@hearth-auth/node 1.0.19 → 1.1.0

package/dist/flows.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"flows.js","sourceRoot":"","sources":["../src/flows.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AA6EpF,iFAAiF;AAEjF;;;GAGG;AACH,MAAM,OAAO,gBAAgB;IACV,MAAM,CAAiB;IACvB,YAAY,CAA+B;IAC3C,OAAO,CAAS;IAEjC,YAAY,MAAsB,EAAE,YAA0C;QAC5E,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC;IACrC,CAAC;IAED,8EAA8E;IAEtE,KAAK,CAAC,gBAAgB;QAC5B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,IAAI,kBAAkB,CAAC,qDAAqD,CAAC,CAAC;QACtF,CAAC;QACD,OAAO,GAAG,CAAC,cAAc,CAAC;IAC5B,CAAC;IAEO,KAAK,CAAC,qBAAqB;QACjC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC;YACvC,MAAM,IAAI,kBAAkB,CAC1B,oEAAoE,CACrE,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAC,6BAA6B,CAAC;IAC3C,CAAC;IAEO,KAAK,CAAC,mBAAmB;QAC/B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,IAAI,kBAAkB,CAAC,wDAAwD,CAAC,CAAC;QACzF,CAAC;QACD,OAAO,GAAG,CAAC,iBAAiB,CAAC;IAC/B,CAAC;IAED,8EAA8E;IAE9E,oEAAoE;IAC5D,KAAK,CAAC,QAAQ,CAAI,QAAgB,EAAE,MAA8B;QACxE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBAC1B,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI;gBACJ,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CACtB,CAAC,EACD,mBAAmB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrE,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,IAAI,OAAO,GAAG,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC;YACnC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;gBAC3D,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACnC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC;oBACrB,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ,EAAE,CAAC;wBAC/C,OAAO,IAAI,KAAK,IAAI,CAAC,iBAAiB,EAAE,CAAC;oBAC3C,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;YACtC,MAAM,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAC;IAClC,CAAC;IAED,6DAA6D;IACrD,KAAK,CAAC,aAAa,CACzB,QAAgB,EAChB,KAAa,EACb,MAA+B;QAE/B,IAAI,GAAG,GAAG,QAAQ,CAAC;QACnB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC5B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;gBAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACtE,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACrB,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACrB,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;gBAC7C,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CACtB,CAAC,EACD,mBAAmB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrE,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAEpC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,OAAO,GAAG,CAAC,IAAI,EAAgB,CAAC;IAClC,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,IAAY,EACZ,WAAmB,EACnB,IAA0B;QAE1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC/C,MAAM,MAAM,GAA2B;YACrC,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,YAAY,EAAE,WAAW;YACzB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAChC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;SACzC,CAAC;QACF,IAAI,IAAI,EAAE,YAAY;YAAE,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC;QACjE,OAAO,IAAI,CAAC,QAAQ,CAAgB,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAc;QACpC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC/C,MAAM,MAAM,GAA2B;YACrC,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAChC,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;SACzC,CAAC;QACF,IAAI,KAAK;YAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QAChC,OAAO,IAAI,CAAC,QAAQ,CAAgB,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,eAAe,CAAC,KAAc;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACpD,MAAM,MAAM,GAA2B,EAAE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC5E,IAAI,KAAK;YAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;QAChC,OAAO,IAAI,CAAC,QAAQ,CAA8B,QAAQ,EAAE,MAAM,CAAC,CAAC;IACtE,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,eAAe,CAAC,UAAkB,EAAE,eAAuB;QAC/D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC/C,IAAI,UAAU,GAAG,eAAe,GAAG,IAAI,CAAC;QAExC,iDAAiD;QACjD,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;YAEtE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;gBAC/B,UAAU,EAAE,8CAA8C;gBAC1D,WAAW,EAAE,UAAU;gBACvB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACjE,IAAI,GAAa,CAAC;YAClB,IAAI,CAAC;gBACH,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;oBAC1B,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;oBAChE,IAAI;oBACJ,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,cAAc,CACtB,CAAC,EACD,6BAA6B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC/E,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;YACJ,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;YAED,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;gBACX,OAAO,GAAG,CAAC,IAAI,EAA4B,CAAC;YAC9C,CAAC;YAED,IAAI,SAAS,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAC;gBAC3D,SAAS,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAExB,IAAI,SAAS,KAAK,uBAAuB,EAAE,CAAC;gBAC1C,SAAS;YACX,CAAC;YACD,IAAI,SAAS,KAAK,WAAW,EAAE,CAAC;gBAC9B,UAAU,IAAI,IAAI,CAAC;gBACnB,SAAS;YACX,CAAC;YACD,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;gBAClC,MAAM,IAAI,iBAAiB,CAAC,IAAI,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC,CAAC;YACvF,CAAC;YAED,MAAM,IAAI,cAAc,CACtB,GAAG,CAAC,MAAM,EACV,6BAA6B,SAAS,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,EAAE,CACjE,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAClC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,kBAAkB,CAC1B,oEAAoE,CACrE,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,kBAAkB,CAAC;QACnF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACjE,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBACrB,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC;gBAC/B,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,cAAc,CACtB,CAAC,EACD,8BAA8B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAChF,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO;QAC/B,MAAM,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,oCAAoC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACzF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAmB,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;QAC/E,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,oBAAoB,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAwB,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3E,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,uCAAuC,CAAC,CAAC;QACpF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,kCAAkC,CAAC;QACxE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAqB,GAAG,EAAE,KAAK,CAAC,CAAC;QACxE,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,cAAc,CAAC,GAAG,EAAE,oCAAoC,CAAC,CAAC;QACjF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,OAAO,CACX,KAAa,EACb,KAAa,EACb,KAAc;QAEd,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,yBAAyB,CAAC;QAC/D,MAAM,MAAM,GAA2B,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAChE,IAAI,KAAK,KAAK,SAAS;YAAE,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,aAAa,CAAkB,GAAG,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IACjE,CAAC;CACF"}

