@glideidentity/web-client-sdk 6.0.0-beta.4 → 6.0.0

package/dist/cjs/test/fixtures.js

@@ -0,0 +1,273 @@
+"use strict";
+/**
+ * Test Fixtures - Mock Data for Unit Tests
+ *
+ * Contains valid and invalid mock data for all SDK types.
+ * Based on TypeScript type definitions - may need adjustment
+ * to match actual backend responses.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sessionKeys = exports.validPlmn = exports.invalidPlmn = exports.validPhoneNumbers = exports.invalidPhoneNumbers = exports.invalidInvokeResultMissingSession = exports.invalidInvokeResultMissingStrategy = exports.invalidInvokeResultMissingCredential = exports.ambiguousNestedData = exports.misleadingDataLooksLikeTS43 = exports.backendErrorAsNull = exports.backendErrorAsArray = exports.backendErrorAsString = exports.backendErrorMinimal = exports.backendErrorWithError = exports.backendErrorWithCode = exports.pollingStatusError = exports.pollingStatusExpired = exports.pollingStatusCompleted = exports.pollingStatusPending = exports.validVerifyPhoneNumberResponse = exports.validGetPhoneNumberResponse = exports.validAuthCredential = exports.cancellableInvokeResult = exports.validInvokeResult = exports.validDesktopResponse = exports.minimalDesktopData = exports.validDesktopData = exports.validLinkResponse = exports.minimalLinkData = exports.validLinkData = exports.validTS43Response = exports.validTS43Data = exports.minimalSession = exports.validSession = void 0;
+const types_1 = require("../core/types");
+// ============================================================================
+// SESSION FIXTURES
+// ============================================================================
+exports.validSession = {
+    session_key: 'test-session-key-12345678',
+    use_case: types_1.USE_CASE.GET_PHONE_NUMBER,
+    nonce: 'abc123nonce',
+    metadata: { request_id: 'req-123' },
+};
+exports.minimalSession = {
+    session_key: 'minimal-session-1234567',
+};
+// ============================================================================
+// TS43 STRATEGY FIXTURES
+// ============================================================================
+exports.validTS43Data = {
+    protocol: 'openid4vp-v1-unsigned',
+    data: {
+        nonce: 'ts43-nonce-value-12345',
+        response_mode: 'direct_post',
+        response_type: 'vp_token',
+        dcql_query: {
+            credentials: [
+                {
+                    id: 'phone-credential',
+                    format: 'vc+sd-jwt',
+                    meta: {
+                        vct_values: ['urn:glide:phone-number:v1'],
+                        // Fake JWT structure for testing - NOT a real token
+                        credential_authorization_jwt: 'eyJGQUtFIjoiVEVTVCJ9.eyJGQUtFIjoiVEVTVCJ9.FAKE',
+                    },
+                    claims: ['phone_number'],
+                },
+            ],
+        },
+    },
+};
+exports.validTS43Response = {
+    authentication_strategy: types_1.AUTHENTICATION_STRATEGY.TS43,
+    session: exports.validSession,
+    data: exports.validTS43Data,
+};
+// ============================================================================
+// LINK STRATEGY FIXTURES
+// ============================================================================
+exports.validLinkData = {
+    url: 'https://appclip.glideidentity.app/auth?session=abc123',
+    return_url: 'https://myapp.com/callback',
+    status_url: 'https://api.glideidentity.app/public/status/abc123',
+    params: { theme: 'dark' },
+};
+exports.minimalLinkData = {
+    url: 'https://appclip.glideidentity.app/auth',
+};
+exports.validLinkResponse = {
+    authentication_strategy: types_1.AUTHENTICATION_STRATEGY.LINK,
+    session: exports.validSession,
+    data: exports.validLinkData,
+};
+// ============================================================================
+// DESKTOP STRATEGY FIXTURES
+// ============================================================================
+exports.validDesktopData = {
+    protocol: 'qr-auth-v1',
+    data: {
+        qr_code_image: 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA...',
+        ios_qr_image: 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUB...',
+        android_qr_image: 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUC...',
+        ios_url: 'https://appclip.glideidentity.app/ios?session=abc123',
+        android_url: 'https://glideidentity.app/android?session=abc123',
+        session_id: 'desktop-session-abc123',
+        status_url: 'https://api.glideidentity.app/public/status/desktop-session-abc123',
+        url: 'https://glideidentity.app/mobile?session=abc123',
+        polling_interval: 2000,
+        expires_in: 300,
+    },
+};
+exports.minimalDesktopData = {
+    data: {
+        status_url: 'https://api.glideidentity.app/public/status/minimal123',
+    },
+};
+exports.validDesktopResponse = {
+    authentication_strategy: types_1.AUTHENTICATION_STRATEGY.DESKTOP,
+    session: exports.validSession,
+    data: exports.validDesktopData,
+};
+// ============================================================================
+// INVOKE RESULT FIXTURES
+// ============================================================================
+exports.validInvokeResult = {
+    credential: Promise.resolve('mock-credential-token-abc123'),
+    strategy: types_1.AUTHENTICATION_STRATEGY.TS43,
+    session: exports.validSession,
