npm - @descope/web-js-sdk - Versions diffs - 1.43.0 → 1.43.1 - Mend

@descope/web-js-sdk 1.43.0 → 1.43.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/cjs/index.cjs.js CHANGED Viewed

@@ -1,2 +1,2 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var s=r(n),a=r(o);const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;let f;const g=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},w=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:g(n)},v=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?g(o):void 0)},h=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||v(t),cookieExpiration:t.cookieExpiration||w(t)},s)},y=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},m=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return h(n)},b=()=>c&&!!window.descopeBridge,k=void 0!==f||c&&void 0!==window.localStorage,S=(e,t)=>{var n,o;return null===(o=null===(n=f||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},_=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},I=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},O=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==f?void 0:f.key)||void 0===t?void 0:t.call(f,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},x=(...e)=>{console.debug(...e)},j=(e,t)=>{let n;var o;return t>0?(n=1e3*t,x(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(x(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},D="DS",U="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:s,cookieSecure:l}=n,c=new Date(1e3*s),d=T(o);a.default.set(e,t,{path:i,domain:d?o:void 0,expires:c,sameSite:r,secure:l})}}function T(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const E=e=>(null==e?void 0:e.cookieName)||D,$=e=>(null==e?void 0:e.cookieName)||U;function A(e="",t){return a.default.get($(t))||_(`${e}${U}`)||""}function J(e="",t){return a.default.get(E(t))||_(`${e}${D}`)||""}function N(e=""){return _(`${e}${C}`)||""}function P(e="",t,n,o){I(`${e}${U}`),I(`${e}${D}`),I(`${e}${C}`);const i=E(t);a.default.remove(i,null==o?void 0:o.session);const r=$(n);a.default.remove(r,null==o?void 0:o.refresh)}const q=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||A(e,t)}),i=function(e=""){return _(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},K=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",L="vsid",F="vrid",V="fp",M=(e=!1)=>{const t=_(V);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},W=async(e,t=K)=>{try{if(M())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const s=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",a=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[s,i.defaultScriptUrlPattern]}),l=await a,{requestId:c}=await l.get({linkedId:n}),d=((e,t)=>({[L]:e,[F]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};S(V,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},H=e=>{const t=M(!0);return t&&e.body&&(e.body.fpData=t),e},B="descopeFlowNonce",G="X-Descope-Flow-Nonce",X="/v1/flow/start",Z="/v1/flow/next",Y=(e,t=B)=>`${t}${e}`,z=(e,t=B)=>{try{const n=Y(e,t);I(n)}catch(e){console.error("Error removing flow nonce:",e)}},Q=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},ee=e=>{var t;return e.path===Z&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Q(e.body.executionId):null},te="dls_last_user_login_id",ne="dls_last_user_display_name",oe=e=>S(te,e),ie=()=>_(te),re=()=>_(ne),se=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=ie(),r=re();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ae=e=>t=>async(...n)=>{const o=await t(...n);return e||(I(te),I(ne)),o};function le(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ce=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return P(e,t,n,null==o?void 0:o()),s};async function de(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ve(n.publicKey.challenge),n.publicKey.user.id=ve(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ve(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:he(o.rawId),type:o.type,response:{attestationObject:he(o.response.attestationObject),clientDataJSON:he(o.response.clientDataJSON)}});var o}async function ue(e){const t=ge(e);return we(await navigator.credentials.get(t))}async function pe(e,t){const n=ge(e);n.signal=t.signal,n.mediation="conditional";return we(await navigator.credentials.get(n))}async function fe(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(b()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function ge(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ve(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ve(e.id)})),n}function we(e){return JSON.stringify({id:e.id,rawId:he(e.rawId),type:e.type,response:{authenticatorData:he(e.response.authenticatorData),clientDataJSON:he(e.response.clientDataJSON),signature:he(e.response.signature),userHandle:e.response.userHandle?he(e.response.userHandle):void 0}})}function ve(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function he(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ye,me=(ye=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await de(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ue(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await de(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ue(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await de(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:de,get:ue,isSupported:fe,conditional:pe}}),(...e)=>{const t=ye(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const be={config:"/fedcm/config"},ke=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Se(e,t){var n;try{await _e(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function _e(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ke(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Ie=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await fe(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Oe=()=>window.location.search.includes("code")&&window.location.search.includes("state");let xe;const je=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{je(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const De=async(e,t,n)=>{xe||(xe=(async()=>{try{return require("oidc-client-ts")}catch(e){return je([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await xe;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ue=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await De(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),S(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Oe())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=_(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||N(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return I(i),t||window.location.replace(s),r}}},Ce=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,f=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return c?(o&&i&&W(o).catch((()=>null)),t(y(r,{beforeRequest:H}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,s=e.__rest(i,["autoRefresh"]);if(!r||b())return o(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(x("Expiration time passed, refreshing session"),p.refresh(A()||u))}));const p=o(y(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await m(n);if(401===(null==n?void 0:n.status))x("Received 401, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);x("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void x("Could not extract expiration time from session token");u=i;const e=j(d,s);if(a(),e<=2e4)return void x("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});x(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?x("Skipping refresh due to timer - document is hidden"):(x("Refreshing session due to timer"),p.refresh(A()||i))}),e)}}}));return n.wrapWith(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return x("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.43.0"},t.baseHeaders)}))),(e=>t=>{const o=le(),i=le(),r=le(),s=le(),a=e(y(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),s.pub(null);else{const e=await(async e=>{const t=await m(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:a,claims:l}=await m(t);n&&i.pub(n),l&&s.pub(l),(a||n)&&o.pub(a||42)}}})),l=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),s.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=B}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=B)=>{try{if(!k)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==f?void 0:f.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=O(i);if(t&&t.startsWith(e)){const e=_(t);if(e)try{JSON.parse(e).expiry<Date.now()&&I(t)}catch(e){I(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(y(r,{afterRequest:async(e,t)=>{if(e.path!==X&&e.path!==Z)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(G);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=ee(e)),{nonce:n,executionId:Q(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=B)=>{try{const i=Y(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};S(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===X,i)}},beforeRequest:e=>{if(e.path===Z){const t=ee(e);if(t){const n=((e,t=B)=>{try{const n=Y(e,t),o=_(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(z(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[G]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,s=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:ie,getLastUserDisplayName:re});const a=t(y(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=h((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(oe(r),(e=>{S(ne,e)})(s)):(null==i?void 0:i.loginId)&&oe(i.loginId)}}));let l=n.wrapWith(a,["flow.start"],se);return l=n.wrapWith(l,["logout","logoutAll"],ae(r)),Object.assign(l,{getLastUserLoginId:ie,getLastUserDisplayName:re})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,refreshTokenViaCookie:s,storagePrefix:l}=o,d=e.__rest(o,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!i||!c)return t(d);let u;const p=t(y(d,{beforeRequest:q(l,s),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);if(401===(null==t?void 0:t.status))n||P(l,r,s,u);else{const e=((e={},t=!1,n="",o=!1)=>{var i,r,s,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){I(`${n}${U}`);const t=o.sameSite||"Strict",s=null===(i=o.secure)||void 0===i||i,a=null!==(r=o.domain)&&void 0!==r?r:e.cookieDomain,l=$(o),c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});R(l,d,c);const u=T(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=$(o);a.default.remove(e),S(`${n}${U}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=E(t),a=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});R(r,c,a);const d=T(i);p=Object.assign(Object.assign({},p),{session:{path:a.cookiePath,domain:d?i:void 0}})}else S(`${n}${D}`,c);return e.idToken&&S(`${n}${C}`,e.idToken),u&&S(`${n}DTD`,u),p})(await m(t),r,l,s);e&&(u=e)}}})),f=n.wrapWith(p,["logout","logoutAll","oidc.logout"],ce(l,r,s,(()=>u)));return Object.assign(f,{getRefreshToken:()=>A(l,s),getSessionToken:()=>J(l,r),getIdToken:()=>N(l)})}))((e=>{const t=s.default(e),n=Ue(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(b())return x(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=J(),a=A();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){x("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Ie(t),webauthn:me(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){Se(o,e)},requestAuthentication(e){Se(o,e)}},async oneTap(e,t,n,i,r){await _e(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+be.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+be.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=U,exports.SESSION_TOKEN_KEY=D,exports.clearFingerprintData=()=>{I(V)},exports.createSdk=Ce,exports.default=Ce,exports.ensureFingerprintIds=W,exports.hasOidcParamsInUrl=Oe;
