@gw2me/client 0.9.2 → 0.9.3

package/dist/base64-B0vm543A.mjs

@@ -0,0 +1,9 @@
+//#region src/base64.ts
+function base64urlEncode(input) {
+	const data = input instanceof ArrayBuffer ? new Uint8Array(input) : input;
+	return btoa(String.fromCharCode(...data)).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+//#endregion
+export { base64urlEncode as t };
+//# sourceMappingURL=base64-B0vm543A.mjs.map

package/dist/dpop.d.mts

@@ -0,0 +1,14 @@
+import { r as DPoPParams } from "./types-cXKOlCJ4.mjs";
+
+//#region src/dpop.d.ts
+declare function generateDPoPKeyPair(): Promise<CryptoKeyPair>;
+declare function createDPoPJwt({
+  htm,
+  htu,
+  nonce,
+  accessToken
+}: DPoPParams, keyPair: CryptoKeyPair): Promise<string>;
+declare function jwkThumbprint(key: CryptoKey): Promise<string>;
+//#endregion
+export { createDPoPJwt, generateDPoPKeyPair, jwkThumbprint };
+//# sourceMappingURL=dpop.d.mts.map

package/dist/dpop.mjs

@@ -0,0 +1,53 @@
+import { t as base64urlEncode } from "./base64-B0vm543A.mjs";
+
+//#region src/dpop.ts
+function generateDPoPKeyPair() {
+	return crypto.subtle.generateKey({
+		name: "ECDSA",
+		namedCurve: "P-256"
+	}, false, ["sign"]);
+}
+async function createDPoPJwt({ htm, htu, nonce, accessToken }, keyPair) {
+	const header = JSON.stringify({
+		alg: "ES256",
+		typ: "dpop+jwt",
+		jwk: await jwk(keyPair.publicKey)
+	});
+	const body = JSON.stringify({
+		iat: Math.floor(Date.now() / 1e3),
+		jti: base64urlEncode(crypto.getRandomValues(new Uint8Array(32))),
+		htm,
+		htu,
+		nonce,
+		ath: accessToken ? base64urlEncode(await crypto.subtle.digest("SHA-256", stringToBuffer(accessToken))) : void 0
+	});
+	const input = `${base64urlEncode(stringToBuffer(header))}.${base64urlEncode(stringToBuffer(body))}`;
+	return `${input}.${base64urlEncode(await crypto.subtle.sign({
+		name: "ECDSA",
+		hash: "SHA-256"
+	}, keyPair.privateKey, stringToBuffer(input)))}`;
+}
+const encoder = new TextEncoder();
+function stringToBuffer(value) {
+	return encoder.encode(value);
+}
+async function jwk(key) {
+	const { kty, e, k, n, x, y, crv } = await crypto.subtle.exportKey("jwk", key);
+	return {
+		e,
+		k,
+		crv,
+		kty,
+		n,
+		x,
+		y
+	};
+}
+async function jwkThumbprint(key) {
+	const jwkJson = JSON.stringify(await jwk(key));
+	return base64urlEncode(await crypto.subtle.digest("SHA-256", stringToBuffer(jwkJson)));
+}
+
+//#endregion
+export { createDPoPJwt, generateDPoPKeyPair, jwkThumbprint };
+//# sourceMappingURL=dpop.mjs.map

