@descope/web-js-sdk 1.40.0 → 1.40.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/cjs/index.cjs.js +1 -1
  2. package/dist/index.d.ts +6 -6
  3. package/dist/index.esm.js +1 -1
  4. package/dist/index.umd.js +2 -2
  5. package/dist/index.umd.js.map +1 -1
  6. package/package.json +2 -2
package/dist/cjs/index.cjs.js CHANGED
@@ -1,2 +1,2 @@
1
- "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(n),s=r(o);let l;const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},u=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||u(t)},a)},g=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return p(n)},w=()=>"undefined"!=typeof window&&!!window.descopeBridge,v=void 0!==l||"undefined"!=typeof localStorage,h=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},b=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},k=(...e)=>{console.debug(...e)},S="3.2.0",_="undefined"!=typeof window,I=Math.pow(2,31)-1,O=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,U=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>I&&(k(`Timeout is too large (${t}ms), setting it to ${I}ms`),t=I),t},j="DS",D="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),u=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:i,domain:u?o:void 0,expires:c,sameSite:r,secure:l})}}const E=e=>(null==e?void 0:e.cookieName)||j;function T(e=""){return y(`${e}${D}`)||""}function A(e="",t){return s.default.get(E(t))||y(`${e}${j}`)||""}function $(e=""){return y(`${e}${C}`)||""}function J(e="",t){m(`${e}${D}`),m(`${e}${j}`),m(`${e}${C}`);const n=E(t);s.default.remove(n)}const N=_&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",q="vsid",L="vrid",P="fp",K=(e=!1)=>{const t=y(P);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},F=async(e,t=N)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[a,i.defaultScriptUrlPattern]}),l=await s,{requestId:c}=await l.get({linkedId:n}),u=((e,t)=>({[q]:e,[L]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};h(P,JSON.stringify(t))})(u)}catch(e){console.warn("Could not load fingerprint",e)}},V=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},M="descopeFlowNonce",W="X-Descope-Flow-Nonce",H="/v1/flow/start",B="/v1/flow/next",G=(e,t=M)=>`${t}${e}`,X=(e,t=M)=>{try{const n=G(e,t);m(n)}catch(e){console.error("Error removing flow nonce:",e)}},Z=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Y=e=>{var t;return e.path===B&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Z(e.body.executionId):null},z="dls_last_user_login_id",Q="dls_last_user_display_name",ee=e=>h(z,e),te=()=>y(z),ne=()=>y(Q),oe=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=te(),r=ne();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ie=e=>t=>async(...n)=>{const o=await t(...n);return e||(m(z),m(Q)),o};function re(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ae=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function se(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ge(n.publicKey.challenge),n.publicKey.user.id=ge(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ge(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:fe(o.rawId),type:o.type,response:{attestationObject:fe(o.response.attestationObject),clientDataJSON:fe(o.response.clientDataJSON)}});var o}async function le(e){const t=de(e);return pe(await navigator.credentials.get(t))}async function ce(e,t){const n=de(e);n.signal=t.signal,n.mediation="conditional";return pe(await navigator.credentials.get(n))}async function ue(e=!1){var t,n;if(!_)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function de(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ge(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ge(e.id)})),n}function pe(e){return JSON.stringify({id:e.id,rawId:fe(e.rawId),type:e.type,response:{authenticatorData:fe(e.response.authenticatorData),clientDataJSON:fe(e.response.clientDataJSON),signature:fe(e.response.signature),userHandle:e.response.userHandle?fe(e.response.userHandle):void 0}})}function ge(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function fe(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var we,ve=(we=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await se(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await le(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await se(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await le(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await se(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:se,get:le,isSupported:ue,conditional:ce}}),(...e)=>{const t=we(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const he={config:"/fedcm/config"},ye=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function me(e,t){var n;try{await be(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function be(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ye(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const u=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:u,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ke=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ue(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Se=()=>window.location.search.includes("code")&&window.location.search.includes("state");let _e;const Ie=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{Ie(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Oe=async(e,t,n)=>{_e||(_e=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ie([O,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await _e;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let a,s,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");a=n.issuer,s=n.clientId,l=`${s}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(a=e.httpClient.buildUrl(t),a=`${a}/${n.applicationId}`,s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access"):(a=e.httpClient.buildUrl(t),s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access");const u={authority:a,client_id:s,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:s}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),{client:new o(u),stateUserKey:l}},xe=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Oe(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),h(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Se())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=y(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||$(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return m(i),t||window.location.replace(a),r}}},Ue=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return _?(o&&i&&F(o).catch((()=>null)),t(g(r,{beforeRequest:V}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,a=e.__rest(i,["autoRefresh"]);if(!r||w())return o(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,u;_&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(k("Expiration time passed, refreshing session"),d.refresh(T()||u))}));const d=o(g(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await f(n);if(401===(null==n?void 0:n.status))k("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);k("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void k("Could not extract expiration time from session token");u=i;const e=U(c);if(s(),e<=2e4)return void k("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});k(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{k("Refreshing session due to timer"),d.refresh(T()||i)}),e)}}}));return n.wrapWith(d,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return k("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.40.0"},t.baseHeaders)}))),(e=>t=>{const o=re(),i=re(),r=re(),a=re(),s=e(g(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),a.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:s,claims:l}=await f(t);n&&i.pub(n),l&&a.pub(l),(s||n)&&o.pub(s||42)}}})),l=n.wrapWith(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),a.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=M}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=M)=>{try{if(!v)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=b(o);if(t&&t.startsWith(e)){const e=y(t);if(e)try{JSON.parse(e).expiry<Date.now()&&m(t)}catch(e){m(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(g(r,{afterRequest:async(e,t)=>{if(e.path!==H&&e.path!==B)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(W);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Y(e)),{nonce:n,executionId:Z(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=M)=>{try{const i=G(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};h(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===H,i)}},beforeRequest:e=>{if(e.path===B){const t=Y(e);if(t){const n=((e,t=M)=>{try{const n=G(e,t),o=y(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(X(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[W]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:te,getLastUserDisplayName:ne});const s=t(g(a,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=p((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],a=null==o?void 0:o.name;r?(ee(r),(e=>{h(Q,e)})(a)):(null==i?void 0:i.loginId)&&ee(i.loginId)}}));let l=n.wrapWith(s,["flow.start"],oe);return l=n.wrapWith(l,["logout","logoutAll"],ie(r)),Object.assign(l,{getLastUserLoginId:te,getLastUserDisplayName:ne})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!_)return t(s);const l=t(g(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||T(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&h(`${n}${D}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;R(E(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else h(`${n}${j}`,r);e.idToken&&h(`${n}${C}`,e.idToken)})(await f(t),r,a)}}));var c;const u=n.wrapWith(l,["logout","logoutAll","oidc.logout"],ae(a,r));return Object.assign(u,{getRefreshToken:()=>T(a),getSessionToken:()=>A(a),getIdToken:()=>$(a)})}))((e=>{const t=a.default(e),n=xe(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=A(),s=T();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){k("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:ke(t),webauthn:ve(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){me(o,e)},requestAuthentication(e){me(o,e)}},async oneTap(e,t,n,i,r){await be(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+he.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>_&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+he.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=D,exports.SESSION_TOKEN_KEY=j,exports.clearFingerprintData=()=>{m(P)},exports.createSdk=Ue,exports.default=Ue,exports.ensureFingerprintIds=F,exports.hasOidcParamsInUrl=Se;
1
+ "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var a=r(n),s=r(o);let l;const c=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},u=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},d=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||d(t),cookieExpiration:t.cookieExpiration||u(t)},a)},g=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return p(n)},w=()=>"undefined"!=typeof window&&!!window.descopeBridge,v=void 0!==l||"undefined"!=typeof localStorage,h=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},b=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},k=(...e)=>{console.debug(...e)},S="3.2.0",_="undefined"!=typeof window,I=Math.pow(2,31)-1,O=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,U=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>I&&(k(`Timeout is too large (${t}ms), setting it to ${I}ms`),t=I),t},j="DS",D="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),u=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);s.default.set(e,t,{path:i,domain:u?o:void 0,expires:c,sameSite:r,secure:l})}}const E=e=>(null==e?void 0:e.cookieName)||j;function T(e=""){return y(`${e}${D}`)||""}function A(e="",t){return s.default.get(E(t))||y(`${e}${j}`)||""}function $(e=""){return y(`${e}${C}`)||""}function J(e="",t){m(`${e}${D}`),m(`${e}${j}`),m(`${e}${C}`);const n=E(t);s.default.remove(n)}const N=_&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",q="vsid",L="vrid",P="fp",K=(e=!1)=>{const t=y(P);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},F=async(e,t=N)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const a=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[a,i.defaultScriptUrlPattern]}),l=await s,{requestId:c}=await l.get({linkedId:n}),u=((e,t)=>({[q]:e,[L]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};h(P,JSON.stringify(t))})(u)}catch(e){console.warn("Could not load fingerprint",e)}},V=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},M="descopeFlowNonce",W="X-Descope-Flow-Nonce",H="/v1/flow/start",B="/v1/flow/next",G=(e,t=M)=>`${t}${e}`,X=(e,t=M)=>{try{const n=G(e,t);m(n)}catch(e){console.error("Error removing flow nonce:",e)}},Z=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Y=e=>{var t;return e.path===B&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Z(e.body.executionId):null},z="dls_last_user_login_id",Q="dls_last_user_display_name",ee=e=>h(z,e),te=()=>y(z),ne=()=>y(Q),oe=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=te(),r=ne();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ie=e=>t=>async(...n)=>{const o=await t(...n);return e||(m(z),m(Q)),o};function re(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ae=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function se(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ge(n.publicKey.challenge),n.publicKey.user.id=ge(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ge(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:fe(o.rawId),type:o.type,response:{attestationObject:fe(o.response.attestationObject),clientDataJSON:fe(o.response.clientDataJSON)}});var o}async function le(e){const t=de(e);return pe(await navigator.credentials.get(t))}async function ce(e,t){const n=de(e);n.signal=t.signal,n.mediation="conditional";return pe(await navigator.credentials.get(n))}async function ue(e=!1){var t,n;if(!