@lindorm/aegis 0.4.4 → 0.5.0

package/dist/internal/utils/extract-token-delegation.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractTokenDelegation = void 0;
+const utils_1 = require("@lindorm/utils");
+const walkActChain = (act) => {
+    const chain = [];
+    let current = act;
+    while (current) {
+        chain.push((0, utils_1.removeUndefined)({
+            subject: current.sub,
+            issuer: current.iss,
+            audience: current.aud,
+            clientId: current.client_id,
+        }));
+        current = current.act;
+    }
+    return chain;
+};
+const extractTokenDelegation = (payload) => {
+    const actorChain = walkActChain(payload.act);
+    return {
+        currentActor: actorChain[0]?.subject,
+        actorChain,
+        isDelegated: actorChain.length > 0,
+    };
+};
+exports.extractTokenDelegation = extractTokenDelegation;
+//# sourceMappingURL=extract-token-delegation.js.map

package/dist/internal/utils/extract-token-delegation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"extract-token-delegation.js","sourceRoot":"","sources":["../../../src/internal/utils/extract-token-delegation.ts"],"names":[],"mappings":";;;AAAA,0CAAiD;AAKjD,MAAM,YAAY,GAAG,CAAC,GAA6B,EAAmB,EAAE;IACtE,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,IAAI,OAAO,GAAG,GAAG,CAAC;IAClB,OAAO,OAAO,EAAE,CAAC;QACf,KAAK,CAAC,IAAI,CACR,IAAA,uBAAe,EAAC;YACd,OAAO,EAAE,OAAO,CAAC,GAAG;YACpB,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,QAAQ,EAAE,OAAO,CAAC,GAAG;YACrB,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC,CACH,CAAC;QACF,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;IACxB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC,CAAC;AAEK,MAAM,sBAAsB,GAAG,CAAC,OAEtC,EAAmB,EAAE;IACpB,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7C,OAAO;QACL,YAAY,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,OAAO;QACpC,UAAU;QACV,WAAW,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC;KACnC,CAAC;AACJ,CAAC,CAAC;AATW,QAAA,sBAAsB,0BASjC"}

package/dist/internal/utils/generate-token-id.d.ts

@@ -0,0 +1,2 @@
+export declare const generateTokenId: () => string;
+//# sourceMappingURL=generate-token-id.d.ts.map

package/dist/internal/utils/generate-token-id.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-token-id.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/generate-token-id.ts"],"names":[],"mappings":"AA+BA,eAAO,MAAM,eAAe,QAAO,MAA2C,CAAC"}

package/dist/internal/utils/generate-token-id.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateTokenId = void 0;
+const b64_1 = require("@lindorm/b64");
+const crypto_1 = require("crypto");
+const format_1 = require("../constants/format");
+const generateTokenId = () => b64_1.B64.encode((0, crypto_1.randomBytes)(15), format_1.B64U);
+exports.generateTokenId = generateTokenId;
+//# sourceMappingURL=generate-token-id.js.map

package/dist/internal/utils/generate-token-id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generate-token-id.js","sourceRoot":"","sources":["../../../src/internal/utils/generate-token-id.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,mCAAqC;AACrC,gDAA2C;AA6BpC,MAAM,eAAe,GAAG,GAAW,EAAE,CAAC,SAAG,CAAC,MAAM,CAAC,IAAA,oBAAW,EAAC,EAAE,CAAC,EAAE,aAAI,CAAC,CAAC;AAAlE,QAAA,eAAe,mBAAmD"}

package/dist/internal/utils/jose-header.d.ts

@@ -1,4 +1,4 @@
-import { DecodedTokenHeader, TokenHeaderOptions } from "../../types";
-export declare const encodeJoseHeader: (options: TokenHeaderOptions) => string;
+import { CertificateHeaderFields, DecodedTokenHeader, TokenHeaderOptions } from "../../types";
+export declare const encodeJoseHeader: (options: TokenHeaderOptions, cert?: CertificateHeaderFields) => string;
 export declare const decodeJoseHeader: (header: string) => DecodedTokenHeader;
 //# sourceMappingURL=jose-header.d.ts.map

package/dist/internal/utils/jose-header.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jose-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAqB,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGxF,eAAO,MAAM,gBAAgB,GAAI,SAAS,kBAAkB,KAAG,MAgC9D,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,KAAG,kBAcjD,CAAC"}
+{"version":3,"file":"jose-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAElB,kBAAkB,EACnB,MAAM,aAAa,CAAC;AAGrB,eAAO,MAAM,gBAAgB,GAC3B,SAAS,kBAAkB,EAC3B,OAAO,uBAAuB,KAC7B,MA6BF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,KAAG,kBAsBjD,CAAC"}

package/dist/internal/utils/jose-header.js

@@ -5,7 +5,7 @@ const b64_1 = require("@lindorm/b64");
 const format_1 = require("../constants/format");
 const header_1 = require("../constants/header");
 const token_header_1 = require("./token-header");
-const encodeJoseHeader = (options) => {
+const encodeJoseHeader = (options, cert) => {
     if (!options.algorithm) {
         throw new Error("Algorithm is required");
     }
@@ -15,13 +15,10 @@ const encodeJoseHeader = (options) => {
     if (!options.headerType) {
         throw new Error("Header type is required");
     }
-    if (!header_1.TOKEN_HEADER_TYPES.includes(options.headerType)) {
-        throw new Error(`Invalid header type: ${options.headerType}`);
-    }
     if (!options.keyId) {
         throw new Error("Key ID is required");
     }
-    const raw = (0, token_header_1.mapTokenHeader)(options);
+    const raw = (0, token_header_1.mapTokenHeader)(options, cert);
     const claims = {
         ...raw,
         alg: options.algorithm,
@@ -38,6 +35,9 @@ const decodeJoseHeader = (header) => {
     if (!json.alg || typeof json.alg !== "string") {
         throw new Error("Missing or invalid token header: alg");
     }
+    if (!header_1.TOKEN_HEADER_ALGORITHMS.includes(json.alg)) {
+        throw new Error(`Unsupported algorithm: ${json.alg}`);
+    }
     if (json.typ !== undefined && typeof json.typ !== "string") {
         throw new Error("Invalid token header: typ must be a string");
     }