+"use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("jwt-decode"),n=require("@descope/core-js-sdk"),o=require("js-cookie"),i=require("@fingerprintjs/fingerprintjs-pro");function r(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var s=r(n),a=r(o);const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;let f;const g=e=>{try{return t.jwtDecode(e).exp}catch(e){return null}},w=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:g(n)},v=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?g(o):void 0)},h=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e.__rest(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||v(t),cookieExpiration:t.cookieExpiration||w(t)},s)},y=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},m=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return h(n)},b=()=>c&&!!window.descopeBridge,k=void 0!==f||c&&void 0!==window.localStorage,S=(e,t)=>{var n,o;return null===(o=null===(n=f||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},_=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},I=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},O=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==f?void 0:f.key)||void 0===t?void 0:t.call(f,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},x=(...e)=>{console.debug(...e)},j=(e,t)=>{let n;var o;return t>0?(n=1e3*t,x(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(x(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},D="DS",U="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:i,cookieSameSite:r,cookieExpiration:s,cookieSecure:l}=n,c=new Date(1e3*s),d=T(o);a.default.set(e,t,{path:i,domain:d?o:void 0,expires:c,sameSite:r,secure:l})}}function T(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const E=e=>(null==e?void 0:e.cookieName)||D,$=e=>(null==e?void 0:e.cookieName)||U;function A(e="",t){return a.default.get($(t))||_(`${e}${U}`)||""}function J(e="",t){return a.default.get(E(t))||_(`${e}${D}`)||""}function N(e=""){return _(`${e}${C}`)||""}function P(e="",t,n,o){I(`${e}${U}`),I(`${e}${D}`),I(`${e}${C}`);const i=E(t);a.default.remove(i,null==o?void 0:o.session);const r=$(n);a.default.remove(r,null==o?void 0:o.refresh)}const q=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||A(e,t)}),i=function(e=""){return _(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},K=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",L="vsid",F="vrid",V="fp",M=(e=!1)=>{const t=_(V);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},W=async(e,t=K)=>{try{if(M())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const s=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",a=i.load({apiKey:e,endpoint:[o.toString(),i.defaultEndpoint],scriptUrlPattern:[s,i.defaultScriptUrlPattern]}),l=await a,{requestId:c}=await l.get({linkedId:n}),d=((e,t)=>({[L]:e,[F]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};S(V,JSON.stringify(t))})(d)}catch(e){console.warn("Could not load fingerprint",e)}},H=e=>{const t=M(!0);return t&&e.body&&(e.body.fpData=t),e},B="descopeFlowNonce",G="X-Descope-Flow-Nonce",X="/v1/flow/start",Z="/v1/flow/next",Y=(e,t=B)=>`${t}${e}`,z=(e,t=B)=>{try{const n=Y(e,t);I(n)}catch(e){console.error("Error removing flow nonce:",e)}},Q=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},ee=e=>{var t;return e.path===Z&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Q(e.body.executionId):null},te="dls_last_user_login_id",ne="dls_last_user_display_name",oe=e=>S(te,e),ie=()=>_(te),re=()=>_(ne),se=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=ie(),r=re();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ae=e=>t=>async(...n)=>{const o=await t(...n);return e||(I(te),I(ne)),o};function le(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ce=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return P(e,t,n,null==o?void 0:o()),s};async function de(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ve(n.publicKey.challenge),n.publicKey.user.id=ve(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=ve(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:he(o.rawId),type:o.type,response:{attestationObject:he(o.response.attestationObject),clientDataJSON:he(o.response.clientDataJSON)}});var o}async function ue(e){const t=ge(e);return we(await navigator.credentials.get(t))}async function pe(e,t){const n=ge(e);n.signal=t.signal,n.mediation="conditional";return we(await navigator.credentials.get(n))}async function fe(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(b()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function ge(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=ve(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=ve(e.id)})),n}function we(e){return JSON.stringify({id:e.id,rawId:he(e.rawId),type:e.type,response:{authenticatorData:he(e.response.authenticatorData),clientDataJSON:he(e.response.clientDataJSON),signature:he(e.response.signature),userHandle:e.response.userHandle?he(e.response.userHandle):void 0}})}function ve(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function he(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ye,me=(ye=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await de(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ue(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await de(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ue(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await de(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:de,get:ue,isSupported:fe,conditional:pe}}),(...e)=>{const t=ye(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const be={config:"/fedcm/config"},ke=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Se(e,t){var n;try{await _e(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function _e(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=ke(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Ie=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await fe(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const Oe=()=>window.location.search.includes("code")&&window.location.search.includes("state");let xe;const je=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{je(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const De=async(e,t,n)=>{xe||(xe=(async()=>{try{return require("oidc-client-ts")}catch(e){return je([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await xe;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ue=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await De(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),S(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(Oe())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=_(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||N(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return I(i),t||window.location.replace(s),r}}},Ce=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,f=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e.__rest(n,["fpKey","fpLoad"]);return c?(o&&i&&W(o).catch((()=>null)),t(y(r,{beforeRequest:H}))):t(r)}),(o=>i=>{var{autoRefresh:r}=i,s=e.__rest(i,["autoRefresh"]);if(!r||b())return o(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(x("Expiration time passed, refreshing session"),p.refresh(A()||u))}));const p=o(y(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await m(n);if(401===(null==n?void 0:n.status))x("Received 401, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);x("Could not extract expiration time from session token, trying to decode the token");try{const n=t.jwtDecode(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void x("Could not extract expiration time from session token");u=i;const e=j(d,s);if(a(),e<=2e4)return void x("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});x(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?x("Skipping refresh due to timer - document is hidden"):(x("Refreshing session due to timer"),p.refresh(A()||i))}),e)}}}));return n.wrapWith(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return x("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.43.1"},t.baseHeaders)}))),(e=>t=>{const o=le(),i=le(),r=le(),s=le(),a=e(y(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),o.pub(null),s.pub(null);else{const e=await(async e=>{const t=await m(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:n,sessionExpiration:a,claims:l}=await m(t);n&&i.pub(n),l&&s.pub(l),(a||n)&&o.pub(a||42)}}})),l=n.wrapWith(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return i.pub(null),r.pub(null),o.pub(null),s.pub(null),n}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>o.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=B}=n,r=e.__rest(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=B)=>{try{if(!k)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==f?void 0:f.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=O(i);if(t&&t.startsWith(e)){const e=_(t);if(e)try{JSON.parse(e).expiry<Date.now()&&I(t)}catch(e){I(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(y(r,{afterRequest:async(e,t)=>{if(e.path!==X&&e.path!==Z)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(G);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=ee(e)),{nonce:n,executionId:Q(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=B)=>{try{const i=Y(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};S(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===X,i)}},beforeRequest:e=>{if(e.path===Z){const t=ee(e);if(t){const n=((e,t=B)=>{try{const n=Y(e,t),o=_(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(z(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[G]=n)}}return e}}))}),(t=>o=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=o,s=e.__rest(o,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:ie,getLastUserDisplayName:re});const a=t(y(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=h((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(oe(r),(e=>{S(ne,e)})(s)):(null==i?void 0:i.loginId)&&oe(i.loginId)}}));let l=n.wrapWith(a,["flow.start"],se);return l=n.wrapWith(l,["logout","logoutAll"],ae(r)),Object.assign(l,{getLastUserLoginId:ie,getLastUserDisplayName:re})}),(t=>o=>{var{persistTokens:i,sessionTokenViaCookie:r,refreshTokenViaCookie:s,storagePrefix:l}=o,d=e.__rest(o,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!i||!c)return t(d);let u;const p=t(y(d,{beforeRequest:q(l,s),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);if(401===(null==t?void 0:t.status))n||P(l,r,s,u);else{const e=((e={},t=!1,n="",o=!1)=>{var i,r,s,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){I(`${n}${U}`);const t=o.sameSite||"Strict",s=null===(i=o.secure)||void 0===i||i,a=null!==(r=o.domain)&&void 0!==r?r:e.cookieDomain,l=$(o),c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});R(l,d,c);const u=T(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=$(o);a.default.remove(e),S(`${n}${U}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=E(t),a=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});R(r,c,a);const d=T(i);p=Object.assign(Object.assign({},p),{session:{path:a.cookiePath,domain:d?i:void 0}})}else S(`${n}${D}`,c);return e.idToken&&S(`${n}${C}`,e.idToken),u&&S(`${n}DTD`,u),p})(await m(t),r,l,s);e&&(u=e)}}})),f=n.wrapWith(p,["logout","logoutAll","oidc.logout"],ce(l,r,s,(()=>u)));return Object.assign(f,{getRefreshToken:()=>A(l,s),getSessionToken:()=>J(l,r),getIdToken:()=>N(l)})}))((e=>{const t=s.default(e),n=Ue(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,i)=>{var r;if(b())return x(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=J(),a=A();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){x("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Ie(t),webauthn:me(t),fedcm:(o=t,i=e.projectId,{onetap:{requestExchangeCode(e){Se(o,e)},requestAuthentication(e){Se(o,e)}},async oneTap(e,t,n,i,r){await _e(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:i,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(i+be.config),clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(r.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(i+be.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:i}]}},r=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!r&&!!r.token}catch(e){return!1}}}),oidc:n});var o,i}));exports.REFRESH_TOKEN_KEY=U,exports.SESSION_TOKEN_KEY=D,exports.clearFingerprintData=()=>{I(V)},exports.createSdk=Ce,exports.default=Ce,exports.ensureFingerprintIds=W,exports.hasOidcParamsInUrl=Oe;
 //# sourceMappingURL=index.cjs.js.map

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as s,defaultScriptUrlPattern as a}from"@fingerprintjs/fingerprintjs-pro";const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;let g;const f=e=>{try{return t(e).exp}catch(e){return null}},v=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:f(n)},w=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?f(o):void 0)},h=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||w(t),cookieExpiration:t.cookieExpiration||v(t)},s)},m=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},y=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return h(n)},b=()=>c&&!!window.descopeBridge,k=void 0!==g||c&&void 0!==window.localStorage,S=(e,t)=>{var n,o;return null===(o=null===(n=g||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},I=e=>{var t,n;return null===(n=null===(t=g||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},O=e=>{var t,n;return null===(n=null===(t=g||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},_=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==g?void 0:g.key)||void 0===t?void 0:t.call(g,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},x=(...e)=>{console.debug(...e)},D=(e,t)=>{let n;var o;return t>0?