@leapdev/auth-agent 2.0.7-beta.1 → 2.0.7-beta.2

package/src/index.umd.js

@@ -1,7 +1,12 @@
-(function (factory) {
+(function (global, factory) {
+	typeof exports === 'object' && typeof module !== 'undefined' ? module.exports = factory(require('lodash'), require('uuid'), require('pubnub')) :
 	typeof define === 'function' && define.amd ? define(['lodash', 'uuid', 'pubnub'], factory) :
-	factory();
-})((function () { 'use strict';
+	(global = typeof globalThis !== 'undefined' ? globalThis : global || self, global.AuthAgent = factory(global.lodash, global.uuid, global.Pubnub));
+})(this, (function (lodash, uuid, Pubnub) { 'use strict';
+
+	function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
+
+	var Pubnub__default = /*#__PURE__*/_interopDefaultLegacy(Pubnub);
 
 	var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
@@ -587,9 +592,9 @@
 	var isCallable$i = isCallable$p;
 	var inspectSource$3 = inspectSource$4;
 
-	var WeakMap$1 = global$E.WeakMap;
+	var WeakMap$2 = global$E.WeakMap;
 
-	var nativeWeakMap = isCallable$i(WeakMap$1) && /native code/.test(inspectSource$3(WeakMap$1));
+	var nativeWeakMap = isCallable$i(WeakMap$2) && /native code/.test(inspectSource$3(WeakMap$2));
 
 	var shared$2 = shared$4.exports;
 	var uid$1 = uid$3;
@@ -614,7 +619,7 @@
 
 	var OBJECT_ALREADY_INITIALIZED = 'Object already initialized';
 	var TypeError$c = global$D.TypeError;
-	var WeakMap = global$D.WeakMap;
+	var WeakMap$1 = global$D.WeakMap;
 	var set$2, get$1, has;
 
 	var enforce = function (it) {
@@ -631,7 +636,7 @@
 	};
 
 	if (NATIVE_WEAK_MAP || shared$1.state) {
-	  var store = shared$1.state || (shared$1.state = new WeakMap());
+	  var store = shared$1.state || (shared$1.state = new WeakMap$1());
 	  var wmget = uncurryThis$k(store.get);
 	  var wmhas = uncurryThis$k(store.has);
 	  var wmset = uncurryThis$k(store.set);
@@ -2162,6 +2167,44 @@
 	  }
 	});
 
+	/******************************************************************************
+	Copyright (c) Microsoft Corporation.
+
+	Permission to use, copy, modify, and/or distribute this software for any
+	purpose with or without fee is hereby granted.
+
+	THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH
+	REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+	AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
+	INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+	LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+	OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+	PERFORMANCE OF THIS SOFTWARE.
+	***************************************************************************** */
+
+	function __awaiter(thisArg, _arguments, P, generator) {
+	    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+	    return new (P || (P = Promise))(function (resolve, reject) {
+	        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+	        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+	        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+	        step((generator = generator.apply(thisArg, _arguments || [])).next());
+	    });
+	}
+
+	function __classPrivateFieldGet(receiver, state, kind, f) {
+	    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+	    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+	    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+	}
+
+	function __classPrivateFieldSet(receiver, state, value, kind, f) {
+	    if (kind === "m") throw new TypeError("Private method is not writable");
+	    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+	    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+	    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+	}
+
 	var internalObjectKeys = objectKeysInternal;
 	var enumBugKeys$1 = enumBugKeys$3;
 
@@ -3216,7 +3259,7 @@
 	var RegExp$1 = global$e.RegExp;
 	var TypeError$3 = global$e.TypeError;
 	var decodeURIComponent = global$e.decodeURIComponent;
-	var encodeURIComponent = global$e.encodeURIComponent;
+	var encodeURIComponent$1 = global$e.encodeURIComponent;
 	var charAt$3 = uncurryThis$a(''.charAt);
 	var join = uncurryThis$a([].join);
 	var push$3 = uncurryThis$a([].push);
@@ -3270,7 +3313,7 @@
 	};
 
 	var serialize = function (it) {
-	  return replace$1(encodeURIComponent(it), find, replacer);
+	  return replace$1(encodeURIComponent$1(it), find, replacer);
 	};
 
 	var URLSearchParamsIterator = createIteratorConstructor(function Iterator(params, kind) {
@@ -3803,6 +3846,602 @@
 	  ];
 	}, !SPLIT_WORKS_WITH_OVERWRITTEN_EXEC, UNSUPPORTED_Y);
 
