@junobuild/auth 3.0.1 → 3.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/browser/{chunk-PNQPTEXZ.js → chunk-OEAUBI3D.js} +1 -1
  2. package/dist/browser/chunk-OEAUBI3D.js.map +7 -0
  3. package/dist/browser/index.js +1 -1
  4. package/dist/browser/request.js +1 -1
  5. package/dist/node/index.mjs.map +2 -2
  6. package/package.json +1 -1
  7. package/dist/browser/chunk-PNQPTEXZ.js.map +0 -7
package/dist/browser/{chunk-PNQPTEXZ.js → chunk-OEAUBI3D.js} RENAMED
@@ -1,2 +1,2 @@
1
1
  import{a as R}from"./chunk-XEH4GOSK.js";import{a as w,b as c,c as l}from"./chunk-TUWQPO6Z.js";import{b as m,c as d}from"./chunk-TFUQURYA.js";import{c as p,d as g}from"./chunk-YFE7TMHK.js";var h=({initUrl:r})=>async({nonce:o})=>{let i=c({url:r});i.searchParams.set("nonce",o);let s=await R({url:i.toString()});if("error"in s)throw s.error;let{success:{state:e}}=s;return e};var f=({authUrl:r,clientId:n,authScopes:o,state:i,redirectUrl:s})=>{let e=c({url:r});e.searchParams.set("client_id",n);let{location:{origin:a}}=window;e.searchParams.set("redirect_uri",s??a),e.searchParams.set("scope",o.join(" ")),e.searchParams.set("state",i),window.location.href=e.toString()};var q=()=>w(window.crypto.getRandomValues(new Uint8Array(12)));var P=async r=>q();import{isNullish as v,notEmptyString as x}from"@dfinity/utils";var y=({authUrl:r,clientId:n,nonce:o,loginHint:i,authScopes:s,state:e,redirectUrl:a})=>{let t=c({url:r});t.searchParams.set("client_id",n);let{location:{origin:u}}=window;t.searchParams.set("redirect_uri",a??u),t.searchParams.set("response_type","code id_token"),t.searchParams.set("scope",s.join(" ")),t.searchParams.set("state",e),t.searchParams.set("nonce",o),x(i)?t.searchParams.set("login_hint",i):t.searchParams.set("prompt","select_account"),window.location.href=t.toString()},G=async({configUrl:r,clientId:n,nonce:o,loginHint:i,domainHint:s})=>{let e=await navigator.credentials.get({identity:{context:"use",providers:[{configURL:r,clientId:n,nonce:o,loginHint:i,domainHint:s}],mode:"active"},mediation:"required"});if(v(e))throw new p;let{type:a}=e;if(a!=="identity"||!("token"in e)||typeof e.token!="string")throw new g("Invalid credential received from FedCM API",{cause:e});let{token:t}=e;return{jwt:t}};async function Q(r){if("github"in r){let{github:a}=r,{redirect:t}=a,{initUrl:u,...J}=t,{authUrl:U,authScopes:b,initUrl:C}=d,S=await l({generateState:h({initUrl:u??C})});f({...J,...S,authUrl:U,authScopes:b});return}let n=await l({generateState:P}),{google:o}=r;if("credentials"in o){let{credentials:a}=o,{configUrl:t}=m;return await G({...a,...n,configUrl:t})}let{redirect:i}=o,{authUrl:s,authScopes:e}=m;y({...i,...n,authUrl:s,authScopes:e})}export{Q as a};
2
- //# sourceMappingURL=chunk-PNQPTEXZ.js.map
2
+ //# sourceMappingURL=chunk-OEAUBI3D.js.map
package/dist/browser/chunk-OEAUBI3D.js.map ADDED
@@ -0,0 +1,7 @@
1
+ {
2
+ "version": 3,
3
+ "sources": ["../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts"],
4
+ "sourcesContent": ["import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n const requestUrl = parseUrl({url: initUrl});\n requestUrl.searchParams.set('nonce', nonce);\n\n const result = await initOAuth({url: requestUrl.toString()});\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {state}\n } = result;\n\n return state;\n };\n\n return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n authUrl,\n clientId,\n authScopes,\n state,\n redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // Note: GitHub Apps ignore this parameter and use permissions from app settings instead\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared by the proxy backend with the value it initiated.\n requestUrl.searchParams.set('state', state);\n\n window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n requestGoogleJwtWithCredentials,\n requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n RequestGoogleJwtCredentialsParams,\n RequestGoogleJwtParams,\n RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n args:\n | {\n google: RequestGoogleJwtParams;\n }\n | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n if ('github' in args) {\n const {github} = args;\n\n const {redirect} = github;\n const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n const context = await initContext({\n generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n });\n\n requestGitHubJwtWithRedirect({\n ...restRedirect,\n ...context,\n authUrl,\n authScopes\n });\n return;\n }\n\n const context = await initContext({generateState: generateGoogleState});\n\n const {google} = args;\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestGoogleJwtWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestGoogleJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n"],
5
+ "mappings": "4LAKO,IAAMA,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAGrEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC5BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,EAAW,kBAAAC,MAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,EAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,EAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,EACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH",
6
+ "names": ["buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect"]
7
+ }
package/dist/browser/index.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a as d}from"./chunk-ADUDPJTU.js";import"./chunk-FVWXAETP.js";import{a as g}from"./chunk-PNQPTEXZ.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import{a as r,b as o,c as p,d as s,e as i,f as n,g as y,h as u,i as m,j as a,k as f,l as x}from"./chunk-YFE7TMHK.js";var v=()=>{let{userAgent:e}=navigator;return/SamsungBrowser/i.test(e)?!1:"IdentityCredential"in window};export{x as ApiGitHubFinalizeError,f as ApiGitHubInitError,i as AuthenticationError,y as AuthenticationInvalidStateError,u as AuthenticationUndefinedJwtError,n as AuthenticationUrlHashError,o as ContextUndefinedError,s as FedCMIdentityCredentialInvalidError,p as FedCMIdentityCredentialUndefinedError,m as GetDelegationError,a as GetDelegationRetryError,r as InvalidUrlError,d as authenticate,v as isFedCMSupported,g as requestJwt};
1
+ import{a as d}from"./chunk-ADUDPJTU.js";import"./chunk-FVWXAETP.js";import{a as g}from"./chunk-OEAUBI3D.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import{a as r,b as o,c as p,d as s,e as i,f as n,g as y,h as u,i as m,j as a,k as f,l as x}from"./chunk-YFE7TMHK.js";var v=()=>{let{userAgent:e}=navigator;return/SamsungBrowser/i.test(e)?!1:"IdentityCredential"in window};export{x as ApiGitHubFinalizeError,f as ApiGitHubInitError,i as AuthenticationError,y as AuthenticationInvalidStateError,u as AuthenticationUndefinedJwtError,n as AuthenticationUrlHashError,o as ContextUndefinedError,s as FedCMIdentityCredentialInvalidError,p as FedCMIdentityCredentialUndefinedError,m as GetDelegationError,a as GetDelegationRetryError,r as InvalidUrlError,d as authenticate,v as isFedCMSupported,g as requestJwt};
2
2
  //# sourceMappingURL=index.js.map
package/dist/browser/request.js CHANGED
@@ -1,2 +1,2 @@
1
- import{a}from"./chunk-PNQPTEXZ.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as requestJwt};
1
+ import{a}from"./chunk-OEAUBI3D.js";import"./chunk-XEH4GOSK.js";import"./chunk-TUWQPO6Z.js";import"./chunk-TFUQURYA.js";import"./chunk-YFE7TMHK.js";export{a as requestJwt};
2
2
  //# sourceMappingURL=request.js.map
package/dist/node/index.mjs.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../src/_constants.ts", "../../src/_context.ts", "../../src/errors.ts", "../../src/utils/auth.utils.ts", "../../src/utils/url.utils.ts", "../../src/utils/session-storage.utils.ts", "../../src/_session.ts", "../../src/api/_actor.api.ts", "../../src/api/auth.api.ts", "../../src/utils/session.utils.ts", "../../src/providers/github/authenticate.ts", "../../src/providers/github/_api.ts", "../../src/providers/google/authenticate.ts", "../../src/authenticate.ts", "../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts", "../../src/utils/openid.utils.ts"],
4