(n=1e3*t,x(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(x(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},j="DS",U="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:s,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),d=T(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:c,sameSite:s,secure:l})}}function T(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const $=e=>(null==e?void 0:e.cookieName)||j,A=e=>(null==e?void 0:e.cookieName)||U;function E(e="",t){return i.get(A(t))||I(`${e}${U}`)||""}function J(e="",t){return i.get($(t))||I(`${e}${j}`)||""}function L(e=""){return I(`${e}${C}`)||""}function N(e="",t,n,o){O(`${e}${U}`),O(`${e}${j}`),O(`${e}${C}`);const r=$(t);i.remove(r,null==o?void 0:o.session);const s=A(n);i.remove(s,null==o?void 0:o.refresh)}const P=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||E(e,t)}),i=function(e=""){return I(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},K=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",q="vsid",V="vrid",F="fp",M=(e=!1)=>{const t=I(F);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},B=async(e,t=K)=>{try{if(M())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const l=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",c=r({apiKey:e,endpoint:[o.toString(),s],scriptUrlPattern:[l,a]}),d=await c,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[q]:e,[V]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};S(F,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},H=()=>{O(F)},G=e=>{const t=M(!0);return t&&e.body&&(e.body.fpData=t),e},W="descopeFlowNonce",X="X-Descope-Flow-Nonce",Z="/v1/flow/start",z="/v1/flow/next",Q=(e,t=W)=>`${t}${e}`,Y=(e,t=W)=>{try{const n=Q(e,t);O(n)}catch(e){console.error("Error removing flow nonce:",e)}},ee=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},te=e=>{var t;return e.path===z&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?ee(e.body.executionId):null},ne="dls_last_user_login_id",oe="dls_last_user_display_name",ie=e=>S(ne,e),re=()=>I(ne),se=()=>I(oe),ae=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=re(),r=se();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},le=e=>t=>async(...n)=>{const o=await t(...n);return e||(O(ne),O(oe)),o};function ce(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const de=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return N(e,t,n,null==o?void 0:o()),s};async function ue(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=he(n.publicKey.challenge),n.publicKey.user.id=he(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=he(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:me(o.rawId),type:o.type,response:{attestationObject:me(o.response.attestationObject),clientDataJSON:me(o.response.clientDataJSON)}});var o}async function pe(e){const t=ve(e);return we(await navigator.credentials.get(t))}async function ge(e,t){const n=ve(e);n.signal=t.signal,n.mediation="conditional";return we(await navigator.credentials.get(n))}async function fe(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(b()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function ve(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=he(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=he(e.id)})),n}function we(e){return JSON.stringify({id:e.id,rawId:me(e.rawId),type:e.type,response:{authenticatorData:me(e.response.authenticatorData),clientDataJSON:me(e.response.clientDataJSON),signature:me(e.response.signature),userHandle:e.response.userHandle?me(e.response.userHandle):void 0}})}function he(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function me(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ye,be=(ye=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await ue(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await pe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await ue(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await pe(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await ue(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:ue,get:pe,isSupported:fe,conditional:ge}}),(...e)=>{const t=ye(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ke={config:"/fedcm/config"},Se=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Ie(e,t){var n;try{await Oe(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Oe(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=Se(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var _e=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await fe(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const xe=()=>window.location.search.includes("code")&&window.location.search.includes("state");let De;const je=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{je(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Ue=async(e,t,n)=>{De||(De=(async()=>{try{return require("oidc-client-ts")}catch(e){return je([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await De;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ce=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Ue(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),S(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(xe())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=I(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||L(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return O(i),t||window.location.replace(s),r}}},Re=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,g=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return c?(o&&i&&B(o).catch((()=>null)),t(m(r,{beforeRequest:G}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,s=e(i,["autoRefresh"]);if(!r||b())return n(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(x("Expiration time passed, refreshing session"),p.refresh(E()||u))}));const p=n(m(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await y(n);if(401===(null==n?void 0:n.status))x("Received 401, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);x("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void x("Could not extract expiration time from session token");u=i;const e=D(d,s);if(a(),e<=2e4)return void x("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});x(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?x("Skipping refresh due to timer - document is hidden"):(x("Refreshing session due to timer"),p.refresh(E()||i))}),e)}}}));return o(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return x("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.43.0"},t.baseHeaders)}))),(e=>t=>{const n=ce(),i=ce(),r=ce(),s=ce(),a=e(m(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null),s.pub(null);else{const e=await(async e=>{const t=await y(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a,claims:l}=await y(t);o&&i.pub(o),l&&s.pub(l),(a||o)&&n.pub(a||42)}}})),l=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),s.pub(null),o}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=W}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=W)=>{try{if(!k)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==g?void 0:g.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=_(i);if(t&&t.startsWith(e)){const e=I(t);if(e)try{JSON.parse(e).expiry<Date.now()&&O(t)}catch(e){O(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(m(r,{afterRequest:async(e,t)=>{if(e.path!==Z&&e.path!==z)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(X);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=te(e)),{nonce:n,executionId:ee(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=W)=>{try{const i=Q(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};S(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===Z,i)}},beforeRequest:e=>{if(e.path===z){const t=te(e);if(t){const n=((e,t=W)=>{try{const n=Q(e,t),o=I(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(Y(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[X]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,s=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:re,getLastUserDisplayName:se});const a=t(m(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=h((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(ie(r),(e=>{S(oe,e)})(s)):(null==i?void 0:i.loginId)&&ie(i.loginId)}}));let l=o(a,["flow.start"],ae);return l=o(l,["logout","logoutAll"],le(r)),Object.assign(l,{getLastUserLoginId:re,getLastUserDisplayName:se})}),(t=>n=>{var{persistTokens:r,sessionTokenViaCookie:s,refreshTokenViaCookie:a,storagePrefix:l}=n,d=e(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!r||!c)return t(d);let u;const p=t(m(d,{beforeRequest:P(l,a),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);if(401===(null==t?void 0:t.status))n||N(l,s,a,u);else{const e=((e={},t=!1,n="",o=!1)=>{var r,s,a,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){O(`${n}${U}`);const t=o.sameSite||"Strict",i=null===(r=o.secure)||void 0===r||r,a=null!==(s=o.domain)&&void 0!==s?s:e.cookieDomain,l=A(o),c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:i,cookieDomain:a});R(l,d,c);const u=T(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=A(o);i.remove(e),S(`${n}${U}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(a=t.secure)||void 0===a||a,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=$(t),s=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});R(r,c,s);const d=T(i);p=Object.assign(Object.assign({},p),{session:{path:s.cookiePath,domain:d?i:void 0}})}else S(`${n}${j}`,c);return e.idToken&&S(`${n}${C}`,e.idToken),u&&S(`${n}DTD`,u),p})(await y(t),s,l,a);e&&(u=e)}}})),g=o(p,["logout","logoutAll","oidc.logout"],de(l,s,a,(()=>u)));return Object.assign(g,{getRefreshToken:()=>E(l,a),getSessionToken:()=>J(l,s),getIdToken:()=>L(l)})}))((e=>{const t=n(e),o=Ce(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(n,i)=>{var r;if(b())return x(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=J(),a=E();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){x("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:_e(t),webauthn:be(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){Ie(i,e)},requestAuthentication(e){Ie(i,e)}},async oneTap(e,t,n,o,r){await Oe(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ke.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ke.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{U as REFRESH_TOKEN_KEY,j as SESSION_TOKEN_KEY,H as clearFingerprintData,Re as createSdk,Re as default,B as ensureFingerprintIds,xe as hasOidcParamsInUrl};
+import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as s,defaultScriptUrlPattern as a}from"@fingerprintjs/fingerprintjs-pro";const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;let g;const f=e=>{try{return t(e).exp}catch(e){return null}},v=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:f(n)},w=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?f(o):void 0)},h=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||w(t),cookieExpiration:t.cookieExpiration||v(t)},s)},m=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},y=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return h(n)},b=()=>c&&!!window.descopeBridge,k=void 0!==g||c&&void 0!==window.localStorage,S=(e,t)=>{var n,o;return null===(o=null===(n=g||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},I=e=>{var t,n;return null===(n=null===(t=g||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},O=e=>{var t,n;return null===(n=null===(t=g||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},_=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==g?void 0:g.key)||void 0===t?void 0:t.call(g,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},x=(...e)=>{console.debug(...e)},D=(e,t)=>{let n;var o;return t>0?(n=1e3*t,x(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(x(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},j="DS",U="DSR",C="DSI";function R(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:s,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),d=T(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:c,sameSite:s,secure:l})}}function T(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const $=e=>(null==e?void 0:e.cookieName)||j,A=e=>(null==e?void 0:e.cookieName)||U;function E(e="",t){return i.get(A(t))||I(`${e}${U}`)||""}function J(e="",t){return i.get($(t))||I(`${e}${j}`)||""}function L(e=""){return I(`${e}${C}`)||""}function N(e="",t,n,o){O(`${e}${U}`),O(`${e}${j}`),O(`${e}${C}`);const r=$(t);i.remove(r,null==o?void 0:o.session);const s=A(n);i.remove(s,null==o?void 0:o.refresh)}const P=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||E(e,t)}),i=function(e=""){return I(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},K=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",q="vsid",V="vrid",F="fp",M=(e=!1)=>{const t=I(F);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},B=async(e,t=K)=>{try{if(M())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const l=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",c=r({apiKey:e,endpoint:[o.toString(),s],scriptUrlPattern:[l,a]}),d=await c,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[q]:e,[V]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};S(F,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},H=()=>{O(F)},G=e=>{const t=M(!0);return t&&e.body&&(e.body.fpData=t),e},W="descopeFlowNonce",X="X-Descope-Flow-Nonce",Z="/v1/flow/start",z="/v1/flow/next",Q=(e,t=W)=>`${t}${e}`,Y=(e,t=W)=>{try{const n=Q(e,t);O(n)}catch(e){console.error("Error removing flow nonce:",e)}},ee=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},te=e=>{var t;return e.path===z&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?ee(e.body.executionId):null},ne="dls_last_user_login_id",oe="dls_last_user_display_name",ie=e=>S(ne,e),re=()=>I(ne),se=()=>I(oe),ae=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=re(),r=se();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},le=e=>t=>async(...n)=>{const o=await t(...n);return e||(O(ne),O(oe)),o};function ce(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const de=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return N(e,t,n,null==o?void 0:o()),s};async function