+	const DEFAULT_CONFIG = {
+	  autoLogin: true,
+	  autoLogout: true,
+	  autoRefreshToken: false,
+	  idleTimeoutInMinutes: 30,
+	  uniqueSession: true,
+	  hooks: {}
+	};
+	const requiredParams = ['authHost', 'clientId', 'scopes'];
+	const init$1 = options => {
+	  lodash.forEach(requiredParams, p => {
+	    if (!lodash.has(options, p)) {
+	      throw Error('Missing config parameter : ' + p);
+	    }
+	  });
+
+	  if (!lodash.isArray(options.scopes)) {
+	    throw Error('Scopes must be an array with string values');
+	  }
+
+	  const config = Object.assign(Object.assign({}, DEFAULT_CONFIG), options);
+	  return config;
+	};
+
+	var _LeapAuthService_authHost, _LeapAuthService_clientId, _LeapAuthService_xhr, _LeapAuthService_redirectUrl;
+	const LEAP_AUTH_CLOSE_WINDOW_URL = '/oauth/close';
+	class LeapAuthService {
+	  constructor(authHost, clientId) {
+	    _LeapAuthService_authHost.set(this, void 0);
+
+	    _LeapAuthService_clientId.set(this, void 0);
+
+	    this.getRedirections = () => {
+	      //* local development
+	      //return import('../../config/redirections_v2.json');
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: 'https://cdn.leap.com.au/leap_auth/auth_agent/redirections_v2.json',
+	          options: null,
+	          accessToken: undefined
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.exchangeAuthCodeForAccessToken = params => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'POST',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/oauth/token`,
+	          options: {
+	            body: {
+	              grant_type: 'authorization_code',
+	              code: params.code,
+	              code_verifier: params.verifier,
+	              client_id: __classPrivateFieldGet(this, _LeapAuthService_clientId, "f"),
+	              redirect_uri: params.redirectUri
+	            }
+	          },
+	          accessToken: undefined
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.renewAccessToken = params => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'POST',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/oauth/token`,
+	          options: {
+	            body: {
+	              grant_type: 'refresh_token',
+	              refresh_token: params.refreshToken,
+	              code_verifier: params.verifier,
+	              client_id: __classPrivateFieldGet(this, _LeapAuthService_clientId, "f")
+	            }
+	          },
+	          accessToken: undefined
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.userInfo = token => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/api/userinfo`,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.linkUser = params => {
+	      const {
+	        jti,
+	        newWindow,
+	        callback
+	      } = params;
+	      const redirectUrl = newWindow ? __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + LEAP_AUTH_CLOSE_WINDOW_URL : params.redirectUrl;
+	      const requestUrl = `/cloudprovider/link?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}&prompt=none&jti=${jti}&callback=${redirectUrl}`;
+
+	      __classPrivateFieldGet(this, _LeapAuthService_redirectUrl, "f").call(this, {
+	        requestUrl,
+	        newWindow,
+	        callback
+	      });
+	    };
+
+	    this.unlinkUser = params => {
+	      const {
+	        jti,
+	        newWindow,
+	        callback
+	      } = params;
+	      const redirectUrl = newWindow ? __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + LEAP_AUTH_CLOSE_WINDOW_URL : params.redirectUrl;
+	      const requestUrl = `/cloudprovider/unlink?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}&jti=${jti}&callback=${redirectUrl}`;
+
+	      __classPrivateFieldGet(this, _LeapAuthService_redirectUrl, "f").call(this, {
+	        requestUrl,
+	        newWindow,
+	        callback
+	      });
+	    };
+
+	    this.getCloudProviderToken = (token, jti) => {
+	      const url = `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/accesstoken` + (jti ? '/' + jti : '');
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: url,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.cloudProviderUserInfo = token => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/userinfo`,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.cloudProviderReauthenticate = params => {
+	      const {
+	        nonce,
+	        newWindow,
+	        callback
+	      } = params;
+	      const redirectUrl = newWindow ? __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + LEAP_AUTH_CLOSE_WINDOW_URL : params.redirectUrl;
+	      const requestUrl = `/cloudprovider/reauthenticate?nonce=${nonce}&redirectUrl=${redirectUrl}`;
+
+	      __classPrivateFieldGet(this, _LeapAuthService_redirectUrl, "f").call(this, {
+	        requestUrl,
+	        newWindow,
+	        callback
+	      });
+	    };
+
+	    this.cloudProviderReauthenticateLink = token => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/reauthenticate/link`,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.statusAdminConsent = token => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/adminconsent/status?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}`,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.getAdminConsent = params => {
+	      const {
+	        domain,
+	        newWindow,
+	        callback
+	      } = params;
+	      const redirectUrl = newWindow ? __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + LEAP_AUTH_CLOSE_WINDOW_URL : params.redirectUrl;
+	      const requestUrl = `/cloudprovider/adminconsent?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}&redirectUrl=${redirectUrl}${domain ? '&domain=' + domain : ''}`;
+
+	      __classPrivateFieldGet(this, _LeapAuthService_redirectUrl, "f").call(this, {
+	        requestUrl,
+	        newWindow,
+	        callback
+	      });
+	    };
+
+	    this.revokeAdminConsent = token => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'DELETE',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/adminconsent?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}`,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.getLinkMap = (token, allUsers) => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'GET',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/linkmap?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}${allUsers ? '&allUsers=true' : ''}`,
+	          options: null,
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.setLinkMap = (token, linkMap) => {
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'PUT',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/cloudprovider/linkmap?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}`,
+	          options: {
+	            body: linkMap
+	          },
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.authoriseSupport = (token, params) => {
+	      const {
+	        code,
+	        duration
+	      } = params;
+	      return new Promise((resolve, reject) => {
+	        __classPrivateFieldGet(this, _LeapAuthService_xhr, "f").call(this, {
+	          method: 'POST',
+	          endpoint: `${__classPrivateFieldGet(this, _LeapAuthService_authHost, "f")}/support/authorization`,
+	          options: {
+	            body: {
+	              requestCode: code,
+	              duration,
+	              client_id: __classPrivateFieldGet(this, _LeapAuthService_clientId, "f")
+	            }
+	          },
+	          accessToken: token
+	        }, (response, status) => {
+	          if (status === 200) return resolve(response);else return reject(response);
+	        });
+	      });
+	    };
+
+	    this.changePassword = params => {
+	      const {
+	        newWindow,
+	        callback,
+	        redirectUrl
+	      } = params;
+	      let changePasswordUrl = `/oauth/changepassword?client_id=${__classPrivateFieldGet(this, _LeapAuthService_clientId, "f")}`;
+	      let redirect_uri = '';
+	      let noListener = false;
+
+	      if (newWindow) {
+	        if (!!callback && typeof callback === 'function') {
+	          redirect_uri = __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + LEAP_AUTH_CLOSE_WINDOW_URL;
+	        } else {
+	          redirect_uri = '';
+	          noListener = true; // open a new tab for changing password without adding an message event listener in this window
+	        }
+	      } else {
+	        redirect_uri = __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + '/oauth/logout?force=true' + '&redirect_uri=' + (redirectUrl || window.location.href);
+	      }
+
+	      if (redirect_uri) {
+	        changePasswordUrl += `&redirect_uri=${encodeURIComponent(redirect_uri)}`;
+	      }
+
+	      __classPrivateFieldGet(this, _LeapAuthService_redirectUrl, "f").call(this, {
+	        requestUrl: changePasswordUrl,
+	        newWindow,
+	        callback,
+	        noListener
+	      });
+	    };
+
+	    _LeapAuthService_xhr.set(this, (params, onload) => {
+	      const {
+	        method,
+	        endpoint,
+	        accessToken
+	      } = params;
+	      let {
+	        options
+	      } = params;
+	      options = lodash.merge({}, {
+	        contentType: 'application/json',
+	        accessControlAllowOrigin: '*',
+	        body: undefined
+	      }, options || {});
+	      const xhr = new XMLHttpRequest();
+	      xhr.open(method, endpoint, true);
+	      xhr.setRequestHeader('Content-type', options.contentType);
+	      xhr.setRequestHeader('Access-Control-Allow-Origin', options.accessControlAllowOrigin);
+	      if (accessToken) xhr.setRequestHeader('Authorization', 'Bearer ' + accessToken);
+
+	      xhr.onload = () => {
