@descope/web-js-sdk 1.50.0 → 1.50.2

package/dist/index.umd.js

@@ -1,4 +1,4 @@
-!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i="3.2.0",s="undefined"!=typeof window,a=Math.pow(2,31)-1,c=`https://descopecdn.com/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`,l=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`;const u=["/v1/auth/refresh","/v1/auth/try-refresh","/v1/auth/me","/v1/auth/me/tenants","/v1/auth/me/history"];let d;const p=e=>{try{return r(e).exp}catch(e){return null}},g=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:p(n)},h=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?p(o):void 0)},v=e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,s=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||h(e),cookieExpiration:e.cookieExpiration||g(e)},s)},f=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},w=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return v(n)},m=()=>s&&!!window.descopeBridge,y=(e,t)=>{if(!((null==t?void 0:t.status)>=400&&(null==t?void 0:t.status)<500))return!1;const n=(null==e?void 0:e.path)||"";return u.includes(n)},b=void 0!==d||s&&void 0!==window.localStorage,k=(e,t)=>{var n,o;return null===(o=null===(n=d||s&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},I=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},O=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},j=e=>{var t,n,o,r,i;return null!==(i=null!==(n=null===(t=null==d?void 0:d.key)||void 0===t?void 0:t.call(d,e))&&void 0!==n?n:s&&(null===(r=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===r?void 0:r.call(o,e)))&&void 0!==i?i:null};var S={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",tryRefresh:"/v1/auth/try-refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const U="<region>",T=`https://api.${U}descope.com`,x=6e5,R="dct",C=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},E=[503,521,522,524,530],$=[100,5e3,5e3],A=e=>new Promise((t=>setTimeout(t,e))),P=e=>async(...t)=>{let n=await e(...t),o=0;for(;E.includes(n.status)&&o<$.length;)await A($[o]),n=await e(...t),o++;o>0&&(n.retries=o);const r=await n.text();return n.text=()=>Promise.resolve(r),n.json=()=>Promise.resolve(JSON.parse(r)),n.clone=()=>n,n},D=(e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async(...t)=>{if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>C().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await P(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return C().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:P(n)};let _;const L=()=>{if(_)return _;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return _=`${t}-${n}`,_};var N,q;(q=N||(N={})).get="GET",q.delete="DELETE",q.post="POST",q.put="PUT",q.patch="PATCH";const J=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(U,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},K=(...e)=>new Headers(e.reduce(((e,t)=>((e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t).forEach((([t,n])=>{e[t]="function"==typeof n?n():n})),e)),{})),M={"Content-Type":"application/json"},V=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},F=(e,t)=>{const n={"x-descope-sdk-session-id":L(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.62.0","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},H=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e};var B=e=>{var t;return(({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=e||T,l=D(r,a),u=async e=>{var r;const a=(null==i?void 0:i.beforeRequest)?i.beforeRequest(e):e,{path:u,body:d,headers:p,queryParams:g,method:h,token:v}=a,f=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:K(V(t,v),F(t,o),(null==n?void 0:n.baseHeaders)||{},H(f)?M:{},p),method:h,body:f};null!==s&&(w.credentials=s||"include");const m=await l(J({path:u,baseUrl:c,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(e,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=(y=(null===(r=m.headers)||void 0===r?void 0:r.get("set-cookie"))||"",Object.fromEntries(function(e){if(!e)return[];const t=[];let n=0;function o(){for(;n<e.length&&/\s/.test(e.charAt(n));)n+=1;return n<e.length}function r(){const t=e.charAt(n);return"="!==t&&";"!==t&&","!==t}for(;n<e.length;){const i=n;let s,a,c=!1;for(;o();)if(","===e.charAt(n)){for(s=n,n+=1,o(),a=n;n<e.length&&r();)n+=1;if(n<e.length&&"="===e.charAt(n)){c=!0,n=a,t.push(e.substring(i,s));break}n=s+1}else n+=1;(!c||n>=e.length)&&t.push(e.substring(i,e.length))}return t}(y).map((e=>{const t=e.split(";")[0],n=t.indexOf("=");return n<1?null:[t.substring(0,n).trim(),t.substring(n+1).trim()]})).filter(Boolean))),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}var y;return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:N.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:N.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:N.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:N.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:N.delete,token:o}),hooks:i,buildUrl:(e,n)=>J({projectId:t,baseUrl:c,path:e,queryParams:n})}})(Object.assign(Object.assign({},e),{hooks:{beforeRequest:t=>{var n;const o=[].concat((null===(n=e.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),t)},afterRequest:async(t,n)=>{var o;const r=[].concat((null===(o=e.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((e=>e(t,null==n?void 0:n.clone()))))).forEach((t=>{var n;return"rejected"===t.status&&(null===(n=e.logger)||void 0===n?void 0:n.error(t.reason))}))},transformResponse:null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}}))},z=429;function Z(e,t,n){var o;let r=G(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[R])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function G(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function W(e){const{exp:t}=G(e);return(new Date).getTime()/1e3>t}function X(e){let t=G(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function Y(e,t){return Z(e,t,"permissions")}function Q(e,t){return Z(e,t,"roles")}const ee=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function te(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===z&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function ne(e){var t;return(null===(t=G(e))||void 0===t?void 0:t[R])||""}const oe=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),re=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},ie=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),se=e=>t=>e.test(t),ae=se(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),ce=se(/^\+[1-9]{1}[0-9]{3,14}$/),le=oe(ae,'"{val}" is not a valid email'),ue=oe(ce,'"{val}" is not a valid phone number'),de=oe((e=>e.length>=1),"Minimum length is 1");const pe=oe((e=>"string"==typeof e),"Input is not a string"),ge=oe((e=>Array.isArray(e)),"Input is not an array"),he=oe((e=>"boolean"==typeof e),"Input is not a boolean"),ve=oe((e=>void 0===e),"Input is defined"),fe=re([pe(),ve()],"Input is not a string or undefined"),we=re([ge(),he()],"Input is not an array or boolean"),me=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>ie(...e).validate(n[t]))),t(...n)),ye=e=>[pe(`"${e}" must be a string`)],be=e=>[fe(`"${e}" must be string or undefined`)],ke=e=>[pe(`"${e}" must be a string`),de(`"${e}" must not be empty`)],Ie=e=>[pe(`"${e}" must be a string`),le()],Oe=e=>[pe(`"${e}" must be a string`),ue()],je=me(ke("accessKey")),Se=e=>({exchange:je(((t,n)=>te(e.post(S.accessKey.exchange,{loginOptions:n},{token:t}))))}),Ue=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),Te=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||x,x)});var xe,Re;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp",e.im="im"}(xe||(xe={})),function(e){e.email="email"}(Re||(Re={}));const Ce=Object.assign(Object.assign({},xe),Re);var Ee;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(Ee||(Ee={}));const $e=ke("loginId"),Ae=me(ke("token")),Pe=me($e),De=me(ke("pendingRef")),_e=me($e,Ie("email")),Le=e=>({verify:Ae((t=>te(e.post(S.enchantedLink.verify,{token:t})))),signIn:Pe(((n,o,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return te(e.post(ee(S.enchantedLink.signIn,Ce.email),{loginId:n,URI:o,loginOptions:a,providerId:s},{token:i}))})),signUpOrIn:Pe(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(ee(S.enchantedLink.signUpOrIn,Ce.email),{loginId:n,URI:o,loginOptions:s,providerId:i}))})),signUp:Pe(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(ee(S.enchantedLink.signUp,Ce.email),{loginId:n,URI:o,user:r,loginOptions:a,providerId:s}))})),waitForSession:De(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Te(n);let s;const a=setInterval((async()=>{const n=await e.post(S.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(te(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:_e(((t,n,o,r,i)=>te(e.post(S.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Ne=me(ke("flowId")),qe=me(ke("executionId"),ke("stepId"),ke("interactionId")),Je=e=>({start:Ne(((t,n,o,r,i,s,a,c=!1)=>te(e.post(S.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a,isCustomScreen:c})))),next:qe(((t,n,o,r,i,s,a=!1)=>te(e.post(S.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s,isCustomScreen:a}))))}),Ke=ke("loginId"),Me=me(ke("token")),Ve=me(Ke),Fe=me(Ke,Oe("phone")),He=me(Ke,Ie("email")),Be=Object.keys(Ce).filter((e=>e!==xe.voice&&e!==xe.im)),ze=e=>({verify:Me((t=>te(e.post(S.magicLink.verify,{token:t})))),signIn:Be.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ve(((n,r,i={},s)=>{var{providerId:a}=i,c=t(i,["providerId"]);return te(e.post(ee(S.magicLink.signIn,o),{loginId:n,URI:r,loginOptions:c,providerId:a},{token:s}))}))})),{}),signUp:Be.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ve(((n,r,i,s={})=>{var{providerId:a}=s,c=t(s,["providerId"]);return te(e.post(ee(S.magicLink.signUp,o),{loginId:n,URI:r,user:i,loginOptions:c,providerId:a}))}))})),{}),signUpOrIn:Be.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ve(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(ee(S.magicLink.signUpOrIn,o),{loginId:n,URI:r,loginOptions:a,providerId:s}))}))})),{}),update:{email:He(((t,n,o,r,i)=>te(e.post(S.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(xe).filter((e=>e!==xe.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Fe(((t,o,r,i,s)=>te(e.post(ee(S.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var Ze;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(Ze||(Ze={}));const Ge=me(ke("code")),We=e=>({start:Object.assign(((t,n,o,r,i)=>te(e.post(S.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(Ze).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>te(e.post(S.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:Ge((t=>te(e.post(S.oauth.exchange,{code:t})))),startNative:(t,n,o)=>te(e.post(S.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>te(e.post(S.