ue(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=he(n.publicKey.challenge),n.publicKey.user.id=he(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=he(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:me(o.rawId),type:o.type,response:{attestationObject:me(o.response.attestationObject),clientDataJSON:me(o.response.clientDataJSON)}});var o}async function pe(e){const t=ve(e);return we(await navigator.credentials.get(t))}async function ge(e,t){const n=ve(e);n.signal=t.signal,n.mediation="conditional";return we(await navigator.credentials.get(n))}async function fe(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(b()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function ve(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=he(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=he(e.id)})),n}function we(e){return JSON.stringify({id:e.id,rawId:me(e.rawId),type:e.type,response:{authenticatorData:me(e.response.authenticatorData),clientDataJSON:me(e.response.clientDataJSON),signature:me(e.response.signature),userHandle:e.response.userHandle?me(e.response.userHandle):void 0}})}function he(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function me(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var ye,be=(ye=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await ue(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await pe(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await ue(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await pe(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await ue(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:ue,get:pe,isSupported:fe,conditional:ge}}),(...e)=>{const t=ye(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const ke={config:"/fedcm/config"},Se=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Ie(e,t){var n;try{await Oe(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Oe(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=Se(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var _e=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await fe(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const xe=()=>window.location.search.includes("code")&&window.location.search.includes("state");let De;const je=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{je(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Ue=async(e,t,n)=>{De||(De=(async()=>{try{return require("oidc-client-ts")}catch(e){return je([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await De;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ce=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Ue(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),S(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(xe())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=I(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||L(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return O(i),t||window.location.replace(s),r}}},Re=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,g=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return c?(o&&i&&B(o).catch((()=>null)),t(m(r,{beforeRequest:G}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,s=e(i,["autoRefresh"]);if(!r||b())return n(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(x("Expiration time passed, refreshing session"),p.refresh(E()||u))}));const p=n(m(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await y(n);if(401===(null==n?void 0:n.status))x("Received 401, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);x("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void x("Could not extract expiration time from session token");u=i;const e=D(d,s);if(a(),e<=2e4)return void x("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});x(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?x("Skipping refresh due to timer - document is hidden"):(x("Refreshing session due to timer"),p.refresh(E()||i))}),e)}}}));return o(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return x("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.43.1"},t.baseHeaders)}))),(e=>t=>{const n=ce(),i=ce(),r=ce(),s=ce(),a=e(m(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))i.pub(null),r.pub(null),n.pub(null),s.pub(null);else{const e=await(async e=>{const t=await y(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a,claims:l}=await y(t);o&&i.pub(o),l&&s.pub(l),(a||o)&&n.pub(a||42)}}})),l=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),s.pub(null),o}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=W}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=W)=>{try{if(!k)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==g?void 0:g.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=_(i);if(t&&t.startsWith(e)){const e=I(t);if(e)try{JSON.parse(e).expiry<Date.now()&&O(t)}catch(e){O(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(m(r,{afterRequest:async(e,t)=>{if(e.path!==Z&&e.path!==z)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(X);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=te(e)),{nonce:n,executionId:ee(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=W)=>{try{const i=Q(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};S(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===Z,i)}},beforeRequest:e=>{if(e.path===z){const t=te(e);if(t){const n=((e,t=W)=>{try{const n=Q(e,t),o=I(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(Y(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[X]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,s=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:re,getLastUserDisplayName:se});const a=t(m(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=h((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(ie(r),(e=>{S(oe,e)})(s)):(null==i?void 0:i.loginId)&&ie(i.loginId)}}));let l=o(a,["flow.start"],ae);return l=o(l,["logout","logoutAll"],le(r)),Object.assign(l,{getLastUserLoginId:re,getLastUserDisplayName:se})}),(t=>n=>{var{persistTokens:r,sessionTokenViaCookie:s,refreshTokenViaCookie:a,storagePrefix:l}=n,d=e(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!r||!c)return t(d);let u;const p=t(m(d,{beforeRequest:P(l,a),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);if(401===(null==t?void 0:t.status))n||N(l,s,a,u);else{const e=((e={},t=!1,n="",o=!1)=>{var r,s,a,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){O(`${n}${U}`);const t=o.sameSite||"Strict",i=null===(r=o.secure)||void 0===r||r,a=null!==(s=o.domain)&&void 0!==s?s:e.cookieDomain,l=A(o),c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:i,cookieDomain:a});R(l,d,c);const u=T(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=A(o);i.remove(e),S(`${n}${U}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(a=t.secure)||void 0===a||a,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=$(t),s=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});R(r,c,s);const d=T(i);p=Object.assign(Object.assign({},p),{session:{path:s.cookiePath,domain:d?i:void 0}})}else S(`${n}${j}`,c);return e.idToken&&S(`${n}${C}`,e.idToken),u&&S(`${n}DTD`,u),p})(await y(t),s,l,a);e&&(u=e)}}})),g=o(p,["logout","logoutAll","oidc.logout"],de(l,s,a,(()=>u)));return Object.assign(g,{getRefreshToken:()=>E(l,a),getSessionToken:()=>J(l,s),getIdToken:()=>L(l)})}))((e=>{const t=n(e),o=Ce(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(n,i)=>{var r;if(b())return x(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=J(),a=E();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){x("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:_e(t),webauthn:be(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){Ie(i,e)},requestAuthentication(e){Ie(i,e)}},async oneTap(e,t,n,o,r){await Oe(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+ke.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+ke.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{U as REFRESH_TOKEN_KEY,j as SESSION_TOKEN_KEY,H as clearFingerprintData,Re as createSdk,Re as default,B as ensureFingerprintIds,xe as hasOidcParamsInUrl};
 //# sourceMappingURL=index.esm.js.map

package/dist/index.umd.js CHANGED Viewed

@@ -1,4 +1,4 @@
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i="3.2.0",s="undefined"!=typeof window,a=Math.pow(2,31)-1,c=`https://descopecdn.com/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`,l=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`;let d;const u=e=>{try{return r(e).exp}catch(e){return null}},p=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:u(n)},g=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?u(o):void 0)},v=e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,s=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||g(e),cookieExpiration:e.cookieExpiration||p(e)},s)},h=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return v(n)},w=()=>s&&!!window.descopeBridge,m=void 0!==d||s&&void 0!==window.localStorage,y=(e,t)=>{var n,o;return null===(o=null===(n=d||s&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},b=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},I=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},k=e=>{var t,n,o,r,i;return null!==(i=null!==(n=null===(t=null==d?void 0:d.key)||void 0===t?void 0:t.call(d,e))&&void 0!==n?n:s&&(null===(r=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===r?void 0:r.call(o,e)))&&void 0!==i?i:null};var O={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",tryRefresh:"/v1/auth/try-refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const j="<region>",S=`https://api.${j}descope.com`,U=6e5,x="dct",T=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},R=[521,524],C=e=>async(...t)=>{let n=await e(...t);R.includes(n.status)&&(n=await e(...t),n.retries=1);const o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n},E=(e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>T().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await C(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return T().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:C(n)};let P;const $=()=>{if(P)return P;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return P=`${t}-${n}`,P};var _,D;(D=_||(_={})).get="GET",D.delete="DELETE",D.post="POST",D.put="PUT",D.patch="PATCH";const A=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(j,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},L=(...e)=>new Headers(e.reduce(((e,t)=>((e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t).forEach((([t,n])=>{e[t]="function"==typeof n?n():n})),e)),{})),q={"Content-Type":"application/json"},N=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},J=(e,t)=>{const n={"x-descope-sdk-session-id":$(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.56.0","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},K=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e};var M=e=>{var t;return(({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=e||S,l=E(r,a),d=async e=>{var r;const a=(null==i?void 0:i.beforeRequest)?i.beforeRequest(e):e,{path:d,body:u,headers:p,queryParams:g,method:v,token:h}=a,f=(e=>void 0===e?void 0:JSON.stringify(e))(u),w={headers:L(N(t,h),J(t,o),(null==n?void 0:n.baseHeaders)||{},K(f)?q:{},p),method:v,body:f};null!==s&&(w.credentials=s||"include");const m=await l(A({path:d,baseUrl:c,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(e,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(r=m.headers)||void 0===r?void 0:r.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>d({path:e,headers:t,queryParams:n,body:void 0,method:_.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>d({path:e,headers:n,queryParams:o,body:t,method:_.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>d({path:e,headers:n,queryParams:o,body:t,method:_.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>d({path:e,headers:n,queryParams:o,body:t,method:_.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>d({path:e,headers:t,queryParams:n,body:void 0,method:_.delete,token:o}),hooks:i,buildUrl:(e,n)=>A({projectId:t,baseUrl:c,path:e,queryParams:n})}})(Object.assign(Object.assign({},e),{hooks:{beforeRequest:t=>{var n;const o=[].concat((null===(n=e.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),t)},afterRequest:async(t,n)=>{var o;const r=[].concat((null===(o=e.