@descope/web-js-sdk 1.36.2 → 1.37.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/README.md +1 -0
  2. package/dist/cjs/index.cjs.js +1 -1
  3. package/dist/cjs/index.cjs.js.map +1 -1
  4. package/dist/index.d.ts +1 -0
  5. package/dist/index.esm.js +1 -1
  6. package/dist/index.esm.js.map +1 -1
  7. package/dist/index.umd.js +1 -1
  8. package/dist/index.umd.js.map +1 -1
  9. package/package.json +1 -1
package/README.md CHANGED
@@ -29,6 +29,7 @@ const sdk = descopeSdk({
29
29
  - `sameSite` (default: `Strict`) – Controls the SameSite attribute of the session cookie.
30
30
  - `secure` (default: `true`) – If true, sets the cookie as Secure (sent only over HTTPS).
31
31
  - `cookieName` (default: `DS`) – The name of the session token cookie. Useful for avoiding conflicts when running multiple Descope projects on the same domain.
32
+ - `domain` (default: auto-detected) – The domain for the session token cookie. If not specified, uses the domain from Descope project settings or current domain.
32
33
  Notes:
33
34
  - This option is relevant only when `persistTokens` is true.
34
35
  - The session token cookie is set as a [`Secure`](https://datatracker.ietf.org/doc/html/rfc6265#section-5.2.5) cookie. It will be sent only over HTTPS connections.
package/dist/cjs/index.cjs.js CHANGED
@@ -1,2 +1,2 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(n),s=r(o);let l;const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},d=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},u=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},g=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||u(t),cookieExpiration:t.cookieExpiration||d(t)},a)})((null==n?void 0:n.authInfo)||n||{})},f=async e=>{const t=await g(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},w=void 0!==l||"undefined"!=typeof localStorage,v=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},h=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},b=(...e)=>{console.debug(...e)},S="3.2.0",k="undefined"!=typeof window,_=Math.pow(2,31)-1,I=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,O=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_&&(b(`Timeout is too large (${t}ms), setting it to ${_}ms`),t=_),t},U="DS",j="DSR",D="DSI";function C(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:i,domain:d?o:void 0,expires:c,sameSite:r,secure:l})}}const R=e=>(null==e?void 0:e.cookieName)||U;function T(e=""){return h(`${e}${j}`)||""}function E(e="",t){return s.default.get(R(t))||h(`${e}${U}`)||""}function A(e=""){return h(`${e}${D}`)||""}function J(e="",t){y(`${e}${j}`),y(`${e}${U}`),y(`${e}${D}`);const n=R(t);s.default.remove(n)}const N=k&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",$="vsid",L="vrid",q="fp",K=(e=!1)=>{const t=h(q);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},P=async(e,t=N)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[a,i.defaultScriptUrlPattern]}),l=await s,{requestId:c}=await l.get({linkedId:n}),d=((e,t)=>({[$]:e,[L]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};v(q,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},F=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},V="descopeFlowNonce",M="X-Descope-Flow-Nonce",W="/v1/flow/start",H="/v1/flow/next",B=(e,t=V)=>`${t}${e}`,G=(e,t=V)=>{try{const n=B(e,t);y(n)}catch(e){console.error("Error removing flow nonce:",e)}},X=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Z=e=>{var t;return e.path===H&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?X(e.body.executionId):null},Y="dls_last_user_login_id",z="dls_last_user_display_name",Q=()=>h(Y),ee=()=>h(z),te=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=Q(),r=ee();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ne=e=>t=>async(...n)=>{const o=await t(...n);return e||(y(Y),y(z)),o};function oe(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ie=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function re(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ue(n.publicKey.challenge),n.publicKey.user.id=ue(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ue(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:pe(o.rawId),type:o.type,response:{attestationObject:pe(o.response.attestationObject),clientDataJSON:pe(o.response.clientDataJSON)}});var o}async function ae(e){const t=ce(e);return de(await navigator.credentials.get(t))}async function se(e,t){const n=ce(e);n.signal=t.signal,n.mediation="conditional";return de(await navigator.credentials.get(n))}async function le(e=!1){if(!k)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ce(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ue(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ue(e.id)})),n}function de(e){return JSON.stringify({id:e.id,rawId:pe(e.rawId),type:e.type,response:{authenticatorData:pe(e.response.authenticatorData),clientDataJSON:pe(e.response.clientDataJSON),signature:pe(e.response.signature),userHandle:e.response.userHandle?pe(e.response.userHandle):void 0}})}function ue(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function pe(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ge,fe=(ge=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await re(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ae(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await re(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ae(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await