+	        try {
+	          let resp;
+	          if (xhr.response) resp = JSON.parse(xhr.response);
+	          onload(resp, xhr.status);
+	        } catch (e) {
+	          onload(xhr.response, xhr.status);
+	        }
+	      };
+
+	      if (options.body) options.body = JSON.stringify(options.body);
+	      xhr.send(options.body);
+	    });
+
+	    _LeapAuthService_redirectUrl.set(this, params => {
+	      const {
+	        requestUrl,
+	        newWindow,
+	        callback,
+	        noListener
+	      } = params;
+	      const fullUrl = __classPrivateFieldGet(this, _LeapAuthService_authHost, "f") + requestUrl;
+
+	      if (newWindow) {
+	        const childWindow = window.open(fullUrl, '_blank');
+
+	        const eventHandler = event => {
+	          if (event && event.data === 'closeMe' && childWindow) {
+	            childWindow.close();
+
+	            if (lodash.isFunction(callback)) {
+	              callback();
+	              window.removeEventListener('message', eventHandler, false);
+	            }
+	          }
+	        };
+
+	        if (!noListener) {
+	          window.addEventListener('message', eventHandler, false);
+	        }
+	      } else {
+	        window.location.href = fullUrl;
+	      }
+	    });
+
+	    __classPrivateFieldSet(this, _LeapAuthService_authHost, authHost, "f");
+
+	    __classPrivateFieldSet(this, _LeapAuthService_clientId, clientId, "f");
+	  }
+
+	}
+	_LeapAuthService_authHost = new WeakMap(), _LeapAuthService_clientId = new WeakMap(), _LeapAuthService_xhr = new WeakMap(), _LeapAuthService_redirectUrl = new WeakMap();
+
+	var _Notification_pubnubKeys, _Notification_pubnub, _Notification_eventListeners, _Notification_initFirmChannel, _Notification_initUserChannel, _Notification_initUniqueSessionChannel;
+	const EMPTY_GUID = '00000000-0000-0000-0000-000000000000';
+	const USER_ACTION = {
+	  USERNAME_CHANGED: '1',
+	  PASSWORD_CHANGED: '2',
+	  USER_DISABLED: '3' //     3 - User has been disabled
+
+	};
+	class Notification {
+	  constructor() {
+	    _Notification_pubnubKeys.set(this, void 0);
+
+	    _Notification_pubnub.set(this, void 0);
+
+	    _Notification_eventListeners.set(this, []);
+
+	    this.init = params => {
+	      const {
+	        authHost,
+	        clientId,
+	        firmId,
+	        userId,
+	        uniqueSession
+	      } = params;
+
+	      __classPrivateFieldGet(this, _Notification_initFirmChannel, "f").call(this, firmId, userId);
+
+	      __classPrivateFieldGet(this, _Notification_initUserChannel, "f").call(this, userId);
+
+	      if (uniqueSession) {
+	        __classPrivateFieldGet(this, _Notification_initUniqueSessionChannel, "f").call(this, {
+	          authHost,
+	          clientId
+	        });
+	      }
+	    };
+
+	    this.destroy = () => {
+	      if (__classPrivateFieldGet(this, _Notification_pubnub, "f")) {
+	        __classPrivateFieldGet(this, _Notification_pubnub, "f").unsubscribeAll();
+
+	        __classPrivateFieldSet(this, _Notification_eventListeners, [], "f");
+	      }
+	    };
+
+	    this.registerEventListenerForUserChannel = params => {
+	      const {
+	        topic,
+	        messageType,
+	        callback
+	      } = params;
+
+	      if (!lodash.isFunction(callback)) {
+	        throw Error(`Registering Event Listener ${topic} ${messageType}: callback needs to be a function`);
+	      }
+
+	      __classPrivateFieldGet(this, _Notification_eventListeners, "f").push({
+	        topic,
+	        messageType,
+	        callback
+	      });
+	    };
+
+	    _Notification_initFirmChannel.set(this, (firmId, userId) => {
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").addListener({
+	        presence: presenceEvent => {
+	          //* handle presence
+	          const {
+	            action,
+	            uuid
+	          } = presenceEvent; //* the message was sent from the current pubnub instance
+
+	          if (uuid === __classPrivateFieldGet(this, _Notification_pubnubKeys, "f").uuid) {
+	            return;
+	          } //* handle action 'leave' and 'timeout'
+
+
+	          if (action === 'leave' || action === 'timeout') {
+	            const valuesUUID = uuid.split('~');
+	            const userIdFromPresence = valuesUUID[0] || '';
+	            const instanceGuidFromPresence = valuesUUID[1] || '';
+	            const userActionFromPresence = valuesUUID[2] || '';
+	            const isUserActionRequiredLogout = userActionFromPresence === USER_ACTION.USERNAME_CHANGED || userActionFromPresence === USER_ACTION.PASSWORD_CHANGED || userActionFromPresence === USER_ACTION.USER_DISABLED;
+
+	            if (userIdFromPresence === userId && instanceGuidFromPresence === EMPTY_GUID && isUserActionRequiredLogout) {
+	              //* User Information has been changed, force user to logout
+	              AuthAgent.logout(true); // call logout with force=true (because the logout is forced)
+	            }
+	          }
+	        }
+	      });
+
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").subscribe({
+	        channels: [firmId],
+	        withPresence: true
+	      });
+	    });
+
+	    _Notification_initUserChannel.set(this, userId => {
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").addListener({
+	        message: data => {
+	          const {
+	            content
+	          } = data.message;
+
+	          if (content && content.topic && content.messageType && content.data) {
+	            for (const eventListener of __classPrivateFieldGet(this, _Notification_eventListeners, "f")) {
+	              if (eventListener.topic === content.topic && eventListener.messageType === content.messageType && eventListener.callback && lodash.isFunction(eventListener.callback)) {
+	                return eventListener.callback(content.data);
+	              }
+	            }
+	          }
+	        }
+	      });
+
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").subscribe({
+	        channels: [`user_${userId}`],
+	        withPresence: false
+	      });
+	    });
+
+	    _Notification_initUniqueSessionChannel.set(this, params => {
+	      const decodedToken = AuthAgent.getDecodedAccessToken();
+	      const {
+	        authHost: myAuthHost,
+	        clientId: myClientId
+	      } = params;
+	      const {
+	        userId: myUserId,
+	        sessionId: mySessionId,
+	        impersonatorId: myImpersonatorId
+	      } = decodedToken;
+
+	      if (!decodedToken) {
+	        return;
+	      }
+
+	      const channel = `auth-session-${myUserId}`;
+
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").addListener({
+	        message: data => {
+	          const decodedToken = AuthAgent.getDecodedAccessToken();
+
+	          if (!decodedToken) {
+	            AuthAgent.logout(true); // call logout with force=true (because the logout is forced)
+	          }
+
+	          const {
+	            sessionId: mySessionId,
+	            impersonatorId: myImpersonatorId,
+	            userId: myUserId
+	          } = decodedToken;
+
+	          if (mySessionId && data && data.message) {
+	            const sessionId = data.message.sessionId,
+	                  authHost = data.message.authHost,
+	                  clientId = data.message.clientId,
+	                  logout = data.message.logout,
+	                  impersonatorId = myImpersonatorId ? myImpersonatorId : data.message.impersonatorId;
+
+	            if (authHost === myAuthHost) {
+	              if (clientId === myClientId && sessionId !== mySessionId || // same application, different browser => logout (unique session feature)
+	              clientId !== myClientId && sessionId === mySessionId && logout // different application, same browser, logout asked by user => logout (unique logout feature)
+	              ) {
+	                if (impersonatorId !== undefined && impersonatorId !== '') {
+	                  // I'm impersonating someone who is being logged in or out so I don't want to be logged out
+	                  console.log('user ' + impersonatorId + ' impersonating user ' + myUserId);
+	                } else {
+	                  AuthAgent.logout(true); // call logout with force=true (because the logout is forced)
+	                }
+	              }
+	            }
+	          }
+	        }
+	      });
+
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").subscribe({
+	        channels: [channel],
+	        withPresence: true
+	      });
+
+	      __classPrivateFieldGet(this, _Notification_pubnub, "f").publish({
+	        message: {
+	          authHost: myAuthHost,
+	          clientId: myClientId,
+	          sessionId: mySessionId,
+	          impersonatorId: myImpersonatorId
+	        },
+	        channel: channel
+	      }, status => {
+	        if (status.error) {
+	          console.log('pubnub error');
+	        }
+	      });
+	    });
+
+	    __classPrivateFieldSet(this, _Notification_pubnubKeys, {
+	      publishKey: 'pub-13f5288e-cd88-4ef9-9e68-0c11cd03ddb8',
+	      subscribeKey: 'sub-a456f002-0095-11e2-9638-9581afc33ebf',
+	      uuid: uuid.v4()
+	    }, "f");
+
+	    __classPrivateFieldSet(this, _Notification_pubnub, new Pubnub__default["default"](__classPrivateFieldGet(this, _Notification_pubnubKeys, "f")), "f");
+	  }
+
+	}
+	_Notification_pubnubKeys = new WeakMap(), _Notification_pubnub = new WeakMap(), _Notification_eventListeners = new WeakMap(), _Notification_initFirmChannel = new WeakMap(), _Notification_initUserChannel = new WeakMap(), _Notification_initUniqueSessionChannel = new WeakMap();
+
 	var uncurryThis$7 = functionUncurryThis;
 	var toObject$3 = toObject$7;
 