package/dist/index.d.mts

@@ -0,0 +1,194 @@
+import { a as Scope, i as Options, n as DPoPCallback, r as DPoPParams, t as ClientInfo } from "./types-cXKOlCJ4.mjs";
+
+//#region src/api.d.ts
+interface UserResponse {
+  sub: string;
+  user: {
+    id: string;
+    name: string;
+    email?: string;
+    emailVerified?: boolean;
+  };
+  settings?: unknown;
+}
+interface AccountsResponse {
+  accounts: {
+    id: string;
+    name: string;
+    shared: boolean;
+    verified?: boolean;
+    displayName?: string | null;
+  }[];
+}
+interface SubtokenOptions {
+  permissions?: string[];
+}
+interface SubtokenResponse {
+  subtoken: string;
+  expiresAt: string;
+}
+interface ApiOptions extends Options {
+  dpop?: DPoPCallback;
+}
+declare class Gw2MeApi {
+  #private;
+  private access_token;
+  private options?;
+  constructor(access_token: string, options?: Partial<ApiOptions> | undefined);
+  user(): Promise<UserResponse>;
+  saveSettings(settings: unknown): Promise<void>;
+  accounts(): Promise<AccountsResponse>;
+  subtoken(accountId: string, options?: SubtokenOptions): Promise<SubtokenResponse>;
+}
+//#endregion
+//#region src/fed-cm.d.ts
+interface FedCMRequestOptions {
+  scopes: Scope[];
+  mediation?: CredentialMediationRequirement;
+  mode?: 'passive' | 'active';
+  signal?: AbortSignal;
+  code_challenge: string;
+  code_challenge_method: 'S256';
+  /** @default true */
+  include_granted_scopes?: boolean;
+}
+declare class Gw2MeFedCM {
+  #private;
+  constructor(configUrl: URL, clientId: string);
+  isSupported(): boolean;
+  request({
+    scopes,
+    mediation,
+    signal,
+    mode,
+    code_challenge,
+    code_challenge_method,
+    include_granted_scopes
+  }: FedCMRequestOptions): Promise<null | {
+    token: string;
+    type: "identity";
+  }>;
+}
+//#endregion
+//#region src/client.d.ts
+interface AuthorizationUrlParams {
+  redirect_uri: string;
+  scopes: Scope[];
+  state?: string;
+  code_challenge?: string;
+  code_challenge_method?: 'S256';
+  dpop_jkt?: string;
+  prompt?: 'none' | 'consent';
+  include_granted_scopes?: boolean;
+  verified_accounts_only?: boolean;
+}
+interface PushedAuthorizationRequestParams extends AuthorizationUrlParams {
+  dpop?: DPoPCallback;
+}
+interface AuthorizationUrlRequestUriParams {
+  request_uri: string;
+}
+type TokenType = 'Bearer' | 'DPoP';
+interface AuthTokenParams {
+  code: string;
+  token_type?: TokenType;
+  redirect_uri: string;
+  code_verifier?: string;
+  dpop?: DPoPCallback;
+}
+interface RefreshTokenParams {
+  refresh_token: string;
+  refresh_token_type?: TokenType;
+  dpop?: DPoPCallback;
+}
+interface TokenResponse {
+  access_token: string;
+  issued_token_type: 'urn:ietf:params:oauth:token-type:access_token';
+  token_type: TokenType;
+  expires_in: number;
+  refresh_token?: string;
+  scope: string;
+}
+interface RevokeTokenParams {
+  token: string;
+}
+interface IntrospectTokenParams {
+  token: string;
+}
+declare namespace IntrospectTokenResponse {
+  interface Inactive {
+    active: false;
+  }
+  namespace Active {
+    interface Common {
+      active: true;
+      scope: string;
+      client_id: string;
+      exp?: number;
+    }
+    interface Bearer extends Common {
+      token_type: 'Bearer';
+    }
+    interface DPoP extends Common {
+      token_type: 'DPoP';
+      cnf: {
+        jkt: string;
+      };
+    }
+  }
+  type Active = Active.Bearer | Active.DPoP;
+}
+type IntrospectTokenResponse = IntrospectTokenResponse.Inactive | IntrospectTokenResponse.Active;
+interface PushedAuthorizationRequestResponse {
+  request_uri: string;
+  expires_in: number;
+}
+declare class Gw2MeClient {
+  #private;
+  private options?;
+  constructor(client: ClientInfo, options?: Partial<Options> | undefined);
+  getAuthorizationUrl(params: AuthorizationUrlParams | AuthorizationUrlRequestUriParams): string;
+  pushAuthorizationRequest(params: PushedAuthorizationRequestParams): Promise<PushedAuthorizationRequestResponse>;
+  getAccessToken({
+    code,
+    token_type,
+    redirect_uri,
+    code_verifier,
+    dpop
+  }: AuthTokenParams): Promise<TokenResponse>;
+  refreshToken({
+    refresh_token,
+    refresh_token_type,
+    dpop
+  }: RefreshTokenParams): Promise<TokenResponse>;
+  revokeToken({
+    token
+  }: RevokeTokenParams): Promise<void>;
+  introspectToken({
+    token
+  }: IntrospectTokenParams): Promise<IntrospectTokenResponse>;
+  /**
+   * Parses the search params received from gw2.me on the redirect url (code and state).
+   * If gw2.me returned an error response, this will throw an error.
+   *
+   * @returns The code and optional state.
+   */
+  parseAuthorizationResponseSearchParams(searchParams: URLSearchParams): {
+    code: string;
+    state: string | undefined;
+  };
+  api(access_token: string, options?: Partial<Omit<ApiOptions, keyof Options>>): Gw2MeApi;
+  get fedCM(): Gw2MeFedCM;
+}
+//#endregion
+//#region src/error.d.ts
+declare class Gw2MeError extends Error {}
+declare class Gw2MeOAuthError extends Gw2MeError {
+  error: string;
+  error_description?: string | undefined;
+  error_uri?: string | undefined;
+  constructor(error: string, error_description?: string | undefined, error_uri?: string | undefined);
+}
+//#endregion
+export { AccountsResponse, ApiOptions, AuthTokenParams, AuthorizationUrlParams, AuthorizationUrlRequestUriParams, ClientInfo, DPoPCallback, DPoPParams, FedCMRequestOptions, Gw2MeApi, Gw2MeClient, Gw2MeError, Gw2MeFedCM, Gw2MeOAuthError, IntrospectTokenParams, IntrospectTokenResponse, Options, PushedAuthorizationRequestParams, PushedAuthorizationRequestResponse, RefreshTokenParams, RevokeTokenParams, Scope, SubtokenOptions, SubtokenResponse, TokenResponse, TokenType, UserResponse };
+//# sourceMappingURL=index.d.mts.map