+};
+exports.cancellableInvokeResult = {
+    credential: Promise.resolve('mock-credential-token-abc123'),
+    strategy: types_1.AUTHENTICATION_STRATEGY.DESKTOP,
+    session: exports.validSession,
+    cancel: jest.fn(),
+};
+// ============================================================================
+// AUTH CREDENTIAL FIXTURES
+// ============================================================================
+exports.validAuthCredential = {
+    credential: 'mock-credential-token-xyz789',
+    phone_number: '+14155551234',
+    session: exports.validSession,
+    authenticated: true,
+};
+// ============================================================================
+// PROCESS RESPONSE FIXTURES
+// ============================================================================
+exports.validGetPhoneNumberResponse = {
+    phone_number: '+14155551234',
+    aud: 'carrier-audience-id',
+};
+exports.validVerifyPhoneNumberResponse = {
+    phone_number: '+14155551234',
+    verified: true,
+    aud: 'carrier-audience-id',
+};
+// ============================================================================
+// POLLING STATUS FIXTURES
+// ============================================================================
+exports.pollingStatusPending = {
+    status: 'pending',
+    message: 'Waiting for user authentication',
+};
+exports.pollingStatusCompleted = {
+    status: 'completed',
+    credential: 'completed-credential-token-123',
+    session: exports.validSession,
+};
+exports.pollingStatusExpired = {
+    status: 'expired',
+    message: 'Session has expired',
+};
+exports.pollingStatusError = {
+    status: 'error',
+    message: 'Authentication failed',
+    code: 'AUTH_FAILED',
+};
+// ============================================================================
+// BACKEND ERROR FIXTURES
+// ============================================================================
+exports.backendErrorWithCode = {
+    code: 'INVALID_SESSION',
+    message: 'Session not found or expired',
+    status: 400,
+    request_id: 'req-error-123',
+    trace_id: 'trace-abc123',
+    span_id: 'span-xyz789',
+    service: 'magic-auth',
+};
+exports.backendErrorWithError = {
+    error: 'RATE_LIMITED',
+    message: 'Too many requests',
+    status: 429,
+    details: { retryAfter: 60 },
+};
+exports.backendErrorMinimal = {
+    status: 500,
+};
+exports.backendErrorAsString = 'Internal Server Error';
+exports.backendErrorAsArray = ['error1', 'error2'];
+exports.backendErrorAsNull = null;
+// ============================================================================
+// INVALID/MISLEADING DATA FIXTURES
+// ============================================================================
+/**
+ * Data that looks like TS43Data but is actually DesktopData.
+ * Used to test type guard discrimination.
+ */
+exports.misleadingDataLooksLikeTS43 = {
+    protocol: 'some-protocol',
+    data: {
+        // Has nested data object like TS43, but no dcql_query
+        nonce: 'fake-nonce',
+        session_id: 'session-123',
+        status_url: 'https://example.com/status',
+    },
+};
+/**
+ * Data that has nested data object (could be TS43 or Desktop).
+ * Should be correctly identified by type guards.
+ */
+exports.ambiguousNestedData = {
+    data: {
+        something: 'value',
+    },
+};
+/**
+ * Invalid InvokeResult - missing required fields.
+ */
+exports.invalidInvokeResultMissingCredential = {
+    strategy: types_1.AUTHENTICATION_STRATEGY.TS43,
+    session: exports.validSession,
+};
+exports.invalidInvokeResultMissingStrategy = {
+    credential: Promise.resolve('token'),
+    session: exports.validSession,
+};
+exports.invalidInvokeResultMissingSession = {
+    credential: Promise.resolve('token'),
+    strategy: types_1.AUTHENTICATION_STRATEGY.TS43,
+};
+/**
+ * Invalid phone numbers for validation tests.
+ */
+exports.invalidPhoneNumbers = {
+    missingPlus: '14155551234',
+    tooShort: '+123456',
+    tooLong: '+12345678901234567',
+    withSpaces: '+1 415 555 1234',
+    withDashes: '+1-415-555-1234',
+    withParens: '+1(415)5551234',
+    withLetters: '+1415ABC1234',
+    startsWithZero: '+0123456789',
+    empty: '',
+};
+/**
+ * Valid phone numbers for validation tests.
+ */
+exports.validPhoneNumbers = {
+    us: '+14155551234',
+    uk: '+447911123456',
+    india: '+919876543210',
+    germany: '+4915112345678',
+    minimum: '+1234567', // 8 chars total
+    maximum: '+123456789012345', // 16 chars total (+ plus 15 digits)
+};
+/**
+ * Invalid PLMN values for validation tests.
+ */
+exports.invalidPlmn = {
+    mccTooShort: { mcc: '31', mnc: '260' },
+    mccTooLong: { mcc: '3100', mnc: '260' },
+    mncTooShort: { mcc: '310', mnc: '2' },
+    mncTooLong: { mcc: '310', mnc: '2600' },
+    mccWithLetters: { mcc: 'ABC', mnc: '260' },
+    mncWithLetters: { mcc: '310', mnc: 'AB' },
+};
+/**
+ * Valid PLMN values for validation tests.
+ */
+exports.validPlmn = {
+    att: { mcc: '310', mnc: '410' },
+    verizon: { mcc: '311', mnc: '480' },
+    tmobile: { mcc: '310', mnc: '260' },
+    twoDigitMnc: { mcc: '234', mnc: '15' },
+    threeDigitMnc: { mcc: '234', mnc: '150' },
+};
+/**
+ * Session keys for validation tests.
+ */
+exports.sessionKeys = {
+    valid: 'valid-session-key-1234567890',
+    tooShort: 'short-key',
+    minimum: '1234567890123456', // exactly 16 chars
+    empty: '',
+};