package/dist/flows.test.d.ts

@@ -0,0 +1,3 @@
+/** §4.5 — OAuthFlowsClient tests (TDD — written before implementation). */
+export {};
+//# sourceMappingURL=flows.test.d.ts.map

package/dist/flows.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"flows.test.d.ts","sourceRoot":"","sources":["../src/flows.test.ts"],"names":[],"mappings":"AAAA,2EAA2E"}

package/dist/flows.test.js

@@ -0,0 +1,332 @@
+/** §4.5 — OAuthFlowsClient tests (TDD — written before implementation). */
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { OAuthFlowsClient } from "./flows.js";
+import { ConfigurationError, OAuthFlowError, TokenExpiredError } from "./errors.js";
+const BASE_CONFIG = {
+    issuer_url: "https://auth.example.com",
+    client_id: "client1",
+    client_secret: "secret1",
+    audience: [],
+    jwks_ttl: 300_000,
+    introspection_endpoint: null,
+    http_timeout: 10_000,
+    clock_skew_seconds: 60,
+    realm_id: "test-realm",
+    authorize_endpoint: null,
+};
+const DISCOVERY = {
+    issuer: "https://auth.example.com",
+    jwks_uri: "https://auth.example.com/.well-known/jwks.json",
+    token_endpoint: "https://auth.example.com/token",
+    device_authorization_endpoint: "https://auth.example.com/device/authorize",
+    userinfo_endpoint: "https://auth.example.com/userinfo",
+};
+const TOKEN_RESPONSE = {
+    access_token: "eyJ.access.token",
+    token_type: "Bearer",
+    expires_in: 3600,
+    scope: "openid",
+};
+function makeClient(configOverrides) {
+    const config = { ...BASE_CONFIG, ...configOverrides };
+    const getDiscovery = vi.fn().mockResolvedValue(DISCOVERY);
+    const client = new OAuthFlowsClient(config, getDiscovery);
+    return { client, getDiscovery };
+}
+function mockResponse(body, status = 200) {
+    return {
+        ok: status >= 200 && status < 300,
+        status,
+        json: () => Promise.resolve(body),
+        text: () => Promise.resolve(JSON.stringify(body)),
+        headers: new Headers(),
+    };
+}
+// ── exchangeCode ─────────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.exchangeCode", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("POSTs to discovered token_endpoint with authorization_code grant", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        await client.exchangeCode("auth-code-123", "https://app.example.com/callback");
+        expect(fetch).toHaveBeenCalledOnce();
+        const [url, init] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toBe(DISCOVERY.token_endpoint);
+        expect(init.method).toBe("POST");
+        const body = new URLSearchParams(init.body);
+        expect(body.get("grant_type")).toBe("authorization_code");
+        expect(body.get("code")).toBe("auth-code-123");
+        expect(body.get("redirect_uri")).toBe("https://app.example.com/callback");
+        expect(body.get("client_id")).toBe("client1");
+        expect(body.get("client_secret")).toBe("secret1");
+    });
+    it("includes code_verifier when provided", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        await client.exchangeCode("code", "https://app.example.com/cb", { codeVerifier: "v3rif1er" });
+        const body = new URLSearchParams(vi.mocked(fetch).mock.calls[0][1].body);
+        expect(body.get("code_verifier")).toBe("v3rif1er");
+    });
+    it("returns a typed TokenResponse", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        const result = await client.exchangeCode("code", "https://app.example.com/cb");
+        expect(result.access_token).toBe(TOKEN_RESPONSE.access_token);
+        expect(result.token_type).toBe("Bearer");
+        expect(result.expires_in).toBe(3600);
+    });
+    it("throws OAuthFlowError on non-200 response", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse({ error: "invalid_grant" }, 400));
+        await expect(client.exchangeCode("bad-code", "https://app.example.com/cb"))
+            .rejects.toBeInstanceOf(OAuthFlowError);
+    });
+});
+// ── clientCredentials ─────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.clientCredentials", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("POSTs client_credentials grant with client_id and client_secret in body", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        await client.clientCredentials();
+        const body = new URLSearchParams(vi.mocked(fetch).mock.calls[0][1].body);
+        expect(body.get("grant_type")).toBe("client_credentials");
+        expect(body.get("client_id")).toBe("client1");
+        expect(body.get("client_secret")).toBe("secret1");
+        // credentials must NOT appear in URL
+        const [url] = vi.mocked(fetch).mock.calls[0];
+        expect(url).not.toContain("client_secret");
+    });
+    it("includes scope when provided", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        await client.clientCredentials("read:users");
+        const body = new URLSearchParams(vi.mocked(fetch).mock.calls[0][1].body);
+        expect(body.get("scope")).toBe("read:users");
+    });
+    it("omits scope when not provided", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        await client.clientCredentials();
+        const body = new URLSearchParams(vi.mocked(fetch).mock.calls[0][1].body);