package/dist/index.mjs

@@ -0,0 +1,289 @@
+//#region src/types.ts
+let Scope = /* @__PURE__ */ function(Scope$1) {
+	Scope$1["Identify"] = "identify";
+	Scope$1["Email"] = "email";
+	Scope$1["Accounts"] = "accounts";
+	Scope$1["Accounts_Verified"] = "accounts.verified";
+	Scope$1["Accounts_DisplayName"] = "accounts.displayName";
+	Scope$1["GW2_Account"] = "gw2:account";
+	Scope$1["GW2_Inventories"] = "gw2:inventories";
+	Scope$1["GW2_Characters"] = "gw2:characters";
+	Scope$1["GW2_Tradingpost"] = "gw2:tradingpost";
+	Scope$1["GW2_Wallet"] = "gw2:wallet";
+	Scope$1["GW2_Unlocks"] = "gw2:unlocks";
+	Scope$1["GW2_Pvp"] = "gw2:pvp";
+	Scope$1["GW2_Wvw"] = "gw2:wvw";
+	Scope$1["GW2_Builds"] = "gw2:builds";
+	Scope$1["GW2_Progression"] = "gw2:progression";
+	Scope$1["GW2_Guilds"] = "gw2:guilds";
+	return Scope$1;
+}({});
+
+//#endregion
+//#region src/error.ts
+var Gw2MeError = class extends Error {};
+var Gw2MeOAuthError = class extends Gw2MeError {
+	constructor(error, error_description, error_uri) {
+		super(`Received ${error}` + (error_description ? `: ${error_description}` : "") + (error_uri ? ` (${error_uri})` : ""));
+		this.error = error;
+		this.error_description = error_description;
+		this.error_uri = error_uri;
+	}
+};
+
+//#endregion
+//#region src/util.ts
+async function jsonOrError(response) {
+	await okOrError(response);
+	if (!(response.headers.get("Content-Type") === "application/json")) throw new Gw2MeError("gw2.me did not return a valid JSON response");
+	return response.json();
+}
+async function okOrError(response) {
+	if (!response.ok) {
+		let errorMessage;
+		if (response.headers.get("Content-Type") === "application/json") errorMessage = (await response.json()).error_description;
+		throw new Gw2MeError(`gw2.me returned an error: ${errorMessage ?? "Unknown error"}`);
+	}
+}
+
+//#endregion
+//#region src/api.ts
+var Gw2MeApi = class {
+	constructor(access_token, options) {
+		this.access_token = access_token;
+		this.options = options;
+	}
+	user() {
+		return this.#requestWithDpop("api/user").then((request) => fetch(request)).then(jsonOrError);
+	}
+	saveSettings(settings) {
+		return this.#requestWithDpop("api/user/settings", {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(settings)
+		}).then((request) => fetch(request)).then(okOrError);
+	}
+	accounts() {
+		return this.#requestWithDpop("api/accounts").then((request) => fetch(request)).then(jsonOrError);
+	}
+	subtoken(accountId, options) {
+		const url = this.#getUrl(`api/accounts/${accountId}/subtoken`);
+		if (options?.permissions) url.searchParams.set("permissions", options.permissions.join(","));
+		return this.#requestWithDpop(url).then((request) => fetch(request)).then(jsonOrError);
+	}
+	#getUrl(url) {
+		return new URL(url, this.options?.url || "https://gw2.me/");
+	}
+	async #requestWithDpop(endpoint, init) {
+		const url = endpoint instanceof URL ? endpoint : this.#getUrl(endpoint);
+		const dpop = this.options?.dpop;
+		const headers = new Headers(init?.headers);
+		headers.set("Authorization", `${dpop ? "DPoP" : "Bearer"} ${this.access_token}`);
+		if (dpop) headers.set("DPoP", await dpop({
+			htm: init?.method ?? "GET",
+			htu: url.toString(),
+			accessToken: this.access_token
+		}));
+		return new Request(url, {
+			cache: "no-cache",
+			...init,
+			headers
+		});
+	}
+};
+
+//#endregion
+//#region src/fed-cm.ts
+var Gw2MeFedCM = class {
+	#configUrl;
+	#clientId;
+	constructor(configUrl, clientId) {
+		this.#configUrl = configUrl;
+		this.#clientId = clientId;
+	}
+	isSupported() {
+		return typeof window !== "undefined" && "IdentityCredential" in window;
+	}
+	request({ scopes, mediation, signal, mode, code_challenge, code_challenge_method, include_granted_scopes }) {
+		if (!this.isSupported()) throw new Gw2MeError("FedCM is not supported");
+		return navigator.credentials.get({
+			mediation,
+			signal,
+			identity: {
+				providers: [{
+					configURL: this.#configUrl,
+					clientId: this.#clientId,
+					fields: [scopes.includes(Scope.Identify) && "name", scopes.includes(Scope.Email) && "email"].filter(Boolean),
+					nonce: `${code_challenge_method}:${code_challenge}`,
+					params: {
+						scope: scopes.join(" "),
+						code_challenge,
+						code_challenge_method,
+						include_granted_scopes
+					}
+				}],
+				mode
+			}
+		});
+	}
+};
+
+//#endregion
+//#region src/client.ts
+var Gw2MeClient = class {
+	#client;
+	#fedCM;
+	constructor(client, options) {
+		this.options = options;
+		this.#client = client;
+		this.#fedCM = new Gw2MeFedCM(this.#getUrl("/fed-cm/config.json"), client.client_id);
+	}
+	#getUrl(url) {
+		return new URL(url, this.options?.url || "https://gw2.me/");
+	}
+	#getAuthorizationHeader() {
+		if (!this.#client.client_secret) throw new Gw2MeError("client_secret is required");
+		return `Basic ${btoa(`${this.#client.client_id}:${this.#client.client_secret}`)}`;
+	}
+	getAuthorizationUrl(params) {
+		const urlParams = "request_uri" in params ? new URLSearchParams({
+			client_id: this.#client.client_id,
+			response_type: "code",
+			request_uri: params.request_uri
+		}) : constructAuthorizationParams(this.#client.client_id, params);
+		return this.#getUrl(`/oauth2/authorize?${urlParams.toString()}`).toString();
+	}
+	async pushAuthorizationRequest(params) {
+		const url = this.#getUrl("/oauth2/par");
+		const headers = { "Content-Type": "application/x-www-form-urlencoded" };
+		if (params.dpop) headers.DPoP = await params.dpop({
+			htm: "POST",
+			htu: url.toString()
+		});
+		const urlParams = constructAuthorizationParams(this.#client.client_id, params);
+		if (this.#client.client_secret) headers.Authorization = this.#getAuthorizationHeader();
+		return await fetch(url, {
+			method: "POST",
+			headers,
+			body: urlParams,
+			cache: "no-store"
+		}).then(jsonOrError);
+	}
+	async getAccessToken({ code, token_type, redirect_uri, code_verifier, dpop }) {
+		const data = new URLSearchParams({
+			grant_type: "authorization_code",
+			code,
+			client_id: this.#client.client_id,
+			redirect_uri
+		});
+		const headers = { "Content-Type": "application/x-www-form-urlencoded" };
+		if (this.#client.client_secret) headers.Authorization = this.#getAuthorizationHeader();
+		if (code_verifier) data.set("code_verifier", code_verifier);
+		const url = this.#getUrl("/api/token");
+		if (dpop) headers.DPoP = await dpop({
+			htm: "POST",
+			htu: url.toString(),
+			accessToken: token_type === "DPoP" ? code : void 0
+		});
+		return await fetch(url, {
+			method: "POST",
+			headers,
+			body: data,
+			cache: "no-store"
+		}).then(jsonOrError);
+	}
+	async refreshToken({ refresh_token, refresh_token_type, dpop }) {
+		const data = new URLSearchParams({
+			grant_type: "refresh_token",
+			refresh_token,
+			client_id: this.#client.client_id
+		});
+		const headers = { "Content-Type": "application/x-www-form-urlencoded" };
+		if (this.#client.client_secret) headers["Authorization"] = this.#getAuthorizationHeader();
+		const url = this.#getUrl("/api/token");
+		if (dpop) headers.DPoP = await dpop({
+			htm: "POST",
+			htu: url.toString(),
+			accessToken: refresh_token_type === "DPoP" ? refresh_token : void 0
+		});
+		return await fetch(url, {
+			method: "POST",
+			headers,
+			body: data,
+			cache: "no-store"
+		}).then(jsonOrError);
+	}
+	async revokeToken({ token }) {
+		const body = new URLSearchParams({ token });
+		const headers = { "Content-Type": "application/x-www-form-urlencoded" };
+		if (this.#client.client_secret) headers.Authorization = this.#getAuthorizationHeader();
+		await fetch(this.#getUrl("/api/token/revoke"), {
+			method: "POST",
+			cache: "no-store",
+			headers,
+			body
+		}).then(jsonOrError);
+	}
+	async introspectToken({ token }) {
+		const body = new URLSearchParams({ token });
+		const headers = { "Content-Type": "application/x-www-form-urlencoded" };
+		if (this.#client.client_secret) headers.Authorization = this.#getAuthorizationHeader();
+		return await fetch(this.#getUrl("/api/token/introspect"), {
+			method: "POST",
+			cache: "no-store",
+			headers,
+			body
+		}).then(jsonOrError);
+	}
+	/**
+	* Parses the search params received from gw2.me on the redirect url (code and state).
+	* If gw2.me returned an error response, this will throw an error.
+	*
+	* @returns The code and optional state.
+	*/
+	parseAuthorizationResponseSearchParams(searchParams) {
+		const expectedIssuer = this.#getUrl("/").origin;
+		const receivedIssuer = searchParams.get("iss");
+		if (!receivedIssuer) throw new Gw2MeError("Issuer Identifier verification failed: parameter `iss` is missing");
+		if (receivedIssuer !== expectedIssuer) throw new Gw2MeError(`Issuer Identifier verification failed: expected "${expectedIssuer}", got "${receivedIssuer}"`);
+		const error = searchParams.get("error");
+		if (error) throw new Gw2MeOAuthError(error, searchParams.get("error_description") ?? void 0, searchParams.get("error_uri") ?? void 0);
+		const code = searchParams.get("code");
+		if (!code) throw new Gw2MeError("Parameter `code` is missing");
+		return {
+			code,
+			state: searchParams.get("state") || void 0
+		};
+	}
+	api(access_token, options) {
+		return new Gw2MeApi(access_token, {
+			...this.options,
+			...options
+		});
+	}
+	get fedCM() {
+		return this.#fedCM;
+	}
+};
+function constructAuthorizationParams(client_id, { redirect_uri, scopes, state, code_challenge, code_challenge_method, dpop_jkt, prompt, include_granted_scopes, verified_accounts_only }) {
+	const params = new URLSearchParams({
+		client_id,
+		response_type: "code",
+		redirect_uri,
+		scope: scopes.join(" ")
+	});
+	if (state) params.append("state", state);
+	if (code_challenge && code_challenge_method) {
+		params.append("code_challenge", code_challenge);
+		params.append("code_challenge_method", code_challenge_method);
+	}
+	if (dpop_jkt) params.append("dpop_jkt", dpop_jkt);
+	if (prompt) params.append("prompt", prompt);
+	if (include_granted_scopes) params.append("include_granted_scopes", "true");
+	if (verified_accounts_only) params.append("verified_accounts_only", "true");
+	return params;
+}
+
+//#endregion
+export { Gw2MeApi, Gw2MeClient, Gw2MeError, Gw2MeOAuthError, Scope };
+//# sourceMappingURL=index.mjs.map

