@forgerock/oidc-client 1.2.0 → 1.3.0

package/README.md

@@ -1,3 +1,25 @@
 # oidc-client
 
 A generic OpenID Connect (OIDC) client library for JavaScript and TypeScript, designed to work with any OIDC-compliant identity provider.
+
+```js
+// Initialize OIDC Client
+const oidcClient = await oidc({
+  /* config */
+});
+
+// Authorize API
+const authResponse = await oidcClient.authorize.background(); // Returns code and state if successful, error if not
+const authUrl = await oidcClient.authorize.url(); // Returns Auth URL or error
+
+// Tokens API
+const newTokens = await oidcClient.token.exchange({
+  /* code, state */
+}); // Returns new tokens or error
+const existingTokens = await oidcClient.token.get(); // Returns existing tokens or error
+const response = await oidcClient.token.revoke(); // Revokes an access token and returns the response or an error
+
+// User API
+const user = await oidcClient.user.info(); // Returns user object or error
+const logoutResponse = await oidcClient.user.logout(); // Logs the user out and returns the response or an error
+```

package/dist/src/index.d.ts

@@ -1,2 +1,2 @@
-export * from './lib/token-store.js';
+export * from './lib/client.store.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAMA,cAAc,uBAAuB,CAAC"}

package/dist/src/index.js

@@ -1 +1,8 @@
-export * from './lib/token-store.js';
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+export * from './lib/client.store.js';
+//# sourceMappingURL=index.js.map

package/dist/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,cAAc,uBAAuB,CAAC"}

package/dist/src/lib/authorize.request.d.ts

@@ -0,0 +1,18 @@
+import { CustomLogger } from '@forgerock/sdk-logger';
+import { Micro } from 'effect';
+import type { ClientStore } from './client.types.js';
+import type { GetAuthorizationUrlOptions, WellKnownResponse } from '@forgerock/sdk-types';
+import type { AuthorizationError, AuthorizationSuccess } from './authorize.request.types.js';
+import type { OidcConfig } from './config.types.js';
+/**
+ * @function authorizeµ
+ * @description Creates an authorization URL for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {CustomLogger} log - The logger instance for logging debug information.
+ * @param {ClientStore} store - The Redux store instance for managing OIDC state.
+ * @param {GetAuthorizationUrlOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<AuthorizationSuccess, AuthorizationError, never>} - A micro effect that resolves to the authorization response.
+ */
+export declare function authorizeµ(wellknown: WellKnownResponse, config: OidcConfig, log: CustomLogger, store: ClientStore, options?: GetAuthorizationUrlOptions): Micro.Micro<AuthorizationSuccess, AuthorizationError, never>;
+//# sourceMappingURL=authorize.request.d.ts.map

package/dist/src/lib/authorize.request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAS/B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,KAAK,EAAE,0BAA0B,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAC7F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;;;;GASG;AACH,wBAAgB,UAAU,CACxB,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,GAAG,EAAE,YAAY,EACjB,KAAK,EAAE,WAAW,EAClB,OAAO,CAAC,EAAE,0BAA0B,gEA8IrC"}