_)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function de(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ge(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ge(e.id)})),n}function pe(e){return JSON.stringify({id:e.id,rawId:fe(e.rawId),type:e.type,response:{authenticatorData:fe(e.response.authenticatorData),clientDataJSON:fe(e.response.clientDataJSON),signature:fe(e.response.signature),userHandle:e.response.userHandle?fe(e.response.userHandle):void 0}})}function ge(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function fe(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var we,ve=(we=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await se(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await le(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await se(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await le(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await se(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:se,get:le,isSupported:ue,conditional:ce}}),(...e)=>{const t=we(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const he={config:"/fedcm/config"},ye=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function me(e,t){var n;try{await be(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function be(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ye(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const u=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:u,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var ke=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ue(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Se=()=>window.location.search.includes("code")&&window.location.search.includes("state");let _e;const Ie=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{Ie(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const Oe=async(e,t,n)=>{_e||(_e=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ie([O,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await _e;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let a,s,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");a=n.issuer,s=n.clientId,l=`${s}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(a=e.httpClient.buildUrl(t),a=`${a}/${n.applicationId}`,s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access"):(a=e.httpClient.buildUrl(t),s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access");const u={authority:a,client_id:s,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:s}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),{client:new o(u),stateUserKey:l}},xe=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Oe(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),h(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Se())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=y(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||$(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return m(i),t||window.location.replace(a),r}}},Ue=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return _?(o&&i&&F(o).catch((()=>null)),t(g(r,{beforeRequest:V}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,a=e.__rest(i,["autoRefresh"]);if(!r||w())return o(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,u;_&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(k("Expiration time passed, refreshing session"),d.refresh(T()||u))}));const d=o(g(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await f(n);if(401===(null==n?void 0:n.status))k("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);k("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void k("Could not extract expiration time from session token");u=i;const e=U(c);if(s(),e<=2e4)return void k("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});k(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{k("Refreshing session due to timer"),d.refresh(T()||i)}),e)}}}));return n.wrapWith(d,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return k("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.40.1"},t.baseHeaders)}))),(e=>t=>{const o=re(),i=re(),r=re(),a=re(),s=e(g(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),a.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:s,claims:l}=await f(t);n&&i.pub(n),l&&a.pub(l),(s||n)&&o.pub(s||42)}}})),l=n.wrapWith(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),a.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=M}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=M)=>{try{if(!v)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=b(o);if(t&&t.startsWith(e)){const e=y(t);if(e)try{JSON.parse(e).expiry<Date.now()&&m(t)}catch(e){m(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(g(r,{afterRequest:async(e,t)=>{if(e.path!==H&&e.path!==B)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(W);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Y(e)),{nonce:n,executionId:Z(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=M)=>{try{const i=G(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};h(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===H,i)}},beforeRequest:e=>{if(e.path===B){const t=Y(e);if(t){const n=((e,t=M)=>{try{const n=G(e,t),o=y(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(X(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[W]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,a=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:te,getLastUserDisplayName:ne});const s=t(g(a,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=p((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],a=null==o?void 0:o.name;r?(ee(r),(e=>{h(Q,e)})(a)):(null==i?void 0:i.loginId)&&ee(i.loginId)}}));let l=n.wrapWith(s,["flow.start"],oe);return l=n.wrapWith(l,["logout","logoutAll"],ie(r)),Object.assign(l,{getLastUserLoginId:te,getLastUserDisplayName:ne})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=o,s=e.__rest(o,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!_)return t(s);const l=t(g(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||T(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&h(`${n}${D}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;R(E(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else h(`${n}${j}`,r);e.idToken&&h(`${n}${C}`,e.idToken)})(await f(t),r,a)}}));var c;const u=n.wrapWith(l,["logout","logoutAll","oidc.logout"],ae(a,r));return Object.assign(u,{getRefreshToken:()=>T(a),getSessionToken:()=>A(a),getIdToken:()=>$(a)})}))((e=>{const t=a.default(e),n=xe(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=A(),s=T();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){k("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:ke(t),webauthn:ve(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){me(o,e)},requestAuthentication(e){me(o,e)}},async oneTap(e,t,n,i,r){await be(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+he.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>_&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+he.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=D,exports.SESSION_TOKEN_KEY=j,exports.clearFingerprintData=()=>{m(P)},exports.createSdk=Ue,exports.default=Ue,exports.ensureFingerprintIds=F,exports.hasOidcParamsInUrl=Se;
2
2
  //# sourceMappingURL=index.cjs.js.map
package/dist/index.d.ts CHANGED
@@ -676,7 +676,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
676
676
  }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
677
677
  };
678
678
  saml: {
679
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
679
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string, enforceInitiatedEmail?: boolean) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
680
680
  exchange: (code: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
681
681
  };
682
682
  totp: {
@@ -1322,7 +1322,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
1322
1322
  }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
1323
1323
  };
1324
1324
  saml: {
1325
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
1325
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string, enforceInitiatedEmail?: boolean) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
1326
1326
  exchange: (code: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1327
1327
  };
1328
1328
  totp: {
@@ -1968,7 +1968,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
1968
1968
  }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
1969
1969
  };
1970
1970
  saml: {
1971
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
1971
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string, enforceInitiatedEmail?: boolean) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
1972
1972
  exchange: (code: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
1973
1973
  };
1974
1974
  totp: {
@@ -2622,7 +2622,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
2622
2622
  }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
2623
2623
  };
2624
2624
  saml: {
2625
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
2625
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string, enforceInitiatedEmail?: boolean) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
2626
2626
  exchange: (code: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
2627
2627
  };
2628
2628
  totp: {
@@ -3268,7 +3268,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
3268
3268
  }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
3269
3269
  };
3270
3270
  saml: {
3271
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
3271
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string, enforceInitiatedEmail?: boolean) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
3272
3272
  exchange: (code: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
3273
3273
  };
3274
3274
  totp: {
@@ -3914,7 +3914,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
3914
3914
  }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
3915
3915
  };
3916
3916
  saml: {
3917
- start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
3917
+ start: (tenantIdOrEmail: string, redirectUrl?: string, loginOptions?: _descope_core_js_sdk.LoginOptions, token?: string, ssoId?: string, forceAuthn?: boolean, loginHint?: string, enforceInitiatedEmail?: boolean) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
3918
3918
  exchange: (code: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.JWTResponse>>;
3919
3919
  };
3920
3920
  totp: {
package/dist/index.esm.js CHANGED
@@ -1,2 +1,2 @@
1