package/dist/pkce.d.mts

@@ -0,0 +1,13 @@
+//#region src/pkce.d.ts
+interface PKCEChallenge {
+  code_challenge: string;
+  code_challenge_method: 'S256';
+}
+interface PKCEPair {
+  challenge: PKCEChallenge;
+  code_verifier: string;
+}
+declare function generatePKCEPair(): Promise<PKCEPair>;
+//#endregion
+export { PKCEChallenge, PKCEPair, generatePKCEPair };
+//# sourceMappingURL=pkce.d.mts.map

package/dist/pkce.mjs

@@ -0,0 +1,21 @@
+import { t as base64urlEncode } from "./base64-B0vm543A.mjs";
+
+//#region src/pkce.ts
+async function generatePKCEPair() {
+	const verifierBuffer = new Uint8Array(32);
+	crypto.getRandomValues(verifierBuffer);
+	const code_verifier = base64urlEncode(verifierBuffer);
+	const encoder = new TextEncoder();
+	const challenge = await crypto.subtle.digest("SHA-256", encoder.encode(code_verifier));
+	return {
+		code_verifier,
+		challenge: {
+			code_challenge_method: "S256",
+			code_challenge: base64urlEncode(new Uint8Array(challenge))
+		}
+	};
+}
+
+//#endregion
+export { generatePKCEPair };
+//# sourceMappingURL=pkce.mjs.map