package/dist/internal/utils/jose-header.js.map

@@ -1 +1 @@
-{"version":3,"file":"jose-header.js","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,gDAA2C;AAC3C,gDAAkF;AAElF,iDAAgD;AAEzC,MAAM,gBAAgB,GAAG,CAAC,OAA2B,EAAU,EAAE;IACtE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,gCAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,2BAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,6BAAc,EAAC,OAAO,CAAC,CAAC;IAMpC,MAAM,MAAM,GAAsB;QAChC,GAAG,GAAG;QACN,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;IAEF,OAAO,SAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,aAAI,CAAC,CAAC;AAClD,CAAC,CAAC;AAhCW,QAAA,gBAAgB,oBAgC3B;AAEK,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAsB,EAAE;IACrE,MAAM,MAAM,GAAG,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAE9D,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAGD,OAAO,IAA0B,CAAC;AACpC,CAAC,CAAC;AAdW,QAAA,gBAAgB,oBAc3B"}
+{"version":3,"file":"jose-header.js","sourceRoot":"","sources":["../../../src/internal/utils/jose-header.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,gDAA2C;AAC3C,gDAA8D;AAO9D,iDAAgD;AAEzC,MAAM,gBAAgB,GAAG,CAC9B,OAA2B,EAC3B,IAA8B,EACtB,EAAE;IACV,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,gCAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC7D,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,GAAG,GAAG,IAAA,6BAAc,EAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAM1C,MAAM,MAAM,GAAsB;QAChC,GAAG,GAAG;QACN,GAAG,EAAE,OAAO,CAAC,SAAS;QACtB,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACpD,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,aAAI,CAAC,CAAC,CAAC,CAAC,SAAS;KACrD,CAAC;IAEF,OAAO,SAAG,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,aAAI,CAAC,CAAC;AAClD,CAAC,CAAC;AAhCW,QAAA,gBAAgB,oBAgC3B;AAEK,MAAM,gBAAgB,GAAG,CAAC,MAAc,EAAsB,EAAE;IACrE,MAAM,MAAM,GAAG,SAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAA+B,CAAC;IAE9D,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAMD,IAAI,CAAE,gCAAiD,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAGD,OAAO,IAA0B,CAAC;AACpC,CAAC,CAAC;AAtBW,QAAA,gBAAgB,oBAsB3B"}

package/dist/internal/utils/jwt-payload.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAKtC,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG1F,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,qBAAqB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACzD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,SAyEF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACpD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,MAUF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC3D,SAAS,MAAM,KACd,YAAY,CAAC,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,iBAAiB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC5D,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,gBAAgB,CAAC,CAAC,CA4EpB,CAAC"}
+{"version":3,"file":"jwt-payload.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAItC,OAAO,EAGL,SAAS,EACT,gBAAgB,EAChB,cAAc,EACd,cAAc,EACf,MAAM,aAAa,CAAC;AAMrB,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,gBAAgB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,KAAK,YAAY,CAAC,CAAC,SAAS,IAAI,GAAG,IAAI,IAAI,SAAS,GAAG,CAAC,CAAC;AAEzD,KAAK,MAAM,GAAG;IACZ,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAWF,eAAO,MAAM,qBAAqB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACzD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,SAoFF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,EACpD,QAAQ,MAAM,EACd,SAAS,cAAc,CAAC,CAAC,CAAC,EAC1B,SAAS,cAAc,KACtB,MAgBF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC3D,SAAS,MAAM,KACd,YAAY,CAAC,CAAC,CAAyD,CAAC;AAE3E,eAAO,MAAM,iBAAiB,GAAI,CAAC,SAAS,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAC5D,SAAS,YAAY,CAAC,CAAC,CAAC,KACvB,gBAAgB,CAAC,CAAC,CAoCpB,CAAC"}

