npm - @descope/web-js-sdk - Versions diffs - 1.44.0 → 1.45.0 - Mend

@descope/web-js-sdk 1.44.0 → 1.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -109,6 +109,12 @@ declare const ensureFingerprintIds: (fpKey: string, baseUrl?: string) => Promise
 /** Clear Fingerprint data from storage */
 declare const clearFingerprintData: () => void;
+/**
+ * Return the session token. first try to get from cookie, and fallback to local storage
+ * See sessionTokenViaCookie option for more details about session token location
+ */
+declare function getSessionToken(prefix?: string, sessionTokenViaCookie?: CookieConfig): string;
 declare const hasOidcParamsInUrl: () => boolean;
 declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPersistTokens, sessionTokenViaCookie, refreshTokenViaCookie, storagePrefix, ...config }: {
@@ -747,6 +753,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
             scopes?: string[];
             tenantId?: string;
             tenantLevel?: boolean;
+            externalIdentifier?: string;
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
     saml: {
@@ -1466,6 +1473,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
             scopes?: string[];
             tenantId?: string;
             tenantLevel?: boolean;
+            externalIdentifier?: string;
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
     saml: {
@@ -2185,6 +2193,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
             scopes?: string[];
             tenantId?: string;
             tenantLevel?: boolean;
+            externalIdentifier?: string;
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
     saml: {
@@ -2912,6 +2921,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
             scopes?: string[];
             tenantId?: string;
             tenantLevel?: boolean;
+            externalIdentifier?: string;
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
     saml: {
@@ -3631,6 +3641,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
             scopes?: string[];
             tenantId?: string;
             tenantLevel?: boolean;
+            externalIdentifier?: string;
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
     saml: {
@@ -4350,6 +4361,7 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
             scopes?: string[];
             tenantId?: string;
             tenantLevel?: boolean;
+            externalIdentifier?: string;
         }, token?: string) => Promise<_descope_core_js_sdk.SdkResponse<_descope_core_js_sdk.URLResponse>>;
     };
     saml: {
@@ -4483,4 +4495,4 @@ declare const decoratedCreateSdk: <A extends CookieConfig>({ persistTokens: isPe
     getIdToken: () => string;
 };
-export { type CookieConfig, type CustomStorage, type FlowNonceOptions, type OidcConfig, type OneTapConfig, REFRESH_TOKEN_KEY, SESSION_TOKEN_KEY, clearFingerprintData, decoratedCreateSdk as createSdk, decoratedCreateSdk as default, ensureFingerprintIds, hasOidcParamsInUrl };
+export { type CookieConfig, type CustomStorage, type FlowNonceOptions, type OidcConfig, type OneTapConfig, REFRESH_TOKEN_KEY, SESSION_TOKEN_KEY, clearFingerprintData, decoratedCreateSdk as createSdk, decoratedCreateSdk as default, ensureFingerprintIds, getSessionToken, hasOidcParamsInUrl };

package/dist/index.esm.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as s,defaultScriptUrlPattern as a}from"@fingerprintjs/fingerprintjs-pro";const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;const g=["/v1/auth/refresh","/v1/auth/try-refresh","/v1/auth/me","/v1/auth/me/tenants","/v1/auth/me/history"];let f;const v=e=>{try{return t(e).exp}catch(e){return null}},w=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:v(n)},h=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?v(o):void 0)},m=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||h(t),cookieExpiration:t.cookieExpiration||w(t)},s)},y=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},b=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return m(n)},k=()=>c&&!!window.descopeBridge,S=(e,t)=>{if(!((null==t?void 0:t.status)>=400&&(null==t?void 0:t.status)<500))return!1;const n=(null==e?void 0:e.path)||"";return g.includes(n)},I=void 0!==f||c&&void 0!==window.localStorage,O=(e,t)=>{var n,o;return null===(o=null===(n=f||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},_=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},x=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},D=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==f?void 0:f.key)||void 0===t?void 0:t.call(f,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},T=(...e)=>{console.debug(...e)},j=(...e)=>{console.warn(...e)},C=(e,t)=>{let n;var o;return t>0?