package/dist/types-cXKOlCJ4.d.mts

@@ -0,0 +1,36 @@
+//#region src/types.d.ts
+declare enum Scope {
+  Identify = "identify",
+  Email = "email",
+  Accounts = "accounts",
+  Accounts_Verified = "accounts.verified",
+  Accounts_DisplayName = "accounts.displayName",
+  GW2_Account = "gw2:account",
+  GW2_Inventories = "gw2:inventories",
+  GW2_Characters = "gw2:characters",
+  GW2_Tradingpost = "gw2:tradingpost",
+  GW2_Wallet = "gw2:wallet",
+  GW2_Unlocks = "gw2:unlocks",
+  GW2_Pvp = "gw2:pvp",
+  GW2_Wvw = "gw2:wvw",
+  GW2_Builds = "gw2:builds",
+  GW2_Progression = "gw2:progression",
+  GW2_Guilds = "gw2:guilds",
+}
+interface ClientInfo {
+  client_id: string;
+  client_secret?: string;
+}
+interface Options {
+  url: string;
+}
+interface DPoPParams {
+  htm: 'POST' | 'GET' | (string & {});
+  htu: string;
+  nonce?: string;
+  accessToken?: string;
+}
+type DPoPCallback = (params: DPoPParams) => string | Promise<string>;
+//#endregion
+export { Scope as a, Options as i, DPoPCallback as n, DPoPParams as r, ClientInfo as t };
+//# sourceMappingURL=types-cXKOlCJ4.d.mts.map

package/package.json

@@ -1,21 +1,21 @@
 {
   "name": "@gw2me/client",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "description": "gw2.me client library",
   "type": "module",
   "exports": {
     "./package.json": "./package.json",
     ".": {
-      "types": "./dist/index.d.ts",
-      "default": "./dist/index.js"
+      "types": "./dist/index.d.mts",
+      "default": "./dist/index.mjs"
     },
     "./dpop": {
-      "types": "./dist/dpop.d.ts",
-      "default": "./dist/dpop.js"
+      "types": "./dist/dpop.d.mts",
+      "default": "./dist/dpop.mjs"
     },
     "./pkce": {
-      "types": "./dist/pkce.d.ts",
-      "default": "./dist/pkce.js"
+      "types": "./dist/pkce.d.mts",
+      "default": "./dist/pkce.mjs"
     }
   },
   "repository": {
@@ -30,7 +30,8 @@
     "oauth2"
   ],
   "files": [
-    "dist/"
+    "dist/*.mjs",
+    "dist/*.d.mts"
   ],
   "author": "darthmaim",
   "license": "MIT",
@@ -43,20 +44,17 @@
     "@gw2treasures/publish-package": "0.1.0",
     "@gw2treasures/tsconfig": "0.0.1",
     "eslint": "9.39.2",
-    "tsup": "8.5.1",
+    "tsdown": "0.19.0",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.51.0",
-    "undici-types": "7.16.0"
+    "typescript-eslint": "8.53.0",
+    "undici-types": "7.18.2"
   },
   "publishConfig": {
     "access": "public",
     "provenance": true
   },
   "scripts": {
-    "build": "pnpm run clean && if test $CI; then pnpm run build:ci; else pnpm run build:local; fi",
-    "build:local": "tsup src/index.ts src/dpop.ts src/pkce.ts --format esm && tsc --emitDeclarationOnly --declaration --declarationMap",
-    "build:ci": "tsup src/index.ts src/dpop.ts src/pkce.ts --format esm --minify --dts",
-    "clean": "rm -rf dist/",
+    "build": "tsdown src/index.ts src/dpop.ts src/pkce.ts",
     "lint": "eslint .",
     "publish-package": "gw2treasures-publish-package"
   }

package/dist/chunk-EXOYQILJ.js

@@ -1 +0,0 @@
-function a(r){let e=r instanceof ArrayBuffer?new Uint8Array(r):r;return btoa(String.fromCharCode(...e)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}export{a};

package/dist/chunk-OSZ7DOEH.js

@@ -1 +0,0 @@
-var f=a=>{throw TypeError(a)};var d=(a,b,c)=>b.has(a)||f("Cannot "+c);var g=(a,b,c)=>(d(a,b,"read from private field"),c?c.call(a):b.get(a)),h=(a,b,c)=>b.has(a)?f("Cannot add the same private member more than once"):b instanceof WeakSet?b.add(a):b.set(a,c),i=(a,b,c,e)=>(d(a,b,"write to private field"),e?e.call(a,c):b.set(a,c),c),j=(a,b,c)=>(d(a,b,"access private method"),c);export{g as a,h as b,i as c,j as d};

package/dist/dpop.d.ts

@@ -1,7 +0,0 @@
-import { D as DPoPParams } from './types-yBP8cksw.js';
-
-declare function generateDPoPKeyPair(): Promise<CryptoKeyPair>;
-declare function createDPoPJwt({ htm, htu, nonce, accessToken }: DPoPParams, keyPair: CryptoKeyPair): Promise<string>;
-declare function jwkThumbprint(key: CryptoKey): Promise<string>;
-
-export { createDPoPJwt, generateDPoPKeyPair, jwkThumbprint };

package/dist/dpop.js

@@ -1 +0,0 @@
-import{a as e}from"./chunk-EXOYQILJ.js";import"./chunk-OSZ7DOEH.js";function d(){return crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign"])}async function m({htm:t,htu:n,nonce:r,accessToken:a},s){let c=JSON.stringify({alg:"ES256",typ:"dpop+jwt",jwk:await u(s.publicKey)}),y=JSON.stringify({iat:Math.floor(Date.now()/1e3),jti:e(crypto.getRandomValues(new Uint8Array(32))),htm:t,htu:n,nonce:r,ath:a?e(await crypto.subtle.digest("SHA-256",o(a))):void 0}),i=`${e(o(c))}.${e(o(y))}`,p={name:"ECDSA",hash:"SHA-256"},g=e(await crypto.subtle.sign(p,s.privateKey,o(i)));return`${i}.${g}`}var w=new TextEncoder;function o(t){return w.encode(t)}async function u(t){let{kty:n,e:r,k:a,n:s,x:c,y,crv:i}=await crypto.subtle.exportKey("jwk",t);return{e:r,k:a,crv:i,kty:n,n:s,x:c,y}}async function P(t){let n=JSON.stringify(await u(t)),r=await crypto.subtle.digest("SHA-256",o(n));return e(r)}export{m as createDPoPJwt,d as generateDPoPKeyPair,P as jwkThumbprint};