package/dist/internal/utils/jwt-payload.js

@@ -2,13 +2,23 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.parseTokenPayload = exports.decodeJwtPayload = exports.encodeJwtPayload = exports.mapJwtContentToClaims = void 0;
 const b64_1 = require("@lindorm/b64");
+const case_1 = require("@lindorm/case");
 const date_1 = require("@lindorm/date");
 const is_1 = require("@lindorm/is");
 const utils_1 = require("@lindorm/utils");
-const crypto_1 = require("crypto");
 const format_1 = require("../constants/format");
 const errors_1 = require("../../errors");
 const create_hash_1 = require("./create-hash");
+const extract_aegis_profile_1 = require("./extract-aegis-profile");
+const extract_claims_1 = require("./extract-claims");
+const generate_token_id_1 = require("./generate-token-id");
+const actClaimToWire = (claim) => (0, utils_1.removeUndefined)({
+    sub: claim.subject,
+    iss: claim.issuer,
+    aud: claim.audience,
+    client_id: claim.clientId,
+    act: (0, is_1.isObject)(claim.act) ? actClaimToWire(claim.act) : undefined,
+});
 const mapJwtContentToClaims = (config, content, options) => {
     if (!(0, is_1.isString)(config.algorithm)) {
         throw new errors_1.JwtError("Algorithm is required");
@@ -22,9 +32,6 @@ const mapJwtContentToClaims = (config, content, options) => {
     if (!(0, is_1.isString)(content.subject)) {
         throw new errors_1.JwtError("Subject is required");
     }
-    if (!(0, is_1.isString)(content.tokenType)) {
-        throw new errors_1.JwtError("Token type is required");
-    }
     const { expiresOn } = (0, date_1.expires)(content.expires);
     const at_hash = (0, is_1.isString)(options.accessTokenHash)
         ? options.accessTokenHash
@@ -41,20 +48,34 @@ const mapJwtContentToClaims = (config, content, options) => {
         : (0, is_1.isString)(content.authState)
             ? (0, create_hash_1.createStateHash)(config.algorithm, content.authState)
             : undefined;
-    const tokenId = (0, is_1.isString)(options.tokenId) ? options.tokenId : (0, crypto_1.randomUUID)();
+    const tokenId = (0, is_1.isString)(options.tokenId) ? options.tokenId : (0, generate_token_id_1.generateTokenId)();
+    const cnf = (0, is_1.isObject)(content.confirmation)
+        ? (0, utils_1.removeUndefined)({
+            jkt: content.confirmation.thumbprint,
+            "x5t#S256": content.confirmation.mtlsCertThumbprint,
+            jwk: content.confirmation.key,
+            kid: content.confirmation.keyId,
+            jku: content.confirmation.jwkSetUri,
+        })
+        : undefined;
     return (0, utils_1.removeUndefined)({
         aal: (0, is_1.isFinite)(content.adjustedAccessLevel) ? content.adjustedAccessLevel : undefined,
         acr: (0, is_1.isString)(content.authContextClass) ? content.authContextClass : undefined,
-        afr: (0, is_1.isString)(content.authFactor) ? content.authFactor : undefined,
+        act: (0, is_1.isObject)(content.act) ? actClaimToWire(content.act) : undefined,
+        afr: (0, is_1.isArray)(content.authFactor) ? content.authFactor : undefined,
         amr: (0, is_1.isArray)(content.authMethods) ? content.authMethods : undefined,
         at_hash,
         aud: (0, is_1.isArray)(content.audience) ? content.audience : undefined,
         auth_time: (0, is_1.isDate)(content.authTime) ? (0, date_1.getUnixTime)(content.authTime) : undefined,
         azp: (0, is_1.isString)(content.authorizedParty) ? content.authorizedParty : undefined,
         c_hash,
-        cid: (0, is_1.isString)(content.clientId) ? content.clientId : undefined,
+        client_id: (0, is_1.isString)(content.clientId) ? content.clientId : undefined,
+        cnf: cnf && Object.keys(cnf).length > 0 ? cnf : undefined,
+        entitlements: (0, is_1.isArray)(content.entitlements) ? content.entitlements : undefined,
         exp: expiresOn,
+        groups: (0, is_1.isArray)(content.groups) ? content.groups : undefined,
         gty: (0, is_1.isString)(content.grantType) ? content.grantType : undefined,
+        may_act: (0, is_1.isObject)(content.mayAct) ? actClaimToWire(content.mayAct) : undefined,
         iat: (0, is_1.isDate)(options.issuedAt)
             ? (0, date_1.getUnixTime)(options.issuedAt)
             : (0, date_1.getUnixTime)(new Date()),
@@ -65,23 +86,23 @@ const mapJwtContentToClaims = (config, content, options) => {
