
- headers?: HeadersInit;
4147
- queryParams?: {
4148
- [key: string]: string;
4149
- };
4150
- token?: string;
4151
- }) => Promise<Response>;
4152
- patch: (path: string, body?: any, config?: {
4153
- headers?: HeadersInit;
4154
- queryParams?: {
4155
- [key: string]: string;
4156
- };
4157
- token?: string;
4158
- }) => Promise<Response>;
4159
- put: (path: string, body?: any, config?: {
4160
- headers?: HeadersInit;
4161
- queryParams?: {
4162
- [key: string]: string;
4163
- };
4164
- token?: string;
4165
- }) => Promise<Response>;
4166
- delete: (path: string, config?: {
4167
- headers?: HeadersInit;
4168
- queryParams?: {
4169
- [key: string]: string;
4170
- };
4171
- token?: string;
4172
- }) => Promise<Response>;
4173
- hooks?: {
4174
- beforeRequest?: (config: _descope_core_js_sdk.RequestConfig) => _descope_core_js_sdk.RequestConfig;
4175
- afterRequest?: (req: _descope_core_js_sdk.RequestConfig, res: Response) => void | Promise<void>;
4176
- transformResponse?: (mutableResponse: _descope_core_js_sdk.ExtendedResponse) => Promise<_descope_core_js_sdk.ExtendedResponse>;
4177
- };
4178
- buildUrl: (path: string, queryParams?: {
4179
- [key: string]: string;
4180
- }) => string;
4181
- };
3911
+ httpClient: _descope_core_js_sdk.HttpClient;
4182
3912
  }) & {
4183
3913
  onSessionTokenChange: (cb: (data: string) => void) => () => any[];
4184
3914
  onUserChange: (cb: (data: _descope_core_js_sdk.UserResponse) => void) => () => any[];
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";const c=e=>{try{return t(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:c}=n,l=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:a,secure:c})}}function C(e=""){return h(`${e}${x}`)||""}function D(e=""){return i.get(O)||h(`${e}${O}`)||""}function R(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),i.remove(O)}const A=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",E="vsid",J="vrid",$="fp",L=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},N=async(e,t=A)=>{try{if(L())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const c=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",l=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[c,s]}),d=await l,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[E]:e,[J]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},P=()=>{localStorage.removeItem($)},K=e=>{const t=L(!0);return t&&e.body&&(e.body.fpData=t),e},q="descopeFlowNonce",F="X-Descope-Flow-Nonce",V="/v1/flow/start",M="/v1/flow/next",H=(e,t=q)=>`${t}${e}`,B=(e,t=q)=>{try{const n=H(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},G=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},W=e=>{var t;return e.path===M&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?G(e.body.executionId):null},X="dls_last_user_login_id",Z="dls_last_user_display_name",z=()=>h(X),Q=()=>h(Z),Y=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=z(),r=Q();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ee=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(X),v(Z)),o};function te(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ne=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function oe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),n.publicKey.user.id=le(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:de(o.rawId),type:o.type,response:{attestationObject:de(o.response.attestationObject),clientDataJSON:de(o.response.clientDataJSON)}});var o}async function ie(e){const t=se(e);return ce(await navigator.credentials.get(t))}async function re(e,t){const n=se(e);n.signal=t.signal,n.mediation="conditional";return ce(await navigator.credentials.get(n))}async function ae(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function se(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}function ce(e){return JSON.stringify({id:e.id,rawId:de(e.rawId),type:e.type,response:{authenticatorData:de(e.response.authenticatorData),clientDataJSON:de(e.response.clientDataJSON),signature:de(e.response.signature),userHandle:e.response.userHandle?de(e.response.userHandle):void 0}})}function le(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function de(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ue,pe=(ue=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ie(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ie(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:oe,get:ie,isSupported:ae,conditional:re}}),(...e)=>{const t=ue(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ge={config:"/fedcm/config"},fe=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function we(e,t){var n;try{await he(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function he(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=fe(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ve=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ae(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ye=()=>window.location.search.includes("code")&&window.location.search.includes("state");let me;const be=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{be(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Se=async(e,t,n)=>{me||(me=(async()=>{try{return require("oidc-client-ts")}catch(e){return be([k,I],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await me;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${r}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},ke=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Se(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(ye())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||R(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return window.localStorage.removeItem(i),t||window.location.replace(a),r}}},Ie=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return b?(o&&i&&N(o).catch((()=>null)),t(u(r,{beforeRequest:K}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return n(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(C()||d))}));const g=n(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||r){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!l)return void y("Could not extract expiration time from session token");d=i;const e=_(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(C()||i)}),e)}}}));return o(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.34.0"},t.baseHeaders)}))),(e=>t=>{const n=te(),i=te(),r=te(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null);else{const e=await g(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a}=await p(t);o&&i.pub(o),(a||o)&&n.pub(a||42)}}})),s=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),o}));return Object.assign(s,{onSessionTokenChange:i.