(n=1e3*t,T(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(T(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},U="DS",R="DSR",E="DSI";function $(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:s,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),d=A(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:c,sameSite:s,secure:l})}}function A(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const J=e=>(null==e?void 0:e.cookieName)||U,N=e=>(null==e?void 0:e.cookieName)||R;function P(e="",t){return i.get(N(t))||_(`${e}${R}`)||""}function L(e="",t){return i.get(J(t))||_(`${e}${U}`)||""}function K(e=""){return _(`${e}${E}`)||""}function q(e="",t,n,o){x(`${e}${R}`),x(`${e}${U}`),x(`${e}${E}`);const r=J(t);i.remove(r,null==o?void 0:o.session);const s=N(n);i.remove(s,null==o?void 0:o.refresh)}const V=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||P(e,t)}),i=function(e=""){return _(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},F=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",M="vsid",H="vrid",B="fp",G=(e=!1)=>{const t=_(B);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},W=async(e,t=F)=>{try{if(G())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const l=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",c=r({apiKey:e,endpoint:[o.toString(),s],scriptUrlPattern:[l,a]}),d=await c,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[M]:e,[H]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};O(B,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},X=()=>{x(B)},Z=e=>{const t=G(!0);return t&&e.body&&(e.body.fpData=t),e},z="descopeFlowNonce",Q="X-Descope-Flow-Nonce",Y="/v1/flow/start",ee="/v1/flow/next",te=(e,t=z)=>`${t}${e}`,ne=(e,t=z)=>{try{const n=te(e,t);x(n)}catch(e){console.error("Error removing flow nonce:",e)}},oe=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},ie=e=>{var t;return e.path===ee&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?oe(e.body.executionId):null},re="dls_last_user_login_id",se="dls_last_user_display_name",ae=e=>O(re,e),le=()=>_(re),ce=()=>_(se),de=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=le(),r=ce();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ue=e=>t=>async(...n)=>{const o=await t(...n);return e||(x(re),x(se)),o};function pe(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ge=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return q(e,t,n,null==o?void 0:o()),s};async function fe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=be(n.publicKey.challenge),n.publicKey.user.id=be(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=be(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:ke(o.rawId),type:o.type,response:{attestationObject:ke(o.response.attestationObject),clientDataJSON:ke(o.response.clientDataJSON)}});var o}async function ve(e){const t=me(e);return ye(await navigator.credentials.get(t))}async function we(e,t){const n=me(e);n.signal=t.signal,n.mediation="conditional";return ye(await navigator.credentials.get(n))}async function he(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(k()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function me(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=be(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=be(e.id)})),n}function ye(e){return JSON.stringify({id:e.id,rawId:ke(e.rawId),type:e.type,response:{authenticatorData:ke(e.response.authenticatorData),clientDataJSON:ke(e.response.clientDataJSON),signature:ke(e.response.signature),userHandle:e.response.userHandle?ke(e.response.userHandle):void 0}})}function be(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function ke(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Se,Ie=(Se=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await fe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ve(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await fe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ve(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await fe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:fe,get:ve,isSupported:he,conditional:we}}),(...e)=>{const t=Se(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Oe={config:"/fedcm/config"},_e=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function xe(e,t){var n;try{await De(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function De(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=_e(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Te=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await he(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const je=()=>window.location.search.includes("code")&&window.location.search.includes("state");let Ce;const