package/dist/index.d.ts

@@ -1,169 +0,0 @@
-import { O as Options, a as DPoPCallback, S as Scope, C as ClientInfo } from './types-yBP8cksw.js';
-export { D as DPoPParams } from './types-yBP8cksw.js';
-
-interface UserResponse {
-    sub: string;
-    user: {
-        id: string;
-        name: string;
-        email?: string;
-        emailVerified?: boolean;
-    };
-    settings?: unknown;
-}
-interface AccountsResponse {
-    accounts: {
-        id: string;
-        name: string;
-        shared: boolean;
-        verified?: boolean;
-        displayName?: string | null;
-    }[];
-}
-interface SubtokenOptions {
-    permissions?: string[];
-}
-interface SubtokenResponse {
-    subtoken: string;
-    expiresAt: string;
-}
-interface ApiOptions extends Options {
-    dpop?: DPoPCallback;
-}
-declare class Gw2MeApi {
-    #private;
-    private access_token;
-    private options?;
-    constructor(access_token: string, options?: Partial<ApiOptions> | undefined);
-    user(): Promise<UserResponse>;
-    saveSettings(settings: unknown): Promise<void>;
-    accounts(): Promise<AccountsResponse>;
-    subtoken(accountId: string, options?: SubtokenOptions): Promise<SubtokenResponse>;
-}
-
-interface FedCMRequestOptions {
-    scopes: Scope[];
-    mediation?: CredentialMediationRequirement;
-    mode?: 'passive' | 'active';
-    signal?: AbortSignal;
-    code_challenge: string;
-    code_challenge_method: 'S256';
-    /** @default true */
-    include_granted_scopes?: boolean;
-}
-declare class Gw2MeFedCM {
-    #private;
-    constructor(configUrl: URL, clientId: string);
-    isSupported(): boolean;
-    request({ scopes, mediation, signal, mode, code_challenge, code_challenge_method, include_granted_scopes }: FedCMRequestOptions): Promise<null | {
-        token: string;
-        type: "identity";
-    }>;
-}
-
-interface AuthorizationUrlParams {
-    redirect_uri: string;
-    scopes: Scope[];
-    state?: string;
-    code_challenge?: string;
-    code_challenge_method?: 'S256';
-    dpop_jkt?: string;
-    prompt?: 'none' | 'consent';
-    include_granted_scopes?: boolean;
-    verified_accounts_only?: boolean;
-}
-interface PushedAuthorizationRequestParams extends AuthorizationUrlParams {
-    dpop?: DPoPCallback;
-}
-interface AuthorizationUrlRequestUriParams {
-    request_uri: string;
-}
-type TokenType = 'Bearer' | 'DPoP';
-interface AuthTokenParams {
-    code: string;
-    token_type?: TokenType;
-    redirect_uri: string;
-    code_verifier?: string;
-    dpop?: DPoPCallback;
-}
-interface RefreshTokenParams {
-    refresh_token: string;
-    refresh_token_type?: TokenType;
-    dpop?: DPoPCallback;
-}
-interface TokenResponse {
-    access_token: string;
-    issued_token_type: 'urn:ietf:params:oauth:token-type:access_token';
-    token_type: TokenType;
-    expires_in: number;
-    refresh_token?: string;
-    scope: string;
-}
-interface RevokeTokenParams {
-    token: string;
-}
-interface IntrospectTokenParams {
-    token: string;
-}
-declare namespace IntrospectTokenResponse {
-    interface Inactive {
-        active: false;
-    }
-    namespace Active {
-        interface Common {
-            active: true;
-            scope: string;
-            client_id: string;
-            exp?: number;
-        }
-        interface Bearer extends Common {
-            token_type: 'Bearer';
-        }
-        interface DPoP extends Common {
-            token_type: 'DPoP';
-            cnf: {
-                jkt: string;
-            };
-        }
-    }
-    type Active = Active.Bearer | Active.DPoP;
-}
-type IntrospectTokenResponse = IntrospectTokenResponse.Inactive | IntrospectTokenResponse.Active;
-interface PushedAuthorizationRequestResponse {
-    request_uri: string;
-    expires_in: number;
-}
-declare class Gw2MeClient {
-    #private;
-    private options?;
-    constructor(client: ClientInfo, options?: Partial<Options> | undefined);
-    getAuthorizationUrl(params: AuthorizationUrlParams | AuthorizationUrlRequestUriParams): string;
-    pushAuthorizationRequest(params: PushedAuthorizationRequestParams): Promise<PushedAuthorizationRequestResponse>;
-    getAccessToken({ code, token_type, redirect_uri, code_verifier, dpop }: AuthTokenParams): Promise<TokenResponse>;
-    refreshToken({ refresh_token, refresh_token_type, dpop }: RefreshTokenParams): Promise<TokenResponse>;
-    revokeToken({ token }: RevokeTokenParams): Promise<void>;
-    introspectToken({ token }: IntrospectTokenParams): Promise<IntrospectTokenResponse>;
-    /**
-     * Parses the search params received from gw2.me on the redirect url (code and state).
-     * If gw2.me returned an error response, this will throw an error.
-     *
-     * @returns The code and optional state.
-     */
-    parseAuthorizationResponseSearchParams(searchParams: URLSearchParams): {
-        code: string;
-        state: string | undefined;
-    };
-    api(access_token: string, options?: Partial<Omit<ApiOptions, keyof Options>>): Gw2MeApi;
-    get fedCM(): Gw2MeFedCM;
-}
-
-declare class Gw2MeError extends Error {
-}
-declare class Gw2MeOAuthError extends Gw2MeError {
-    error: string;
-    error_description?: string | undefined;
-    error_uri?: string | undefined;
-    constructor(error: string, error_description?: string | undefined, error_uri?: string | undefined);
-}
-
-export { type AccountsResponse, type ApiOptions, type AuthTokenParams, type AuthorizationUrlParams, type AuthorizationUrlRequestUriParams, ClientInfo, DPoPCallback, type FedCMRequestOptions, Gw2MeApi, Gw2MeClient, Gw2MeError, Gw2MeFedCM, Gw2MeOAuthError, type IntrospectTokenParams, IntrospectTokenResponse, Options, type PushedAuthorizationRequestParams, type PushedAuthorizationRequestResponse, type RefreshTokenParams, type RevokeTokenParams, Scope, type SubtokenOptions, type SubtokenResponse, type TokenResponse, type TokenType, type UserResponse };

