@eventuras/fides-auth 0.3.0

package/dist/utils-ByMRF7b2.js

@@ -0,0 +1,379 @@
+import { createLogger as e } from "./logger.js";
+import { C as t, D as n, E as r, T as i, _ as a, b as o, c as s, f as c, i as l, l as u, m as d, o as f, r as p, s as m, t as h, u as g, v as _, w as v, x as y, y as b } from "./deflate-koSuX7FB.js";
+import { t as x } from "./decode_jwt-1J26fl4I.js";
+//#region ../../node_modules/.pnpm/jose@6.2.2/node_modules/jose/dist/webapi/jwe/flattened/encrypt.js
+var S = class {
+	#e;
+	#t;
+	#n;
+	#r;
+	#i;
+	#a;
+	#o;
+	#s;
+	constructor(e) {
+		if (!(e instanceof Uint8Array)) throw TypeError("plaintext must be an instance of Uint8Array");
+		this.#e = e;
+	}
+	setKeyManagementParameters(e) {
+		return g(this.#s, "setKeyManagementParameters"), this.#s = e, this;
+	}
+	setProtectedHeader(e) {
+		return g(this.#t, "setProtectedHeader"), this.#t = e, this;
+	}
+	setSharedUnprotectedHeader(e) {
+		return g(this.#n, "setSharedUnprotectedHeader"), this.#n = e, this;
+	}
+	setUnprotectedHeader(e) {
+		return g(this.#r, "setUnprotectedHeader"), this.#r = e, this;
+	}
+	setAdditionalAuthenticatedData(e) {
+		return this.#i = e, this;
+	}
+	setContentEncryptionKey(e) {
+		return g(this.#a, "setContentEncryptionKey"), this.#a = e, this;
+	}
+	setInitializationVector(e) {
+		return g(this.#o, "setInitializationVector"), this.#o = e, this;
+	}
+	async encrypt(e, n) {
+		if (!this.#t && !this.#r && !this.#n) throw new _("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");
+		if (!s(this.#t, this.#r, this.#n)) throw new _("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");
+		let i = {
+			...this.#t,
+			...this.#r,
+			...this.#n
+		};
+		if (l(_, /* @__PURE__ */ new Map(), n?.crit, this.#t, i), i.zip !== void 0 && i.zip !== "DEF") throw new a("Unsupported JWE \"zip\" (Compression Algorithm) Header Parameter value.");
+		if (i.zip !== void 0 && !this.#t?.zip) throw new _("JWE \"zip\" (Compression Algorithm) Header Parameter MUST be in a protected header.");
+		let { alg: o, enc: u } = i;
+		if (typeof o != "string" || !o) throw new _("JWE \"alg\" (Algorithm) Header Parameter missing or invalid");
+		if (typeof u != "string" || !u) throw new _("JWE \"enc\" (Encryption Algorithm) Header Parameter missing or invalid");
+		let g;
+		if (this.#a && (o === "dir" || o === "ECDH-ES")) throw TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${o}`);
+		p(o === "dir" ? u : o, e, "encrypt");
+		let y;
+		{
+			let t, r = await m(e, o);
+			({cek: y, encryptedKey: g, parameters: t} = await f(o, u, r, this.#a, this.#s)), t && (n && c in n ? this.#r ? this.#r = {
+				...this.#r,
+				...t
+			} : this.setUnprotectedHeader(t) : this.#t ? this.#t = {
+				...this.#t,
+				...t
+			} : this.setProtectedHeader(t));
+		}
+		let b, x, S, C;
+		if (this.#t ? (x = t(JSON.stringify(this.#t)), S = r(x)) : (x = "", S = new Uint8Array()), this.#i) {
+			C = t(this.#i);
+			let e = r(C);
+			b = v(S, r("."), e);
+		} else b = S;
+		let w = this.#e;
+		i.zip === "DEF" && (w = await h(w).catch((e) => {
+			throw new _("Failed to compress plaintext", { cause: e });
+		}));
+		let { ciphertext: T, tag: E, iv: D } = await d(u, w, y, this.#o, b), O = { ciphertext: t(T) };