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>te(e.get(S.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>te(e.post(S.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>te(e.post(S.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Xe=ke("appId"),Ye=me(Xe),Qe=e=>({connect:Ye(((t,n,o)=>{const r=null==n?void 0:n.tenantId,i=null==n?void 0:n.tenantLevel;return null==n||delete n.tenantId,null==n||delete n.tenantLevel,te(e.post(S.outbound.connect,{appId:t,tenantId:r,tenantLevel:i,options:n},{token:o}))}))}),et=ke("loginId"),tt=me(et,ke("code")),nt=me(et),ot=me(et,Oe("phone")),rt=me(et,Ie("email")),it=e=>({verify:Object.keys(Ce).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:tt(((t,o)=>te(e.post(ee(S.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(Ce).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:nt(((n,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return te(e.post(ee(S.otp.signIn,o),{loginId:n,loginOptions:a,providerId:s},{token:i}))}))})),{}),signUp:Object.keys(Ce).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:nt(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(ee(S.otp.signUp,o),{loginId:n,user:r,loginOptions:a,providerId:s}))}))})),{}),signUpOrIn:Object.keys(Ce).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:nt(((n,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(ee(S.otp.signUpOrIn,o),{loginId:n,loginOptions:s,providerId:i}))}))})),{}),update:{email:rt(((t,n,o,r)=>te(e.post(S.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(xe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:ot(((t,o,r,i)=>te(e.post(ee(S.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),st=me(ke("tenant")),at=me(ke("code")),ct=e=>({start:st(((t,n,o,r,i,s,a,c)=>te(e.post(S.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i}),s&&{forceAuthn:"true"}),a&&{loginHint:a}),c&&{initiatedEmail:t})},r&&{token:r}))))),exchange:at((t=>te(e.post(S.saml.exchange,{code:t}))))}),lt=ke("loginId"),ut=me(lt,ke("code")),dt=me(lt),pt=me(lt),gt=e=>({signUp:dt(((t,n)=>te(e.post(S.totp.signUp,{loginId:t,user:n})))),verify:ut(((t,n,o,r)=>te(e.post(S.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:pt(((t,n)=>te(e.post(S.totp.update,{loginId:t},{token:n}))))}),ht=ke("loginId"),vt=ke("newPassword"),ft=me(ht,ke("password")),wt=me(ht),mt=me(ht,vt),yt=me(ht,ke("oldPassword"),vt),bt=e=>({signUp:ft(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(S.password.signUp,{loginId:n,password:o,user:r,loginOptions:a,providerId:s}))})),signIn:ft(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(S.password.signIn,{loginId:n,password:o,loginOptions:s,providerId:i}))})),sendReset:wt(((t,n,o)=>te(e.post(S.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:mt(((t,n,o)=>te(e.post(S.password.update,{loginId:t,newPassword:n},{token:o})))),replace:yt(((t,n,o)=>te(e.post(S.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>te(e.get(S.password.policy))}),kt=ye("loginId"),It=ke("loginId"),Ot=ke("origin"),jt=me(It,Ot,ke("name")),St=me(It,Ot),Ut=me(kt,Ot),Tt=me(It,Ot,be("token")),xt=me(ke("transactionId"),ke("response")),Rt=e=>({signUp:{start:jt(((t,n,o,r,i)=>te(e.post(S.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,loginOptions:i,passkeyOptions:r})))),finish:xt(((t,n)=>te(e.post(S.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:Ut(((t,n,o,r,i)=>te(e.post(S.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:xt(((t,n)=>te(e.post(S.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:St(((t,n,o,r)=>te(e.post(S.webauthn.signUpOrIn.start,{loginId:t,origin:n,loginOptions:r,passkeyOptions:o}))))},update:{start:Tt(((t,n,o,r)=>te(e.post(S.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:xt(((t,n)=>te(e.post(S.webauthn.update.finish,{transactionId:t,response:n}))))}}),Ct=ye("loginId"),Et=me(Ct),$t=me(ke("pendingRef")),At=e=>({signUpOrIn:Et(((n,o={})=>{var{providerId:r}=o,i=t(o,["providerId"]);return te(e.post(S.notp.signUpOrIn,{loginId:n,loginOptions:i,providerId:r}))})),signUp:Et(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(S.notp.signUp,{loginId:n,user:o,providerId:i,loginOptions:s}))})),signIn:Et(((n,o={},r)=>{var{providerId:i}=o,s=t(o,["providerId"]);return te(e.post(S.notp.signIn,{loginId:n,loginOptions:s,providerId:i},{token:r}))})),waitForSession:$t(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Te(n);let s;const a=setInterval((async()=>{const n=await e.post(S.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(te(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),Pt=me(ke("token")),Dt=me(be("token"));var _t,Lt=me([(_t=ke("projectId"),oe(((e,t)=>n=>ie(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",_t))())])((e=>{const{projectId:t,logger:n,baseUrl:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a}=e;return c=B({baseUrl:o,projectId:t,logger:n,hooks:{get beforeRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.beforeRequest},get afterRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.afterRequest},get transformResponse(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}},cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:Se(c),otp:it(c),magicLink:ze(c),enchantedLink:Le(c),oauth:We(c),outbound:Qe(c),saml:ct(c),totp:gt(c),notp:At(c),webauthn:Rt(c),password:bt(c),flow:Je(c),refresh:Dt(((e,t,n,o)=>{const r={};n&&(r.externalToken=n);const i=o?S.tryRefresh:S.refresh;return te(c.post(i,r,{token:e,queryParams:t}))})),selectTenant:me([pe("tenantId")],[fe('"token" must be string or undefined')])(((e,t)=>te(c.post(S.selectTenant,{tenant:e},{token:t})))),logout:Dt((e=>te(c.post(S.logout,{},{token:e})))),logoutAll:Dt((e=>te(c.post(S.logoutAll,{},{token:e})))),me:Dt((e=>te(c.get(S.me,{token:e})))),myTenants:me([we('"tenants" must a string array or a boolean')],[fe('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,te(c.post(S.myTenants,n,{token:t}))})),history:Dt((e=>te(c.get(S.history,{token:e})))),isJwtExpired:Pt(W),getTenants:Pt(X),getJwtPermissions:Pt(Y),getJwtRoles:Pt(Q),getCurrentTenant:Pt(ne),httpClient:c};var c})),Nt=Object.assign(Lt,{DeliveryMethods:Ce});const qt=(...e)=>{console.debug(...e)},Jt=(...e)=>{console.warn(...e)},Kt=(e,t)=>{let n;var o;return t>0?(n=1e3*t,qt(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>a&&(qt(`Timeout is too large (${n}ms), setting it to ${a}ms`),n=a),n};
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Descope=t()}(this,(function(){"use strict";var e=function(){return e=Object.assign||function(e){for(var t,n=1,o=arguments.length;n<o;n++)for(var r in t=arguments[n])Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r]);return e},e.apply(this,arguments)};function t(e,t){var n={};for(var o in e)Object.prototype.hasOwnProperty.call(e,o)&&t.indexOf(o)<0&&(n[o]=e[o]);if(null!=e&&"function"==typeof Object.getOwnPropertySymbols){var r=0;for(o=Object.getOwnPropertySymbols(e);r<o.length;r++)t.indexOf(o[r])<0&&Object.prototype.propertyIsEnumerable.call(e,o[r])&&(n[o[r]]=e[o[r]])}return n}"function"==typeof SuppressedError&&SuppressedError;class n extends Error{}function o(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return function(e){return decodeURIComponent(atob(e).replace(/(.)/g,((e,t)=>{let n=t.charCodeAt(0).toString(16).toUpperCase();return n.length<2&&(n="0"+n),"%"+n})))}(t)}catch(e){return atob(t)}}function r(e,t){if("string"!=typeof e)throw new n("Invalid token specified: must be a string");t||(t={});const r=!0===t.header?0:1,i=e.split(".")[r];if("string"!=typeof i)throw new n(`Invalid token specified: missing part #${r+1}`);let s;try{s=o(i)}catch(e){throw new n(`Invalid token specified: invalid base64 for part #${r+1} (${e.message})`)}try{return JSON.parse(s)}catch(e){throw new n(`Invalid token specified: invalid json for part #${r+1} (${e.message})`)}}n.prototype.name="InvalidTokenError";const i="3.2.0",s="undefined"!=typeof window,a=Math.pow(2,31)-1,c=`https://descopecdn.com/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`,l=`https://cdn.jsdelivr.net/npm/oidc-client-ts@${i}/dist/browser/oidc-client-ts.min.js`;const u=["/v1/auth/refresh","/v1/auth/try-refresh","/v1/auth/me","/v1/auth/me/tenants","/v1/auth/me/history"];let d;const p=e=>{try{return r(e).exp}catch(e){return null}},g=e=>{const{refresh_expire_in:t,refresh_token:n}=e;return t?Math.floor(Date.now()/1e3)+t:p(n)},h=e=>{const{expires_in:t,expires_at:n,access_token:o}=e;return n||(t?Math.floor(Date.now()/1e3)+t:o?p(o):void 0)},f=e=>{const{access_token:n,id_token:o,refresh_token:r,refresh_expire_in:i}=e,s=t(e,["access_token","id_token","refresh_token","refresh_expire_in"]);return Object.assign({sessionJwt:e.sessionJwt||n,idToken:o,refreshJwt:e.refreshJwt||r,sessionExpiration:e.sessionExpiration||h(e),cookieExpiration:e.cookieExpiration||g(e)},s)},v=(e,t)=>{var n;return["beforeRequest","afterRequest"].reduce(((n,o)=>{var r;return n[o]=[].concat((null===(r=e.hooks)||void 0===r?void 0:r[o])||[]).concat((null==t?void 0:t[o])||[]),n}),null!==(n=e.hooks)&&void 0!==n?n:e.hooks={}),e},w=async e=>{if(!(null==e?void 0:e.ok))return{};const t=await(null==e?void 0:e.clone().json()),n=(null==t?void 0:t.authInfo)||t||{};return f(n)},m=()=>s&&!!window.descopeBridge,y=(e,t)=>{if(!((null==t?void 0:t.status)>=400&&(null==t?void 0:t.status)<500))return!1;const n=(null==e?void 0:e.path)||"";return u.includes(n)},b=void 0!==d||s&&void 0!==window.localStorage,k=(e,t)=>{var n,o;return null===(o=null===(n=d||s&&window.localStorage)||void 0===n?void 0:n.setItem)||void 0===o?void 0:o.call(n,e,t)},I=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.getItem)||void 0===n?void 0:n.call(t,e)},O=e=>{var t,n;return null===(n=null===(t=d||s&&window.localStorage)||void 0===t?void 0:t.removeItem)||void 0===n?void 0:n.call(t,e)},j=e=>{var t,n,o,r,i;return null!==(i=null!==(n=null===(t=null==d?void 0:d.key)||void 0===t?void 0:t.call(d,e))&&void 0!==n?n:s&&(null===(r=null===(o=window.localStorage)||void 0===o?void 0:o.key)||void 0===r?void 0:r.call(o,e)))&&void 0!