             ? (0, date_1.getUnixTime)(content.notBefore)
             : (0, date_1.getUnixTime)(new Date()),
         nonce: (0, is_1.isString)(content.nonce) ? content.nonce : undefined,
-        per: (0, is_1.isArray)(content.permissions) ? content.permissions : undefined,
-        rls: (0, is_1.isArray)(content.roles) ? content.roles : undefined,
+        permissions: (0, is_1.isArray)(content.permissions) ? content.permissions : undefined,
+        roles: (0, is_1.isArray)(content.roles) ? content.roles : undefined,
         s_hash,
         scope: (0, is_1.isArray)(content.scope) ? content.scope : undefined,
         sid: (0, is_1.isString)(content.sessionId) ? content.sessionId : undefined,
         sih: (0, is_1.isString)(content.sessionHint) ? content.sessionHint : undefined,
         sub: content.subject,
         suh: (0, is_1.isString)(content.subjectHint) ? content.subjectHint : undefined,
-        tid: (0, is_1.isString)(content.tenantId) ? content.tenantId : undefined,
-        token_type: content.tokenType,
+        tenant_id: (0, is_1.isString)(content.tenantId) ? content.tenantId : undefined,
     });
 };
 exports.mapJwtContentToClaims = mapJwtContentToClaims;
 const encodeJwtPayload = (config, content, options) => {
     const claims = (0, exports.mapJwtContentToClaims)(config, content, options);
     const { expiresAt, expiresIn, expiresOn } = (0, date_1.expires)(content.expires);
-    const payload = b64_1.B64.encode(JSON.stringify({ ...claims, ...(content.claims ?? {}) }), format_1.B64U);
+    const profileWire = (0, is_1.isObject)(content.profile) ? (0, case_1.snakeKeys)(content.profile) : {};
+    const payload = b64_1.B64.encode(JSON.stringify({ ...claims, ...profileWire, ...(content.claims ?? {}) }), format_1.B64U);
     return { expiresAt, expiresIn, expiresOn, payload, tokenId: claims.jti };
 };
 exports.encodeJwtPayload = encodeJwtPayload;
@@ -97,38 +118,24 @@ const parseTokenPayload = (decoded) => {
     if (!(0, is_1.isString)(decoded.iss)) {
         throw new errors_1.JwtError("Missing claim: iss");
     }
-    const { aal, acr, afr, amr, at_hash, aud, auth_time, azp, c_hash, cid, exp, gty, iat, iss, jti, loa, nbf, nonce, per, rls, s_hash, scope, sid, sih, sub, suh, tid, token_type, ...rest } = decoded;
-    const claims = ((0, is_1.isObject)(rest) ? rest : {});
+    const { claims: domain, rest } = (0, extract_claims_1.extractDomainClaims)(decoded);
+    const { profile, rest: customClaims } = (0, extract_aegis_profile_1.extractAegisProfile)(rest);
     return (0, utils_1.removeUndefined)({
-        accessTokenHash: at_hash,
-        adjustedAccessLevel: aal,
-        audience: aud ?? [],
-        authContextClass: acr,
-        authFactor: afr,
-        authMethods: amr ?? [],
-        authorizedParty: azp,
-        authTime: auth_time ? new Date(auth_time * 1000) : undefined,
-        clientId: cid,
-        codeHash: c_hash,
-        expiresAt: exp ? new Date(exp * 1000) : undefined,
-        grantType: gty,
-        issuedAt: iat ? new Date(iat * 1000) : undefined,
-        issuer: iss,
-        levelOfAssurance: loa,
-        nonce,
-        notBefore: nbf ? new Date(nbf * 1000) : undefined,
-        permissions: (0, is_1.isArray)(per) ? per : (0, is_1.isString)(per) ? [per] : [],
-        roles: (0, is_1.isArray)(rls) ? rls : (0, is_1.isString)(rls) ? [rls] : [],
-        scope: (0, is_1.isArray)(scope) ? scope : (0, is_1.isString)(scope) ? [scope] : [],
-        sessionHint: sih,
-        sessionId: sid,
-        stateHash: s_hash,
-        subject: sub ? sub : "unknown",
-        subjectHint: suh,
-        tenantId: tid,
-        tokenId: jti ? jti : "unknown",
-        tokenType: token_type ? token_type : "unknown",
-        claims,
+        ...domain,
+        issuer: domain.issuer,
+        expiresAt: domain.expiresAt,
+        issuedAt: domain.issuedAt,
+        audience: domain.audience ?? [],
+        authMethods: domain.authMethods ?? [],
+        entitlements: domain.entitlements ?? [],
+        groups: domain.groups ?? [],
+        permissions: domain.permissions ?? [],
+        roles: domain.roles ?? [],
+        scope: domain.scope ?? [],
+        subject: domain.subject ?? "unknown",
+        tokenId: domain.tokenId ?? "unknown",
+        profile,
+        claims: customClaims,
     });
 };
 exports.parseTokenPayload = parseTokenPayload;