+		return D && (O.iv = t(D)), E && (O.tag = t(E)), g && (O.encrypted_key = t(g)), C && (O.aad = C), this.#t && (O.protected = x), this.#n && (O.unprotected = this.#n), this.#r && (O.header = this.#r), O;
+	}
+}, C = (e) => Math.floor(e.getTime() / 1e3), w = 60, T = w * 60, E = T * 24, D = E * 7, O = E * 365.25, k = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
+function A(e) {
+	let t = k.exec(e);
+	if (!t || t[4] && t[1]) throw TypeError("Invalid time period format");
+	let n = parseFloat(t[2]), r = t[3].toLowerCase(), i;
+	switch (r) {
+		case "sec":
+		case "secs":
+		case "second":
+		case "seconds":
+		case "s":
+			i = Math.round(n);
+			break;
+		case "minute":
+		case "minutes":
+		case "min":
+		case "mins":
+		case "m":
+			i = Math.round(n * w);
+			break;
+		case "hour":
+		case "hours":
+		case "hr":
+		case "hrs":
+		case "h":
+			i = Math.round(n * T);
+			break;
+		case "day":
+		case "days":
+		case "d":
+			i = Math.round(n * E);
+			break;
+		case "week":
+		case "weeks":
+		case "w":
+			i = Math.round(n * D);
+			break;
+		default:
+			i = Math.round(n * O);
+			break;
+	}
+	return t[1] === "-" || t[4] === "ago" ? -i : i;
+}
+function j(e, t) {
+	if (!Number.isFinite(t)) throw TypeError(`Invalid ${e} input`);
+	return t;
+}
+var M = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, N = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
+function P(e, t, n = {}) {
+	let r;
+	try {
+		r = JSON.parse(i.decode(t));
+	} catch {}
+	if (!u(r)) throw new y("JWT Claims Set must be a top-level JSON object");
+	let { typ: a } = n;
+	if (a && (typeof e.typ != "string" || M(e.typ) !== M(a))) throw new b("unexpected \"typ\" JWT header value", r, "typ", "check_failed");
+	let { requiredClaims: s = [], issuer: c, subject: l, audience: d, maxTokenAge: f } = n, p = [...s];
+	f !== void 0 && p.push("iat"), d !== void 0 && p.push("aud"), l !== void 0 && p.push("sub"), c !== void 0 && p.push("iss");
+	for (let e of new Set(p.reverse())) if (!(e in r)) throw new b(`missing required "${e}" claim`, r, e, "missing");
+	if (c && !(Array.isArray(c) ? c : [c]).includes(r.iss)) throw new b("unexpected \"iss\" claim value", r, "iss", "check_failed");
+	if (l && r.sub !== l) throw new b("unexpected \"sub\" claim value", r, "sub", "check_failed");
+	if (d && !N(r.aud, typeof d == "string" ? [d] : d)) throw new b("unexpected \"aud\" claim value", r, "aud", "check_failed");
+	let m;
+	switch (typeof n.clockTolerance) {
+		case "string":
+			m = A(n.clockTolerance);
+			break;
+		case "number":
+			m = n.clockTolerance;
+			break;
+		case "undefined":
+			m = 0;
+			break;
+		default: throw TypeError("Invalid clockTolerance option type");
+	}
+	let { currentDate: h } = n, g = C(h || /* @__PURE__ */ new Date());
+	if ((r.iat !== void 0 || f) && typeof r.iat != "number") throw new b("\"iat\" claim must be a number", r, "iat", "invalid");
+	if (r.nbf !== void 0) {
+		if (typeof r.nbf != "number") throw new b("\"nbf\" claim must be a number", r, "nbf", "invalid");
+		if (r.nbf > g + m) throw new b("\"nbf\" claim timestamp check failed", r, "nbf", "check_failed");
+	}
+	if (r.exp !== void 0) {
+		if (typeof r.exp != "number") throw new b("\"exp\" claim must be a number", r, "exp", "invalid");