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((e=>e(t,null==n?void 0:n.clone()))))).forEach((t=>{var n;return"rejected"===t.status&&(null===(n=e.logger)||void 0===n?void 0:n.error(t.reason))}))},transformResponse:null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}}))},F=429;function V(e,t,n){var o;let r=H(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[x])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function H(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function B(e){const{exp:t}=H(e);return(new Date).getTime()/1e3>t}function z(e){let t=H(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function Z(e,t){return V(e,t,"permissions")}function G(e,t){return V(e,t,"roles")}const W=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function X(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===F&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function Y(e){var t;return(null===(t=H(e))||void 0===t?void 0:t[x])||""}const Q=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),ee=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},te=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),ne=e=>t=>e.test(t),oe=ne(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),re=ne(/^\+[1-9]{1}[0-9]{3,14}$/),ie=Q(oe,'"{val}" is not a valid email'),se=Q(re,'"{val}" is not a valid phone number'),ae=Q((e=>e.length>=1),"Minimum length is 1");const ce=Q((e=>"string"==typeof e),"Input is not a string"),le=Q((e=>Array.isArray(e)),"Input is not an array"),de=Q((e=>"boolean"==typeof e),"Input is not a boolean"),ue=Q((e=>void 0===e),"Input is defined"),pe=ee([ce(),ue()],"Input is not a string or undefined"),ge=ee([le(),de()],"Input is not an array or boolean"),ve=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>te(...e).validate(n[t]))),t(...n)),he=e=>[ce(`"${e}" must be a string`)],fe=e=>[pe(`"${e}" must be string or undefined`)],we=e=>[ce(`"${e}" must be a string`),ae(`"${e}" must not be empty`)],me=e=>[ce(`"${e}" must be a string`),ie()],ye=e=>[ce(`"${e}" must be a string`),se()],be=ve(we("accessKey")),Ie=e=>({exchange:be(((t,n)=>X(e.post(O.accessKey.exchange,{loginOptions:n},{token:t}))))}),ke=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),Oe=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||U,U)});var je,Se;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp",e.instantMessaging="im"}(je||(je={})),function(e){e.email="email"}(Se||(Se={}));const Ue=Object.assign(Object.assign({},je),Se);var xe;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(xe||(xe={}));const Te=we("loginId"),Re=ve(we("token")),Ce=ve(Te),Ee=ve(we("pendingRef")),Pe=ve(Te,me("email")),$e=e=>({verify:Re((t=>X(e.post(O.enchantedLink.verify,{token:t})))),signIn:Ce(((n,o,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return X(e.post(W(O.enchantedLink.signIn,Ue.email),{loginId:n,URI:o,loginOptions:a,providerId:s},{token:i}))})),signUpOrIn:Ce(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(W(O.enchantedLink.signUpOrIn,Ue.email),{loginId:n,URI:o,loginOptions:s,providerId:i}))})),signUp:Ce(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(W(O.enchantedLink.signUp,Ue.email),{loginId:n,URI:o,user:r,loginOptions:a,providerId:s}))})),waitForSession:Ee(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Oe(n);let s;const a=setInterval((async()=>{const n=await e.post(O.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(X(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:Pe(((t,n,o,r,i)=>X(e.post(O.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),_e=ve(we("flowId")),De=ve(we("executionId"),we("stepId"),we("interactionId")),Ae=e=>({start:_e(((t,n,o,r,i,s,a,c=!1)=>X(e.post(O.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a,isCustomScreen:c})))),next:De(((t,n,o,r,i,s,a=!1)=>X(e.post(O.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s,isCustomScreen:a}))))}),Le=we("loginId"),qe=ve(we("token")),Ne=ve(Le),Je=ve(Le,ye("phone")),Ke=ve(Le,me("email")),Me=Object.keys(Ue).filter((e=>e!==je.voice)),Fe=e=>({verify:qe((t=>X(e.post(O.magicLink.verify,{token:t})))),signIn:Me.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ne(((n,r,i={},s)=>{var{providerId:a}=i,c=t(i,["providerId"]);return X(e.post(W(O.magicLink.signIn,o),{loginId:n,URI:r,loginOptions:c,providerId:a},{token:s}))}))})),{}),signUp:Me.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ne(((n,r,i,s={})=>{var{providerId:a}=s,c=t(s,["providerId"]);return X(e.post(W(O.magicLink.signUp,o),{loginId:n,URI:r,user:i,loginOptions:c,providerId:a}))}))})),{}),signUpOrIn:Me.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ne(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(W(O.magicLink.signUpOrIn,o),{loginId:n,URI:r,loginOptions:a,providerId:s}))}))})),{}),update:{email:Ke(((t,n,o,r,i)=>X(e.post(O.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(je).filter((e=>e!==je.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Je(((t,o,r,i,s)=>X(e.post(W(O.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var Ve;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(Ve||(Ve={}));const He=ve(we("code")),Be=e=>({start:Object.assign(((t,n,o,r,i)=>X(e.post(O.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(Ve).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>X(e.post(O.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:He((t=>X(e.post(O.oauth.exchange,{code:t})))),startNative:(t,n,o)=>X(e.post(O.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>X(e.post(O.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>X(e.get(O.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>X(e.post(O.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>X(e.post(O.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),ze=we("appId"),Ze=ve(ze),Ge=e=>({connect:Ze(((t,n,o)=>{const r=null==n?void 0:n.tenantId,i=null==n?void 0:n.tenantLevel;return null==n||delete n.tenantId,null==n||delete n.tenantLevel,X(e.post(O.outbound.connect,{appId:t,tenantId:r,tenantLevel:i,options:n},{token:o}))}))}),We=we("loginId"),Xe=ve(We,we("code")),Ye=ve(We),Qe=ve(We,ye("phone")),et=ve(We,me("email")),tt=e=>({verify:Object.keys(Ue).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Xe(((t,o)=>X(e.post(W(O.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(Ue).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ye(((n,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return X(e.post(W(O.otp.signIn,o),{loginId:n,loginOptions:a,providerId:s},{token:i}))}))})),{}),signUp:Object.keys(Ue).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ye(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(W(O.otp.signUp,o),{loginId:n,user:r,loginOptions:a,providerId:s}))}))})),{}),signUpOrIn:Object.keys(Ue).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ye(((n,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(W(O.otp.signUpOrIn,o),{loginId:n,loginOptions:s,providerId:i}))}))})),{}),update:{email:et(((t,n,o,r)=>X(e.post(O.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(je).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Qe(((t,o,r,i)=>X(e.post(W(O.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),nt=ve(we("tenant")),ot=ve(we("code")),rt=e=>({start:nt(((t,n,o,r,i,s,a,c)=>X(e.post(O.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i}),s&&{forceAuthn:"true"}),a&&{loginHint:a}),c&&{initiatedEmail:t})},r&&{token:r}))))),exchange:ot((t=>X(e.post(O.saml.exchange,{code:t}))))}),it=we("loginId"),st=ve(it,we("code")),at=ve(it),ct=ve(it),lt=e=>({signUp:at(((t,n)=>X(e.post(O.totp.signUp,{loginId:t,user:n})))),verify:st(((t,n,o,r)=>X(e.post(O.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:ct(((t,n)=>X(e.post(O.totp.update,{loginId:t},{token:n}))))}),dt=we("loginId"),ut=we("newPassword"),pt=ve(dt,we("password")),gt=ve(dt),vt=ve(dt,ut),ht=ve(dt,we("oldPassword"),ut),ft=e=>({signUp:pt(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(O.password.signUp,{loginId:n,password:o,user:r,loginOptions:a,providerId:s}))})),signIn:pt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(O.password.signIn,{loginId:n,password:o,loginOptions:s,providerId:i}))})),sendReset:gt(((t,n,o)=>X(e.post(O.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:vt(((t,n,o)=>X(e.post(O.password.update,{loginId:t,newPassword:n},{token:o})))),replace:ht(((t,n,o)=>X(e.post(O.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>X(e.get(O.password.policy))}),wt=he("loginId"),mt=we("loginId"),yt=we("origin"),bt=ve(mt,yt,we("name")),It=ve(mt,yt),kt=ve(wt,yt),Ot=ve(mt,yt,fe("token")),jt=ve(we("transactionId"),we("response")),St=e=>({signUp:{start:bt(((t,n,o,r)=>X(e.post(O.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:jt(((t,n)=>X(e.post(O.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:kt(((t,n,o,r,i)=>X(e.post(O.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:jt(((t,n)=>X(e.post(O.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:It(((t,n,o)=>X(e.post(O.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:Ot(((t,n,o,r)=>X(e.post(O.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:jt(((t,n)=>X(e.post(O.webauthn.update.finish,{transactionId:t,response:n}))))}}),Ut=he("loginId"),xt=ve(Ut),Tt=ve(we("pendingRef")),Rt=e=>({signUpOrIn:xt(((n,o={})=>{var{providerId:r}=o,i=t(o,["providerId"]);return X(e.post(O.notp.signUpOrIn,{loginId:n,loginOptions:i,providerId:r}))})),signUp:xt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(O.notp.signUp,{loginId:n,user:o,providerId:i,loginOptions:s}))})),signIn:xt(((n,o={},r)=>{var{providerId:i}=o,s=t(o,["providerId"]);return X(e.post(O.notp.signIn,{loginId:n,loginOptions:s,providerId:i},{token:r}))})),waitForSession:Tt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Oe(n);let s;const a=setInterval((async()=>{const n=await e.post(O.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(X(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),Ct=ve(we("token")),Et=ve(fe("token"));var Pt,$t=ve([(Pt=we("projectId"),Q(((e,t)=>n=>te(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",Pt))())])((e=>{const{projectId:t,logger:n,baseUrl:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a}=e;return c=M({baseUrl:o,projectId:t,logger:n,hooks:{get beforeRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.beforeRequest},get afterRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.afterRequest},get transformResponse(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}},cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:Ie(c),otp:tt(c),magicLink:Fe(c),enchantedLink:$e(c),oauth:Be(c),outbound:Ge(c),saml:rt(c),totp:lt(c),notp:Rt(c),webauthn:St(c),password:ft(c),flow:Ae(c),refresh:Et(((e,t,n,o)=>{const r={};n&&(r.externalToken=n);const i=o?O.tryRefresh:O.refresh;return X(c.post(i,r,{token:e,queryParams:t}))})),selectTenant:ve([ce("tenantId")],[pe('"token" must be string or undefined')])(((e,t)=>X(c.post(O.selectTenant,{tenant:e},{token:t})))),logout:Et((e=>X(c.post(O.logout,{},{token:e})))),logoutAll:Et((e=>X(c.post(O.logoutAll,{},{token:e})))),me:Et((e=>X(c.get(O.me,{token:e})))),myTenants:ve([ge('"tenants" must a string array or a boolean')],[pe('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,X(c.post(O.myTenants,n,{token:t}))})),history:Et((e=>X(c.get(O.history,{token:e})))),isJwtExpired:Ct(B),getTenants:Ct(z),getJwtPermissions:Ct(Z),getJwtRoles:Ct(G),getCurrentTenant:Ct(Y),httpClient:c};var c})),_t=Object.assign($t,{DeliveryMethods:Ue});const Dt=(...e)=>{console.debug(...e)},At=(e,t)=>{let n;var o;return t>0?(n=1e3*t,Dt(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>a&&(Dt(`Timeout is too large (${n}ms), setting it to ${a}ms`),n=a),n};
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i="3.2.0",s="undefined"!=typeof window,a=Math.pow(2,31)-1,c=`https://descopecdn.com/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`,l=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`;let d;const u=e=>{try{return r(e).exp}catch(e){return null}},p=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:u(n)},g=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?u(o):void 0)},v=e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,s=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||g(e),cookieExpiration:e.cookieExpiration||p(e)},s)},h=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},f=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return v(n)},w=()=>s&&!!window.descopeBridge,m=void 0!==d||s&&void 0!==window.localStorage,y=(e,t)=>{var n,o;return null===(o=null===(n=d||s&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},b=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},I=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},k=e=>{var t,n,o,r,i;return null!==(i=null!==(n=null===(t=null==d?void 0:d.key)||void 0===t?void 0:t.call(d,e))&&void 0!==n?n:s&&(null===(r=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===r?void 0:r.call(o,e)))&&void 0!==i?i:null};var O={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",tryRefresh:"/v1/auth/try-refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const j="<region>",S=`https://api.${j}descope.com`,U=6e5,x="dct",T=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},R=[521,524],C=e=>async(...t)=>{let n=await e(...t);R.includes(n.status)&&(n=await e(...t),n.retries=1);const o=await n.text();return n.text=()=>Promise.resolve(o),n.json=()=>Promise.resolve(JSON.parse(o)),n.clone=()=>n,n},E=(e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>T().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await C(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return T().