package/dist/src/lib/authorize.request.js

@@ -0,0 +1,125 @@
+import { Micro } from 'effect';
+import { createAuthorizeUrlµ, buildAuthorizeOptionsµ, createAuthorizeErrorµ, } from './authorize.request.utils.js';
+import { oidcApi } from './oidc.api.js';
+/**
+ * @function authorizeµ
+ * @description Creates an authorization URL for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OidcConfig} config - The OIDC client configuration.
+ * @param {CustomLogger} log - The logger instance for logging debug information.
+ * @param {ClientStore} store - The Redux store instance for managing OIDC state.
+ * @param {GetAuthorizationUrlOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<AuthorizationSuccess, AuthorizationError, never>} - A micro effect that resolves to the authorization response.
+ */
+export function authorizeµ(wellknown, config, log, store, options) {
+    return buildAuthorizeOptionsµ(wellknown, config, options).pipe(Micro.flatMap(([url, options]) => createAuthorizeUrlµ(url, options)), Micro.tap((url) => log.debug('Authorize URL created', url)), Micro.tapError((url) => Micro.sync(() => log.error('Error creating authorize URL', url))), Micro.flatMap(([url, options]) => {
+        if (options.responseMode === 'pi.flow') {
+            /**
+             * If we support the pi.flow field, this means we are using a PingOne server.
+             * PingOne servers do not support redirection through iframes because they
+             * set iframe's to DENY.
+             *
+             * We do not use RTK Query for this because we don't want caching, or store
+             * updates, and want the request to be made similar to the iframe method below.
+             *
+             * This returns a Micro that resolves to the parsed response JSON.
+             */
+            return Micro.promise(() => store.dispatch(oidcApi.endpoints.authorizeFetch.initiate({ url }))).pipe(Micro.flatMap(({ error, data }) => {
+                if (error) {
+                    // Check for serialized error
+                    if (!('status' in error)) {
+                        // This is a network or fetch error, so return it as-is
+                        return Micro.fail({
+                            error: error.code || 'Unknown_Error',
+                            error_description: error.message || 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    // If there is no data, this is an unknown error
+                    if (!('data' in error)) {
+                        return Micro.fail({
+                            error: 'Unknown_Error',
+                            error_description: 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    const errorDetails = error.data;
+                    // If the error is a configuration issue, return it as-is
+                    if ('statusText' in error && error.statusText === 'CONFIGURATION_ERROR') {
+                        return Micro.fail(errorDetails);
+                    }
+                    // If the error is not a configuration issue, we build a new Authorize URL
+                    // For redirection, we need to remove `pi.flow` from the options
+                    const redirectOptions = options;
+                    delete redirectOptions.responseMode;
+                    // Create an error with a new Authorize URL
+                    return createAuthorizeErrorµ(errorDetails, wellknown, options);
+                }
+                log.debug('Received success response', data);
+                if (data.authorizeResponse) {
+                    // Authorization was successful
+                    return Micro.succeed(data.authorizeResponse);
+                }
+                else {
+                    // This should never be reached, but just in case
+                    return Micro.fail({
+                        error: 'Unknown_Error',
+                        error_description: 'Response schema was not recognized',
+                        type: 'unknown_error',
+                    });
+                }
+            }));
+        }
+        else {
+            /**
+             * If the response mode is not pi.flow, then we are likely using a traditional
+             * redirect based server supporting iframes. An example would be PingAM.
+             *
+             * This returns a Micro that's either the success URL parameters or error URL
+             * parameters.
+             */
+            return Micro.promise(() => store.dispatch(oidcApi.endpoints.authorizeIframe.initiate({ url }))).pipe(Micro.flatMap(({ error, data }) => {
+                if (error) {
+                    // Check for serialized error
+                    if (!('status' in error)) {
+                        // This is a network or fetch error, so return it as-is
+                        return Micro.fail({
+                            error: error.code || 'Unknown_Error',
+                            error_description: error.message || 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    // If there is no data, this is an unknown error
+                    if (!('data' in error)) {
+                        return Micro.fail({
+                            error: 'Unknown_Error',
+                            error_description: 'An unknown error occurred during authorization',
+                            type: 'unknown_error',
+                        });
+                    }
+                    const errorDetails = error.data;
+                    // If the error is a configuration issue, return it as-is
+                    if ('statusText' in error && error.statusText === 'CONFIGURATION_ERROR') {
+                        return Micro.fail(errorDetails);
+                    }
+                    // This is an expected error, so combine error with a new Authorize URL
+                    return createAuthorizeErrorµ(errorDetails, wellknown, options);
+                }
+                log.debug('Received success response', data);
+                if (data) {
+                    // Authorization was successful
+                    return Micro.succeed(data);
+                }
+                else {
+                    // This should never be reached, but just in case
+                    return Micro.fail({
+                        error: 'Unknown_Error',
+                        error_description: 'Redirect parameters was not recognized',
+                        type: 'unknown_error',
+                    });
+                }
+            }));
+        }
+    }));
+}
+//# sourceMappingURL=authorize.request.js.map