+        expect(body.get("scope")).toBeNull();
+    });
+    it("returns TokenResponse", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        const result = await client.clientCredentials("openid");
+        expect(result.access_token).toBe(TOKEN_RESPONSE.access_token);
+    });
+    it("throws OAuthFlowError on non-200", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse({ error: "unauthorized_client" }, 401));
+        await expect(client.clientCredentials()).rejects.toBeInstanceOf(OAuthFlowError);
+    });
+});
+// ── startDeviceFlow ───────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.startDeviceFlow", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    const DEVICE_RESPONSE = {
+        device_code: "dev-code-abc",
+        user_code: "WDJB-MJHT",
+        verification_uri: "https://auth.example.com/activate",
+        verification_uri_complete: "https://auth.example.com/activate?user_code=WDJB-MJHT",
+        expires_in: 600,
+        interval: 5,
+    };
+    it("POSTs to discovered device_authorization_endpoint", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(DEVICE_RESPONSE));
+        await client.startDeviceFlow();
+        const [url] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toBe(DISCOVERY.device_authorization_endpoint);
+    });
+    it("includes client_id and optional scope", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(DEVICE_RESPONSE));
+        await client.startDeviceFlow("openid profile");
+        const body = new URLSearchParams(vi.mocked(fetch).mock.calls[0][1].body);
+        expect(body.get("client_id")).toBe("client1");
+        expect(body.get("scope")).toBe("openid profile");
+    });
+    it("returns DeviceAuthorizationResponse", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(DEVICE_RESPONSE));
+        const result = await client.startDeviceFlow();
+        expect(result.device_code).toBe("dev-code-abc");
+        expect(result.user_code).toBe("WDJB-MJHT");
+        expect(result.interval).toBe(5);
+    });
+    it("throws when device_authorization_endpoint not in discovery", async () => {
+        const getDiscovery = vi.fn().mockResolvedValue({ ...DISCOVERY, device_authorization_endpoint: undefined });
+        const client = new OAuthFlowsClient(BASE_CONFIG, getDiscovery);
+        await expect(client.startDeviceFlow()).rejects.toBeInstanceOf(ConfigurationError);
+    });
+});
+// ── pollDeviceToken ───────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.pollDeviceToken", () => {
+    beforeEach(() => { vi.useFakeTimers(); vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.useRealTimers(); vi.unstubAllGlobals(); });
+    it("resolves with TokenResponse when user approves immediately", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValue(mockResponse(TOKEN_RESPONSE));
+        const p = client.pollDeviceToken("dev-code-abc", 1);
+        await vi.runAllTimersAsync();
+        const result = await p;
+        expect(result.access_token).toBe(TOKEN_RESPONSE.access_token);
+    });
+    it("polls again on authorization_pending without surfacing error", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch)
+            .mockResolvedValueOnce(mockResponse({ error: "authorization_pending" }, 400))
+            .mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        const p = client.pollDeviceToken("dev-code-abc", 1);
+        await vi.runAllTimersAsync();
+        const result = await p;
+        expect(vi.mocked(fetch)).toHaveBeenCalledTimes(2);
+        expect(result.access_token).toBe(TOKEN_RESPONSE.access_token);
+    });
+    it("increases interval by 5 s on slow_down", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch)
+            .mockResolvedValueOnce(mockResponse({ error: "slow_down" }, 400))
+            .mockResolvedValueOnce(mockResponse(TOKEN_RESPONSE));
+        const p = client.pollDeviceToken("dev-code-abc", 5);
+        await vi.runAllTimersAsync();
+        await p;
+        // Two fetches: slow_down + success
+        expect(vi.mocked(fetch)).toHaveBeenCalledTimes(2);
+    });
+    it("throws TokenExpiredError when device code expires", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValue(mockResponse({ error: "expired_token" }, 400));
+        // Attach rejection handler BEFORE running timers to avoid unhandled rejection warning.
+        const p = client.pollDeviceToken("dev-code-abc", 1);
+        const rejection = expect(p).rejects.toBeInstanceOf(TokenExpiredError);
+        await vi.runAllTimersAsync();
+        await rejection;
+    });
+    it("sends device_code grant to token endpoint", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValue(mockResponse(TOKEN_RESPONSE));
+        const p = client.pollDeviceToken("dev-code-abc", 1);
+        await vi.runAllTimersAsync();
+        await p;
+        const body = new URLSearchParams(vi.mocked(fetch).mock.calls[0][1].body);
+        expect(body.get("grant_type")).toBe("urn:ietf:params:oauth:grant-type:device_code");
+        expect(body.get("device_code")).toBe("dev-code-abc");
+        expect(body.get("client_id")).toBe("client1");
+    });
+});