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:C(n)};let P;const $=()=>{if(P)return P;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return P=`${t}-${n}`,P};var _,D;(D=_||(_={})).get="GET",D.delete="DELETE",D.post="POST",D.put="PUT",D.patch="PATCH";const A=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(j,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},L=(...e)=>new Headers(e.reduce(((e,t)=>((e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t).forEach((([t,n])=>{e[t]="function"==typeof n?n():n})),e)),{})),q={"Content-Type":"application/json"},N=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},J=(e,t)=>{const n={"x-descope-sdk-session-id":$(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.56.1","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},K=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e};var M=e=>{var t;return(({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=e||S,l=E(r,a),d=async e=>{var r;const a=(null==i?void 0:i.beforeRequest)?i.beforeRequest(e):e,{path:d,body:u,headers:p,queryParams:g,method:v,token:h}=a,f=(e=>void 0===e?void 0:JSON.stringify(e))(u),w={headers:L(N(t,h),J(t,o),(null==n?void 0:n.baseHeaders)||{},K(f)?q:{},p),method:v,body:f};null!==s&&(w.credentials=s||"include");const m=await l(A({path:d,baseUrl:c,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(e,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=((null===(r=m.headers)||void 0===r?void 0:r.get("set-cookie"))||"").split(";").reduce(((e,t)=>{const[n,o]=t.split("=");return Object.assign(Object.assign({},e),{[n.trim()]:o})}),{}),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>d({path:e,headers:t,queryParams:n,body:void 0,method:_.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>d({path:e,headers:n,queryParams:o,body:t,method:_.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>d({path:e,headers:n,queryParams:o,body:t,method:_.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>d({path:e,headers:n,queryParams:o,body:t,method:_.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>d({path:e,headers:t,queryParams:n,body:void 0,method:_.delete,token:o}),hooks:i,buildUrl:(e,n)=>A({projectId:t,baseUrl:c,path:e,queryParams:n})}})(Object.assign(Object.assign({},e),{hooks:{beforeRequest:t=>{var n;const o=[].concat((null===(n=e.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),t)},afterRequest:async(t,n)=>{var o;const r=[].concat((null===(o=e.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((e=>e(t,null==n?void 0:n.clone()))))).forEach((t=>{var n;return"rejected"===t.status&&(null===(n=e.logger)||void 0===n?void 0:n.error(t.reason))}))},transformResponse:null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}}))},F=429;function V(e,t,n){var o;let r=H(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[x])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function H(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function B(e){const{exp:t}=H(e);return(new Date).getTime()/1e3>t}function z(e){let t=H(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function Z(e,t){return V(e,t,"permissions")}function G(e,t){return V(e,t,"roles")}const W=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function X(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===F&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function Y(e){var t;return(null===(t=H(e))||void 0===t?void 0:t[x])||""}const Q=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),ee=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},te=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),ne=e=>t=>e.test(t),oe=ne(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),re=ne(/^\+[1-9]{1}[0-9]{3,14}$/),ie=Q(oe,'"{val}" is not a valid email'),se=Q(re,'"{val}" is not a valid phone number'),ae=Q((e=>e.length>=1),"Minimum length is 1");const ce=Q((e=>"string"==typeof e),"Input is not a string"),le=Q((e=>Array.isArray(e)),"Input is not an array"),de=Q((e=>"boolean"==typeof e),"Input is not a boolean"),ue=Q((e=>void 0===e),"Input is defined"),pe=ee([ce(),ue()],"Input is not a string or undefined"),ge=ee([le(),de()],"Input is not an array or boolean"),ve=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>te(...e).validate(n[t]))),t(...n)),he=e=>[ce(`"${e}" must be a string`)],fe=e=>[pe(`"${e}" must be string or undefined`)],we=e=>[ce(`"${e}" must be a string`),ae(`"${e}" must not be empty`)],me=e=>[ce(`"${e}" must be a string`),ie()],ye=e=>[ce(`"${e}" must be a string`),se()],be=ve(we("accessKey")),Ie=e=>({exchange:be(((t,n)=>X(e.post(O.accessKey.exchange,{loginOptions:n},{token:t}))))}),ke=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),Oe=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||U,U)});var je,Se;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp",e.im="im"}(je||(je={})),function(e){e.email="email"}(Se||(Se={}));const Ue=Object.assign(Object.assign({},je),Se);var xe;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(xe||(xe={}));const Te=we("loginId"),Re=ve(we("token")),Ce=ve(Te),Ee=ve(we("pendingRef")),Pe=ve(Te,me("email")),$e=e=>({verify:Re((t=>X(e.post(O.enchantedLink.verify,{token:t})))),signIn:Ce(((n,o,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return X(e.post(W(O.enchantedLink.signIn,Ue.email),{loginId:n,URI:o,loginOptions:a,providerId:s},{token:i}))})),signUpOrIn:Ce(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(W(O.enchantedLink.signUpOrIn,Ue.email),{loginId:n,URI:o,loginOptions:s,providerId:i}))})),signUp:Ce(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(W(O.enchantedLink.signUp,Ue.email),{loginId:n,URI:o,user:r,loginOptions:a,providerId:s}))})),waitForSession:Ee(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Oe(n);let s;const a=setInterval((async()=>{const n=await e.post(O.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(X(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:Pe(((t,n,o,r,i)=>X(e.post(O.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),_e=ve(we("flowId")),De=ve(we("executionId"),we("stepId"),we("interactionId")),Ae=e=>({start:_e(((t,n,o,r,i,s,a,c=!1)=>X(e.post(O.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a,isCustomScreen:c})))),next:De(((t,n,o,r,i,s,a=!1)=>X(e.post(O.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s,isCustomScreen:a}))))}),Le=we("loginId"),qe=ve(we("token")),Ne=ve(Le),Je=ve(Le,ye("phone")),Ke=ve(Le,me("email")),Me=Object.keys(Ue).filter((e=>e!==je.voice&&e!==je.im)),Fe=e=>({verify:qe((t=>X(e.post(O.magicLink.verify,{token:t})))),signIn:Me.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ne(((n,r,i={},s)=>{var{providerId:a}=i,c=t(i,["providerId"]);return X(e.post(W(O.magicLink.signIn,o),{loginId:n,URI:r,loginOptions:c,providerId:a},{token:s}))}))})),{}),signUp:Me.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ne(((n,r,i,s={})=>{var{providerId:a}=s,c=t(s,["providerId"]);return X(e.post(W(O.magicLink.signUp,o),{loginId:n,URI:r,user:i,loginOptions:c,providerId:a}))}))})),{}),signUpOrIn:Me.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ne(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(W(O.magicLink.signUpOrIn,o),{loginId:n,URI:r,loginOptions:a,providerId:s}))}))})),{}),update:{email:Ke(((t,n,o,r,i)=>X(e.post(O.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(je).filter((e=>e!==je.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Je(((t,o,r,i,s)=>X(e.post(W(O.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var Ve;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(Ve||(Ve={}));const He=ve(we("code")),Be=e=>({start:Object.assign(((t,n,o,r,i)=>X(e.post(O.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(Ve).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>X(e.post(O.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:He((t=>X(e.post(O.oauth.exchange,{code:t})))),startNative:(t,n,o)=>X(e.post(O.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>X(e.post(O.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>X(e.get(O.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>X(e.post(O.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>X(e.post(O.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),ze=we("appId"),Ze=ve(ze),Ge=e=>({connect:Ze(((t,n,o)=>{const r=null==n?void 0:n.tenantId,i=null==n?void 0:n.tenantLevel;return null==n||delete n.tenantId,null==n||delete n.tenantLevel,X(e.post(O.outbound.connect,{appId:t,tenantId:r,tenantLevel:i,options:n},{token:o}))}))}),We=we("loginId"),Xe=ve(We,we("code")),Ye=ve(We),Qe=ve(We,ye("phone")),et=ve(We,me("email")),tt=e=>({verify:Object.keys(Ue).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Xe(((t,o)=>X(e.post(W(O.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(Ue).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ye(((n,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return X(e.post(W(O.otp.signIn,o),{loginId:n,loginOptions:a,providerId:s},{token:i}))}))})),{}),signUp:Object.keys(Ue).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ye(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(W(O.otp.signUp,o),{loginId:n,user:r,loginOptions:a,providerId:s}))}))})),{}),signUpOrIn:Object.keys(Ue).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ye(((n,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(W(O.otp.signUpOrIn,o),{loginId:n,loginOptions:s,providerId:i}))}))})),{}),update:{email:et(((t,n,o,r)=>X(e.post(O.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(je).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Qe(((t,o,r,i)=>X(e.post(W(O.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),nt=ve(we("tenant")),ot=ve(we("code")),rt=e=>({start:nt(((t,n,o,r,i,s,a,c)=>X(e.post(O.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i}),s&&{forceAuthn:"true"}),a&&{loginHint:a}),c&&{initiatedEmail:t})},r&&{token:r}))))),exchange:ot((t=>X(e.post(O.saml.exchange,{code:t}))))}),it=we("loginId"),st=ve(it,we("code")),at=ve(it),ct=ve(it),lt=e=>({signUp:at(((t,n)=>X(e.post(O.totp.signUp,{loginId:t,user:n})))),verify:st(((t,n,o,r)=>X(e.post(O.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:ct(((t,n)=>X(e.post(O.totp.update,{loginId:t},{token:n}))))}),dt=we("loginId"),ut=we("newPassword"),pt=ve(dt,we("password")),gt=ve(dt),vt=ve(dt,ut),ht=ve(dt,we("oldPassword"),ut),ft=e=>({signUp:pt(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return X(e.post(O.password.signUp,{loginId:n,password:o,user:r,loginOptions:a,providerId:s}))})),signIn:pt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(O.password.signIn,{loginId:n,password:o,loginOptions:s,providerId:i}))})),sendReset:gt(((t,n,o)=>X(e.post(O.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:vt(((t,n,o)=>X(e.post(O.password.update,{loginId:t,newPassword:n},{token:o})))),replace:ht(((t,n,o)=>X(e.post(O.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>X(e.get(O.password.policy))}),wt=he("loginId"),mt=we("loginId"),yt=we("origin"),bt=ve(mt,yt,we("name")),It=ve(mt,yt),kt=ve(wt,yt),Ot=ve(mt,yt,fe("token")),jt=ve(we("transactionId"),we("response")),St=e=>({signUp:{start:bt(((t,n,o,r)=>X(e.post(O.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,passkeyOptions:r})))),finish:jt(((t,n)=>X(e.post(O.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:kt(((t,n,o,r,i)=>X(e.post(O.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:jt(((t,n)=>X(e.post(O.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:It(((t,n,o)=>X(e.post(O.webauthn.signUpOrIn.start,{loginId:t,origin:n,passkeyOptions:o}))))},update:{start:Ot(((t,n,o,r)=>X(e.post(O.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:jt(((t,n)=>X(e.post(O.webauthn.update.finish,{transactionId:t,response:n}))))}}),Ut=he("loginId"),xt=ve(Ut),Tt=ve(we("pendingRef")),Rt=e=>({signUpOrIn:xt(((n,o={})=>{var{providerId:r}=o,i=t(o,["providerId"]);return X(e.post(O.notp.signUpOrIn,{loginId:n,loginOptions:i,providerId:r}))})),signUp:xt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return X(e.post(O.notp.signUp,{loginId:n,user:o,providerId:i,loginOptions:s}))})),signIn:xt(((n,o={},r)=>{var{providerId:i}=o,s=t(o,["providerId"]);return X(e.post(O.notp.signIn,{loginId:n,loginOptions:s,providerId:i},{token:r}))})),waitForSession:Tt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Oe(n);let s;const a=setInterval((async()=>{const n=await e.post(O.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(X(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),Ct=ve(we("token")),Et=ve(fe("token"));var Pt,$t=ve([(Pt=we("projectId"),Q(((e,t)=>n=>te(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",Pt))())])((e=>{const{projectId:t,logger:n,baseUrl:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a}=e;return c=M({baseUrl:o,projectId:t,logger:n,hooks:{get beforeRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.beforeRequest},get afterRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.afterRequest},get transformResponse(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}},cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:Ie(c),otp:tt(c),magicLink:Fe(c),enchantedLink:$e(c),oauth:Be(c),outbound:Ge(c),saml:rt(c),totp:lt(c),notp:Rt(c),webauthn:St(c),password:ft(c),flow:Ae(c),refresh:Et(((e,t,n,o)=>{const r={};n&&(r.externalToken=n);const i=o?O.tryRefresh:O.refresh;return X(c.post(i,r,{token:e,queryParams:t}))})),selectTenant:ve([ce("tenantId")],[pe('"token" must be string or undefined')])(((e,t)=>X(c.post(O.selectTenant,{tenant:e},{token:t})))),logout:Et((e=>X(c.post(O.logout,{},{token:e})))),logoutAll:Et((e=>X(c.post(O.logoutAll,{},{token:e})))),me:Et((e=>X(c.get(O.me,{token:e})))),myTenants:ve([ge('"tenants" must a string array or a boolean')],[pe('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,X(c.post(O.myTenants,n,{token:t}))})),history:Et((e=>X(c.get(O.history,{token:e})))),isJwtExpired:Ct(B),getTenants:Ct(z),getJwtPermissions:Ct(Z),getJwtRoles:Ct(G),getCurrentTenant:Ct(Y),httpClient:c};var c})),_t=Object.assign($t,{DeliveryMethods:Ue});const Dt=(...e)=>{console.debug(...e)},At=(e,t)=>{let n;var o;return t>0?(n=1e3*t,Dt(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>a&&(Dt(`Timeout is too large (${n}ms), setting it to ${a}ms`),n=a),n};