package/dist/src/lib/authorize.request.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAOxC;;;;;;;;;GASG;AACH,MAAM,UAAU,UAAU,CACxB,SAA4B,EAC5B,MAAkB,EAClB,GAAiB,EACjB,KAAkB,EAClB,OAAoC;IAEpC,OAAO,sBAAsB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,IAAI,CAC5D,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,EACpE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC,EAC3D,KAAK,CAAC,QAAQ,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,8BAA8B,EAAE,GAAG,CAAC,CAAC,CAAC,EACzF,KAAK,CAAC,OAAO,CACX,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,EAAgE,EAAE;QAC/E,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;YACvC;;;;;;;;;eASG;YACH,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CACxB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CACnE,CAAC,IAAI,CACJ,KAAK,CAAC,OAAO,CACX,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,EAAgE,EAAE;gBAChF,IAAI,KAAK,EAAE,CAAC;oBACV,6BAA6B;oBAC7B,IAAI,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC;wBACzB,uDAAuD;wBACvD,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,eAAe;4BACpC,iBAAiB,EACf,KAAK,CAAC,OAAO,IAAI,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,gDAAgD;oBAChD,IAAI,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,eAAe;4BACtB,iBAAiB,EAAE,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAA0B,CAAC;oBAEtD,yDAAyD;oBACzD,IAAI,YAAY,IAAI,KAAK,IAAI,KAAK,CAAC,UAAU,KAAK,qBAAqB,EAAE,CAAC;wBACxE,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAClC,CAAC;oBAED,0EAA0E;oBAC1E,gEAAgE;oBAChE,MAAM,eAAe,GAAG,OAAO,CAAC;oBAChC,OAAO,eAAe,CAAC,YAAY,CAAC;oBAEpC,2CAA2C;oBAC3C,OAAO,qBAAqB,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;gBACjE,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;gBAE7C,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC3B,+BAA+B;oBAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBAC/C,CAAC;qBAAM,CAAC;oBACN,iDAAiD;oBACjD,OAAO,KAAK,CAAC,IAAI,CAAC;wBAChB,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,oCAAoC;wBACvD,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN;;;;;;eAMG;YACH,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,EAAE,CACxB,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CACpE,CAAC,IAAI,CACJ,KAAK,CAAC,OAAO,CACX,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,EAAgE,EAAE;gBAChF,IAAI,KAAK,EAAE,CAAC;oBACV,6BAA6B;oBAC7B,IAAI,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC;wBACzB,uDAAuD;wBACvD,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,KAAK,CAAC,IAAI,IAAI,eAAe;4BACpC,iBAAiB,EACf,KAAK,CAAC,OAAO,IAAI,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,gDAAgD;oBAChD,IAAI,CAAC,CAAC,MAAM,IAAI,KAAK,CAAC,EAAE,CAAC;wBACvB,OAAO,KAAK,CAAC,IAAI,CAAC;4BAChB,KAAK,EAAE,eAAe;4BACtB,iBAAiB,EAAE,gDAAgD;4BACnE,IAAI,EAAE,eAAe;yBACtB,CAAC,CAAC;oBACL,CAAC;oBAED,MAAM,YAAY,GAAG,KAAK,CAAC,IAA0B,CAAC;oBAEtD,yDAAyD;oBACzD,IAAI,YAAY,IAAI,KAAK,IAAI,KAAK,CAAC,UAAU,KAAK,qBAAqB,EAAE,CAAC;wBACxE,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;oBAClC,CAAC;oBAED,uEAAuE;oBACvE,OAAO,qBAAqB,CAAC,YAAY,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;gBACjE,CAAC;gBAED,GAAG,CAAC,KAAK,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;gBAE7C,IAAI,IAAI,EAAE,CAAC;oBACT,+BAA+B;oBAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,iDAAiD;oBACjD,OAAO,KAAK,CAAC,IAAI,CAAC;wBAChB,KAAK,EAAE,eAAe;wBACtB,iBAAiB,EAAE,wCAAwC;wBAC3D,IAAI,EAAE,eAAe;qBACtB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CACF,CACF,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CACF,CAAC;AACJ,CAAC"}

package/dist/src/lib/authorize.request.types.d.ts

@@ -0,0 +1,50 @@
+import type { GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+export type BuildAuthorizationData = [string, GetAuthorizationUrlOptions];
+export type OptionalAuthorizeOptions = Partial<GetAuthorizationUrlOptions>;
+export interface AuthorizeErrorResponse {
+    id?: string;
+    code?: string;
+    message?: string;
+    details?: [
+        {
+            code: string;
+            message: string;
+        }
+    ];
+}
+export interface AuthorizeSuccessResponse {
+    _links?: {
+        [key: string]: {
+            href: string;
+        };
+    };
+    _embedded?: {
+        [key: string]: unknown;
+    };
+    id?: string;
+    environment?: {
+        id: string;
+    };
+    session?: {
+        id: string;
+    };
+    resumeUrl?: string;
+    status?: string;
+    createdAt?: string;
+    expiresAt?: string;
+    authorizeResponse?: {
+        code: string;
+        state: string;
+    };
+}
+export interface AuthorizationSuccess {
+    code: string;
+    state: string;
+}
+export interface AuthorizationError {
+    error: string;
+    error_description: string;
+    redirectUrl?: string;
+    type: 'auth_error' | 'argument_error' | 'network_error' | 'unknown_error' | 'wellknown_error';
+}
+//# sourceMappingURL=authorize.request.types.d.ts.map