+// ── requestMagicLink ──────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.requestMagicLink", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("POSTs to /v1/{realm_id}/auth/magic-link with JSON body", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce({ ok: true, status: 202 });
+        await client.requestMagicLink("user@example.com");
+        const [url, init] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toBe("https://auth.example.com/v1/test-realm/auth/magic-link");
+        expect(init.method).toBe("POST");
+        expect(JSON.parse(init.body)).toEqual({ email: "user@example.com" });
+    });
+    it("succeeds silently on 202 (enumeration resistance)", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce({ ok: true, status: 202 });
+        await expect(client.requestMagicLink("notexist@example.com")).resolves.toBeUndefined();
+    });
+    it("throws OAuthFlowError on HTTP 429 (rate limit)", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce({ ok: false, status: 429 });
+        const err = await client.requestMagicLink("user@example.com").catch((e) => e);
+        expect(err).toBeInstanceOf(OAuthFlowError);
+        expect(err.statusCode).toBe(429);
+    });
+    it("throws ConfigurationError when realm_id is not set", async () => {
+        const { client } = makeClient({ realm_id: null });
+        await expect(client.requestMagicLink("user@example.com"))
+            .rejects.toBeInstanceOf(ConfigurationError);
+    });
+});
+// ── userinfo ──────────────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.userinfo", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("GETs the discovered userinfo_endpoint with Bearer token", async () => {
+        const { client } = makeClient();
+        const uiResponse = { sub: "user123", email: "user@example.com" };
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(uiResponse));
+        const result = await client.userinfo("access-token-xyz");
+        const [url, init] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toBe(DISCOVERY.userinfo_endpoint);
+        expect(init.headers["Authorization"]).toBe("Bearer access-token-xyz");
+        expect(result.sub).toBe("user123");
+    });
+    it("throws OAuthFlowError on non-200", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse({ error: "invalid_token" }, 401));
+        await expect(client.userinfo("bad-token")).rejects.toBeInstanceOf(OAuthFlowError);
+    });
+});
+// ── mePermissions ─────────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.mePermissions", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("GETs /v1/me/permissions with Bearer token", async () => {
+        const { client } = makeClient();
+        const permResponse = { roles: ["admin"], groups: ["eng"], permissions: ["docs.write"], scope: "openid" };
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(permResponse));
+        const result = await client.mePermissions("access-token-xyz");
+        const [url, init] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toContain("/v1/me/permissions");
+        expect(init.headers["Authorization"]).toBe("Bearer access-token-xyz");
+        expect(result.roles).toEqual(["admin"]);
+        expect(result.permissions).toEqual(["docs.write"]);
+    });
+});
+// ── svSnapshot ────────────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.svSnapshot", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("GETs /oauth/session-versions/snapshot with Bearer token", async () => {
+        const { client } = makeClient();
+        const snap = { realm: "test-realm", current_seq: 42, versions: { "sess-1": 3 } };
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(snap));
+        const result = await client.svSnapshot("service-token");
+        const [url, init] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toContain("/oauth/session-versions/snapshot");
+        expect(init.headers["Authorization"]).toBe("Bearer service-token");
+        expect(result.current_seq).toBe(42);
+    });
+});
+// ── svDelta ───────────────────────────────────────────────────────────────────
+describe("OAuthFlowsClient.svDelta", () => {
+    beforeEach(() => { vi.stubGlobal("fetch", vi.fn()); });
+    afterEach(() => { vi.unstubAllGlobals(); });
+    it("GETs /oauth/session-versions with since param", async () => {
+        const { client } = makeClient();
+        const delta = { realm: "test-realm", next_seq: 10, deltas: [] };
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse(delta));
+        await client.svDelta("service-token", 5);
+        const [url] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toContain("since=5");
+    });
+    it("includes limit param when provided", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce(mockResponse({ realm: "r", next_seq: 1, deltas: [] }));
+        await client.svDelta("tok", 0, 100);
+        const [url] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toContain("limit=100");
+    });
+    it("returns null on 204 No Content", async () => {
+        const { client } = makeClient();
+        vi.mocked(fetch).mockResolvedValueOnce({ ok: true, status: 204, json: () => Promise.resolve(null) });
+        const result = await client.svDelta("tok", 5);
+        expect(result).toBeNull();
+    });
+});
+//# sourceMappingURL=flows.test.js.map