==i?i:null};var S={accessKey:{exchange:"/v1/auth/accesskey/exchange"},otp:{verify:"/v1/auth/otp/verify",signIn:"/v1/auth/otp/signin",signUp:"/v1/auth/otp/signup",update:{email:"/v1/auth/otp/update/email",phone:"/v1/auth/otp/update/phone"},signUpOrIn:"/v1/auth/otp/signup-in"},magicLink:{verify:"/v1/auth/magiclink/verify",signIn:"/v1/auth/magiclink/signin",signUp:"/v1/auth/magiclink/signup",update:{email:"/v1/auth/magiclink/update/email",phone:"/v1/auth/magiclink/update/phone"},signUpOrIn:"/v1/auth/magiclink/signup-in"},enchantedLink:{verify:"/v1/auth/enchantedlink/verify",signIn:"/v1/auth/enchantedlink/signin",signUp:"/v1/auth/enchantedlink/signup",session:"/v1/auth/enchantedlink/pending-session",update:{email:"/v1/auth/enchantedlink/update/email"},signUpOrIn:"/v1/auth/enchantedlink/signup-in"},oauth:{start:"/v1/auth/oauth/authorize",exchange:"/v1/auth/oauth/exchange",startNative:"v1/auth/oauth/native/start",finishNative:"v1/auth/oauth/native/finish",oneTap:{getOneTapClientId:"/v1/auth/onetap/clientid/{provider}",exchangeOneTapIDToken:"/v1/auth/onetap/idtoken/exchange",verifyOneTapIDToken:"/v1/auth/onetap/idtoken/verify"}},outbound:{connect:"/v1/outbound/oauth/connect"},saml:{start:"/v1/auth/saml/authorize",exchange:"/v1/auth/saml/exchange"},totp:{verify:"/v1/auth/totp/verify",signUp:"/v1/auth/totp/signup",update:"/v1/auth/totp/update"},notp:{signIn:"/v1/auth/notp/whatsapp/signin",signUp:"/v1/auth/notp/whatsapp/signup",signUpOrIn:"/v1/auth/notp/whatsapp/signup-in",session:"/v1/auth/notp/pending-session"},webauthn:{signUp:{start:"/v1/auth/webauthn/signup/start",finish:"/v1/auth/webauthn/signup/finish"},signIn:{start:"/v1/auth/webauthn/signin/start",finish:"/v1/auth/webauthn/signin/finish"},signUpOrIn:{start:"/v1/auth/webauthn/signup-in/start"},update:{start:"v1/auth/webauthn/update/start",finish:"/v1/auth/webauthn/update/finish"}},password:{signUp:"/v1/auth/password/signup",signIn:"/v1/auth/password/signin",sendReset:"/v1/auth/password/reset",update:"/v1/auth/password/update",replace:"/v1/auth/password/replace",policy:"/v1/auth/password/policy"},refresh:"/v1/auth/refresh",tryRefresh:"/v1/auth/try-refresh",selectTenant:"/v1/auth/tenant/select",logout:"/v1/auth/logout",logoutAll:"/v1/auth/logoutall",me:"/v1/auth/me",myTenants:"/v1/auth/me/tenants",history:"/v1/auth/me/history",flow:{start:"/v1/flow/start",next:"/v1/flow/next"}};const U="<region>",T=`https://api.${U}descope.com`,x=6e5,R="dct",C=()=>{const e={};return{headers(t){const n="function"==typeof t.entries?Object.fromEntries(t.entries()):t;return e.Headers=JSON.stringify(n),this},body(t){return e.Body=t,this},url(t){return e.Url=t.toString(),this},method(t){return e.Method=t,this},title(t){return e.Title=t,this},status(t){return e.Status=t,this},retries(t){return e.Retries=t,this},build:()=>Object.keys(e).flatMap((t=>e[t]?[`${"Title"!==t?`${t}: `:""}${e[t]}`]:[])).join("\n")}},E=[503,521,522,524,530],P=[100,5e3,5e3],$=e=>new Promise((t=>setTimeout(t,e))),A=e=>async function(...t){let n=await e(...t),o=0;for(;E.includes(n.status)&&o<P.length;)await $(P[o]),n=await e(...t),o++;o>0&&(n.retries=o);const r=await n.text();return n.text=()=>Promise.resolve(r),n.json=()=>Promise.resolve(JSON.parse(r)),n.clone=()=>n,n},D=(e,t)=>{const n=t||fetch;return n||null==e||e.warn("Fetch is not defined, you will not be able to send http requests, if you are running in a test, make sure fetch is defined globally"),e?async function(...t){if(!n)throw Error("Cannot send http request, fetch is not defined, if you are running in a test, make sure fetch is defined globally");e.log((e=>C().title("Request").url(e[0]).method(e[1].method).headers(e[1].headers).body(e[1].body).build())(t));const o=await A(n)(...t);return e[o.ok?"log":"error"](await(async e=>{const t=await e.text();return C().title("Response").url(e.url.toString()).status(`${e.status} ${e.statusText}`).headers(e.headers).body(t).retries(e.retries).build()})(o)),o}:A(n)};let _;const L=()=>{if(_)return _;const e=new Date,t=`${e.getUTCFullYear().toString()}-${(e.getUTCMonth()+1).toString().padStart(2,"0")}-${e.getUTCDate().toString().padStart(2,"0")}-${e.getUTCHours().toString().padStart(2,"0")}:${e.getUTCMinutes().toString().padStart(2,"0")}:${e.getUTCSeconds().toString().padStart(2,"0")}:${e.getUTCMilliseconds().toString()}`,n=Math.floor(1e3+9e3*Math.random());return _=`${t}-${n}`,_};var N,q;(q=N||(N={})).get="GET",q.delete="DELETE",q.post="POST",q.put="PUT",q.patch="PATCH";const J=({path:e,baseUrl:t,queryParams:n,projectId:o})=>{const r=o.slice(1,-27);t=t.replace(U,r?r+".":"");let i=e?`${t.replace(/\/$/,"")}/${null==e?void 0:e.replace(/^\//,"")}`:t;if(n){const e=Object.keys(n);e.forEach(((t,o)=>{i=`${i}${0===o?"?":""}${t}=${encodeURIComponent(n[t])}${o===e.length-1?"":"&"}`}))}return i},K=(...e)=>new Headers(e.reduce(((e,t)=>((e=>Array.isArray(e)?e:e instanceof Headers?Array.from(e.entries()):e?Object.entries(e):[])(t).forEach((([t,n])=>{e[t]="function"==typeof n?n():n})),e)),{})),M={"Content-Type":"application/json"},V=(e,t="")=>{let n=e;return t&&(n=n+":"+t),{Authorization:`Bearer ${n}`}},F=(e,t)=>{const n={"x-descope-sdk-session-id":L(),"x-descope-sdk-name":"core-js","x-descope-sdk-version":"2.62.1","x-descope-project-id":e};return t&&(n["x-descope-refresh-cookie-name"]=t),n},H=e=>{try{e=JSON.parse(e)}catch(e){return!1}return"object"==typeof e&&null!==e};var B=e=>{var t;return(({baseUrl:e,projectId:t,baseConfig:n,refreshCookieName:o,logger:r,hooks:i,cookiePolicy:s,fetch:a})=>{const c=e||T,l=D(r,a),u=async e=>{var r;const a=(null==i?void 0:i.beforeRequest)?i.beforeRequest(e):e,{path:u,body:d,headers:p,queryParams:g,method:h,token:f}=a,v=(e=>void 0===e?void 0:JSON.stringify(e))(d),w={headers:K(V(t,f),F(t,o),(null==n?void 0:n.baseHeaders)||{},H(v)?M:{},p),method:h,body:v};null!==s&&(w.credentials=s||"include");const m=await l(J({path:u,baseUrl:c,queryParams:g,projectId:t}),w);if((null==i?void 0:i.afterRequest)&&await i.afterRequest(e,null==m?void 0:m.clone()),null==i?void 0:i.transformResponse){const e=await m.json(),t=(y=(null===(r=m.headers)||void 0===r?void 0:r.get("set-cookie"))||"",Object.fromEntries(function(e){if(!e)return[];const t=[];let n=0;function o(){for(;n<e.length&&/\s/.test(e.charAt(n));)n+=1;return n<e.length}function r(){const t=e.charAt(n);return"="!==t&&";"!==t&&","!==t}for(;n<e.length;){const i=n;let s,a,c=!1;for(;o();)if(","===e.charAt(n)){for(s=n,n+=1,o(),a=n;n<e.length&&r();)n+=1;if(n<e.length&&"="===e.charAt(n)){c=!0,n=a,t.push(e.substring(i,s));break}n=s+1}else n+=1;(!c||n>=e.length)&&t.push(e.substring(i,e.length))}return t}(y).map((e=>{const t=e.split(";")[0],n=t.indexOf("=");return n<1?null:[t.substring(0,n).trim(),t.substring(n+1).trim()]})).filter(Boolean))),n=Object.assign(Object.assign({},m),{json:()=>Promise.resolve(e),cookies:t});return n.clone=()=>n,i.transformResponse(n)}var y;return m};return{get:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:N.get,token:o}),post:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:N.post,token:r}),patch:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:N.patch,token:r}),put:(e,t,{headers:n,queryParams:o,token:r}={})=>u({path:e,headers:n,queryParams:o,body:t,method:N.put,token:r}),delete:(e,{headers:t,queryParams:n,token:o}={})=>u({path:e,headers:t,queryParams:n,body:void 0,method:N.delete,token:o}),hooks:i,buildUrl:(e,n)=>J({projectId:t,baseUrl:c,path:e,queryParams:n})}})(Object.assign(Object.assign({},e),{hooks:{beforeRequest:t=>{var n;const o=[].concat((null===(n=e.hooks)||void 0===n?void 0:n.beforeRequest)||[]);return null==o?void 0:o.reduce(((e,t)=>t(e)),t)},afterRequest:async(t,n)=>{var o;const r=[].concat((null===(o=e.hooks)||void 0===o?void 0:o.afterRequest)||[]);0!=r.length&&(await Promise.allSettled(null==r?void 0:r.map((e=>e(t,null==n?void 0:n.clone()))))).forEach((t=>{var n;return"rejected"===t.status&&(null===(n=e.logger)||void 0===n?void 0:n.error(t.reason))}))},transformResponse:null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}}))},z=429;function Z(e,t,n){var o;let r=G(e);if(t){if(!(null==r?void 0:r.tenants)&&(null==r?void 0:r[R])===t)return(null==r?void 0:r[n])||[];r=null===(o=null==r?void 0:r.tenants)||void 0===o?void 0:o[t]}const i=null==r?void 0:r[n];return Array.isArray(i)?i:[]}function G(e){if("string"!=typeof e||!e)throw new Error("Invalid token provided");return r(e)}function W(e){const{exp:t}=G(e);return(new Date).getTime()/1e3>t}function X(e){let t=G(e);const n=Object.keys(null==t?void 0:t.tenants);return Array.isArray(n)?n:[]}function Y(e,t){return Z(e,t,"permissions")}function Q(e,t){return Z(e,t,"roles")}const ee=(...e)=>e.join("/").replace(/\/{2,}/g,"/");async function te(e,t){var n;const o=await e,r={code:o.status,ok:o.ok,response:o},i=await o.clone().json();return o.ok?r.data=i:(r.error=i,o.status===z&&Object.assign(r.error,{retryAfter:Number.parseInt(null===(n=o.headers)||void 0===n?void 0:n.get("retry-after"))||0})),r}function ne(e){var t;return(null===(t=G(e))||void 0===t?void 0:t[R])||""}const oe=(e,t)=>(n=t)=>t=>!e(t)&&n.replace("{val}",t),re=(e,t)=>(n=t)=>t=>{const o=e.filter((e=>e(t)));return!(o.length<e.length)&&(n?n.replace("{val}",t):o.join(" OR "))},ie=(...e)=>({validate:t=>(e.forEach((e=>{const n=e(t);if(n)throw new Error(n)})),!0)}),se=e=>t=>e.test(t),ae=se(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/),ce=se(/^\+[1-9]{1}[0-9]{3,14}$/),le=oe(ae,'"{val}" is not a valid email'),ue=oe(ce,'"{val}" is not a valid phone number'),de=oe((e=>e.length>=1),"Minimum length is 1");const pe=oe((e=>"string"==typeof e),"Input is not a string"),ge=oe((e=>Array.isArray(e)),"Input is not an array"),he=oe((e=>"boolean"==typeof e),"Input is not a boolean"),fe=oe((e=>void 0===e),"Input is defined"),ve=re([pe(),fe()],"Input is not a string or undefined"),we=re([ge(),he()],"Input is not an array or boolean"),me=(...e)=>t=>(...n)=>(e.forEach(((e,t)=>ie(...e).validate(n[t]))),t(...n)),ye=e=>[pe(`"${e}" must be a string`)],be=e=>[ve(`"${e}" must be string or undefined`)],ke=e=>[pe(`"${e}" must be a string`),de(`"${e}" must not be empty`)],Ie=e=>[pe(`"${e}" must be a string`),le()],Oe=e=>[pe(`"${e}" must be a string`),ue()],je=me(ke("accessKey")),Se=e=>({exchange:je(((t,n)=>te(e.post(S.accessKey.exchange,{loginOptions:n},{token:t}))))}),Ue=(e,t,n)=>(t.forEach((t=>{const o=t.split(".");let r=o.shift(),i=e;for(;o.length>0;){if(i=i[r],!r||!i)throw Error(`Invalid path "${t}", "${r}" is missing or has no value`);r=o.shift()}if("function"!=typeof i[r])throw Error(`"${t}" is not a function`);const s=i[r];i[r]=n(s)})),e),Te=({pollingIntervalMs:e=1e3,timeoutMs:t=6e5}={})=>({pollingIntervalMs:Math.max(e||1e3,1e3),timeoutMs:Math.min(t||x,x)});var xe,Re;!function(e){e.sms="sms",e.voice="voice",e.whatsapp="whatsapp",e.im="im"}(xe||(xe={})),function(e){e.email="email"}(Re||(Re={}));const Ce=Object.assign(Object.assign({},xe),Re);var Ee;!function(e){e.waiting="waiting",e.running="running",e.completed="completed",e.failed="failed"}(Ee||(Ee={}));const Pe=ke("loginId"),$e=me(ke("token")),Ae=me(Pe),De=me(ke("pendingRef")),_e=me(Pe,Ie("email")),Le=e=>({verify:$e((t=>te(e.post(S.enchantedLink.verify,{token:t})))),signIn:Ae(((n,o,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return te(e.post(ee(S.enchantedLink.signIn,Ce.email),{loginId:n,URI:o,loginOptions:a,providerId:s},{token:i}))})),signUpOrIn:Ae(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(ee(S.enchantedLink.signUpOrIn,Ce.email),{loginId:n,URI:o,loginOptions:s,providerId:i}))})),signUp:Ae(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(ee(S.enchantedLink.signUp,Ce.email),{loginId:n,URI:o,user:r,loginOptions:a,providerId:s}))})),waitForSession:De(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Te(n);let s;const a=setInterval((async()=>{const n=await e.post(S.enchantedLink.