- import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";let l;const c=e=>{try{return t(e).exp}catch(e){return null}},d=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},u=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||u(t),cookieExpiration:t.cookieExpiration||d(t)},a)},g=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return p(n)},w=()=>"undefined"!=typeof window&&!!window.descopeBridge,v=void 0!==l||"undefined"!=typeof localStorage,h=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},b=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},k=(...e)=>{console.debug(...e)},S="3.2.0",I="undefined"!=typeof window,_=Math.pow(2,31)-1,O=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,U=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_&&(k(`Timeout is too large (${t}ms), setting it to ${_}ms`),t=_),t},C="DS",j="DSR",D="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:l}=n,c=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:c,sameSite:a,secure:l})}}const T=e=>(null==e?void 0:e.cookieName)||C;function A(e=""){return y(`${e}${j}`)||""}function E(e="",t){return i.get(T(t))||y(`${e}${C}`)||""}function $(e=""){return y(`${e}${D}`)||""}function J(e="",t){m(`${e}${j}`),m(`${e}${C}`),m(`${e}${D}`);const n=T(t);i.remove(n)}const L=I&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",N="vsid",P="vrid",q="fp",K=(e=!1)=>{const t=y(q);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},F=async(e,t=L)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const l=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",c=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[l,s]}),d=await c,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[N]:e,[P]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};h(q,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},V=()=>{m(q)},M=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},B="descopeFlowNonce",H="X-Descope-Flow-Nonce",G="/v1/flow/start",W="/v1/flow/next",X=(e,t=B)=>`${t}${e}`,Z=(e,t=B)=>{try{const n=X(e,t);m(n)}catch(e){console.error("Error removing flow nonce:",e)}},z=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Q=e=>{var t;return e.path===W&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?z(e.body.executionId):null},Y="dls_last_user_login_id",ee="dls_last_user_display_name",te=e=>h(Y,e),ne=()=>y(Y),oe=()=>y(ee),ie=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=ne(),r=oe();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},re=e=>t=>async(...n)=>{const o=await t(...n);return e||(m(Y),m(ee)),o};function ae(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const se=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function le(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=fe(n.publicKey.challenge),n.publicKey.user.id=fe(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=fe(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:we(o.rawId),type:o.type,response:{attestationObject:we(o.response.attestationObject),clientDataJSON:we(o.response.clientDataJSON)}});var o}async function ce(e){const t=pe(e);return ge(await navigator.credentials.get(t))}async function de(e,t){const n=pe(e);n.signal=t.signal,n.mediation="conditional";return ge(await navigator.credentials.get(n))}async function ue(e=!1){var t,n;if(!I)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function pe(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=fe(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=fe(e.id)})),n}function ge(e){return JSON.stringify({id:e.id,rawId:we(e.rawId),type:e.type,response:{authenticatorData:we(e.response.authenticatorData),clientDataJSON:we(e.response.clientDataJSON),signature:we(e.response.signature),userHandle:e.response.userHandle?we(e.response.userHandle):void 0}})}function fe(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function we(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ve,he=(ve=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await le(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ce(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await le(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ce(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await le(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:le,get:ce,isSupported:ue,conditional:de}}),(...e)=>{const t=ve(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ye={config:"/fedcm/config"},me=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function be(e,t){var n;try{await ke(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function ke(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=me(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Se=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ue(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Ie=()=>window.location.search.includes("code")&&window.location.search.includes("state");let _e;const Oe=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{Oe(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const xe=async(e,t,n)=>{_e||(_e=(async()=>{try{return require("oidc-client-ts")}catch(e){return Oe([O,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await _e;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let a,s,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");a=n.issuer,s=n.clientId,l=`${s}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(a=e.httpClient.buildUrl(t),a=`${a}/${n.applicationId}`,s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access"):(a=e.httpClient.buildUrl(t),s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:a,client_id:s,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:s}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ue=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await xe(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),h(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Ie())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=y(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||$(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return m(i),t||window.location.replace(a),r}}},Ce=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return I?(o&&i&&F(o).catch((()=>null)),t(g(r,{beforeRequest:M}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||w())return n(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,d;I&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(k("Expiration time passed, refreshing session"),u.refresh(A()||d))}));const u=n(g(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await f(n);if(401===(null==n?void 0:n.status))k("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);k("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void k("Could not extract expiration time from session token");d=i;const e=U(c);if(s(),e<=2e4)return void k("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});k(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{k("Refreshing session due to timer"),u.refresh(A()||i)}),e)}}}));return o(u,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return k("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.40.0"},t.baseHeaders)}))),(e=>t=>{const n=ae(),i=ae(),r=ae(),a=ae(),s=e(g(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null),a.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:s,claims:l}=await f(t);o&&i.pub(o),l&&a.pub(l),(s||o)&&n.pub(s||42)}}})),l=o(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),a.pub(null),o}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=B}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=B)=>{try{if(!v)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=b(o);if(t&&t.startsWith(e)){const e=y(t);if(e)try{JSON.parse(e).expiry<Date.now()&&m(t)}catch(e){m(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(g(r,{afterRequest:async(e,t)=>{if(e.path!==G&&e.path!==W)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(H);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Q(e)),{nonce:n,executionId:z(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=B)=>{try{const i=X(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};h(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===G,i)}},beforeRequest:e=>{if(e.path===W){const t=Q(e);if(t){const n=((e,t=B)=>{try{const n=X(e,t),o=y(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(Z(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[H]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:ne,getLastUserDisplayName:oe});const s=t(g(a,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=p((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],a=null==o?void 0:o.name;r?(te(r),(e=>{h(ee,e)})(a)):(null==i?void 0:i.loginId)&&te(i.loginId)}}));let l=o(s,["flow.start"],ie);return l=o(l,["logout","logoutAll"],re(r)),Object.assign(l,{getLastUserLoginId:ne,getLastUserDisplayName:oe})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!I)return t(s);const l=t(g(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||A(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&h(`${n}${j}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;R(T(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else h(`${n}${C}`,r);e.idToken&&h(`${n}${D}`,e.idToken)})(await f(t),r,a)}}));var c;const d=o(l,["logout","logoutAll","oidc.logout"],se(a,r));return Object.assign(d,{getRefreshToken:()=>A(a),getSessionToken:()=>E(a),getIdToken:()=>$(a)})}))((e=>{const t=n(e),o=Ue(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(n,i)=>{var r;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=E(),s=A();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){k("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:Se(t),webauthn:he(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){be(i,e)},requestAuthentication(e){be(i,e)}},async oneTap(e,t,n,o,r){await ke(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ye.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>I&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ye.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{j as REFRESH_TOKEN_KEY,C as SESSION_TOKEN_KEY,V as clearFingerprintData,Ce as createSdk,Ce as default,F as ensureFingerprintIds,Ie as hasOidcParamsInUrl};
1
+ import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as a,defaultScriptUrlPattern as s}from"@fingerprintjs/fingerprintjs-pro";let l;const c=e=>{try{return t(e).exp}catch(e){return null}},d=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:c(n)},u=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?c(o):void 0)},p=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,a=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||u(t),cookieExpiration:t.cookieExpiration||d(t)},a)},g=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return p(n)},w=()=>"undefined"!=typeof window&&!!window.descopeBridge,v=void 0!==l||"undefined"!=typeof localStorage,h=(e,t)=>{var n,o;return null===(o=null===(n=l||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},y=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},m=e=>{var t,n;return null===(n=null===(t=l||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},b=e=>{var t,n,o,i;return null!==(i=null!==(n=null===(t=null==l?void 0:l.key)||void 0===t?void 0:t.call(l,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==i?i:null},k=(...e)=>{console.debug(...e)},S="3.2.0",I="undefined"!=typeof window,_=Math.pow(2,31)-1,O=`https://descopecdn.com/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,x=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${S}/dist/browser/oidc-client-ts.min.js`,U=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_&&(k(`Timeout is too large (${t}ms), setting it to ${_}ms`),t=_),t},C="DS",j="DSR",D="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:a,cookieExpiration:s,cookieSecure:l}=n,c=new Date(1e3*s),d=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:c,sameSite:a,secure:l})}}const T=e=>(null==e?void 0:e.cookieName)||C;function A(e=""){return y(`${e}${j}`)||""}function E(e="",t){return i.get(T(t))||y(`${e}${C}`)||""}function $(e=""){return y(`${e}${D}`)||""}function J(e="",t){m(`${e}${j}`),m(`${e}${C}`),m(`${e}${D}`);const n=T(t);i.remove(n)}const L=I&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",N="vsid",P="vrid",q="fp",K=(e=!1)=>{const t=y(q);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},F=async(e,t=L)=>{try{if(K())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const l=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",c=r({apiKey:e,endpoint:[o.toString(),a],scriptUrlPattern:[l,s]}),d=await c,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[N]:e,[P]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};h(q,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},V=()=>{m(q)},M=e=>{const t=K(!0);return t&&e.body&&(e.body.fpData=t),e},B="descopeFlowNonce",H="X-Descope-Flow-Nonce",G="/v1/flow/start",W="/v1/flow/next",X=(e,t=B)=>`${t}${e}`,Z=(e,t=B)=>{try{const n=X(e,t);m(n)}catch(e){console.error("Error removing flow nonce:",e)}},z=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},Q=e=>{var t;return e.path===W&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?z(e.body.executionId):null},Y="dls_last_user_login_id",ee="dls_last_user_display_name",te=e=>h(Y,e),ne=()=>y(Y),oe=()=>y(ee),ie=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=ne(),r=oe();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},re=e=>t=>async(...n)=>{const o=await t(...n);return e||(m(Y),m(ee)),o};function ae(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const se=(e,t)=>n=>async(...o)=>{const i=await n(...o);return J(e,t),i};async function le(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=fe(n.publicKey.challenge),n.publicKey.user.id=fe(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=fe(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:we(o.rawId),type:o.type,response:{attestationObject:we(o.response.attestationObject),clientDataJSON:we(o.response.clientDataJSON)}});var o}async function ce(e){const t=pe(e);return ge(await navigator.credentials.get(t))}async function de(e,t){const n=pe(e);n.signal=t.signal,n.mediation="conditional";return ge(await navigator.credentials.get(n))}async function ue(e=!1){var t,n;if(!I)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function pe(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=fe(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=fe(e.id)})),n}function ge(e){return JSON.stringify({id:e.id,rawId:we(e.rawId),type:e.type,response:{authenticatorData:we(e.response.authenticatorData),clientDataJSON:we(e.response.clientDataJSON),signature:we(e.response.signature),userHandle:e.response.userHandle?we(e.response.userHandle):void 0}})}function fe(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function we(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ve,he=(ve=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await le(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ce(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await le(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ce(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await le(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:le,get:ce,isSupported:ue,conditional:de}}),(...e)=>{const t=ve(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ye={config:"/fedcm/config"},me=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function be(e,t){var n;try{await ke(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function ke(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=me(),a=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),s=await e.oauth.getOneTapClientId(t);if(!s.