 /*! js-cookie v3.0.5 | MIT */
-function Lt(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var qt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Lt({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Lt({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Lt({},this.attributes,t))},withConverter:function(t){return e(Lt({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Nt="DS",Jt="DSR",Kt="DSI";function Mt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=Ft(o);qt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Ft(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const Vt=e=>(null==e?void 0:e.cookieName)||Nt,Ht=e=>(null==e?void 0:e.cookieName)||Jt;function Bt(e="",t){return qt.get(Ht(t))||b(`${e}${Jt}`)||""}function zt(e="",t){return qt.get(Vt(t))||b(`${e}${Nt}`)||""}function Zt(e=""){return b(`${e}${Kt}`)||""}function Gt(e="",t,n,o){I(`${e}${Jt}`),I(`${e}${Nt}`),I(`${e}${Kt}`);const r=Vt(t);qt.remove(r,null==o?void 0:o.session);const i=Ht(n);qt.remove(i,null==o?void 0:o.refresh)}const Wt=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||Bt(e,t)}),r=function(e=""){return b(`${e}DTD`)||""}(e);return r&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":r})),o},Xt=s&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Yt="vsid",Qt="vrid";var en={default:"endpoint"},tn="Blocked by CSP",nn="The endpoint parameter is not a valid URL",on="Failed to load the JS script of the agent",rn="9319";function sn(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===tn||s===nn)n.exclude(),i=0;else if(s===rn)n.exclude();else if(s===on){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],d=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var u=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=d(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return u(r)}))}))};return u(l).then((function(e){return[e,a]}))}var an="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",cn=an;function ln(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:an,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),d=l[0],u=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return sn(e,dn)})).catch((function(e){throw u(),function(e){return e instanceof Error&&e.message===rn?new Error(on):e}(e)})).then((function(t){var n=t[0],o=t[1];return u(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:d}}))}))}function dn(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(nn);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(on))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(tn)})).then(un)}function un(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(rn);return n}const pn=(e=!1)=>{const t=b("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},gn=async(e,t=Xt)=>{try{if(pn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=ln({apiKey:e,endpoint:[o.toString(),en],scriptUrlPattern:[i,cn]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[Yt]:e,[Qt]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};y("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},vn=e=>{const t=pn(!0);return t&&e.body&&(e.body.fpData=t),e},hn="descopeFlowNonce",fn="X-Descope-Flow-Nonce",wn="/v1/flow/start",mn="/v1/flow/next",yn=(e,t=hn)=>`${t}${e}`,bn=(e,t=hn)=>{try{const n=yn(e,t);I(n)}catch(e){console.error("Error removing flow nonce:",e)}},In=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},kn=e=>{var t;return e.path===mn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?In(e.body.executionId):null},On="dls_last_user_login_id",jn="dls_last_user_display_name",Sn=e=>y(On,e),Un=()=>b(On),xn=()=>b(jn),Tn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Un(),i=xn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Rn=e=>t=>async(...n)=>{const o=await t(...n);return e||(I(On),I(jn)),o};function Cn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const En=(e,t,n,o)=>r=>async(...i)=>{const s=await r(...i);return Gt(e,t,n,null==o?void 0:o()),s};async function Pn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=qn(n.publicKey.challenge),n.publicKey.user.id=qn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=qn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Nn(o.rawId),type:o.type,response:{attestationObject:Nn(o.response.attestationObject),clientDataJSON:Nn(o.response.clientDataJSON)}});var o}async function $n(e){const t=An(e);return Ln(await navigator.credentials.get(t))}async function _n(e,t){const n=An(e);n.signal=t.signal,n.mediation="conditional";return Ln(await navigator.credentials.get(n))}async function Dn(e=!1){var t,n;if(!s)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function An(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=qn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=qn(e.id)})),n}function Ln(e){return JSON.stringify({id:e.id,rawId:Nn(e.rawId),type:e.type,response:{authenticatorData:Nn(e.response.authenticatorData),clientDataJSON:Nn(e.response.clientDataJSON),signature:Nn(e.response.signature),userHandle:e.response.userHandle?Nn(e.response.userHandle):void 0}})}function qn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Nn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Jn,Kn=(Jn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Pn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await $n(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await Pn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await $n(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Pn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:Pn,get:$n,isSupported:Dn,conditional:_n}}),(...e)=>{const t=Jn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Mn={config:"/fedcm/config"},Fn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Vn(e,t){var n;try{await Hn(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Hn(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Fn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Bn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Dn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let zn;const Zn=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Zn(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Gn=async(e,t,n)=>{zn||(zn=(async()=>{try{return require("oidc-client-ts")}catch(e){return Zn([c,l],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await zn;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,d,u;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,d=`${a}_user`,u="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,d=`${a}_user`,u="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,d=`${a}_user`,u="openid email roles descope.custom_claims offline_access");const p={authority:s,client_id:a,redirect_uri:i,response_type:"code",scope:(null==n?void 0:n.scope)||u,stateStore:new r({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(p.redirect_uri=n.redirectUri),{client:new o(p),stateUserKey:d}},Wn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await Gn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),y(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=b(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Zt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return I(r),t||window.location.replace(s),i}}},Xn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,d=n,e(t)}),(e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return s?(o&&r&&gn(o).catch((()=>null)),e(h(i,{beforeRequest:vn}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||w())return e(i);const{clearAllTimers:a,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;s&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(Dt("Expiration time passed, refreshing session"),u.refresh(Bt()||d))}));const u=e(h(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i,nextRefreshSeconds:p}=await f(t);if(401===(null==t?void 0:t.status))Dt("Received 401, canceling all timers"),a();else if(n||i){if(l=((e,t)=>{if(t)return new Date(1e3*t);Dt("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!l)return void Dt("Could not extract expiration time from session token");d=o;const e=At(l,p);if(a(),e<=2e4)return void Dt("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});Dt(`Setting refresh timer for ${t}. (${e}ms)`),c((()=>{s&&"hidden"===document.visibilityState?Dt("Skipping refresh due to timer - document is hidden"):(Dt("Refreshing session due to timer"),u.refresh(Bt()||o))}),e)}}}));return ke(u,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return Dt("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.43.0"},t.baseHeaders)}))),(e=>t=>{const n=Cn(),o=Cn(),r=Cn(),i=Cn(),s=e(h(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null),i.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:s,sessionExpiration:a,claims:c}=await f(t);s&&o.pub(s),c&&i.pub(c),(a||s)&&n.pub(a||42)}}})),a=ke(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const s=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i.pub(null),s}));return Object.assign(a,{onSessionTokenChange:o.sub,onUserChange:r.sub,onClaimsChange:i.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=hn}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=hn)=>{try{if(!m)return;for(let r=0;r<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==d?void 0:d.length)&&void 0!==t?t:s&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);r++){const t=k(r);if(t&&t.startsWith(e)){const e=b(t);if(e)try{JSON.parse(e).expiry<Date.now()&&I(t)}catch(e){I(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(r);return e(h(i,{afterRequest:async(e,t)=>{if(e.path!==wn&&e.path!==mn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(fn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=kn(e)),{nonce:n,executionId:In(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=hn)=>{try{const r=yn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};y(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===wn,r)}},beforeRequest:e=>{if(e.path===mn){const t=kn(e);if(t){const n=((e,t=hn)=>{try{const n=yn(e,t),o=b(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(bn(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[fn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:Un,getLastUserDisplayName:xn});const s=e(h(i,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:r}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=v((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;i?(Sn(i),(e=>{y(jn,e)})(s)):(null==r?void 0:r.loginId)&&Sn(r.loginId)}}));let a=ke(s,["flow.start"],Tn);return a=ke(a,["logout","logoutAll"],Rn(r)),Object.assign(a,{getLastUserLoginId:Un,getLastUserDisplayName:xn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,refreshTokenViaCookie:i,storagePrefix:a}=n,c=t(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!o||!s)return e(c);let l;const d=e(h(c,{beforeRequest:Wt(a,i),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);if(401===(null==t?void 0:t.status))n||Gt(a,r,i,l);else{const e=((e={},t=!1,n="",o=!1)=>{var r,i,s,a;const{sessionJwt:c,refreshJwt:l,trustedDeviceJwt:d}=e;let u;if(l)if(o){I(`${n}${Jt}`);const t=o.sameSite||"Strict",s=null===(r=o.secure)||void 0===r||r,a=null!==(i=o.domain)&&void 0!==i?i:e.cookieDomain,c=Ht(o),d=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});Mt(c,l,d);const p=Ft(a);u=Object.assign(Object.assign({},u),{refresh:{path:d.cookiePath,domain:p?a:void 0}})}else{const e=Ht(o);qt.remove(e),y(`${n}${Jt}`,l)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,r=null!==(a=t.domain)&&void 0!==a?a:e.cookieDomain,i=Vt(t),l=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:r});Mt(i,c,l);const d=Ft(r);u=Object.assign(Object.assign({},u),{session:{path:l.cookiePath,domain:d?r:void 0}})}else y(`${n}${Nt}`,c);return e.idToken&&y(`${n}${Kt}`,e.idToken),d&&y(`${n}DTD`,d),u})(await f(t),r,a,i);e&&(l=e)}}})),u=ke(d,["logout","logoutAll","oidc.logout"],En(a,r,i,(()=>l)));return Object.assign(u,{getRefreshToken:()=>Bt(a,i),getSessionToken:()=>zt(a,r),getIdToken:()=>Zt(a)})}))((e=>{const t=_t(e),n=Wn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,r)=>{var i;if(w())return Dt(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=zt(),a=Bt();let c="";if(e.getExternalToken)try{c=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){Dt("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},c,r)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Bn(t),webauthn:Kn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Vn(o,e)},requestAuthentication(e){Vn(o,e)}},async oneTap(e,t,n,r,i){await Hn(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+Mn.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>s&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+Mn.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Xn.REFRESH_TOKEN_KEY=Jt,Xn.SESSION_TOKEN_KEY=Nt,Xn}));