package/dist/src/lib/authorize.request.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.types.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.types.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAEvE,MAAM,MAAM,sBAAsB,GAAG,CAAC,MAAM,EAAE,0BAA0B,CAAC,CAAC;AAC1E,MAAM,MAAM,wBAAwB,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAC3E,MAAM,WAAW,sBAAsB;IACrC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE;QACR;YACE,IAAI,EAAE,MAAM,CAAC;YACb,OAAO,EAAE,MAAM,CAAC;SACjB;KACF,CAAC;CACH;AAED,MAAM,WAAW,wBAAwB;IACvC,MAAM,CAAC,EAAE;QACP,CAAC,GAAG,EAAE,MAAM,GAAG;YACb,IAAI,EAAE,MAAM,CAAC;SACd,CAAC;KACH,CAAC;IACF,SAAS,CAAC,EAAE;QACV,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE;QACZ,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;IACF,OAAO,CAAC,EAAE;QACR,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;IACF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE;QAClB,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,YAAY,GAAG,gBAAgB,GAAG,eAAe,GAAG,eAAe,GAAG,iBAAiB,CAAC;CAC/F"}

package/dist/src/lib/authorize.request.types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=authorize.request.types.js.map

package/dist/src/lib/authorize.request.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.types.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.types.ts"],"names":[],"mappings":""}

package/dist/src/lib/authorize.request.utils.d.ts

@@ -0,0 +1,35 @@
+import { Micro } from 'effect';
+import type { WellKnownResponse, GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { AuthorizationError, AuthorizationSuccess, BuildAuthorizationData, OptionalAuthorizeOptions } from './authorize.request.types.js';
+import type { OidcConfig } from './config.types.js';
+/**
+ * @function buildAuthorizeOptionsµ
+ * @description Builds the authorization options for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OptionalAuthorizeOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<BuildAuthorizationData, AuthorizationError, never>}
+ */
+export declare function buildAuthorizeOptionsµ(wellknown: WellKnownResponse, config: OidcConfig, options?: OptionalAuthorizeOptions): Micro.Micro<BuildAuthorizationData, AuthorizationError, never>;
+/**
+ * @function createAuthorizeErrorµ
+ * @description Creates an error response with new Authorize URL for the authorization request.
+ * @param { error: string; error_description: string } res - The error response from the authorization request.
+ * @param {WellKnownResponse} wellknown- The well-known configuration for the OIDC server.
+ * @param { OidcConfig } config- The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options- Optional parameters for the authorization request.
+ * @returns { Micro.Micro<never, AuthorizationError, never> }
+ */
+export declare function createAuthorizeErrorµ(res: {
+    error: string;
+    error_description: string;
+}, wellknown: WellKnownResponse, options: GetAuthorizationUrlOptions): Micro.Micro<never, AuthorizationError, never>;
+/**
+ * @function createAuthorizeUrlµ
+ * @description Creates an authorization URL and related options/config for the Authorize request.
+ * @param {string} path - The path to the authorization endpoint.
+ * @param { GetAuthorizationUrlOptions } options - Optional parameters for the authorization request.
+ * @returns { Micro.Micro<[string, GetAuthorizationUrlOptions], AuthorizationError, never> }
+ */
+export declare function createAuthorizeUrlµ(path: string, options: GetAuthorizationUrlOptions): Micro.Micro<[string, GetAuthorizationUrlOptions], AuthorizationError, never>;
+export declare function handleResponseµ(response: AuthorizationSuccess | AuthorizationError, wellknown: WellKnownResponse, options: GetAuthorizationUrlOptions): Micro.Micro<AuthorizationSuccess, AuthorizationError, never>;
+//# sourceMappingURL=authorize.request.utils.d.ts.map

package/dist/src/lib/authorize.request.utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.utils.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.request.utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAE/B,OAAO,KAAK,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAC1F,OAAO,KAAK,EACV,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,EACzB,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,SAAS,EAAE,iBAAiB,EAC5B,MAAM,EAAE,UAAU,EAClB,OAAO,CAAC,EAAE,wBAAwB,GACjC,KAAK,CAAC,KAAK,CAAC,sBAAsB,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAehE;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,iBAAiB,EAAE,MAAM,CAAA;CAAE,EACjD,SAAS,EAAE,iBAAiB,EAC5B,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,kBAAkB,EAAE,KAAK,CAAC,CA2B/C;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,0BAA0B,CAAC,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAqB9E;AAED,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,oBAAoB,GAAG,kBAAkB,EACnD,SAAS,EAAE,iBAAiB,EAC5B,OAAO,EAAE,0BAA0B,GAClC,KAAK,CAAC,KAAK,CAAC,oBAAoB,EAAE,kBAAkB,EAAE,KAAK,CAAC,CAM9D"}