package/dist/cjs/test/setup.js

@@ -0,0 +1,117 @@
+"use strict";
+/**
+ * Jest Test Setup
+ *
+ * Global setup for all unit tests including:
+ * - Jest DOM matchers
+ * - Global mocks
+ * - Test utilities
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createMockResponse = createMockResponse;
+exports.flushPromises = flushPromises;
+exports.advanceTimersAndFlush = advanceTimersAndFlush;
+exports.createConsoleMocks = createConsoleMocks;
+exports.restoreConsoleMocks = restoreConsoleMocks;
+require("@testing-library/jest-dom");
+// ============================================================================
+// GLOBAL MOCKS
+// ============================================================================
+/**
+ * Mock fetch globally for HTTP tests.
+ * Individual tests can override this.
+ */
+global.fetch = jest.fn();
+/**
+ * Mock AbortController for timeout tests.
+ */
+global.AbortController = class MockAbortController {
+    constructor() {
+        this.signal = {
+            aborted: false,
+            addEventListener: jest.fn(),
+            removeEventListener: jest.fn(),
+            onabort: null,
+            reason: undefined,
+            throwIfAborted: jest.fn(),
+            dispatchEvent: jest.fn(),
+        };
+        this.abort = jest.fn(() => {
+            this.signal.aborted = true;
+        });
+    }
+};
+// ============================================================================
+// TEST UTILITIES
+// ============================================================================
+/**
+ * Helper to create a mock Response object.
+ */
+function createMockResponse(body, options = {}) {
+    const { status = 200, ok = status >= 200 && status < 300, headers = {} } = options;
+    return {
+        ok,
+        status,
+        statusText: status === 200 ? 'OK' : 'Error',
+        headers: new Headers(headers),
+        json: jest.fn().mockResolvedValue(body),
+        text: jest.fn().mockResolvedValue(JSON.stringify(body)),
+        blob: jest.fn(),
+        arrayBuffer: jest.fn(),
+        formData: jest.fn(),
+        clone: jest.fn(),
+        body: null,
+        bodyUsed: false,
+        redirected: false,
+        type: 'basic',
+        url: '',
+        bytes: jest.fn(),
+    };
+}
+/**
+ * Helper to wait for async operations.
+ */
+function flushPromises() {
+    return new Promise(resolve => setImmediate(resolve));
+}
+/**
+ * Helper to advance timers and flush promises.
+ */
+async function advanceTimersAndFlush(ms) {
+    jest.advanceTimersByTime(ms);
+    await flushPromises();
+}
+// ============================================================================
+// CONSOLE MOCK HELPERS
+// ============================================================================
+/**
+ * Create spies on console methods for logger tests.
+ */
+function createConsoleMocks() {
+    return {
+        debug: jest.spyOn(console, 'debug').mockImplementation(),
+        info: jest.spyOn(console, 'info').mockImplementation(),
+        warn: jest.spyOn(console, 'warn').mockImplementation(),
+        error: jest.spyOn(console, 'error').mockImplementation(),
+    };
+}
+/**
+ * Restore console mocks.
+ */
+function restoreConsoleMocks(mocks) {
+    mocks.debug.mockRestore();
+    mocks.info.mockRestore();
+    mocks.warn.mockRestore();
+    mocks.error.mockRestore();
+}
+// ============================================================================
+// CLEANUP
+// ============================================================================
+beforeEach(() => {
+    // Clear all mocks before each test
+    jest.clearAllMocks();
+});
+afterEach(() => {
+    // Reset fetch mock
+    global.fetch.mockReset();
+});