+function Lt(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var qt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Lt({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Lt({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Lt({},this.attributes,t))},withConverter:function(t){return e(Lt({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Nt="DS",Jt="DSR",Kt="DSI";function Mt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=Ft(o);qt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Ft(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const Vt=e=>(null==e?void 0:e.cookieName)||Nt,Ht=e=>(null==e?void 0:e.cookieName)||Jt;function Bt(e="",t){return qt.get(Ht(t))||b(`${e}${Jt}`)||""}function zt(e="",t){return qt.get(Vt(t))||b(`${e}${Nt}`)||""}function Zt(e=""){return b(`${e}${Kt}`)||""}function Gt(e="",t,n,o){I(`${e}${Jt}`),I(`${e}${Nt}`),I(`${e}${Kt}`);const r=Vt(t);qt.remove(r,null==o?void 0:o.session);const i=Ht(n);qt.remove(i,null==o?void 0:o.refresh)}const Wt=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||Bt(e,t)}),r=function(e=""){return b(`${e}DTD`)||""}(e);return r&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":r})),o},Xt=s&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",Yt="vsid",Qt="vrid";var en={default:"endpoint"},tn="Blocked by CSP",nn="The endpoint parameter is not a valid URL",on="Failed to load the JS script of the agent",rn="9319";function sn(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===tn||s===nn)n.exclude(),i=0;else if(s===rn)n.exclude();else if(s===on){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],d=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var u=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=d(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return u(r)}))}))};return u(l).then((function(e){return[e,a]}))}var an="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",cn=an;function ln(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:an,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),d=l[0],u=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return sn(e,dn)})).catch((function(e){throw u(),function(e){return e instanceof Error&&e.message===rn?new Error(on):e}(e)})).then((function(t){var n=t[0],o=t[1];return u(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:d}}))}))}function dn(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(nn);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(on))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(tn)})).then(un)}function un(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(rn);return n}const pn=(e=!1)=>{const t=b("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},gn=async(e,t=Xt)=>{try{if(pn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=ln({apiKey:e,endpoint:[o.toString(),en],scriptUrlPattern:[i,cn]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[Yt]:e,[Qt]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};y("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},vn=e=>{const t=pn(!0);return t&&e.body&&(e.body.fpData=t),e},hn="descopeFlowNonce",fn="X-Descope-Flow-Nonce",wn="/v1/flow/start",mn="/v1/flow/next",yn=(e,t=hn)=>`${t}${e}`,bn=(e,t=hn)=>{try{const n=yn(e,t);I(n)}catch(e){console.error("Error removing flow nonce:",e)}},In=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},kn=e=>{var t;return e.path===mn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?In(e.body.executionId):null},On="dls_last_user_login_id",jn="dls_last_user_display_name",Sn=e=>y(On,e),Un=()=>b(On),xn=()=>b(jn),Tn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Un(),i=xn();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Rn=e=>t=>async(...n)=>{const o=await t(...n);return e||(I(On),I(jn)),o};function Cn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const En=(e,t,n,o)=>r=>async(...i)=>{const s=await r(...i);return Gt(e,t,n,null==o?void 0:o()),s};async function Pn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=qn(n.publicKey.challenge),n.publicKey.user.id=qn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=qn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:Nn(o.rawId),type:o.type,response:{attestationObject:Nn(o.response.attestationObject),clientDataJSON:Nn(o.response.clientDataJSON)}});var o}async function $n(e){const t=An(e);return Ln(await navigator.credentials.get(t))}async function _n(e,t){const n=An(e);n.signal=t.signal,n.mediation="conditional";return Ln(await navigator.credentials.get(n))}async function Dn(e=!1){var t,n;if(!s)return Promise.resolve(!1);if(w()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function An(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=qn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=qn(e.id)})),n}function Ln(e){return JSON.stringify({id:e.id,rawId:Nn(e.rawId),type:e.type,response:{authenticatorData:Nn(e.response.authenticatorData),clientDataJSON:Nn(e.response.clientDataJSON),signature:Nn(e.response.signature),userHandle:e.response.userHandle?Nn(e.response.userHandle):void 0}})}function qn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function Nn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Jn,Kn=(Jn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Pn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await $n(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await Pn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await $n(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Pn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:Pn,get:$n,isSupported:Dn,conditional:_n}}),(...e)=>{const t=Jn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Mn={config:"/fedcm/config"},Fn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Vn(e,t){var n;try{await Hn(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Hn(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Fn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const d=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:d,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Bn=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Dn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let zn;const Zn=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Zn(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Gn=async(e,t,n)=>{zn||(zn=(async()=>{try{return require("oidc-client-ts")}catch(e){return Zn([c,l],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await zn;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,d,u;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,d=`${a}_user`,u="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,d=`${a}_user`,u="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,d=`${a}_user`,u="openid email roles descope.custom_claims offline_access");const p={authority:s,client_id:a,redirect_uri:i,response_type:"code",scope:(null==n?void 0:n.scope)||u,stateStore:new r({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(p.redirect_uri=n.redirectUri),{client:new o(p),stateUserKey:d}},Wn=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await Gn(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),y(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),r=await n.createSigninRequest(e),{url:i}=r;return t||(window.location.href=i),{ok:!0,data:r}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=b(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||Zt(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return I(r),t||window.location.replace(s),i}}},Xn=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,d=n,e(t)}),(e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return s?(o&&r&&gn(o).catch((()=>null)),e(h(i,{beforeRequest:vn}))):e(i)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);if(!o||w())return e(i);const{clearAllTimers:a,setTimer:c}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let l,d;s&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&l&&new Date>l&&(Dt("Expiration time passed, refreshing session"),u.refresh(Bt()||d))}));const u=e(h(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i,nextRefreshSeconds:p}=await f(t);if(401===(null==t?void 0:t.status))Dt("Received 401, canceling all timers"),a();else if(n||i){if(l=((e,t)=>{if(t)return new Date(1e3*t);Dt("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!l)return void Dt("Could not extract expiration time from session token");d=o;const e=At(l,p);if(a(),e<=2e4)return void Dt("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});Dt(`Setting refresh timer for ${t}. (${e}ms)`),c((()=>{s&&"hidden"===document.visibilityState?Dt("Skipping refresh due to timer - document is hidden"):(Dt("Refreshing session due to timer"),u.refresh(Bt()||o))}),e)}}}));return ke(u,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return Dt("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.43.1"},t.baseHeaders)}))),(e=>t=>{const n=Cn(),o=Cn(),r=Cn(),i=Cn(),s=e(h(t,{afterRequest:async(e,t)=>{if(401===(null==t?void 0:t.status))o.pub(null),r.pub(null),n.pub(null),i.pub(null);else{const e=await(async e=>{const t=await f(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:s,sessionExpiration:a,claims:c}=await f(t);s&&o.pub(s),c&&i.pub(c),(a||s)&&n.pub(a||42)}}})),a=ke(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const s=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i.pub(null),s}));return Object.assign(a,{onSessionTokenChange:o.sub,onUserChange:r.sub,onClaimsChange:i.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=hn}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=hn)=>{try{if(!m)return;for(let r=0;r<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==d?void 0:d.length)&&void 0!==t?t:s&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);r++){const t=k(r);if(t&&t.startsWith(e)){const e=b(t);if(e)try{JSON.parse(e).expiry<Date.now()&&I(t)}catch(e){I(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(r);return e(h(i,{afterRequest:async(e,t)=>{if(e.path!==wn&&e.path!==mn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(fn);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=kn(e)),{nonce:n,executionId:In(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=hn)=>{try{const r=yn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};y(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===wn,r)}},beforeRequest:e=>{if(e.path===mn){const t=kn(e);if(t){const n=((e,t=hn)=>{try{const n=yn(e,t),o=b(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(bn(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[fn]=n)}}return e}}))}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:Un,getLastUserDisplayName:xn});const s=e(h(i,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:r}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=v((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;i?(Sn(i),(e=>{y(jn,e)})(s)):(null==r?void 0:r.loginId)&&Sn(r.loginId)}}));let a=ke(s,["flow.start"],Tn);return a=ke(a,["logout","logoutAll"],Rn(r)),Object.assign(a,{getLastUserLoginId:Un,getLastUserDisplayName:xn})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,refreshTokenViaCookie:i,storagePrefix:a}=n,c=t(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!o||!s)return e(c);let l;const d=e(h(c,{beforeRequest:Wt(a,i),afterRequest:async(e,t)=>{const n=/^\/v\d+\/mgmt\//.test(e.path);if(401===(null==t?void 0:t.status))n||Gt(a,r,i,l);else{const e=((e={},t=!1,n="",o=!1)=>{var r,i,s,a;const{sessionJwt:c,refreshJwt:l,trustedDeviceJwt:d}=e;let u;if(l)if(o){I(`${n}${Jt}`);const t=o.sameSite||"Strict",s=null===(r=o.secure)||void 0===r||r,a=null!==(i=o.domain)&&void 0!==i?i:e.cookieDomain,c=Ht(o),d=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});Mt(c,l,d);const p=Ft(a);u=Object.assign(Object.assign({},u),{refresh:{path:d.cookiePath,domain:p?a:void 0}})}else{const e=Ht(o);qt.remove(e),y(`${n}${Jt}`,l)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,r=null!==(a=t.domain)&&void 0!==a?a:e.cookieDomain,i=Vt(t),l=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:r});Mt(i,c,l);const d=Ft(r);u=Object.assign(Object.assign({},u),{session:{path:l.cookiePath,domain:d?r:void 0}})}else y(`${n}${Nt}`,c);return e.idToken&&y(`${n}${Kt}`,e.idToken),d&&y(`${n}DTD`,d),u})(await f(t),r,a,i);e&&(l=e)}}})),u=ke(d,["logout","logoutAll","oidc.logout"],En(a,r,i,(()=>l)));return Object.assign(u,{getRefreshToken:()=>Bt(a,i),getSessionToken:()=>zt(a,r),getIdToken:()=>Zt(a)})}))((e=>{const t=_t(e),n=Wn(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,r)=>{var i;if(w())return Dt(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=zt(),a=Bt();let c="";if(e.getExternalToken)try{c=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){Dt("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},c,r)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:Bn(t),webauthn:Kn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Vn(o,e)},requestAuthentication(e){Vn(o,e)}},async oneTap(e,t,n,r,i){await Hn(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+Mn.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>s&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+Mn.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return Xn.REFRESH_TOKEN_KEY=Jt,Xn.SESSION_TOKEN_KEY=Nt,Xn}));
 //# sourceMappingURL=index.umd.js.map