+		if (r.exp <= g - m) throw new o("\"exp\" claim timestamp check failed", r, "exp", "check_failed");
+	}
+	if (f) {
+		let e = g - r.iat, t = typeof f == "number" ? f : A(f);
+		if (e - m > t) throw new o("\"iat\" claim timestamp check failed (too far in the past)", r, "iat", "check_failed");
+		if (e < 0 - m) throw new b("\"iat\" claim timestamp check failed (it should be in the past)", r, "iat", "check_failed");
+	}
+	return r;
+}
+var F = class {
+	#e;
+	constructor(e) {
+		if (!u(e)) throw TypeError("JWT Claims Set MUST be an object");
+		this.#e = structuredClone(e);
+	}
+	data() {
+		return n.encode(JSON.stringify(this.#e));
+	}
+	get iss() {
+		return this.#e.iss;
+	}
+	set iss(e) {
+		this.#e.iss = e;
+	}
+	get sub() {
+		return this.#e.sub;
+	}
+	set sub(e) {
+		this.#e.sub = e;
+	}
+	get aud() {
+		return this.#e.aud;
+	}
+	set aud(e) {
+		this.#e.aud = e;
+	}
+	set jti(e) {
+		this.#e.jti = e;
+	}
+	set nbf(e) {
+		typeof e == "number" ? this.#e.nbf = j("setNotBefore", e) : e instanceof Date ? this.#e.nbf = j("setNotBefore", C(e)) : this.#e.nbf = C(/* @__PURE__ */ new Date()) + A(e);
+	}
+	set exp(e) {
+		typeof e == "number" ? this.#e.exp = j("setExpirationTime", e) : e instanceof Date ? this.#e.exp = j("setExpirationTime", C(e)) : this.#e.exp = C(/* @__PURE__ */ new Date()) + A(e);
+	}
+	set iat(e) {
+		e === void 0 ? this.#e.iat = C(/* @__PURE__ */ new Date()) : e instanceof Date ? this.#e.iat = j("setIssuedAt", C(e)) : typeof e == "string" ? this.#e.iat = j("setIssuedAt", C(/* @__PURE__ */ new Date()) + A(e)) : this.#e.iat = j("setIssuedAt", e);
+	}
+}, I = class {
+	#e;
+	constructor(e) {
+		this.#e = new S(e);
+	}
+	setContentEncryptionKey(e) {
+		return this.#e.setContentEncryptionKey(e), this;
+	}
+	setInitializationVector(e) {
+		return this.#e.setInitializationVector(e), this;
+	}
+	setProtectedHeader(e) {
+		return this.#e.setProtectedHeader(e), this;
+	}
+	setKeyManagementParameters(e) {
+		return this.#e.setKeyManagementParameters(e), this;
+	}
+	async encrypt(e, t) {
+		let n = await this.#e.encrypt(e, t);
+		return [
+			n.protected,
+			n.encrypted_key,
+			n.iv,
+			n.ciphertext,
+			n.tag
+		].join(".");
+	}
+}, L = class {
+	#e;
+	#t;
+	#n;
+	#r;
+	#i;
+	#a;
+	#o;
+	#s;
+	constructor(e = {}) {
+		this.#s = new F(e);
+	}
+	setIssuer(e) {
+		return this.#s.iss = e, this;
+	}
+	setSubject(e) {
+		return this.#s.sub = e, this;
+	}
+	setAudience(e) {
+		return this.#s.aud = e, this;
+	}
+	setJti(e) {
+		return this.#s.jti = e, this;
+	}
+	setNotBefore(e) {
+		return this.#s.nbf = e, this;
+	}
+	setExpirationTime(e) {
+		return this.#s.exp = e, this;
+	}
+	setIssuedAt(e) {
+		return this.#s.iat = e, this;
+	}
+	setProtectedHeader(e) {
+		return g(this.#r, "setProtectedHeader"), this.#r = e, this;
+	}
+	setKeyManagementParameters(e) {
+		return g(this.#n, "setKeyManagementParameters"), this.#n = e, this;
+	}
+	setContentEncryptionKey(e) {
+		return g(this.#e, "setContentEncryptionKey"), this.#e = e, this;
+	}
+	setInitializationVector(e) {
+		return g(this.#t, "setInitializationVector"), this.#t = e, this;
+	}
+	replicateIssuerAsHeader() {
+		return this.#i = !0, this;
+	}
+	replicateSubjectAsHeader() {
+		return this.#a = !0, this;
+	}