Ue=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Ue(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Re=async(e,t,n)=>{Ce||(Ce=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ue([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await Ce;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ee=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Re(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),O(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(je())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=_(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||K(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return x(i),t||window.location.replace(s),r}}},$e=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,f=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return c?(o&&i&&W(o).catch((()=>null)),t(y(r,{beforeRequest:Z}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,s=e(i,["autoRefresh"]);if(!r||k())return n(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(T("Expiration time passed, refreshing session"),p.refresh(P()||u))}));const p=n(y(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await b(n);if(S(e,n))T("Session invalidated, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);T("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void T("Could not extract expiration time from session token");u=i;const e=C(d,s);if(a(),e<=2e4)return void T("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});T(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?T("Skipping refresh due to timer - document is hidden"):(T("Refreshing session due to timer"),p.refresh(P()||i))}),e)}}}));return o(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return T("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.44.0"},t.baseHeaders)}))),(e=>t=>{const n=pe(),i=pe(),r=pe(),s=pe(),a=e(y(t,{afterRequest:async(e,t)=>{if(S(e,t))T("Session invalidated, notifying subscribers with empty values"),i.pub(null),r.pub(null),n.pub(null),s.pub(null);else{const e=await(async e=>{const t=await b(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a,claims:l}=await b(t);o&&i.pub(o),l&&s.pub(l),(a||o)&&n.pub(a||42)}}})),l=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),s.pub(null),o}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=z}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=z)=>{try{if(!I)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==f?void 0:f.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=D(i);if(t&&t.startsWith(e)){const e=_(t);if(e)try{JSON.parse(e).expiry<Date.now()&&x(t)}catch(e){x(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(y(r,{afterRequest:async(e,t)=>{if(e.path!==Y&&e.path!==ee)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(Q);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=ie(e)),{nonce:n,executionId:oe(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=z)=>{try{const i=te(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};O(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===Y,i)}},beforeRequest:e=>{if(e.path===ee){const t=ie(e);if(t){const n=((e,t=z)=>{try{const n=te(e,t),o=_(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(ne(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[Q]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,s=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:le,getLastUserDisplayName:ce});const a=t(y(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=m((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(ae(r),(e=>{O(se,e)})(s)):(null==i?void 0:i.loginId)&&ae(i.loginId)}}));let l=o(a,["flow.start"],de);return l=o(l,["logout","logoutAll"],ue(r)),Object.assign(l,{getLastUserLoginId:le,getLastUserDisplayName:ce})}),(t=>n=>{var{persistTokens:r,sessionTokenViaCookie:s,refreshTokenViaCookie:a,storagePrefix:l}=n,d=e(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!r||!c)return t(d);let u;const p=t(y(d,{beforeRequest:V(l,a),afterRequest:async(e,t)=>{if(S(e,t))T("Session invalidated, clearing persisted tokens"),q(l,s,a,u);else{const e=((e={},t=!1,n="",o=!1)=>{var r,s,a,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){x(`${n}${R}`);const t=o.sameSite||"Strict",i=null===(r=o.secure)||void 0===r||r,a=null!==(s=o.domain)&&void 0!==s?s:e.cookieDomain,l=N(o);i&&"https:"!==window.location.protocol&&j("Refresh token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass refreshTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:i,cookieDomain:a});$(l,d,c);const u=A(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=N(o);i.remove(e),O(`${n}${R}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(a=t.secure)||void 0===a||a,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=J(t);o&&"https:"!