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=s.data.clientId;return new Promise((e=>{var s,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};a.initialize(Object.assign(Object.assign({},n),{itp_support:null===(s=null==n?void 0:n.itp_support)||void 0===s||s,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),a.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Se=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await ue(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Ie=()=>window.location.search.includes("code")&&window.location.search.includes("state");let _e;const Oe=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),a=document.createElement("script");a.src=r,a.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),a.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},a.addEventListener("error",(()=>{Oe(e,t),a.setAttribute("data-error","true")})),document.body.appendChild(a)}));const xe=async(e,t,n)=>{_e||(_e=(async()=>{try{return require("oidc-client-ts")}catch(e){return Oe([O,x],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await _e;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let a,s,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");a=n.issuer,s=n.clientId,l=`${s}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(a=e.httpClient.buildUrl(t),a=`${a}/${n.applicationId}`,s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access"):(a=e.httpClient.buildUrl(t),s=t,l=`${s}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:a,client_id:s,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:s}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ue=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await xe(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),a=await i.processSigninResponse(t||window.location.href);var s;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(a)))),h(r,JSON.stringify({id_token:(s=a).id_token,session_state:s.session_state,profile:s.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),a};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Ie())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),a=(e=>{const t=y(e);return t?JSON.parse(t):null})(r);if(!a)throw new Error("User not found in storage to refresh token");let s=t;if(!s){const t={};e.httpClient.hooks.beforeRequest(t),s=t.token}const l=await i.useRefreshToken({state:{refresh_token:s,session_state:a.session_state,profile:a.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||$(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:a}=r;return m(i),t||window.location.replace(a),r}}},Ce=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,l=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return I?(o&&i&&F(o).catch((()=>null)),t(g(r,{beforeRequest:M}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,a=e(i,["autoRefresh"]);if(!r||w())return n(a);const{clearAllTimers:s,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let c,d;I&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&c&&new Date>c&&(k("Expiration time passed, refreshing session"),u.refresh(A()||d))}));const u=n(g(a,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r}=await f(n);if(401===(null==n?void 0:n.status))k("Received 401, canceling all timers"),s();else if(o||r){if(c=((e,n)=>{if(n)return new Date(1e3*n);k("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!c)return void k("Could not extract expiration time from session token");d=i;const e=U(c);if(s(),e<=2e4)return void k("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});k(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{k("Refreshing session due to timer"),u.refresh(A()||i)}),e)}}}));return o(u,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return k("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.40.1"},t.baseHeaders)}))),(e=>t=>{const n=ae(),i=ae(),r=ae(),a=ae(),s=e(g(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null),a.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:s,claims:l}=await f(t);o&&i.pub(o),l&&a.pub(l),(s||o)&&n.pub(s||42)}}})),l=o(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),a.pub(null),o}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:a.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=B}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=B)=>{try{if(!v)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==l?void 0:l.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=b(o);if(t&&t.startsWith(e)){const e=y(t);if(e)try{JSON.parse(e).expiry<Date.now()&&m(t)}catch(e){m(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(i);return t(g(r,{afterRequest:async(e,t)=>{if(e.path!==G&&e.path!==W)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(H);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=Q(e)),{nonce:n,executionId:z(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=B)=>{try{const i=X(e,o),r=n?172800:10800,a={value:t,expiry:Date.now()+1e3*r,isStart:n};h(i,JSON.stringify(a))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===G,i)}},beforeRequest:e=>{if(e.path===W){const t=Q(e);if(t){const n=((e,t=B)=>{try{const n=X(e,t),o=y(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(Z(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[H]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,a=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(a),{getLastUserLoginId:ne,getLastUserDisplayName:oe});const s=t(g(a,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=p((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],a=null==o?void 0:o.name;r?(te(r),(e=>{h(ee,e)})(a)):(null==i?void 0:i.loginId)&&te(i.loginId)}}));let l=o(s,["flow.start"],ie);return l=o(l,["logout","logoutAll"],re(r)),Object.assign(l,{getLastUserLoginId:ne,getLastUserDisplayName:oe})}),(t=>n=>{var{persistTokens:i,sessionTokenViaCookie:r,storagePrefix:a}=n,s=e(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!i||!I)return t(s);const l=t(g(s,{beforeRequest:(c=a,e=>Object.assign(e,{token:e.token||A(c)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||J(a,r):((e={},t=!1,n="")=>{var o,i;const{sessionJwt:r,refreshJwt:a}=e;if(a&&h(`${n}${j}`,a),r)if(t){const n=t.sameSite||"Strict",a=null===(o=t.secure)||void 0===o||o,s=null!==(i=t.domain)&&void 0!==i?i:e.cookieDomain;R(T(t),r,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:a,cookieDomain:s}))}else h(`${n}${C}`,r);e.idToken&&h(`${n}${D}`,e.idToken)})(await f(t),r,a)}}));var c;const d=o(l,["logout","logoutAll","oidc.logout"],se(a,r));return Object.assign(d,{getRefreshToken:()=>A(a),getSessionToken:()=>E(a),getIdToken:()=>$(a)})}))((e=>{const t=n(e),o=Ue(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(n,i)=>{var r;if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const a=E(),s=A();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){k("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:a?"t":"f",dcr:s?"t":"f"},l,i)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:Se(t),webauthn:he(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){be(i,e)},requestAuthentication(e){be(i,e)}},async oneTap(e,t,n,o,r){await ke(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ye.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>I&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ye.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{j as REFRESH_TOKEN_KEY,C as SESSION_TOKEN_KEY,V as clearFingerprintData,Ce as createSdk,Ce as default,F as ensureFingerprintIds,Ie as hasOidcParamsInUrl};
2
2
  //# sourceMappingURL=index.esm.js.map
package/dist/index.umd.js CHANGED
@@ -1,4 +1,4 @@
1
- !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}let i;n.prototype.name="InvalidTokenError";const s=e=>{try{return r(e).exp}catch(e){return null}},a=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:s(n)},l=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?s(o):void 0)},c=e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,s=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||l(e),cookieExpiration:e.cookieExpiration||a(e)},s)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},d=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return c(n)},p=()=>"undefined"!=typeof window&&!!window.descopeBridge,g=void 0!==i||"undefined"!=typeof localStorage,v=(e,t)=>{var n,o;return null===(o=null===(n=i||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},h=e=>{var t,n;return null===(n=null===(t=i||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},f=e=>{var t,n;return null===(n=null===(t=i||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},w=e=>{var t,n,o,r;return null!==(r=null!==(n=null===(t=null==i?void 0:i.key)||void 0===t?void 0:t.call(i,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==r?r:null};var m={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",tryRefresh:"/v1/auth/try-refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const y="<region>",b=`https://api.${y}descope.com`,I=6e5,k="dct",O=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},j=[521,524],U=e=>async(...t)=>{let n=await e(...t);j.includes(n.status)&&(n=await e(...t),n.retries=1);const o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n},S=(e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>O().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await U(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return O().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:U(n)};let x;const T=()=>{if(x)return x;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return x=`${t}-${n}`,x};var R,C;(C=R||(R={})).get="GET",C.delete="DELETE",C.post="POST",C.put="PUT",C.patch="PATCH";const E=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(y,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},P=(...e)=>new Headers(e.reduce(((e,t)=>((e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t).forEach((([t,n])=>{e[t]="function"==typeof n?n():n})),e)),{})),_={"Content-Type":"application/json"},$=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},A=(e,t)=>{const n={"x-descope-sdk-session-id":T(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.53.0","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},D=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e};var L=e=>{var t;return(({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const l=e||b,c=S(r,a),u=async e=>{var r;const a=(null==i?void 0:i.beforeRequest)?i.beforeRequest(e):e,{path:u,body:d,headers:p,queryParams:g,method:v,token:h}=a,f=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:P($(t,h),A(t,o),(null==n?void 0:n.baseHeaders)||{},D(f)?_:{},p),method:v,body:f};null!==s&&(w.credentials=s||"include");const m=await c(E({path:u,baseUrl:l,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(e,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(r=m.headers)||void 0===r?void 0:r.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:R.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:R.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:R.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:R.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:R.delete,token:o}),hooks:i,buildUrl:(e,n)=>E({projectId:t,baseUrl:l,path:e,queryParams:n})}})(Object.assign(Object.assign({},e),{hooks:{beforeRequest:t=>{var n;const o=[].concat((null===(n=e.