package/dist/internal/utils/jwt-payload.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,wCAAqD;AACrD,oCAAuF;AAGvF,0CAAiD;AACjD,mCAAoC;AACpC,gDAA2C;AAC3C,yCAAwC;AAExC,+CAAuF;AAiBhF,MAAM,qBAAqB,GAAG,CACnC,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACZ,EAAE;IACb,IAAI,CAAC,IAAA,aAAQ,EAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,IAAA,cAAS,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,iBAAQ,CAAC,wBAAwB,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,IAAA,mCAAqB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,IAAA,4BAAc,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,IAAA,6BAAe,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,mBAAU,GAAE,CAAC;IAE3E,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAClE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,GAAG,EAAE,SAAS;QACd,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACvD,MAAM;QACN,KAAK,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC9D,UAAU,EAAE,OAAO,CAAC,SAAS;KAC9B,CAAC,CAAC;AACL,CAAC,CAAC;AA7EW,QAAA,qBAAqB,yBA6EhC;AAEK,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAErE,MAAM,OAAO,GAAG,SAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,EACxD,aAAI,CACL,CAAC;IAEF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAI,EAAE,CAAC;AAC5E,CAAC,CAAC;AAdW,QAAA,gBAAgB,oBAc3B;AAEK,MAAM,gBAAgB,GAAG,CAC9B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAF9D,QAAA,gBAAgB,oBAE8C;AAEpE,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,EACJ,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,OAAO,EACP,GAAG,EACH,SAAS,EACT,GAAG,EACH,MAAM,EACN,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,KAAK,EACL,GAAG,EACH,GAAG,EACH,MAAM,EACN,KAAK,EACL,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,GAAG,EACH,UAAU,EACV,GAAG,IAAI,EACR,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAM,CAAC;IAEjD,OAAO,IAAA,uBAAe,EAAC;QACrB,eAAe,EAAE,OAAO;QACxB,mBAAmB,EAAE,GAAG;QACxB,QAAQ,EAAE,GAAG,IAAI,EAAE;QACnB,gBAAgB,EAAE,GAAG;QACrB,UAAU,EAAE,GAAG;QACf,WAAW,EAAE,GAAG,IAAI,EAAE;QACtB,eAAe,EAAE,GAAG;QACpB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAC5D,QAAQ,EAAE,GAAG;QACb,QAAQ,EAAE,MAAM;QAChB,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,SAAS,EAAE,GAAG;QACd,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QAChD,MAAM,EAAE,GAAG;QACX,gBAAgB,EAAE,GAAG;QACrB,KAAK;QACL,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACjD,WAAW,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QAC5D,KAAK,EAAE,IAAA,YAAO,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;QACtD,KAAK,EAAE,IAAA,YAAO,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAA,aAAQ,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE;QAC9D,WAAW,EAAE,GAAG;QAChB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9B,WAAW,EAAE,GAAG;QAChB,QAAQ,EAAE,GAAG;QACb,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QAC9B,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QAC9C,MAAM;KACP,CAAC,CAAC;AACL,CAAC,CAAC;AA9EW,QAAA,iBAAiB,qBA8E5B"}
+{"version":3,"file":"jwt-payload.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-payload.ts"],"names":[],"mappings":";;;AAAA,sCAAmC;AACnC,wCAA0C;AAC1C,wCAAqD;AACrD,oCAAuF;AAGvF,0CAAiD;AACjD,gDAA2C;AAC3C,yCAAwC;AASxC,+CAAuF;AACvF,mEAA8D;AAC9D,qDAAuD;AACvD,2DAAsD;AAiBtD,MAAM,cAAc,GAAG,CAAC,KAAe,EAAgB,EAAE,CACvD,IAAA,uBAAe,EAAC;IACd,GAAG,EAAE,KAAK,CAAC,OAAO;IAClB,GAAG,EAAE,KAAK,CAAC,MAAM;IACjB,GAAG,EAAE,KAAK,CAAC,QAAQ;IACnB,SAAS,EAAE,KAAK,CAAC,QAAQ;IACzB,GAAG,EAAE,IAAA,aAAQ,EAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;CACjE,CAAC,CAAC;AAEE,MAAM,qBAAqB,GAAG,CACnC,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACZ,EAAE;IACb,IAAI,CAAC,IAAA,aAAQ,EAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,iBAAQ,CAAC,uBAAuB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,IAAA,cAAS,EAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,iBAAQ,CAAC,qBAAqB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC;QAC/C,CAAC,CAAC,OAAO,CAAC,eAAe;QACzB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC;YAC7B,CAAC,CAAC,IAAA,mCAAqB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC;YAC9D,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;QACvC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC1B,CAAC,CAAC,IAAA,4BAAc,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,MAAM,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;QACxC,CAAC,CAAC,OAAO,CAAC,SAAS;QACnB,CAAC,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC;YAC3B,CAAC,CAAC,IAAA,6BAAe,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC;IAEhB,MAAM,OAAO,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,mCAAe,GAAE,CAAC;IAEhF,MAAM,GAAG,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,YAAY,CAAC;QACxC,CAAC,CAAC,IAAA,uBAAe,EAAC;YACd,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,UAAU;YACpC,UAAU,EAAE,OAAO,CAAC,YAAY,CAAC,kBAAkB;YACnD,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG;YAC7B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK;YAC/B,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,SAAS;SACpC,CAAC;QACJ,CAAC,CAAC,SAAS,CAAC;IAEd,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS;QACpF,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;QACjE,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACnE,OAAO;QACP,GAAG,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QAC7D,SAAS,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;QAC/E,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;QAC5E,MAAM;QACN,SAAS,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;QACzD,YAAY,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,SAAS;QACd,MAAM,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;QAC5D,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,OAAO,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC3B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,QAAQ,CAAC;YAC/B,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,GAAG,EAAE,MAAM,CAAC,MAAM;QAClB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS;QAC9E,GAAG,EAAE,IAAA,WAAM,EAAC,OAAO,CAAC,SAAS,CAAC;YAC5B,CAAC,CAAC,IAAA,kBAAW,EAAC,OAAO,CAAC,SAAS,CAAC;YAChC,CAAC,CAAC,IAAA,kBAAW,EAAC,IAAI,IAAI,EAAE,CAAC;QAC3B,KAAK,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QAC1D,WAAW,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC3E,KAAK,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,MAAM;QACN,KAAK,EAAE,IAAA,YAAO,EAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;QACzD,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;QAChE,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,GAAG,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QACpE,SAAS,EAAE,IAAA,aAAQ,EAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KACrE,CAAC,CAAC;AACL,CAAC,CAAC;AAxFW,QAAA,qBAAqB,yBAwFhC;AAEK,MAAM,gBAAgB,GAAG,CAC9B,MAAc,EACd,OAA0B,EAC1B,OAAuB,EACf,EAAE;IACV,MAAM,MAAM,GAAG,IAAA,6BAAqB,EAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC/D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAA,cAAO,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAMrE,MAAM,WAAW,GAAG,IAAA,aAAQ,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAA,gBAAS,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhF,MAAM,OAAO,GAAG,SAAG,CAAC,MAAM,CACxB,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,MAAM,EAAE,GAAG,WAAW,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC,EACxE,aAAI,CACL,CAAC;IAEF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,GAAI,EAAE,CAAC;AAC5E,CAAC,CAAC;AApBW,QAAA,gBAAgB,oBAoB3B;AAEK,MAAM,gBAAgB,GAAG,CAC9B,OAAe,EACE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,SAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAoB,CAAC;AAF9D,QAAA,gBAAgB,oBAE8C;AAEpE,MAAM,iBAAiB,GAAG,CAC/B,OAAwB,EACH,EAAE;IACvB,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,CAAC,IAAA,aAAQ,EAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,iBAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,IAAA,oCAAmB,EAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,IAAA,2CAAmB,EAAC,IAAI,CAAC,CAAC;IAIlE,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,MAAM;QAET,MAAM,EAAE,MAAM,CAAC,MAAO;QACtB,SAAS,EAAE,MAAM,CAAC,SAAU;QAC5B,QAAQ,EAAE,MAAM,CAAC,QAAS;QAE1B,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;QAC3B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;QACrC,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QACzB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;QAEzB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,SAAS;QACpC,OAAO;QACP,MAAM,EAAE,YAAiB;KAC1B,CAAC,CAAC;AACL,CAAC,CAAC;AAtCW,QAAA,iBAAiB,qBAsC5B"}