package/dist/src/lib/authorize.request.utils.js

@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import { createAuthorizeUrl } from '@forgerock/sdk-oidc';
+import { Micro } from 'effect';
+/**
+ * @function buildAuthorizeOptionsµ
+ * @description Builds the authorization options for the OIDC client.
+ * @param {WellKnownResponse} wellknown - The well-known configuration for the OIDC server.
+ * @param {OptionalAuthorizeOptions} options - Optional parameters for the authorization request.
+ * @returns {Micro.Micro<BuildAuthorizationData, AuthorizationError, never>}
+ */
+export function buildAuthorizeOptionsµ(wellknown, config, options) {
+    const isPiFlow = wellknown.response_modes_supported?.includes('pi.flow');
+    return Micro.sync(() => [
+        wellknown.authorization_endpoint,
+        {
+            clientId: config.clientId,
+            redirectUri: config.redirectUri,
+            scope: config.scope || 'openid',
+            responseType: config.responseType || 'code',
+            ...(isPiFlow && { responseMode: 'pi.flow' }),
+            ...options,
+        },
+    ]);
+}
+/**
+ * @function createAuthorizeErrorµ
+ * @description Creates an error response with new Authorize URL for the authorization request.
+ * @param { error: string; error_description: string } res - The error response from the authorization request.
+ * @param {WellKnownResponse} wellknown- The well-known configuration for the OIDC server.
+ * @param { OidcConfig } config- The OIDC client configuration.
+ * @param { GetAuthorizationUrlOptions } options- Optional parameters for the authorization request.
+ * @returns { Micro.Micro<never, AuthorizationError, never> }
+ */
+export function createAuthorizeErrorµ(res, wellknown, options) {
+    return Micro.tryPromise({
+        try: () => createAuthorizeUrl(wellknown.authorization_endpoint, {
+            ...options,
+        }),
+        catch: (error) => {
+            let message = 'Error creating authorization URL';
+            if (error instanceof Error) {
+                message = error.message;
+            }
+            return {
+                error: 'AuthorizationUrlError',
+                error_description: message,
+                type: 'auth_error',
+            };
+        },
+    }).pipe(Micro.flatMap((url) => {
+        return Micro.fail({
+            error: res.error,
+            error_description: res.error_description,
+            type: 'auth_error',
+            redirectUrl: url,
+        });
+    }));
+}
+/**
+ * @function createAuthorizeUrlµ
+ * @description Creates an authorization URL and related options/config for the Authorize request.
+ * @param {string} path - The path to the authorization endpoint.
+ * @param { GetAuthorizationUrlOptions } options - Optional parameters for the authorization request.
+ * @returns { Micro.Micro<[string, GetAuthorizationUrlOptions], AuthorizationError, never> }
+ */
+export function createAuthorizeUrlµ(path, options) {
+    return Micro.tryPromise({
+        try: async () => [
+            await createAuthorizeUrl(path, {
+                ...options,
+                prompt: 'none',
+            }),
+            options,
+        ],
+        catch: (error) => {
+            let message = 'Error creating authorization URL';
+            if (error instanceof Error) {
+                message = error.message;
+            }
+            return {
+                error: 'AuthorizationUrlError',
+                error_description: message,
+                type: 'auth_error',
+            };
+        },
+    });
+}
+export function handleResponseµ(response, wellknown, options) {
+    if ('code' in response) {
+        return Micro.sync(() => response);
+    }
+    else {
+        return createAuthorizeErrorµ(response, wellknown, options);
+    }
+}
+//# sourceMappingURL=authorize.request.utils.js.map