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(te(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)})))),update:{email:_e(((t,n,o,r,i)=>te(e.post(S.enchantedLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r}))))}}),Ne=me(ke("flowId")),qe=me(ke("executionId"),ke("stepId"),ke("interactionId")),Je=e=>({start:Ne(((t,n,o,r,i,s,a,c=!1)=>te(e.post(S.flow.start,{flowId:t,options:n,conditionInteractionId:o,interactionId:r,componentsVersion:i,flowVersions:s,input:a,isCustomScreen:c})))),next:qe(((t,n,o,r,i,s,a=!1)=>te(e.post(S.flow.next,{executionId:t,stepId:n,interactionId:o,version:r,componentsVersion:i,input:s,isCustomScreen:a}))))}),Ke=ke("loginId"),Me=me(ke("token")),Ve=me(Ke),Fe=me(Ke,Oe("phone")),He=me(Ke,Ie("email")),Be=Object.keys(Ce).filter((e=>e!==xe.voice&&e!==xe.im)),ze=e=>({verify:Me((t=>te(e.post(S.magicLink.verify,{token:t})))),signIn:Be.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ve(((n,r,i={},s)=>{var{providerId:a}=i,c=t(i,["providerId"]);return te(e.post(ee(S.magicLink.signIn,o),{loginId:n,URI:r,loginOptions:c,providerId:a},{token:s}))}))})),{}),signUp:Be.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ve(((n,r,i,s={})=>{var{providerId:a}=s,c=t(s,["providerId"]);return te(e.post(ee(S.magicLink.signUp,o),{loginId:n,URI:r,user:i,loginOptions:c,providerId:a}))}))})),{}),signUpOrIn:Be.reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:Ve(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(ee(S.magicLink.signUpOrIn,o),{loginId:n,URI:r,loginOptions:a,providerId:s}))}))})),{}),update:{email:He(((t,n,o,r,i)=>te(e.post(S.magicLink.update.email,Object.assign({loginId:t,email:n,URI:o},i),{token:r})))),phone:Object.keys(xe).filter((e=>e!==xe.voice)).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:Fe(((t,o,r,i,s)=>te(e.post(ee(S.magicLink.update.phone,n),Object.assign({loginId:t,phone:o,URI:r},s),{token:i}))))})),{})}});var Ze;!function(e){e.facebook="facebook",e.github="github",e.google="google",e.microsoft="microsoft",e.gitlab="gitlab",e.apple="apple",e.discord="discord",e.linkedin="linkedin",e.slack="slack"}(Ze||(Ze={}));const Ge=me(ke("code")),We=e=>({start:Object.assign(((t,n,o,r,i)=>te(e.post(S.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:t},n&&{redirectURL:n}),i&&{loginHint:i}),token:r}))),Object.keys(Ze).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:(t,o,r,i)=>te(e.post(S.oauth.start,o||{},{queryParams:Object.assign(Object.assign({provider:n},t&&{redirectURL:t}),i&&{loginHint:i}),token:r}))})),{})),exchange:Ge((t=>te(e.post(S.oauth.exchange,{code:t})))),startNative:(t,n,o)=>te(e.post(S.oauth.startNative,{provider:t,loginOptions:n,implicit:o})),finishNative:(t,n,o,r,i)=>te(e.post(S.oauth.finishNative,{provider:t,stateId:n,user:o,code:r,idToken:i})),getOneTapClientId:t=>te(e.get(S.oauth.oneTap.getOneTapClientId.replace("{provider}",t))),verifyOneTapIDToken:(t,n,o,r)=>te(e.post(S.oauth.oneTap.verifyOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r})),exchangeOneTapIDToken:(t,n,o,r)=>te(e.post(S.oauth.oneTap.exchangeOneTapIDToken,{provider:t,idToken:n,nonce:o,loginOptions:r}))}),Xe=ke("appId"),Ye=me(Xe),Qe=e=>({connect:Ye(((t,n,o)=>{const r=null==n?void 0:n.tenantId,i=null==n?void 0:n.tenantLevel;return null==n||delete n.tenantId,null==n||delete n.tenantLevel,te(e.post(S.outbound.connect,{appId:t,tenantId:r,tenantLevel:i,options:n},{token:o}))}))}),et=ke("loginId"),tt=me(et,ke("code")),nt=me(et),ot=me(et,Oe("phone")),rt=me(et,Ie("email")),it=e=>({verify:Object.keys(Ce).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:tt(((t,o)=>te(e.post(ee(S.otp.verify,n),{code:o,loginId:t}))))})),{}),signIn:Object.keys(Ce).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:nt(((n,r={},i)=>{var{providerId:s}=r,a=t(r,["providerId"]);return te(e.post(ee(S.otp.signIn,o),{loginId:n,loginOptions:a,providerId:s},{token:i}))}))})),{}),signUp:Object.keys(Ce).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:nt(((n,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(ee(S.otp.signUp,o),{loginId:n,user:r,loginOptions:a,providerId:s}))}))})),{}),signUpOrIn:Object.keys(Ce).reduce(((n,o)=>Object.assign(Object.assign({},n),{[o]:nt(((n,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(ee(S.otp.signUpOrIn,o),{loginId:n,loginOptions:s,providerId:i}))}))})),{}),update:{email:rt(((t,n,o,r)=>te(e.post(S.otp.update.email,Object.assign({loginId:t,email:n},r),{token:o})))),phone:Object.keys(xe).reduce(((t,n)=>Object.assign(Object.assign({},t),{[n]:ot(((t,o,r,i)=>te(e.post(ee(S.otp.update.phone,n),Object.assign({loginId:t,phone:o},i),{token:r}))))})),{})}}),st=me(ke("tenant")),at=me(ke("code")),ct=e=>({start:st(((t,n,o,r,i,s,a,c)=>te(e.post(S.saml.start,o||{},Object.assign({queryParams:Object.assign(Object.assign(Object.assign(Object.assign(Object.assign({tenant:t},n&&{redirectURL:n}),i&&{ssoId:i}),s&&{forceAuthn:"true"}),a&&{loginHint:a}),c&&{initiatedEmail:t})},r&&{token:r}))))),exchange:at((t=>te(e.post(S.saml.exchange,{code:t}))))}),lt=ke("loginId"),ut=me(lt,ke("code")),dt=me(lt),pt=me(lt),gt=e=>({signUp:dt(((t,n)=>te(e.post(S.totp.signUp,{loginId:t,user:n})))),verify:ut(((t,n,o,r)=>te(e.post(S.totp.verify,{loginId:t,code:n,loginOptions:o},{token:r})))),update:pt(((t,n)=>te(e.post(S.totp.update,{loginId:t},{token:n}))))}),ht=ke("loginId"),ft=ke("newPassword"),vt=me(ht,ke("password")),wt=me(ht),mt=me(ht,ft),yt=me(ht,ke("oldPassword"),ft),bt=e=>({signUp:vt(((n,o,r,i={})=>{var{providerId:s}=i,a=t(i,["providerId"]);return te(e.post(S.password.signUp,{loginId:n,password:o,user:r,loginOptions:a,providerId:s}))})),signIn:vt(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(S.password.signIn,{loginId:n,password:o,loginOptions:s,providerId:i}))})),sendReset:wt(((t,n,o)=>te(e.post(S.password.sendReset,{loginId:t,redirectUrl:n,templateOptions:o})))),update:mt(((t,n,o)=>te(e.post(S.password.update,{loginId:t,newPassword:n},{token:o})))),replace:yt(((t,n,o)=>te(e.post(S.password.replace,{loginId:t,oldPassword:n,newPassword:o})))),policy:()=>te(e.get(S.password.policy))}),kt=ye("loginId"),It=ke("loginId"),Ot=ke("origin"),jt=me(It,Ot,ke("name")),St=me(It,Ot),Ut=me(kt,Ot),Tt=me(It,Ot,be("token")),xt=me(ke("transactionId"),ke("response")),Rt=e=>({signUp:{start:jt(((t,n,o,r,i)=>te(e.post(S.webauthn.signUp.start,{user:{loginId:t,name:o},origin:n,loginOptions:i,passkeyOptions:r})))),finish:xt(((t,n)=>te(e.post(S.webauthn.signUp.finish,{transactionId:t,response:n}))))},signIn:{start:Ut(((t,n,o,r,i)=>te(e.post(S.webauthn.signIn.start,{loginId:t,origin:n,loginOptions:o,passkeyOptions:i},{token:r})))),finish:xt(((t,n)=>te(e.post(S.webauthn.signIn.finish,{transactionId:t,response:n}))))},signUpOrIn:{start:St(((t,n,o,r)=>te(e.post(S.webauthn.signUpOrIn.start,{loginId:t,origin:n,loginOptions:r,passkeyOptions:o}))))},update:{start:Tt(((t,n,o,r)=>te(e.post(S.webauthn.update.start,{loginId:t,origin:n,passkeyOptions:r},{token:o})))),finish:xt(((t,n)=>te(e.post(S.webauthn.update.finish,{transactionId:t,response:n}))))}}),Ct=ye("loginId"),Et=me(Ct),Pt=me(ke("pendingRef")),$t=e=>({signUpOrIn:Et(((n,o={})=>{var{providerId:r}=o,i=t(o,["providerId"]);return te(e.post(S.notp.signUpOrIn,{loginId:n,loginOptions:i,providerId:r}))})),signUp:Et(((n,o,r={})=>{var{providerId:i}=r,s=t(r,["providerId"]);return te(e.post(S.notp.signUp,{loginId:n,user:o,providerId:i,loginOptions:s}))})),signIn:Et(((n,o={},r)=>{var{providerId:i}=o,s=t(o,["providerId"]);return te(e.post(S.notp.signIn,{loginId:n,loginOptions:s,providerId:i},{token:r}))})),waitForSession:Pt(((t,n)=>new Promise((o=>{const{pollingIntervalMs:r,timeoutMs:i}=Te(n);let s;const a=setInterval((async()=>{const n=await e.post(S.notp.session,{pendingRef:t});n.ok&&(clearInterval(a),s&&clearTimeout(s),o(te(Promise.resolve(n))))}),r);s=setTimeout((()=>{o({error:{errorDescription:`Session polling timeout exceeded: ${i}ms`,errorCode:"0"},ok:!1}),clearInterval(a)}),i)}))))}),At=me(ke("token")),Dt=me(be("token"));var _t,Lt=me([(_t=ke("projectId"),oe(((e,t)=>n=>ie(...t).validate(((e,t)=>{const n=(Array.isArray(t)?t.join("."):String(t)).replace(/\[\\?("|')?(\w|d)+\\?("|')?\]/g,((e,t,n)=>"."+n)).split("."),o=n.length;let r=0,i=e===Object(e)?e:void 0;for(;null!=i&&r<o;)i=i[n[r++]];return r&&r===o&&void 0!==i?i:void 0})(n,e)))("projectId",_t))())])((e=>{const{projectId:t,logger:n,baseUrl:o,cookiePolicy:r,baseHeaders:i={},refreshCookieName:s,fetch:a}=e;return c=B({baseUrl:o,projectId:t,logger:n,hooks:{get beforeRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.beforeRequest},get afterRequest(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.afterRequest},get transformResponse(){var t;return null===(t=e.hooks)||void 0===t?void 0:t.transformResponse}},cookiePolicy:r,baseConfig:{baseHeaders:i},refreshCookieName:s,fetch:a}),{accessKey:Se(c),otp:it(c),magicLink:ze(c),enchantedLink:Le(c),oauth:We(c),outbound:Qe(c),saml:ct(c),totp:gt(c),notp:$t(c),webauthn:Rt(c),password:bt(c),flow:Je(c),refresh:Dt(((e,t,n,o)=>{const r={};n&&(r.externalToken=n);const i=o?S.tryRefresh:S.refresh;return te(c.post(i,r,{token:e,queryParams:t}))})),selectTenant:me([pe("tenantId")],[ve('"token" must be string or undefined')])(((e,t)=>te(c.post(S.selectTenant,{tenant:e},{token:t})))),logout:Dt((e=>te(c.post(S.logout,{},{token:e})))),logoutAll:Dt((e=>te(c.post(S.logoutAll,{},{token:e})))),me:Dt((e=>te(c.get(S.me,{token:e})))),myTenants:me([we('"tenants" must a string array or a boolean')],[ve('"token" must be string or undefined')])(((e,t)=>{const n={};return"boolean"==typeof e?n.dct=e:n.ids=e,te(c.post(S.myTenants,n,{token:t}))})),history:Dt((e=>te(c.get(S.history,{token:e})))),isJwtExpired:At(W),getTenants:At(X),getJwtPermissions:At(Y),getJwtRoles:At(Q),getCurrentTenant:At(ne),httpClient:c};var c})),Nt=Object.assign(Lt,{DeliveryMethods:Ce});const qt=(...e)=>{console.debug(...e)},Jt=(...e)=>{console.warn(...e)},Kt=(e,t)=>{let n;var o;return t>0?(n=1e3*t,qt(`Using provided nextRefreshSeconds: ${t}s`)):n=((o=e)?o.getTime()-(new Date).getTime():0)-2e4,n>a&&(qt(`Timeout is too large (${n}ms), setting it to ${a}ms`),n=a),n};
 /*! js-cookie v3.0.5 | MIT */