- "sourcesContent": ["import type {OpenIdGitHubProvider} from './providers/github/types/provider';\nimport type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n authScopes: ['openid', 'profile', 'email'],\n configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n\nexport const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://github.com/login/oauth/authorize',\n authScopes: ['read:user', 'user:email'],\n initUrl: 'https://api.juno.build/v1/auth/init/github',\n finalizeUrl: 'https://api.juno.build/v1/auth/finalize/github'\n};\n", "import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\n\nexport const initContext = async ({\n generateState\n}: {\n generateState: (params: {nonce: Nonce}) => Promise<string>;\n}): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n const caller = Ed25519KeyIdentity.generate();\n const {nonce, salt} = await generateNonce({caller});\n\n const state = await generateState({nonce});\n\n const storedData = stringifyContext({\n caller,\n salt,\n state\n });\n\n sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n return {\n nonce,\n state\n };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n if (isNullish(storedContext)) {\n throw new ContextUndefinedError();\n }\n\n return parseContext(storedContext);\n};\n", "export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n\nexport class ApiGitHubInitError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth initialization failed', options);\n }\n}\n\nexport class ApiGitHubFinalizeError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth finalization failed', options);\n }\n}\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n const principal = caller.getPrincipal().toUint8Array();\n\n const bytes = new Uint8Array(salt.length + principal.byteLength);\n bytes.set(salt);\n bytes.set(principal, salt.length);\n\n const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n caller\n}: {\n caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n const salt = generateSalt();\n const nonce = await buildNonce({salt, caller});\n\n return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {InvalidUrlError} from '../errors';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\nexport const parseUrl = ({url}: {url: string}): URL => {\n try {\n // Use the URL constructor, for backwards compatibility with older Android/WebView.\n return new URL(url);\n } catch (_error: unknown) {\n throw new InvalidUrlError('Cannot parse authURL', {cause: url});\n }\n};\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n [JSON_KEY_SALT]: string;\n [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n const data: StoredContext = {\n [JSON_KEY_CALLER]: caller.toJSON(),\n [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n [JSON_KEY_STATE]: state\n };\n\n return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n const {\n [JSON_KEY_CALLER]: jsonCaller,\n [JSON_KEY_SALT]: jsonSalt,\n [JSON_KEY_STATE]: state\n }: StoredContext = JSON.parse(jsonData);\n\n return {\n caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n salt: base64ToUint8Array(jsonSalt),\n state\n };\n};\n", "import {fromNullable} from '@dfinity/utils';\nimport type {Signature} from '@icp-sdk/core/agent';\nimport {Delegation, ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport {authenticate as authenticateApi, getDelegation as getDelegationApi} from './api/auth.api';\nimport {AuthenticationError, GetDelegationError, GetDelegationRetryError} from './errors';\nimport type {AuthenticationData, GetDelegationArgs, SignedDelegation} from './types/actor';\nimport type {AuthenticatedSession, AuthParameters} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Delegations} from './types/session';\nimport {generateIdentity} from './utils/session.utils';\n\ninterface AuthContext {\n context: Omit<OpenIdAuthContext, 'state'>;\n auth: AuthParameters;\n}\ntype AuthenticationArgs = {jwt: string} & AuthContext;\n\nexport const authenticateSession = async <T extends AuthParameters>({\n jwt,\n context,\n auth\n}: AuthenticationArgs): Promise<AuthenticatedSession<T>> => {\n const sessionKey = await ECDSAKeyIdentity.generate({extractable: false});\n\n const publicKey = new Uint8Array(sessionKey.getPublicKey().toDer());\n\n const {delegations, data} = await authenticate<T>({\n jwt,\n publicKey,\n context,\n auth\n });\n\n const identity = generateIdentity({\n sessionKey,\n delegations\n });\n\n return {identity, data};\n};\n\nconst authenticate = async <T extends AuthParameters>({\n jwt,\n publicKey,\n context: {caller, salt},\n auth\n}: {\n publicKey: Uint8Array;\n} & AuthenticationArgs): Promise<{delegations: Delegations; data: AuthenticationData<T>}> => {\n const result = await authenticateApi({\n args: {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt\n }\n },\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n throw new AuthenticationError('Authentication failed', {cause: result});\n }\n\n const {\n delegation: {user_key: userKey, expiration},\n ...rest\n } = result.Ok;\n\n const signedDelegation = await retryGetDelegation({\n jwt,\n context: {caller, salt},\n auth,\n publicKey,\n expiration\n });\n\n const {delegation, signature} = signedDelegation;\n const {pubkey, expiration: signedExpiration, targets} = delegation;\n\n const delegations: Delegations = [\n userKey,\n [\n {\n delegation: new Delegation(\n Uint8Array.from(pubkey),\n signedExpiration,\n fromNullable(targets)\n ),\n signature: Uint8Array.from(signature) as unknown as Signature\n }\n ]\n ];\n\n return {delegations, data: rest as AuthenticationData<T>};\n};\n\nconst retryGetDelegation = async ({\n jwt,\n publicKey,\n context: {salt, caller},\n auth,\n expiration,\n maxRetries = 5\n}: {\n publicKey: Uint8Array;\n expiration: bigint;\n maxRetries?: number;\n} & AuthenticationArgs): Promise<SignedDelegation> => {\n for (let i = 0; i < maxRetries; i++) {\n // Linear backoff\n await new Promise((resolve) => {\n setInterval(resolve, 1000 * i);\n });\n\n const args: GetDelegationArgs = {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt,\n expiration\n }\n };\n\n const result = await getDelegationApi({\n args,\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n const {Err} = result;\n\n if ('NoSuchDelegation' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n if ('GetCachedJwks' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n throw new GetDelegationError('Getting delegation failed', {cause: result});\n }\n\n return result.Ok;\n }\n\n throw new GetDelegationRetryError();\n};\n", "import {\n type ConsoleActor,\n type SatelliteActor,\n getConsoleActor,\n getSatelliteActor\n} from '@junobuild/ic-client/actor';\nimport type {ActorParameters} from '../types/actor';\n\nexport const getAuthActor = ({\n auth,\n identity\n}: ActorParameters): Promise<ConsoleActor | SatelliteActor> =>\n 'satellite' in auth\n ? getSatelliteActor({...auth.satellite, identity})\n : getConsoleActor({...auth.console, identity});\n", "import type {\n ActorParameters,\n AuthenticationArgs,\n AuthenticationResult,\n GetDelegationArgs,\n GetDelegationResult\n} from '../types/actor';\nimport {getAuthActor} from './_actor.api';\n\nexport const authenticate = async ({\n actorParams,\n args\n}: {\n args: AuthenticationArgs;\n actorParams: ActorParameters;\n}): Promise<AuthenticationResult> => {\n const {authenticate} = await getAuthActor(actorParams);\n return await authenticate(args);\n};\n\nexport const getDelegation = async ({\n actorParams,\n args\n}: {\n args: GetDelegationArgs;\n actorParams: ActorParameters;\n}): Promise<GetDelegationResult> => {\n const {get_delegation} = await getAuthActor(actorParams);\n return await get_delegation(args);\n};\n", "import {DelegationChain, DelegationIdentity, type ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport type {AuthenticatedIdentity} from '../types/authenticate';\nimport type {Delegations} from '../types/session';\n\nexport const generateIdentity = ({\n delegations,\n sessionKey\n}: {\n delegations: Delegations;\n sessionKey: ECDSAKeyIdentity;\n}): AuthenticatedIdentity => {\n const [userKey, signedDelegations] = delegations;\n\n const delegationChain = DelegationChain.fromDelegations(\n signedDelegations,\n Uint8Array.from(userKey)\n );\n\n const identity = DelegationIdentity.fromDelegation(sessionKey, delegationChain);\n\n return {identity, delegationChain, sessionKey};\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {AuthenticationUndefinedJwtError} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\nimport {finalizeOAuth} from './_api';\nimport type {AuthenticationGitHubRedirect} from './types/authenticate';\n\nexport const authenticateGitHubWithRedirect = async <T extends AuthParameters>({\n auth,\n context,\n redirect: {finalizeUrl}\n}: {\n auth: AuthParameters;\n context: Omit<OpenIdAuthContext, 'state'>;\n redirect: AuthenticationGitHubRedirect;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {search}\n } = window;\n\n const urlParams = new URLSearchParams(search);\n const code = urlParams.get('code');\n const state = urlParams.get('state');\n\n const result = await