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),t)},afterRequest:async(t,n)=>{var o;const r=[].concat((null===(o=e.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((e=>e(t,null==n?void 0:n.clone()))))).forEach((t=>{var n;return"rejected"===t.status&&(null===(n=e.logger)||void 0===n?void 0:n.error(t.reason))}))},transformResponse:null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}}))},q=429;function N(e,t,n){var o;let r=J(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[k])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function J(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function K(e){const{exp:t}=J(e);return(new Date).getTime()/1e3>t}function M(e){let t=J(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function F(e,t){return N(e,t,"permissions")}function H(e,t){return N(e,t,"roles")}const V=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function B(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===q&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function z(e){var t;return(null===(t=J(e))||void 0===t?void 0:t[k])||""}const Z=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),G=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},W=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),X=e=>t=>e.test(t),Y=X(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),Q=X(/^\+[1-9]{1}[0-9]{3,14}$/),ee=Z(Y,'"{val}" is not a valid email'),te=Z(Q,'"{val}" is not a valid phone number'),ne=Z((e=>e.length>=1),"Minimum length is 1");const oe=Z((e=>"string"==typeof e),"Input is not a string"),re=Z((e=>Array.isArray(e)),"Input is not an array"),ie=Z((e=>"boolean"==typeof e),"Input is not a boolean"),se=Z((e=>void 0===e),"Input is defined"),ae=G([oe(),se()],"Input is not a string or undefined"),le=G([re(),ie()],"Input is not an array or boolean"),ce=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>W(...e).validate(n[t]))),t(...n)),ue=e=>[oe(`"${e}" must be a string`)],de=e=>[ae(`"${e}" must be string or undefined`)],pe=e=>[oe(`"${e}" must be a string`),ne(`"${e}" must not be empty`)],ge=e=>[oe(`"${e}" must be a string`),ee()],ve=e=>[oe(`"${e}" must be a string`),te()],he=ce(pe("accessKey")),fe=e=>({exchange:he(((t,n)=>B(e.post(m.accessKey.exchange,{loginOptions:n},{token:t}))))}),we=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),me=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||I,I)});var ye,be;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp"}(ye||(ye={})),function(e){e.email="email"}(be||(be={}));const Ie=Object.assign(Object.assign({},ye),be);var ke;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(ke||(ke={}));const Oe=pe("loginId"),je=ce(pe("token")),Ue=ce(Oe),Se=ce(pe("pendingRef")),xe=ce(Oe,ge("email")),Te=e=>({verify:je((t=>B(e.post(m.enchantedLink.verify,{token:t})))),signIn:Ue(((n,o,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return B(e.post(V(m.enchantedLink.signIn,Ie.email),{loginId:n,URI:o,loginOptions:a,providerId:s},{token:i}))})),signUpOrIn:Ue(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(V(m.enchantedLink.signUpOrIn,Ie.email),{loginId:n,URI:o,loginOptions:s,providerId:i}))})),signUp:Ue(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(V(m.enchantedLink.signUp,Ie.email),{loginId:n,URI:o,user:r,loginOptions:a,providerId:s}))})),waitForSession:Se(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=me(n);let s;const a=setInterval((async()=>{const n=await e.post(m.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(B(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:xe(((t,n,o,r,i)=>B(e.post(m.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Re=ce(pe("flowId")),Ce=ce(pe("executionId"),pe("stepId"),pe("interactionId")),Ee=e=>({start:Re(((t,n,o,r,i,s,a,l=!1)=>B(e.post(m.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a,isCustomScreen:l})))),next:Ce(((t,n,o,r,i,s,a=!1)=>B(e.post(m.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s,isCustomScreen:a}))))}),Pe=pe("loginId"),_e=ce(pe("token")),$e=ce(Pe),Ae=ce(Pe,ve("phone")),De=ce(Pe,ge("email")),Le=Object.keys(Ie).filter((e=>e!==ye.voice)),qe=e=>({verify:_e((t=>B(e.post(m.magicLink.verify,{token:t})))),signIn:Le.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:$e(((n,r,i={},s)=>{var{providerId:a}=i,l=t(i,["providerId"]);return B(e.post(V(m.magicLink.signIn,o),{loginId:n,URI:r,loginOptions:l,providerId:a},{token:s}))}))})),{}),signUp:Le.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:$e(((n,r,i,s={})=>{var{providerId:a}=s,l=t(s,["providerId"]);return B(e.post(V(m.magicLink.signUp,o),{loginId:n,URI:r,user:i,loginOptions:l,providerId:a}))}))})),{}),signUpOrIn:Le.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:$e(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(V(m.magicLink.signUpOrIn,o),{loginId:n,URI:r,loginOptions:a,providerId:s}))}))})),{}),update:{email:De(((t,n,o,r,i)=>B(e.post(m.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(ye).filter((e=>e!==ye.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ae(((t,o,r,i,s)=>B(e.post(V(m.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var Ne;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(Ne||(Ne={}));const Je=ce(pe("code")),Ke=e=>({start:Object.assign(((t,n,o,r,i)=>B(e.post(m.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(Ne).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>B(e.post(m.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:Je((t=>B(e.post(m.oauth.exchange,{code:t})))),startNative:(t,n,o)=>B(e.post(m.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>B(e.post(m.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>B(e.get(m.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>B(e.post(m.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>B(e.post(m.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Me=pe("appId"),Fe=ce(Me),He=e=>({connect:Fe(((t,n,o)=>{const r=null==n?void 0:n.tenantId,i=null==n?void 0:n.tenantLevel;return null==n||delete n.tenantId,null==n||delete n.tenantLevel,B(e.post(m.outbound.connect,{appId:t,tenantId:r,tenantLevel:i,options:n},{token:o}))}))}),Ve=pe("loginId"),Be=ce(Ve,pe("code")),ze=ce(Ve),Ze=ce(Ve,ve("phone")),Ge=ce(Ve,ge("email")),We=e=>({verify:Object.keys(Ie).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Be(((t,o)=>B(e.post(V(m.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(Ie).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:ze(((n,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return B(e.post(V(m.otp.signIn,o),{loginId:n,loginOptions:a,providerId:s},{token:i}))}))})),{}),signUp:Object.keys(Ie).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:ze(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(V(m.otp.signUp,o),{loginId:n,user:r,loginOptions:a,providerId:s}))}))})),{}),signUpOrIn:Object.keys(Ie).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:ze(((n,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(V(m.otp.signUpOrIn,o),{loginId:n,loginOptions:s,providerId:i}))}))})),{}),update:{email:Ge(((t,n,o,r)=>B(e.post(m.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(ye).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ze(((t,o,r,i)=>B(e.post(V(m.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),Xe=ce(pe("tenant")),Ye=ce(pe("code")),Qe=e=>({start:Xe(((t,n,o,r,i,s,a)=>B(e.post(m.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign(Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i}),s&&{forceAuthn:"true"}),a&&{loginHint:a})},r&&{token:r}))))),exchange:Ye((t=>B(e.post(m.saml.exchange,{code:t}))))}),et=pe("loginId"),tt=ce(et,pe("code")),nt=ce(et),ot=ce(et),rt=e=>({signUp:nt(((t,n)=>B(e.post(m.totp.signUp,{loginId:t,user:n})))),verify:tt(((t,n,o,r)=>B(e.post(m.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:ot(((t,n)=>B(e.post(m.totp.update,{loginId:t},{token:n}))))}),it=pe("loginId"),st=pe("newPassword"),at=ce(it,pe("password")),lt=ce(it),ct=ce(it,st),ut=ce(it,pe("oldPassword"),st),dt=e=>({signUp:at(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(m.password.signUp,{loginId:n,password:o,user:r,loginOptions:a,providerId:s}))})),signIn:at(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(m.password.signIn,{loginId:n,password:o,loginOptions:s,providerId:i}))})),sendReset:lt(((t,n,o)=>B(e.post(m.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:ct(((t,n,o)=>B(e.post(m.password.update,{loginId:t,newPassword:n},{token:o})))),replace:ut(((t,n,o)=>B(e.post(m.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>B(e.get(m.password.policy))}),pt=ue("loginId"),gt=pe("loginId"),vt=pe("origin"),ht=ce(gt,vt,pe("name")),ft=ce(gt,vt),wt=ce(pt,vt),mt=ce(gt,vt,de("token")),yt=ce(pe("transactionId"),pe("response")),bt=e=>({signUp:{start:ht(((t,n,o,r)=>B(e.post(m.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:yt(((t,n)=>B(e.post(m.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:wt(((t,n,o,r,i)=>B(e.post(m.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:yt(((t,n)=>B(e.post(m.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:ft(((t,n,o)=>B(e.post(m.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:mt(((t,n,o,r)=>B(e.post(m.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:yt(((t,n)=>B(e.post(m.webauthn.update.finish,{transactionId:t,response:n}))))}}),It=ue("loginId"),kt=ce(It),Ot=ce(pe("pendingRef")),jt=e=>({signUpOrIn:kt(((n,o={})=>{var{providerId:r}=o,i=t(o,["providerId"]);return B(e.post(m.notp.signUpOrIn,{loginId:n,loginOptions:i,providerId:r}))})),signUp:kt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(m.notp.signUp,{loginId:n,user:o,providerId:i,loginOptions:s}))})),signIn:kt(((n,o={},r)=>{var{providerId:i}=o,s=t(o,["providerId"]);return B(e.post(m.notp.signIn,{loginId:n,loginOptions:s,providerId:i},{token:r}))})),waitForSession:Ot(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=me(n);let s;const a=setInterval((async()=>{const n=await e.post(m.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(B(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),Ut=ce(pe("token")),St=ce(de("token"));var xt,Tt=ce([(xt=pe("projectId"),Z(((e,t)=>n=>W(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",xt))())])((e=>{const{projectId:t,logger:n,baseUrl:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a}=e;return l=L({baseUrl:o,projectId:t,logger:n,hooks:{get beforeRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.beforeRequest},get afterRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.afterRequest},get transformResponse(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}},cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:fe(l),otp:We(l),magicLink:qe(l),enchantedLink:Te(l),oauth:Ke(l),outbound:He(l),saml:Qe(l),totp:rt(l),notp:jt(l),webauthn:bt(l),password:dt(l),flow:Ee(l),refresh:St(((e,t,n,o)=>{const r={};n&&(r.externalToken=n);const i=o?m.tryRefresh:m.refresh;return B(l.post(i,r,{token:e,queryParams:t}))})),selectTenant:ce([oe("tenantId")],[ae('"token" must be string or undefined')])(((e,t)=>B(l.post(m.selectTenant,{tenant:e},{token:t})))),logout:St((e=>B(l.post(m.logout,{},{token:e})))),logoutAll:St((e=>B(l.post(m.logoutAll,{},{token:e})))),me:St((e=>B(l.get(m.me,{token:e})))),myTenants:ce([le('"tenants" must a string array or a boolean')],[ae('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,B(l.post(m.myTenants,n,{token:t}))})),history:St((e=>B(l.get(m.history,{token:e})))),isJwtExpired:Ut(K),getTenants:Ut(M),getJwtPermissions:Ut(F),getJwtRoles:Ut(H),getCurrentTenant:Ut(z),httpClient:l};var l})),Rt=Object.assign(Tt,{DeliveryMethods:Ie});const Ct=(...e)=>{console.debug(...e)},Et="3.2.0",Pt="undefined"!=typeof window,_t=Math.pow(2,31)-1,$t=`https://descopecdn.com/npm/oidc-client-ts@${Et}/dist/browser/oidc-client-ts.min.js`,At=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${Et}/dist/browser/oidc-client-ts.min.js`,Dt=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_t&&(Ct(`Timeout is too large (${t}ms), setting it to ${_t}ms`),t=_t),t};
1
