npm - @junobuild/auth - Versions diffs - 3.0.0 → 3.0.2 - Mend

@junobuild/auth 3.0.0 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/browser/authenticate.js +1 -1
package/dist/browser/{chunk-VL5VEK6Q.js → chunk-ADUDPJTU.js} +2 -2
package/dist/browser/{chunk-ZTS76UPF.js → chunk-OEAUBI3D.js} +2 -2
package/dist/browser/chunk-OEAUBI3D.js.map +7 -0
package/dist/browser/chunk-XEH4GOSK.js +2 -0
package/dist/browser/chunk-XEH4GOSK.js.map +7 -0
package/dist/browser/index.js +1 -1
package/dist/browser/request.js +1 -1
package/dist/node/index.mjs +1 -1
package/dist/node/index.mjs.map +2 -2
package/package.json +1 -1
package/dist/browser/chunk-Z5IIWCGH.js +0 -2
package/dist/browser/chunk-Z5IIWCGH.js.map +0 -7
package/dist/browser/chunk-ZTS76UPF.js.map +0 -7
/package/dist/browser/{chunk-VL5VEK6Q.js.map → chunk-ADUDPJTU.js.map} +0 -0

package/dist/browser/authenticate.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{a}from"./chunk-VL5VEK6Q.js";import"./chunk-FVWXAETP.js";import"./chunk-Z5IIWCGH.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as authenticate};
+import{a}from"./chunk-ADUDPJTU.js";import"./chunk-FVWXAETP.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as authenticate};
 //# sourceMappingURL=authenticate.js.map

package/dist/browser/{chunk-VL5VEK6Q.js → chunk-ADUDPJTU.js} RENAMED Viewed

@@ -1,2 +1,2 @@
-import{a}from"./chunk-FVWXAETP.js";import{b as w}from"./chunk-Z5IIWCGH.js";import{d as A}from"./chunk-TUWQPO6Z.js";import{c as d}from"./chunk-TFUQURYA.js";import{f as p,g as f,h as c}from"./chunk-YFE7TMHK.js";import{isEmptyString as P}from"@dfinity/utils";var l=async({auth:o,context:i,redirect:{finalizeUrl:t}})=>{let{location:{search:r}}=window,e=new URLSearchParams(r),n=e.get("code"),s=e.get("state"),h=await w({url:t,body:{code:n,state:s}});if("error"in h)throw h.error;let{success:{token:m}}=h;if(P(m))throw new c;return await a({jwt:m,auth:o,context:i})};import{isEmptyString as u}from"@dfinity/utils";var y=async({auth:o,context:i})=>{let{location:{hash:t}}=window;if(u(t)||!t.startsWith("#"))throw new p("No hash found in the current location URL");let r=new URLSearchParams(t.slice(1)),e=r.get("state"),n=r.get("id_token"),{state:s}=i;if(u(s)||e!==s)throw new f("The provided state is invalid",{cause:e});if(u(n))throw new c;return await a({jwt:n,auth:o,context:i})};var k=async o=>{let i=A();if("github"in o){let{github:{redirect:r,auth:e}}=o,{finalizeUrl:n}=d;return await l({redirect:r??{finalizeUrl:n},auth:e,context:i})}let{google:t}=o;if("credentials"in t){let{credentials:{jwt:r},auth:e}=t;return await a({jwt:r,context:i,auth:e})}return await y({...t,context:i})};export{k as a};
-//# sourceMappingURL=chunk-VL5VEK6Q.js.map
+import{a}from"./chunk-FVWXAETP.js";import{b as w}from"./chunk-XEH4GOSK.js";import{d as A}from"./chunk-TUWQPO6Z.js";import{c as d}from"./chunk-TFUQURYA.js";import{f as p,g as f,h as c}from"./chunk-YFE7TMHK.js";import{isEmptyString as P}from"@dfinity/utils";var l=async({auth:o,context:i,redirect:{finalizeUrl:t}})=>{let{location:{search:r}}=window,e=new URLSearchParams(r),n=e.get("code"),s=e.get("state"),h=await w({url:t,body:{code:n,state:s}});if("error"in h)throw h.error;let{success:{token:m}}=h;if(P(m))throw new c;return await a({jwt:m,auth:o,context:i})};import{isEmptyString as u}from"@dfinity/utils";var y=async({auth:o,context:i})=>{let{location:{hash:t}}=window;if(u(t)||!t.startsWith("#"))throw new p("No hash found in the current location URL");let r=new URLSearchParams(t.slice(1)),e=r.get("state"),n=r.get("id_token"),{state:s}=i;if(u(s)||e!==s)throw new f("The provided state is invalid",{cause:e});if(u(n))throw new c;return await a({jwt:n,auth:o,context:i})};var k=async o=>{let i=A();if("github"in o){let{github:{redirect:r,auth:e}}=o,{finalizeUrl:n}=d;return await l({redirect:r??{finalizeUrl:n},auth:e,context:i})}let{google:t}=o;if("credentials"in t){let{credentials:{jwt:r},auth:e}=t;return await a({jwt:r,context:i,auth:e})}return await y({...t,context:i})};export{k as a};
+//# sourceMappingURL=chunk-ADUDPJTU.js.map

package/dist/browser/{chunk-ZTS76UPF.js → chunk-OEAUBI3D.js} RENAMED Viewed

@@ -1,2 +1,2 @@
-import{a as R}from"./chunk-Z5IIWCGH.js";import{a as w,b as c,c as l}from"./chunk-TUWQPO6Z.js";import{b as m,c as d}from"./chunk-TFUQURYA.js";import{c as p,d as g}from"./chunk-YFE7TMHK.js";var h=({initUrl:r})=>async({nonce:o})=>{let i=c({url:r});i.searchParams.set("nonce",o);let s=await R({url:i.toString()});if("error"in s)throw s.error;let{success:{state:e}}=s;return e};var f=({authUrl:r,clientId:n,authScopes:o,state:i,redirectUrl:s})=>{let e=c({url:r});e.searchParams.set("client_id",n);let{location:{origin:a}}=window;e.searchParams.set("redirect_uri",s??a),e.searchParams.set("scope",o.join(" ")),e.searchParams.set("state",i),window.location.href=e.toString()};var q=()=>w(window.crypto.getRandomValues(new Uint8Array(12)));var P=async r=>q();import{isNullish as v,notEmptyString as x}from"@dfinity/utils";var y=({authUrl:r,clientId:n,nonce:o,loginHint:i,authScopes:s,state:e,redirectUrl:a})=>{let t=c({url:r});t.searchParams.set("client_id",n);let{location:{origin:u}}=window;t.searchParams.set("redirect_uri",a??u),t.searchParams.set("response_type","code id_token"),t.searchParams.set("scope",s.join(" ")),t.searchParams.set("state",e),t.searchParams.set("nonce",o),x(i)?t.searchParams.set("login_hint",i):t.searchParams.set("prompt","select_account"),window.location.href=t.toString()},G=async({configUrl:r,clientId:n,nonce:o,loginHint:i,domainHint:s})=>{let e=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:r,clientId:n,nonce:o,loginHint:i,domainHint:s}],mode:"active"},mediation:"required"});if(v(e))throw new p;let{type:a}=e;if(a!=="identity"||!("token"in e)||typeof e.token!="string")throw new g("Invalid credential received from FedCM API",{cause:e});let{token:t}=e;return{jwt:t}};async function Q(r){if("github"in r){let{github:a}=r,{redirect:t}=a,{initUrl:u,...J}=t,{authUrl:U,authScopes:b,initUrl:C}=d,S=await l({generateState:h({initUrl:u??C})});f({...J,...S,authUrl:U,authScopes:b});return}let n=await l({generateState:P}),{google:o}=r;if("credentials"in o){let{credentials:a}=o,{configUrl:t}=m;return await G({...a,...n,configUrl:t})}let{redirect:i}=o,{authUrl:s,authScopes:e}=m;y({...i,...n,authUrl:s,authScopes:e})}export{Q as a};
-//# sourceMappingURL=chunk-ZTS76UPF.js.map
+import{a as R}from"./chunk-XEH4GOSK.js";import{a as w,b as c,c as l}from"./chunk-TUWQPO6Z.js";import{b as m,c as d}from"./chunk-TFUQURYA.js";import{c as p,d as g}from"./chunk-YFE7TMHK.js";var h=({initUrl:r})=>async({nonce:o})=>{let i=c({url:r});i.searchParams.set("nonce",o);let s=await R({url:i.toString()});if("error"in s)throw s.error;let{success:{state:e}}=s;return e};var f=({authUrl:r,clientId:n,authScopes:o,state:i,redirectUrl:s})=>{let e=c({url:r});e.searchParams.set("client_id",n);let{location:{origin:a}}=window;e.searchParams.set("redirect_uri",s??a),e.searchParams.set("scope",o.join(" ")),e.searchParams.set("state",i),window.location.href=e.toString()};var q=()=>w(window.crypto.getRandomValues(new Uint8Array(12)));var P=async r=>q();import{isNullish as v,notEmptyString as x}from"@dfinity/utils";var y=({authUrl:r,clientId:n,nonce:o,loginHint:i,authScopes:s,state:e,redirectUrl:a})=>{let t=c({url:r});t.searchParams.set("client_id",n);let{location:{origin:u}}=window;t.searchParams.set("redirect_uri",a??u),t.searchParams.set("response_type","code id_token"),t.searchParams.set("scope",s.join(" ")),t.searchParams.set("state",e),t.searchParams.set("nonce",o),x(i)?t.searchParams.set("login_hint",i):t.searchParams.set("prompt","select_account"),window.location.href=t.toString()},G=async({configUrl:r,clientId:n,nonce:o,loginHint:i,domainHint:s})=>{let e=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:r,clientId:n,nonce:o,loginHint:i,domainHint:s}],mode:"active"},mediation:"required"});if(v(e))throw new p;let{type:a}=e;if(a!=="identity"||!("token"in e)||typeof e.token!="string")throw new g("Invalid credential received from FedCM API",{cause:e});let{token:t}=e;return{jwt:t}};async function Q(r){if("github"in r){let{github:a}=r,{redirect:t}=a,{initUrl:u,...J}=t,{authUrl:U,authScopes:b,initUrl:C}=d,S=await l({generateState:h({initUrl:u??C})});f({...J,...S,authUrl:U,authScopes:b});return}let n=await l({generateState:P}),{google:o}=r;if("credentials"in o){let{credentials:a}=o,{configUrl:t}=m;return await G({...a,...n,configUrl:t})}let{redirect:i}=o,{authUrl:s,authScopes:e}=m;y({...i,...n,authUrl:s,authScopes:e})}export{Q as a};
+//# sourceMappingURL=chunk-OEAUBI3D.js.map

package/dist/browser/chunk-OEAUBI3D.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts"],
+  "sourcesContent": ["import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n  const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n    const requestUrl = parseUrl({url: initUrl});\n    requestUrl.searchParams.set('nonce', nonce);\n\n    const result = await initOAuth({url: requestUrl.toString()});\n\n    if ('error' in result) {\n      throw result.error;\n    }\n\n    const {\n      success: {state}\n    } = result;\n\n    return state;\n  };\n\n  return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  // Note: GitHub Apps ignore this parameter and use permissions from app settings instead\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared by the proxy backend with the value it initiated.\n  requestUrl.searchParams.set('state', state);\n\n  window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n  toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n  generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n  FedCMIdentityCredentialInvalidError,\n  FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n *  References:\n *  - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n *  - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  nonce,\n  loginHint,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  // We do not request \"token\" because we use the ID token (JWT).\n  // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n  requestUrl.searchParams.set('response_type', 'code id_token');\n\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared with the session storage value.\n  requestUrl.searchParams.set('state', state);\n\n  // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n  // to the provider and make the request to the backend with its salt.\n  requestUrl.searchParams.set('nonce', nonce);\n\n  if (notEmptyString(loginHint)) {\n    requestUrl.searchParams.set('login_hint', loginHint);\n  } else {\n    requestUrl.searchParams.set('prompt', 'select_account');\n  }\n\n  window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n  configUrl: configURL,\n  clientId,\n  nonce,\n  loginHint,\n  domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n  const identityCredential = await navigator.credentials.get({\n    // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n    // @ts-ignore\n    identity: {\n      context: 'use',\n      providers: [\n        {\n          configURL,\n          clientId,\n          nonce,\n          loginHint,\n          domainHint\n        }\n      ],\n      mode: 'active'\n    },\n    // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n    mediation: 'required'\n  });\n\n  if (isNullish(identityCredential)) {\n    throw new FedCMIdentityCredentialUndefinedError();\n  }\n\n  const {type} = identityCredential;\n\n  if (\n    type !== 'identity' ||\n    !('token' in identityCredential) ||\n    typeof identityCredential.token !== 'string'\n  ) {\n    // This should be unreachable in FedCM spec-compliant browsers.\n    throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n      cause: identityCredential\n    });\n  }\n\n  const {token: jwt} = identityCredential;\n  return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n  requestGoogleJwtWithCredentials,\n  requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n  RequestGoogleJwtCredentialsParams,\n  RequestGoogleJwtParams,\n  RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n  google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n  args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n  args:\n    | {\n        google: RequestGoogleJwtParams;\n      }\n    | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n  if ('github' in args) {\n    const {github} = args;\n\n    const {redirect} = github;\n    const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n    const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n    const context = await initContext({\n      generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n    });\n\n    requestGitHubJwtWithRedirect({\n      ...restRedirect,\n      ...context,\n      authUrl,\n      authScopes\n    });\n    return;\n  }\n\n  const context = await initContext({generateState: generateGoogleState});\n\n  const {google} = args;\n\n  if ('credentials' in google) {\n    const {credentials} = google;\n    const {configUrl} = GOOGLE_PROVIDER;\n\n    return await requestGoogleJwtWithCredentials({\n      ...credentials,\n      ...context,\n      configUrl\n    });\n  }\n\n  const {redirect} = google;\n  const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n  requestGoogleJwtWithRedirect({\n    ...redirect,\n    ...context,\n    authUrl,\n    authScopes\n  });\n}\n"],
+  "mappings": "4LAKO,IAAMA,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAGrEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC5BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,EAAW,kBAAAC,MAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,EAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,EAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,EACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH",
+  "names": ["buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect"]
+}