package/dist/esm/adapters/react.js

@@ -108,9 +108,13 @@ export function usePhoneAuth(config) {
      * Granular: Invoke.
      */
     const invokeSecurePrompt = useCallback(async (prepared, options) => {
+        setIsLoading(true);
+        setError(null);
         setStep('invoking');
         try {
-            return await client.invokeSecurePrompt(prepared, options);
+            const result = await client.invokeSecurePrompt(prepared, options);
+            setStep('idle'); // Reset step on success (invoke is intermediate step)
+            return result;
         }
         catch (err) {
             const authError = err;
@@ -118,12 +122,16 @@ export function usePhoneAuth(config) {
             setStep('error');
             throw err;
         }
+        finally {
+            setIsLoading(false);
+        }
     }, [client]);
     /**
      * Granular: Get phone number.
      */
     const getPhoneNumber = useCallback(async (credential, session) => {
         setIsLoading(true);
+        setError(null);
         setStep('processing');
         try {
             const authResult = await client.getPhoneNumber(credential, session);
@@ -146,6 +154,7 @@ export function usePhoneAuth(config) {
      */
     const verifyPhoneNumber = useCallback(async (credential, session) => {
         setIsLoading(true);
+        setError(null);
         setStep('processing');
         try {
             const authResult = await client.verifyPhoneNumber(credential, session);

package/dist/esm/adapters/vue.js

@@ -99,21 +99,29 @@ export function usePhoneAuth(config) {
      * Granular: Invoke.
      */
     async function invokeSecurePrompt(prepared, options) {
+        isLoading.value = true;
+        error.value = null;
         step.value = 'invoking';
         try {
-            return await client.invokeSecurePrompt(prepared, options);
+            const invokeResult = await client.invokeSecurePrompt(prepared, options);
+            step.value = 'idle'; // Reset step on success (invoke is intermediate step)
+            return invokeResult;
         }
         catch (err) {
             error.value = err;
             step.value = 'error';
             throw err;
         }
+        finally {
+            isLoading.value = false;
+        }
     }
     /**
      * Granular: Get phone number.
      */
     async function getPhoneNumber(credential, session) {
         isLoading.value = true;
+        error.value = null;
         step.value = 'processing';
         try {
             const authResult = await client.getPhoneNumber(credential, session);
@@ -135,6 +143,7 @@ export function usePhoneAuth(config) {
      */
     async function verifyPhoneNumber(credential, session) {
         isLoading.value = true;
+        error.value = null;
         step.value = 'processing';
         try {
             const authResult = await client.verifyPhoneNumber(credential, session);