package/dist/internal/utils/jwt-verify.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAa,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAwD1D,eAAO,MAAM,eAAe,GAC1B,WAAW,gBAAgB,EAC3B,QAAQ,gBAAgB,EACxB,gBAAgB,MAAM,KACrB,SAAS,CAAC,IAAI,CAoDhB,CAAC"}
+{"version":3,"file":"jwt-verify.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAqB,MAAM,gBAAgB,CAAC;AACpE,OAAO,EAAa,gBAAgB,EAAE,MAAM,aAAa,CAAC;AA0D1D,eAAO,MAAM,eAAe,GAC1B,WAAW,gBAAgB,EAC3B,QAAQ,gBAAgB,EACxB,gBAAgB,MAAM,KACrB,SAAS,CAAC,IAAI,CAkFhB,CAAC"}

package/dist/internal/utils/jwt-verify.js

@@ -27,9 +27,13 @@ const mapVerify = (key) => {
         case "authTime":
             return "auth_time";
         case "clientId":
-            return "cid";
+            return "client_id";
+        case "entitlements":
+            return "entitlements";
         case "grantType":
             return "gty";
+        case "groups":
+            return "groups";
         case "issuer":
             return "iss";
         case "levelOfAssurance":
@@ -37,9 +41,9 @@ const mapVerify = (key) => {
         case "nonce":
             return "nonce";
         case "permissions":
-            return "per";
+            return "permissions";
         case "roles":
-            return "rls";
+            return "roles";
         case "scope":
             return "scope";
         case "sessionHint":
@@ -49,9 +53,7 @@ const mapVerify = (key) => {
         case "subjectHint":
             return "suh";
         case "tenantId":
-            return "tid";
-        case "tokenType":
-            return "token_type";
+            return "tenant_id";
         default:
             throw new Error(`Unsupported key: ${key} for JWT verification`);
     }
@@ -71,7 +73,25 @@ const createJwtVerify = (algorithm, verify, clockTolerance) => {
             $or: [{ $exists: false }, { $lte: (0, date_1.addSeconds)(new Date(), clockTolerance) }],
         },
     };
+    const ARRAY_CLAIM_KEYS = new Set([
+        "aud",
+        "amr",
+        "afr",
+        "scope",
+        "roles",
+        "permissions",
+        "groups",
+        "entitlements",
+    ]);
     for (const [key, value] of Object.entries(verify)) {
+        if (key === "tokenType")
+            continue;
+        if (key === "actor")
+            continue;
+        if (key === "dpopProof")
+            continue;
+        if (key === "trustBoundThumbprint")
+            continue;
         const mapped = mapVerify(key);
         if (mapped === "at_hash" && (0, is_1.isString)(value)) {
             predicate[mapped] = { $eq: (0, create_hash_1.createAccessTokenHash)(algorithm, value) };
@@ -94,6 +114,10 @@ const createJwtVerify = (algorithm, verify, clockTolerance) => {
             continue;
         }
         if ((0, is_1.isString)(value)) {
+            if (ARRAY_CLAIM_KEYS.has(mapped)) {
+                predicate[mapped] = { $all: [value] };
+                continue;
+            }
             predicate[mapped] = { $eq: value };
             continue;
         }