re(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:re,get:ae,isSupported:le,conditional:se}}),(...e)=>{const t=ge(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const we={config:"/fedcm/config"},ve=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function he(e,t){var n;try{await ye(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function ye(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ve(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var me=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await le(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const be=()=>window.location.search.includes("code")&&window.location.search.includes("state");let Se;const ke=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{ke(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const _e=async(e,t,n)=>{Se||(Se=(async()=>{try{return require("oidc-client-ts")}catch(e){return ke([I,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await Se;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",l=`${r}_user`;let c=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(c=`${c}/${n.applicationId}`);const d={authority:c,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:l}},Ie=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await _e(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),v(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(be())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=h(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||A(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return y(i),t||window.location.replace(a),r}}},xe=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return k?(o&&i&&P(o).catch((()=>null)),t(p(r,{beforeRequest:F}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,a=e.__rest(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,d;k&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(b("Expiration time passed, refreshing session"),u.refresh(T()||d))}));const u=o(p(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await g(n);if(401===(null==n?void 0:n.status))b("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);b("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void b("Could not extract expiration time from session token");d=i;const e=O(c);if(s(),e<=2e4)return void b("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});b(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{b("Refreshing session due to timer"),u.refresh(T()||i)}),e)}}}));return n.wrapWith(u,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return b("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.36.2"},t.baseHeaders)}))),(e=>t=>{const o=oe(),i=oe(),r=oe(),a=oe(),s=e(p(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),a.pub(null);else{const e=await f(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:s,claims:l}=await g(t);n&&i.pub(n),l&&a.pub(l),(s||n)&&o.pub(s||42)}}})),l=n.wrapWith(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),a.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=V}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=V)=>{try{if(!w)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=m(o);if(t&&t.startsWith(e)){const e=h(t);if(e)try{JSON.parse(e).expiry<Date.now()&&y(t)}catch(e){y(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(p(r,{afterRequest:async(e,t)=>{if(e.path!==W&&e.path!==H)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(M);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Z(e)),{nonce:n,executionId:X(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=V)=>{try{const i=B(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};v(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===W,i)}},beforeRequest:e=>{if(e.path===H){const t=Z(e);if(t){const n=((e,t=V)=>{try{const n=B(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(G(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[M]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:Q,getLastUserDisplayName:ee});const s=t(p(a,{afterRequest:async(e,t)=>{var n;const o=await f(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{v(Y,e)})(i),(e=>{v(z,e)})(r))}}));let l=n.wrapWith(s,["flow.start"],te);return l=n.wrapWith(l,["logout","logoutAll"],ne(r)),Object.assign(l,{getLastUserLoginId:Q,getLastUserDisplayName:ee})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!k)return t(s);const l=t(p(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||T(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o;const{sessionJwt:i,refreshJwt:r}=e;if(r&&v(`${n}${j}`,r),i)if(t){const n=t.sameSite||"Strict",r=null===(o=t.secure)||void 0===o||o;C(R(t),i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:r}))}else v(`${n}${U}`,i);e.idToken&&v(`${n}${D}`,e.idToken)})(await g(t),r,a)}}));var c;const d=n.wrapWith(l,["logout","logoutAll","oidc.logout"],ie(a,r));return Object.assign(d,{getRefreshToken:()=>T(a),getSessionToken:()=>E(a),getIdToken:()=>A(a)})}))((e=>{const t=a.default(e),n=Ie(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=E(),s=T();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){b("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:me(t),webauthn:fe(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){he(o,e)},requestAuthentication(e){he(o,e)}},async oneTap(e,t,n,i,r){await ye(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+we.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>k&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+we.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=j,exports.SESSION_TOKEN_KEY=U,exports.clearFingerprintData=()=>{y(q)},exports.createSdk=xe,exports.default=xe,exports.ensureFingerprintIds=P,exports.hasOidcParamsInUrl=be;