+	replicateAudienceAsHeader() {
+		return this.#o = !0, this;
+	}
+	async encrypt(e, t) {
+		let n = new I(this.#s.data());
+		return this.#r && (this.#i || this.#a || this.#o) && (this.#r = {
+			...this.#r,
+			iss: this.#i ? this.#s.iss : void 0,
+			sub: this.#a ? this.#s.sub : void 0,
+			aud: this.#o ? this.#s.aud : void 0
+		}), n.setProtectedHeader(this.#r), this.#t && n.setInitializationVector(this.#t), this.#e && n.setContentEncryptionKey(this.#e), this.#n && n.setKeyManagementParameters(this.#n), n.encrypt(e, t);
+	}
+}, R = e({ namespace: "fides-auth:utils" });
+function z(e) {
+	if (e.length % 2 != 0) throw Error("Invalid hex string: odd length");
+	if (e.length > 0 && !/^[0-9a-fA-F]+$/.test(e)) throw Error("Invalid hex string: contains non-hex characters");
+	let t = new Uint8Array(e.length / 2);
+	for (let n = 0; n < t.length; n++) t[n] = Number.parseInt(e.slice(n * 2, n * 2 + 2), 16);
+	return t;
+}
+function B(e) {
+	return typeof e == "string" ? z(e) : e;
+}
+async function V(e, t) {
+	return new L(e).setProtectedHeader({
+		alg: "dir",
+		enc: "A256GCM"
+	}).setIssuedAt().encrypt(B(t));
+}
+async function H(e, t) {
+	let n = B(t), r = await crypto.subtle.importKey("raw", n, { name: "AES-GCM" }, !1, ["encrypt"]), i = crypto.getRandomValues(new Uint8Array(12)), a = new TextEncoder().encode(e), o = await crypto.subtle.encrypt({
+		name: "AES-GCM",
+		iv: i,
+		tagLength: 128
+	}, r, a), s = new Uint8Array(o), c = s.slice(0, s.length - 16), l = s.slice(s.length - 16);
+	return [
+		Y(i),
+		Y(l),
+		Y(c)
+	].join(":");
+}
+async function U(e, t) {
+	let [n, r, i] = e.split(":");
+	if (!n || !r || !i) throw Error("Invalid encrypted data format");
+	let a = z(n), o = z(r), s = z(i), c = new Uint8Array(s.length + o.length);
+	c.set(s), c.set(o, s.length);
+	let l = B(t), u = new Uint8Array([...l]), d = new Uint8Array([...a]), f = await crypto.subtle.importKey("raw", u, { name: "AES-GCM" }, !1, ["decrypt"]), p = await crypto.subtle.decrypt({
+		name: "AES-GCM",
+		iv: d,
+		tagLength: 128
+	}, f, c.buffer);
+	return new TextDecoder().decode(p);
+}
+function W(e) {
+	return typeof e == "string" ? new TextEncoder().encode(e) : e;
+}
+async function G(e) {
+	let t = W(e), n = await crypto.subtle.digest("SHA-256", t);
+	return Y(new Uint8Array(n));
+}
+async function K(e) {
+	let t = W(e), n = await crypto.subtle.digest("SHA-512", t);
+	return Y(new Uint8Array(n));
+}
+function q() {
+	let e = process.env.SESSION_SECRET;
+	if (!e) throw Error("SESSION_SECRET is not defined");
+	return e;
+}
+function J() {
+	let e = z(q());
+	return new Uint8Array([...e]);
+}
+function Y(e) {
+	return Array.from(e).map((e) => e.toString(16).padStart(2, "0")).join("");
+}
+function X(e = 32) {
+	let t = new Uint8Array(e);
+	return crypto.getRandomValues(t), Y(t);
+}
+var Z = (e, t = 10) => {
+	try {
+		let n = x(e);
+		if (!n.exp) return !1;
+		let r = Date.now() / 1e3;
+		return n.exp - r < t;
+	} catch (e) {
+		return R.error({ error: e }, "Error decoding access token"), !0;
+	}
+};
+//#endregion
+export { X as a, z as c, Y as d, P as f, H as i, G as l, V as n, q as o, U as r, J as s, Z as t, K as u };

package/dist/utils.d.ts

@@ -0,0 +1,83 @@
+/**
+ * Converts a hex string to a Uint8Array.