package/dist/browser/chunk-XEH4GOSK.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import{k as e,l as s}from"./chunk-YFE7TMHK.js";var a=async({url:n})=>{try{let r=await fetch(n,{credentials:"include"});return r.ok?{success:await r.json()}:{error:new Error(`Failed to fetch ${n} (${r.status})`)}}catch(r){return{error:new e({cause:r})}}},c=async({url:n,body:r})=>{try{let t=await fetch(n,{method:"POST",credentials:"include",headers:{"Content-Type":"application/json"},body:JSON.stringify(r)});return t.ok?{success:await t.json()}:{error:new Error(`Failed to fetch ${n} (${t.status})`)}}catch(t){return{error:new s({cause:t})}}};export{a,c as b};
2	+ //# sourceMappingURL=chunk-XEH4GOSK.js.map

package/dist/browser/chunk-XEH4GOSK.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/providers/github/_api.ts"],
+  "sourcesContent": ["import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n  url\n}: {\n  url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      credentials: 'include'\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    const data: {state: string} = await result.json();\n    return {success: data};\n  } catch (error: unknown) {\n    return {error: new ApiGitHubInitError({cause: error})};\n  }\n};\n\nexport const finalizeOAuth = async ({\n  url,\n  body\n}: {\n  url: string;\n  body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      method: 'POST',\n      credentials: 'include',\n      headers: {'Content-Type': 'application/json'},\n      body: JSON.stringify(body)\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    const data: {token: string} = await result.json();\n    return {success: data};\n  } catch (error: unknown) {\n    return {error: new ApiGitHubFinalizeError({cause: error})};\n  }\n};\n"],
+  "mappings": "+CAEO,IAAMA,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF",
+  "names": ["initOAuth", "url", "result", "error", "ApiGitHubInitError", "finalizeOAuth", "body", "ApiGitHubFinalizeError"]
+}

package/dist/browser/index.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{a as d}from"./chunk-VL5VEK6Q.js";import"./chunk-FVWXAETP.js";import{a as g}from"./chunk-ZTS76UPF.js";import"./chunk-Z5IIWCGH.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import{a as r,b as o,c as p,d as s,e as i,f as n,g as y,h as u,i as m,j as a,k as f,l as x}from"./chunk-YFE7TMHK.js";var v=()=>{let{userAgent:e}=navigator;return/SamsungBrowser/i.test(e)?!1:"IdentityCredential"in window};export{x as ApiGitHubFinalizeError,f as ApiGitHubInitError,i as AuthenticationError,y as AuthenticationInvalidStateError,u as AuthenticationUndefinedJwtError,n as AuthenticationUrlHashError,o as ContextUndefinedError,s as FedCMIdentityCredentialInvalidError,p as FedCMIdentityCredentialUndefinedError,m as GetDelegationError,a as GetDelegationRetryError,r as InvalidUrlError,d as authenticate,v as isFedCMSupported,g as requestJwt};
+import{a as d}from"./chunk-ADUDPJTU.js";import"./chunk-FVWXAETP.js";import{a as g}from"./chunk-OEAUBI3D.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import{a as r,b as o,c as p,d as s,e as i,f as n,g as y,h as u,i as m,j as a,k as f,l as x}from"./chunk-YFE7TMHK.js";var v=()=>{let{userAgent:e}=navigator;return/SamsungBrowser/i.test(e)?!1:"IdentityCredential"in window};export{x as ApiGitHubFinalizeError,f as ApiGitHubInitError,i as AuthenticationError,y as AuthenticationInvalidStateError,u as AuthenticationUndefinedJwtError,n as AuthenticationUrlHashError,o as ContextUndefinedError,s as FedCMIdentityCredentialInvalidError,p as FedCMIdentityCredentialUndefinedError,m as GetDelegationError,a as GetDelegationRetryError,r as InvalidUrlError,d as authenticate,v as isFedCMSupported,g as requestJwt};
 //# sourceMappingURL=index.js.map

package/dist/browser/request.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import{a}from"./chunk-ZTS76UPF.js";import"./chunk-Z5IIWCGH.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as requestJwt};
+import{a}from"./chunk-OEAUBI3D.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as requestJwt};
 //# sourceMappingURL=request.js.map