package/dist/flows.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"flows.test.js","sourceRoot":"","sources":["../src/flows.test.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAE3E,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAIpF,MAAM,WAAW,GAAmB;IAClC,UAAU,EAAE,0BAA0B;IACtC,SAAS,EAAE,SAAS;IACpB,aAAa,EAAE,SAAS;IACxB,QAAQ,EAAE,EAAE;IACZ,QAAQ,EAAE,OAAO;IACjB,sBAAsB,EAAE,IAAI;IAC5B,YAAY,EAAE,MAAM;IACpB,kBAAkB,EAAE,EAAE;IACtB,QAAQ,EAAE,YAAY;IACtB,kBAAkB,EAAE,IAAI;CACzB,CAAC;AAEF,MAAM,SAAS,GAAkB;IAC/B,MAAM,EAAE,0BAA0B;IAClC,QAAQ,EAAE,gDAAgD;IAC1D,cAAc,EAAE,gCAAgC;IAChD,6BAA6B,EAAE,2CAA2C;IAC1E,iBAAiB,EAAE,mCAAmC;CACvD,CAAC;AAEF,MAAM,cAAc,GAAG;IACrB,YAAY,EAAE,kBAAkB;IAChC,UAAU,EAAE,QAAQ;IACpB,UAAU,EAAE,IAAI;IAChB,KAAK,EAAE,QAAQ;CAChB,CAAC;AAEF,SAAS,UAAU,CAAC,eAAyC;IAC3D,MAAM,MAAM,GAAG,EAAE,GAAG,WAAW,EAAE,GAAG,eAAe,EAAE,CAAC;IACtD,MAAM,YAAY,GAAG,EAAE,CAAC,EAAE,EAAgC,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACxF,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAC1D,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IAC/C,OAAO;QACL,EAAE,EAAE,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG;QACjC,MAAM;QACN,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;QACjC,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACjD,OAAO,EAAE,IAAI,OAAO,EAAE;KACA,CAAC;AAC3B,CAAC;AAED,gFAAgF;AAEhF,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;IAC7C,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,CAAC,YAAY,CAAC,eAAe,EAAE,kCAAkC,CAAC,CAAC;QAE/E,MAAM,CAAC,KAAK,CAAC,CAAC,oBAAoB,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC1E,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,4BAA4B,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC,CAAC;QAE9F,MAAM,IAAI,GAAG,IAAI,eAAe,CAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA2B,CAAC,CAAC,CAAC,CAAC,IAAc,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QAC9D,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QAEtF,MAAM,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,UAAU,EAAE,4BAA4B,CAAC,CAAC;aACxE,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,oCAAoC,EAAE,GAAG,EAAE;IAClD,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,yEAAyE,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA2B,CAAC,CAAC,CAAC,CAAC,IAAc,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAC1D,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClD,qCAAqC;QACrC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACtE,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;QAE7C,MAAM,IAAI,GAAG,IAAI,eAAe,CAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA2B,CAAC,CAAC,CAAC,CAAC,IAAc,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;QAC7C,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA2B,CAAC,CAAC,CAAC,CAAC,IAAc,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;QACrC,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAErE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QACxD,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QAE5F,MAAM,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;IAClF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,MAAM,eAAe,GAAG;QACtB,WAAW,EAAE,cAAc;QAC3B,SAAS,EAAE,WAAW;QACtB,gBAAgB,EAAE,mCAAmC;QACrD,yBAAyB,EAAE,uDAAuD;QAClF,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE,CAAC;KACZ,CAAC;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC;QAEtE,MAAM,MAAM,CAAC,eAAe,EAAE,CAAC;QAE/B,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACtE,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;QACrD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC;QAEtE,MAAM,MAAM,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;QAE/C,MAAM,IAAI,GAAG,IAAI,eAAe,CAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA2B,CAAC,CAAC,CAAC,CAAC,IAAc,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC;QAEtE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,eAAe,EAAE,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,MAAM,YAAY,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,GAAG,SAAS,EAAE,6BAA6B,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3G,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAE/D,MAAM,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3E,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhE,EAAE,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;QAC1E,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,iBAAiB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAEjE,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC;QACvB,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC;aACb,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,GAAG,CAAC,CAAC;aAC5E,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAEvD,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC;QACvB,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC;aACb,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;aAChE,qBAAqB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAEvD,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAC7B,MAAM,CAAC,CAAC;QACR,mCAAmC;QACnC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QAElF,uFAAuF;QACvF,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC;QACtE,MAAM,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAC7B,MAAM,SAAS,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,iBAAiB,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;QAEjE,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,EAAE,CAAC,iBAAiB,EAAE,CAAC;QAC7B,MAAM,CAAC,CAAC;QAER,MAAM,IAAI,GAAG,IAAI,eAAe,CAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA2B,CAAC,CAAC,CAAC,CAAC,IAAc,CAAC,CAAC;QAC9G,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACpF,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACrD,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,mCAAmC,EAAE,GAAG,EAAE;IACjD,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,wDAAwD,EAAE,KAAK,IAAI,EAAE;QACtE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAc,CAAC,CAAC;QAE9E,MAAM,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;QAElD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAC3E,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAc,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAc,CAAC,CAAC;QAE9E,MAAM,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;IACzF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAc,CAAC,CAAC;QAE/E,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9E,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;QAC3C,MAAM,CAAE,GAAsB,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAElD,MAAM,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;aACtD,OAAO,CAAC,cAAc,CAAC,kBAAkB,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;QACjE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC;QAEjE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QAEzD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC9C,MAAM,CAAE,IAAI,CAAC,OAAkC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QAEtF,MAAM,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,cAAc,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC9C,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,EAAE,KAAK,EAAE,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,EAAE,WAAW,EAAE,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;QACzG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC,CAAC;QAEnE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,CAAC;QAE9D,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QAC5C,MAAM,CAAE,IAAI,CAAC,OAAkC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAClG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,MAAM,IAAI,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QACjF,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAExD,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QAC5E,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;QAC1D,MAAM,CAAE,IAAI,CAAC,OAAkC,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC/F,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;IACxC,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,MAAM,KAAK,GAAG,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QAChE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QAE5D,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;QAEzC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACtE,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,YAAY,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAE9F,MAAM,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAEpC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAA0B,CAAC;QACtE,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QAChC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAyB,CAAC,CAAC;QAE5H,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/index.d.ts