+ *
+ * @param hex - A hexadecimal string.
+ * @returns A Uint8Array representing the bytes of the hex string.
+ */
+export declare function hexToUint8Array(hex: string): Uint8Array;
+/**
+ * Encrypts a payload into a JWT using the specified secret.
+ *
+ * @param payload - The payload to encrypt (can be any JSON-serializable value)
+ * @param secret - The encryption key as a hex string or Uint8Array (32 bytes for A256GCM)
+ * @returns A promise that resolves to the encrypted JWT as a string.
+ */
+export declare function createEncryptedJWT(payload: unknown, secret: string | Uint8Array): Promise<string>;
+/**
+ * Encrypts the given text using AES-GCM via the Web Crypto API.
+ * Returns a string in the format: iv:authTag:ciphertext, all in hex.
+ *
+ * @param text - The plaintext to encrypt.
+ * @param secret - The encryption key as a hex string or Uint8Array (32 bytes for AES-256).
+ * @returns A promise that resolves to the encrypted string.
+ */
+export declare function encrypt(text: string, secret: string | Uint8Array): Promise<string>;
+/**
+ * Decrypts data encrypted with AES-256-GCM (using the Web Crypto API).
+ * The input is expected to be in the format: iv:authTag:ciphertext (all hex-encoded).
+ *
+ * @param data - The encrypted data string.
+ * @param secret - The decryption key as a hex string or Uint8Array (32 bytes for AES-256).
+ * @returns A promise that resolves to the decrypted plaintext.
+ */
+export declare function decrypt(data: string, secret: string | Uint8Array): Promise<string>;
+/**
+ * Hashes the input using SHA-256 with the Web Crypto API.
+ * @param data - The input data (string or Uint8Array).
+ * @returns A Promise that resolves to the SHA-256 hash as a hex string.
+ */
+export declare function sha256(data: string | Uint8Array): Promise<string>;
+/**
+ * Hashes the input using SHA-512 with the Web Crypto API.
+ * @param data - The input data (string or Uint8Array).
+ * @returns A Promise that resolves to the SHA-512 hash as a hex string.
+ */
+export declare function sha512(data: string | Uint8Array): Promise<string>;
+/**
+ * Retrieves the session secret from environment variables.
+ * Throws an error if the SESSION_SECRET is not defined.
+ *
+ * @returns {string} The session secret.
+ */
+export declare function getSessionSecret(): string;
+/**
+ * Retrieves the session secret from environment variables as Uint8Array .
+ * Throws an error if the SESSION_SECRET is not defined.
+ *
+ * @returns {Uint8Array} The session secret as Uint8Array.
+ */
+export declare function getSessionSecretUint8Array(): Uint8Array;
+/**
+ * Converts a Uint8Array to a lowercase hexadecimal string.
+ */
+export declare function toHex(bytes: Uint8Array): string;
+/**
+ * Generates a random token of the given byte length and returns it as a hex string.
+ * Default token length is 20 bytes (160 bits).
+ *
+ * @param tokenLength - The number of random bytes to generate (default is 20).
+ * @returns A hex string representing the token.
+ */
+export declare function generateToken(tokenLength?: number): string;
+/**
+ * Determines if the access token of a session will expire in less than the given threshold.
+ *
+ * It decodes the access token (assumed to be a JWT) and reads the `exp` claim.
+ * The expiration (`exp`) claim is the UNIX timestamp (in seconds) when the token expires.
+ *
+ * @param accessToken - The access token string.