+ !function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}let i;n.prototype.name="InvalidTokenError";const s=e=>{try{return r(e).exp}catch(e){return null}},a=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:s(n)},l=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?s(o):void 0)},c=e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,s=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||l(e),cookieExpiration:e.cookieExpiration||a(e)},s)},u=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},d=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return c(n)},p=()=>"undefined"!=typeof window&&!!window.descopeBridge,g=void 0!==i||"undefined"!=typeof localStorage,v=(e,t)=>{var n,o;return null===(o=null===(n=i||localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},h=e=>{var t,n;return null===(n=null===(t=i||localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},f=e=>{var t,n;return null===(n=null===(t=i||localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},w=e=>{var t,n,o,r;return null!==(r=null!==(n=null===(t=null==i?void 0:i.key)||void 0===t?void 0:t.call(i,e))&&void 0!==n?n:null===(o=null===localStorage||void 0===localStorage?void 0:localStorage.key)||void 0===o?void 0:o.call(localStorage,e))&&void 0!==r?r:null};var m={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",tryRefresh:"/v1/auth/try-refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const y="<region>",b=`https://api.${y}descope.com`,I=6e5,k="dct",O=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},j=[521,524],U=e=>async(...t)=>{let n=await e(...t);j.includes(n.status)&&(n=await e(...t),n.retries=1);const o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n},S=(e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>O().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await U(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return O().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:U(n)};let x;const T=()=>{if(x)return x;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return x=`${t}-${n}`,x};var R,C;(C=R||(R={})).get="GET",C.delete="DELETE",C.post="POST",C.put="PUT",C.patch="PATCH";const E=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(y,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},P=(...e)=>new Headers(e.reduce(((e,t)=>((e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t).forEach((([t,n])=>{e[t]="function"==typeof n?n():n})),e)),{})),_={"Content-Type":"application/json"},$=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},A=(e,t)=>{const n={"x-descope-sdk-session-id":T(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.53.1","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},D=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e};var L=e=>{var t;return(({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const l=e||b,c=S(r,a),u=async e=>{var r;const a=(null==i?void 0:i.beforeRequest)?i.beforeRequest(e):e,{path:u,body:d,headers:p,queryParams:g,method:v,token:h}=a,f=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:P($(t,h),A(t,o),(null==n?void 0:n.baseHeaders)||{},D(f)?_:{},p),method:v,body:f};null!==s&&(w.credentials=s||"include");const m=await c(E({path:u,baseUrl:l,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(e,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(r=m.headers)||void 0===r?void 0:r.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:R.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:R.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:R.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:R.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:R.delete,token:o}),hooks:i,buildUrl:(e,n)=>E({projectId:t,baseUrl:l,path:e,queryParams:n})}})(Object.assign(Object.assign({},e),{hooks:{beforeRequest:t=>{var n;const o=[].concat((null===(n=e.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),t)},afterRequest:async(t,n)=>{var o;const r=[].concat((null===(o=e.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((e=>e(t,null==n?void 0:n.clone()))))).forEach((t=>{var n;return"rejected"===t.status&&(null===(n=e.logger)||void 0===n?void 0:n.error(t.reason))}))},transformResponse:null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}}))},q=429;function N(e,t,n){var o;let r=J(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[k])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function J(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function K(e){const{exp:t}=J(e);return(new Date).getTime()/1e3>t}function M(e){let t=J(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function F(e,t){return N(e,t,"permissions")}function H(e,t){return N(e,t,"roles")}const V=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function B(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===q&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function z(e){var t;return(null===(t=J(e))||void 0===t?void 0:t[k])||""}const Z=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),G=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},W=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),X=e=>t=>e.test(t),Y=X(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),Q=X(/^\+[1-9]{1}[0-9]{3,14}$/),ee=Z(Y,'"{val}" is not a valid email'),te=Z(Q,'"{val}" is not a valid phone number'),ne=Z((e=>e.length>=1),"Minimum length is 1");const oe=Z((e=>"string"==typeof e),"Input is not a string"),re=Z((e=>Array.isArray(e)),"Input is not an array"),ie=Z((e=>"boolean"==typeof e),"Input is not a boolean"),se=Z((e=>void 0===e),"Input is defined"),ae=G([oe(),se()],"Input is not a string or undefined"),le=G([re(),ie()],"Input is not an array or boolean"),ce=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>W(...e).validate(n[t]))),t(...n)),ue=e=>[oe(`"${e}" must be a string`)],de=e=>[ae(`"${e}" must be string or undefined`)],pe=e=>[oe(`"${e}" must be a string`),ne(`"${e}" must not be empty`)],ge=e=>[oe(`"${e}" must be a string`),ee()],ve=e=>[oe(`"${e}" must be a string`),te()],he=ce(pe("accessKey")),fe=e=>({exchange:he(((t,n)=>B(e.post(m.accessKey.exchange,{loginOptions:n},{token:t}))))}),we=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),me=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||I,I)});var ye,be;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp"}(ye||(ye={})),function(e){e.email="email"}(be||(be={}));const Ie=Object.assign(Object.assign({},ye),be);var ke;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(ke||(ke={}));const Oe=pe("loginId"),je=ce(pe("token")),Ue=ce(Oe),Se=ce(pe("pendingRef")),xe=ce(Oe,ge("email")),Te=e=>({verify:je((t=>B(e.post(m.enchantedLink.verify,{token:t})))),signIn:Ue(((n,o,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return B(e.post(V(m.enchantedLink.signIn,Ie.email),{loginId:n,URI:o,loginOptions:a,providerId:s},{token:i}))})),signUpOrIn:Ue(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(V(m.enchantedLink.signUpOrIn,Ie.email),{loginId:n,URI:o,loginOptions:s,providerId:i}))})),signUp:Ue(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(V(m.enchantedLink.signUp,Ie.email),{loginId:n,URI:o,user:r,loginOptions:a,providerId:s}))})),waitForSession:Se(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=me(n);let s;const a=setInterval((async()=>{const n=await e.post(m.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(B(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:xe(((t,n,o,r,i)=>B(e.post(m.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Re=ce(pe("flowId")),Ce=ce(pe("executionId"),pe("stepId"),pe("interactionId")),Ee=e=>({start:Re(((t,n,o,r,i,s,a,l=!1)=>B(e.post(m.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a,isCustomScreen:l})))),next:Ce(((t,n,o,r,i,s,a=!1)=>B(e.post(m.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s,isCustomScreen:a}))))}),Pe=pe("loginId"),_e=ce(pe("token")),$e=ce(Pe),Ae=ce(Pe,ve("phone")),De=ce(Pe,ge("email")),Le=Object.keys(Ie).filter((e=>e!==ye.voice)),qe=e=>({verify:_e((t=>B(e.post(m.magicLink.verify,{token:t})))),signIn:Le.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:$e(((n,r,i={},s)=>{var{providerId:a}=i,l=t(i,["providerId"]);return B(e.post(V(m.magicLink.signIn,o),{loginId:n,URI:r,loginOptions:l,providerId:a},{token:s}))}))})),{}),signUp:Le.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:$e(((n,r,i,s={})=>{var{providerId:a}=s,l=t(s,["providerId"]);return B(e.post(V(m.magicLink.signUp,o),{loginId:n,URI:r,user:i,loginOptions:l,providerId:a}))}))})),{}),signUpOrIn:Le.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:$e(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(V(m.magicLink.signUpOrIn,o),{loginId:n,URI:r,loginOptions:a,providerId:s}))}))})),{}),update:{email:De(((t,n,o,r,i)=>B(e.post(m.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(ye).filter((e=>e!==ye.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ae(((t,o,r,i,s)=>B(e.post(V(m.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var Ne;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(Ne||(Ne={}));const Je=ce(pe("code")),Ke=e=>({start:Object.assign(((t,n,o,r,i)=>B(e.post(m.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(Ne).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>B(e.post(m.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:Je((t=>B(e.post(m.oauth.exchange,{code:t})))),startNative:(t,n,o)=>B(e.post(m.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>B(e.post(m.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>B(e.get(m.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>B(e.post(m.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>B(e.post(m.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Me=pe("appId"),Fe=ce(Me),He=e=>({connect:Fe(((t,n,o)=>{const r=null==n?void 0:n.tenantId,i=null==n?void 0:n.tenantLevel;return null==n||delete n.tenantId,null==n||delete n.tenantLevel,B(e.post(m.outbound.connect,{appId:t,tenantId:r,tenantLevel:i,options:n},{token:o}))}))}),Ve=pe("loginId"),Be=ce(Ve,pe("code")),ze=ce(Ve),Ze=ce(Ve,ve("phone")),Ge=ce(Ve,ge("email")),We=e=>({verify:Object.keys(Ie).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Be(((t,o)=>B(e.post(V(m.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(Ie).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:ze(((n,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return B(e.post(V(m.otp.signIn,o),{loginId:n,loginOptions:a,providerId:s},{token:i}))}))})),{}),signUp:Object.keys(Ie).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:ze(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(V(m.otp.signUp,o),{loginId:n,user:r,loginOptions:a,providerId:s}))}))})),{}),signUpOrIn:Object.keys(Ie).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:ze(((n,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(V(m.otp.signUpOrIn,o),{loginId:n,loginOptions:s,providerId:i}))}))})),{}),update:{email:Ge(((t,n,o,r)=>B(e.post(m.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(ye).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Ze(((t,o,r,i)=>B(e.post(V(m.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),Xe=ce(pe("tenant")),Ye=ce(pe("code")),Qe=e=>({start:Xe(((t,n,o,r,i,s,a,l)=>B(e.post(m.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i}),s&&{forceAuthn:"true"}),a&&{loginHint:a}),l&&{initiatedEmail:t})},r&&{token:r}))))),exchange:Ye((t=>B(e.post(m.saml.exchange,{code:t}))))}),et=pe("loginId"),tt=ce(et,pe("code")),nt=ce(et),ot=ce(et),rt=e=>({signUp:nt(((t,n)=>B(e.post(m.totp.signUp,{loginId:t,user:n})))),verify:tt(((t,n,o,r)=>B(e.post(m.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:ot(((t,n)=>B(e.post(m.totp.update,{loginId:t},{token:n}))))}),it=pe("loginId"),st=pe("newPassword"),at=ce(it,pe("password")),lt=ce(it),ct=ce(it,st),ut=ce(it,pe("oldPassword"),st),dt=e=>({signUp:at(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return B(e.post(m.password.signUp,{loginId:n,password:o,user:r,loginOptions:a,providerId:s}))})),signIn:at(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(m.password.signIn,{loginId:n,password:o,loginOptions:s,providerId:i}))})),sendReset:lt(((t,n,o)=>B(e.post(m.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:ct(((t,n,o)=>B(e.post(m.password.update,{loginId:t,newPassword:n},{token:o})))),replace:ut(((t,n,o)=>B(e.post(m.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>B(e.get(m.password.policy))}),pt=ue("loginId"),gt=pe("loginId"),vt=pe("origin"),ht=ce(gt,vt,pe("name")),ft=ce(gt,vt),wt=ce(pt,vt),mt=ce(gt,vt,de("token")),yt=ce(pe("transactionId"),pe("response")),bt=e=>({signUp:{start:ht(((t,n,o,r)=>B(e.post(m.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:yt(((t,n)=>B(e.post(m.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:wt(((t,n,o,r,i)=>B(e.post(m.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:yt(((t,n)=>B(e.post(m.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:ft(((t,n,o)=>B(e.post(m.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:mt(((t,n,o,r)=>B(e.post(m.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:yt(((t,n)=>B(e.post(m.webauthn.update.finish,{transactionId:t,response:n}))))}}),It=ue("loginId"),kt=ce(It),Ot=ce(pe("pendingRef")),jt=e=>({signUpOrIn:kt(((n,o={})=>{var{providerId:r}=o,i=t(o,["providerId"]);return B(e.post(m.notp.signUpOrIn,{loginId:n,loginOptions:i,providerId:r}))})),signUp:kt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return B(e.post(m.notp.signUp,{loginId:n,user:o,providerId:i,loginOptions:s}))})),signIn:kt(((n,o={},r)=>{var{providerId:i}=o,s=t(o,["providerId"]);return B(e.post(m.notp.signIn,{loginId:n,loginOptions:s,providerId:i},{token:r}))})),waitForSession:Ot(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=me(n);let s;const a=setInterval((async()=>{const n=await e.post(m.