==window.location.protocol&&j("Session token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass sessionTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const s=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});$(r,c,s);const d=A(i);p=Object.assign(Object.assign({},p),{session:{path:s.cookiePath,domain:d?i:void 0}})}else O(`${n}${U}`,c);return e.idToken&&O(`${n}${E}`,e.idToken),u&&O(`${n}DTD`,u),p})(await b(t),s,l,a);e&&(u=e)}}})),g=o(p,["logout","logoutAll","oidc.logout"],ge(l,s,a,(()=>u)));return Object.assign(g,{getRefreshToken:()=>P(l,a),getSessionToken:()=>L(l,s),getIdToken:()=>K(l)})}))((e=>{const t=n(e),o=Ee(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(n,i)=>{var r;if(k())return T(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=L(),a=P();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){T("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:Te(t),webauthn:Ie(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){xe(i,e)},requestAuthentication(e){xe(i,e)}},async oneTap(e,t,n,o,r){await De(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+Oe.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+Oe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{R as REFRESH_TOKEN_KEY,U as SESSION_TOKEN_KEY,X as clearFingerprintData,$e as createSdk,$e as default,W as ensureFingerprintIds,je as hasOidcParamsInUrl};
+import{__rest as e}from"tslib";import{jwtDecode as t}from"jwt-decode";import n,{wrapWith as o}from"@descope/core-js-sdk";import i from"js-cookie";import{load as r,defaultEndpoint as s,defaultScriptUrlPattern as a}from"@fingerprintjs/fingerprintjs-pro";const l="3.2.0",c="undefined"!=typeof window,d=Math.pow(2,31)-1,u=`https://descopecdn.com/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`,p=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${l}/dist/browser/oidc-client-ts.min.js`;const g=["/v1/auth/refresh","/v1/auth/try-refresh","/v1/auth/me","/v1/auth/me/tenants","/v1/auth/me/history"];let f;const v=e=>{try{return t(e).exp}catch(e){return null}},w=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:v(n)},h=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?v(o):void 0)},m=t=>{const{access_token:n,id_token:o,refresh_token:i,refresh_expire_in:r}=t,s=e(t,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:t.sessionJwt||n,idToken:o,refreshJwt:t.refreshJwt||i,sessionExpiration:t.sessionExpiration||h(t),cookieExpiration:t.cookieExpiration||w(t)},s)},y=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var i;return n[o]=[].concat((null===(i=e.hooks)||void 0===i?void 0:i[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},b=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return m(n)},k=()=>c&&!!window.descopeBridge,S=(e,t)=>{if(!((null==t?void 0:t.status)>=400&&(null==t?void 0:t.status)<500))return!1;const n=(null==e?void 0:e.path)||"";return g.includes(n)},I=void 0!==f||c&&void 0!==window.localStorage,O=(e,t)=>{var n,o;return null===(o=null===(n=f||c&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},_=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},x=e=>{var t,n;return null===(n=null===(t=f||c&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},D=e=>{var t,n,o,i,r;return null!==(r=null!==(n=null===(t=null==f?void 0:f.key)||void 0===t?void 0:t.call(f,e))&&void 0!==n?n:c&&(null===(i=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===i?void 0:i.call(o,e)))&&void 0!==r?r:null},T=(...e)=>{console.debug(...e)},j=(...e)=>{console.warn(...e)},C=(e,t)=>{let n;var o;return t>0?(n=1e3*t,T(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>d&&(T(`Timeout is too large (${n}ms), setting it to ${d}ms`),n=d),n},U="DS",R="DSR",E="DSI";function $(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:s,cookieExpiration:a,cookieSecure:l}=n,c=new Date(1e3*a),d=A(o);i.set(e,t,{path:r,domain:d?o:void 0,expires:c,sameSite:s,secure:l})}}function A(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const J=e=>(null==e?void 0:e.cookieName)||U,N=e=>(null==e?void 0:e.cookieName)||R;function P(e="",t){return i.get(N(t))||_(`${e}${R}`)||""}function L(e="",t){return i.get(J(t))||_(`${e}${U}`)||""}function K(e=""){return _(`${e}${E}`)||""}function q(e="",t,n,o){x(`${e}${R}`),x(`${e}${U}`),x(`${e}${E}`);const r=J(t);i.remove(r,null==o?void 0:o.session);const s=N(n);i.remove(s,null==o?void 0:o.refresh)}const V=(e,t)=>n=>{const o=Object.assign(n,{token:n.token||P(e,t)}),i=function(e=""){return _(`${e}DTD`)||""}(e);return i&&(o.headers=Object.assign(Object.assign({},o.headers||{}),{"x-descope-trusted-device-token":i})),o},F=c&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",M="vsid",H="vrid",B="fp",G=(e=!1)=>{const t=_(B);if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},W=async(e,t=F)=>{try{if(G())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const i=new URL(t);i.