+ * @param seconds - The threshold (in seconds) for checking expiration (default is 10 seconds).
+ * @returns True if the access token expires within the threshold; otherwise, false.
+ */
+export declare const accessTokenExpires: (accessToken: string, seconds?: number) => boolean;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAOA;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAYvD;AAaD;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,MAAM,GAAG,UAAU,GAC1B,OAAO,CAAC,MAAM,CAAC,CAKjB;AAGD;;;;;;;GAOG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAkCxF;AAED;;;;;;;GAOG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CA4CxF;AAcD;;;;GAIG;AACH,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAIvE;AAED;;;;GAIG;AACH,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAIvE;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAMzC;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,IAAI,UAAU,CAKvD;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAI/C;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,WAAW,GAAE,MAAW,GAAG,MAAM,CAI9D;AAGD;;;;;;;;;GASG;AACH,eAAO,MAAM,kBAAkB,GAC7B,aAAa,MAAM,EACnB,UAAS,MAAW,KACnB,OAsBF,CAAC"}

package/dist/utils.js

@@ -0,0 +1,2 @@
+import { a as e, c as t, d as n, i as r, l as i, n as a, o, r as s, s as c, t as l, u } from "./utils-ByMRF7b2.js";
+export { l as accessTokenExpires, a as createEncryptedJWT, s as decrypt, r as encrypt, e as generateToken, o as getSessionSecret, c as getSessionSecretUint8Array, t as hexToUint8Array, i as sha256, u as sha512, n as toHex };

package/package.json

@@ -0,0 +1,101 @@
+{
+  "name": "@eventuras/fides-auth",
+  "version": "0.3.0",
+  "description": "Framework-agnostic OAuth/OIDC authentication library with PKCE, session management, and pluggable logging",
+  "keywords": [
+    "oauth",
+    "oidc",
+    "openid-connect",
+    "authentication",
+    "pkce",
+    "session",
+    "jwt",
+    "identity",
+    "vipps"
+  ],
+  "homepage": "https://github.com/losol/eventuras/tree/main/libs/fides-auth#readme",
+  "bugs": {
+    "url": "https://github.com/losol/eventuras/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/losol/eventuras.git",
+    "directory": "libs/fides-auth"
+  },
+  "license": "MIT",
+  "author": "losol <losol@users.noreply.github.com>",
+  "sideEffects": false,
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./logger": {
+      "types": "./dist/logger.d.ts",
+      "import": "./dist/logger.js"
+    },
+    "./session-refresh": {
+      "types": "./dist/session-refresh.d.ts",
+      "import": "./dist/session-refresh.js"
+    },
+    "./session-validation": {
+      "types": "./dist/session-validation.d.ts",
+      "import": "./dist/session-validation.js"
+    },
+    "./oauth": {
+      "types": "./dist/oauth.d.ts",
+      "import": "./dist/oauth.js"
+    },
+    "./oauth-browser": {
+      "types": "./dist/oauth-browser.d.ts",
+      "import": "./dist/oauth-browser.js"
+    },
+    "./silent-login": {
+      "types": "./dist/silent-login.d.ts",
+      "import": "./dist/silent-login.js"
+    },
+    "./utils": {
+      "types": "./dist/utils.d.ts",
+      "import": "./dist/utils.js"
+    },
+    "./types": {
+      "types": "./dist/types.d.ts",
+      "import": "./dist/types.js"
+    },
+    "./rate-limit": {
+      "types": "./dist/rate-limit.d.ts",
+      "import": "./dist/rate-limit.js"
+    },
+    "./providers/vipps": {
+      "types": "./dist/providers/vipps/index.d.ts",
+      "import": "./dist/providers/vipps/index.js"
+    }
+  },
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "vite build",
+    "dev": "vite build --watch",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "dependencies": {
+    "jose": "6.2.2",
+    "openid-client": "^6.8.2"
+  },
+  "devDependencies": {
+    "@eventuras/typescript-config": "workspace:*",
+    "@eventuras/vite-config": "workspace:*",
+    "vite": "^8.0.3",
+    "vitest": "^4.1.2"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}