package/dist/esm/client/http.js

@@ -114,7 +114,11 @@ export function createHttpClient(config = {}) {
         }
         // If response is not ok, parse as error
         if (!response.ok) {
-            throw parseBackendError({ ...data, status: response.status });
+            // Safely build error object - handle non-object responses (strings, null, arrays)
+            const errorData = typeof data === 'object' && data !== null && !Array.isArray(data)
+                ? { ...data, status: response.status }
+                : { status: response.status, rawResponse: data };
+            throw parseBackendError(errorData);
         }
         return data;
     }

package/dist/esm/client/logger.js

@@ -11,12 +11,11 @@
 // ============================================================================
 /**
  * Patterns to detect and sanitize PII.
+ * Note: Email pattern removed - this SDK only handles phone authentication.
  */
 const PII_PATTERNS = {
     // Phone numbers: +1234567890 or variations
     phone: /(\+?[1-9]\d{6,14})/g,
-    // Email addresses
-    email: /([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/g,
     // JWT tokens (three base64 segments separated by dots)
     jwt: /(eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*)/g,
     // Session keys (long alphanumeric strings)
@@ -38,11 +37,6 @@ function sanitize(data) {
             const visible = 4;
             return match.slice(0, 2) + '***' + match.slice(-visible);
         });
-        // Mask emails: user@example.com -> u***@example.com
-        sanitized = sanitized.replace(PII_PATTERNS.email, (match) => {
-            const [local, domain] = match.split('@');
-            return local.slice(0, 1) + '***@' + domain;
-        });
         // Mask JWTs: eyJ... -> [JWT]
         sanitized = sanitized.replace(PII_PATTERNS.jwt, '[JWT]');
         // Mask session keys

package/dist/esm/client/phone-auth-client.js

@@ -8,7 +8,7 @@
  * because both iOS App Clips and Android Digital Credentials API require
  * transient activation (user interaction) to open system UI.
  */
-import { USE_CASE, AUTHENTICATION_STRATEGY, validatePhoneNumber, validatePlmn, } from '../core';
+import { USE_CASE, AUTHENTICATION_STRATEGY, validatePhoneNumber, validatePlmn, validateUseCaseRequirements, } from '../core';
 import { createAuthError, ERROR_CODES, isAuthError } from '../core/errors';
 import { createHttpClient } from './http';
 import { createLogger, createNoopLogger } from './logger';
@@ -30,6 +30,7 @@ export class PhoneAuthClient {
             pollingInterval: config.pollingInterval || 2000,
             maxPollingAttempts: config.maxPollingAttempts || 30,
             debug: config.debug || false,
+            devEnv: config.devEnv,
         };
         // Use custom or default HTTP client
         this.http = config.httpClient || createHttpClient({
@@ -44,6 +45,7 @@ export class PhoneAuthClient {
         this.logger.debug('PhoneAuthClient initialized', {
             endpoints: this.config.endpoints,
             timeout: this.config.timeout,
+            ...(config.devEnv && { devEnv: config.devEnv }),
         });
         // Initialize mobile debug console if configured
         if (config.devtools?.showMobileConsole && typeof window !== 'undefined') {
@@ -123,6 +125,13 @@ export class PhoneAuthClient {
         if (!request.use_case && !request.options?.parent_session_id) {
             throw createAuthError(ERROR_CODES.MISSING_PARAMETERS, 'use_case is required');
         }
+        // Validate use_case requirements (e.g., VerifyPhoneNumber requires phone_number)
+        if (request.use_case) {
+            const useCaseValidation = validateUseCaseRequirements(request.use_case, request.phone_number, !!request.options?.parent_session_id);
+            if (!useCaseValidation.valid) {
+                throw createAuthError(ERROR_CODES.MISSING_PARAMETERS, useCaseValidation.error);
+            }
+        }
         // Build request with client info
         const requestBody = {
             ...request,
@@ -285,6 +294,20 @@ export class PhoneAuthClient {
                 if (!credential || (typeof credential === 'string' && credential.trim() === '')) {
                     throw createAuthError(ERROR_CODES.INVALID_RESPONSE, 'Empty credential returned from Digital Credentials API');
                 }
+                // Success haptic feedback
+                if (typeof navigator !== 'undefined' && navigator.vibrate) {
+                    // Add a small delay to ensure the browser has regained focus/visibility
+                    // after the native bottom sheet closes
+                    setTimeout(() => {
+                        try {
+                            // Double tap pattern: vibrate 80ms, pause 50ms, vibrate 80ms
+                            navigator.vibrate([80, 50, 80]);
+                        }
+                        catch (e) {
+                            // Ignore vibration errors
+                        }
+                    }, 200);
+                }
                 // Return just the credential string
                 return credential;
             }
@@ -325,11 +348,16 @@ export class PhoneAuthClient {
         // Navigate to App Clip URL (must be from user gesture)
         // Using window.location.href for better iOS compatibility
         window.location.href = data.url;
-        // Build polling headers (merge common + polling-specific)
+        // Build polling headers (merge common + polling-specific + devEnv)
         const pollingHeaders = {
             ...this.config.headers?.common,
             ...this.config.headers?.polling,
         };
+        // Add developer header if devEnv is set
+        if (this.config.devEnv) {
+            pollingHeaders['developer'] = this.config.devEnv;
+            this.logger.debug('Adding developer header for polling', { devEnv: this.config.devEnv });
+        }
         // Start polling for authentication status
         const polling = createPollingHandler({
             sessionKey: session.session_key,
@@ -361,11 +389,16 @@ export class PhoneAuthClient {
         // Extract session ID for polling
         const sessionId = data.data?.session_id || session.session_key;
         this.logger.debug('Starting desktop authentication', { sessionId });
-        // Build polling headers (merge common + polling-specific)
+        // Build polling headers (merge common + polling-specific + devEnv)
         const pollingHeaders = {
             ...this.config.headers?.common,
             ...this.config.headers?.polling,
         };
+        // Add developer header if devEnv is set
+        if (this.config.devEnv) {
+            pollingHeaders['developer'] = this.config.devEnv;
+            this.logger.debug('Adding developer header for polling', { devEnv: this.config.devEnv });
+        }
         // Start polling for authentication status
         const polling = createPollingHandler({
             sessionKey: sessionId,