@@ -5236,6 +5875,73 @@
 	  );
 	}, FORCED);
 
+	const createCodeChallenge = verifier => __awaiter(void 0, void 0, void 0, function* () {
+	  const code_challengeBuffer = yield sha256(verifier);
+	  const code_challenge = bufferToBase64UrlEncoded(code_challengeBuffer);
+	  return code_challenge;
+	});
+	const getCrypto = () => {
+	  //ie 11.x uses msCrypto
+	  return window.crypto || window.msCrypto;
+	};
+	const createRandomString = size => {
+	  const charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+	  let random = '';
+	  const randomValues = Array.from(getCrypto().getRandomValues(new Uint8Array(size)));
+	  randomValues.forEach(v => random += charset[v % charset.length]);
+	  return random;
+	};
+
+	const sha256 = s => __awaiter(void 0, void 0, void 0, function* () {
+	  const digestOp = getCryptoSubtle().digest({
+	    name: 'SHA-256'
+	  }, new TextEncoder().encode(s)); // msCrypto (IE11) uses the old spec, which is not Promise based
+	  // https://msdn.microsoft.com/en-us/expression/dn904640(v=vs.71)
+	  // Instead of returning a promise, it returns a CryptoOperation
+	  // with a result property in it.
+	  // As a result, the various events need to be handled in the event that we're
+	  // working in IE11 (hence the msCrypto check). These events just call resolve
+	  // or reject depending on their intention.
+
+	  if (window.msCrypto) {
+	    return new Promise((res, rej) => {
+	      digestOp.oncomplete = e => {
+	        res(e.target.result);
+	      };
+
+	      digestOp.onerror = e => {
+	        rej(e.error);
+	      };
+
+	      digestOp.onabort = () => {
+	        rej('The digest operation was aborted');
+	      };
+	    });
+	  }
+
+	  return yield digestOp;
+	});
+
+	const getCryptoSubtle = () => {
+	  const crypto = getCrypto(); //safari 10.x uses webkitSubtle
+
+	  return crypto.subtle || crypto.webkitSubtle;
+	};
+
+	const bufferToBase64UrlEncoded = input => {
+	  const ie11SafeInput = new Uint8Array(input);
+	  return urlEncodeB64(window.btoa(String.fromCharCode(...Array.from(ie11SafeInput))));
+	};
+
+	const urlEncodeB64 = input => {
+	  const b64Chars = {
+	    '+': '-',
+	    '/': '_',
+	    '=': ''
+	  };
+	  return input.replace(/[+/=]/g, m => b64Chars[m]);
+	};
+
 	var global$1 = global$V;
 	var isRegExp = isRegexp;
 
@@ -5335,4 +6041,880 @@
 	  }
 	});
 