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const l=i.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",c=r({apiKey:e,endpoint:[o.toString(),s],scriptUrlPattern:[l,a]}),d=await c,{requestId:u}=await d.get({linkedId:n}),p=((e,t)=>({[M]:e,[H]:t}))(n,u);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};O(B,JSON.stringify(t))})(p)}catch(e){console.warn("Could not load fingerprint",e)}},X=()=>{x(B)},Z=e=>{const t=G(!0);return t&&e.body&&(e.body.fpData=t),e},z="descopeFlowNonce",Q="X-Descope-Flow-Nonce",Y="/v1/flow/start",ee="/v1/flow/next",te=(e,t=z)=>`${t}${e}`,ne=(e,t=z)=>{try{const n=te(e,t);x(n)}catch(e){console.error("Error removing flow nonce:",e)}},oe=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},ie=e=>{var t;return e.path===ee&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?oe(e.body.executionId):null},re="dls_last_user_login_id",se="dls_last_user_display_name",ae=e=>O(re,e),le=()=>_(re),ce=()=>_(se),de=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,i=le(),r=ce();i&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=i,o.lastAuth.name=r);return await e(...t)},ue=e=>t=>async(...n)=>{const o=await t(...n);return e||(x(re),x(se)),o};function pe(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const ge=(e,t,n,o)=>i=>async(...r)=>{const s=await i(...r);return q(e,t,n,null==o?void 0:o()),s};async function fe(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=be(n.publicKey.challenge),n.publicKey.user.id=be(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=be(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:ke(o.rawId),type:o.type,response:{attestationObject:ke(o.response.attestationObject),clientDataJSON:ke(o.response.clientDataJSON)}});var o}async function ve(e){const t=me(e);return ye(await navigator.credentials.get(t))}async function we(e,t){const n=me(e);n.signal=t.signal,n.mediation="conditional";return ye(await navigator.credentials.get(n))}async function he(e=!1){var t,n;if(!c)return Promise.resolve(!1);if(k()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function me(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=be(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=be(e.id)})),n}function ye(e){return JSON.stringify({id:e.id,rawId:ke(e.rawId),type:e.type,response:{authenticatorData:ke(e.response.authenticatorData),clientDataJSON:ke(e.response.clientDataJSON),signature:ke(e.response.signature),userHandle:e.response.userHandle?ke(e.response.userHandle):void 0}})}function be(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function ke(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Se,Ie=(Se=e=>({async signUp(t,n,o){const i=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await fe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,r)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const i=await ve(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,i)},async signUpOrIn(t,n){var o;const i=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!i.ok)return i;if(null===(o=i.data)||void 0===o?void 0:o.create){const t=await fe(i.data.options);return await e.webauthn.signUp.finish(i.data.transactionId,t)}{const t=await ve(i.data.options);return await e.webauthn.signIn.finish(i.data.transactionId,t)}},async update(t,n,o){const i=await e.webauthn.update.start(t,window.location.origin,n,o);if(!i.ok)return i;const r=await fe(i.data.options);return await e.webauthn.update.finish(i.data.transactionId,r)},helpers:{create:fe,get:ve,isSupported:he,conditional:we}}),(...e)=>{const t=Se(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Oe={config:"/fedcm/config"},_e=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function xe(e,t){var n;try{await De(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function De(e,t){var n,o;const i=await async function(e,t="google",n,o,i){const r=_e(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const l=a.data.clientId;return new Promise((e=>{var a,c;const d=n=>{e({provider:t,nonce:r,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(c=null==n?void 0:n.use_fedcm_for_prompt)||void 0===c||c,client_id:l,callback:d,nonce:r})),s.prompt((e=>{var t,n;if(i&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==i||i(n),void d()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void d()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!i.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+i.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(i.provider,i.credential,i.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+i.