-function Mt(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var Vt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Mt({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Mt({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Mt({},this.attributes,t))},withConverter:function(t){return e(Mt({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Ft="DS",Ht="DSR",Bt="DSI",zt="DSRCN";function Zt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=Gt(o);Vt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Gt(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const Wt=e=>(null==e?void 0:e.cookieName)||Ft,Xt=e=>(null==e?void 0:e.cookieName)||Ht;function Yt(e="",t){return Vt.get(Xt(t))||I(`${e}${Ht}`)||""}function Qt(e="",t){return Vt.get(Wt(t))||I(`${e}${Ft}`)||""}function en(e=""){return I(`${e}${Bt}`)||""}function tn(e="",t,n,o){O(`${e}${Ht}`),O(`${e}${Ft}`),O(`${e}${Bt}`),O(`${e}${zt}`);const r=Wt(t);Vt.remove(r,null==o?void 0:o.session);const i=Xt(n);Vt.remove(i,null==o?void 0:o.refresh)}const nn=(e,t,n)=>o=>{const r=Object.assign(o,{token:o.token||Yt(e,t)});if(!n){const t=function(e=""){return I(`${e}${zt}`)}(e);t&&(r.headers=Object.assign(Object.assign({},r.headers||{}),{"x-descope-refresh-cookie-name":t}))}const i=function(e=""){return I(`${e}DTD`)||""}(e);return i&&(r.headers=Object.assign(Object.assign({},r.headers||{}),{"x-descope-trusted-device-token":i})),r},on=s&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",rn="vsid",sn="vrid";var an={default:"endpoint"},cn="Blocked by CSP",ln="The endpoint parameter is not a valid URL",un="Failed to load the JS script of the agent",dn="9319";function pn(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===cn||s===ln)n.exclude(),i=0;else if(s===dn)n.exclude();else if(s===un){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],u=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(l).then((function(e){return[e,a]}))}var gn="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",hn=gn;function vn(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:gn,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=l[0],d=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return pn(e,fn)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===dn?new Error(un):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function fn(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(ln);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(un))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(cn)})).then(wn)}function wn(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(dn);return n}const mn=(e=!1)=>{const t=I("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},yn=async(e,t=on)=>{try{if(mn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=vn({apiKey:e,endpoint:[o.toString(),an],scriptUrlPattern:[i,hn]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[rn]:e,[sn]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};k("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},bn=e=>{const t=mn(!0);return t&&e.body&&(e.body.fpData=t),e},kn="descopeFlowNonce",In="X-Descope-Flow-Nonce",On="/v1/flow/start",jn="/v1/flow/next",Sn=(e,t=kn)=>`${t}${e}`,Un=(e,t=kn)=>{try{const n=Sn(e,t);O(n)}catch(e){console.error("Error removing flow nonce:",e)}},Tn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},xn=e=>{var t;return e.path===jn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Tn(e.body.executionId):null},Rn="dls_last_user_login_id",Cn="dls_last_user_display_name",En=e=>k(Rn,e),$n=()=>I(Rn),An=()=>I(Cn),Pn=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=$n(),i=An();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Dn=e=>t=>async(...n)=>{const o=await t(...n);return e||(O(Rn),O(Cn)),o},_n="DSLI",Ln=e=>async(...t)=>{const n=await e(...t);return O(_n),n};function Nn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const qn=(e,t,n,o)=>r=>async(...i)=>{const s=await r(...i);return tn(e,t,n,null==o?void 0:o()),s};async function Jn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=Bn(n.publicKey.challenge),n.publicKey.user.id=Bn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=Bn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:zn(o.rawId),type:o.type,response:{attestationObject:zn(o.response.attestationObject),clientDataJSON:zn(o.response.clientDataJSON)}});var o}async function Kn(e){const t=Fn(e);return Hn(await navigator.credentials.get(t))}async function Mn(e,t){const n=Fn(e);n.signal=t.signal,n.mediation="conditional";return Hn(await navigator.credentials.get(n))}async function Vn(e=!1){var t,n;if(!s)return Promise.resolve(!1);if(m()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function Fn(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=Bn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=Bn(e.id)})),n}function Hn(e){return JSON.stringify({id:e.id,rawId:zn(e.rawId),type:e.type,response:{authenticatorData:zn(e.response.authenticatorData),clientDataJSON:zn(e.response.clientDataJSON),signature:zn(e.response.signature),userHandle:e.response.userHandle?zn(e.response.userHandle):void 0}})}function Bn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function zn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Zn,Gn=(Zn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Jn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await Kn(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await Jn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await Kn(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Jn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:Jn,get:Kn,isSupported:Vn,conditional:Mn}}),(...e)=>{const t=Zn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Wn={config:"/fedcm/config"},Xn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Yn(e,t){var n;try{await Qn(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Qn(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Xn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var eo=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Vn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let to;const no=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{no(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const oo=async(e,t,n)=>{to||(to=(async()=>{try{return require("oidc-client-ts")}catch(e){return no([c,l],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await to;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,u,d;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,u=`${a}_user`,d="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,u=`${a}_user`,d="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,u=`${a}_user`,d="openid email roles descope.custom_claims offline_access");const p={authority:s,client_id:a,redirect_uri:i,response_type:"code",scope:(null==n?void 0:n.scope)||d,stateStore:new r({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(p.redirect_uri=n.redirectUri),{client:new o(p),stateUserKey:u}},ro=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await oo(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),k(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(t={},n=!1)=>{var r;const{client:i}=await o(),s=await i.createSigninRequest(t),{url:a}=s;return n||(await(null===(r=e.httpClient.hooks)||void 0===r?void 0:r.afterRequest({},new Response(JSON.stringify(s)))),window.location.href=a),{ok:!0,data:s}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=I(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||en(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return O(r),t||window.location.replace(s),i}}},io=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,d=n,e(t)}),(e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return s?(o&&r&&yn(o).catch((()=>null)),e(f(i,{beforeRequest:bn}))):e(i)}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.50.0"},t.baseHeaders)}))),(e=>t=>{const n=Nn(),o=Nn(),r=Nn(),i=Nn(),s=e(f(t,{afterRequest:async(e,t)=>{if(y(e,t))qt("Session invalidated, notifying subscribers with empty values"),o.pub(null),r.pub(null),n.pub(null),i.pub(null);else{const e=await(async e=>{const t=await w(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:s,sessionExpiration:a,claims:c}=await w(t);s&&o.pub(s),c&&i.pub(c),(a||s)&&n.pub(a||42)}}})),a=Ue(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const s=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i.pub(null),s}));return Object.assign(a,{onSessionTokenChange:o.sub,onUserChange:r.sub,onClaimsChange:i.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{const{enableFlowNonce:o=!0,nonceStoragePrefix:r=kn}=n,i=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!o)return e(i);((e=kn)=>{try{if(!b)return;for(let r=0;r<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==d?void 0:d.length)&&void 0!==t?t:s&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);r++){const t=j(r);if(t&&t.startsWith(e)){const e=I(t);if(e)try{JSON.parse(e).expiry<Date.now()&&O(t)}catch(e){O(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(r);return e(f(i,{afterRequest:async(e,t)=>{if(e.path!==On&&e.path!==jn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(In);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=xn(e)),{nonce:n,executionId:Tn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=kn)=>{try{const r=Sn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};k(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===On,r)}},beforeRequest:e=>{if(e.path===jn){const t=xn(e);if(t){const n=((e,t=kn)=>{try{const n=Sn(e,t),o=I(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(Un(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,r);n&&(e.headers=e.headers||{},e.headers[In]=n)}}return e}}))}),(e=>t=>{const n=e(f(t,{afterRequest:async(e,t)=>{if(y(e,t))return void O(_n);const n=await w(t);(null==n?void 0:n.sessionExpiration)&&k(_n,String(n.sessionExpiration))}}));return Ue(n,["logout","logoutAll","oidc.logout"],Ln)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);const a=!!o,c="object"==typeof o&&(null==o?void 0:o.customActivityTracking);if(!a||m())return Object.assign(e(i),{markUserActive:()=>{Jt("markUserActive() called but has no effect")}});const{clearAllTimers:l,setTimer:u}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,p,g=null,h=!1,v=!1;c&&(qt("Activity-based refresh enabled"),g=(()=>{let e=!0;return{hadActivity:()=>e,reset:()=>{e=!1},markActive:()=>{e=!0}}})()),s&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(qt("Expiration time passed, refreshing session"),b.refresh(Yt()||p))}));const b=e(f(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i,nextRefreshSeconds:a}=await w(t);if(y(e,t))qt("Session invalidated, canceling all timers"),l();else if(n||i){if(d=((e,t)=>{if(t)return new Date(1e3*t);qt("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!d)return void qt("Could not extract expiration time from session token");p=o,h=a>0;const e=Kt(d,a);if(l(),e<=2e4)return void qt("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});qt(`Setting refresh timer for ${t}. (${e}ms)`),g&&(g.reset(),v=!1),u((()=>{if(s&&"hidden"===document.visibilityState)qt("Skipping refresh due to timer - document is hidden");else{if(g&&h&&!g.hadActivity())return qt("Skipping refresh due to timer - user is idle"),void(v=!0);qt("Refreshing session due to timer"),b.refresh(Yt()||o)}}),e)}}}));return Object.assign(Ue(b,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return qt("Clearing all timers"),l(),n})),{markUserActive:g?