@@ -6,7 +6,11 @@ export { IntrospectionClient } from "./introspect.js";
 export type { IntrospectionResult } from "./introspect.js";
 export { VerifiedToken } from "./token.js";
 export type { AccessTokenAuthorizationMode } from "./token.js";
-export { HearthError, ConfigurationError, DiscoveryError, JWKSFetchError, TokenVerificationError, TokenExpiredError, TokenNotYetValidError, TokenInvalidError, TokenIssuerError, TokenAudienceError, TokenClaimsError, IntrospectionError, MiddlewareError, AuthorizationModeError, AuthorizeError, RequiredActionError, AdminHttpError, } from "./errors.js";
+export { OAuthFlowsClient } from "./flows.js";
+export type { TokenResponse, DeviceAuthorizationResponse, UserInfoResponse, MePermissionsResponse, SvDeltaEntry, SvDeltaResponse, SvSnapshotResponse, ExchangeCodeOptions, } from "./flows.js";
+export { generatePkce } from "./pkce.js";
+export type { PkcePair } from "./pkce.js";
+export { HearthError, ConfigurationError, DiscoveryError, JWKSFetchError, TokenVerificationError, TokenExpiredError, TokenNotYetValidError, TokenInvalidError, TokenIssuerError, TokenAudienceError, TokenClaimsError, IntrospectionError, MiddlewareError, AuthorizationModeError, AuthorizeError, RequiredActionError, AdminHttpError, OAuthFlowError, } from "./errors.js";
 export { hearthMiddleware, hearthFastifyHook } from "./middleware.js";
 export type { MiddlewareOptions } from "./middleware.js";
 export { AuthorizeClient } from "./authorize.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAGlF,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAGzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,YAAY,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAG/D,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,cAAc,GACf,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACtE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGzD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGxE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAGlF,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGhD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAGzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,YAAY,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAG3D,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,YAAY,EAAE,4BAA4B,EAAE,MAAM,YAAY,CAAC;AAG/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,YAAY,EACV,aAAa,EACb,2BAA2B,EAC3B,gBAAgB,EAChB,qBAAqB,EACrB,YAAY,EACZ,eAAe,EACf,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,YAAY,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAG1C,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,cAAc,EACd,cAAc,GACf,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACtE,YAAY,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGzD,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGxE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,YAAY,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -7,8 +7,12 @@ export { JwksVerifier } from "./jwks.js";
 export { IntrospectionClient } from "./introspect.js";
 // §4 — Claims API
 export { VerifiedToken } from "./token.js";
+// §4.5 — OAuth flows (client credentials, device flow, magic-link, exchangeCode)
+export { OAuthFlowsClient } from "./flows.js";
+// §PKCE — RFC 7636 code verifier + challenge generation
+export { generatePkce } from "./pkce.js";
 // §5 — Error taxonomy
-export { HearthError, ConfigurationError, DiscoveryError, JWKSFetchError, TokenVerificationError, TokenExpiredError, TokenNotYetValidError, TokenInvalidError, TokenIssuerError, TokenAudienceError, TokenClaimsError, IntrospectionError, MiddlewareError, AuthorizationModeError, AuthorizeError, RequiredActionError, AdminHttpError, } from "./errors.js";
+export { HearthError, ConfigurationError, DiscoveryError, JWKSFetchError, TokenVerificationError, TokenExpiredError, TokenNotYetValidError, TokenInvalidError, TokenIssuerError, TokenAudienceError, TokenClaimsError, IntrospectionError, MiddlewareError, AuthorizationModeError, AuthorizeError, RequiredActionError, AdminHttpError, OAuthFlowError, } from "./errors.js";
 // §6 — Middleware
 export { hearthMiddleware, hearthFastifyHook } from "./middleware.js";
 // §7 — Decision client (POST /oauth/authorize)