package/dist/node/index.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
 import { createRequire as topLevelCreateRequire } from 'module';
  const require = topLevelCreateRequire(import.meta.url);
-var U="juno:auth:openid",_={authUrl:"https://accounts.google.com/o/oauth2/v2/auth",authScopes:["openid","profile","email"],configUrl:"https://accounts.google.com/gsi/fedcm.json"},g={authUrl:"https://github.com/login/oauth/authorize",authScopes:["read:user","user:email"],initUrl:"https://api.juno.build/v1/auth/init/github",finalizeUrl:"https://api.juno.build/v1/auth/finalize/github"};import{isNullish as pt}from"@dfinity/utils";import{Ed25519KeyIdentity as ut}from"@icp-sdk/core/identity";var h=class extends Error{},y=class extends Error{},f=class extends Error{},w=class extends Error{},x=class extends Error{},A=class extends Error{},P=class extends Error{},m=class extends Error{},S=class extends Error{},R=class extends Error{},O=class extends Error{constructor(e){super("GitHub OAuth initialization failed",e)}},C=class extends Error{constructor(e){super("GitHub OAuth finalization failed",e)}};import{arrayBufferToUint8Array as ot}from"@dfinity/utils";import{uint8ArrayToBase64 as rt}from"@dfinity/utils";var E=t=>rt(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""),l=({url:t})=>{try{return new URL(t)}catch{throw new h("Cannot parse authURL",{cause:t})}};var nt=()=>window.crypto.getRandomValues(new Uint8Array(32)),it=async({salt:t,caller:e})=>{let r=e.getPrincipal().toUint8Array(),o=new Uint8Array(t.length+r.byteLength);o.set(t),o.set(r,t.length);let n=await window.crypto.subtle.digest("SHA-256",o);return E(ot(n))},T=async({caller:t})=>{let e=nt();return{nonce:await it({salt:e,caller:t}),salt:e}};import{base64ToUint8Array as st,uint8ArrayToBase64 as at}from"@dfinity/utils";import{Ed25519KeyIdentity as ct}from"@icp-sdk/core/identity";var v="__caller__",N="__salt__",k="__state__",K=({caller:t,state:e,salt:r})=>{let o={[v]:t.toJSON(),[N]:at(r),[k]:e};return JSON.stringify(o)},H=t=>{let{[v]:e,[N]:r,[k]:o}=JSON.parse(t);return{caller:ct.fromParsedJson(e),salt:st(r),state:o}};var J=async({generateState:t})=>{let e=ut.generate(),{nonce:r,salt:o}=await T({caller:e}),n=await t({nonce:r}),i=K({caller:e,salt:o,state:n});return sessionStorage.setItem(U,i),{nonce:r,state:n}},L=()=>{let t=sessionStorage.getItem(U);if(pt(t))throw new y;return H(t)};import{fromNullable as ht}from"@dfinity/utils";import{Delegation as yt,ECDSAKeyIdentity as ft}from"@icp-sdk/core/identity";import{getConsoleActor as mt,getSatelliteActor as lt}from"@junobuild/ic-client/actor";var D=({auth:t,identity:e})=>"satellite"in t?lt({...t.satellite,identity:e}):mt({...t.console,identity:e});var W=async({actorParams:t,args:e})=>{let{authenticate:r}=await D(t);return await r(e)},j=async({actorParams:t,args:e})=>{let{get_delegation:r}=await D(t);return await r(e)};import{DelegationChain as dt,DelegationIdentity as gt}from"@icp-sdk/core/identity";var B=({delegations:t,sessionKey:e})=>{let[r,o]=t,n=dt.fromDelegations(o,Uint8Array.from(r));return{identity:gt.fromDelegation(e,n),delegationChain:n,sessionKey:e}};var d=async({jwt:t,context:e,auth:r})=>{let o=await ft.generate({extractable:!1}),n=new Uint8Array(o.getPublicKey().toDer()),{delegations:i,data:a}=await wt({jwt:t,publicKey:n,context:e,auth:r});return{identity:B({sessionKey:o,delegations:i}),data:a}},wt=async({jwt:t,publicKey:e,context:{caller:r,salt:o},auth:n})=>{let i=await W({args:{OpenId:{jwt:t,session_key:e,salt:o}},actorParams:{auth:n,identity:r}});if("Err"in i)throw new x("Authentication failed",{cause:i});let{delegation:{user_key:a,expiration:s},...c}=i.Ok,p=await xt({jwt:t,context:{caller:r,salt:o},auth:n,publicKey:e,expiration:s}),{delegation:u,signature:b}=p,{pubkey:G,expiration:I,targets:et}=u;return{delegations:[a,[{delegation:new yt(Uint8Array.from(G),I,ht(et)),signature:Uint8Array.from(b)}]],data:c}},xt=async({jwt:t,publicKey:e,context:{salt:r,caller:o},auth:n,expiration:i,maxRetries:a=5})=>{for(let s=0;s<a;s++){await new Promise(u=>{setInterval(u,1e3*s)});let p=await j({args:{OpenId:{jwt:t,session_key:e,salt:r,expiration:i}},actorParams:{auth:n,identity:o}});if("Err"in p){let{Err:u}=p;if("NoSuchDelegation"in u||"GetCachedJwks"in u)continue;throw new S("Getting delegation failed",{cause:p})}return p.Ok}throw new R};import{isEmptyString as At}from"@dfinity/utils";var z=async({url:t})=>{try{let e=await fetch(t,{credentials:"include"});return e.ok?await e.json():{error:new Error(`Failed to fetch ${t} (${e.status})`)}}catch(e){return{error:new O({cause:e})}}},Y=async({url:t,body:e})=>{try{let r=await fetch(t,{method:"POST",credentials:"include",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return r.ok?await r.json():{error:new Error(`Failed to fetch ${t} (${r.status})`)}}catch(r){return{error:new C({cause:r})}}};var V=async({auth:t,context:e,redirect:{finalizeUrl:r}})=>{let{location:{search:o}}=window,n=new URLSearchParams(o),i=n.get("code"),a=n.get("state"),s=await Y({url:r,body:{code:i,state:a}});if("error"in s)throw s.error;let{success:{token:c}}=s;if(At(c))throw new m;return await d({jwt:c,auth:t,context:e})};import{isEmptyString as q}from"@dfinity/utils";var $=async({auth:t,context:e})=>{let{location:{hash:r}}=window;if(q(r)||!r.startsWith("#"))throw new A("No hash found in the current location URL");let o=new URLSearchParams(r.slice(1)),n=o.get("state"),i=o.get("id_token"),{state:a}=e;if(q(a)||n!==a)throw new P("The provided state is invalid",{cause:n});if(q(i))throw new m;return await d({jwt:i,auth:t,context:e})};var ye=async t=>{let e=L();if("github"in t){let{github:{redirect:o,auth:n}}=t,{finalizeUrl:i}=g;return await V({redirect:o??{finalizeUrl:i},auth:n,context:e})}let{google:r}=t;if("credentials"in r){let{credentials:{jwt:o},auth:n}=r;return await d({jwt:o,context:e,auth:n})}return await $({...r,context:e})};var F=({initUrl:t})=>async({nonce:r})=>{let o=l({url:t});o.searchParams.set("nonce",r);let n=await z({url:o.toString()});if("error"in n)throw n.error;let{success:{state:i}}=n;return i};var M=({authUrl:t,clientId:e,authScopes:r,state:o,redirectUrl:n})=>{let i=l({url:t});i.searchParams.set("client_id",e);let{location:{origin:a}}=window;i.searchParams.set("redirect_uri",n??a),i.searchParams.set("scope",r.join(" ")),i.searchParams.set("state",o),window.location.href=i.toString()};var X=()=>E(window.crypto.getRandomValues(new Uint8Array(12)));var Q=async t=>X();import{isNullish as Pt,notEmptyString as St}from"@dfinity/utils";var Z=({authUrl:t,clientId:e,nonce:r,loginHint:o,authScopes:n,state:i,redirectUrl:a})=>{let s=l({url:t});s.searchParams.set("client_id",e);let{location:{origin:c}}=window;s.searchParams.set("redirect_uri",a??c),s.searchParams.set("response_type","code id_token"),s.searchParams.set("scope",n.join(" ")),s.searchParams.set("state",i),s.searchParams.set("nonce",r),St(o)?s.searchParams.set("login_hint",o):s.searchParams.set("prompt","select_account"),window.location.href=s.toString()},tt=async({configUrl:t,clientId:e,nonce:r,loginHint:o,domainHint:n})=>{let i=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:t,clientId:e,nonce:r,loginHint:o,domainHint:n}],mode:"active"},mediation:"required"});if(Pt(i))throw new f;let{type:a}=i;if(a!=="identity"||!("token"in i)||typeof i.token!="string")throw new w("Invalid credential received from FedCM API",{cause:i});let{token:s}=i;return{jwt:s}};async function Ne(t){if("github"in t){let{github:a}=t,{redirect:s}=a,{initUrl:c,...p}=s,{authUrl:u,authScopes:b,initUrl:G}=g,I=await J({generateState:F({initUrl:c??G})});M({...p,...I,authUrl:u,authScopes:b});return}let e=await J({generateState:Q}),{google:r}=t;if("credentials"in r){let{credentials:a}=r,{configUrl:s}=_;return await tt({...a,...e,configUrl:s})}let{redirect:o}=r,{authUrl:n,authScopes:i}=_;Z({...o,...e,authUrl:n,authScopes:i})}var Ke=()=>{let{userAgent:t}=navigator;return/SamsungBrowser/i.test(t)?!1:"IdentityCredential"in window};export{C as ApiGitHubFinalizeError,O as ApiGitHubInitError,x as AuthenticationError,P as AuthenticationInvalidStateError,m as AuthenticationUndefinedJwtError,A as AuthenticationUrlHashError,y as ContextUndefinedError,w as FedCMIdentityCredentialInvalidError,f as FedCMIdentityCredentialUndefinedError,S as GetDelegationError,R as GetDelegationRetryError,h as InvalidUrlError,ye as authenticate,Ke as isFedCMSupported,Ne as requestJwt};
+var U="juno:auth:openid",_={authUrl:"https://accounts.google.com/o/oauth2/v2/auth",authScopes:["openid","profile","email"],configUrl:"https://accounts.google.com/gsi/fedcm.json"},g={authUrl:"https://github.com/login/oauth/authorize",authScopes:["read:user","user:email"],initUrl:"https://api.juno.build/v1/auth/init/github",finalizeUrl:"https://api.juno.build/v1/auth/finalize/github"};import{isNullish as pt}from"@dfinity/utils";import{Ed25519KeyIdentity as ut}from"@icp-sdk/core/identity";var h=class extends Error{},y=class extends Error{},f=class extends Error{},w=class extends Error{},x=class extends Error{},A=class extends Error{},P=class extends Error{},m=class extends Error{},S=class extends Error{},R=class extends Error{},O=class extends Error{constructor(e){super("GitHub OAuth initialization failed",e)}},C=class extends Error{constructor(e){super("GitHub OAuth finalization failed",e)}};import{arrayBufferToUint8Array as ot}from"@dfinity/utils";import{uint8ArrayToBase64 as rt}from"@dfinity/utils";var E=t=>rt(t).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""),d=({url:t})=>{try{return new URL(t)}catch{throw new h("Cannot parse authURL",{cause:t})}};var nt=()=>window.crypto.getRandomValues(new Uint8Array(32)),it=async({salt:t,caller:e})=>{let r=e.getPrincipal().toUint8Array(),o=new Uint8Array(t.length+r.byteLength);o.set(t),o.set(r,t.length);let n=await window.crypto.subtle.digest("SHA-256",o);return E(ot(n))},T=async({caller:t})=>{let e=nt();return{nonce:await it({salt:e,caller:t}),salt:e}};import{base64ToUint8Array as st,uint8ArrayToBase64 as at}from"@dfinity/utils";import{Ed25519KeyIdentity as ct}from"@icp-sdk/core/identity";var v="__caller__",k="__salt__",N="__state__",K=({caller:t,state:e,salt:r})=>{let o={[v]:t.toJSON(),[k]:at(r),[N]:e};return JSON.stringify(o)},H=t=>{let{[v]:e,[k]:r,[N]:o}=JSON.parse(t);return{caller:ct.fromParsedJson(e),salt:st(r),state:o}};var J=async({generateState:t})=>{let e=ut.generate(),{nonce:r,salt:o}=await T({caller:e}),n=await t({nonce:r}),i=K({caller:e,salt:o,state:n});return sessionStorage.setItem(U,i),{nonce:r,state:n}},L=()=>{let t=sessionStorage.getItem(U);if(pt(t))throw new y;return H(t)};import{fromNullable as ht}from"@dfinity/utils";import{Delegation as yt,ECDSAKeyIdentity as ft}from"@icp-sdk/core/identity";import{getConsoleActor as mt,getSatelliteActor as dt}from"@junobuild/ic-client/actor";var D=({auth:t,identity:e})=>"satellite"in t?dt({...t.satellite,identity:e}):mt({...t.console,identity:e});var W=async({actorParams:t,args:e})=>{let{authenticate:r}=await D(t);return await r(e)},j=async({actorParams:t,args:e})=>{let{get_delegation:r}=await D(t);return await r(e)};import{DelegationChain as lt,DelegationIdentity as gt}from"@icp-sdk/core/identity";var B=({delegations:t,sessionKey:e})=>{let[r,o]=t,n=lt.fromDelegations(o,Uint8Array.from(r));return{identity:gt.fromDelegation(e,n),delegationChain:n,sessionKey:e}};var l=async({jwt:t,context:e,auth:r})=>{let o=await ft.generate({extractable:!1}),n=new Uint8Array(o.getPublicKey().toDer()),{delegations:i,data:a}=await wt({jwt:t,publicKey:n,context:e,auth:r});return{identity:B({sessionKey:o,delegations:i}),data:a}},wt=async({jwt:t,publicKey:e,context:{caller:r,salt:o},auth:n})=>{let i=await W({args:{OpenId:{jwt:t,session_key:e,salt:o}},actorParams:{auth:n,identity:r}});if("Err"in i)throw new x("Authentication failed",{cause:i});let{delegation:{user_key:a,expiration:s},...c}=i.Ok,p=await xt({jwt:t,context:{caller:r,salt:o},auth:n,publicKey:e,expiration:s}),{delegation:u,signature:b}=p,{pubkey:G,expiration:I,targets:et}=u;return{delegations:[a,[{delegation:new yt(Uint8Array.from(G),I,ht(et)),signature:Uint8Array.from(b)}]],data:c}},xt=async({jwt:t,publicKey:e,context:{salt:r,caller:o},auth:n,expiration:i,maxRetries:a=5})=>{for(let s=0;s<a;s++){await new Promise(u=>{setInterval(u,1e3*s)});let p=await j({args:{OpenId:{jwt:t,session_key:e,salt:r,expiration:i}},actorParams:{auth:n,identity:o}});if("Err"in p){let{Err:u}=p;if("NoSuchDelegation"in u||"GetCachedJwks"in u)continue;throw new S("Getting delegation failed",{cause:p})}return p.Ok}throw new R};import{isEmptyString as At}from"@dfinity/utils";var z=async({url:t})=>{try{let e=await fetch(t,{credentials:"include"});return e.ok?{success:await e.json()}:{error:new Error(`Failed to fetch ${t} (${e.status})`)}}catch(e){return{error:new O({cause:e})}}},Y=async({url:t,body:e})=>{try{let r=await fetch(t,{method:"POST",credentials:"include",headers:{"Content-Type":"application/json"},body:JSON.stringify(e)});return r.ok?{success:await r.json()}:{error:new Error(`Failed to fetch ${t} (${r.status})`)}}catch(r){return{error:new C({cause:r})}}};var V=async({auth:t,context:e,redirect:{finalizeUrl:r}})=>{let{location:{search:o}}=window,n=new URLSearchParams(o),i=n.get("code"),a=n.get("state"),s=await Y({url:r,body:{code:i,state:a}});if("error"in s)throw s.error;let{success:{token:c}}=s;if(At(c))throw new m;return await l({jwt:c,auth:t,context:e})};import{isEmptyString as q}from"@dfinity/utils";var $=async({auth:t,context:e})=>{let{location:{hash:r}}=window;if(q(r)||!r.startsWith("#"))throw new A("No hash found in the current location URL");let o=new URLSearchParams(r.slice(1)),n=o.get("state"),i=o.get("id_token"),{state:a}=e;if(q(a)||n!==a)throw new P("The provided state is invalid",{cause:n});if(q(i))throw new m;return await l({jwt:i,auth:t,context:e})};var ye=async t=>{let e=L();if("github"in t){let{github:{redirect:o,auth:n}}=t,{finalizeUrl:i}=g;return await V({redirect:o??{finalizeUrl:i},auth:n,context:e})}let{google:r}=t;if("credentials"in r){let{credentials:{jwt:o},auth:n}=r;return await l({jwt:o,context:e,auth:n})}return await $({...r,context:e})};var F=({initUrl:t})=>async({nonce:r})=>{let o=d({url:t});o.searchParams.set("nonce",r);let n=await z({url:o.toString()});if("error"in n)throw n.error;let{success:{state:i}}=n;return i};var M=({authUrl:t,clientId:e,authScopes:r,state:o,redirectUrl:n})=>{let i=d({url:t});i.searchParams.set("client_id",e);let{location:{origin:a}}=window;i.searchParams.set("redirect_uri",n??a),i.searchParams.set("scope",r.join(" ")),i.searchParams.set("state",o),window.location.href=i.toString()};var X=()=>E(window.crypto.getRandomValues(new Uint8Array(12)));var Q=async t=>X();import{isNullish as Pt,notEmptyString as St}from"@dfinity/utils";var Z=({authUrl:t,clientId:e,nonce:r,loginHint:o,authScopes:n,state:i,redirectUrl:a})=>{let s=d({url:t});s.searchParams.set("client_id",e);let{location:{origin:c}}=window;s.searchParams.set("redirect_uri",a??c),s.searchParams.set("response_type","code id_token"),s.searchParams.set("scope",n.join(" ")),s.searchParams.set("state",i),s.searchParams.set("nonce",r),St(o)?s.searchParams.set("login_hint",o):s.searchParams.set("prompt","select_account"),window.location.href=s.toString()},tt=async({configUrl:t,clientId:e,nonce:r,loginHint:o,domainHint:n})=>{let i=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:t,clientId:e,nonce:r,loginHint:o,domainHint:n}],mode:"active"},mediation:"required"});if(Pt(i))throw new f;let{type:a}=i;if(a!=="identity"||!("token"in i)||typeof i.token!="string")throw new w("Invalid credential received from FedCM API",{cause:i});let{token:s}=i;return{jwt:s}};async function ke(t){if("github"in t){let{github:a}=t,{redirect:s}=a,{initUrl:c,...p}=s,{authUrl:u,authScopes:b,initUrl:G}=g,I=await J({generateState:F({initUrl:c??G})});M({...p,...I,authUrl:u,authScopes:b});return}let e=await J({generateState:Q}),{google:r}=t;if("credentials"in r){let{credentials:a}=r,{configUrl:s}=_;return await tt({...a,...e,configUrl:s})}let{redirect:o}=r,{authUrl:n,authScopes:i}=_;Z({...o,...e,authUrl:n,authScopes:i})}var Ke=()=>{let{userAgent:t}=navigator;return/SamsungBrowser/i.test(t)?!1:"IdentityCredential"in window};export{C as ApiGitHubFinalizeError,O as ApiGitHubInitError,x as AuthenticationError,P as AuthenticationInvalidStateError,m as AuthenticationUndefinedJwtError,A as AuthenticationUrlHashError,y as ContextUndefinedError,w as FedCMIdentityCredentialInvalidError,f as FedCMIdentityCredentialUndefinedError,S as GetDelegationError,R as GetDelegationRetryError,h as InvalidUrlError,ye as authenticate,Ke as isFedCMSupported,ke as requestJwt};
 //# sourceMappingURL=index.mjs.map