package/dist/src/lib/authorize.request.utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.request.utils.js","sourceRoot":"","sources":["../../../src/lib/authorize.request.utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAC;AAW/B;;;;;;GAMG;AACH,MAAM,UAAU,sBAAsB,CACpC,SAA4B,EAC5B,MAAkB,EAClB,OAAkC;IAElC,MAAM,QAAQ,GAAG,SAAS,CAAC,wBAAwB,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;IACzE,OAAO,KAAK,CAAC,IAAI,CACf,GAA2B,EAAE,CAAC;QAC5B,SAAS,CAAC,sBAAsB;QAChC;YACE,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,QAAQ;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,MAAM;YAC3C,GAAG,CAAC,QAAQ,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,CAAC;YAC5C,GAAG,OAAO;SACX;KACF,CACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAiD,EACjD,SAA4B,EAC5B,OAAmC;IAEnC,OAAO,KAAK,CAAC,UAAU,CAAC;QACtB,GAAG,EAAE,GAAG,EAAE,CACR,kBAAkB,CAAC,SAAS,CAAC,sBAAsB,EAAE;YACnD,GAAG,OAAO;SACX,CAAC;QACJ,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE;YACf,IAAI,OAAO,GAAG,kCAAkC,CAAC;YACjD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;YAC1B,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,uBAAuB;gBAC9B,iBAAiB,EAAE,OAAO;gBAC1B,IAAI,EAAE,YAAY;aACV,CAAC;QACb,CAAC;KACF,CAAC,CAAC,IAAI,CACL,KAAK,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC;YAChB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;YACxC,IAAI,EAAE,YAAY;YAClB,WAAW,EAAE,GAAG;SACR,CAAC,CAAC;IACd,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAY,EACZ,OAAmC;IAEnC,OAAO,KAAK,CAAC,UAAU,CAAC;QACtB,GAAG,EAAE,KAAK,IAAI,EAAE,CAAC;YACf,MAAM,kBAAkB,CAAC,IAAI,EAAE;gBAC7B,GAAG,OAAO;gBACV,MAAM,EAAE,MAAM;aACf,CAAC;YACF,OAAO;SACR;QACD,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE;YACf,IAAI,OAAO,GAAG,kCAAkC,CAAC;YACjD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;YAC1B,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,uBAAuB;gBAC9B,iBAAiB,EAAE,OAAO;gBAC1B,IAAI,EAAE,YAAY;aACV,CAAC;QACb,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,QAAmD,EACnD,SAA4B,EAC5B,OAAmC;IAEnC,IAAI,MAAM,IAAI,QAAQ,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,OAAO,qBAAqB,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;AACH,CAAC"}

package/dist/src/lib/authorize.slice.d.ts

@@ -0,0 +1,5 @@
+declare const authorizeSlice: import("@reduxjs/toolkit/query").Api<import("@reduxjs/toolkit/query").BaseQueryFn<string | import("@reduxjs/toolkit/query").FetchArgs, unknown, import("@reduxjs/toolkit/query").FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, {
+    handleAuthorize: import("@reduxjs/toolkit/query").QueryDefinition<string, import("@reduxjs/toolkit/query").BaseQueryFn<string | import("@reduxjs/toolkit/query").FetchArgs, unknown, import("@reduxjs/toolkit/query").FetchBaseQueryError, {}, import("@reduxjs/toolkit/query").FetchBaseQueryMeta>, never, string, "authorizeSlice", unknown>;
+}, "authorizeSlice", never, typeof import("@reduxjs/toolkit/query").coreModuleName>;
+export { authorizeSlice };
+//# sourceMappingURL=authorize.slice.d.ts.map

package/dist/src/lib/authorize.slice.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.slice.d.ts","sourceRoot":"","sources":["../../../src/lib/authorize.slice.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,cAAc;;mFAkBlB,CAAC;AAEH,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/src/lib/authorize.slice.js

@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import { createApi, fetchBaseQuery } from '@reduxjs/toolkit/query';
+const authorizeSlice = createApi({
+    reducerPath: 'authorizeSlice',
+    baseQuery: fetchBaseQuery({
+        credentials: 'include',
+        prepareHeaders: (headers) => {
+            headers.set('Content-Type', 'application/json');
+            headers.set('Accept', 'application/json');
+            headers.set('x-requested-with', 'ping-sdk');
+            headers.set('x-requested-platform', 'javascript');
+            return headers;
+        },
+    }),
+    endpoints: (builder) => ({
+        handleAuthorize: builder.query({
+            query: (authorizeUrl) => authorizeUrl,
+        }),
+    }),
+});
+export { authorizeSlice };
+//# sourceMappingURL=authorize.slice.js.map

package/dist/src/lib/authorize.slice.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorize.slice.js","sourceRoot":"","sources":["../../../src/lib/authorize.slice.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAEnE,MAAM,cAAc,GAAG,SAAS,CAAC;IAC/B,WAAW,EAAE,gBAAgB;IAC7B,SAAS,EAAE,cAAc,CAAC;QACxB,WAAW,EAAE,SAAS;QACtB,cAAc,EAAE,CAAC,OAAO,EAAE,EAAE;YAC1B,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAChD,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;YAC1C,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,YAAY,CAAC,CAAC;YAElD,OAAO,OAAO,CAAC;QACjB,CAAC;KACF,CAAC;IACF,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACvB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAiB;YAC7C,KAAK,EAAE,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY;SACtC,CAAC;KACH,CAAC;CACH,CAAC,CAAC;AAEH,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/dist/src/lib/client.store.d.ts