package/dist/internal/utils/jwt-verify.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-verify.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":";;;AAAA,wCAAuD;AACvD,oCAAoE;AAIpE,+CAAuF;AAEvF,MAAM,SAAS,GAAG,CAAC,GAA2B,EAAmB,EAAE;IACjE,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;QACnB,KAAK,qBAAqB;YACxB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,iBAAiB;YACpB,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,YAAY,CAAC;QACtB;YACE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAU,uBAAuB,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC,CAAC;AAEK,MAAM,eAAe,GAAG,CAC7B,SAA2B,EAC3B,MAAwB,EACxB,cAAsB,EACL,EAAE;IACnB,MAAM,SAAS,GAA6D;QAC1E,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,SAAS,EAAE;YACT,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;KACF,CAAC;IAEF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,MAAM,MAAM,GAAG,SAAS,CAAC,GAA6B,CAAC,CAAC;QAExD,IAAI,MAAM,KAAK,SAAS,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,mCAAqB,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACrE,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,4BAAc,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC9D,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,6BAAe,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/D,SAAS;QACX,CAAC;QACD,IAAI,IAAA,YAAO,EAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,KAA+B,CAAC;YACpD,SAAS;QACX,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAY,aAAa,GAAG,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,SAA4B,CAAC;AACtC,CAAC,CAAC;AAxDW,QAAA,eAAe,mBAwD1B"}
+{"version":3,"file":"jwt-verify.js","sourceRoot":"","sources":["../../../src/internal/utils/jwt-verify.ts"],"names":[],"mappings":";;;AAAA,wCAAuD;AACvD,oCAAoE;AAIpE,+CAAuF;AAEvF,MAAM,SAAS,GAAG,CAAC,GAA2B,EAAmB,EAAE;IACjE,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,aAAa;YAChB,OAAO,SAAS,CAAC;QACnB,KAAK,qBAAqB;YACxB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,QAAQ,CAAC;QAClB,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,YAAY;YACf,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,iBAAiB;YACpB,OAAO,KAAK,CAAC;QACf,KAAK,WAAW;YACd,OAAO,QAAQ,CAAC;QAClB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB,KAAK,cAAc;YACjB,OAAO,cAAc,CAAC;QACxB,KAAK,WAAW;YACd,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,QAAQ,CAAC;QAClB,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,kBAAkB;YACrB,OAAO,KAAK,CAAC;QACf,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,aAAa,CAAC;QACvB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,OAAO;YACV,OAAO,OAAO,CAAC;QACjB,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,SAAS;YACZ,OAAO,KAAK,CAAC;QACf,KAAK,aAAa;YAChB,OAAO,KAAK,CAAC;QACf,KAAK,UAAU;YACb,OAAO,WAAW,CAAC;QACrB;YACE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAU,uBAAuB,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC,CAAC;AAEK,MAAM,eAAe,GAAG,CAC7B,SAA2B,EAC3B,MAAwB,EACxB,cAAsB,EACL,EAAE;IACnB,MAAM,SAAS,GAA6D;QAC1E,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,GAAG,EAAE;YACH,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;QACD,SAAS,EAAE;YACT,GAAG,EAAE,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,IAAA,iBAAU,EAAC,IAAI,IAAI,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC;SAC5E;KACF,CAAC;IAMF,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC;QACpD,KAAK;QACL,KAAK;QACL,KAAK;QACL,OAAO;QACP,OAAO;QACP,aAAa;QACb,QAAQ;QACR,cAAc;KACf,CAAC,CAAC;IAEH,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAElD,IAAI,GAAG,KAAK,WAAW;YAAE,SAAS;QAElC,IAAI,GAAG,KAAK,OAAO;YAAE,SAAS;QAE9B,IAAI,GAAG,KAAK,WAAW;YAAE,SAAS;QAElC,IAAI,GAAG,KAAK,sBAAsB;YAAE,SAAS;QAE7C,MAAM,MAAM,GAAG,SAAS,CAAC,GAA6B,CAAC,CAAC;QAExD,IAAI,MAAM,KAAK,SAAS,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,mCAAqB,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YACrE,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,4BAAc,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC9D,SAAS;QACX,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,IAAA,6BAAe,EAAC,SAAS,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/D,SAAS;QACX,CAAC;QACD,IAAI,IAAA,YAAO,EAAS,KAAK,CAAC,EAAE,CAAC;YAC3B,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;YACpC,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAGpB,IAAI,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtC,SAAS;YACX,CAAC;YACD,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;YACnC,SAAS;QACX,CAAC;QACD,IAAI,IAAA,aAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YACpB,SAAS,CAAC,MAAM,CAAC,GAAG,KAA+B,CAAC;YACpD,SAAS;QACX,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,sBAAsB,KAAY,aAAa,GAAG,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,OAAO,SAA4B,CAAC;AACtC,CAAC,CAAC;AAtFW,QAAA,eAAe,mBAsF1B"}

package/dist/internal/utils/parse-introspection.d.ts

@@ -0,0 +1,7 @@
+import { Dict } from "@lindorm/types";
+import { AegisIntrospection } from "../../types";
+export type IntrospectClaimsInput = Dict & {
+    active?: unknown;
+};
+export declare const parseIntrospection: (data: IntrospectClaimsInput) => AegisIntrospection;
+//# sourceMappingURL=parse-introspection.d.ts.map

package/dist/internal/utils/parse-introspection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-introspection.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/parse-introspection.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAGtC,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAOjD,MAAM,MAAM,qBAAqB,GAAG,IAAI,GAAG;IACzC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,eAAO,MAAM,kBAAkB,GAAI,MAAM,qBAAqB,KAAG,kBAqBhE,CAAC"}

package/dist/internal/utils/parse-introspection.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseIntrospection = void 0;
+const is_1 = require("@lindorm/is");
+const utils_1 = require("@lindorm/utils");
+const errors_1 = require("../../errors");
+const extract_claims_1 = require("./extract-claims");
+const parseIntrospection = (data) => {
+    if (!(0, is_1.isBoolean)(data.active)) {
+        throw new errors_1.AegisError("Missing active claim");
+    }
+    if (!data.active) {
+        return { active: false };
+    }
+    const { claims } = (0, extract_claims_1.extractDomainClaims)(data);
+    return (0, utils_1.removeUndefined)({
+        ...claims,
+        active: true,
+        tokenType: (0, is_1.isString)(data.tokenType)
+            ? data.tokenType
+            : (0, is_1.isString)(data.token_type)
+                ? data.token_type
+                : undefined,
+        username: (0, is_1.isString)(data.username) ? data.username : undefined,
+    });
+};
+exports.parseIntrospection = parseIntrospection;
+//# sourceMappingURL=parse-introspection.js.map

package/dist/internal/utils/parse-introspection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-introspection.js","sourceRoot":"","sources":["../../../src/internal/utils/parse-introspection.ts"],"names":[],"mappings":";;;AAAA,oCAAkD;AAElD,0CAAiD;AACjD,yCAA0C;AAE1C,qDAAuD;AAUhD,MAAM,kBAAkB,GAAG,CAAC,IAA2B,EAAsB,EAAE;IACpF,IAAI,CAAC,IAAA,cAAS,EAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,mBAAU,CAAC,sBAAsB,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,oCAAmB,EAAC,IAAI,CAAC,CAAC;IAE7C,OAAO,IAAA,uBAAe,EAAC;QACrB,GAAG,MAAM;QACT,MAAM,EAAE,IAAa;QACrB,SAAS,EAAE,IAAA,aAAQ,EAAC,IAAI,CAAC,SAAS,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,SAAS;YAChB,CAAC,CAAC,IAAA,aAAQ,EAAE,IAAa,CAAC,UAAU,CAAC;gBACnC,CAAC,CAAG,IAAa,CAAC,UAAqB;gBACvC,CAAC,CAAC,SAAS;QACf,QAAQ,EAAE,IAAA,aAAQ,EAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KAC9D,CAAC,CAAC;AACL,CAAC,CAAC;AArBW,QAAA,kBAAkB,sBAqB7B"}