package/dist/node/index.mjs.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../src/_constants.ts", "../../src/_context.ts", "../../src/errors.ts", "../../src/utils/auth.utils.ts", "../../src/utils/url.utils.ts", "../../src/utils/session-storage.utils.ts", "../../src/_session.ts", "../../src/api/_actor.api.ts", "../../src/api/auth.api.ts", "../../src/utils/session.utils.ts", "../../src/providers/github/authenticate.ts", "../../src/providers/github/_api.ts", "../../src/providers/google/authenticate.ts", "../../src/authenticate.ts", "../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts", "../../src/utils/openid.utils.ts"],
-  "sourcesContent": ["import type {OpenIdGitHubProvider} from './providers/github/types/provider';\nimport type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n  authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n  authScopes: ['openid', 'profile', 'email'],\n  configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n\nexport const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'> = {\n  authUrl: 'https://github.com/login/oauth/authorize',\n  authScopes: ['read:user', 'user:email'],\n  initUrl: 'https://api.juno.build/v1/auth/init/github',\n  finalizeUrl: 'https://api.juno.build/v1/auth/finalize/github'\n};\n", "import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\n\nexport const initContext = async ({\n  generateState\n}: {\n  generateState: (params: {nonce: Nonce}) => Promise<string>;\n}): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n  const caller = Ed25519KeyIdentity.generate();\n  const {nonce, salt} = await generateNonce({caller});\n\n  const state = await generateState({nonce});\n\n  const storedData = stringifyContext({\n    caller,\n    salt,\n    state\n  });\n\n  sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n  return {\n    nonce,\n    state\n  };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n  const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n  if (isNullish(storedContext)) {\n    throw new ContextUndefinedError();\n  }\n\n  return parseContext(storedContext);\n};\n", "export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n\nexport class ApiGitHubInitError extends Error {\n  constructor(options?: ErrorOptions) {\n    super('GitHub OAuth initialization failed', options);\n  }\n}\n\nexport class ApiGitHubFinalizeError extends Error {\n  constructor(options?: ErrorOptions) {\n    super('GitHub OAuth finalization failed', options);\n  }\n}\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n  const principal = caller.getPrincipal().toUint8Array();\n\n  const bytes = new Uint8Array(salt.length + principal.byteLength);\n  bytes.set(salt);\n  bytes.set(principal, salt.length);\n\n  const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n  return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n  caller\n}: {\n  caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n  const salt = generateSalt();\n  const nonce = await buildNonce({salt, caller});\n\n  return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {InvalidUrlError} from '../errors';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n  uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\nexport const parseUrl = ({url}: {url: string}): URL => {\n  try {\n    // Use the URL constructor, for backwards compatibility with older Android/WebView.\n    return new URL(url);\n  } catch (_error: unknown) {\n    throw new InvalidUrlError('Cannot parse authURL', {cause: url});\n  }\n};\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n  [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n  [JSON_KEY_SALT]: string;\n  [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n  const data: StoredContext = {\n    [JSON_KEY_CALLER]: caller.toJSON(),\n    [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n    [JSON_KEY_STATE]: state\n  };\n\n  return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n  const {\n    [JSON_KEY_CALLER]: jsonCaller,\n    [JSON_KEY_SALT]: jsonSalt,\n    [JSON_KEY_STATE]: state\n  }: StoredContext = JSON.parse(jsonData);\n\n  return {\n    caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n    salt: base64ToUint8Array(jsonSalt),\n    state\n  };\n};\n", "import {fromNullable} from '@dfinity/utils';\nimport type {Signature} from '@icp-sdk/core/agent';\nimport {Delegation, ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport {authenticate as authenticateApi, getDelegation as getDelegationApi} from './api/auth.api';\nimport {AuthenticationError, GetDelegationError, GetDelegationRetryError} from './errors';\nimport type {AuthenticationData, GetDelegationArgs, SignedDelegation} from './types/actor';\nimport type {AuthenticatedSession, AuthParameters} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Delegations} from './types/session';\nimport {generateIdentity} from './utils/session.utils';\n\ninterface AuthContext {\n  context: Omit<OpenIdAuthContext, 'state'>;\n  auth: AuthParameters;\n}\ntype AuthenticationArgs = {jwt: string} & AuthContext;\n\nexport const authenticateSession = async <T extends AuthParameters>({\n  jwt,\n  context,\n  auth\n}: AuthenticationArgs): Promise<AuthenticatedSession<T>> => {\n  const sessionKey = await ECDSAKeyIdentity.generate({extractable: false});\n\n  const publicKey = new Uint8Array(sessionKey.getPublicKey().toDer());\n\n  const {delegations, data} = await authenticate<T>({\n    jwt,\n    publicKey,\n    context,\n    auth\n  });\n\n  const identity = generateIdentity({\n    sessionKey,\n    delegations\n  });\n\n  return {identity, data};\n};\n\nconst authenticate = async <T extends AuthParameters>({\n  jwt,\n  publicKey,\n  context: {caller, salt},\n  auth\n}: {\n  publicKey: Uint8Array;\n} & AuthenticationArgs): Promise<{delegations: Delegations; data: AuthenticationData<T>}> => {\n  const result = await authenticateApi({\n    args: {\n      OpenId: {\n        jwt,\n        session_key: publicKey,\n        salt\n      }\n    },\n    actorParams: {\n      auth,\n      identity: caller\n    }\n  });\n\n  if ('Err' in result) {\n    throw new AuthenticationError('Authentication failed', {cause: result});\n  }\n\n  const {\n    delegation: {user_key: userKey, expiration},\n    ...rest\n  } = result.Ok;\n\n  const signedDelegation = await retryGetDelegation({\n    jwt,\n    context: {caller, salt},\n    auth,\n    publicKey,\n    expiration\n  });\n\n  const {delegation, signature} = signedDelegation;\n  const {pubkey, expiration: signedExpiration, targets} = delegation;\n\n  const delegations: Delegations = [\n    userKey,\n    [\n      {\n        delegation: new Delegation(\n          Uint8Array.from(pubkey),\n          signedExpiration,\n          fromNullable(targets)\n        ),\n        signature: Uint8Array.from(signature) as unknown as Signature\n      }\n    ]\n  ];\n\n  return {delegations, data: rest as AuthenticationData<T>};\n};\n\nconst retryGetDelegation = async ({\n  jwt,\n  publicKey,\n  context: {salt, caller},\n  auth,\n  expiration,\n  maxRetries = 5\n}: {\n  publicKey: Uint8Array;\n  expiration: bigint;\n  maxRetries?: number;\n} & AuthenticationArgs): Promise<SignedDelegation> => {\n  for (let i = 0; i < maxRetries; i++) {\n    // Linear backoff\n    await new Promise((resolve) => {\n      setInterval(resolve, 1000 * i);\n    });\n\n    const args: GetDelegationArgs = {\n      OpenId: {\n        jwt,\n        session_key: publicKey,\n        salt,\n        expiration\n      }\n    };\n\n    const result = await getDelegationApi({\n      args,\n      actorParams: {\n        auth,\n        identity: caller\n      }\n    });\n\n    if ('Err' in result) {\n      const {Err} = result;\n\n      if ('NoSuchDelegation' in Err) {\n        // eslint-disable-next-line no-continue\n        continue;\n      }\n\n      if ('GetCachedJwks' in Err) {\n        // eslint-disable-next-line no-continue\n        continue;\n      }\n\n      throw new GetDelegationError('Getting delegation failed', {cause: result});\n    }\n\n    return result.Ok;\n  }\n\n  throw new GetDelegationRetryError();\n};\n", "import {\n  type ConsoleActor,\n  type SatelliteActor,\n  getConsoleActor,\n  getSatelliteActor\n} from '@junobuild/ic-client/actor';\nimport type {ActorParameters} from '../types/actor';\n\nexport const getAuthActor = ({\n  auth,\n  identity\n}: ActorParameters): Promise<ConsoleActor | SatelliteActor> =>\n  'satellite' in auth\n    ? getSatelliteActor({...auth.satellite, identity})\n    : getConsoleActor({...auth.console, identity});\n", "import type {\n  ActorParameters,\n  AuthenticationArgs,\n  AuthenticationResult,\n  GetDelegationArgs,\n  GetDelegationResult\n} from '../types/actor';\nimport {getAuthActor} from './_actor.api';\n\nexport const authenticate = async ({\n  actorParams,\n  args\n}: {\n  args: AuthenticationArgs;\n  actorParams: ActorParameters;\n}): Promise<AuthenticationResult> => {\n  const {authenticate} = await getAuthActor(actorParams);\n  return await authenticate(args);\n};\n\nexport const getDelegation = async ({\n  actorParams,\n  args\n}: {\n  args: GetDelegationArgs;\n  actorParams: ActorParameters;\n}): Promise<GetDelegationResult> => {\n  const {get_delegation} = await getAuthActor(actorParams);\n  return await get_delegation(args);\n};\n", "import {DelegationChain, DelegationIdentity, type ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport type {AuthenticatedIdentity} from '../types/authenticate';\nimport type {Delegations} from '../types/session';\n\nexport const generateIdentity = ({\n  delegations,\n  sessionKey\n}: {\n  delegations: Delegations;\n  sessionKey: ECDSAKeyIdentity;\n}): AuthenticatedIdentity => {\n  const [userKey, signedDelegations] = delegations;\n\n  const delegationChain = DelegationChain.fromDelegations(\n    signedDelegations,\n    Uint8Array.from(userKey)\n  );\n\n  const identity = DelegationIdentity.fromDelegation(sessionKey, delegationChain);\n\n  return {identity, delegationChain, sessionKey};\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {AuthenticationUndefinedJwtError} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\nimport {finalizeOAuth} from './_api';\nimport type {AuthenticationGitHubRedirect} from './types/authenticate';\n\nexport const authenticateGitHubWithRedirect = async <T extends AuthParameters>({\n  auth,\n  context,\n  redirect: {finalizeUrl}\n}: {\n  auth: AuthParameters;\n  context: Omit<OpenIdAuthContext, 'state'>;\n  redirect: AuthenticationGitHubRedirect;\n}): Promise<AuthenticatedSession<T>> => {\n  const {\n    location: {search}\n  } = window;\n\n  const urlParams = new URLSearchParams(search);\n  const code = urlParams.get('code');\n  const state = urlParams.get('state');\n\n  const result = await finalizeOAuth({\n    url: finalizeUrl,\n    body: {code, state}\n  });\n\n  if ('error' in result) {\n    throw result.error;\n  }\n\n  const {\n    success: {token: idToken}\n  } = result;\n\n  // id_token === jwt\n  if (isEmptyString(idToken)) {\n    throw new AuthenticationUndefinedJwtError();\n  }\n\n  return await authenticateSession({\n    jwt: idToken,\n    auth,\n    context\n  });\n};\n", "import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n  url\n}: {\n  url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      credentials: 'include'\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    return await result.json();\n  } catch (error: unknown) {\n    return {error: new ApiGitHubInitError({cause: error})};\n  }\n};\n\nexport const finalizeOAuth = async ({\n  url,\n  body\n}: {\n  url: string;\n  body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      method: 'POST',\n      credentials: 'include',\n      headers: {'Content-Type': 'application/json'},\n      body: JSON.stringify(body)\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    return await result.json();\n  } catch (error: unknown) {\n    return {error: new ApiGitHubFinalizeError({cause: error})};\n  }\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {\n  AuthenticationInvalidStateError,\n  AuthenticationUndefinedJwtError,\n  AuthenticationUrlHashError\n} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\n\nexport const authenticateGoogleWithRedirect = async <T extends AuthParameters>({\n  auth,\n  context\n}: {\n  auth: AuthParameters;\n  context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n  const {\n    location: {hash}\n  } = window;\n\n  if (isEmptyString(hash) || !hash.startsWith('#')) {\n    throw new AuthenticationUrlHashError('No hash found in the current location URL');\n  }\n\n  const params = new URLSearchParams(hash.slice(1));\n  const state = params.get('state');\n  const idToken = params.get('id_token');\n\n  const {state: savedState} = context;\n\n  if (isEmptyString(savedState) || state !