@@ -0,0 +1,115 @@
+import type { ActionTypes, RequestMiddleware } from '@forgerock/sdk-request-middleware';
+import type { GenericError, GetAuthorizationUrlOptions } from '@forgerock/sdk-types';
+import type { CustomLogger, LogLevel } from '@forgerock/sdk-logger';
+import type { StorageConfig } from '@forgerock/storage';
+import type { GetTokensOptions, LogoutErrorResult, LogoutSuccessResult, RevokeErrorResult, RevokeSuccessResult, UserInfoResponse } from './client.types.js';
+import type { OauthTokens, OidcConfig } from './config.types.js';
+import type { AuthorizationError, AuthorizationSuccess } from './authorize.request.types.js';
+import type { TokenExchangeErrorResponse } from './exchange.types.js';
+/**
+ * @function oidc
+ * @description Factory function to create an OIDC client with methods for authorization, token exchange,
+ *              user info retrieval, and logout. It initializes the client with the provided configuration,
+ *              request middleware, logger, and storage options.
+ * @param param - configuration object containing the OIDC client configuration, request middleware, logger,
+ * @param {OidcConfig} param.config - OIDC configuration including server details, client ID, redirect URI,
+ *              storage options, scope, and response type.
+ * @param {RequestMiddleware} param.requestMiddleware - optional array of request middleware functions to process requests.
+ * @param {{ level: LogLevel, custom: CustomLogger }} param.logger - optional logger configuration with log level and custom logger.
+ * @param {Partial<StorageConfig>} param.storage - optional storage configuration for persisting OIDC tokens.
+ * @returns {ReturnType<typeof oidc>} - Returns an object with methods for authorization, token exchange, user info retrieval, and logout.
+ */
+export declare function oidc<ActionType extends ActionTypes = ActionTypes>({ config, requestMiddleware, logger, storage, }: {
+    config: OidcConfig;
+    requestMiddleware?: RequestMiddleware<ActionType>[];
+    logger?: {
+        level: LogLevel;
+        custom?: CustomLogger;
+    };
+    storage?: Partial<StorageConfig>;
+}): Promise<{
+    error: string;
+    type: string;
+    /**
+     * An object containing methods for the creation, and background use, of the authorization URL
+     */
+    authorize?: undefined;
+    /**
+     * An object containing methods for token management
+     */
+    token?: undefined;
+    /**
+     * An object containing methods for user info retrieval and logout
+     */
+    user?: undefined;
+} | {
+    /**
+     * An object containing methods for the creation, and background use, of the authorization URL
+     */
+    authorize: {
+        /**
+         * @method url
+         * @description Creates an authorization URL with the provided options or defaults from the configuration.
+         * @param {GetAuthorizationUrlOptions} options - Optional parameters to customize the authorization URL.
+         * @returns {Promise<string | GenericError>} - Returns a promise that resolves to the authorization URL or an error.
+         */
+        url: (options?: GetAuthorizationUrlOptions) => Promise<string | GenericError>;
+        /**
+         * @function background - Initiates the authorization process in the background, returning an authorization URL or an error.
+         * @param {GetAuthorizationUrlOptions} options - Optional parameters to customize the authorization URL.
+         * @returns {Promise<AuthorizeErrorResponse | AuthorizeSuccessResponse>} - Returns a promise that resolves to the authorization URL or an error response.
+         */
+        background: (options?: GetAuthorizationUrlOptions) => Promise<AuthorizationSuccess | AuthorizationError>;
+    };
+    /**
+     * An object containing methods for token management
+     */
+    token: {
+        /**
+         * @method exchange
+         * @description Exchanges an authorization code for tokens using the token endpoint from the wellknown
+         *              configuration and stores them in the configured storage.
+         * @param {string} code - The authorization code received from the authorization server.
+         * @param {string} state - The state parameter from the authorization URL creation.
+         * @param {Partial<StorageConfig>} options - Optional storage configuration for persisting tokens.
+         * @returns {Promise<OauthTokens | GenericError | TokenExchangeErrorResponse>}
+         */
+        exchange: (code: string, state: string, options?: Partial<StorageConfig>) => Promise<OauthTokens | TokenExchangeErrorResponse | GenericError>;
+        /**
+         * @method get
+         * @description Retrieves the current OAuth tokens from storage, or auto-renew if backgroundRenew is true.
+         * @param {GetTokensOptions} param - An object containing options for the token retrieval.
+         * @returns {Promise<OauthTokens | TokenExchangeErrorResponse | AuthorizationError | GenericError>}
+         */
+        get: (options?: GetTokensOptions) => Promise<OauthTokens | TokenExchangeErrorResponse | AuthorizationError | GenericError>;
+        /**
+         * @method revoke
+         * @description Revokes an access token using the revocation endpoint from the wellknown configuration.
+         *              It requires an access token stored in the configured storage.
+         * @returns {Promise<GenericError | RevokeSuccessResult | RevokeErrorResult>} - Returns a promise that resolves to the revoke response or an error response.
+         */
+        revoke: () => Promise<GenericError | RevokeSuccessResult | RevokeErrorResult>;
+    };
+    /**
+     * An object containing methods for user info retrieval and logout
+     */
+    user: {
+        /**
+         * @method info
+         * @description Retrieves user information using the userinfo endpoint from the wellknown configuration.
+         *              It requires an access token stored in the configured storage.
+         * @returns {Promise<GenericError | UserInfoResponse>} - Returns a promise that resolves to user information or an error response.
+         */
+        info: () => Promise<GenericError | UserInfoResponse>;
+        /**
+         * @method logout
+         * @description Logs out the user by revoking tokens and clearing the storage.
+         *              It uses the end session endpoint from the wellknown configuration.
+         * @returns {Promise<GenericError | LogoutSuccessResult | LogoutErrorResult>} - Returns a promise that resolves to the logout response or an error.
+         */
+        logout: () => Promise<GenericError | LogoutSuccessResult | LogoutErrorResult>;
+    };
+    error?: undefined;
+    type?: undefined;
+}>;
+//# sourceMappingURL=client.store.d.ts.map