()=>{qt("markUserActive() called"),h||qt("markUserActive() called but server does not have inactivity timeout configured (no nextRefreshSeconds)"),g.markActive(),v&&(qt("User became active after skipped refresh, triggering refresh"),v=!1,l(),b.refresh(Yt()||p))}:()=>{Jt("markUserActive() called but customActivityTracking is not enabled — this call has no effect")}})}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:$n,getLastUserDisplayName:An});const s=e(f(i,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:r}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=v((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;i?(En(i),(e=>{k(Cn,e)})(s)):(null==r?void 0:r.loginId)&&En(r.loginId)}}));let a=Ue(s,["flow.start"],Pn);return a=Ue(a,["logout","logoutAll"],Dn(r)),Object.assign(a,{getLastUserLoginId:$n,getLastUserDisplayName:An})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,refreshTokenViaCookie:i,storagePrefix:a,refreshCookieName:c}=n,l=t(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix","refreshCookieName"]);if(!o||!s)return e(Object.assign({refreshCookieName:c},l));let u;const d=e(f(Object.assign({refreshCookieName:c},l),{beforeRequest:nn(a,i,c),afterRequest:async(e,t)=>{if(y(e,t))qt("Session invalidated, clearing persisted tokens"),tn(a,r,i,u);else{const e=await w(t);e.cookieName?k(`${a||""}${zt}`,e.cookieName):e.refreshJwt&&O(`${a||""}${zt}`);const n=((e={},t=!1,n="",o=!1)=>{var r,i,s,a;const{sessionJwt:c,refreshJwt:l,trustedDeviceJwt:u}=e;let d;if(l)if(o){O(`${n}${Ht}`);const t=o.sameSite||"Strict",s=null===(r=o.secure)||void 0===r||r,a=null!==(i=o.domain)&&void 0!==i?i:e.cookieDomain,c=Xt(o);s&&"https:"!==window.location.protocol&&Jt("Refresh token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass refreshTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const u=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});Zt(c,l,u);const p=Gt(a);d=Object.assign(Object.assign({},d),{refresh:{path:u.cookiePath,domain:p?a:void 0}})}else{const e=Xt(o);Vt.remove(e),k(`${n}${Ht}`,l)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,r=null!==(a=t.domain)&&void 0!==a?a:e.cookieDomain,i=Wt(t);o&&"https:"!==window.location.protocol&&Jt("Session token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass sessionTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const l=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:r});Zt(i,c,l);const u=Gt(r);d=Object.assign(Object.assign({},d),{session:{path:l.cookiePath,domain:u?r:void 0}})}else k(`${n}${Ft}`,c);return e.idToken&&k(`${n}${Bt}`,e.idToken),u&&k(`${n}DTD`,u),d})(e,r,a,i);n&&(u=n)}}})),p=Ue(d,["logout","logoutAll","oidc.logout"],qn(a,r,i,(()=>u)));return Object.assign(p,{getRefreshToken:()=>Yt(a,i),getSessionToken:()=>Qt(a,r),getIdToken:()=>en(a)})}))((e=>{const t=Nt(e),n=ro(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,r)=>{var i;if(m())return qt(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}if(r&&!I(_n)&&!I(Rn)&&!I("DSLI_DISABLED"))return Promise.resolve({ok:!0});const s=Qt(),a=Yt();let c="";if(e.getExternalToken)try{c=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){qt("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},c,r)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:eo(t),webauthn:Gn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Yn(o,e)},requestAuthentication(e){Yn(o,e)}},async oneTap(e,t,n,r,i){await Qn(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+Wn.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>s&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+Wn.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return io.REFRESH_TOKEN_KEY=Ht,io.SESSION_TOKEN_KEY=Ft,io}));
+function Mt(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}var Vt=function e(t,n){function o(e,o,r){if("undefined"!=typeof document){"number"==typeof(r=Mt({},n,r)).expires&&(r.expires=new Date(Date.now()+864e5*r.expires)),r.expires&&(r.expires=r.expires.toUTCString()),e=encodeURIComponent(e).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var i="";for(var s in r)r[s]&&(i+="; "+s,!0!==r[s]&&(i+="="+r[s].split(";")[0]));return document.cookie=e+"="+t.write(o,e)+i}}return Object.create({set:o,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var n=document.cookie?document.cookie.split("; "):[],o={},r=0;r<n.length;r++){var i=n[r].split("="),s=i.slice(1).join("=");try{var a=decodeURIComponent(i[0]);if(o[a]=t.read(s,a),e===a)break}catch(e){}}return e?o[e]:o}},remove:function(e,t){o(e,"",Mt({},t,{expires:-1}))},withAttributes:function(t){return e(this.converter,Mt({},this.attributes,t))},withConverter:function(t){return e(Mt({},this.converter,t),this.attributes)}},{attributes:{value:Object.freeze(n)},converter:{value:Object.freeze(t)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"});const Ft="DS",Ht="DSR",Bt="DSI",zt="DSRCN";function Zt(e,t,n){if(t){const{cookieDomain:o,cookiePath:r,cookieSameSite:i,cookieExpiration:s,cookieSecure:a}=n,c=new Date(1e3*s),l=Gt(o);Vt.set(e,t,{path:r,domain:l?o:void 0,expires:c,sameSite:i,secure:a})}}function Gt(e){const t=window.location.hostname.split("."),n=null==e?void 0:e.split(".");return t.slice(-(null==n?void 0:n.length)).join(".")===e}const Wt=e=>(null==e?void 0:e.cookieName)||Ft,Xt=e=>(null==e?void 0:e.cookieName)||Ht;function Yt(e="",t){return Vt.get(Xt(t))||I(`${e}${Ht}`)||""}function Qt(e="",t){return Vt.get(Wt(t))||I(`${e}${Ft}`)||""}function en(e=""){return I(`${e}${Bt}`)||""}function tn(e="",t,n,o){O(`${e}${Ht}`),O(`${e}${Ft}`),O(`${e}${Bt}`),O(`${e}${zt}`);const r=Wt(t);Vt.remove(r,null==o?void 0:o.session);const i=Xt(n);Vt.remove(i,null==o?void 0:o.refresh)}const nn=(e,t,n)=>o=>{const r=Object.assign(o,{token:o.token||Yt(e,t)});if(!n){const t=function(e=""){return I(`${e}${zt}`)}(e);t&&(r.headers=Object.assign(Object.assign({},r.headers||{}),{"x-descope-refresh-cookie-name":t}))}const i=function(e=""){return I(`${e}DTD`)||""}(e);return i&&(r.headers=Object.assign(Object.assign({},r.headers||{}),{"x-descope-trusted-device-token":i})),r},on=s&&(null===localStorage||void 0===localStorage?void 0:localStorage.getItem("fingerprint.endpoint.url"))||"https://api.descope.com",rn="vsid",sn="vrid";var an={default:"endpoint"},cn="Blocked by CSP",ln="The endpoint parameter is not a valid URL",un="Failed to load the JS script of the agent",dn="9319";function pn(e,t){var n,o,r,i,s,a=[],c=(n=function(e){var t=function(e,t,n){if(n||2===arguments.length)for(var o,r=0,i=t.length;r<i;r++)!o&&r in t||(o||(o=Array.prototype.slice.call(t,0,r)),o[r]=t[r]);return e.concat(o||Array.prototype.slice.call(t))}([],e,!0);return{current:function(){return t[0]},postpone:function(){var e=t.shift();void 0!==e&&t.push(e)},exclude:function(){t.shift()}}}(e),i=0,o=function(){return Math.random()*Math.min(3e3,100*Math.pow(2,i++))},r=new Set,[n.current(),function(e,t){var i,s=t instanceof Error?t.message:"";if(s===cn||s===ln)n.exclude(),i=0;else if(s===dn)n.exclude();else if(s===un){var a=Date.now()-e.getTime()<50,c=n.current();c&&a&&!r.has(c)&&(r.add(c),i=0),n.postpone()}else n.postpone();var l=n.current();return void 0===l?void 0:[l,null!=i?i:e.getTime()+o()-Date.now()]}]),l=c[0],u=c[1];if(void 0===l)return Promise.reject(new TypeError("The list of script URL patterns is empty"));var d=function(e){var n=new Date,o=function(t){return a.push({url:e,startedAt:n,finishedAt:new Date,error:t})},r=t(e);return r.then((function(){return o()}),o),r.catch((function(e){if(null!=s||(s=e),a.length>=5)throw s;var t=u(n,e);if(!t)throw s;var o,r=t[0],i=t[1];return(o=i,new Promise((function(e){return setTimeout(e,o)}))).then((function(){return d(r)}))}))};return d(l).then((function(e){return[e,a]}))}var gn="https://fpnpmcdn.net/v<version>/<apiKey>/loader_v<loaderVersion>.js",hn=gn;function fn(n){var o;n.scriptUrlPattern;var r=n.token,i=n.apiKey,s=void 0===i?r:i,a=t(n,["scriptUrlPattern","token","apiKey"]),c=null!==(o=function(e,t){return function(e,t){return Object.prototype.hasOwnProperty.call(e,t)}(e,t)?e[t]:void 0}(n,"scriptUrlPattern"))&&void 0!==o?o:gn,l=function(){var e=[],t=function(){e.push({time:new Date,state:document.visibilityState})},n=function(e,t,n,o){return e.addEventListener(t,n,o),function(){return e.removeEventListener(t,n,o)}}(document,"visibilitychange",t);return t(),[e,n]}(),u=l[0],d=l[1];return Promise.resolve().then((function(){if(!s||"string"!=typeof s)throw new Error("API key required");var e=function(e,t){return(Array.isArray(e)?e:[e]).map((function(e){return function(e,t){var n=encodeURIComponent;return e.replace(/<[^<>]+>/g,(function(e){return"<version>"===e?"3":"<apiKey>"===e?n(t):"<loaderVersion>"===e?n("3.11.6"):e}))}(String(e),t)}))}(c,s);return pn(e,vn)})).catch((function(e){throw d(),function(e){return e instanceof Error&&e.message===dn?new Error(un):e}(e)})).then((function(t){var n=t[0],o=t[1];return d(),n.load(e(e({},a),{ldi:{attempts:o,visibilityStates:u}}))}))}function vn(e){return function(e,t,n){var o,r=document,i="securitypolicyviolation",s=function(t){var n=new URL(e,location.href),r=t.blockedURI;r!==n.href&&r!==n.protocol.slice(0,-1)&&r!==n.origin||(o=t,a())};r.addEventListener(i,s);var a=function(){return r.removeEventListener(i,s)};return Promise.resolve().then(t).then((function(e){return a(),e}),(function(e){return new Promise((function(e){var t=new MessageChannel;t.port1.onmessage=function(){return e()},t.port2.postMessage(null)})).then((function(){if(a(),o)return n(o);throw e}))}))}(e,(function(){return function(e){return new Promise((function(t,n){if(function(e){if(URL.prototype)try{return new URL(e,location.href),!1}catch(e){if(e instanceof Error&&"TypeError"===e.name)return!0;throw e}}(e))throw new Error(ln);var o=document.createElement("script"),r=function(){var e;return null===(e=o.parentNode)||void 0===e?void 0:e.removeChild(o)},i=document.head||document.getElementsByTagName("head")[0];o.onload=function(){r(),t()},o.onerror=function(){r(),n(new Error(un))},o.async=!0,o.src=e,i.appendChild(o)}))}(e)}),(function(){throw new Error(cn)})).then(wn)}function wn(){var e=window,t="__fpjs_p_l_b",n=e[t];if(function(e,t){var n,o=null===(n=Object.getOwnPropertyDescriptor)||void 0===n?void 0:n.call(Object,e,t);(null==o?void 0:o.configurable)?delete e[t]:o&&!o.writable||(e[t]=void 0)}(e,t),"function"!