== savedState) {\n    throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n  }\n\n  // id_token === jwt\n  if (isEmptyString(idToken)) {\n    throw new AuthenticationUndefinedJwtError();\n  }\n\n  return await authenticateSession({\n    jwt: idToken,\n    auth,\n    context\n  });\n};\n", "import {GITHUB_PROVIDER} from './_constants';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {authenticateGitHubWithRedirect} from './providers/github/authenticate';\nimport {authenticateGoogleWithRedirect} from './providers/google/authenticate';\nimport type {\n  AuthenticatedSession,\n  AuthenticationParams,\n  AuthParameters\n} from './types/authenticate';\n\nexport const authenticate = async <T extends AuthParameters>(\n  params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n  const context = loadContext();\n\n  if ('github' in params) {\n    const {\n      github: {redirect, auth}\n    } = params;\n\n    const {finalizeUrl} = GITHUB_PROVIDER;\n\n    return await authenticateGitHubWithRedirect<T>({\n      redirect: redirect ?? {finalizeUrl},\n      auth,\n      context\n    });\n  }\n\n  const {google} = params;\n\n  if ('credentials' in google) {\n    const {\n      credentials: {jwt},\n      auth\n    } = google;\n\n    return await authenticateSession({\n      jwt,\n      context,\n      auth\n    });\n  }\n\n  return await authenticateGoogleWithRedirect<T>({...google, context});\n};\n", "import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n  const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n    const requestUrl = parseUrl({url: initUrl});\n    requestUrl.searchParams.set('nonce', nonce);\n\n    const result = await initOAuth({url: requestUrl.toString()});\n\n    if ('error' in result) {\n      throw result.error;\n    }\n\n    const {\n      success: {state}\n    } = result;\n\n    return state;\n  };\n\n  return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared by the proxy backend with the value it initiated.\n  requestUrl.searchParams.set('state', state);\n\n  window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n  toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n  generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n  FedCMIdentityCredentialInvalidError,\n  FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n *  References:\n *  - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n *  - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  nonce,\n  loginHint,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  // We do not request \"token\" because we use the ID token (JWT).\n  // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n  requestUrl.searchParams.set('response_type', 'code id_token');\n\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared with the session storage value.\n  requestUrl.searchParams.set('state', state);\n\n  // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n  // to the provider and make the request to the backend with its salt.\n  requestUrl.searchParams.set('nonce', nonce);\n\n  if (notEmptyString(loginHint)) {\n    requestUrl.searchParams.set('login_hint', loginHint);\n  } else {\n    requestUrl.searchParams.set('prompt', 'select_account');\n  }\n\n  window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n  configUrl: configURL,\n  clientId,\n  nonce,\n  loginHint,\n  domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n  const identityCredential = await navigator.credentials.get({\n    // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n    // @ts-ignore\n    identity: {\n      context: 'use',\n      providers: [\n        {\n          configURL,\n          clientId,\n          nonce,\n          loginHint,\n          domainHint\n        }\n      ],\n      mode: 'active'\n    },\n    // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n    mediation: 'required'\n  });\n\n  if (isNullish(identityCredential)) {\n    throw new FedCMIdentityCredentialUndefinedError();\n  }\n\n  const {type} = identityCredential;\n\n  if (\n    type !== 'identity' ||\n    !('token' in identityCredential) ||\n    typeof identityCredential.token !== 'string'\n  ) {\n    // This should be unreachable in FedCM spec-compliant browsers.\n    throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n      cause: identityCredential\n    });\n  }\n\n  const {token: jwt} = identityCredential;\n  return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n  requestGoogleJwtWithCredentials,\n  requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n  RequestGoogleJwtCredentialsParams,\n  RequestGoogleJwtParams,\n  RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n  google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n  args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n  args:\n    | {\n        google: RequestGoogleJwtParams;\n      }\n    | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n  if ('github' in args) {\n    const {github} = args;\n\n    const {redirect} = github;\n    const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n    const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n    const context = await initContext({\n      generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n    });\n\n    requestGitHubJwtWithRedirect({\n      ...restRedirect,\n      ...context,\n      authUrl,\n      authScopes\n    });\n    return;\n  }\n\n  const context = await initContext({generateState: generateGoogleState});\n\n  const {google} = args;\n\n  if ('credentials' in google) {\n    const {credentials} = google;\n    const {configUrl} = GOOGLE_PROVIDER;\n\n    return await requestGoogleJwtWithCredentials({\n      ...credentials,\n      ...context,\n      configUrl\n    });\n  }\n\n  const {redirect} = google;\n  const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n  requestGoogleJwtWithRedirect({\n    ...redirect,\n    ...context,\n    authUrl,\n    authScopes\n  });\n}\n", "/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n *  - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n  const {userAgent} = navigator;\n\n  // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n  // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n  const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n  if (isSamsungBrowser) {\n    return false;\n  }\n\n  return 'IdentityCredential' in window;\n};\n"],
-  "mappings": ";;AAGO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,EAEaC,EAA0E,CACrF,QAAS,2CACT,WAAY,CAAC,YAAa,YAAY,EACtC,QAAS,6CACT,YAAa,gDACf,ECjBA,OAAQ,aAAAC,OAAgB,iBACxB,OAAQ,sBAAAC,OAAyB,yBCD1B,IAAMC,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,EAEvCC,EAAN,cAAiC,KAAM,CAC5C,YAAYC,EAAwB,CAClC,MAAM,qCAAsCA,CAAO,CACrD,CACF,EAEaC,EAAN,cAAqC,KAAM,CAChD,YAAYD,EAAwB,CAClC,MAAM,mCAAoCA,CAAO,CACnD,CACF,ECxBA,OAAQ,2BAAAE,OAA8B,iBCAtC,OAAQ,sBAAAC,OAAyB,iBAK1B,IAAMC,EAAeC,GAC1BC,GAAmBD,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EAE7EE,EAAW,CAAC,CAAC,IAAAC,CAAG,IAA0B,CACrD,GAAI,CAEF,OAAO,IAAI,IAAIA,CAAG,CACpB,MAA0B,CACxB,MAAM,IAAIC,EAAgB,uBAAwB,CAAC,MAAOD,CAAG,CAAC,CAChE,CACF,EDVA,IAAME,GAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,GAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,GAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,GAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,GAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,GAAoB,sBAAAC,OAAyB,iBACrD,OAAQ,sBAAAC,OAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,GAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,GAAmB,eAAeW,CAAU,EACpD,KAAMb,GAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EJ3BO,IAAMO,EAAc,MAAO,CAChC,cAAAC,CACF,IAEkE,CAChE,IAAMC,EAASC,GAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAE5CK,EAAQ,MAAMN,EAAc,CAAC,MAAAG,CAAK,CAAC,EAEnCI,EAAaC,EAAiB,CAClC,OAAAP,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQG,EAAaF,CAAU,EAEvC,CACL,MAAAJ,EACA,MAAAG,CACF,CACF,EAEaI,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,GAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC,EKzCA,OAAQ,gBAAAI,OAAmB,iBAE3B,OAAQ,cAAAC,GAAY,oBAAAC,OAAuB,yBCF3C,OAGE,mBAAAC,GACA,qBAAAC,OACK,6BAGA,IAAMC,EAAe,CAAC,CAC3B,KAAAC,EACA,SAAAC,CACF,IACE,cAAeD,EACXF,GAAkB,CAAC,GAAGE,EAAK,UAAW,SAAAC,CAAQ,CAAC,EAC/CJ,GAAgB,CAAC,GAAGG,EAAK,QAAS,SAAAC,CAAQ,CAAC,ECL1C,IAAMC,EAAe,MAAO,CACjC,YAAAC,EACA,KAAAC,CACF,IAGqC,CACnC,GAAM,CAAC,aAAAF,CAAY,EAAI,MAAMG,EAAaF,CAAW,EACrD,OAAO,MAAMD,EAAaE,CAAI,CAChC,EAEaE,EAAgB,MAAO,CAClC,YAAAH,EACA,KAAAC,CACF,IAGoC,CAClC,GAAM,CAAC,eAAAG,CAAc,EAAI,MAAMF,EAAaF,CAAW,EACvD,OAAO,MAAMI,EAAeH,CAAI,CAClC,EC7BA,OAAQ,mBAAAI,GAAiB,sBAAAC,OAAgD,yBAIlE,IAAMC,EAAmB,CAAC,CAC/B,YAAAC,EACA,WAAAC,CACF,IAG6B,CAC3B,GAAM,CAACC,EAASC,CAAiB,EAAIH,EAE/BI,EAAkBP,GAAgB,gBACtCM,EACA,WAAW,KAAKD,CAAO,CACzB,EAIA,MAAO,CAAC,SAFSJ,GAAmB,eAAeG,EAAYG,CAAe,EAE5D,gBAAAA,EAAiB,WAAAH,CAAU,CAC/C,EHJO,IAAMI,EAAsB,MAAiC,CAClE,IAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA4D,CAC1D,IAAMC,EAAa,MAAMC,GAAiB,SAAS,CAAC,YAAa,EAAK,CAAC,EAEjEC,EAAY,IAAI,WAAWF,EAAW,aAAa,EAAE,MAAM,CAAC,EAE5D,CAAC,YAAAG,EAAa,KAAAC,CAAI,EAAI,MAAMC,GAAgB,CAChD,IAAAR,EACA,UAAAK,EACA,QAAAJ,EACA,KAAAC,CACF,CAAC,EAOD,MAAO,CAAC,SALSO,EAAiB,CAChC,WAAAN,EACA,YAAAG,CACF,CAAC,EAEiB,KAAAC,CAAI,CACxB,EAEMC,GAAe,MAAiC,CACpD,IAAAR,EACA,UAAAK,EACA,QAAS,CAAC,OAAAK,EAAQ,KAAAC,CAAI,EACtB,KAAAT,CACF,IAE6F,CAC3F,IAAMU,EAAS,MAAMJ,EAAgB,CACnC,KAAM,CACJ,OAAQ,CACN,IAAAR,EACA,YAAaK,EACb,KAAAM,CACF,CACF,EACA,YAAa,CACX,KAAAT,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EACX,MAAM,IAAIC,EAAoB,wBAAyB,CAAC,MAAOD,CAAM,CAAC,EAGxE,GAAM,CACJ,WAAY,CAAC,SAAUE,EAAS,WAAAC,CAAU,EAC1C,GAAGC,CACL,EAAIJ,EAAO,GAELK,EAAmB,MAAMC,GAAmB,CAChD,IAAAlB,EACA,QAAS,CAAC,OAAAU,EAAQ,KAAAC,CAAI,EACtB,KAAAT,EACA,UAAAG,EACA,WAAAU,CACF,CAAC,EAEK,CAAC,WAAAI,EAAY,UAAAC,CAAS,EAAIH,EAC1B,CAAC,OAAAI,EAAQ,WAAYC,EAAkB,QAAAC,EAAO,EAAIJ,EAgBxD,MAAO,CAAC,YAdyB,CAC/BL,EACA,CACE,CACE,WAAY,IAAIU,GACd,WAAW,KAAKH,CAAM,EACtBC,EACAG,GAAaF,EAAO,CACtB,EACA,UAAW,WAAW,KAAKH,CAAS,CACtC,CACF,CACF,EAEqB,KAAMJ,CAA6B,CAC1D,EAEME,GAAqB,MAAO,CAChC,IAAAlB,EACA,UAAAK,EACA,QAAS,CAAC,KAAAM,EAAM,OAAAD,CAAM,EACtB,KAAAR,EACA,WAAAa,EACA,WAAAW,EAAa,CACf,IAIsD,CACpD,QAASC,EAAI,EAAGA,EAAID,EAAYC,IAAK,CAEnC,MAAM,IAAI,QAASC,GAAY,CAC7B,YAAYA,EAAS,IAAOD,CAAC,CAC/B,CAAC,EAWD,IAAMf,EAAS,MAAMiB,EAAiB,CACpC,KAV8B,CAC9B,OAAQ,CACN,IAAA7B,EACA,YAAaK,EACb,KAAAM,EACA,WAAAI,CACF,CACF,EAIE,YAAa,CACX,KAAAb,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EAAQ,CACnB,GAAM,CAAC,IAAAkB,CAAG,EAAIlB,EAOd,GALI,qBAAsBkB,GAKtB,kBAAmBA,EAErB,SAGF,MAAM,IAAIC,EAAmB,4BAA6B,CAAC,MAAOnB,CAAM,CAAC,CAC3E,CAEA,OAAOA,EAAO,EAChB,CAEA,MAAM,IAAIoB,CACZ,EI3JA,OAAQ,iBAAAC,OAAoB,iBCErB,IAAMC,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF,EDrCO,IAAMK,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,EACA,SAAU,CAAC,YAAAC,CAAW,CACxB,IAIwC,CACtC,GAAM,CACJ,SAAU,CAAC,OAAAC,CAAM,CACnB,EAAI,OAEEC,EAAY,IAAI,gBAAgBD,CAAM,EACtCE,EAAOD,EAAU,IAAI,MAAM,EAC3BE,EAAQF,EAAU,IAAI,OAAO,EAE7BG,EAAS,MAAMC,EAAc,CACjC,IAAKN,EACL,KAAM,CAAC,KAAAG,EAAM,MAAAC,CAAK,CACpB,CAAC,EAED,GAAI,UAAWC,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAOE,CAAO,CAC1B,EAAIF,EAGJ,GAAIG,GAAcD,CAAO,EACvB,MAAM,IAAIE,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKH,EACL,KAAAT,EACA,QAAAC,CACF,CAAC,CACH,EEhDA,OAAQ,iBAAAY,MAAoB,iBAUrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMC,EAAS,IAAI,gBAAgBH,EAAK,MAAM,CAAC,CAAC,EAC1CI,EAAQD,EAAO,IAAI,OAAO,EAC1BE,EAAUF,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOG,CAAU,EAAIP,EAE5B,GAAIE,EAAcK,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIH,EAAcI,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKJ,EACL,KAAAP,EACA,QAAAC,CACF,CAAC,CACH,EClCO,IAAMW,GAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,WAAYF,EAAQ,CACtB,GAAM,CACJ,OAAQ,CAAC,SAAAG,EAAU,KAAAC,CAAI,CACzB,EAAIJ,EAEE,CAAC,YAAAK,CAAW,EAAIC,EAEtB,OAAO,MAAMC,EAAkC,CAC7C,SAAUJ,GAAY,CAAC,YAAAE,CAAW,EAClC,KAAAD,EACA,QAAAH,CACF,CAAC,CACH,CAEA,GAAM,CAAC,OAAAO,CAAM,EAAIR,EAEjB,GAAI,gBAAiBQ,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAC,CAAG,EACjB,KAAAL,CACF,EAAII,EAEJ,OAAO,MAAME,EAAoB,CAC/B,IAAAD,EACA,QAAAR,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAMO,EAAkC,CAAC,GAAGH,EAAQ,QAAAP,CAAO,CAAC,CACrE,ECzCO,IAAMW,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAErEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC3BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,GAAW,kBAAAC,OAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,GAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,GAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,GAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,GACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,GAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH,CCrEO,IAAMc,GAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