package/dist/index.js

@@ -1 +0,0 @@
-import{a as s,b as m,c as _,d as o}from"./chunk-OSZ7DOEH.js";var z=(p=>(p.Identify="identify",p.Email="email",p.Accounts="accounts",p.Accounts_Verified="accounts.verified",p.Accounts_DisplayName="accounts.displayName",p.GW2_Account="gw2:account",p.GW2_Inventories="gw2:inventories",p.GW2_Characters="gw2:characters",p.GW2_Tradingpost="gw2:tradingpost",p.GW2_Wallet="gw2:wallet",p.GW2_Unlocks="gw2:unlocks",p.GW2_Pvp="gw2:pvp",p.GW2_Wvw="gw2:wvw",p.GW2_Builds="gw2:builds",p.GW2_Progression="gw2:progression",p.GW2_Guilds="gw2:guilds",p))(z||{});var h=class extends Error{},b=class extends h{constructor(t,n,r){super(`Received ${t}`+(n?`: ${n}`:"")+(r?` (${r})`:""));this.error=t;this.error_description=n;this.error_uri=r}};async function f(u){if(await C(u),!(u.headers.get("Content-Type")==="application/json"))throw new h("gw2.me did not return a valid JSON response");return u.json()}async function C(u){if(!u.ok){let e;throw u.headers.get("Content-Type")==="application/json"&&(e=(await u.json()).error_description),new h(`gw2.me returned an error: ${e??"Unknown error"}`)}}var g,U,x,v=class{constructor(e,t){this.access_token=e;this.options=t;m(this,g)}user(){return o(this,g,x).call(this,"api/user").then(e=>fetch(e)).then(f)}saveSettings(e){return o(this,g,x).call(this,"api/user/settings",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)}).then(t=>fetch(t)).then(C)}accounts(){return o(this,g,x).call(this,"api/accounts").then(e=>fetch(e)).then(f)}subtoken(e,t){let n=o(this,g,U).call(this,`api/accounts/${e}/subtoken`);return t?.permissions&&n.searchParams.set("permissions",t.permissions.join(",")),o(this,g,x).call(this,n).then(r=>fetch(r)).then(f)}};g=new WeakSet,U=function(e){return new URL(e,this.options?.url||"https://gw2.me/")},x=async function(e,t){let n=e instanceof URL?e:o(this,g,U).call(this,e),r=this.options?.dpop,i=new Headers(t?.headers);return i.set("Authorization",`${r?"DPoP":"Bearer"} ${this.access_token}`),r&&i.set("DPoP",await r({htm:t?.method??"GET",htu:n.toString(),accessToken:this.access_token})),new Request(n,{cache:"no-cache",...t,headers:i})};var R,T,O=class{constructor(e,t){m(this,R);m(this,T);_(this,R,e),_(this,T,t)}isSupported(){return typeof window<"u"&&"IdentityCredential"in window}request({scopes:e,mediation:t,signal:n,mode:r,code_challenge:i,code_challenge_method:d,include_granted_scopes:l}){if(!this.isSupported())throw new h("FedCM is not supported");return navigator.credentials.get({mediation:t,signal:n,identity:{providers:[{configURL:s(this,R),clientId:s(this,T),fields:[e.includes("identify")&&"name",e.includes("email")&&"email"].filter(Boolean),nonce:`${d}:${i}`,params:{scope:e.join(" "),code_challenge:i,code_challenge_method:d,include_granted_scopes:l}}],mode:r}})}};R=new WeakMap,T=new WeakMap;var a,A,c,P,y,S=class{constructor(e,t){this.options=t;m(this,c);m(this,a);m(this,A);_(this,a,e),_(this,A,new O(o(this,c,P).call(this,"/fed-cm/config.json"),e.client_id))}getAuthorizationUrl(e){let t="request_uri"in e?new URLSearchParams({client_id:s(this,a).client_id,response_type:"code",request_uri:e.request_uri}):q(s(this,a).client_id,e);return o(this,c,P).call(this,`/oauth2/authorize?${t.toString()}`).toString()}async pushAuthorizationRequest(e){let t=o(this,c,P).call(this,"/oauth2/par"),n={"Content-Type":"application/x-www-form-urlencoded"};e.dpop&&(n.DPoP=await e.dpop({htm:"POST",htu:t.toString()}));let r=q(s(this,a).client_id,e);return s(this,a).client_secret&&(n.Authorization=o(this,c,y).call(this)),await fetch(t,{method:"POST",headers:n,body:r,cache:"no-store"}).then(f)}async getAccessToken({code:e,token_type:t,redirect_uri:n,code_verifier:r,dpop:i}){let d=new URLSearchParams({grant_type:"authorization_code",code:e,client_id:s(this,a).client_id,redirect_uri:n}),l={"Content-Type":"application/x-www-form-urlencoded"};s(this,a).client_secret&&(l.Authorization=o(this,c,y).call(this)),r&&d.set("code_verifier",r);let w=o(this,c,P).call(this,"/api/token");return i&&(l.DPoP=await i({htm:"POST",htu:w.toString(),accessToken:t==="DPoP"?e:void 0})),await fetch(w,{method:"POST",headers:l,body:d,cache:"no-store"}).then(f)}async refreshToken({refresh_token:e,refresh_token_type:t,dpop:n}){let r=new URLSearchParams({grant_type:"refresh_token",refresh_token:e,client_id:s(this,a).client_id}),i={"Content-Type":"application/x-www-form-urlencoded"};s(this,a).client_secret&&(i.Authorization=o(this,c,y).call(this));let d=o(this,c,P).call(this,"/api/token");return n&&(i.DPoP=await n({htm:"POST",htu:d.toString(),accessToken:t==="DPoP"?e:void 0})),await fetch(d,{method:"POST",headers:i,body:r,cache:"no-store"}).then(f)}async revokeToken({token:e}){let t=new URLSearchParams({token:e}),n={"Content-Type":"application/x-www-form-urlencoded"};s(this,a).client_secret&&(n.Authorization=o(this,c,y).call(this)),await fetch(o(this,c,P).call(this,"/api/token/revoke"),{method:"POST",cache:"no-store",headers:n,body:t}).then(f)}async introspectToken({token:e}){let t=new URLSearchParams({token:e}),n={"Content-Type":"application/x-www-form-urlencoded"};return s(this,a).client_secret&&(n.Authorization=o(this,c,y).call(this)),await fetch(o(this,c,P).call(this,"/api/token/introspect"),{method:"POST",cache:"no-store",headers:n,body:t}).then(f)}parseAuthorizationResponseSearchParams(e){let t=o(this,c,P).call(this,"/").origin,n=e.get("iss");if(!n)throw new h("Issuer Identifier verification failed: parameter `iss` is missing");if(n!==t)throw new h(`Issuer Identifier verification failed: expected "${t}", got "${n}"`);let r=e.get("error");if(r){let l=e.get("error_description")??void 0,w=e.get("error_uri")??void 0;throw new b(r,l,w)}let i=e.get("code");if(!i)throw new h("Parameter `code` is missing");let d=e.get("state")||void 0;return{code:i,state:d}}api(e,t){return new v(e,{...this.options,...t})}get fedCM(){return s(this,A)}};a=new WeakMap,A=new WeakMap,c=new WeakSet,P=function(e){return new URL(e,this.options?.url||"https://gw2.me/")},y=function(){if(!s(this,a).client_secret)throw new h("client_secret is required");return`Basic ${btoa(`${s(this,a).client_id}:${s(this,a).client_secret}`)}`};function q(u,{redirect_uri:e,scopes:t,state:n,code_challenge:r,code_challenge_method:i,dpop_jkt:d,prompt:l,include_granted_scopes:w,verified_accounts_only:I}){let k=new URLSearchParams({client_id:u,response_type:"code",redirect_uri:e,scope:t.join(" ")});return n&&k.append("state",n),r&&i&&(k.append("code_challenge",r),k.append("code_challenge_method",i)),d&&k.append("dpop_jkt",d),l&&k.append("prompt",l),w&&k.append("include_granted_scopes","true"),I&&k.append("verified_accounts_only","true"),k}export{v as Gw2MeApi,S as Gw2MeClient,h as Gw2MeError,b as Gw2MeOAuthError,z as Scope};