=typeof(null==n?void 0:n.load))throw new Error(dn);return n}const mn=(e=!1)=>{const t=I("fp");if(!t)return null;const n=JSON.parse(t);return(new Date).getTime()>n.expiry&&!e?null:n.value},yn=async(e,t=on)=>{try{if(mn())return;const n=(Date.now().toString(36)+Math.random().toString(36).substring(2)+Math.random().toString(36).substring(2)).substring(0,27),o=new URL(t);o.pathname="/fXj8gt3x8VulJBna/x96Emn69oZwcd7I6";const r=new URL(t);r.pathname="/fXj8gt3x8VulJBna/w78aRZnnDZ3Aqw0I";const i=r.toString()+"?apiKey=<apiKey>&version=<version>&loaderVersion=<loaderVersion>",s=fn({apiKey:e,endpoint:[o.toString(),an],scriptUrlPattern:[i,hn]}),a=await s,{requestId:c}=await a.get({linkedId:n}),l=((e,t)=>({[rn]:e,[sn]:t}))(n,c);(e=>{const t={value:e,expiry:(new Date).getTime()+864e5};k("fp",JSON.stringify(t))})(l)}catch(e){console.warn("Could not load fingerprint",e)}},bn=e=>{const t=mn(!0);return t&&e.body&&(e.body.fpData=t),e},kn="descopeFlowNonce",In="X-Descope-Flow-Nonce",On="/v1/flow/start",jn="/v1/flow/next",Sn=(e,t=kn)=>`${t}${e}`,Un=(e,t=kn)=>{try{const n=Sn(e,t);O(n)}catch(e){console.error("Error removing flow nonce:",e)}},Tn=e=>{var t;return(null===(t=/.*\|#\|(.*)/.exec(e))||void 0===t?void 0:t[1])||null},xn=e=>{var t;return e.path===jn&&(null===(t=e.body)||void 0===t?void 0:t.executionId)?Tn(e.body.executionId):null},Rn="dls_last_user_login_id",Cn="dls_last_user_display_name",En=e=>k(Rn,e),Pn=()=>I(Rn),$n=()=>I(Cn),An=e=>async(...t)=>{var n;t[1]=t[1]||{};const[,o={}]=t,r=Pn(),i=$n();r&&(null!==(n=o.lastAuth)&&void 0!==n||(o.lastAuth={}),o.lastAuth.loginId=r,o.lastAuth.name=i);return await e(...t)},Dn=e=>t=>async(...n)=>{const o=await t(...n);return e||(O(Rn),O(Cn)),o},_n="DSLI",Ln=e=>async(...t)=>{const n=await e(...t);return O(_n),n};function Nn(){const e=[];return{pub:t=>{e.forEach((e=>e(t)))},sub:t=>{const n=e.push(t)-1;return()=>e.splice(n,1)}}}const qn=(e,t,n,o)=>r=>async(...i)=>{const s=await r(...i);return tn(e,t,n,null==o?void 0:o()),s};async function Jn(e){const t=function(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=Bn(n.publicKey.challenge),n.publicKey.user.id=Bn(n.publicKey.user.id),null===(t=n.publicKey.excludeCredentials)||void 0===t||t.forEach((e=>{e.id=Bn(e.id)})),n}(e),n=await navigator.credentials.create(t);return o=n,JSON.stringify({id:o.id,rawId:zn(o.rawId),type:o.type,response:{attestationObject:zn(o.response.attestationObject),clientDataJSON:zn(o.response.clientDataJSON)}});var o}async function Kn(e){const t=Fn(e);return Hn(await navigator.credentials.get(t))}async function Mn(e,t){const n=Fn(e);n.signal=t.signal,n.mediation="conditional";return Hn(await navigator.credentials.get(n))}async function Vn(e=!1){var t,n;if(!s)return Promise.resolve(!1);if(m()){const e=null===(n=null===(t=window.descopeBridge)||void 0===t?void 0:t.hostInfo)||void 0===n?void 0:n.webauthn;if("boolean"==typeof e)return e}const o=!!(window.PublicKeyCredential&&navigator.credentials&&navigator.credentials.create&&navigator.credentials.get);return o&&e&&PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable?PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable():o}function Fn(e){var t;const n=JSON.parse(e);return n.publicKey.challenge=Bn(n.publicKey.challenge),null===(t=n.publicKey.allowCredentials)||void 0===t||t.forEach((e=>{e.id=Bn(e.id)})),n}function Hn(e){return JSON.stringify({id:e.id,rawId:zn(e.rawId),type:e.type,response:{authenticatorData:zn(e.response.authenticatorData),clientDataJSON:zn(e.response.clientDataJSON),signature:zn(e.response.signature),userHandle:e.response.userHandle?zn(e.response.userHandle):void 0}})}function Bn(e){const t=e.replace(/_/g,"/").replace(/-/g,"+");return Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer}function zn(e){return btoa(String.fromCharCode.apply(null,new Uint8Array(e))).replace(/\//g,"_").replace(/\+/g,"-").replace(/=/g,"")}var Zn,Gn=(Zn=e=>({async signUp(t,n,o){const r=await e.webauthn.signUp.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Jn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,i)},async signIn(t,n){const o=await e.webauthn.signIn.start(t,window.location.origin,void 0,void 0,n);if(!o.ok)return o;const r=await Kn(o.data.options);return await e.webauthn.signIn.finish(o.data.transactionId,r)},async signUpOrIn(t,n){var o;const r=await e.webauthn.signUpOrIn.start(t,window.location.origin,n);if(!r.ok)return r;if(null===(o=r.data)||void 0===o?void 0:o.create){const t=await Jn(r.data.options);return await e.webauthn.signUp.finish(r.data.transactionId,t)}{const t=await Kn(r.data.options);return await e.webauthn.signIn.finish(r.data.transactionId,t)}},async update(t,n,o){const r=await e.webauthn.update.start(t,window.location.origin,n,o);if(!r.ok)return r;const i=await Jn(r.data.options);return await e.webauthn.update.finish(r.data.transactionId,i)},helpers:{create:Jn,get:Kn,isSupported:Vn,conditional:Mn}}),(...e)=>{const t=Zn(...e);return Object.assign(t.signUp,e[0].webauthn.signUp),Object.assign(t.signIn,e[0].webauthn.signIn),Object.assign(t.signUpOrIn,e[0].webauthn.signUpOrIn),Object.assign(t.update,e[0].webauthn.update),t});const Wn={config:"/fedcm/config"},Xn=()=>{if(window.crypto&&window.crypto.getRandomValues){const e=new Uint8Array(16);return window.crypto.getRandomValues(e),Array.from(e,(e=>e.toString(16).padStart(2,"0"))).join("")}return Math.random().toString(36).substring(2)};async function Yn(e,t){var n;try{await Qn(e,t)}catch(e){null===(n=null==t?void 0:t.onFailed)||void 0===n||n.call(t,e)}}async function Qn(e,t){var n,o;const r=await async function(e,t="google",n,o,r){const i=Xn(),s=await async function(){return new Promise(((e,t)=>{if(window.google)return void e(window.google.accounts.id);let n=document.getElementById("google-gsi-client-script");n||(n=document.createElement("script"),document.head.appendChild(n),n.async=!0,n.defer=!0,n.id="google-gsi-client-script",n.src="https://accounts.google.com/gsi/client"),n.onload=function(){window.google?e(window.google.accounts.id):t("Failed to load Google GSI client script - not loaded properly")},n.onerror=function(){t("Failed to load Google GSI client script - failed to load")}}))}(),a=await e.oauth.getOneTapClientId(t);if(!a.ok)throw new Error("Failed to get OneTap client ID for provider "+t);const c=a.data.clientId;return new Promise((e=>{var a,l;const u=n=>{e({provider:t,nonce:i,credential:null==n?void 0:n.credential})};s.initialize(Object.assign(Object.assign({},n),{itp_support:null===(a=null==n?void 0:n.itp_support)||void 0===a||a,use_fedcm_for_prompt:null===(l=null==n?void 0:n.use_fedcm_for_prompt)||void 0===l||l,client_id:c,callback:u,nonce:i})),s.prompt((e=>{var t,n;if(r&&(null==e?void 0:e.isDismissedMoment())){const n=null===(t=e.getDismissedReason)||void 0===t?void 0:t.call(e);return null==r||r(n),void u()}if(o&&(null==e?void 0:e.isSkippedMoment())){const t=null===(n=e.getSkippedReason)||void 0===n?void 0:n.call(e);return null==o||o(t),void u()}}))}))}(e,t.provider,t.oneTapConfig,t.onSkipped,t.onDismissed);if(!r.credential)return null;if(null==t?void 0:t.onCodeReceived){const o=await e.oauth.verifyOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!o.ok||!o.data)throw new Error("Failed to verify OneTap client ID for provider "+r.provider);null===(n=null==t?void 0:t.onCodeReceived)||void 0===n||n.call(t,o.data.code)}else{const n=await e.oauth.exchangeOneTapIDToken(r.provider,r.credential,r.nonce,null==t?void 0:t.loginOptions);if(!n.ok||!n.data)throw new Error("Failed to exchange OneTap client ID for provider "+r.provider);null===(o=null==t?void 0:t.onAuthenticated)||void 0===o||o.call(t,n.data)}}var eo=e=>Object.assign(Object.assign({},e.flow),{start:async(...t)=>{const n=await Vn(),o=Object.assign(Object.assign({location:window.location.href},t[1]),{deviceInfo:{webAuthnSupport:n},startOptionsVersion:1});return t[1]=o,e.flow.start(...t)}});let to;const no=(e,t)=>new Promise(((n,o)=>{if(!e.length)return o(new Error("No URLs provided to loadScriptWithFallback"));const r=t();if(r)return n(r);const i=e.shift(),s=document.createElement("script");s.src=i,s.id=(e=>{let t=0;for(let n=0;n<e.length;n++)t=(t<<5)-t+e.charCodeAt(n),t|=0;return Math.abs(t).toString(16)})(i),s.onload=()=>{const e=t();if(e)return n(e);throw new Error("Could not get entry after loading script from URL")},s.addEventListener("error",(()=>{no(e,t),s.setAttribute("data-error","true")})),document.body.appendChild(s)}));const oo=async(e,t,n)=>{to||(to=(async()=>{try{return require("oidc-client-ts")}catch(e){return no([c,l],(()=>window.oidc))}})());const{OidcClient:o,WebStorageStateStore:r}=await to;if(!o)throw new Error("oidc-client-ts is not installed. Please install it by running `npm install oidc-client-ts`");const i=(null==n?void 0:n.redirectUri)||window.location.href;let s,a,u,d;if(null==n?void 0:n.issuer){if(!n.clientId)throw new Error("clientId is required when providing a custom issuer/authority");s=n.issuer,a=n.clientId,u=`${a}_user`,d="openid"}else(null==n?void 0:n.applicationId)?(s=e.httpClient.buildUrl(t),s=`${s}/${n.applicationId}`,a=t,u=`${a}_user`,d="openid email roles descope.custom_claims offline_access"):(s=e.httpClient.buildUrl(t),a=t,u=`${a}_user`,d="openid email roles descope.custom_claims offline_access");const p={authority:s,client_id:a,redirect_uri:i,response_type:"code",scope:(null==n?void 0:n.scope)||d,stateStore:new r({store:window.localStorage,prefix:a}),loadUserInfo:!0,fetchRequestCredentials:"same-origin"};return(null==n?void 0:n.redirectUri)&&(p.redirect_uri=n.redirectUri),{client:new o(p),stateUserKey:u}},ro=(e,t,n)=>{const o=async()=>{let o,r;return o&&r||({client:o,stateUserKey:r}=await oo(e,t,n)),{client:o,stateUserKey:r}},r=async(t="")=>{var n;const{client:r,stateUserKey:i}=await o(),s=await r.processSigninResponse(t||window.location.href);var a;return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(s)))),k(i,JSON.stringify({id_token:(a=s).id_token,session_state:a.session_state,profile:a.profile})),(()=>{const e=new URL(window.location.href);e.searchParams.delete("code"),e.searchParams.delete("state"),window.history.replaceState({},document.title,e.toString())})(),s};return{loginWithRedirect:async(t={},n=!1)=>{var r;const{client:i}=await o(),s=await i.createSigninRequest(t),{url:a}=s;return n||(await(null===(r=e.httpClient.hooks)||void 0===r?void 0:r.afterRequest({},new Response(JSON.stringify(s)))),window.location.href=a),{ok:!0,data:s}},finishLogin:r,finishLoginIfNeed:async(e="")=>{if(window.location.search.includes("code")&&window.location.search.includes("state"))return await r(e)},refreshToken:async t=>{var n;const{client:r,stateUserKey:i}=await o(),s=(e=>{const t=I(e);return t?JSON.parse(t):null})(i);if(!s)throw new Error("User not found in storage to refresh token");let a=t;if(!a){const t={};e.httpClient.hooks.beforeRequest(t),a=t.token}const c=await r.useRefreshToken({state:{refresh_token:a,session_state:s.session_state,profile:s.profile}});return await(null===(n=e.httpClient.hooks)||void 0===n?void 0:n.afterRequest({},new Response(JSON.stringify(c)))),c},logout:async(e,t=!1)=>{const{client:n,stateUserKey:r}=await o();e||(e={}),e.id_token_hint=e.id_token_hint||en(),e.post_logout_redirect_uri=e.post_logout_redirect_uri||window.location.href;const i=await n.createSignoutRequest(e),{url:s}=i;return O(r),t||window.location.replace(s),i}}},io=function(...e){return t=>e.reduce(((e,t)=>t(e)),t)}((e=>t=>{var n;return n=t.customStorage,d=n,e(t)}),(e=>n=>{var{fpKey:o,fpLoad:r}=n,i=t(n,["fpKey","fpLoad"]);return s?