+  "sourcesContent": ["import type {OpenIdGitHubProvider} from './providers/github/types/provider';\nimport type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n  authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n  authScopes: ['openid', 'profile', 'email'],\n  configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n\nexport const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'> = {\n  authUrl: 'https://github.com/login/oauth/authorize',\n  authScopes: ['read:user', 'user:email'],\n  initUrl: 'https://api.juno.build/v1/auth/init/github',\n  finalizeUrl: 'https://api.juno.build/v1/auth/finalize/github'\n};\n", "import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\n\nexport const initContext = async ({\n  generateState\n}: {\n  generateState: (params: {nonce: Nonce}) => Promise<string>;\n}): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n  const caller = Ed25519KeyIdentity.generate();\n  const {nonce, salt} = await generateNonce({caller});\n\n  const state = await generateState({nonce});\n\n  const storedData = stringifyContext({\n    caller,\n    salt,\n    state\n  });\n\n  sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n  return {\n    nonce,\n    state\n  };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n  const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n  if (isNullish(storedContext)) {\n    throw new ContextUndefinedError();\n  }\n\n  return parseContext(storedContext);\n};\n", "export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n\nexport class ApiGitHubInitError extends Error {\n  constructor(options?: ErrorOptions) {\n    super('GitHub OAuth initialization failed', options);\n  }\n}\n\nexport class ApiGitHubFinalizeError extends Error {\n  constructor(options?: ErrorOptions) {\n    super('GitHub OAuth finalization failed', options);\n  }\n}\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n  const principal = caller.getPrincipal().toUint8Array();\n\n  const bytes = new Uint8Array(salt.length + principal.byteLength);\n  bytes.set(salt);\n  bytes.set(principal, salt.length);\n\n  const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n  return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n  caller\n}: {\n  caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n  const salt = generateSalt();\n  const nonce = await buildNonce({salt, caller});\n\n  return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {InvalidUrlError} from '../errors';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n  uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\nexport const parseUrl = ({url}: {url: string}): URL => {\n  try {\n    // Use the URL constructor, for backwards compatibility with older Android/WebView.\n    return new URL(url);\n  } catch (_error: unknown) {\n    throw new InvalidUrlError('Cannot parse authURL', {cause: url});\n  }\n};\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n  [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n  [JSON_KEY_SALT]: string;\n  [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n  const data: StoredContext = {\n    [JSON_KEY_CALLER]: caller.toJSON(),\n    [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n    [JSON_KEY_STATE]: state\n  };\n\n  return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n  const {\n    [JSON_KEY_CALLER]: jsonCaller,\n    [JSON_KEY_SALT]: jsonSalt,\n    [JSON_KEY_STATE]: state\n  }: StoredContext = JSON.parse(jsonData);\n\n  return {\n    caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n    salt: base64ToUint8Array(jsonSalt),\n    state\n  };\n};\n", "import {fromNullable} from '@dfinity/utils';\nimport type {Signature} from '@icp-sdk/core/agent';\nimport {Delegation, ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport {authenticate as authenticateApi, getDelegation as getDelegationApi} from './api/auth.api';\nimport {AuthenticationError, GetDelegationError, GetDelegationRetryError} from './errors';\nimport type {AuthenticationData, GetDelegationArgs, SignedDelegation} from './types/actor';\nimport type {AuthenticatedSession, AuthParameters} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Delegations} from './types/session';\nimport {generateIdentity} from './utils/session.utils';\n\ninterface AuthContext {\n  context: Omit<OpenIdAuthContext, 'state'>;\n  auth: AuthParameters;\n}\ntype AuthenticationArgs = {jwt: string} & AuthContext;\n\nexport const authenticateSession = async <T extends AuthParameters>({\n  jwt,\n  context,\n  auth\n}: AuthenticationArgs): Promise<AuthenticatedSession<T>> => {\n  const sessionKey = await ECDSAKeyIdentity.generate({extractable: false});\n\n  const publicKey = new Uint8Array(sessionKey.getPublicKey().toDer());\n\n  const {delegations, data} = await authenticate<T>({\n    jwt,\n    publicKey,\n    context,\n    auth\n  });\n\n  const identity = generateIdentity({\n    sessionKey,\n    delegations\n  });\n\n  return {identity, data};\n};\n\nconst authenticate = async <T extends AuthParameters>({\n  jwt,\n  publicKey,\n  context: {caller, salt},\n  auth\n}: {\n  publicKey: Uint8Array;\n} & AuthenticationArgs): Promise<{delegations: Delegations; data: AuthenticationData<T>}> => {\n  const result = await authenticateApi({\n    args: {\n      OpenId: {\n        jwt,\n        session_key: publicKey,\n        salt\n      }\n    },\n    actorParams: {\n      auth,\n      identity: caller\n    }\n  });\n\n  if ('Err' in result) {\n    throw new AuthenticationError('Authentication failed', {cause: result});\n  }\n\n  const {\n    delegation: {user_key: userKey, expiration},\n    ...rest\n  } = result.Ok;\n\n  const signedDelegation = await retryGetDelegation({\n    jwt,\n    context: {caller, salt},\n    auth,\n    publicKey,\n    expiration\n  });\n\n  const {delegation, signature} = signedDelegation;\n  const {pubkey, expiration: signedExpiration, targets} = delegation;\n\n  const delegations: Delegations = [\n    userKey,\n    [\n      {\n        delegation: new Delegation(\n          Uint8Array.from(pubkey),\n          signedExpiration,\n          fromNullable(targets)\n        ),\n        signature: Uint8Array.from(signature) as unknown as Signature\n      }\n    ]\n  ];\n\n  return {delegations, data: rest as AuthenticationData<T>};\n};\n\nconst retryGetDelegation = async ({\n  jwt,\n  publicKey,\n  context: {salt, caller},\n  auth,\n  expiration,\n  maxRetries = 5\n}: {\n  publicKey: Uint8Array;\n  expiration: bigint;\n  maxRetries?: number;\n} & AuthenticationArgs): Promise<SignedDelegation> => {\n  for (let i = 0; i < maxRetries; i++) {\n    // Linear backoff\n    await new Promise((resolve) => {\n      setInterval(resolve, 1000 * i);\n    });\n\n    const args: GetDelegationArgs = {\n      OpenId: {\n        jwt,\n        session_key: publicKey,\n        salt,\n        expiration\n      }\n    };\n\n    const result = await getDelegationApi({\n      args,\n      actorParams: {\n        auth,\n        identity: caller\n      }\n    });\n\n    if ('Err' in result) {\n      const {Err} = result;\n\n      if ('NoSuchDelegation' in Err) {\n        // eslint-disable-next-line no-continue\n        continue;\n      }\n\n      if ('GetCachedJwks' in Err) {\n        // eslint-disable-next-line no-continue\n        continue;\n      }\n\n      throw new GetDelegationError('Getting delegation failed', {cause: result});\n    }\n\n    return result.Ok;\n  }\n\n  throw new GetDelegationRetryError();\n};\n", "import {\n  type ConsoleActor,\n  type SatelliteActor,\n  getConsoleActor,\n  getSatelliteActor\n} from '@junobuild/ic-client/actor';\nimport type {ActorParameters} from '../types/actor';\n\nexport const getAuthActor = ({\n  auth,\n  identity\n}: ActorParameters): Promise<ConsoleActor | SatelliteActor> =>\n  'satellite' in auth\n    ? getSatelliteActor({...auth.satellite, identity})\n    : getConsoleActor({...auth.console, identity});\n", "import type {\n  ActorParameters,\n  AuthenticationArgs,\n  AuthenticationResult,\n  GetDelegationArgs,\n  GetDelegationResult\n} from '../types/actor';\nimport {getAuthActor} from './_actor.api';\n\nexport const authenticate = async ({\n  actorParams,\n  args\n}: {\n  args: AuthenticationArgs;\n  actorParams: ActorParameters;\n}): Promise<AuthenticationResult> => {\n  const {authenticate} = await getAuthActor(actorParams);\n  return await authenticate(args);\n};\n\nexport const getDelegation = async ({\n  actorParams,\n  args\n}: {\n  args: GetDelegationArgs;\n  actorParams: ActorParameters;\n}): Promise<GetDelegationResult> => {\n  const {get_delegation} = await getAuthActor(actorParams);\n  return await get_delegation(args);\n};\n", "import {DelegationChain, DelegationIdentity, type ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport type {AuthenticatedIdentity} from '../types/authenticate';\nimport type {Delegations} from '../types/session';\n\nexport const generateIdentity = ({\n  delegations,\n  sessionKey\n}: {\n  delegations: Delegations;\n  sessionKey: ECDSAKeyIdentity;\n}): AuthenticatedIdentity => {\n  const [userKey, signedDelegations] = delegations;\n\n  const delegationChain = DelegationChain.fromDelegations(\n    signedDelegations,\n    Uint8Array.from(userKey)\n  );\n\n  const identity = DelegationIdentity.fromDelegation(sessionKey, delegationChain);\n\n  return {identity, delegationChain, sessionKey};\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {AuthenticationUndefinedJwtError} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\nimport {finalizeOAuth} from './_api';\nimport type {AuthenticationGitHubRedirect} from './types/authenticate';\n\nexport const authenticateGitHubWithRedirect = async <T extends AuthParameters>({\n  auth,\n  context,\n  redirect: {finalizeUrl}\n}: {\n  auth: AuthParameters;\n  context: Omit<OpenIdAuthContext, 'state'>;\n  redirect: AuthenticationGitHubRedirect;\n}): Promise<AuthenticatedSession<T>> => {\n  const {\n    location: {search}\n  } = window;\n\n  const urlParams = new URLSearchParams(search);\n  const code = urlParams.get('code');\n  const state = urlParams.get('state');\n\n  const result = await finalizeOAuth({\n    url: finalizeUrl,\n    body: {code, state}\n  });\n\n  if ('error' in result) {\n    throw result.error;\n  }\n\n  const {\n    success: {token: idToken}\n  } = result;\n\n  // id_token === jwt\n  if (isEmptyString(idToken)) {\n    throw new AuthenticationUndefinedJwtError();\n  }\n\n  return await authenticateSession({\n    jwt: idToken,\n    auth,\n    context\n  });\n};\n", "import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n  url\n}: {\n  url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      credentials: 'include'\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    const data: {state: string} = await result.json();\n    return {success: data};\n  } catch (error: unknown) {\n    return {error: new ApiGitHubInitError({cause: error})};\n  }\n};\n\nexport const finalizeOAuth = async ({\n  url,\n  body\n}: {\n  url: string;\n  body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      method: 'POST',\n      credentials: 'include',\n      headers: {'Content-Type': 'application/json'},\n      body: JSON.stringify(body)\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    const data: {token: string} = await result.json();\n    return {success: data};\n  } catch (error: unknown) {\n    return {error: new ApiGitHubFinalizeError({cause: error})};\n  }\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {\n  AuthenticationInvalidStateError,\n  AuthenticationUndefinedJwtError,\n  AuthenticationUrlHashError\n} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\n\nexport const authenticateGoogleWithRedirect = async <T extends AuthParameters>({\n  auth,\n  context\n}: {\n  auth: AuthParameters;\n  context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n  const {\n    location: {hash}\n  } = window;\n\n  if (isEmptyString(hash) || !hash.startsWith('#')) {\n    throw new AuthenticationUrlHashError('No hash found in the current location URL');\n  }\n\n  const params = new URLSearchParams(hash.slice(1));\n  const state = params.get('state');\n  const idToken = params.get('id_token');\n\n  const {state: savedState} = context;\n\n  if (isEmptyString(savedState) || state !== savedState) {\n    throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n  }\n\n  // id_token === jwt\n  if (isEmptyString(idToken)) {\n    throw new AuthenticationUndefinedJwtError();\n  }\n\n  return await authenticateSession({\n    jwt: idToken,\n    auth,\n    context\n  });\n};\n", "import {GITHUB_PROVIDER} from './_constants';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {authenticateGitHubWithRedirect} from './providers/github/authenticate';\nimport {authenticateGoogleWithRedirect} from './providers/google/authenticate';\nimport type {\n  AuthenticatedSession,\n  AuthenticationParams,\n  AuthParameters\n} from './types/authenticate';\n\nexport const authenticate = async <T extends AuthParameters>(\n  params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n  const context = loadContext();\n\n  if ('github' in params) {\n    const {\n      github: {redirect, auth}\n    } = params;\n\n    const {finalizeUrl} = GITHUB_PROVIDER;\n\n    return await authenticateGitHubWithRedirect<T>({\n      redirect: redirect ?? {finalizeUrl},\n      auth,\n      context\n    });\n  }\n\n  const {google} = params;\n\n  if ('credentials' in google) {\n    const {\n      credentials: {jwt},\n      auth\n    } = google;\n\n    return await authenticateSession({\n      jwt,\n      context,\n      auth\n    });\n  }\n\n  return await authenticateGoogleWithRedirect<T>({...google, context});\n};\n", "import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n  const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n    const requestUrl = parseUrl({url: initUrl});\n    requestUrl.searchParams.set('nonce', nonce);\n\n    const result = await initOAuth({url: requestUrl.toString()});\n\n    if ('error' in result) {\n      throw result.error;\n    }\n\n    const {\n      success: {state}\n    } = result;\n\n    return state;\n  };\n\n  return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  // Note: GitHub Apps ignore this parameter and use permissions from app settings instead\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared by the proxy backend with the value it initiated.\n  requestUrl.searchParams.set('state', state);\n\n  window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n  toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n  generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n  FedCMIdentityCredentialInvalidError,\n  FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n *  References:\n *  - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n *  - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  nonce,\n  loginHint,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  // We do not request \"token\" because we use the ID token (JWT).