+	const getRedirectUri = (origin, decodedToken, redirectionConfig) => {
+	  let result;
+	  let redirection;
+	  let redirectUrl;
+	  const topLevelDomains = redirectionConfig.topLevelDomains;
+	  const redirections = redirectionConfig.environments;
+	  const suffix = topLevelDomains.find(suffix => origin.endsWith(suffix));
+	  const environmentVariables = redirectionConfig.environmentVariables;
+
+	  if (suffix) {
+	    for (let i = 0; i < redirections.length; i++) {
+	      redirection = redirections[i];
+	      const tokenCriteriaMatched = containsKeys(decodedToken, redirection.criteria);
+
+	      if (tokenCriteriaMatched && !!containsApplication(redirection.applications, origin)) {
+	        //* check whether suffix needed to change
+	        if (redirection.topLevelDomain !== suffix) {
+	          //* we need to change the suffix of the origin
+	          //* we gonna use `redirection.topLevelDomain` to replace the origin's suffix
+	          redirectUrl = origin.replace(suffix, redirection.topLevelDomain);
+	        } //* check whether prefix needed to change
+
+
+	        const envVariables = environmentVariables[redirection.criteria.environment];
+
+	        if (envVariables) {
+	          const prefixMappings = envVariables['prefixMappings'];
+	          const keys = Object.keys(prefixMappings); //* check whether the current origin with anything inside the prefixMappings
+
+	          const needToUpdatePrefixKey = containsApplication(keys, origin);
+
+	          if (needToUpdatePrefixKey) {
+	            const prefixValue = prefixMappings[needToUpdatePrefixKey];
+	            redirectUrl = redirectUrl ? redirectUrl.replace(needToUpdatePrefixKey, prefixValue) : origin.replace(needToUpdatePrefixKey, prefixValue);
+	          }
+	        }
+
+	        break;
+	      }
+	    }
+
+	    if (!!redirection && !!redirectUrl) {
+	      result = `${redirection.authHost}/oauth/passthrough?jti=${decodedToken.jti}&redirect=${encodeURIComponent(redirectUrl)}`;
+	    }
+	  }
+
+	  return result;
+	};
+
+	const containsKeys = (obj1, obj2) => {
+	  let result = true;
+	  Object.keys(obj2).forEach(key => {
+	    if (obj1[key] !== obj2[key]) {
+	      result = false;
+	    }
+	  });
+	  return result;
+	};
+
+	const containsApplication = (list, app) => {
+	  return list.find(appName => app.startsWith(`http://${appName}`) || app.startsWith(`https://${appName}`));
+	};
+
+	var _Authentication_accessToken, _Authentication_config, _Authentication_leapAuthService, _Authentication_notification, _Authentication_refreshInfo, _Authentication_exchangeAuthCodeForAccessToken, _Authentication_verifyAndPerformRedirections, _Authentication_startRefreshAccessTokenProcess, _Authentication_destroyRefreshAccessTokenProcess, _Authentication_decodeAccessToken;
+	const hookNames = ['afterLogin', 'beforeLogout'];
+	const SECONDS_BEFORE_EXPIRE = 10;
+	class Authentication {
+	  constructor(options) {
+	    _Authentication_accessToken.set(this, void 0);
+
+	    _Authentication_config.set(this, void 0);
+
+	    _Authentication_leapAuthService.set(this, void 0);
+
+	    _Authentication_notification.set(this, void 0);
+
+	    _Authentication_refreshInfo.set(this, void 0);
+
+	    this.registerEventListenerForUserChannel = params => {
+	      const {
+	        topic,
+	        messageType,
+	        callback
+	      } = params;
+
+	      __classPrivateFieldGet(this, _Authentication_notification, "f").registerEventListenerForUserChannel({
+	        topic,
+	        messageType,
+	        callback
+	      });
+	    };
+
+	    this.initNotification = () => {
+	      const decodedToken = this.getDecodedAccessToken();
+
+	      if (decodedToken) {
+	        __classPrivateFieldGet(this, _Authentication_notification, "f").init({
+	          authHost: __classPrivateFieldGet(this, _Authentication_config, "f").authHost,
+	          clientId: __classPrivateFieldGet(this, _Authentication_config, "f").clientId,
+	          firmId: decodedToken.firmId,
+	          userId: decodedToken.userId,
+	          uniqueSession: !!__classPrivateFieldGet(this, _Authentication_config, "f").uniqueSession
+	        });
+	      }
+	    };
+
+	    this.destroyNotification = () => {
+	      __classPrivateFieldGet(this, _Authentication_notification, "f").destroy();
+	    };
+
+	    this.login = () => __awaiter(this, void 0, void 0, function* () {
+	      const done = yield this.checkAuthCode();
+
+	      if (done && !!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
+	      } else {
+	        const code_verifier = createRandomString(64);
+	        const state = createRandomString(6); //* store verifier into browser session for later auth-code exchange
+
+	        window.sessionStorage.setItem(state, code_verifier);
+	        const code_challenge = yield createCodeChallenge(code_verifier);
+
+	        const scope = __classPrivateFieldGet(this, _Authentication_config, "f").scopes.join(',');
+
+	        const url = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/authorize?response_type=code&scope=${scope}&client_id=${__classPrivateFieldGet(this, _Authentication_config, "f").clientId}&redirect_uri=${encodeURIComponent(window.location.href)}&code_challenge=${encodeURIComponent(code_challenge)}&code_challenge_method=S256&state=${state}`;
+	        window.location.assign(url);
+	        return;
+	      }
+	    });
+
+	    this.logout = (force = false, redirectUrl) => {
+	      __classPrivateFieldSet(this, _Authentication_accessToken, undefined, "f");
+
+	      const redirectUri = encodeURIComponent(redirectUrl || window.location.href);
+	      window.location.href = `${__classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/logout?force=${force}&redirect_uri=${redirectUri}`;
+
+	      __classPrivateFieldGet(this, _Authentication_destroyRefreshAccessTokenProcess, "f").call(this);
+	    };
+
+	    this.getAccessToken = () => {
+	      if (__classPrivateFieldGet(this, _Authentication_accessToken, "f") === undefined || !__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        return '';
+	      } else {
+	        return __classPrivateFieldGet(this, _Authentication_accessToken, "f");
+	      }
+	    }; //todo: need to replace the return type "any"
+
+
+	    this.getDecodedAccessToken = () => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        return undefined;
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, __classPrivateFieldGet(this, _Authentication_accessToken, "f"));
+	    };
+
+	    this.getHooks = () => {
+	      if (__classPrivateFieldGet(this, _Authentication_config, "f")) {
+	        return __classPrivateFieldGet(this, _Authentication_config, "f").hooks;
+	      } else {
+	        return undefined;
+	      }
+	    };
+
+	    this.setHook = params => {
+	      const {
+	        name,
+	        callback
+	      } = params;
+
+	      if (hookNames.indexOf(name) < 0) {
+	        throw Error('Unimplemented hook : ' + name);
+	      }
+
+	      if (lodash.isFunction(callback)) {