finalizeOAuth({\n url: finalizeUrl,\n body: {code, state}\n });\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {token: idToken}\n } = result;\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n url\n}: {\n url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n credentials: 'include'\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n const data: {state: string} = await result.json();\n return {success: data};\n } catch (error: unknown) {\n return {error: new ApiGitHubInitError({cause: error})};\n }\n};\n\nexport const finalizeOAuth = async ({\n url,\n body\n}: {\n url: string;\n body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n method: 'POST',\n credentials: 'include',\n headers: {'Content-Type': 'application/json'},\n body: JSON.stringify(body)\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n const data: {token: string} = await result.json();\n return {success: data};\n } catch (error: unknown) {\n return {error: new ApiGitHubFinalizeError({cause: error})};\n }\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {\n AuthenticationInvalidStateError,\n AuthenticationUndefinedJwtError,\n AuthenticationUrlHashError\n} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\n\nexport const authenticateGoogleWithRedirect = async <T extends AuthParameters>({\n auth,\n context\n}: {\n auth: AuthParameters;\n context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {hash}\n } = window;\n\n if (isEmptyString(hash) || !hash.startsWith('#')) {\n throw new AuthenticationUrlHashError('No hash found in the current location URL');\n }\n\n const params = new URLSearchParams(hash.slice(1));\n const state = params.get('state');\n const idToken = params.get('id_token');\n\n const {state: savedState} = context;\n\n if (isEmptyString(savedState) || state !== savedState) {\n throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n }\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {GITHUB_PROVIDER} from './_constants';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {authenticateGitHubWithRedirect} from './providers/github/authenticate';\nimport {authenticateGoogleWithRedirect} from './providers/google/authenticate';\nimport type {\n AuthenticatedSession,\n AuthenticationParams,\n AuthParameters\n} from './types/authenticate';\n\nexport const authenticate = async <T extends AuthParameters>(\n params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n const context = loadContext();\n\n if ('github' in params) {\n const {\n github: {redirect, auth}\n } = params;\n\n const {finalizeUrl} = GITHUB_PROVIDER;\n\n return await authenticateGitHubWithRedirect<T>({\n redirect: redirect ?? {finalizeUrl},\n auth,\n context\n });\n }\n\n const {google} = params;\n\n if ('credentials' in google) {\n const {\n credentials: {jwt},\n auth\n } = google;\n\n return await authenticateSession({\n jwt,\n context,\n auth\n });\n }\n\n return await authenticateGoogleWithRedirect<T>({...google, context});\n};\n", "import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n const requestUrl = parseUrl({url: initUrl});\n requestUrl.searchParams.set('nonce', nonce);\n\n const result = await initOAuth({url: requestUrl.toString()});\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {state}\n } = result;\n\n return state;\n };\n\n return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n authUrl,\n clientId,\n authScopes,\n state,\n redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared by the proxy backend with the value it initiated.\n requestUrl.searchParams.set('state', state);\n\n window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n requestGoogleJwtWithCredentials,\n requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n RequestGoogleJwtCredentialsParams,\n RequestGoogleJwtParams,\n RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n args:\n | {\n google: RequestGoogleJwtParams;\n }\n | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n if ('github' in args) {\n const {github} = args;\n\n const {redirect} = github;\n const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n const context = await initContext({\n generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n });\n\n requestGitHubJwtWithRedirect({\n ...restRedirect,\n ...context,\n authUrl,\n authScopes\n });\n return;\n }\n\n const context = await initContext({generateState: generateGoogleState});\n\n const {google} = args;\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestGoogleJwtWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestGoogleJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n", "/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n * - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n const {userAgent} = navigator;\n\n // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n if (isSamsungBrowser) {\n return false;\n }\n\n return 'IdentityCredential' in window;\n};\n"],
5
- "mappings": ";;AAGO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,EAEaC,EAA0E,CACrF,QAAS,2CACT,WAAY,CAAC,YAAa,YAAY,EACtC,QAAS,6CACT,YAAa,gDACf,ECjBA,OAAQ,aAAAC,OAAgB,iBACxB,OAAQ,sBAAAC,OAAyB,yBCD1B,IAAMC,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,EAEvCC,EAAN,cAAiC,KAAM,CAC5C,YAAYC,EAAwB,CAClC,MAAM,qCAAsCA,CAAO,CACrD,CACF,EAEaC,EAAN,cAAqC,KAAM,CAChD,YAAYD,EAAwB,CAClC,MAAM,mCAAoCA,CAAO,CACnD,CACF,ECxBA,OAAQ,2BAAAE,OAA8B,iBCAtC,OAAQ,sBAAAC,OAAyB,iBAK1B,IAAMC,EAAeC,GAC1BC,GAAmBD,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EAE7EE,EAAW,CAAC,CAAC,IAAAC,CAAG,IAA0B,CACrD,GAAI,CAEF,OAAO,IAAI,IAAIA,CAAG,CACpB,MAA0B,CACxB,MAAM,IAAIC,EAAgB,uBAAwB,CAAC,MAAOD,CAAG,CAAC,CAChE,CACF,EDVA,IAAME,GAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,GAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,GAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,GAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,GAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,GAAoB,sBAAAC,OAAyB,iBACrD,OAAQ,sBAAAC,OAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,GAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,GAAmB,eAAeW,CAAU,EACpD,KAAMb,GAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EJ3BO,IAAMO,EAAc,MAAO,CAChC,cAAAC,CACF,IAEkE,CAChE,IAAMC,EAASC,GAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAE5CK,EAAQ,MAAMN,EAAc,CAAC,MAAAG,CAAK,CAAC,EAEnCI,EAAaC,EAAiB,CAClC,OAAAP,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQG,EAAaF,CAAU,EAEvC,CACL,MAAAJ,EACA,MAAAG,CACF,CACF,EAEaI,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,GAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC,EKzCA,OAAQ,gBAAAI,OAAmB,iBAE3B,OAAQ,cAAAC,GAAY,oBAAAC,OAAuB,yBCF3C,OAGE,mBAAAC,GACA,qBAAAC,OACK,6BAGA,IAAMC,EAAe,CAAC,CAC3B,KAAAC,EACA,SAAAC,CACF,IACE,cAAeD,EACXF,GAAkB,CAAC,GAAGE,EAAK,UAAW,SAAAC,CAAQ,CAAC,EAC/CJ,GAAgB,CAAC,GAAGG,EAAK,QAAS,SAAAC,CAAQ,CAAC,ECL1C,IAAMC,EAAe,MAAO,CACjC,YAAAC,EACA,KAAAC,CACF,IAGqC,CACnC,GAAM,CAAC,aAAAF,CAAY,EAAI,MAAMG,EAAaF,CAAW,EACrD,OAAO,MAAMD,EAAaE,CAAI,CAChC,EAEaE,EAAgB,MAAO,CAClC,YAAAH,EACA,KAAAC,CACF,IAGoC,CAClC,GAAM,CAAC,eAAAG,CAAc,EAAI,MAAMF,EAAaF,CAAW,EACvD,OAAO,MAAMI,EAAeH,CAAI,CAClC,EC7BA,OAAQ,mBAAAI,GAAiB,sBAAAC,OAAgD,yBAIlE,IAAMC,EAAmB,CAAC,CAC/B,YAAAC,EACA,WAAAC,CACF,IAG6B,CAC3B,GAAM,CAACC,EAASC,CAAiB,EAAIH,EAE/BI,EAAkBP,GAAgB,gBACtCM,EACA,WAAW,KAAKD,CAAO,CACzB,EAIA,MAAO,CAAC,SAFSJ,GAAmB,eAAeG,EAAYG,CAAe,EAE5D,gBAAAA,EAAiB,WAAAH,CAAU,CAC/C,EHJO,IAAMI,EAAsB,MAAiC,CAClE,IAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA4D,CAC1D,IAAMC,EAAa,MAAMC,GAAiB,SAAS,CAAC,YAAa,EAAK,CAAC,EAEjEC,EAAY,IAAI,WAAWF,EAAW,aAAa,EAAE,MAAM,CAAC,EAE5D,CAAC,YAAAG,EAAa,KAAAC,CAAI,EAAI,MAAMC,GAAgB,CAChD,IAAAR,EACA,UAAAK,EACA,QAAAJ,EACA,KAAAC,CACF,CAAC,EAOD,MAAO,CAAC,SALSO,EAAiB,CAChC,WAAAN,EACA,YAAAG,CACF,CAAC,EAEiB,KAAAC,CAAI,CACxB,EAEMC,GAAe,MAAiC,CACpD,IAAAR,EACA,UAAAK,EACA,QAAS,CAAC,OAAAK,EAAQ,KAAAC,CAAI,EACtB,KAAAT,CACF,IAE6F,CAC3F,IAAMU,EAAS,MAAMJ,EAAgB,CACnC,KAAM,CACJ,OAAQ,CACN,IAAAR,EACA,YAAaK,EACb,KAAAM,CACF,CACF,EACA,YAAa,CACX,KAAAT,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EACX,MAAM,IAAIC,EAAoB,wBAAyB,CAAC,MAAOD,CAAM,CAAC,EAGxE,GAAM,CACJ,WAAY,CAAC,SAAUE,EAAS,WAAAC,CAAU,EAC1C,GAAGC,CACL,EAAIJ,EAAO,GAELK,EAAmB,MAAMC,GAAmB,CAChD,IAAAlB,EACA,QAAS,CAAC,OAAAU,EAAQ,KAAAC,CAAI,EACtB,KAAAT,EACA,UAAAG,EACA,WAAAU,CACF,CAAC,EAEK,CAAC,WAAAI,EAAY,UAAAC,CAAS,EAAIH,EAC1B,CAAC,OAAAI,EAAQ,WAAYC,EAAkB,QAAAC,EAAO,EAAIJ,EAgBxD,MAAO,CAAC,YAdyB,CAC/BL,EACA,CACE,CACE,WAAY,IAAIU,GACd,WAAW,KAAKH,CAAM,EACtBC,EACAG,GAAaF,EAAO,CACtB,EACA,UAAW,WAAW,KAAKH,CAAS,CACtC,CACF,CACF,EAEqB,KAAMJ,CAA6B,CAC1D,EAEME,GAAqB,MAAO,CAChC,IAAAlB,EACA,UAAAK,EACA,QAAS,CAAC,KAAAM,EAAM,OAAAD,CAAM,EACtB,KAAAR,EACA,WAAAa,EACA,WAAAW,EAAa,CACf,IAIsD,CACpD,QAASC,EAAI,EAAGA,EAAID,EAAYC,IAAK,CAEnC,MAAM,IAAI,QAASC,GAAY,CAC7B,YAAYA,EAAS,IAAOD,CAAC,CAC/B,CAAC,EAWD,IAAMf,EAAS,MAAMiB,EAAiB,CACpC,KAV8B,CAC9B,OAAQ,CACN,IAAA7B,EACA,YAAaK,EACb,KAAAM,EACA,WAAAI,CACF,CACF,EAIE,YAAa,CACX,KAAAb,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EAAQ,CACnB,GAAM,CAAC,IAAAkB,CAAG,EAAIlB,EAOd,GALI,qBAAsBkB,GAKtB,kBAAmBA,EAErB,SAGF,MAAM,IAAIC,EAAmB,4BAA6B,CAAC,MAAOnB,CAAM,CAAC,CAC3E,CAEA,OAAOA,EAAO,EAChB,CAEA,MAAM,IAAIoB,CACZ,EI3JA,OAAQ,iBAAAC,OAAoB,iBCErB,IAAMC,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF,EDvCO,IAAMK,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,EACA,SAAU,CAAC,YAAAC,CAAW,CACxB,IAIwC,CACtC,GAAM,CACJ,SAAU,CAAC,OAAAC,CAAM,CACnB,EAAI,OAEEC,EAAY,IAAI,gBAAgBD,CAAM,EACtCE,EAAOD,EAAU,IAAI,MAAM,EAC3BE,EAAQF,EAAU,IAAI,OAAO,EAE7BG,EAAS,MAAMC,EAAc,CACjC,IAAKN,EACL,KAAM,CAAC,KAAAG,EAAM,MAAAC,CAAK,CACpB,CAAC,EAED,GAAI,UAAWC,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAOE,CAAO,CAC1B,EAAIF,EAGJ,GAAIG,GAAcD,CAAO,EACvB,MAAM,IAAIE,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKH,EACL,KAAAT,EACA,QAAAC,CACF,CAAC,CACH,EEhDA,OAAQ,iBAAAY,MAAoB,iBAUrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMC,EAAS,IAAI,gBAAgBH,EAAK,MAAM,CAAC,CAAC,EAC1CI,EAAQD,EAAO,IAAI,OAAO,EAC1BE,EAAUF,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOG,CAAU,EAAIP,EAE5B,GAAIE,EAAcK,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIH,EAAcI,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKJ,EACL,KAAAP,EACA,QAAAC,CACF,CAAC,CACH,EClCO,IAAMW,GAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,WAAYF,EAAQ,CACtB,GAAM,CACJ,OAAQ,CAAC,SAAAG,EAAU,KAAAC,CAAI,CACzB,EAAIJ,EAEE,CAAC,YAAAK,CAAW,EAAIC,EAEtB,OAAO,MAAMC,EAAkC,CAC7C,SAAUJ,GAAY,CAAC,YAAAE,CAAW,EAClC,KAAAD,EACA,QAAAH,CACF,CAAC,CACH,CAEA,GAAM,CAAC,OAAAO,CAAM,EAAIR,EAEjB,GAAI,gBAAiBQ,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAC,CAAG,EACjB,KAAAL,CACF,EAAII,EAEJ,OAAO,MAAME,EAAoB,CAC/B,IAAAD,EACA,QAAAR,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAMO,EAAkC,CAAC,GAAGH,EAAQ,QAAAP,CAAO,CAAC,CACrE,ECzCO,IAAMW,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAErEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC3BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,GAAW,kBAAAC,OAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,GAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,GAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,GAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,GACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,GAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH,CCrEO,IAAMc,GAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
4
+ "sourcesContent": ["import type {OpenIdGitHubProvider} from './providers/github/types/provider';\nimport type {OpenIdProvider} from './types/provider';\n\nexport const CONTEXT_KEY = 'juno:auth:openid';\n\n// Create client_id: https://developers.google.com/identity/openid-connect/openid-connect#authenticationuriparameters\nexport const GOOGLE_PROVIDER: Omit<OpenIdProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n authScopes: ['openid', 'profile', 'email'],\n configUrl: 'https://accounts.google.com/gsi/fedcm.json'\n};\n\nexport const GITHUB_PROVIDER: Omit<OpenIdGitHubProvider, 'clientId' | 'redirectUrl'> = {\n authUrl: 'https://github.com/login/oauth/authorize',\n authScopes: ['read:user', 'user:email'],\n initUrl: 'https://api.juno.build/v1/auth/init/github',\n finalizeUrl: 'https://api.juno.build/v1/auth/finalize/github'\n};\n", "import {isNullish} from '@dfinity/utils';\nimport {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport {CONTEXT_KEY} from './_constants';\nimport {ContextUndefinedError} from './errors';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Nonce} from './types/nonce';\nimport {generateNonce} from './utils/auth.utils';\nimport {parseContext, stringifyContext} from './utils/session-storage.utils';\n\nexport const initContext = async ({\n generateState\n}: {\n generateState: (params: {nonce: Nonce}) => Promise<string>;\n}): Promise<{nonce: Nonce} & Pick<OpenIdAuthContext, 'state'>> => {\n const caller = Ed25519KeyIdentity.generate();\n const {nonce, salt} = await generateNonce({caller});\n\n const state = await generateState({nonce});\n\n const storedData = stringifyContext({\n caller,\n salt,\n state\n });\n\n sessionStorage.setItem(CONTEXT_KEY, storedData);\n\n return {\n nonce,\n state\n };\n};\n\nexport const loadContext = (): OpenIdAuthContext => {\n const storedContext = sessionStorage.getItem(CONTEXT_KEY);\n\n if (isNullish(storedContext)) {\n throw new ContextUndefinedError();\n }\n\n return parseContext(storedContext);\n};\n", "export class InvalidUrlError extends Error {}\nexport class ContextUndefinedError extends Error {}\n\nexport class FedCMIdentityCredentialUndefinedError extends Error {}\nexport class FedCMIdentityCredentialInvalidError extends Error {}\n\nexport class AuthenticationError extends Error {}\nexport class AuthenticationUrlHashError extends Error {}\nexport class AuthenticationInvalidStateError extends Error {}\nexport class AuthenticationUndefinedJwtError extends Error {}\n\nexport class GetDelegationError extends Error {}\nexport class GetDelegationRetryError extends Error {}\n\nexport class ApiGitHubInitError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth initialization failed', options);\n }\n}\n\nexport class ApiGitHubFinalizeError extends Error {\n constructor(options?: ErrorOptions) {\n super('GitHub OAuth finalization failed', options);\n }\n}\n", "import {arrayBufferToUint8Array} from '@dfinity/utils';\nimport type {Ed25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {Nonce, Salt} from '../types/nonce';\nimport {toBase64URL} from './url.utils';\n\nconst generateSalt = (): Salt => window.crypto.getRandomValues(new Uint8Array(32));\n\nconst buildNonce = async ({salt, caller}: {salt: Salt; caller: Ed25519KeyIdentity}) => {\n const principal = caller.getPrincipal().toUint8Array();\n\n const bytes = new Uint8Array(salt.length + principal.byteLength);\n bytes.set(salt);\n bytes.set(principal, salt.length);\n\n const hash = await window.crypto.subtle.digest('SHA-256', bytes);\n\n return toBase64URL(arrayBufferToUint8Array(hash));\n};\n\nexport const generateNonce = async ({\n caller\n}: {\n caller: Ed25519KeyIdentity;\n}): Promise<{nonce: Nonce; salt: Salt}> => {\n const salt = generateSalt();\n const nonce = await buildNonce({salt, caller});\n\n return {nonce, salt};\n};\n", "import {uint8ArrayToBase64} from '@dfinity/utils';\nimport {InvalidUrlError} from '../errors';\n\n// In the future: uint8Array.toBase64({ alphabet: \"base64url\" })\n// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Uint8Array/toBase64\nexport const toBase64URL = (uint8Array: Uint8Array): string =>\n uint8ArrayToBase64(uint8Array).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\nexport const parseUrl = ({url}: {url: string}): URL => {\n try {\n // Use the URL constructor, for backwards compatibility with older Android/WebView.\n return new URL(url);\n } catch (_error: unknown) {\n throw new InvalidUrlError('Cannot parse authURL', {cause: url});\n }\n};\n", "import {base64ToUint8Array, uint8ArrayToBase64} from '@dfinity/utils';\nimport {Ed25519KeyIdentity, type JsonnableEd25519KeyIdentity} from '@icp-sdk/core/identity';\nimport type {OpenIdAuthContext} from '../types/context';\n\nconst JSON_KEY_CALLER = '__caller__';\nconst JSON_KEY_SALT = '__salt__';\nconst JSON_KEY_STATE = '__state__';\n\ninterface StoredContext {\n [JSON_KEY_CALLER]: JsonnableEd25519KeyIdentity;\n [JSON_KEY_SALT]: string;\n [JSON_KEY_STATE]: string;\n}\n\nexport const stringifyContext = ({caller, state, salt}: OpenIdAuthContext): string => {\n const data: StoredContext = {\n [JSON_KEY_CALLER]: caller.toJSON(),\n [JSON_KEY_SALT]: uint8ArrayToBase64(salt),\n [JSON_KEY_STATE]: state\n };\n\n return JSON.stringify(data);\n};\n\nexport const parseContext = (jsonData: string): OpenIdAuthContext => {\n const {\n [JSON_KEY_CALLER]: jsonCaller,\n [JSON_KEY_SALT]: jsonSalt,\n [JSON_KEY_STATE]: state\n }: StoredContext = JSON.parse(jsonData);\n\n return {\n caller: Ed25519KeyIdentity.fromParsedJson(jsonCaller),\n salt: base64ToUint8Array(jsonSalt),\n state\n };\n};\n", "import {fromNullable} from '@dfinity/utils';\nimport type {Signature} from '@icp-sdk/core/agent';\nimport {Delegation, ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport {authenticate as authenticateApi, getDelegation as getDelegationApi} from './api/auth.api';\nimport {AuthenticationError, GetDelegationError, GetDelegationRetryError} from './errors';\nimport type {AuthenticationData, GetDelegationArgs, SignedDelegation} from './types/actor';\nimport type {AuthenticatedSession, AuthParameters} from './types/authenticate';\nimport type {OpenIdAuthContext} from './types/context';\nimport type {Delegations} from './types/session';\nimport {generateIdentity} from './utils/session.utils';\n\ninterface AuthContext {\n context: Omit<OpenIdAuthContext, 'state'>;\n auth: AuthParameters;\n}\ntype AuthenticationArgs = {jwt: string} & AuthContext;\n\nexport const authenticateSession = async <T extends AuthParameters>({\n jwt,\n context,\n auth\n}: AuthenticationArgs): Promise<AuthenticatedSession<T>> => {\n const sessionKey = await ECDSAKeyIdentity.generate({extractable: false});\n\n const publicKey = new Uint8Array(sessionKey.getPublicKey().toDer());\n\n const {delegations, data} = await authenticate<T>({\n jwt,\n publicKey,\n context,\n auth\n });\n\n const identity = generateIdentity({\n sessionKey,\n delegations\n });\n\n return {identity, data};\n};\n\nconst authenticate = async <T extends AuthParameters>({\n jwt,\n publicKey,\n context: {caller, salt},\n auth\n}: {\n publicKey: Uint8Array;\n} & AuthenticationArgs): Promise<{delegations: Delegations; data: AuthenticationData<T>}> => {\n const result = await authenticateApi({\n args: {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt\n }\n },\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n throw new AuthenticationError('Authentication failed', {cause: result});\n }\n\n const {\n delegation: {user_key: userKey, expiration},\n ...rest\n } = result.Ok;\n\n const signedDelegation = await retryGetDelegation({\n jwt,\n context: {caller, salt},\n auth,\n publicKey,\n expiration\n });\n\n const {delegation, signature} = signedDelegation;\n const {pubkey, expiration: signedExpiration, targets} = delegation;\n\n const delegations: Delegations = [\n userKey,\n [\n {\n delegation: new Delegation(\n Uint8Array.from(pubkey),\n signedExpiration,\n fromNullable(targets)\n ),\n signature: Uint8Array.from(signature) as unknown as Signature\n }\n ]\n ];\n\n return {delegations, data: rest as AuthenticationData<T>};\n};\n\nconst retryGetDelegation = async ({\n jwt,\n publicKey,\n context: {salt, caller},\n auth,\n expiration,\n maxRetries = 5\n}: {\n publicKey: Uint8Array;\n expiration: bigint;\n maxRetries?: number;\n} & AuthenticationArgs): Promise<SignedDelegation> => {\n for (let i = 0; i < maxRetries; i++) {\n // Linear backoff\n await new Promise((resolve) => {\n setInterval(resolve, 1000 * i);\n });\n\n const args: GetDelegationArgs = {\n OpenId: {\n jwt,\n session_key: publicKey,\n salt,\n expiration\n }\n };\n\n const result = await getDelegationApi({\n args,\n actorParams: {\n auth,\n identity: caller\n }\n });\n\n if ('Err' in result) {\n const {Err} = result;\n\n if ('NoSuchDelegation' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n if ('GetCachedJwks' in Err) {\n // eslint-disable-next-line no-continue\n continue;\n }\n\n throw new GetDelegationError('Getting delegation failed', {cause: result});\n }\n\n return result.Ok;\n }\n\n throw new GetDelegationRetryError();\n};\n", "import {\n type ConsoleActor,\n type SatelliteActor,\n getConsoleActor,\n getSatelliteActor\n} from '@junobuild/ic-client/actor';\nimport type {ActorParameters} from '../types/actor';\n\nexport const getAuthActor = ({\n auth,\n identity\n}: ActorParameters): Promise<ConsoleActor | SatelliteActor> =>\n 'satellite' in auth\n ? getSatelliteActor({...auth.satellite, identity})\n : getConsoleActor({...auth.console, identity});\n", "import type {\n ActorParameters,\n AuthenticationArgs,\n AuthenticationResult,\n GetDelegationArgs,\n GetDelegationResult\n} from '../types/actor';\nimport {getAuthActor} from './_actor.api';\n\nexport const authenticate = async ({\n actorParams,\n args\n}: {\n args: AuthenticationArgs;\n actorParams: ActorParameters;\n}): Promise<AuthenticationResult> => {\n const {authenticate} = await getAuthActor(actorParams);\n return await authenticate(args);\n};\n\nexport const getDelegation = async ({\n actorParams,\n args\n}: {\n args: GetDelegationArgs;\n actorParams: ActorParameters;\n}): Promise<GetDelegationResult> => {\n const {get_delegation} = await getAuthActor(actorParams);\n return await get_delegation(args);\n};\n", "import {DelegationChain, DelegationIdentity, type ECDSAKeyIdentity} from '@icp-sdk/core/identity';\nimport type {AuthenticatedIdentity} from '../types/authenticate';\nimport type {Delegations} from '../types/session';\n\nexport const generateIdentity = ({\n delegations,\n sessionKey\n}: {\n delegations: Delegations;\n sessionKey: ECDSAKeyIdentity;\n}): AuthenticatedIdentity => {\n const [userKey, signedDelegations] = delegations;\n\n const delegationChain = DelegationChain.fromDelegations(\n signedDelegations,\n Uint8Array.from(userKey)\n );\n\n const identity = DelegationIdentity.fromDelegation(sessionKey, delegationChain);\n\n return {identity, delegationChain, sessionKey};\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {AuthenticationUndefinedJwtError} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\nimport {finalizeOAuth} from './_api';\nimport type {AuthenticationGitHubRedirect} from './types/authenticate';\n\nexport const authenticateGitHubWithRedirect = async <T extends AuthParameters>({\n auth,\n context,\n redirect: {finalizeUrl}\n}: {\n auth: AuthParameters;\n context: Omit<OpenIdAuthContext, 'state'>;\n redirect: AuthenticationGitHubRedirect;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {search}\n } = window;\n\n const urlParams = new URLSearchParams(search);\n const code = urlParams.get('code');\n const state = urlParams.get('state');\n\n const result = await finalizeOAuth({\n url: finalizeUrl,\n body: {code, state}\n });\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {token: idToken}\n } = result;\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {ApiGitHubFinalizeError, ApiGitHubInitError} from '../../errors';\n\nexport const initOAuth = async ({\n url\n}: {\n url: string;\n}): Promise<{success: {state: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n credentials: 'include'\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n const data: {state: string} = await result.json();\n return {success: data};\n } catch (error: unknown) {\n return {error: new ApiGitHubInitError({cause: error})};\n }\n};\n\nexport const finalizeOAuth = async ({\n url,\n body\n}: {\n url: string;\n body: {code: string | null; state: string | null};\n}): Promise<{success: {token: string}} | {error: unknown}> => {\n try {\n const result = await fetch(url, {\n method: 'POST',\n credentials: 'include',\n headers: {'Content-Type': 'application/json'},\n body: JSON.stringify(body)\n });\n\n if (!result.ok) {\n return {error: new Error(`Failed to fetch ${url} (${result.status})`)};\n }\n\n const data: {token: string} = await result.json();\n return {success: data};\n } catch (error: unknown) {\n return {error: new ApiGitHubFinalizeError({cause: error})};\n }\n};\n", "import {isEmptyString} from '@dfinity/utils';\nimport {authenticateSession} from '../../_session';\nimport {\n AuthenticationInvalidStateError,\n AuthenticationUndefinedJwtError,\n AuthenticationUrlHashError\n} from '../../errors';\nimport type {AuthenticatedSession, AuthParameters} from '../../types/authenticate';\nimport type {OpenIdAuthContext} from '../../types/context';\n\nexport const authenticateGoogleWithRedirect = async <T extends AuthParameters>({\n auth,\n context\n}: {\n auth: AuthParameters;\n context: OpenIdAuthContext;\n}): Promise<AuthenticatedSession<T>> => {\n const {\n location: {hash}\n } = window;\n\n if (isEmptyString(hash) || !hash.startsWith('#')) {\n throw new AuthenticationUrlHashError('No hash found in the current location URL');\n }\n\n const params = new URLSearchParams(hash.slice(1));\n const state = params.get('state');\n const idToken = params.get('id_token');\n\n const {state: savedState} = context;\n\n if (isEmptyString(savedState) || state !