\n  // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n  requestUrl.searchParams.set('response_type', 'code id_token');\n\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared with the session storage value.\n  requestUrl.searchParams.set('state', state);\n\n  // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n  // to the provider and make the request to the backend with its salt.\n  requestUrl.searchParams.set('nonce', nonce);\n\n  if (notEmptyString(loginHint)) {\n    requestUrl.searchParams.set('login_hint', loginHint);\n  } else {\n    requestUrl.searchParams.set('prompt', 'select_account');\n  }\n\n  window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n  configUrl: configURL,\n  clientId,\n  nonce,\n  loginHint,\n  domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n  const identityCredential = await navigator.credentials.get({\n    // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n    // @ts-ignore\n    identity: {\n      context: 'use',\n      providers: [\n        {\n          configURL,\n          clientId,\n          nonce,\n          loginHint,\n          domainHint\n        }\n      ],\n      mode: 'active'\n    },\n    // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n    mediation: 'required'\n  });\n\n  if (isNullish(identityCredential)) {\n    throw new FedCMIdentityCredentialUndefinedError();\n  }\n\n  const {type} = identityCredential;\n\n  if (\n    type !== 'identity' ||\n    !('token' in identityCredential) ||\n    typeof identityCredential.token !== 'string'\n  ) {\n    // This should be unreachable in FedCM spec-compliant browsers.\n    throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n      cause: identityCredential\n    });\n  }\n\n  const {token: jwt} = identityCredential;\n  return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n  requestGoogleJwtWithCredentials,\n  requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n  RequestGoogleJwtCredentialsParams,\n  RequestGoogleJwtParams,\n  RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n  google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n  args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n  args:\n    | {\n        google: RequestGoogleJwtParams;\n      }\n    | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n  if ('github' in args) {\n    const {github} = args;\n\n    const {redirect} = github;\n    const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n    const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n    const context = await initContext({\n      generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n    });\n\n    requestGitHubJwtWithRedirect({\n      ...restRedirect,\n      ...context,\n      authUrl,\n      authScopes\n    });\n    return;\n  }\n\n  const context = await initContext({generateState: generateGoogleState});\n\n  const {google} = args;\n\n  if ('credentials' in google) {\n    const {credentials} = google;\n    const {configUrl} = GOOGLE_PROVIDER;\n\n    return await requestGoogleJwtWithCredentials({\n      ...credentials,\n      ...context,\n      configUrl\n    });\n  }\n\n  const {redirect} = google;\n  const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n  requestGoogleJwtWithRedirect({\n    ...redirect,\n    ...context,\n    authUrl,\n    authScopes\n  });\n}\n", "/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n *  - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n  const {userAgent} = navigator;\n\n  // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n  // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n  const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n  if (isSamsungBrowser) {\n    return false;\n  }\n\n  return 'IdentityCredential' in window;\n};\n"],
+  "mappings": ";;AAGO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,EAEaC,EAA0E,CACrF,QAAS,2CACT,WAAY,CAAC,YAAa,YAAY,EACtC,QAAS,6CACT,YAAa,gDACf,ECjBA,OAAQ,aAAAC,OAAgB,iBACxB,OAAQ,sBAAAC,OAAyB,yBCD1B,IAAMC,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,EAEvCC,EAAN,cAAiC,KAAM,CAC5C,YAAYC,EAAwB,CAClC,MAAM,qCAAsCA,CAAO,CACrD,CACF,EAEaC,EAAN,cAAqC,KAAM,CAChD,YAAYD,EAAwB,CAClC,MAAM,mCAAoCA,CAAO,CACnD,CACF,ECxBA,OAAQ,2BAAAE,OAA8B,iBCAtC,OAAQ,sBAAAC,OAAyB,iBAK1B,IAAMC,EAAeC,GAC1BC,GAAmBD,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EAE7EE,EAAW,CAAC,CAAC,IAAAC,CAAG,IAA0B,CACrD,GAAI,CAEF,OAAO,IAAI,IAAIA,CAAG,CACpB,MAA0B,CACxB,MAAM,IAAIC,EAAgB,uBAAwB,CAAC,MAAOD,CAAG,CAAC,CAChE,CACF,EDVA,IAAME,GAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,GAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,GAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,GAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,GAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,GAAoB,sBAAAC,OAAyB,iBACrD,OAAQ,sBAAAC,OAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,GAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,GAAmB,eAAeW,CAAU,EACpD,KAAMb,GAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EJ3BO,IAAMO,EAAc,MAAO,CAChC,cAAAC,CACF,IAEkE,CAChE,IAAMC,EAASC,GAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAE5CK,EAAQ,MAAMN,EAAc,CAAC,MAAAG,CAAK,CAAC,EAEnCI,EAAaC,EAAiB,CAClC,OAAAP,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQG,EAAaF,CAAU,EAEvC,CACL,MAAAJ,EACA,MAAAG,CACF,CACF,EAEaI,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,GAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC,EKzCA,OAAQ,gBAAAI,OAAmB,iBAE3B,OAAQ,cAAAC,GAAY,oBAAAC,OAAuB,yBCF3C,OAGE,mBAAAC,GACA,qBAAAC,OACK,6BAGA,IAAMC,EAAe,CAAC,CAC3B,KAAAC,EACA,SAAAC,CACF,IACE,cAAeD,EACXF,GAAkB,CAAC,GAAGE,EAAK,UAAW,SAAAC,CAAQ,CAAC,EAC/CJ,GAAgB,CAAC,GAAGG,EAAK,QAAS,SAAAC,CAAQ,CAAC,ECL1C,IAAMC,EAAe,MAAO,CACjC,YAAAC,EACA,KAAAC,CACF,IAGqC,CACnC,GAAM,CAAC,aAAAF,CAAY,EAAI,MAAMG,EAAaF,CAAW,EACrD,OAAO,MAAMD,EAAaE,CAAI,CAChC,EAEaE,EAAgB,MAAO,CAClC,YAAAH,EACA,KAAAC,CACF,IAGoC,CAClC,GAAM,CAAC,eAAAG,CAAc,EAAI,MAAMF,EAAaF,CAAW,EACvD,OAAO,MAAMI,EAAeH,CAAI,CAClC,EC7BA,OAAQ,mBAAAI,GAAiB,sBAAAC,OAAgD,yBAIlE,IAAMC,EAAmB,CAAC,CAC/B,YAAAC,EACA,WAAAC,CACF,IAG6B,CAC3B,GAAM,CAACC,EAASC,CAAiB,EAAIH,EAE/BI,EAAkBP,GAAgB,gBACtCM,EACA,WAAW,KAAKD,CAAO,CACzB,EAIA,MAAO,CAAC,SAFSJ,GAAmB,eAAeG,EAAYG,CAAe,EAE5D,gBAAAA,EAAiB,WAAAH,CAAU,CAC/C,EHJO,IAAMI,EAAsB,MAAiC,CAClE,IAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA4D,CAC1D,IAAMC,EAAa,MAAMC,GAAiB,SAAS,CAAC,YAAa,EAAK,CAAC,EAEjEC,EAAY,IAAI,WAAWF,EAAW,aAAa,EAAE,MAAM,CAAC,EAE5D,CAAC,YAAAG,EAAa,KAAAC,CAAI,EAAI,MAAMC,GAAgB,CAChD,IAAAR,EACA,UAAAK,EACA,QAAAJ,EACA,KAAAC,CACF,CAAC,EAOD,MAAO,CAAC,SALSO,EAAiB,CAChC,WAAAN,EACA,YAAAG,CACF,CAAC,EAEiB,KAAAC,CAAI,CACxB,EAEMC,GAAe,MAAiC,CACpD,IAAAR,EACA,UAAAK,EACA,QAAS,CAAC,OAAAK,EAAQ,KAAAC,CAAI,EACtB,KAAAT,CACF,IAE6F,CAC3F,IAAMU,EAAS,MAAMJ,EAAgB,CACnC,KAAM,CACJ,OAAQ,CACN,IAAAR,EACA,YAAaK,EACb,KAAAM,CACF,CACF,EACA,YAAa,CACX,KAAAT,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EACX,MAAM,IAAIC,EAAoB,wBAAyB,CAAC,MAAOD,CAAM,CAAC,EAGxE,GAAM,CACJ,WAAY,CAAC,SAAUE,EAAS,WAAAC,CAAU,EAC1C,GAAGC,CACL,EAAIJ,EAAO,GAELK,EAAmB,MAAMC,GAAmB,CAChD,IAAAlB,EACA,QAAS,CAAC,OAAAU,EAAQ,KAAAC,CAAI,EACtB,KAAAT,EACA,UAAAG,EACA,WAAAU,CACF,CAAC,EAEK,CAAC,WAAAI,EAAY,UAAAC,CAAS,EAAIH,EAC1B,CAAC,OAAAI,EAAQ,WAAYC,EAAkB,QAAAC,EAAO,EAAIJ,EAgBxD,MAAO,CAAC,YAdyB,CAC/BL,EACA,CACE,CACE,WAAY,IAAIU,GACd,WAAW,KAAKH,CAAM,EACtBC,EACAG,GAAaF,EAAO,CACtB,EACA,UAAW,WAAW,KAAKH,CAAS,CACtC,CACF,CACF,EAEqB,KAAMJ,CAA6B,CAC1D,EAEME,GAAqB,MAAO,CAChC,IAAAlB,EACA,UAAAK,EACA,QAAS,CAAC,KAAAM,EAAM,OAAAD,CAAM,EACtB,KAAAR,EACA,WAAAa,EACA,WAAAW,EAAa,CACf,IAIsD,CACpD,QAASC,EAAI,EAAGA,EAAID,EAAYC,IAAK,CAEnC,MAAM,IAAI,QAASC,GAAY,CAC7B,YAAYA,EAAS,IAAOD,CAAC,CAC/B,CAAC,EAWD,IAAMf,EAAS,MAAMiB,EAAiB,CACpC,KAV8B,CAC9B,OAAQ,CACN,IAAA7B,EACA,YAAaK,EACb,KAAAM,EACA,WAAAI,CACF,CACF,EAIE,YAAa,CACX,KAAAb,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EAAQ,CACnB,GAAM,CAAC,IAAAkB,CAAG,EAAIlB,EAOd,GALI,qBAAsBkB,GAKtB,kBAAmBA,EAErB,SAGF,MAAM,IAAIC,EAAmB,4BAA6B,CAAC,MAAOnB,CAAM,CAAC,CAC3E,CAEA,OAAOA,EAAO,EAChB,CAEA,MAAM,IAAIoB,CACZ,EI3JA,OAAQ,iBAAAC,OAAoB,iBCErB,IAAMC,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF,EDvCO,IAAMK,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,EACA,SAAU,CAAC,YAAAC,CAAW,CACxB,IAIwC,CACtC,GAAM,CACJ,SAAU,CAAC,OAAAC,CAAM,CACnB,EAAI,OAEEC,EAAY,IAAI,gBAAgBD,CAAM,EACtCE,EAAOD,EAAU,IAAI,MAAM,EAC3BE,EAAQF,EAAU,IAAI,OAAO,EAE7BG,EAAS,MAAMC,EAAc,CACjC,IAAKN,EACL,KAAM,CAAC,KAAAG,EAAM,MAAAC,CAAK,CACpB,CAAC,EAED,GAAI,UAAWC,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAOE,CAAO,CAC1B,EAAIF,EAGJ,GAAIG,GAAcD,CAAO,EACvB,MAAM,IAAIE,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKH,EACL,KAAAT,EACA,QAAAC,CACF,CAAC,CACH,EEhDA,OAAQ,iBAAAY,MAAoB,iBAUrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMC,EAAS,IAAI,gBAAgBH,EAAK,MAAM,CAAC,CAAC,EAC1CI,EAAQD,EAAO,IAAI,OAAO,EAC1BE,EAAUF,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOG,CAAU,EAAIP,EAE5B,GAAIE,EAAcK,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIH,EAAcI,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKJ,EACL,KAAAP,EACA,QAAAC,CACF,CAAC,CACH,EClCO,IAAMW,GAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,WAAYF,EAAQ,CACtB,GAAM,CACJ,OAAQ,CAAC,SAAAG,EAAU,KAAAC,CAAI,CACzB,EAAIJ,EAEE,CAAC,YAAAK,CAAW,EAAIC,EAEtB,OAAO,MAAMC,EAAkC,CAC7C,SAAUJ,GAAY,CAAC,YAAAE,CAAW,EAClC,KAAAD,EACA,QAAAH,CACF,CAAC,CACH,CAEA,GAAM,CAAC,OAAAO,CAAM,EAAIR,EAEjB,GAAI,gBAAiBQ,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAC,CAAG,EACjB,KAAAL,CACF,EAAII,EAEJ,OAAO,MAAME,EAAoB,CAC/B,IAAAD,EACA,QAAAR,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAMO,EAAkC,CAAC,GAAGH,EAAQ,QAAAP,CAAO,CAAC,CACrE,ECzCO,IAAMW,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAGrEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC5BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,GAAW,kBAAAC,OAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,GAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,GAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,GAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,GACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,GAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH,CCrEO,IAAMc,GAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
   "names": ["CONTEXT_KEY", "GOOGLE_PROVIDER", "GITHUB_PROVIDER", "isNullish", "Ed25519KeyIdentity", "InvalidUrlError", "ContextUndefinedError", "FedCMIdentityCredentialUndefinedError", "FedCMIdentityCredentialInvalidError", "AuthenticationError", "AuthenticationUrlHashError", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "GetDelegationError", "GetDelegationRetryError", "ApiGitHubInitError", "options", "ApiGitHubFinalizeError", "arrayBufferToUint8Array", "uint8ArrayToBase64", "toBase64URL", "uint8Array", "uint8ArrayToBase64", "parseUrl", "url", "InvalidUrlError", "generateSalt", "buildNonce", "salt", "caller", "principal", "bytes", "hash", "toBase64URL", "arrayBufferToUint8Array", "generateNonce", "base64ToUint8Array", "uint8ArrayToBase64", "Ed25519KeyIdentity", "JSON_KEY_CALLER", "JSON_KEY_SALT", "JSON_KEY_STATE", "stringifyContext", "caller", "state", "salt", "data", "parseContext", "jsonData", "jsonCaller", "jsonSalt", "initContext", "generateState", "caller", "Ed25519KeyIdentity", "nonce", "salt", "generateNonce", "state", "storedData", "stringifyContext", "CONTEXT_KEY", "loadContext", "storedContext", "isNullish", "ContextUndefinedError", "parseContext", "fromNullable", "Delegation", "ECDSAKeyIdentity", "getConsoleActor", "getSatelliteActor", "getAuthActor", "auth", "identity", "authenticate", "actorParams", "args", "getAuthActor", "getDelegation", "get_delegation", "DelegationChain", "DelegationIdentity", "generateIdentity", "delegations", "sessionKey", "userKey", "signedDelegations", "delegationChain", "authenticateSession", "jwt", "context", "auth", "sessionKey", "ECDSAKeyIdentity", "publicKey", "delegations", "data", "authenticate", "generateIdentity", "caller", "salt", "result", "AuthenticationError", "userKey", "expiration", "rest", "signedDelegation", "retryGetDelegation", "delegation", "signature", "pubkey", "signedExpiration", "targets", "Delegation", "fromNullable", "maxRetries", "i", "resolve", "getDelegation", "Err", "GetDelegationError", "GetDelegationRetryError", "isEmptyString", "initOAuth", "url", "result", "error", "ApiGitHubInitError", "finalizeOAuth", "body", "ApiGitHubFinalizeError", "authenticateGitHubWithRedirect", "auth", "context", "finalizeUrl", "search", "urlParams", "code", "state", "result", "finalizeOAuth", "idToken", "isEmptyString", "AuthenticationUndefinedJwtError", "authenticateSession", "isEmptyString", "authenticateGoogleWithRedirect", "auth", "context", "hash", "isEmptyString", "AuthenticationUrlHashError", "params", "state", "idToken", "savedState", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "authenticateSession", "authenticate", "params", "context", "loadContext", "redirect", "auth", "finalizeUrl", "GITHUB_PROVIDER", "authenticateGitHubWithRedirect", "google", "jwt", "authenticateSession", "authenticateGoogleWithRedirect", "buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect", "isFedCMSupported", "userAgent"]
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@junobuild/auth",
-  "version": "3.0.0",
+  "version": "3.0.2",
   "description": "A SDK for working with Juno authentication modules",
   "author": "David Dal Busco (https://daviddalbusco.com)",
   "license": "MIT",