+	        throw Error('hook must be a function: ' + name);
+	      }
+
+	      __classPrivateFieldSet(this, _Authentication_config, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_config, "f")), {
+	        hooks: Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_config, "f").hooks), {
+	          [name]: callback
+	        })
+	      }), "f");
+
+	      return;
+	    };
+
+	    this.autoLogin = () => {
+	      return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").autoLogin || false : false;
+	    };
+
+	    this.autoLogout = () => {
+	      return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").autoLogin || false : false;
+	    };
+
+	    this.idleTimeoutInMinutes = () => {
+	      return __classPrivateFieldGet(this, _Authentication_config, "f") ? __classPrivateFieldGet(this, _Authentication_config, "f").idleTimeoutInMinutes || 30 : 30;
+	    };
+
+	    this.checkAuthCode = () => __awaiter(this, void 0, void 0, function* () {
+	      const search = window.location.search;
+	      const queryParams = new URLSearchParams(search);
+	      const code = queryParams.get('code');
+	      const state = queryParams.get('state'); //* check if "AuthCode" comes back from AuthServer
+
+	      if (!!code && !!state) {
+	        const verifier = window.sessionStorage.getItem(state);
+	        window.sessionStorage.removeItem(state);
+	        queryParams.delete('code');
+	        queryParams.delete('state');
+	        const newQueryParams = queryParams.toString();
+	        const newUrl = window.location.origin + window.location.pathname + (newQueryParams ? '?' + newQueryParams : '');
+	        window.history.pushState(null, '', newUrl); //* use the Verifier and AuthCode to exchange for AccessToken
+
+	        if (verifier) {
+	          const data = yield __classPrivateFieldGet(this, _Authentication_exchangeAuthCodeForAccessToken, "f").call(this, {
+	            code,
+	            verifier,
+	            redirectUri: newUrl
+	          });
+	          const redirectTriggered = yield __classPrivateFieldGet(this, _Authentication_verifyAndPerformRedirections, "f").call(this, data.access_token);
+
+	          if (redirectTriggered) {
+	            return true;
+	          }
+
+	          if (__classPrivateFieldGet(this, _Authentication_config, "f").autoRefreshToken && data.refresh_token && data.expires_in) {
+	            __classPrivateFieldSet(this, _Authentication_refreshInfo, {
+	              refreshToken: data.refresh_token,
+	              accessTokenExpireIn: data.expires_in,
+	              verifier: verifier,
+	              timer: undefined
+	            }, "f");
+
+	            __classPrivateFieldGet(this, _Authentication_startRefreshAccessTokenProcess, "f").call(this);
+	          } //* store access token in memory
+
+
+	          __classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
+
+	          return true;
+	        }
+
+	        return false;
+	      } else {
+	        return false;
+	      }
+	    });
+
+	    this.getUserInfo = () => {
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").userInfo(__classPrivateFieldGet(this, _Authentication_accessToken, "f"));
+	    };
+
+	    this.linkUser = params => {
+	      const decodeToken = this.getDecodedAccessToken();
+
+	      if (!decodeToken) {
+	        return;
+	      }
+
+	      const redirectUrl = params.redirectUrl || window.location.href;
+
+	      __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").linkUser({
+	        redirectUrl,
+	        jti: decodeToken.jti,
+	        newWindow: params.newWindow,
+	        callback: params.callback
+	      });
+	    };
+
+	    this.unlinkUser = params => {
+	      const decodeToken = this.getDecodedAccessToken();
+
+	      if (!decodeToken) {
+	        return;
+	      }
+
+	      const redirectUrl = params.redirectUrl || window.location.href;
+
+	      __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").unlinkUser({
+	        redirectUrl,
+	        jti: decodeToken.jti,
+	        newWindow: params.newWindow,
+	        callback: params.callback
+	      });
+	    };
+
+	    this.getCloudProviderToken = jti => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getCloudProviderToken(__classPrivateFieldGet(this, _Authentication_accessToken, "f"), jti);
+	    };
+
+	    this.cloudProviderUserInfo = () => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderUserInfo(__classPrivateFieldGet(this, _Authentication_accessToken, "f"));
+	    };
+
+	    this.cloudProviderReauthenticate = params => __awaiter(this, void 0, void 0, function* () {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      let {
+	        nonce,
+	        redirectUrl
+	      } = params;
+	      const {
+	        newWindow,
+	        callback
+	      } = params;
+	      redirectUrl = redirectUrl || window.location.href;
+
+	      if (!nonce) {
+	        const reauthticateLink = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderReauthenticateLink(__classPrivateFieldGet(this, _Authentication_accessToken, "f"));
+	        nonce = reauthticateLink.nonce;
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").cloudProviderReauthenticate({
+	        redirectUrl,
+	        nonce,
+	        newWindow,
+	        callback
+	      });
+	    });
+
+	    this.statusAdminConsent = () => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").statusAdminConsent(__classPrivateFieldGet(this, _Authentication_accessToken, "f"));
+	    };
+
+	    this.getAdminConsent = params => {
+	      const redirectUrl = params.redirectUrl || window.location.href;
+
+	      __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getAdminConsent(Object.assign(Object.assign({}, params), {
+	        redirectUrl
+	      }));
+	    };
+
+	    this.revokeAdminConsent = () => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").revokeAdminConsent(__classPrivateFieldGet(this, _Authentication_accessToken, "f"));
+	    };
+
+	    this.getLinkMap = (allUsers = false) => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getLinkMap(__classPrivateFieldGet(this, _Authentication_accessToken, "f"), allUsers);
+	    };
+
+	    this.setLinkMap = linkMap => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      const verifyFormat = () => {
+	        if (Array.isArray(linkMap)) {
+	          for (const link of linkMap) {
+	            if (!(link.internalUser && link.externalUser && link.externalUser.id)) return false;
+	          }
+
+	          return true;
+	        }
+
+	        return false;
+	      };
+
+	      if (!verifyFormat()) throw Error('linkmap in wrong format');
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").setLinkMap(__classPrivateFieldGet(this, _Authentication_accessToken, "f"), linkMap);
+	    };
+
+	    this.authoriseSupport = params => {
+	      if (!__classPrivateFieldGet(this, _Authentication_accessToken, "f")) {
+	        throw Error('Not authenticated yet');
+	      }
+
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").authoriseSupport(__classPrivateFieldGet(this, _Authentication_accessToken, "f"), params);