== savedState) {\n throw new AuthenticationInvalidStateError('The provided state is invalid', {cause: state});\n }\n\n // id_token === jwt\n if (isEmptyString(idToken)) {\n throw new AuthenticationUndefinedJwtError();\n }\n\n return await authenticateSession({\n jwt: idToken,\n auth,\n context\n });\n};\n", "import {GITHUB_PROVIDER} from './_constants';\nimport {loadContext} from './_context';\nimport {authenticateSession} from './_session';\nimport {authenticateGitHubWithRedirect} from './providers/github/authenticate';\nimport {authenticateGoogleWithRedirect} from './providers/google/authenticate';\nimport type {\n AuthenticatedSession,\n AuthenticationParams,\n AuthParameters\n} from './types/authenticate';\n\nexport const authenticate = async <T extends AuthParameters>(\n params: AuthenticationParams<T>\n): Promise<AuthenticatedSession<T>> => {\n const context = loadContext();\n\n if ('github' in params) {\n const {\n github: {redirect, auth}\n } = params;\n\n const {finalizeUrl} = GITHUB_PROVIDER;\n\n return await authenticateGitHubWithRedirect<T>({\n redirect: redirect ?? {finalizeUrl},\n auth,\n context\n });\n }\n\n const {google} = params;\n\n if ('credentials' in google) {\n const {\n credentials: {jwt},\n auth\n } = google;\n\n return await authenticateSession({\n jwt,\n context,\n auth\n });\n }\n\n return await authenticateGoogleWithRedirect<T>({...google, context});\n};\n", "import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n const requestUrl = parseUrl({url: initUrl});\n requestUrl.searchParams.set('nonce', nonce);\n\n const result = await initOAuth({url: requestUrl.toString()});\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {state}\n } = result;\n\n return state;\n };\n\n return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n authUrl,\n clientId,\n authScopes,\n state,\n redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // Note: GitHub Apps ignore this parameter and use permissions from app settings instead\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared by the proxy backend with the value it initiated.\n requestUrl.searchParams.set('state', state);\n\n window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n requestGoogleJwtWithCredentials,\n requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n RequestGoogleJwtCredentialsParams,\n RequestGoogleJwtParams,\n RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n args:\n | {\n google: RequestGoogleJwtParams;\n }\n | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n if ('github' in args) {\n const {github} = args;\n\n const {redirect} = github;\n const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n const context = await initContext({\n generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n });\n\n requestGitHubJwtWithRedirect({\n ...restRedirect,\n ...context,\n authUrl,\n authScopes\n });\n return;\n }\n\n const context = await initContext({generateState: generateGoogleState});\n\n const {google} = args;\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestGoogleJwtWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestGoogleJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n", "/**\n * Detects whether the browser supports FedCM (Federated Credential Management).\n *\n * @returns {boolean} `true` if FedCM is supported, otherwise `false`.\n *\n * References:\n * - MDN IdentityCredential: https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n */\nexport const isFedCMSupported = (): boolean => {\n const {userAgent} = navigator;\n\n // Samsung browser implements \"IdentityCredential\" but does not support \"configURL\"\n // https://developer.mozilla.org/en-US/docs/Web/API/IdentityCredential\n const isSamsungBrowser = /SamsungBrowser/i.test(userAgent);\n if (isSamsungBrowser) {\n return false;\n }\n\n return 'IdentityCredential' in window;\n};\n"],
5
+ "mappings": ";;AAGO,IAAMA,EAAc,mBAGdC,EAAoE,CAC/E,QAAS,+CACT,WAAY,CAAC,SAAU,UAAW,OAAO,EACzC,UAAW,4CACb,EAEaC,EAA0E,CACrF,QAAS,2CACT,WAAY,CAAC,YAAa,YAAY,EACtC,QAAS,6CACT,YAAa,gDACf,ECjBA,OAAQ,aAAAC,OAAgB,iBACxB,OAAQ,sBAAAC,OAAyB,yBCD1B,IAAMC,EAAN,cAA8B,KAAM,CAAC,EAC/BC,EAAN,cAAoC,KAAM,CAAC,EAErCC,EAAN,cAAoD,KAAM,CAAC,EACrDC,EAAN,cAAkD,KAAM,CAAC,EAEnDC,EAAN,cAAkC,KAAM,CAAC,EACnCC,EAAN,cAAyC,KAAM,CAAC,EAC1CC,EAAN,cAA8C,KAAM,CAAC,EAC/CC,EAAN,cAA8C,KAAM,CAAC,EAE/CC,EAAN,cAAiC,KAAM,CAAC,EAClCC,EAAN,cAAsC,KAAM,CAAC,EAEvCC,EAAN,cAAiC,KAAM,CAC5C,YAAYC,EAAwB,CAClC,MAAM,qCAAsCA,CAAO,CACrD,CACF,EAEaC,EAAN,cAAqC,KAAM,CAChD,YAAYD,EAAwB,CAClC,MAAM,mCAAoCA,CAAO,CACnD,CACF,ECxBA,OAAQ,2BAAAE,OAA8B,iBCAtC,OAAQ,sBAAAC,OAAyB,iBAK1B,IAAMC,EAAeC,GAC1BC,GAAmBD,CAAU,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,GAAG,EAAE,QAAQ,MAAO,EAAE,EAE7EE,EAAW,CAAC,CAAC,IAAAC,CAAG,IAA0B,CACrD,GAAI,CAEF,OAAO,IAAI,IAAIA,CAAG,CACpB,MAA0B,CACxB,MAAM,IAAIC,EAAgB,uBAAwB,CAAC,MAAOD,CAAG,CAAC,CAChE,CACF,EDVA,IAAME,GAAe,IAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,EAE3EC,GAAa,MAAO,CAAC,KAAAC,EAAM,OAAAC,CAAM,IAAgD,CACrF,IAAMC,EAAYD,EAAO,aAAa,EAAE,aAAa,EAE/CE,EAAQ,IAAI,WAAWH,EAAK,OAASE,EAAU,UAAU,EAC/DC,EAAM,IAAIH,CAAI,EACdG,EAAM,IAAID,EAAWF,EAAK,MAAM,EAEhC,IAAMI,EAAO,MAAM,OAAO,OAAO,OAAO,OAAO,UAAWD,CAAK,EAE/D,OAAOE,EAAYC,GAAwBF,CAAI,CAAC,CAClD,EAEaG,EAAgB,MAAO,CAClC,OAAAN,CACF,IAE2C,CACzC,IAAMD,EAAOF,GAAa,EAG1B,MAAO,CAAC,MAFM,MAAMC,GAAW,CAAC,KAAAC,EAAM,OAAAC,CAAM,CAAC,EAE9B,KAAAD,CAAI,CACrB,EE5BA,OAAQ,sBAAAQ,GAAoB,sBAAAC,OAAyB,iBACrD,OAAQ,sBAAAC,OAA2D,yBAGnE,IAAMC,EAAkB,aAClBC,EAAgB,WAChBC,EAAiB,YAQVC,EAAmB,CAAC,CAAC,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,CAAI,IAAiC,CACpF,IAAMC,EAAsB,CAC1B,CAACP,CAAe,EAAGI,EAAO,OAAO,EACjC,CAACH,CAAa,EAAGH,GAAmBQ,CAAI,EACxC,CAACJ,CAAc,EAAGG,CACpB,EAEA,OAAO,KAAK,UAAUE,CAAI,CAC5B,EAEaC,EAAgBC,GAAwC,CACnE,GAAM,CACJ,CAACT,CAAe,EAAGU,EACnB,CAACT,CAAa,EAAGU,EACjB,CAACT,CAAc,EAAGG,CACpB,EAAmB,KAAK,MAAMI,CAAQ,EAEtC,MAAO,CACL,OAAQV,GAAmB,eAAeW,CAAU,EACpD,KAAMb,GAAmBc,CAAQ,EACjC,MAAAN,CACF,CACF,EJ3BO,IAAMO,EAAc,MAAO,CAChC,cAAAC,CACF,IAEkE,CAChE,IAAMC,EAASC,GAAmB,SAAS,EACrC,CAAC,MAAAC,EAAO,KAAAC,CAAI,EAAI,MAAMC,EAAc,CAAC,OAAAJ,CAAM,CAAC,EAE5CK,EAAQ,MAAMN,EAAc,CAAC,MAAAG,CAAK,CAAC,EAEnCI,EAAaC,EAAiB,CAClC,OAAAP,EACA,KAAAG,EACA,MAAAE,CACF,CAAC,EAED,sBAAe,QAAQG,EAAaF,CAAU,EAEvC,CACL,MAAAJ,EACA,MAAAG,CACF,CACF,EAEaI,EAAc,IAAyB,CAClD,IAAMC,EAAgB,eAAe,QAAQF,CAAW,EAExD,GAAIG,GAAUD,CAAa,EACzB,MAAM,IAAIE,EAGZ,OAAOC,EAAaH,CAAa,CACnC,EKzCA,OAAQ,gBAAAI,OAAmB,iBAE3B,OAAQ,cAAAC,GAAY,oBAAAC,OAAuB,yBCF3C,OAGE,mBAAAC,GACA,qBAAAC,OACK,6BAGA,IAAMC,EAAe,CAAC,CAC3B,KAAAC,EACA,SAAAC,CACF,IACE,cAAeD,EACXF,GAAkB,CAAC,GAAGE,EAAK,UAAW,SAAAC,CAAQ,CAAC,EAC/CJ,GAAgB,CAAC,GAAGG,EAAK,QAAS,SAAAC,CAAQ,CAAC,ECL1C,IAAMC,EAAe,MAAO,CACjC,YAAAC,EACA,KAAAC,CACF,IAGqC,CACnC,GAAM,CAAC,aAAAF,CAAY,EAAI,MAAMG,EAAaF,CAAW,EACrD,OAAO,MAAMD,EAAaE,CAAI,CAChC,EAEaE,EAAgB,MAAO,CAClC,YAAAH,EACA,KAAAC,CACF,IAGoC,CAClC,GAAM,CAAC,eAAAG,CAAc,EAAI,MAAMF,EAAaF,CAAW,EACvD,OAAO,MAAMI,EAAeH,CAAI,CAClC,EC7BA,OAAQ,mBAAAI,GAAiB,sBAAAC,OAAgD,yBAIlE,IAAMC,EAAmB,CAAC,CAC/B,YAAAC,EACA,WAAAC,CACF,IAG6B,CAC3B,GAAM,CAACC,EAASC,CAAiB,EAAIH,EAE/BI,EAAkBP,GAAgB,gBACtCM,EACA,WAAW,KAAKD,CAAO,CACzB,EAIA,MAAO,CAAC,SAFSJ,GAAmB,eAAeG,EAAYG,CAAe,EAE5D,gBAAAA,EAAiB,WAAAH,CAAU,CAC/C,EHJO,IAAMI,EAAsB,MAAiC,CAClE,IAAAC,EACA,QAAAC,EACA,KAAAC,CACF,IAA4D,CAC1D,IAAMC,EAAa,MAAMC,GAAiB,SAAS,CAAC,YAAa,EAAK,CAAC,EAEjEC,EAAY,IAAI,WAAWF,EAAW,aAAa,EAAE,MAAM,CAAC,EAE5D,CAAC,YAAAG,EAAa,KAAAC,CAAI,EAAI,MAAMC,GAAgB,CAChD,IAAAR,EACA,UAAAK,EACA,QAAAJ,EACA,KAAAC,CACF,CAAC,EAOD,MAAO,CAAC,SALSO,EAAiB,CAChC,WAAAN,EACA,YAAAG,CACF,CAAC,EAEiB,KAAAC,CAAI,CACxB,EAEMC,GAAe,MAAiC,CACpD,IAAAR,EACA,UAAAK,EACA,QAAS,CAAC,OAAAK,EAAQ,KAAAC,CAAI,EACtB,KAAAT,CACF,IAE6F,CAC3F,IAAMU,EAAS,MAAMJ,EAAgB,CACnC,KAAM,CACJ,OAAQ,CACN,IAAAR,EACA,YAAaK,EACb,KAAAM,CACF,CACF,EACA,YAAa,CACX,KAAAT,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EACX,MAAM,IAAIC,EAAoB,wBAAyB,CAAC,MAAOD,CAAM,CAAC,EAGxE,GAAM,CACJ,WAAY,CAAC,SAAUE,EAAS,WAAAC,CAAU,EAC1C,GAAGC,CACL,EAAIJ,EAAO,GAELK,EAAmB,MAAMC,GAAmB,CAChD,IAAAlB,EACA,QAAS,CAAC,OAAAU,EAAQ,KAAAC,CAAI,EACtB,KAAAT,EACA,UAAAG,EACA,WAAAU,CACF,CAAC,EAEK,CAAC,WAAAI,EAAY,UAAAC,CAAS,EAAIH,EAC1B,CAAC,OAAAI,EAAQ,WAAYC,EAAkB,QAAAC,EAAO,EAAIJ,EAgBxD,MAAO,CAAC,YAdyB,CAC/BL,EACA,CACE,CACE,WAAY,IAAIU,GACd,WAAW,KAAKH,CAAM,EACtBC,EACAG,GAAaF,EAAO,CACtB,EACA,UAAW,WAAW,KAAKH,CAAS,CACtC,CACF,CACF,EAEqB,KAAMJ,CAA6B,CAC1D,EAEME,GAAqB,MAAO,CAChC,IAAAlB,EACA,UAAAK,EACA,QAAS,CAAC,KAAAM,EAAM,OAAAD,CAAM,EACtB,KAAAR,EACA,WAAAa,EACA,WAAAW,EAAa,CACf,IAIsD,CACpD,QAASC,EAAI,EAAGA,EAAID,EAAYC,IAAK,CAEnC,MAAM,IAAI,QAASC,GAAY,CAC7B,YAAYA,EAAS,IAAOD,CAAC,CAC/B,CAAC,EAWD,IAAMf,EAAS,MAAMiB,EAAiB,CACpC,KAV8B,CAC9B,OAAQ,CACN,IAAA7B,EACA,YAAaK,EACb,KAAAM,EACA,WAAAI,CACF,CACF,EAIE,YAAa,CACX,KAAAb,EACA,SAAUQ,CACZ,CACF,CAAC,EAED,GAAI,QAASE,EAAQ,CACnB,GAAM,CAAC,IAAAkB,CAAG,EAAIlB,EAOd,GALI,qBAAsBkB,GAKtB,kBAAmBA,EAErB,SAGF,MAAM,IAAIC,EAAmB,4BAA6B,CAAC,MAAOnB,CAAM,CAAC,CAC3E,CAEA,OAAOA,EAAO,EAChB,CAEA,MAAM,IAAIoB,CACZ,EI3JA,OAAQ,iBAAAC,OAAoB,iBCErB,IAAMC,EAAY,MAAO,CAC9B,IAAAC,CACF,IAE8D,CAC5D,GAAI,CACF,IAAMC,EAAS,MAAM,MAAMD,EAAK,CAC9B,YAAa,SACf,CAAC,EAED,OAAKC,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAIC,EAAmB,CAAC,MAAOD,CAAK,CAAC,CAAC,CACvD,CACF,EAEaE,EAAgB,MAAO,CAClC,IAAAJ,EACA,KAAAK,CACF,IAG8D,CAC5D,GAAI,CACF,IAAMJ,EAAS,MAAM,MAAMD,EAAK,CAC9B,OAAQ,OACR,YAAa,UACb,QAAS,CAAC,eAAgB,kBAAkB,EAC5C,KAAM,KAAK,UAAUK,CAAI,CAC3B,CAAC,EAED,OAAKJ,EAAO,GAKL,CAAC,QADsB,MAAMA,EAAO,KAAK,CAC3B,EAJZ,CAAC,MAAO,IAAI,MAAM,mBAAmBD,CAAG,KAAKC,EAAO,MAAM,GAAG,CAAC,CAKzE,OAASC,EAAgB,CACvB,MAAO,CAAC,MAAO,IAAII,EAAuB,CAAC,MAAOJ,CAAK,CAAC,CAAC,CAC3D,CACF,EDvCO,IAAMK,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,EACA,SAAU,CAAC,YAAAC,CAAW,CACxB,IAIwC,CACtC,GAAM,CACJ,SAAU,CAAC,OAAAC,CAAM,CACnB,EAAI,OAEEC,EAAY,IAAI,gBAAgBD,CAAM,EACtCE,EAAOD,EAAU,IAAI,MAAM,EAC3BE,EAAQF,EAAU,IAAI,OAAO,EAE7BG,EAAS,MAAMC,EAAc,CACjC,IAAKN,EACL,KAAM,CAAC,KAAAG,EAAM,MAAAC,CAAK,CACpB,CAAC,EAED,GAAI,UAAWC,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAOE,CAAO,CAC1B,EAAIF,EAGJ,GAAIG,GAAcD,CAAO,EACvB,MAAM,IAAIE,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKH,EACL,KAAAT,EACA,QAAAC,CACF,CAAC,CACH,EEhDA,OAAQ,iBAAAY,MAAoB,iBAUrB,IAAMC,EAAiC,MAAiC,CAC7E,KAAAC,EACA,QAAAC,CACF,IAGwC,CACtC,GAAM,CACJ,SAAU,CAAC,KAAAC,CAAI,CACjB,EAAI,OAEJ,GAAIC,EAAcD,CAAI,GAAK,CAACA,EAAK,WAAW,GAAG,EAC7C,MAAM,IAAIE,EAA2B,2CAA2C,EAGlF,IAAMC,EAAS,IAAI,gBAAgBH,EAAK,MAAM,CAAC,CAAC,EAC1CI,EAAQD,EAAO,IAAI,OAAO,EAC1BE,EAAUF,EAAO,IAAI,UAAU,EAE/B,CAAC,MAAOG,CAAU,EAAIP,EAE5B,GAAIE,EAAcK,CAAU,GAAKF,IAAUE,EACzC,MAAM,IAAIC,EAAgC,gCAAiC,CAAC,MAAOH,CAAK,CAAC,EAI3F,GAAIH,EAAcI,CAAO,EACvB,MAAM,IAAIG,EAGZ,OAAO,MAAMC,EAAoB,CAC/B,IAAKJ,EACL,KAAAP,EACA,QAAAC,CACF,CAAC,CACH,EClCO,IAAMW,GAAe,MAC1BC,GACqC,CACrC,IAAMC,EAAUC,EAAY,EAE5B,GAAI,WAAYF,EAAQ,CACtB,GAAM,CACJ,OAAQ,CAAC,SAAAG,EAAU,KAAAC,CAAI,CACzB,EAAIJ,EAEE,CAAC,YAAAK,CAAW,EAAIC,EAEtB,OAAO,MAAMC,EAAkC,CAC7C,SAAUJ,GAAY,CAAC,YAAAE,CAAW,EAClC,KAAAD,EACA,QAAAH,CACF,CAAC,CACH,CAEA,GAAM,CAAC,OAAAO,CAAM,EAAIR,EAEjB,GAAI,gBAAiBQ,EAAQ,CAC3B,GAAM,CACJ,YAAa,CAAC,IAAAC,CAAG,EACjB,KAAAL,CACF,EAAII,EAEJ,OAAO,MAAME,EAAoB,CAC/B,IAAAD,EACA,QAAAR,EACA,KAAAG,CACF,CAAC,CACH,CAEA,OAAO,MAAMO,EAAkC,CAAC,GAAGH,EAAQ,QAAAP,CAAO,CAAC,CACrE,ECzCO,IAAMW,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAGrEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC5BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,GAAW,kBAAAC,OAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,GAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,GAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,GAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,GACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,GAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH,CCrEO,IAAMc,GAAmB,IAAe,CAC7C,GAAM,CAAC,UAAAC,CAAS,EAAI,UAKpB,MADyB,kBAAkB,KAAKA,CAAS,EAEhD,GAGF,uBAAwB,MACjC",
6
6
  "names": ["CONTEXT_KEY", "GOOGLE_PROVIDER", "GITHUB_PROVIDER", "isNullish", "Ed25519KeyIdentity", "InvalidUrlError", "ContextUndefinedError", "FedCMIdentityCredentialUndefinedError", "FedCMIdentityCredentialInvalidError", "AuthenticationError", "AuthenticationUrlHashError", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "GetDelegationError", "GetDelegationRetryError", "ApiGitHubInitError", "options", "ApiGitHubFinalizeError", "arrayBufferToUint8Array", "uint8ArrayToBase64", "toBase64URL", "uint8Array", "uint8ArrayToBase64", "parseUrl", "url", "InvalidUrlError", "generateSalt", "buildNonce", "salt", "caller", "principal", "bytes", "hash", "toBase64URL", "arrayBufferToUint8Array", "generateNonce", "base64ToUint8Array", "uint8ArrayToBase64", "Ed25519KeyIdentity", "JSON_KEY_CALLER", "JSON_KEY_SALT", "JSON_KEY_STATE", "stringifyContext", "caller", "state", "salt", "data", "parseContext", "jsonData", "jsonCaller", "jsonSalt", "initContext", "generateState", "caller", "Ed25519KeyIdentity", "nonce", "salt", "generateNonce", "state", "storedData", "stringifyContext", "CONTEXT_KEY", "loadContext", "storedContext", "isNullish", "ContextUndefinedError", "parseContext", "fromNullable", "Delegation", "ECDSAKeyIdentity", "getConsoleActor", "getSatelliteActor", "getAuthActor", "auth", "identity", "authenticate", "actorParams", "args", "getAuthActor", "getDelegation", "get_delegation", "DelegationChain", "DelegationIdentity", "generateIdentity", "delegations", "sessionKey", "userKey", "signedDelegations", "delegationChain", "authenticateSession", "jwt", "context", "auth", "sessionKey", "ECDSAKeyIdentity", "publicKey", "delegations", "data", "authenticate", "generateIdentity", "caller", "salt", "result", "AuthenticationError", "userKey", "expiration", "rest", "signedDelegation", "retryGetDelegation", "delegation", "signature", "pubkey", "signedExpiration", "targets", "Delegation", "fromNullable", "maxRetries", "i", "resolve", "getDelegation", "Err", "GetDelegationError", "GetDelegationRetryError", "isEmptyString", "initOAuth", "url", "result", "error", "ApiGitHubInitError", "finalizeOAuth", "body", "ApiGitHubFinalizeError", "authenticateGitHubWithRedirect", "auth", "context", "finalizeUrl", "search", "urlParams", "code", "state", "result", "finalizeOAuth", "idToken", "isEmptyString", "AuthenticationUndefinedJwtError", "authenticateSession", "isEmptyString", "authenticateGoogleWithRedirect", "auth", "context", "hash", "isEmptyString", "AuthenticationUrlHashError", "params", "state", "idToken", "savedState", "AuthenticationInvalidStateError", "AuthenticationUndefinedJwtError", "authenticateSession", "authenticate", "params", "context", "loadContext", "redirect", "auth", "finalizeUrl", "GITHUB_PROVIDER", "authenticateGitHubWithRedirect", "google", "jwt", "authenticateSession", "authenticateGoogleWithRedirect", "buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect", "isFedCMSupported", "userAgent"]
7
7
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@junobuild/auth",
3
- "version": "3.0.1",
3
+ "version": "3.0.2",
4
4
  "description": "A SDK for working with Juno authentication modules",
5
5
  "author": "David Dal Busco (https://daviddalbusco.com)",
6
6
  "license": "MIT",
package/dist/browser/chunk-PNQPTEXZ.js.map DELETED
@@ -1,7 +0,0 @@
1
- {
2
- "version": 3,
3
- "sources": ["../../src/providers/github/_context.ts", "../../src/providers/github/_openid.ts", "../../src/utils/state.utils.ts", "../../src/providers/google/_context.ts", "../../src/providers/google/_openid.ts", "../../src/request.ts"],
4
- "sourcesContent": ["import type {Nonce} from '../../types/nonce';\nimport {parseUrl} from '../../utils/url.utils';\nimport {initOAuth} from './_api';\nimport type {OpenIdGitHubProvider} from './types/provider';\n\nexport const buildGenerateState = ({initUrl}: Pick<OpenIdGitHubProvider, 'initUrl'>) => {\n const generateState = async ({nonce}: {nonce: Nonce}): Promise<string> => {\n const requestUrl = parseUrl({url: initUrl});\n requestUrl.searchParams.set('nonce', nonce);\n\n const result = await initOAuth({url: requestUrl.toString()});\n\n if ('error' in result) {\n throw result.error;\n }\n\n const {\n success: {state}\n } = result;\n\n return state;\n };\n\n return generateState;\n};\n", "import {parseUrl} from '../../utils/url.utils';\nimport type {RequestGitHubJwtWithRedirect} from './types/openid';\n\n// https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#1-request-a-users-github-identity\n\nexport const requestGitHubJwtWithRedirect = ({\n authUrl,\n clientId,\n authScopes,\n state,\n redirectUrl\n}: RequestGitHubJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared by the proxy backend with the value it initiated.\n requestUrl.searchParams.set('state', state);\n\n window.location.href = requestUrl.toString();\n};\n", "import {toBase64URL} from './url.utils';\n\nexport const generateRandomState = (): string =>\n toBase64URL(window.crypto.getRandomValues(new Uint8Array(12)));\n", "import type {Nonce} from '../../types/nonce';\nimport {generateRandomState} from '../../utils/state.utils';\n\n// eslint-disable-next-line require-await\nexport const generateGoogleState = async (_params: {nonce: Nonce}): Promise<string> =>\n generateRandomState();\n", "import {isNullish, notEmptyString} from '@dfinity/utils';\nimport {\n FedCMIdentityCredentialInvalidError,\n FedCMIdentityCredentialUndefinedError\n} from '../../errors';\nimport {parseUrl} from '../../utils/url.utils';\nimport type {RequestGoogleJwtWithCredentials, RequestGoogleJwtWithRedirect} from './types/openid';\n\n/**\n * Initiates an OpenID Connect authorization request by redirecting the browser.