package/dist/pkce.d.ts

@@ -1,11 +0,0 @@
-interface PKCEChallenge {
-    code_challenge: string;
-    code_challenge_method: 'S256';
-}
-interface PKCEPair {
-    challenge: PKCEChallenge;
-    code_verifier: string;
-}
-declare function generatePKCEPair(): Promise<PKCEPair>;
-
-export { type PKCEChallenge, type PKCEPair, generatePKCEPair };

package/dist/pkce.js

@@ -1 +0,0 @@
-import{a as e}from"./chunk-EXOYQILJ.js";import"./chunk-OSZ7DOEH.js";async function a(){let n=new Uint8Array(32);crypto.getRandomValues(n);let r=e(n),c=new TextEncoder,o=await crypto.subtle.digest("SHA-256",c.encode(r));return{code_verifier:r,challenge:{code_challenge_method:"S256",code_challenge:e(new Uint8Array(o))}}}export{a as generatePKCEPair};

package/dist/types-yBP8cksw.d.ts

@@ -1,34 +0,0 @@
-declare enum Scope {
-    Identify = "identify",
-    Email = "email",
-    Accounts = "accounts",
-    Accounts_Verified = "accounts.verified",
-    Accounts_DisplayName = "accounts.displayName",
-    GW2_Account = "gw2:account",
-    GW2_Inventories = "gw2:inventories",
-    GW2_Characters = "gw2:characters",
-    GW2_Tradingpost = "gw2:tradingpost",
-    GW2_Wallet = "gw2:wallet",
-    GW2_Unlocks = "gw2:unlocks",
-    GW2_Pvp = "gw2:pvp",
-    GW2_Wvw = "gw2:wvw",
-    GW2_Builds = "gw2:builds",
-    GW2_Progression = "gw2:progression",
-    GW2_Guilds = "gw2:guilds"
-}
-interface ClientInfo {
-    client_id: string;
-    client_secret?: string;
-}
-interface Options {
-    url: string;
-}
-interface DPoPParams {
-    htm: 'POST' | 'GET' | (string & {});
-    htu: string;
-    nonce?: string;
-    accessToken?: string;
-}
-type DPoPCallback = (params: DPoPParams) => string | Promise<string>;
-
-export { type ClientInfo as C, type DPoPParams as D, type Options as O, Scope as S, type DPoPCallback as a };