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=q}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=q)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(i);return t(u(r,{afterRequest:async(e,t)=>{if(e.path!==V&&e.path!==M)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(F);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=W(e)),{nonce:n,executionId:G(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=q)=>{try{const i=H(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};w(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===V,i)}},beforeRequest:e=>{if(e.path===M){const t=W(e);if(t){const n=((e,t=q)=>{try{const n=H(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(B(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[F]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:z,getLastUserDisplayName:Q});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{w(X,e)})(i),(e=>{w(Z,e)})(r))}}));let c=o(s,["flow.start"],Y);return c=o(c,["logout","logoutAll"],ee(r)),Object.assign(c,{getLastUserLoginId:z,getLastUserDisplayName:Q})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||C(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&w(`${n}${x}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;j(O,i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else w(`${n}${O}`,i);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),r,a)}}));var l;const d=o(c,["logout","logoutAll","oidc.logout"],ne(a));return Object.assign(d,{getRefreshToken:()=>C(a),getSessionToken:()=>D(a),getIdToken:()=>R(a)})}))((e=>{const t=n(e),o=ke(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async n=>{var i;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const r=D(),a=C();let s="";if(e.getExternalToken)try{s=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:r?"t":"f",dcr:a?"t":"f"},s)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:ve(t),webauthn:pe(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){we(i,e)},requestAuthentication(e){we(i,e)}},async oneTap(e,t,n,o,r){await he(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ge.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ge.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{x as REFRESH_TOKEN_KEY,O as SESSION_TOKEN_KEY,P as clearFingerprintData,Ie as default,N as ensureFingerprintIds,ye as hasOidcParamsInUrl};
1
+ import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";const c=e=>{try{return t(e).exp}catch(e){return null}},l=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},p=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||l(t)},a)})((null==n?void 0:n.authInfo)||n||{})},g=async e=>{const t=await p(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},f="undefined"!=typeof localStorage,w=(e,t)=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.setItem(e,t)),h=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem(e)),v=e=>f&&(null===localStorage||void 0===localStorage?void 0:localStorage.removeItem(e)),y=(...e)=>{console.debug(...e)},m="3.2.0",b="undefined"!=typeof window,S=Math.pow(2,31)-1,k=`https://descopecdn.com/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,I=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${m}/dist/browser/oidc-client-ts.min.js`,_=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>S&&(y(`Timeout is too large (${t}ms), setting it to ${S}ms`),t=S),t},O="DS",x="DSR",U="DSI";function j(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:c}=n,l=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:l,sameSite:a,secure:c})}}function C(e=""){return h(`${e}${x}`)||""}function D(e=""){return i.get(O)||h(`${e}${O}`)||""}function R(e=""){return h(`${e}${U}`)||""}function T(e=""){v(`${e}${x}`),v(`${e}${O}`),v(`${e}${U}`),i.remove(O)}const A=b&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",E="vsid",J="vrid",$="fp",L=(e=!1)=>{const t=localStorage.getItem($);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},N=async(e,t=A)=>{try{if(L())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const c=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",l=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[c,s]}),d=await l,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[E]:e,[J]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};localStorage.setItem($,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},P=()=>{localStorage.removeItem($)},K=e=>{const t=L(!0);return t&&e.body&&(e.body.fpData=t),e},q="descopeFlowNonce",F="X-Descope-Flow-Nonce",V="/v1/flow/start",M="/v1/flow/next",H=(e,t=q)=>`${t}${e}`,B=(e,t=q)=>{try{const n=H(e,t);v(n)}catch(e){console.error("Error removing flow nonce:",e)}},G=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},W=e=>{var t;return e.path===M&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?G(e.body.executionId):null},X="dls_last_user_login_id",Z="dls_last_user_display_name",z=()=>h(X),Q=()=>h(Z),Y=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=z(),r=Q();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ee=e=>t=>async(...n)=>{const o=await t(...n);return e||(v(X),v(Z)),o};function te(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ne=e=>t=>async(...n)=>{const o=await t(...n);return T(e),o};async function oe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),n.publicKey.user.id=le(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:de(o.rawId),type:o.type,response:{attestationObject:de(o.response.attestationObject),clientDataJSON:de(o.response.clientDataJSON)}});var o}async function ie(e){const t=se(e);return ce(await navigator.credentials.get(t))}async function re(e,t){const n=se(e);n.signal=t.signal,n.mediation="conditional";return ce(await navigator.credentials.get(n))}async function ae(e=!1){if(!b)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function se(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=le(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=le(e.id)})),n}function ce(e){return JSON.stringify({id:e.id,rawId:de(e.rawId),type:e.type,response:{authenticatorData:de(e.response.authenticatorData),clientDataJSON:de(e.response.clientDataJSON),signature:de(e.response.signature),userHandle:e.response.userHandle?de(e.response.userHandle):void 0}})}function le(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function