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(n),s=r(o);let l;const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},d=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},u=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},g=async t=>{if(!(null==t?void 0:t.ok))return{};const n=await(null==t?void 0:t.clone().json());return(t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||u(t),cookieExpiration:t.cookieExpiration||d(t)},a)})((null==n?void 0:n.authInfo)||n||{})},f=async e=>{const t=await g(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)},w=void 0!==l||"undefined"!=typeof localStorage,v=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},h=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},b=(...e)=>{console.debug(...e)},S="3.2.0",k="undefined"!=typeof window,_=Math.pow(2,31)-1,I=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,O=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_&&(b(`Timeout is too large (${t}ms), setting it to ${_}ms`),t=_),t},U="DS",j="DSR",D="DSI";function C(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:i,domain:d?o:void 0,expires:c,sameSite:r,secure:l})}}const R=e=>(null==e?void 0:e.cookieName)||U;function T(e=""){return h(`${e}${j}`)||""}function E(e="",t){return s.default.get(R(t))||h(`${e}${U}`)||""}function A(e=""){return h(`${e}${D}`)||""}function J(e="",t){y(`${e}${j}`),y(`${e}${U}`),y(`${e}${D}`);const n=R(t);s.default.remove(n)}const N=k&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",$="vsid",L="vrid",q="fp",K=(e=!1)=>{const t=h(q);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},P=async(e,t=N)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[a,i.defaultScriptUrlPattern]}),l=await s,{requestId:c}=await l.get({linkedId:n}),d=((e,t)=>({[$]:e,[L]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};v(q,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},F=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},V="descopeFlowNonce",M="X-Descope-Flow-Nonce",W="/v1/flow/start",H="/v1/flow/next",B=(e,t=V)=>`${t}${e}`,G=(e,t=V)=>{try{const n=B(e,t);y(n)}catch(e){console.error("Error removing flow nonce:",e)}},X=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Z=e=>{var t;return e.path===H&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?X(e.body.executionId):null},Y="dls_last_user_login_id",z="dls_last_user_display_name",Q=()=>h(Y),ee=()=>h(z),te=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=Q(),r=ee();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ne=e=>t=>async(...n)=>{const o=await t(...n);return e||(y(Y),y(z)),o};function oe(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ie=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function re(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ue(n.publicKey.challenge),n.publicKey.user.id=ue(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ue(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:pe(o.rawId),type:o.type,response:{attestationObject:pe(o.response.attestationObject),clientDataJSON:pe(o.response.clientDataJSON)}});var o}async function ae(e){const t=ce(e);return de(await navigator.credentials.get(t))}async function se(e,t){const n=ce(e);n.signal=t.signal,n.mediation="conditional";return de(await navigator.credentials.get(n))}async function le(e=!1){if(!k)return Promise.resolve(!1);const t=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return t&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():t}function ce(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ue(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ue(e.id)})),n}function de(e){return JSON.stringify({id:e.id,rawId:pe(e.rawId),type:e.type,response:{authenticatorData:pe(e.response.authenticatorData),clientDataJSON:pe(e.response.clientDataJSON),signature:pe(e.response.signature),userHandle:e.response.userHandle?pe(e.response.userHandle):void 0}})}function ue(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function pe(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ge,fe=(ge=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await re(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ae(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await re(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ae(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await re(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:re,get:ae,isSupported:le,conditional:se}}),(...e)=>{const t=ge(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const we={config:"/fedcm/config"},ve=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function he(e,t){var n;try{await ye(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function ye(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ve(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var me=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await le(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const be=()=>window.location.search.includes("code")&&window.location.search.includes("state");let Se;const