+	    };
+
+	    this.changePassword = params => {
+	      const redirectUrl = params.redirectUrl || window.location.href;
+
+	      __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").changePassword(Object.assign(Object.assign({}, params), {
+	        redirectUrl
+	      }));
+	    };
+
+	    this.passthrough = params => {
+	      const decodedToken = this.getDecodedAccessToken();
+
+	      if (decodedToken && decodedToken.jti) {
+	        const {
+	          url,
+	          newWindow,
+	          authHost
+	        } = params;
+	        const encodedRedirectUrl = encodeURIComponent(url);
+	        const passthroughUrl = `${authHost || __classPrivateFieldGet(this, _Authentication_config, "f").authHost}/oauth/passthrough?jti=${decodedToken.jti}&redirect=${encodedRedirectUrl}&output=embed`;
+
+	        if (newWindow) {
+	          window.open(passthroughUrl, '_blank');
+	        } else {
+	          window.location.assign(passthroughUrl);
+	        }
+	      }
+
+	      return;
+	    };
+
+	    this.triggerHooks = hookName => {
+	      const hooks = this.getHooks();
+	      const token = this.getAccessToken();
+	      const hookFn = hooks && !!hooks[hookName] && lodash.isFunction(hooks[hookName]) ? hooks[hookName](token) : false;
+	      return Promise.resolve(hookFn);
+	    };
+
+	    _Authentication_exchangeAuthCodeForAccessToken.set(this, params => __awaiter(this, void 0, void 0, function* () {
+	      const {
+	        code,
+	        verifier,
+	        redirectUri
+	      } = params;
+	      return __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").exchangeAuthCodeForAccessToken({
+	        code,
+	        verifier,
+	        redirectUri
+	      });
+	    }));
+
+	    _Authentication_verifyAndPerformRedirections.set(this, accessToken => __awaiter(this, void 0, void 0, function* () {
+	      const redirectionConfig = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").getRedirections();
+	      const origin = window.location.origin;
+
+	      const decodedToken = __classPrivateFieldGet(this, _Authentication_decodeAccessToken, "f").call(this, accessToken);
+
+	      const redirectUri = getRedirectUri(origin, decodedToken, redirectionConfig);
+
+	      if (redirectUri) {
+	        this.logout(false, redirectUri);
+	        return true;
+	      }
+
+	      return false;
+	    }));
+
+	    _Authentication_startRefreshAccessTokenProcess.set(this, () => {
+	      if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
+	        return;
+	      }
+
+	      if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer) {
+	        clearTimeout(__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer);
+
+	        __classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), {
+	          timer: undefined
+	        }), "f");
+	      }
+
+	      const waitBeforeExecuting = (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").accessTokenExpireIn - SECONDS_BEFORE_EXPIRE) * 1000;
+	      const timer = setTimeout(() => __awaiter(this, void 0, void 0, function* () {
+	        if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
+	          return;
+	        }
+
+	        const data = yield __classPrivateFieldGet(this, _Authentication_leapAuthService, "f").renewAccessToken({
+	          refreshToken: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").refreshToken,
+	          verifier: __classPrivateFieldGet(this, _Authentication_refreshInfo, "f").verifier
+	        });
+
+	        if (data) {
+	          if (data.refresh_token && data.expires_in) {
+	            __classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), {
+	              refreshToken: data.refresh_token,
+	              accessTokenExpireIn: data.expires_in
+	            }), "f");
+
+	            __classPrivateFieldGet(this, _Authentication_startRefreshAccessTokenProcess, "f").call(this);
+	          }
+
+	          __classPrivateFieldSet(this, _Authentication_accessToken, data.access_token, "f");
+	        }
+	      }), waitBeforeExecuting);
+
+	      __classPrivateFieldSet(this, _Authentication_refreshInfo, Object.assign(Object.assign({}, __classPrivateFieldGet(this, _Authentication_refreshInfo, "f")), {
+	        timer
+	      }), "f");
+	    });
+
+	    _Authentication_destroyRefreshAccessTokenProcess.set(this, () => {
+	      if (!__classPrivateFieldGet(this, _Authentication_refreshInfo, "f")) {
+	        return;
+	      }
+
+	      if (__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer) {
+	        clearTimeout(__classPrivateFieldGet(this, _Authentication_refreshInfo, "f").timer);
+	      }
+
+	      __classPrivateFieldSet(this, _Authentication_refreshInfo, undefined, "f");
+	    });
+
+	    _Authentication_decodeAccessToken.set(this, accessToken => {
+	      const payload = accessToken.split('.')[1];
+
+	      if (payload) {
+	        try {
+	          const result = window.atob(payload);
+	          return JSON.parse(result);
+	        } catch (e) {
+	          throw Error('Fail to decode access token.');
+	        }
+	      }
+
+	      return undefined;
+	    });
+
+	    __classPrivateFieldSet(this, _Authentication_accessToken, undefined, "f");
+
+	    __classPrivateFieldSet(this, _Authentication_config, init$1(options), "f");
+
+	    __classPrivateFieldSet(this, _Authentication_leapAuthService, new LeapAuthService(__classPrivateFieldGet(this, _Authentication_config, "f").authHost, __classPrivateFieldGet(this, _Authentication_config, "f").clientId), "f");
+
+	    __classPrivateFieldSet(this, _Authentication_notification, new Notification(), "f");
+	  }
+
+	}
+	_Authentication_accessToken = new WeakMap(), _Authentication_config = new WeakMap(), _Authentication_leapAuthService = new WeakMap(), _Authentication_notification = new WeakMap(), _Authentication_refreshInfo = new WeakMap(), _Authentication_exchangeAuthCodeForAccessToken = new WeakMap(), _Authentication_verifyAndPerformRedirections = new WeakMap(), _Authentication_startRefreshAccessTokenProcess = new WeakMap(), _Authentication_destroyRefreshAccessTokenProcess = new WeakMap(), _Authentication_decodeAccessToken = new WeakMap();
+
+	var _IdleTimer_timeoutInMinutes, _IdleTimer_timer, _IdleTimer_onTimeout, _IdleTimer_cleanUpTracker, _IdleTimer_clearTimeout, _IdleTimer_resetTimer;
+	class IdleTimer {
+	  constructor(params) {
+	    _IdleTimer_timeoutInMinutes.set(this, void 0);
+
+	    _IdleTimer_timer.set(this, void 0);
+
+	    _IdleTimer_onTimeout.set(this, void 0);
+
+	    this.tracker = () => {
+	      window.addEventListener('onload', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.addEventListener('mousemove', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.addEventListener('onmousedown', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.addEventListener('onscroll', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.addEventListener('onkeypress', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	    };