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var Te=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await he(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});const je=()=>window.location.search.includes("code")&&window.location.search.includes("state");let Ce;const Ue=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const i=t();if(i)return n(i);const r=e.shift(),s=document.createElement("script");s.src=r,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(r),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{Ue(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const Re=async(e,t,n)=>{Ce||(Ce=(async()=>{try{return require("oidc-client-ts")}catch(e){return Ue([u,p],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:i}=await Ce;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const r=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,l,c;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,l=`${a}_user`,c="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,l=`${a}_user`,c="openid email roles descope.custom_claims offline_access");const d={authority:s,client_id:a,redirect_uri:r,response_type:"code",scope:(null==n?void 0:n.scope)||c,stateStore:new i({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(d.redirect_uri=n.redirectUri),{client:new o(d),stateUserKey:l}},Ee=(e,t,n)=>{const o=async()=>{let o,i;return o&&i||({client:o,stateUserKey:i}=await Re(e,t,n)),{client:o,stateUserKey:i}},i=async(t="")=>{var n;const{client:i,stateUserKey:r}=await o(),s=await i.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),O(r,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(e={},t=!1)=>{const{client:n}=await o(),i=await n.createSigninRequest(e),{url:r}=i;return t||(window.location.href=r),{ok:!0,data:i}},finishLogin:i,finishLoginIfNeed:async(e="")=>{if(je())return await i(e)},refreshToken:async t=>{var n;const{client:i,stateUserKey:r}=await o(),s=(e=>{const t=_(e);return t?JSON.parse(t):null})(r);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const l=await i.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(l)))),l},logout:async(e,t=!1)=>{const{client:n,stateUserKey:i}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||K(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const r=await n.createSignoutRequest(e),{url:s}=r;return x(i),t||window.location.replace(s),r}}},$e=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,f=n,e(t)}),(t=>n=>{var{fpKey:o,fpLoad:i}=n,r=e(n,["fpKey","fpLoad"]);return c?(o&&i&&W(o).catch((()=>null)),t(y(r,{beforeRequest:Z}))):t(r)}),(n=>i=>{var{autoRefresh:r}=i,s=e(i,["autoRefresh"]);if(!r||k())return n(s);const{clearAllTimers:a,setTimer:l}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,u;c&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(T("Expiration time passed, refreshing session"),p.refresh(P()||u))}));const p=n(y(s,{afterRequest:async(e,n)=>{const{sessionJwt:o,refreshJwt:i,sessionExpiration:r,nextRefreshSeconds:s}=await b(n);if(S(e,n))T("Session invalidated, canceling all timers"),a();else if(o||r){if(d=((e,n)=>{if(n)return new Date(1e3*n);T("Could not extract expiration time from session token, trying to decode the token");try{const n=t(e);if(n.exp)return new Date(1e3*n.exp)}catch(e){return null}})(o,r),!d)return void T("Could not extract expiration time from session token");u=i;const e=C(d,s);if(a(),e<=2e4)return void T("Session is too close to expiration, not setting refresh timer");const n=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});T(`Setting refresh timer for ${n}. (${e}ms)`),l((()=>{c&&"hidden"===document.visibilityState?T("Skipping refresh due to timer - document is hidden"):(T("Refreshing session due to timer"),p.refresh(P()||i))}),e)}}}));return o(p,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return T("Clearing all timers"),a(),n}))}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.45.0"},t.baseHeaders)}))),(e=>t=>{const n=pe(),i=pe(),r=pe(),s=pe(),a=e(y(t,{afterRequest:async(e,t)=>{if(S(e,t))T("Session invalidated, notifying subscribers with empty values"),i.pub(null),r.pub(null),n.pub(null),s.pub(null);else{const e=await(async e=>{const t=await b(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:o,sessionExpiration:a,claims:l}=await b(t);o&&i.pub(o),l&&s.pub(l),(a||o)&&n.pub(a||42)}}})),l=o(a,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const o=await e(...t);return i.pub(null),r.pub(null),n.pub(null),s.pub(null),o}));return Object.assign(l,{onSessionTokenChange:i.sub,onUserChange:r.sub,onClaimsChange:s.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(t=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:i=z}=n,r=e(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return t(r);((e=z)=>{try{if(!I)return;for(let i=0;i<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==f?void 0:f.length)&&void 0!