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAElF,sCAAsC;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,0BAA0B;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,2BAA2B;AAC3B,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAGtD,kBAAkB;AAClB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,sBAAsB;AACtB,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,kBAAkB;AAClB,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGtE,+CAA+C;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGjD,kBAAkB;AAClB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAElF,sCAAsC;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,0BAA0B;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,2BAA2B;AAC3B,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AAGtD,kBAAkB;AAClB,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,iFAAiF;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAY9C,wDAAwD;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAGzC,sBAAsB;AACtB,OAAO,EACL,WAAW,EACX,kBAAkB,EAClB,cAAc,EACd,cAAc,EACd,sBAAsB,EACtB,iBAAiB,EACjB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,eAAe,EACf,sBAAsB,EACtB,cAAc,EACd,mBAAmB,EACnB,cAAc,EACd,cAAc,GACf,MAAM,aAAa,CAAC;AAErB,kBAAkB;AAClB,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGtE,+CAA+C;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGjD,kBAAkB;AAClB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC"}

package/dist/pkce.d.ts

@@ -0,0 +1,29 @@
+/** §PKCE — RFC 7636 S256 code verifier and challenge generation. */
+/** A PKCE code verifier and its derived SHA-256 challenge (RFC 7636). */
+export interface PkcePair {
+    /**
+     * Random high-entropy verifier (43 Base64url chars, 32-byte CSPRNG source, no padding).
+     * Send as `code_verifier` at the token exchange step. Keep secret until then.
+     */
+    verifier: string;
+    /**
+     * `BASE64URL(SHA256(verifier))` — send as `code_challenge` in the authorization request.
+     */
+    challenge: string;
+    /**
+     * Always `"S256"` — Hearth mandates S256 and rejects the `"plain"` method.
+     * Send as `code_challenge_method` in the authorization request.
+     */
+    method: "S256";
+}
+/**
+ * Generate a cryptographically random PKCE pair using the S256 method (RFC 7636).
+ *
+ * Usage:
+ * 1. `const pkce = generatePkce()`
+ * 2. Start auth request: include `pkce.challenge` and `pkce.method` as
+ *    `code_challenge` and `code_challenge_method` in the authorization URL.
+ * 3. Exchange code: pass `pkce.verifier` as `codeVerifier` to `exchangeCode()`.
+ */
+export declare function generatePkce(): PkcePair;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAIpE,yEAAyE;AACzE,MAAM,WAAW,QAAQ;IACvB;;;OAGG;IACH,QAAQ,EAAE,MAAM,CAAC;IACjB;;OAEG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,IAAI,QAAQ,CAKvC"}