package/dist/src/lib/client.store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.store.d.ts","sourceRoot":"","sources":["../../../src/lib/client.store.ts"],"names":[],"mappings":"AAkBA,OAAO,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,KAAK,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AACrF,OAAO,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,gBAAgB,EACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAC7F,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,qBAAqB,CAAC;AAItE;;;;;;;;;;;;GAYG;AACH,wBAAsB,IAAI,CAAC,UAAU,SAAS,WAAW,GAAG,WAAW,EAAE,EACvE,MAAM,EACN,iBAAiB,EACjB,MAAM,EACN,OAAO,GACR,EAAE;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,iBAAiB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;IACpD,MAAM,CAAC,EAAE;QACP,KAAK,EAAE,QAAQ,CAAC;QAChB,MAAM,CAAC,EAAE,YAAY,CAAC;KACvB,CAAC;IACF,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;CAClC;;;IAkCG;;OAEG;;IAkEH;;OAEG;;IAyPH;;OAEG;;;IAjUH;;OAEG;;QAED;;;;;WAKG;wBACmB,0BAA0B,KAAG,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC;QAsBjF;;;;WAIG;+BAES,0BAA0B,KACnC,OAAO,CAAC,oBAAoB,GAAG,kBAAkB,CAAC;;IA6BvD;;OAEG;;QAED;;;;;;;;WAQG;yBAEK,MAAM,SACL,MAAM,YACH,OAAO,CAAC,aAAa,CAAC,KAC/B,OAAO,CAAC,WAAW,GAAG,0BAA0B,GAAG,YAAY,CAAC;QAwCnE;;;;;WAKG;wBAES,gBAAgB,KACzB,OAAO,CAAC,WAAW,GAAG,0BAA0B,GAAG,kBAAkB,GAAG,YAAY,CAAC;QAwFxF;;;;;WAKG;sBACe,OAAO,CAAC,YAAY,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;;IA4FnF;;OAEG;;QAED;;;;;WAKG;oBACa,OAAO,CAAC,YAAY,GAAG,gBAAgB,CAAC;QAgExD;;;;;WAKG;sBACe,OAAO,CAAC,YAAY,GAAG,mBAAmB,GAAG,iBAAiB,CAAC;;;;GAkDtF"}