+
+	    _IdleTimer_cleanUpTracker.set(this, () => {
+	      window.removeEventListener('onload', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.removeEventListener('mousemove', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.removeEventListener('onmousedown', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.removeEventListener('onscroll', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	      window.removeEventListener('onkeypress', __classPrivateFieldGet(this, _IdleTimer_resetTimer, "f"), true);
+	    });
+
+	    _IdleTimer_clearTimeout.set(this, () => {
+	      if (__classPrivateFieldGet(this, _IdleTimer_timer, "f")) {
+	        clearTimeout(__classPrivateFieldGet(this, _IdleTimer_timer, "f"));
+	      }
+	    });
+
+	    _IdleTimer_resetTimer.set(this, () => {
+	      __classPrivateFieldGet(this, _IdleTimer_clearTimeout, "f").call(this);
+
+	      __classPrivateFieldSet(this, _IdleTimer_timer, setTimeout(() => {
+	        __classPrivateFieldGet(this, _IdleTimer_clearTimeout, "f").call(this);
+
+	        __classPrivateFieldGet(this, _IdleTimer_cleanUpTracker, "f").call(this);
+
+	        __classPrivateFieldGet(this, _IdleTimer_onTimeout, "f").call(this);
+	      }, __classPrivateFieldGet(this, _IdleTimer_timeoutInMinutes, "f") * 60 * 1000), "f");
+	    });
+
+	    const {
+	      timeoutInMinutes,
+	      onTimeout: onTimeout
+	    } = params;
+
+	    __classPrivateFieldSet(this, _IdleTimer_timeoutInMinutes, timeoutInMinutes, "f");
+
+	    __classPrivateFieldSet(this, _IdleTimer_onTimeout, onTimeout, "f");
+	  }
+
+	}
+	_IdleTimer_timeoutInMinutes = new WeakMap(), _IdleTimer_timer = new WeakMap(), _IdleTimer_onTimeout = new WeakMap(), _IdleTimer_cleanUpTracker = new WeakMap(), _IdleTimer_clearTimeout = new WeakMap(), _IdleTimer_resetTimer = new WeakMap();
+
+	let auth;
+
+	const init = options => __awaiter(void 0, void 0, void 0, function* () {
+	  auth = new Authentication(options);
+
+	  if (!auth) {
+	    return false;
+	  }
+
+	  if (auth.autoLogout()) {
+	    const timeoutInMinutes = auth.idleTimeoutInMinutes();
+	    const idleTimer = new IdleTimer({
+	      timeoutInMinutes,
+	      onTimeout: logout
+	    });
+	    idleTimer.tracker();
+	  } //* check if authCode in URL
+
+
+	  const done = yield auth.checkAuthCode();
+
+	  if (done) {
+	    return auth.triggerHooks('afterLogin').then(() => {
+	      return getAccessToken();
+	    });
+	  }
+
+	  const autoLogin = auth.autoLogin();
+
+	  if (autoLogin) {
+	    login();
+	  }
+
+	  return true;
+	});
+
+	const getAccessToken = () => {
+	  return !auth ? '' : auth.getAccessToken();
+	};
+
+	const login = () => __awaiter(void 0, void 0, void 0, function* () {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.login().then(token => {
+	    const hooks = auth === null || auth === void 0 ? void 0 : auth.getHooks();
+	    const afterLogin = token && hooks && lodash.isFunction(hooks.afterLogin) ? hooks.afterLogin(token) : false;
+	    return Promise.resolve(afterLogin).then(() => {
+	      if (token && auth) {
+	        auth.initNotification();
+	      }
+
+	      return token;
+	    });
+	  });
+	});
+
+	const logout = (force = false, redirectUrl) => __awaiter(void 0, void 0, void 0, function* () {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  const hooks = auth === null || auth === void 0 ? void 0 : auth.getHooks();
+	  const beforeLogout = hooks && lodash.isFunction(hooks.beforeLogout) ? hooks.beforeLogout() : false;
+	  return Promise.resolve(beforeLogout).then(() => {
+	    if (auth) {
+	      auth.destroyNotification();
+	      auth.logout(force, redirectUrl);
+	    }
+
+	    return;
+	  }).catch(function (err) {
+	    console.error('Error while logging out : ', err);
+	    throw Error(err);
+	  });
+	});
+
+	const registerHook = (hookName, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  if (auth) {
+	    auth.setHook({
+	      name: hookName,
+	      callback
+	    });
+	  }
+
+	  return;
+	};
+
+	const getDecodedAccessToken = () => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.getDecodedAccessToken();
+	};
+
+	const userInfo = () => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.getUserInfo();
+	};
+
+	const linkUser = (redirectUrl, newWindow, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  auth.linkUser({
+	    redirectUrl,
+	    newWindow,
+	    callback
+	  });
+	};
+
+	const unlinkUser = (redirectUrl, newWindow, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  auth.unlinkUser({
+	    redirectUrl,
+	    newWindow,
+	    callback
+	  });
+	};
+
+	const getCloudProviderToken = jti => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.getCloudProviderToken(jti);
+	};
+
+	const cloudProviderUserInfo = () => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.cloudProviderUserInfo();
+	};
+
+	const cloudProviderReauthenticate = (nonce, redirectUrl, newWindow, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.cloudProviderReauthenticate({
+	    redirectUrl,
+	    nonce,
+	    newWindow,
+	    callback
+	  });
+	};
+
+	const statusAdminConsent = () => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.statusAdminConsent();
+	};
+
+	const getAdminConsent = (domain, redirectUrl, newWindow, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  auth.getAdminConsent({
+	    domain,
+	    redirectUrl,
+	    newWindow,
+	    callback
+	  });
+	};
+
+	const revokeAdminConsent = () => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.revokeAdminConsent();
+	};
+
+	const getLinkMap = allUsers => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.getLinkMap(allUsers);
+	};
+
+	const setLinkMap = linkMap => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.setLinkMap(linkMap);
+	};
+
+	const authoriseSupport = (code, duration) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  return auth.authoriseSupport({
+	    code,
+	    duration
+	  });
+	};
+
+	const changePassword = (redirectUrl, newWindow, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  auth.changePassword({
+	    redirectUrl,
+	    newWindow,
+	    callback
+	  });
+	};
+
+	const registerEventListener = (topic, messageType, callback) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  auth.registerEventListenerForUserChannel({
+	    topic,
+	    messageType,
+	    callback
+	  });
+	};
+
+	const passthrough = (url, newWindow = false, authHost) => {
+	  if (!auth) {
+	    throw Error('Not init yet');
+	  }
+
+	  auth.passthrough({
+	    url,
+	    newWindow,
+	    authHost
+	  });
+	};
+
+	var AuthAgent = {
+	  init,
+	  registerHook,
+	  login,
+	  logout,
+	  getAccessToken,
+	  getDecodedAccessToken,
+	  userInfo,
+	  linkUser,
+	  unlinkUser,
+	  getCloudProviderToken,
+	  cloudProviderUserInfo,
+	  cloudProviderReauthenticate,
+	  statusAdminConsent,
+	  getAdminConsent,
+	  revokeAdminConsent,
+	  getLinkMap,
+	  setLinkMap,
+	  authoriseSupport,
+	  changePassword,
+	  registerEventListener,
+	  passthrough
+	};
+
+	return AuthAgent;
+
 }));