package/dist/pkce.js

@@ -0,0 +1,18 @@
+/** §PKCE — RFC 7636 S256 code verifier and challenge generation. */
+import { createHash, randomBytes } from "node:crypto";
+/**
+ * Generate a cryptographically random PKCE pair using the S256 method (RFC 7636).
+ *
+ * Usage:
+ * 1. `const pkce = generatePkce()`
+ * 2. Start auth request: include `pkce.challenge` and `pkce.method` as
+ *    `code_challenge` and `code_challenge_method` in the authorization URL.
+ * 3. Exchange code: pass `pkce.verifier` as `codeVerifier` to `exchangeCode()`.
+ */
+export function generatePkce() {
+    // 32 random bytes → 43 Base64url chars (no padding), satisfying RFC 7636 §4.1 minimum.
+    const verifier = randomBytes(32).toString("base64url");
+    const challenge = createHash("sha256").update(verifier).digest("base64url");
+    return { verifier, challenge, method: "S256" };
+}
+//# sourceMappingURL=pkce.js.map

package/dist/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAEpE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAoBtD;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY;IAC1B,uFAAuF;IACvF,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5E,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;AACjD,CAAC"}

package/dist/pkce.test.d.ts

@@ -0,0 +1,3 @@
+/** §PKCE — generatePkce() tests (TDD — written before implementation). */
+export {};
+//# sourceMappingURL=pkce.test.d.ts.map

package/dist/pkce.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.test.d.ts","sourceRoot":"","sources":["../src/pkce.test.ts"],"names":[],"mappings":"AAAA,0EAA0E"}

package/dist/pkce.test.js

@@ -0,0 +1,46 @@
+/** §PKCE — generatePkce() tests (TDD — written before implementation). */
+import { describe, it, expect } from "vitest";
+import { createHash } from "node:crypto";
+import { generatePkce } from "./pkce.js";
+describe("generatePkce", () => {
+    it("returns a PkcePair with verifier, challenge, and method S256", () => {
+        const pair = generatePkce();
+        expect(typeof pair.verifier).toBe("string");
+        expect(typeof pair.challenge).toBe("string");
+        expect(pair.method).toBe("S256");
+    });
+    it("verifier is 43 Base64url characters (32 bytes, no padding)", () => {
+        const { verifier } = generatePkce();
+        expect(verifier).toHaveLength(43);
+    });
+    it("verifier contains only Base64url-safe characters", () => {
+        const { verifier } = generatePkce();
+        expect(verifier).toMatch(/^[A-Za-z0-9\-_]+$/);
+    });
+    it("verifier has no padding characters", () => {
+        const { verifier } = generatePkce();
+        expect(verifier).not.toContain("=");
+    });
+    it("challenge is BASE64URL(SHA256(verifier)) with no padding", () => {
+        const { verifier, challenge } = generatePkce();
+        const expected = createHash("sha256").update(verifier).digest("base64url");
+        expect(challenge).toBe(expected);
+        expect(challenge).not.toContain("=");
+    });
+    it("challenge is 43 Base64url characters (SHA-256 = 32 bytes → 43 chars)", () => {
+        const { challenge } = generatePkce();
+        expect(challenge).toHaveLength(43);
+    });
+    it("successive calls produce unique pairs (CSPRNG)", () => {
+        const p1 = generatePkce();
+        const p2 = generatePkce();
+        expect(p1.verifier).not.toBe(p2.verifier);
+        expect(p1.challenge).not.toBe(p2.challenge);
+    });
+    it("method is always 'S256'", () => {
+        for (let i = 0; i < 5; i++) {
+            expect(generatePkce().method).toBe("S256");
+        }
+    });
+});
+//# sourceMappingURL=pkce.test.js.map

package/dist/pkce.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.test.js","sourceRoot":"","sources":["../src/pkce.test.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAE1E,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,8DAA8D,EAAE,GAAG,EAAE;QACtE,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,MAAM,CAAC,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5C,MAAM,CAAC,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,MAAM,EAAE,QAAQ,EAAE,GAAG,YAAY,EAAE,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,EAAE,QAAQ,EAAE,GAAG,YAAY,EAAE,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,EAAE,QAAQ,EAAE,GAAG,YAAY,EAAE,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAClE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;QAC/C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAC3E,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAC;QACrC,MAAM,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,MAAM,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,YAAY,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hearth-auth/node",
-  "version": "1.0.19",
+  "version": "1.1.0",
   "description": "Hearth server-side Node.js SDK — JWKS verification, token introspection, Express/Fastify middleware",
   "repository": {
     "type": "git",