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(B(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),Ut=ce(pe("token")),St=ce(de("token"));var xt,Tt=ce([(xt=pe("projectId"),Z(((e,t)=>n=>W(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",xt))())])((e=>{const{projectId:t,logger:n,baseUrl:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a}=e;return l=L({baseUrl:o,projectId:t,logger:n,hooks:{get beforeRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.beforeRequest},get afterRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.afterRequest},get transformResponse(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}},cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:fe(l),otp:We(l),magicLink:qe(l),enchantedLink:Te(l),oauth:Ke(l),outbound:He(l),saml:Qe(l),totp:rt(l),notp:jt(l),webauthn:bt(l),password:dt(l),flow:Ee(l),refresh:St(((e,t,n,o)=>{const r={};n&&(r.externalToken=n);const i=o?m.tryRefresh:m.refresh;return B(l.post(i,r,{token:e,queryParams:t}))})),selectTenant:ce([oe("tenantId")],[ae('"token" must be string or undefined')])(((e,t)=>B(l.post(m.selectTenant,{tenant:e},{token:t})))),logout:St((e=>B(l.post(m.logout,{},{token:e})))),logoutAll:St((e=>B(l.post(m.logoutAll,{},{token:e})))),me:St((e=>B(l.get(m.me,{token:e})))),myTenants:ce([le('"tenants" must a string array or a boolean')],[ae('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,B(l.post(m.myTenants,n,{token:t}))})),history:St((e=>B(l.get(m.history,{token:e})))),isJwtExpired:Ut(K),getTenants:Ut(M),getJwtPermissions:Ut(F),getJwtRoles:Ut(H),getCurrentTenant:Ut(z),httpClient:l};var l})),Rt=Object.assign(Tt,{DeliveryMethods:Ie});const Ct=(...e)=>{console.debug(...e)},Et="3.2.0",Pt="undefined"!=typeof window,_t=Math.pow(2,31)-1,$t=`https://descopecdn.com/npm/oidc-client-ts@${Et}/dist/browser/oidc-client-ts.min.js`,At=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${Et}/dist/browser/oidc-client-ts.min.js`,Dt=e=>{let t=((n=e)?n.getTime()-(new Date).getTime():0)-2e4;var n;return t>_t&&(Ct(`Timeout is too large (${t}ms), setting it to ${_t}ms`),t=_t),t};
2
2
  /*! js-cookie v3.0.5 | MIT */
3
- function Lt(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var qt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Lt({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Lt({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Lt({},this.attributes,t))},withConverter:function(t){return e(Lt({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Nt="DS",Jt="DSR",Kt="DSI";function Mt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,l=new Date(1e3*s),c=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);qt.set(e,t,{path:r,domain:c?o:void 0,expires:l,sameSite:i,secure:a})}}const Ft=e=>(null==e?void 0:e.cookieName)||Nt;function Ht(e=""){return h(`${e}${Jt}`)||""}function Vt(e="",t){return qt.get(Ft(t))||h(`${e}${Nt}`)||""}function Bt(e=""){return h(`${e}${Kt}`)||""}function zt(e="",t){f(`${e}${Jt}`),f(`${e}${Nt}`),f(`${e}${Kt}`);const n=Ft(t);qt.remove(n)}const Zt=Pt&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Gt="vsid",Wt="vrid";var Xt={default:"endpoint"},Yt="Blocked by CSP",Qt="The endpoint parameter is not a valid URL",en="Failed to load the JS script of the agent",tn="9319";function nn(e,t){var n,o,r,i,s,a=[],l=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===Yt||s===Qt)n.exclude(),i=0;else if(s===tn)n.exclude();else if(s===en){var a=Date.now()-e.getTime()<50,l=n.current();l&&a&&!r.has(l)&&(r.add(l),i=0),n.postpone()}else n.postpone();var c=n.current();return void 0===c?void 0:[c,null!=i?i:e.getTime()+o()-Date.now()]}]),c=l[0],u=l[1];if(void 0===c)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(c).then((function(e){return[e,a]}))}var on="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",rn=on;function sn(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),l=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:on,c=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=c[0],d=c[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(l,s);return nn(e,an)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===tn?new Error(en):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function an(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(Qt);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(en))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(Yt)})).then(ln)}function ln(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(tn);return n}const cn=(e=!1)=>{const t=h("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},un=async(e,t=Zt)=>{try{if(cn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=sn({apiKey:e,endpoint:[o.toString(),Xt],scriptUrlPattern:[i,rn]}),a=await s,{requestId:l}=await a.get({linkedId:n}),c=((e,t)=>({[Gt]:e,[Wt]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};v("fp",JSON.stringify(t))})(c)}catch(e){console.warn("Could not load fingerprint",e)}},dn=e=>{const t=cn(!0);return t&&e.body&&(e.body.fpData=t),e},pn="descopeFlowNonce",gn="X-Descope-Flow-Nonce",vn="/v1/flow/start",hn="/v1/flow/next",fn=(e,t=pn)=>`${t}${e}`,wn=(e,t=pn)=>{try{const n=fn(e,t);f(n)}catch(e){console.error("Error removing flow nonce:",e)}},mn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},yn=e=>{var t;return e.path===hn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?mn(e.body.executionId):null},bn="dls_last_user_login_id",In="dls_last_user_display_name",kn=e=>v(bn,e),On=()=>h(bn),jn=()=>h(In),Un=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=On(),i=jn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Sn=e=>t=>async(...n)=>{const o=await t(...n);return e||(f(bn),f(In)),o};function xn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const Tn=(e,t)=>n=>async(...o)=>{const r=await n(...o);return zt(e,t),r};async function Rn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=An(n.publicKey.challenge),n.publicKey.user.id=An(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=An(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Dn(o.rawId),type:o.type,response:{attestationObject:Dn(o.response.attestationObject),clientDataJSON:Dn(o.response.clientDataJSON)}});var o}async function Cn(e){const t=_n(e);return $n(await navigator.credentials.get(t))}async function En(e,t){const n=_n(e);n.signal=t.signal,n.mediation="conditional";return $n(await navigator.credentials.get(n))}async function Pn(e=!1){var t,n;if(!Pt)return Promise.resolve(!1);if(p()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function _n(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=An(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=An(e.id)})),n}function $n(e){return JSON.stringify({id:e.id,rawId:Dn(e.rawId),type:e.type,response:{authenticatorData:Dn(e.response.authenticatorData),clientDataJSON:Dn(e.response.clientDataJSON),signature:Dn(e.response.signature),userHandle:e.response.userHandle?Dn(e.response.userHandle):void 0}})}function An(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Dn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Ln,qn=(Ln=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Rn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await Cn(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await Rn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await Cn(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Rn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:Rn,get:Cn,isSupported:Pn,conditional:En}}),(...e)=>{const t=Ln(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Nn={config:"/fedcm/config"},Jn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Kn(e,t){var n;try{await Mn(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Mn(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Jn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Fn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Pn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let Hn;const Vn=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Vn(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Bn=async(e,t,n)=>{Hn||(Hn=(async()=>{try{return require("oidc-client-ts")}catch(e){return Vn([$t,At],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await Hn;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const u={authority:s,client_id:a,redirect_uri:i,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new r({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),{client:new o(u),stateUserKey:l}},zn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await Bn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),v(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=h(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Bt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return f(r),t||window.location.replace(s),i}}},Zn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,i=n,e(t)}),(e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return Pt?(o&&r&&un(o).catch((()=>null)),e(u(i,{beforeRequest:dn}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||p())return e(i);const{clearAllTimers:s,setTimer:a}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,c;Pt&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(Ct("Expiration time passed, refreshing session"),g.refresh(Ht()||c))}));const g=e(u(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i}=await d(t);if(401===(null==t?void 0:t.status))Ct("Received 401, canceling all timers"),s();else if(n||i){if(l=((e,t)=>{if(t)return new Date(1e3*t);Ct("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!l)return void Ct("Could not extract expiration time from session token");c=o;const e=Dt(l);if(s(),e<=2e4)return void Ct("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});Ct(`Setting refresh timer for ${t}. (${e}ms)`),a((()=>{Ct("Refreshing session due to timer"),g.refresh(Ht()||o)}),e)}}}));return we(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return Ct("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.40.0"},t.baseHeaders)}))),(e=>t=>{const n=xn(),o=xn(),r=xn(),i=xn(),s=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null),i.pub(null);else{const e=await(async e=>{const t=await d(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:s,sessionExpiration:a,claims:l}=await d(t);s&&o.pub(s),l&&i.pub(l),(a||s)&&n.pub(a||42)}}})),a=we(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const s=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i.pub(null),s}));return Object.assign(a,{onSessionTokenChange:o.sub,onUserChange:r.sub,onClaimsChange:i.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=pn}=n,s=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(s);((e=pn)=>{try{if(!g)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==i?void 0:i.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=w(o);if(t&&t.startsWith(e)){const e=h(t);if(e)try{JSON.parse(e).expiry<Date.now()&&f(t)}catch(e){f(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(r);return e(u(s,{afterRequest:async(e,t)=>{if(e.path!==vn&&e.path!==hn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(gn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=yn(e)),{nonce:n,executionId:mn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=pn)=>{try{const r=fn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};v(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===vn,r)}},beforeRequest:e=>{if(e.path===hn){const t=yn(e);if(t){const n=((e,t=pn)=>{try{const n=fn(e,t),o=h(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(wn(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[gn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:On,getLastUserDisplayName:jn});const s=e(u(i,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:r}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=c((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;i?(kn(i),(e=>{v(In,e)})(s)):(null==r?void 0:r.loginId)&&kn(r.loginId)}}));let a=we(s,["flow.start"],Un);return a=we(a,["logout","logoutAll"],Sn(r)),Object.assign(a,{getLastUserLoginId:On,getLastUserDisplayName:jn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,storagePrefix:i}=n,s=t(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!o||!Pt)return e(s);const a=e(u(s,{beforeRequest:(l=i,e=>Object.assign(e,{token:e.token||Ht(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||zt(i,r):((e={},t=!1,n="")=>{var o,r;const{sessionJwt:i,refreshJwt:s}=e;if(s&&v(`${n}${Jt}`,s),i)if(t){const n=t.sameSite||"Strict",s=null===(o=t.secure)||void 0===o||o,a=null!==(r=t.domain)&&void 0!==r?r:e.cookieDomain;Mt(Ft(t),i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:s,cookieDomain:a}))}else v(`${n}${Nt}`,i);e.idToken&&v(`${n}${Kt}`,e.idToken)})(await d(t),r,i)}}));var l;const c=we(a,["logout","logoutAll","oidc.logout"],Tn(i,r));return Object.assign(c,{getRefreshToken:()=>Ht(i),getSessionToken:()=>Vt(i),getIdToken:()=>Bt(i)})}))((e=>{const t=Rt(e),n=zn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,r)=>{var i;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=Vt(),a=Ht();let l="";if(e.getExternalToken)try{l=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){Ct("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},l,r)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Fn(t),webauthn:qn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Kn(o,e)},requestAuthentication(e){Kn(o,e)}},async oneTap(e,t,n,r,i){await Mn(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+Nn.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>Pt&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+Nn.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Zn.REFRESH_TOKEN_KEY=Jt,Zn.SESSION_TOKEN_KEY=Nt,Zn}));