(o&&r&&yn(o).catch((()=>null)),e(v(i,{beforeRequest:bn}))):e(i)}),(e=>t=>e(Object.assign(Object.assign({},t),{baseHeaders:Object.assign({"x-descope-sdk-name":"web-js","x-descope-sdk-version":"1.50.2"},t.baseHeaders)}))),(e=>t=>{const n=Nn(),o=Nn(),r=Nn(),i=Nn(),s=e(v(t,{afterRequest:async(e,t)=>{if(y(e,t))qt("Session invalidated, notifying subscribers with empty values"),o.pub(null),r.pub(null),n.pub(null),i.pub(null);else{const e=await(async e=>{const t=await w(e);return(null==t?void 0:t.user)||((null==t?void 0:t.hasOwnProperty("userId"))?t:void 0)})(t);e&&r.pub(e);const{sessionJwt:s,sessionExpiration:a,claims:c}=await w(t);s&&o.pub(s),c&&i.pub(c),(a||s)&&n.pub(a||42)}}})),a=Ue(s,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const s=await e(...t);return o.pub(null),r.pub(null),n.pub(null),i.pub(null),s}));return Object.assign(a,{onSessionTokenChange:o.sub,onUserChange:r.sub,onClaimsChange:i.sub,onIsAuthenticatedChange:e=>n.sub((t=>{e(!!t)}))})}),(e=>n=>{var o;const{enableFlowNonce:r=!0,nonceStoragePrefix:i=kn}=n,a=t(n,["enableFlowNonce","nonceStoragePrefix"]);if(!r)return e(a);((e=kn)=>{try{if(!b)return;for(let r=0;r<(t=void 0,n=void 0,o=void 0,null!==(o=null!==(t=null==d?void 0:d.length)&&void 0!==t?t:s&&(null===(n=window.localStorage)||void 0===n?void 0:n.length))&&void 0!==o?o:0);r++){const t=j(r);if(t&&t.startsWith(e)){const e=I(t);if(e)try{JSON.parse(e).expiry<Date.now()&&O(t)}catch(e){O(t)}}}}catch(e){console.error("Error cleaning up expired nonces:",e)}var t,n,o})(i);const c=e(v(a,{afterRequest:async(e,t)=>{if(e.path!==On&&e.path!==jn)return;const{nonce:n,executionId:o}=await(async(e,t)=>{try{const n=t.headers.get(In);let o=await t.clone().json().then((e=>(null==e?void 0:e.executionId)||null)).catch((()=>null));return o||(o=xn(e)),{nonce:n,executionId:Tn(o)}}catch(e){return{nonce:null,executionId:null}}})(e,t);if(n&&o){((e,t,n,o=kn)=>{try{const r=Sn(e,o),i=n?172800:10800,s={value:t,expiry:Date.now()+1e3*i,isStart:n};k(r,JSON.stringify(s))}catch(e){console.error("Error setting flow nonce:",e)}})(o,n,e.path===On,i)}},beforeRequest:e=>{if(e.path===jn){const t=xn(e);if(t){const n=((e,t=kn)=>{try{const n=Sn(e,t),o=I(n);if(!o)return null;const r=JSON.parse(o);return r.expiry<Date.now()?(Un(e,t),null):r.value}catch(e){return console.error("Error getting flow nonce:",e),null}})(t,i);n&&(e.headers=e.headers||{},e.headers[In]=n)}}return e}}));if(null===(o=c.flow)||void 0===o?void 0:o.next){let e=Promise.resolve();const t=c.flow.next.bind(c.flow);c.flow.next=async(...n)=>{const o=e;let r;e=new Promise((e=>{r=e})),await o;try{return await t(...n)}finally{r()}}}return c}),(e=>t=>{const n=e(v(t,{afterRequest:async(e,t)=>{if(y(e,t))return void O(_n);const n=await w(t);(null==n?void 0:n.sessionExpiration)&&k(_n,String(n.sessionExpiration))}}));return Ue(n,["logout","logoutAll","oidc.logout"],Ln)}),(e=>n=>{var{autoRefresh:o}=n,i=t(n,["autoRefresh"]);const a=!!o,c="object"==typeof o&&(null==o?void 0:o.customActivityTracking);if(!a||m())return Object.assign(e(i),{markUserActive:()=>{Jt("markUserActive() called but has no effect")}});const{clearAllTimers:l,setTimer:u}=(()=>{const e=[];return{clearAllTimers:()=>{for(;e.length;)clearTimeout(e.pop())},setTimer:(t,n)=>{e.push(setTimeout(t,n))}}})();let d,p,g=null,h=!1,f=!1;c&&(qt("Activity-based refresh enabled"),g=(()=>{let e=!0;return{hadActivity:()=>e,reset:()=>{e=!1},markActive:()=>{e=!0}}})()),s&&document.addEventListener("visibilitychange",(()=>{"visible"===document.visibilityState&&d&&new Date>d&&(qt("Expiration time passed, refreshing session"),b.refresh(Yt()||p))}));const b=e(v(i,{afterRequest:async(e,t)=>{const{sessionJwt:n,refreshJwt:o,sessionExpiration:i,nextRefreshSeconds:a}=await w(t);if(y(e,t))qt("Session invalidated, canceling all timers"),l();else if(n||i){if(d=((e,t)=>{if(t)return new Date(1e3*t);qt("Could not extract expiration time from session token, trying to decode the token");try{const t=r(e);if(t.exp)return new Date(1e3*t.exp)}catch(e){return null}})(n,i),!d)return void qt("Could not extract expiration time from session token");p=o,h=a>0;const e=Kt(d,a);if(l(),e<=2e4)return void qt("Session is too close to expiration, not setting refresh timer");const t=new Date(Date.now()+e).toLocaleTimeString("en-US",{hour12:!1});qt(`Setting refresh timer for ${t}. (${e}ms)`),g&&(g.reset(),f=!1),u((()=>{if(s&&"hidden"===document.visibilityState)qt("Skipping refresh due to timer - document is hidden");else{if(g&&h&&!g.hadActivity())return qt("Skipping refresh due to timer - user is idle"),void(f=!0);qt("Refreshing session due to timer"),b.refresh(Yt()||o)}}),e)}}}));return Object.assign(Ue(b,["logout","logoutAll","oidc.logout"],(e=>async(...t)=>{const n=await e(...t);return qt("Clearing all timers"),l(),n})),{markUserActive:g?()=>{qt("markUserActive() called"),h||qt("markUserActive() called but server does not have inactivity timeout configured (no nextRefreshSeconds)"),g.markActive(),f&&(qt("User became active after skipped refresh, triggering refresh"),f=!1,l(),b.refresh(Yt()||p))}:()=>{Jt("markUserActive() called but customActivityTracking is not enabled — this call has no effect")}})}),(e=>n=>{var{storeLastAuthenticatedUser:o=!0,keepLastAuthenticatedUserAfterLogout:r=!1}=n,i=t(n,["storeLastAuthenticatedUser","keepLastAuthenticatedUserAfterLogout"]);if(!o)return Object.assign(e(i),{getLastUserLoginId:Pn,getLastUserDisplayName:$n});const s=e(v(i,{afterRequest:async(e,t)=>{var n;const{userInfo:o,lastAuth:r}=await(async e=>{if(!(null==e?void 0:e.ok))return{userInfo:void 0,lastAuth:void 0};const t=await(null==e?void 0:e.clone().json()),n=f((null==t?void 0:t.authInfo)||t||{});return{userInfo:(null==n?void 0:n.user)||((null==n?void 0:n.hasOwnProperty("userId"))?n:void 0),lastAuth:t.lastAuth}})(t),i=null===(n=null==o?void 0:o.loginIds)||void 0===n?void 0:n[0],s=null==o?void 0:o.name;i?(En(i),(e=>{k(Cn,e)})(s)):(null==r?void 0:r.loginId)&&En(r.loginId)}}));let a=Ue(s,["flow.start"],An);return a=Ue(a,["logout","logoutAll"],Dn(r)),Object.assign(a,{getLastUserLoginId:Pn,getLastUserDisplayName:$n})}),(e=>n=>{var{persistTokens:o,sessionTokenViaCookie:r,refreshTokenViaCookie:i,storagePrefix:a,refreshCookieName:c}=n,l=t(n,["persistTokens","sessionTokenViaCookie","refreshTokenViaCookie","storagePrefix","refreshCookieName"]);if(!o||!s)return e(Object.assign({refreshCookieName:c},l));let u;const d=e(v(Object.assign({refreshCookieName:c},l),{beforeRequest:nn(a,i,c),afterRequest:async(e,t)=>{if(y(e,t))qt("Session invalidated, clearing persisted tokens"),tn(a,r,i,u);else{const e=await w(t);e.cookieName?k(`${a||""}${zt}`,e.cookieName):e.refreshJwt&&O(`${a||""}${zt}`);const n=((e={},t=!1,n="",o=!1)=>{var r,i,s,a;const{sessionJwt:c,refreshJwt:l,trustedDeviceJwt:u}=e;let d;if(l)if(o){O(`${n}${Ht}`);const t=o.sameSite||"Strict",s=null===(r=o.secure)||void 0===r||r,a=null!==(i=o.domain)&&void 0!==i?i:e.cookieDomain,c=Xt(o);s&&"https:"!==window.location.protocol&&Jt("Refresh token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass refreshTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const u=Object.assign(Object.assign({},e),{cookieSameSite:t,cookieSecure:s,cookieDomain:a});Zt(c,l,u);const p=Gt(a);d=Object.assign(Object.assign({},d),{refresh:{path:u.cookiePath,domain:p?a:void 0}})}else{const e=Xt(o);Vt.remove(e),k(`${n}${Ht}`,l)}if(c)if(t){const n=t.sameSite||"Strict",o=null===(s=t.secure)||void 0===s||s,r=null!==(a=t.domain)&&void 0!==a?a:e.cookieDomain,i=Wt(t);o&&"https:"!==window.location.protocol&&Jt("Session token cookie is configured with secure=true but the page is not using HTTPS. The cookie will not be set. To fix this, pass sessionTokenViaCookie: { secure: process.env['NODE_ENV'] !== 'development' }");const l=Object.assign(Object.assign({},e),{cookieSameSite:n,cookieSecure:o,cookieDomain:r});Zt(i,c,l);const u=Gt(r);d=Object.assign(Object.assign({},d),{session:{path:l.cookiePath,domain:u?r:void 0}})}else k(`${n}${Ft}`,c);return e.idToken&&k(`${n}${Bt}`,e.idToken),u&&k(`${n}DTD`,u),d})(e,r,a,i);n&&(u=n)}}})),p=Ue(d,["logout","logoutAll","oidc.logout"],qn(a,r,i,(()=>u)));return Object.assign(p,{getRefreshToken:()=>Yt(a,i),getSessionToken:()=>Qt(a,r),getIdToken:()=>en(a)})}))((e=>{const t=Nt(e),n=ro(t,e.projectId,e.oidcConfig);return Object.assign(Object.assign({},t),{refresh:async(o,r)=>{var i;if(m())return qt(`Refresh called in native flow: ${(new Error).stack}`),Promise.resolve({ok:!1,error:{errorCode:"J171000",errorDescription:"Refresh is not supported in native flows via the web SDK"}});if(e.oidcConfig)try{return await n.refreshToken(o),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161001",errorDescription:e.toString()}})}if(r&&!I(_n)&&!I(Rn)&&!I("DSLI_DISABLED"))return Promise.resolve({ok:!0});const s=Qt(),a=Yt();let c="";if(e.getExternalToken)try{c=await(null===(i=e.getExternalToken)||void 0===i?void 0:i.call(e))}catch(e){qt("Error getting external token while refreshing",e)}return t.refresh(o,{dcs:s?"t":"f",dcr:a?"t":"f"},c,r)},logout:async o=>{if(e.oidcConfig)try{return await n.logout({id_token_hint:o}),Promise.resolve({ok:!0})}catch(e){return Promise.resolve({ok:!1,error:{errorCode:"J161000",errorDescription:e.toString()}})}return t.logout(o)},flow:eo(t),webauthn:Gn(t),fedcm:(o=t,r=e.projectId,{onetap:{requestExchangeCode(e){Yn(o,e)},requestAuthentication(e){Yn(o,e)}},async oneTap(e,t,n,r,i){await Qn(o,{provider:e,oneTapConfig:t,loginOptions:n,onSkipped:r,onDismissed:i})},async launch(e){var t;const n={identity:{context:e||"signin",providers:[{configURL:o.httpClient.buildUrl(r+Wn.config),clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(n));return o.refresh(i.token)},isSupported:()=>s&&"IdentityCredential"in window,async isLoggedIn(e){var t;const n=o.httpClient.buildUrl(r+Wn.config);try{const o={identity:{context:e||"signin",providers:[{configURL:n,clientId:r}]}},i=await(null===(t=navigator.credentials)||void 0===t?void 0:t.get(o));return!!i&&!!i.token}catch(e){return!1}}}),oidc:n});var o,r}));return io.REFRESH_TOKEN_KEY=Ht,io.SESSION_TOKEN_KEY=Ft,io}));
 //# sourceMappingURL=index.umd.js.map