\n *\n * References:\n * - OAuth 2.0 (Google): https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow\n * - OpenID Connect: https://developers.google.com/identity/openid-connect/openid-connect\n */\nexport const requestGoogleJwtWithRedirect = ({\n authUrl,\n clientId,\n nonce,\n loginHint,\n authScopes,\n state,\n redirectUrl\n}: RequestGoogleJwtWithRedirect) => {\n const requestUrl = parseUrl({url: authUrl});\n\n requestUrl.searchParams.set('client_id', clientId);\n\n const {\n location: {origin: currentUrl}\n } = window;\n\n requestUrl.searchParams.set('redirect_uri', redirectUrl ?? currentUrl);\n\n // We do not request \"token\" because we use the ID token (JWT).\n // \"code\" is required according to II's codebase as Apple ID throws an error otherwise.\n requestUrl.searchParams.set('response_type', 'code id_token');\n\n requestUrl.searchParams.set('scope', authScopes.join(' '));\n\n // Used for security reasons. When the provider redirects to the application,\n // the state will be compared with the session storage value.\n requestUrl.searchParams.set('state', state);\n\n // Used to validate the JSON Web Token (JWT) in the backend \u2014 i.e. we pass the nonce\n // to the provider and make the request to the backend with its salt.\n requestUrl.searchParams.set('nonce', nonce);\n\n if (notEmptyString(loginHint)) {\n requestUrl.searchParams.set('login_hint', loginHint);\n } else {\n requestUrl.searchParams.set('prompt', 'select_account');\n }\n\n window.location.href = requestUrl.toString();\n};\n\n/**\n * References:\n * - identity spec: https://www.w3.org/TR/fedcm/#browser-api-credential-request-options\n * - https://privacysandbox.google.com/cookies/fedcm/implement/identity-provider\n * - https://privacysandbox.google.com/cookies/fedcm/why\n */\nexport const requestGoogleJwtWithCredentials = async ({\n configUrl: configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n}: RequestGoogleJwtWithCredentials): Promise<{jwt: string}> => {\n const identityCredential = await navigator.credentials.get({\n // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n // @ts-ignore\n identity: {\n context: 'use',\n providers: [\n {\n configURL,\n clientId,\n nonce,\n loginHint,\n domainHint\n }\n ],\n mode: 'active'\n },\n // https://privacysandbox.google.com/cookies/fedcm/implement/relying-party#auto-reauthn\n mediation: 'required'\n });\n\n if (isNullish(identityCredential)) {\n throw new FedCMIdentityCredentialUndefinedError();\n }\n\n const {type} = identityCredential;\n\n if (\n type !== 'identity' ||\n !('token' in identityCredential) ||\n typeof identityCredential.token !== 'string'\n ) {\n // This should be unreachable in FedCM spec-compliant browsers.\n throw new FedCMIdentityCredentialInvalidError('Invalid credential received from FedCM API', {\n cause: identityCredential\n });\n }\n\n const {token: jwt} = identityCredential;\n return {jwt};\n};\n", "import {GITHUB_PROVIDER, GOOGLE_PROVIDER} from './_constants';\nimport {initContext} from './_context';\nimport {buildGenerateState} from './providers/github/_context';\nimport {requestGitHubJwtWithRedirect} from './providers/github/_openid';\nimport type {RequestGitHubJwtRedirectParams} from './providers/github/types/request';\nimport {generateGoogleState} from './providers/google/_context';\nimport {\n requestGoogleJwtWithCredentials,\n requestGoogleJwtWithRedirect\n} from './providers/google/_openid';\nimport type {\n RequestGoogleJwtCredentialsParams,\n RequestGoogleJwtParams,\n RequestGoogleJwtRedirectParams\n} from './providers/google/types/request';\nimport type {RequestJwtCredentialsResult} from './types/request';\n\nexport function requestJwt(args: {\n google: RequestGoogleJwtCredentialsParams;\n}): Promise<RequestJwtCredentialsResult>;\n\nexport function requestJwt(\n args: {google: RequestGoogleJwtRedirectParams} | {github: RequestGitHubJwtRedirectParams}\n): Promise<void>;\n\nexport async function requestJwt(\n args:\n | {\n google: RequestGoogleJwtParams;\n }\n | {github: RequestGitHubJwtRedirectParams}\n): Promise<RequestJwtCredentialsResult | void> {\n if ('github' in args) {\n const {github} = args;\n\n const {redirect} = github;\n const {initUrl: userInitUrl, ...restRedirect} = redirect;\n\n const {authUrl, authScopes, initUrl} = GITHUB_PROVIDER;\n\n const context = await initContext({\n generateState: buildGenerateState({initUrl: userInitUrl ?? initUrl})\n });\n\n requestGitHubJwtWithRedirect({\n ...restRedirect,\n ...context,\n authUrl,\n authScopes\n });\n return;\n }\n\n const context = await initContext({generateState: generateGoogleState});\n\n const {google} = args;\n\n if ('credentials' in google) {\n const {credentials} = google;\n const {configUrl} = GOOGLE_PROVIDER;\n\n return await requestGoogleJwtWithCredentials({\n ...credentials,\n ...context,\n configUrl\n });\n }\n\n const {redirect} = google;\n const {authUrl, authScopes} = GOOGLE_PROVIDER;\n\n requestGoogleJwtWithRedirect({\n ...redirect,\n ...context,\n authUrl,\n authScopes\n });\n}\n"],
5
- "mappings": "4LAKO,IAAMA,EAAqB,CAAC,CAAC,QAAAC,CAAO,IACnB,MAAO,CAAC,MAAAC,CAAK,IAAuC,CACxE,IAAMC,EAAaC,EAAS,CAAC,IAAKH,CAAO,CAAC,EAC1CE,EAAW,aAAa,IAAI,QAASD,CAAK,EAE1C,IAAMG,EAAS,MAAMC,EAAU,CAAC,IAAKH,EAAW,SAAS,CAAC,CAAC,EAE3D,GAAI,UAAWE,EACb,MAAMA,EAAO,MAGf,GAAM,CACJ,QAAS,CAAC,MAAAE,CAAK,CACjB,EAAIF,EAEJ,OAAOE,CACT,EChBK,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKN,CAAO,CAAC,EAE1CK,EAAW,aAAa,IAAI,YAAaJ,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQM,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAErEF,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAE1C,OAAO,SAAS,KAAOE,EAAW,SAAS,CAC7C,EC3BO,IAAMG,EAAsB,IACjCC,EAAY,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC,CAAC,ECCxD,IAAMC,EAAsB,MAAOC,GACxCC,EAAoB,ECLtB,OAAQ,aAAAC,EAAW,kBAAAC,MAAqB,iBAejC,IAAMC,EAA+B,CAAC,CAC3C,QAAAC,EACA,SAAAC,EACA,MAAAC,EACA,UAAAC,EACA,WAAAC,EACA,MAAAC,EACA,YAAAC,CACF,IAAoC,CAClC,IAAMC,EAAaC,EAAS,CAAC,IAAKR,CAAO,CAAC,EAE1CO,EAAW,aAAa,IAAI,YAAaN,CAAQ,EAEjD,GAAM,CACJ,SAAU,CAAC,OAAQQ,CAAU,CAC/B,EAAI,OAEJF,EAAW,aAAa,IAAI,eAAgBD,GAAeG,CAAU,EAIrEF,EAAW,aAAa,IAAI,gBAAiB,eAAe,EAE5DA,EAAW,aAAa,IAAI,QAASH,EAAW,KAAK,GAAG,CAAC,EAIzDG,EAAW,aAAa,IAAI,QAASF,CAAK,EAI1CE,EAAW,aAAa,IAAI,QAASL,CAAK,EAEtCQ,EAAeP,CAAS,EAC1BI,EAAW,aAAa,IAAI,aAAcJ,CAAS,EAEnDI,EAAW,aAAa,IAAI,SAAU,gBAAgB,EAGxD,OAAO,SAAS,KAAOA,EAAW,SAAS,CAC7C,EAQaI,EAAkC,MAAO,CACpD,UAAWC,EACX,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,IAA+D,CAC7D,IAAMC,EAAqB,MAAM,UAAU,YAAY,IAAI,CAGzD,SAAU,CACR,QAAS,MACT,UAAW,CACT,CACE,UAAAF,EACA,SAAAX,EACA,MAAAC,EACA,UAAAC,EACA,WAAAU,CACF,CACF,EACA,KAAM,QACR,EAEA,UAAW,UACb,CAAC,EAED,GAAIE,EAAUD,CAAkB,EAC9B,MAAM,IAAIE,EAGZ,GAAM,CAAC,KAAAC,CAAI,EAAIH,EAEf,GACEG,IAAS,YACT,EAAE,UAAWH,IACb,OAAOA,EAAmB,OAAU,SAGpC,MAAM,IAAII,EAAoC,6CAA8C,CAC1F,MAAOJ,CACT,CAAC,EAGH,GAAM,CAAC,MAAOK,CAAG,EAAIL,EACrB,MAAO,CAAC,IAAAK,CAAG,CACb,ECpFA,eAAsBC,EACpBC,EAK6C,CAC7C,GAAI,WAAYA,EAAM,CACpB,GAAM,CAAC,OAAAC,CAAM,EAAID,EAEX,CAAC,SAAAE,CAAQ,EAAID,EACb,CAAC,QAASE,EAAa,GAAGC,CAAY,EAAIF,EAE1C,CAAC,QAAAG,EAAS,WAAAC,EAAY,QAAAC,CAAO,EAAIC,EAEjCC,EAAU,MAAMC,EAAY,CAChC,cAAeC,EAAmB,CAAC,QAASR,GAAeI,CAAO,CAAC,CACrE,CAAC,EAEDK,EAA6B,CAC3B,GAAGR,EACH,GAAGK,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,EACD,MACF,CAEA,IAAMG,EAAU,MAAMC,EAAY,CAAC,cAAeG,CAAmB,CAAC,EAEhE,CAAC,OAAAC,CAAM,EAAId,EAEjB,GAAI,gBAAiBc,EAAQ,CAC3B,GAAM,CAAC,YAAAC,CAAW,EAAID,EAChB,CAAC,UAAAE,CAAS,EAAIC,EAEpB,OAAO,MAAMC,EAAgC,CAC3C,GAAGH,EACH,GAAGN,EACH,UAAAO,CACF,CAAC,CACH,CAEA,GAAM,CAAC,SAAAd,CAAQ,EAAIY,EACb,CAAC,QAAAT,EAAS,WAAAC,CAAU,EAAIW,EAE9BE,EAA6B,CAC3B,GAAGjB,EACH,GAAGO,EACH,QAAAJ,EACA,WAAAC,CACF,CAAC,CACH",
6
- "names": ["buildGenerateState", "initUrl", "nonce", "requestUrl", "parseUrl", "result", "initOAuth", "state", "requestGitHubJwtWithRedirect", "authUrl", "clientId", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "generateRandomState", "toBase64URL", "generateGoogleState", "_params", "generateRandomState", "isNullish", "notEmptyString", "requestGoogleJwtWithRedirect", "authUrl", "clientId", "nonce", "loginHint", "authScopes", "state", "redirectUrl", "requestUrl", "parseUrl", "currentUrl", "notEmptyString", "requestGoogleJwtWithCredentials", "configURL", "domainHint", "identityCredential", "isNullish", "FedCMIdentityCredentialUndefinedError", "type", "FedCMIdentityCredentialInvalidError", "jwt", "requestJwt", "args", "github", "redirect", "userInitUrl", "restRedirect", "authUrl", "authScopes", "initUrl", "GITHUB_PROVIDER", "context", "initContext", "buildGenerateState", "requestGitHubJwtWithRedirect", "generateGoogleState", "google", "credentials", "configUrl", "GOOGLE_PROVIDER", "requestGoogleJwtWithCredentials", "requestGoogleJwtWithRedirect"]
7
- }