3
+ function Lt(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var qt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Lt({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Lt({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Lt({},this.attributes,t))},withConverter:function(t){return e(Lt({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Nt="DS",Jt="DSR",Kt="DSI";function Mt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,l=new Date(1e3*s),c=function(e){const t=window.location.hostname.split("."),n=e.split(".");return t.slice(-n.length).join(".")===e}(o);qt.set(e,t,{path:r,domain:c?o:void 0,expires:l,sameSite:i,secure:a})}}const Ft=e=>(null==e?void 0:e.cookieName)||Nt;function Ht(e=""){return h(`${e}${Jt}`)||""}function Vt(e="",t){return qt.get(Ft(t))||h(`${e}${Nt}`)||""}function Bt(e=""){return h(`${e}${Kt}`)||""}function zt(e="",t){f(`${e}${Jt}`),f(`${e}${Nt}`),f(`${e}${Kt}`);const n=Ft(t);qt.remove(n)}const Zt=Pt&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Gt="vsid",Wt="vrid";var Xt={default:"endpoint"},Yt="Blocked by CSP",Qt="The endpoint parameter is not a valid URL",en="Failed to load the JS script of the agent",tn="9319";function nn(e,t){var n,o,r,i,s,a=[],l=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===Yt||s===Qt)n.exclude(),i=0;else if(s===tn)n.exclude();else if(s===en){var a=Date.now()-e.getTime()<50,l=n.current();l&&a&&!r.has(l)&&(r.add(l),i=0),n.postpone()}else n.postpone();var c=n.current();return void 0===c?void 0:[c,null!=i?i:e.getTime()+o()-Date.now()]}]),c=l[0],u=l[1];if(void 0===c)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(c).then((function(e){return[e,a]}))}var on="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",rn=on;function sn(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),l=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:on,c=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=c[0],d=c[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(l,s);return nn(e,an)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===tn?new Error(en):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function an(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(Qt);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(en))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(Yt)})).then(ln)}function ln(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(tn);return n}const cn=(e=!1)=>{const t=h("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},un=async(e,t=Zt)=>{try{if(cn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=sn({apiKey:e,endpoint:[o.toString(),Xt],scriptUrlPattern:[i,rn]}),a=await s,{requestId:l}=await a.get({linkedId:n}),c=((e,t)=>({[Gt]:e,[Wt]:t}))(n,l);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};v("fp",JSON.stringify(t))})(c)}catch(e){console.warn("Could not load fingerprint",e)}},dn=e=>{const t=cn(!0);return t&&e.body&&(e.body.fpData=t),e},pn="descopeFlowNonce",gn="X-Descope-Flow-Nonce",vn="/v1/flow/start",hn="/v1/flow/next",fn=(e,t=pn)=>`${t}${e}`,wn=(e,t=pn)=>{try{const n=fn(e,t);f(n)}catch(e){console.error("Error removing flow nonce:",e)}},mn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},yn=e=>{var t;return e.path===hn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?mn(e.body.executionId):null},bn="dls_last_user_login_id",In="dls_last_user_display_name",kn=e=>v(bn,e),On=()=>h(bn),jn=()=>h(In),Un=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=On(),i=jn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Sn=e=>t=>async(...n)=>{const o=await t(...n);return e||(f(bn),f(In)),o};function xn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const Tn=(e,t)=>n=>async(...o)=>{const r=await n(...o);return zt(e,t),r};async function Rn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=An(n.publicKey.challenge),n.publicKey.user.id=An(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=An(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Dn(o.rawId),type:o.type,response:{attestationObject:Dn(o.response.attestationObject),clientDataJSON:Dn(o.response.clientDataJSON)}});var o}async function Cn(e){const t=_n(e);return $n(await navigator.credentials.get(t))}async function En(e,t){const n=_n(e);n.signal=t.signal,n.mediation="conditional";return $n(await navigator.credentials.get(n))}async function Pn(e=!1){var t,n;if(!Pt)return Promise.resolve(!1);if(p()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function _n(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=An(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=An(e.id)})),n}function $n(e){return JSON.stringify({id:e.id,rawId:Dn(e.rawId),type:e.type,response:{authenticatorData:Dn(e.response.authenticatorData),clientDataJSON:Dn(e.response.clientDataJSON),signature:Dn(e.response.signature),userHandle:e.response.userHandle?Dn(e.response.userHandle):void 0}})}function An(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Dn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Ln,qn=(Ln=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Rn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await Cn(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await Rn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await Cn(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Rn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:Rn,get:Cn,isSupported:Pn,conditional:En}}),(...e)=>{const t=Ln(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Nn={config:"/fedcm/config"},Jn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Kn(e,t){var n;try{await Mn(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Mn(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Jn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Fn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Pn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let Hn;const Vn=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Vn(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Bn=async(e,t,n)=>{Hn||(Hn=(async()=>{try{return require("oidc-client-ts")}catch(e){return Vn([$t,At],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await Hn;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const u={authority:s,client_id:a,redirect_uri:i,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new r({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(u.redirect_uri=n.redirectUri),{client:new o(u),stateUserKey:l}},zn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await Bn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),v(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=h(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Bt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return f(r),t||window.location.replace(s),i}}},Zn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,i=n,e(t)}),(e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return Pt?(o&&r&&un(o).catch((()=>null)),e(u(i,{beforeRequest:dn}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||p())return e(i);const{clearAllTimers:s,setTimer:a}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,c;Pt&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(Ct("Expiration time passed, refreshing session"),g.refresh(Ht()||c))}));const g=e(u(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i}=await d(t);if(401===(null==t?void 0:t.status))Ct("Received 401, canceling all timers"),s();else if(n||i){if(l=((e,t)=>{if(t)return new Date(1e3*t);Ct("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!l)return void Ct("Could not extract expiration time from session token");c=o;const e=Dt(l);if(s(),e<=2e4)return void Ct("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});Ct(`Setting refresh timer for ${t}. (${e}ms)`),a((()=>{Ct("Refreshing session due to timer"),g.refresh(Ht()||o)}),e)}}}));return we(g,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return Ct("Clearing all timers"),s(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.40.1"},t.baseHeaders)}))),(e=>t=>{const n=xn(),o=xn(),r=xn(),i=xn(),s=e(u(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null),i.pub(null);else{const e=await(async e=>{const t=await d(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:s,sessionExpiration:a,claims:l}=await d(t);s&&o.pub(s),l&&i.pub(l),(a||s)&&n.pub(a||42)}}})),a=we(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const s=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i.pub(null),s}));return Object.assign(a,{onSessionTokenChange:o.sub,onUserChange:r.sub,onClaimsChange:i.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=pn}=n,s=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(s);((e=pn)=>{try{if(!g)return;for(let o=0;o<(t=void 0,n=void 0,null!==(n=null!==(t=null==i?void 0:i.length)&&void 0!==t?t:null===localStorage||void 0===localStorage?void 0:localStorage.length)&&void 0!==n?n:0);o++){const t=w(o);if(t&&t.startsWith(e)){const e=h(t);if(e)try{JSON.parse(e).expiry<Date.now()&&f(t)}catch(e){f(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n})(r);return e(u(s,{afterRequest:async(e,t)=>{if(e.path!==vn&&e.path!==hn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(gn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=yn(e)),{nonce:n,executionId:mn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=pn)=>{try{const r=fn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};v(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===vn,r)}},beforeRequest:e=>{if(e.path===hn){const t=yn(e);if(t){const n=((e,t=pn)=>{try{const n=fn(e,t),o=h(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(wn(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[gn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:On,getLastUserDisplayName:jn});const s=e(u(i,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:r}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=c((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;i?(kn(i),(e=>{v(In,e)})(s)):(null==r?void 0:r.loginId)&&kn(r.loginId)}}));let a=we(s,["flow.start"],Un);return a=we(a,["logout","logoutAll"],Sn(r)),Object.assign(a,{getLastUserLoginId:On,getLastUserDisplayName:jn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,storagePrefix:i}=n,s=t(n,["persistTokens","sessionTokenViaCookie","storagePrefix"]);if(!o||!Pt)return e(s);const a=e(u(s,{beforeRequest:(l=i,e=>Object.assign(e,{token:e.token||Ht(l)})),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);401===(null==t?void 0:t.status)?n||zt(i,r):((e={},t=!1,n="")=>{var o,r;const{sessionJwt:i,refreshJwt:s}=e;if(s&&v(`${n}${Jt}`,s),i)if(t){const n=t.sameSite||"Strict",s=null===(o=t.secure)||void 0===o||o,a=null!==(r=t.domain)&&void 0!==r?r:e.cookieDomain;Mt(Ft(t),i,Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:s,cookieDomain:a}))}else v(`${n}${Nt}`,i);e.idToken&&v(`${n}${Kt}`,e.idToken)})(await d(t),r,i)}}));var l;const c=we(a,["logout","logoutAll","oidc.logout"],Tn(i,r));return Object.assign(c,{getRefreshToken:()=>Ht(i),getSessionToken:()=>Vt(i),getIdToken:()=>Bt(i)})}))((e=>{const t=Rt(e),n=zn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,r)=>{var i;if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=Vt(),a=Ht();let l="";if(e.getExternalToken)try{l=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){Ct("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},l,r)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Fn(t),webauthn:qn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Kn(o,e)},requestAuthentication(e){Kn(o,e)}},async oneTap(e,t,n,r,i){await Mn(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+Nn.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>Pt&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+Nn.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Zn.REFRESH_TOKEN_KEY=Jt,Zn.SESSION_TOKEN_KEY=Nt,Zn}));
4
4
  //# sourceMappingURL=index.umd.js.map