==t?t:c&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);i++){const t=D(i);if(t&&t.startsWith(e)){const e=_(t);if(e)try{JSON.parse(e).expiry<Date.now()&&x(t)}catch(e){x(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);return t(y(r,{afterRequest:async(e,t)=>{if(e.path!==Y&&e.path!==ee)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(Q);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=ie(e)),{nonce:n,executionId:oe(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=z)=>{try{const i=te(e,o),r=n?172800:10800,s={value:t,expiry:Date.now()+1e3*r,isStart:n};O(i,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===Y,i)}},beforeRequest:e=>{if(e.path===ee){const t=ie(e);if(t){const n=((e,t=z)=>{try{const n=te(e,t),o=_(n);if(!o)return null;const i=JSON.parse(o);return i.expiry<Date.now()?(ne(e,t),null):i.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[Q]=n)}}return e}}))}),(t=>n=>{var{storeLastAuthenticatedUser:i=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,s=e(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!i)return Object.assign(t(s),{getLastUserLoginId:le,getLastUserDisplayName:ce});const a=t(y(s,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:i}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=m((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),r=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;r?(ae(r),(e=>{O(se,e)})(s)):(null==i?void 0:i.loginId)&&ae(i.loginId)}}));let l=o(a,["flow.start"],de);return l=o(l,["logout","logoutAll"],ue(r)),Object.assign(l,{getLastUserLoginId:le,getLastUserDisplayName:ce})}),(t=>n=>{var{persistTokens:r,sessionTokenViaCookie:s,refreshTokenViaCookie:a,storagePrefix:l}=n,d=e(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix"]);if(!r||!c)return t(d);let u;const p=t(y(d,{beforeRequest:V(l,a),afterRequest:async(e,t)=>{if(S(e,t))T("Session invalidated, clearing persisted tokens"),q(l,s,a,u);else{const e=((e={},t=!1,n="",o=!1)=>{var r,s,a,l;const{sessionJwt:c,refreshJwt:d,trustedDeviceJwt:u}=e;let p;if(d)if(o){x(`${n}${R}`);const t=o.sameSite||"Strict",i=null===(r=o.secure)||void 0===r||r,a=null!==(s=o.domain)&&void 0!==s?s:e.cookieDomain,l=N(o);i&&"https:"!==window.location.protocol&&j("Refresh token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass refreshTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const c=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:i,cookieDomain:a});$(l,d,c);const u=A(a);p=Object.assign(Object.assign({},p),{refresh:{path:c.cookiePath,domain:u?a:void 0}})}else{const e=N(o);i.remove(e),O(`${n}${R}`,d)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(a=t.secure)||void 0===a||a,i=null!==(l=t.domain)&&void 0!==l?l:e.cookieDomain,r=J(t);o&&"https:"!==window.location.protocol&&j("Session token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass sessionTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const s=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:i});$(r,c,s);const d=A(i);p=Object.assign(Object.assign({},p),{session:{path:s.cookiePath,domain:d?i:void 0}})}else O(`${n}${U}`,c);return e.idToken&&O(`${n}${E}`,e.idToken),u&&O(`${n}DTD`,u),p})(await b(t),s,l,a);e&&(u=e)}}})),g=o(p,["logout","logoutAll","oidc.logout"],ge(l,s,a,(()=>u)));return Object.assign(g,{getRefreshToken:()=>P(l,a),getSessionToken:()=>L(l,s),getIdToken:()=>K(l)})}))((e=>{const t=n(e),o=Ee(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(n,i)=>{var r;if(k())return T(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await o.refreshToken(n),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}const s=L(),a=P();let l="";if(e.getExternalToken)try{l=await(null===(r=e.getExternalToken)||void 0===r?void 0:r.call(e))}catch(e){T("Error getting external token while refreshing",e)}return t.refresh(n,{dcs:s?"t":"f",dcr:a?"t":"f"},l,i)},logout:async n=>{if(e.oidcConfig)try{return await o.logout({id_token_hint:n}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(n)},flow:Te(t),webauthn:Ie(t),fedcm:(i=t,r=e.projectId,{onetap:{requestExchangeCode(e){xe(i,e)},requestAuthentication(e){xe(i,e)}},async oneTap(e,t,n,o,r){await De(i,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:o,onDismissed:r})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:i.httpClient.buildUrl(r+Oe.config),clientId:r}]}},o=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return i.refresh(o.token)},isSupported:()=>c&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=i.httpClient.buildUrl(r+Oe.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:o});var i,r}));export{R as REFRESH_TOKEN_KEY,U as SESSION_TOKEN_KEY,X as clearFingerprintData,$e as createSdk,$e as default,W as ensureFingerprintIds,L as getSessionToken,je as hasOidcParamsInUrl};
 //# sourceMappingURL=index.esm.js.map