ke=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{ke(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const _e=async(e,t,n)=>{Se||(Se=(async()=>{try{return require("oidc-client-ts")}catch(e){return ke([I,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await Se;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=t,a=(null==n?void 0:n.redirectUri)||window.location.href,s=(null==n?void 0:n.scope)||"openid email roles descope.custom_claims offline_access",l=`${r}_user`;let c=e.httpClient.buildUrl(t);(null==n?void 0:n.applicationId)&&(c=`${c}/${n.applicationId}`);const d={authority:c,client_id:t,redirect_uri:a,response_type:"code",scope:s,stateStore:new i({store:window.localStorage,prefix:r}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),(null==n?void 0:n.scope)&&(d.scope=n.scope),{client:new o(d),stateUserKey:l}},Ie=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await _e(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),v(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(be())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=h(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||A(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return y(i),t||window.location.replace(a),r}}},xe=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return k?(o&&i&&P(o).catch((()=>null)),t(p(r,{beforeRequest:F}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,a=e.__rest(i,["autoRefresh"]);if(!r||"undefined"!=typeof window&&window.descopeBridge)return o(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,d;k&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(b("Expiration time passed, refreshing session"),u.refresh(T()||d))}));const u=o(p(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await g(n);if(401===(null==n?void 0:n.status))b("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);b("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void b("Could not extract expiration time from session token");d=i;const e=O(c);if(s(),e<=2e4)return void b("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});b(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{b("Refreshing session due to timer"),u.refresh(T()||i)}),e)}}}));return n.wrapWith(u,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return b("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.37.0"},t.baseHeaders)}))),(e=>t=>{const o=oe(),i=oe(),r=oe(),a=oe(),s=e(p(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),a.pub(null);else{const e=await f(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:s,claims:l}=await g(t);n&&i.pub(n),l&&a.pub(l),(s||n)&&o.pub(s||42)}}})),l=n.wrapWith(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),a.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=V}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=V)=>{try{if(!w)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=m(o);if(t&&t.startsWith(e)){const e=h(t);if(e)try{JSON.parse(e).expiry<Date.now()&&y(t)}catch(e){y(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(p(r,{afterRequest:async(e,t)=>{if(e.path!==W&&e.path!==H)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(M);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Z(e)),{nonce:n,executionId:X(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=V)=>{try{const i=B(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};v(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===W,i)}},beforeRequest:e=>{if(e.path===H){const t=Z(e);if(t){const n=((e,t=V)=>{try{const n=B(e,t),o=h(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(G(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[M]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:Q,getLastUserDisplayName:ee});const s=t(p(a,{afterRequest:async(e,t)=>{var n;const o=await f(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],r=null==o?void 0:o.name;i&&((e=>{v(Y,e)})(i),(e=>{v(z,e)})(r))}}));let l=n.wrapWith(s,["flow.start"],te);return l=n.wrapWith(l,["logout","logoutAll"],ne(r)),Object.assign(l,{getLastUserLoginId:Q,getLastUserDisplayName:ee})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!k)return t(s);const l=t(p(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||T(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&v(`${n}${j}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;C(R(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else v(`${n}${U}`,r);e.idToken&&v(`${n}${D}`,e.idToken)})(await g(t),r,a)}}));var c;const d=n.wrapWith(l,["logout","logoutAll","oidc.logout"],ie(a,r));return Object.assign(d,{getRefreshToken:()=>T(a),getSessionToken:()=>E(a),getIdToken:()=>A(a)})}))((e=>{const t=a.default(e),n=Ie(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=E(),s=T();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){b("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:me(t),webauthn:fe(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){he(o,e)},requestAuthentication(e){he(o,e)}},async oneTap(e,t,n,i,r){await ye(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+we.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>k&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+we.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=j,exports.SESSION_TOKEN_KEY=U,exports.clearFingerprintData=()=>{y(q)},exports.createSdk=xe,exports.default=xe,exports.ensureFingerprintIds=P,exports.hasOidcParamsInUrl=be;
2
2
  //# sourceMappingURL=index.cjs.js.map