de(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ue,pe=(ue=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ie(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await oe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ie(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await oe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:oe,get:ie,isSupported:ae,conditional:re}}),(...e)=>{const t=ue(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ge={config:"/fedcm/config"},fe=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function we(e,t){var n;try{await he(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function he(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=fe(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=s.data.clientId;return new Promise((e=>{var s,l;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ve=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ae(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const ye=()=>window.location.search.includes("code")&&window.location.search.includes("state");let me;const be=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{be(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Se=async(e,t,n)=>{me||(me=(async()=>{try{return require("oidc-client-ts")}catch(e){return be([k,I],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await me;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",c=`${r}_user`;let l=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(l=`${l}/${n.applicationId}`);const d={authority:l,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:c}},ke=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Se(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),window.localStorage.setItem(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(ye())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=window.localStorage.getItem(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const c=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||R(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return window.localStorage.removeItem(i),t||window.location.replace(a),r}}},Ie=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return b?(o&&i&&N(o).catch((()=>null)),t(u(r,{beforeRequest:K}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return n(a);const{clearAllTimers:s,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;b&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(y("Expiration time passed, refreshing session"),g.refresh(C()||d))}));const g=n(u(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await p(n);if(401===(null==n?void 0:n.status))y("Received 401, canceling all timers"),s();else if(o||r){if(l=((e,n)=>{if(n)return new Date(1e3*n);y("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!l)return void y("Could not extract expiration time from session token");d=i;const e=_(l);if(s(),e<=2e4)return void y("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});y(`Setting refresh timer for ${n}. (${e}ms)`),c((()=>{y("Refreshing session due to timer"),g.refresh(C()||i)}),e)}}}));return o(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return y("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.34.1"},t.baseHeaders)}))),(e=>t=>{const n=te(),i=te(),r=te(),a=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null);else{const e=await g(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a}=await p(t);o&&i.pub(o),(a||o)&&n.pub(a||42)}}})),s=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),o}));return Object.assign(s,{onSessionTokenChange:i.sub,onUserChange:r.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=q}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=q)=>{try{if(!f)return;for(let t=0;t<localStorage.length;t++){const n=localStorage.key(t);if(n&&n.startsWith(e)){const e=h(n);if(e)try{JSON.parse(e).expiry<Date.now()&&v(n)}catch(e){v(n)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}})(i);return t(u(r,{afterRequest:async(e,t)=>{if(e.path!==V&&e.path!==M)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(F);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=W(e)),{nonce:n,executionId:G(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=q)=>{try{const i=H(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};w(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===V,i)}},beforeRequest:e=>{if(e.path===M){const t=W(e);if(t){const n=((e,t=q)=>{try{const n=H(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(B(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[F]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:z,getLastUserDisplayName:Q});const s=t(u(a,{afterRequest:async(e,t)=>{var n;const o=await g(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{w(X,e)})(i),(e=>{w(Z,e)})(r))}}));let c=o(s,["flow.start"],Y);return c=o(c,["logout","logoutAll"],ee(r)),Object.assign(c,{getLastUserLoginId:z,getLastUserDisplayName:Q})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!b)return t(s);const c=t(u(s,{beforeRequest:(l=a,e=>Object.assign(e,{token:e.token||C(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||T(a):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&w(`${n}${x}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;j(O,i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else w(`${n}${O}`,i);e.idToken&&w(`${n}${U}`,e.idToken)})(await p(t),r,a)}}));var l;const d=o(c,["logout","logoutAll","oidc.logout"],ne(a));return Object.assign(d,{getRefreshToken:()=>C(a),getSessionToken:()=>D(a),getIdToken:()=>R(a)})}))((e=>{const t=n(e),o=ke(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async n=>{var i;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const r=D(),a=C();let s="";if(e.getExternalToken)try{s=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){y("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:r?"t":"f",dcr:a?"t":"f"},s)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:ve(t),webauthn:pe(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){we(i,e)},requestAuthentication(e){we(i,e)}},async oneTap(e,t,n,o,r){await he(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ge.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>b&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ge.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{x as REFRESH_TOKEN_KEY,O as SESSION_TOKEN_KEY,P as clearFingerprintData,Ie as default,N as ensureFingerprintIds,ye as hasOidcParamsInUrl};
2
2
  //# sourceMappingURL=index.esm.js.map