package/dist/esm/core/index.js

@@ -29,7 +29,7 @@ export { ERROR_CODES, } from './errors';
 // ============================================================================
 // VALIDATORS
 // ============================================================================
-export { validatePhoneNumber, validatePlmn, validateUseCaseRequirements, validateNonce, validateSessionKey, E164_REGEX, } from './validators';
+export { validatePhoneNumber, validatePlmn, validateUseCaseRequirements, validateSessionKey, E164_REGEX, } from './validators';
 // ============================================================================
 // TYPE GUARDS
 // ============================================================================

package/dist/esm/core/type-guards.js

@@ -128,12 +128,24 @@ export function isLinkData(data) {
 }
 /**
  * Check if prepare response data is DesktopData.
+ *
+ * Note: Both TS43Data and DesktopData have nested 'data' objects,
+ * so we must explicitly exclude TS43Data by checking for absence of 'dcql_query'.
  */
 export function isDesktopData(data) {
-    return (data !== null &&
-        typeof data === 'object' &&
-        'data' in data &&
-        typeof data.data === 'object');
+    if (data === null ||
+        typeof data !== 'object' ||
+        !('data' in data) ||
+        typeof data.data !== 'object' ||
+        data.data === null) {
+        return false;
+    }
+    // Exclude TS43Data which also has a nested 'data' object but contains 'dcql_query'
+    const nestedData = data.data;
+    if ('dcql_query' in nestedData) {
+        return false;
+    }
+    return true;
 }
 /**
  * Get strategy-specific data from PrepareResponse with proper typing.

package/dist/esm/core/validators.js

@@ -106,34 +106,6 @@ export function validateUseCaseRequirements(useCase, phoneNumber, hasParentSessi
     }
     return { valid: true };
 }
-/**
- * Validates nonce format.
- *
- * @param nonce - Nonce string to validate
- * @returns Validation result
- */
-export function validateNonce(nonce) {
-    const base64urlRegex = /^[A-Za-z0-9_-]+$/;
-    if (!nonce || nonce.length === 0) {
-        return {
-            valid: false,
-            error: 'Nonce is required'
-        };
-    }
-    if (!base64urlRegex.test(nonce)) {
-        return {
-            valid: false,
-            error: 'Nonce must be base64url encoded'
-        };
-    }
-    if (nonce.length < 32 || nonce.length > 128) {
-        return {
-            valid: false,
-            error: 'Nonce must be between 32 and 128 characters'
-        };
-    }
-    return { valid: true };
-}
 /**
  * Validates session key format.
  *