package/dist/browser/chunk-Z5IIWCGH.js DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import{k as e,l as o}from"./chunk-YFE7TMHK.js";var i=async({url:t})=>{try{let r=await fetch(t,{credentials:"include"});return r.ok?await r.json():{error:new Error(`Failed to fetch ${t} (${r.status})`)}}catch(r){return{error:new e({cause:r})}}},a=async({url:t,body:r})=>{try{let n=await fetch(t,{method:"POST",credentials:"include",headers:{"Content-Type":"application/json"},body:JSON.stringify(r)});return n.ok?await n.json():{error:new Error(`Failed to fetch ${t} (${n.status})`)}}catch(n){return{error:new o({cause:n})}}};export{i as a,a as b};
2	- //# sourceMappingURL=chunk-Z5IIWCGH.js.map

package/dist/browser/chunk-Z5IIWCGH.js.map DELETED Viewed

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/providers/github/_api.ts"],
-  "sourcesContent": ["import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n  url\n}: {\n  url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      credentials: 'include'\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    return await result.json();\n  } catch (error: unknown) {\n    return {error: new ApiGitHubInitError({cause: error})};\n  }\n};\n\nexport const finalizeOAuth = async ({\n  url,\n  body\n}: {\n  url: string;\n  body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n  try {\n    const result = await fetch(url, {\n      method: 'POST',\n      credentials: 'include',\n      headers: {'Content-Type': 'application/json'},\n      body: JSON.stringify(body)\n    });\n\n    if (!result.ok) {\n      return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n    }\n\n    return await result.json();\n  } catch (error: unknown) {\n    return {error: new ApiGitHubFinalizeError({cause: error})};\n  }\n};\n"],
-  "mappings": "+CAEO,IAAMA,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAIL,MAAMA,EAAO,KAAK,EAHhB,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAIzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF",
-  "names": ["initOAuth", "url", "result", "error", "ApiGitHubInitError", "finalizeOAuth", "body", "ApiGitHubFinalizeError"]
-}

package/dist/browser/chunk-ZTS76UPF.js.map DELETED Viewed

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts"],
-  "sourcesContent": ["import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n  const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n    const requestUrl = parseUrl({url: initUrl});\n    requestUrl.searchParams.set('nonce', nonce);\n\n    const result = await initOAuth({url: requestUrl.toString()});\n\n    if ('error' in result) {\n      throw result.error;\n    }\n\n    const {\n      success: {state}\n    } = result;\n\n    return state;\n  };\n\n  return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared by the proxy backend with the value it initiated.\n  requestUrl.searchParams.set('state', state);\n\n  window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n  toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n  generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n  FedCMIdentityCredentialInvalidError,\n  FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n *  References:\n *  - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n *  - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n  authUrl,\n  clientId,\n  nonce,\n  loginHint,\n  authScopes,\n  state,\n  redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n  const requestUrl = parseUrl({url: authUrl});\n\n  requestUrl.searchParams.set('client_id', clientId);\n\n  const {\n    location: {origin: currentUrl}\n  } = window;\n\n  requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n  // We do not request \"token\" because we use the ID token (JWT).\n  // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n  requestUrl.searchParams.set('response_type', 'code id_token');\n\n  requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n  // Used for security reasons. When the provider redirects to the application,\n  // the state will be compared with the session storage value.\n  requestUrl.searchParams.set('state', state);\n\n  // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n  // to the provider and make the request to the backend with its salt.\n  requestUrl.searchParams.set('nonce', nonce);\n\n  if (notEmptyString(loginHint)) {\n    requestUrl.searchParams.set('login_hint', loginHint);\n  } else {\n    requestUrl.searchParams.set('prompt', 'select_account');\n  }\n\n  window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n  configUrl: configURL,\n  clientId,\n  nonce,\n  loginHint,\n  domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n  const identityCredential = await navigator.credentials.get({\n    // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n    // @ts-ignore\n    identity: {\n      context: 'use',\n      providers: [\n        {\n          configURL,\n          clientId,\n          nonce,\n          loginHint,\n          domainHint\n        }\n      ],\n      mode: 'active'\n    },\n    // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n    mediation: 'required'\n  });\n\n  if (isNullish(identityCredential)) {\n    throw new FedCMIdentityCredentialUndefinedError();\n  }\n\n  const {type} = identityCredential;\n\n  if (\n    type !== 'identity' ||\n    !('token' in identityCredential) ||\n    typeof identityCredential.token !== 'string'\n  ) {\n    // This should be unreachable in FedCM spec-compliant browsers.\n    throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n      cause: identityCredential\n    });\n  }\n\n  const {token: jwt} = identityCredential;\n  return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n  requestGoogleJwtWithCredentials,\n  requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n  RequestGoogleJwtCredentialsParams,\n  RequestGoogleJwtParams,\n  RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n  google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n  args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n  args:\n    | {\n        google: RequestGoogleJwtParams;\n      }\n    | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n  if ('github' in args) {\n    const {github} = args;\n\n    const {redirect} = github;\n    const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n    const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n    const context = await initContext({\n      generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n    });\n\n    requestGitHubJwtWithRedirect({\n      ...restRedirect,\n      ...context,\n      authUrl,\n      authScopes\n    });\n    return;\n  }\n\n  const context = await initContext({generateState: generateGoogleState});\n\n  const {google} = args;\n\n  if ('credentials' in google) {\n    const {credentials} = google;\n    const {configUrl} = GOOGLE_PROVIDER;\n\n    return await requestGoogleJwtWithCredentials({\n      ...credentials,\n      ...context,\n      configUrl\n    });\n  }\n\n  const {redirect} = google;\n  const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n  requestGoogleJwtWithRedirect({\n    ...redirect,\n    ...context,\n    authUrl,\n    authScopes\n  });\n}\n"],
-  "mappings": "4LAKO,IAAMA,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAErEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC3BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,EAAW,kBAAAC,MAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,EAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,EAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,EACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH",
-  "names": ["buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect"]
-}

/package/dist/browser/{chunk-VL5VEK6Q.js.map → chunk-ADUDPJTU.js.map} RENAMED Viewed

File without changes