package/dist/internal/utils/parse-userinfo.d.ts

@@ -0,0 +1,5 @@
+import { Dict } from "@lindorm/types";
+import { AegisUserinfo } from "../../types";
+export type UserinfoClaimsInput = Dict;
+export declare const parseUserinfo: (data: UserinfoClaimsInput) => AegisUserinfo;
+//# sourceMappingURL=parse-userinfo.d.ts.map

package/dist/internal/utils/parse-userinfo.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-userinfo.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/parse-userinfo.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAEtC,OAAO,EAAgB,aAAa,EAAE,MAAM,aAAa,CAAC;AAO1D,MAAM,MAAM,mBAAmB,GAAG,IAAI,CAAC;AAEvC,eAAO,MAAM,aAAa,GAAI,MAAM,mBAAmB,KAAG,aAyBzD,CAAC"}

package/dist/internal/utils/parse-userinfo.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseUserinfo = void 0;
+const is_1 = require("@lindorm/is");
+const errors_1 = require("../../errors");
+const extract_aegis_profile_1 = require("./extract-aegis-profile");
+const extract_claims_1 = require("./extract-claims");
+const parseUserinfo = (data) => {
+    const { claims, rest } = (0, extract_claims_1.extractDomainClaims)(data);
+    const preExtractedProfile = (0, is_1.isObject)(rest.profile) && !(0, is_1.isString)(rest.profile)
+        ? rest.profile
+        : undefined;
+    if (preExtractedProfile)
+        delete rest.profile;
+    const { profile: extractedProfile } = (0, extract_aegis_profile_1.extractAegisProfile)(rest);
+    const profile = preExtractedProfile ?? extractedProfile;
+    if (!(0, is_1.isString)(claims.subject)) {
+        throw new errors_1.AegisError("Missing subject claim");
+    }
+    return {
+        ...(profile ?? {}),
+        subject: claims.subject,
+    };
+};
+exports.parseUserinfo = parseUserinfo;
+//# sourceMappingURL=parse-userinfo.js.map

package/dist/internal/utils/parse-userinfo.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-userinfo.js","sourceRoot":"","sources":["../../../src/internal/utils/parse-userinfo.ts"],"names":[],"mappings":";;;AAAA,oCAAiD;AAEjD,yCAA0C;AAE1C,mEAA8D;AAC9D,qDAAuD;AAOhD,MAAM,aAAa,GAAG,CAAC,IAAyB,EAAiB,EAAE;IACxE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,IAAA,oCAAmB,EAAC,IAAI,CAAC,CAAC;IAMnD,MAAM,mBAAmB,GACvB,IAAA,aAAQ,EAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAA,aAAQ,EAAC,IAAI,CAAC,OAAO,CAAC;QAC/C,CAAC,CAAE,IAAI,CAAC,OAAwB;QAChC,CAAC,CAAC,SAAS,CAAC;IAEhB,IAAI,mBAAmB;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC;IAE7C,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,IAAA,2CAAmB,EAAC,IAAI,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,mBAAmB,IAAI,gBAAgB,CAAC;IAExD,IAAI,CAAC,IAAA,aAAQ,EAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,mBAAU,CAAC,uBAAuB,CAAC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC,CAAC;AAzBW,QAAA,aAAa,iBAyBxB"}

package/dist/internal/utils/resolve-cert-binding.d.ts

@@ -0,0 +1,4 @@
+import { IKryptos } from "@lindorm/kryptos";
+import { BindCertificateMode, CertificateHeaderFields } from "../../types";
+export declare const resolveCertBinding: (kryptos: IKryptos, mode: BindCertificateMode | undefined) => CertificateHeaderFields | undefined;
+//# sourceMappingURL=resolve-cert-binding.d.ts.map

package/dist/internal/utils/resolve-cert-binding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-cert-binding.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/resolve-cert-binding.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAE3E,eAAO,MAAM,kBAAkB,GAC7B,SAAS,QAAQ,EACjB,MAAM,mBAAmB,GAAG,SAAS,KACpC,uBAAuB,GAAG,SA4B5B,CAAC"}

package/dist/internal/utils/resolve-cert-binding.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveCertBinding = void 0;
+const errors_1 = require("../../errors");
+const resolveCertBinding = (kryptos, mode) => {
+    const resolved = mode === "none"
+        ? "none"
+        : mode === undefined
+            ? kryptos.hasCertificate
+                ? "thumbprint"
+                : "none"
+            : mode;
+    if (resolved === "none")
+        return undefined;
+    if (!kryptos.hasCertificate) {
+        throw new errors_1.AegisError("bindCertificate requires kryptos with certificateChain", {
+            debug: { kryptosId: kryptos.id, mode },
+        });
+    }
+    const fields = {
+        x5tS256: kryptos.certificateThumbprint ?? undefined,
+    };
+    if (resolved === "chain") {
+        fields.x5c =
+            kryptos.certificateChain.length > 0 ? kryptos.certificateChain : undefined;
+    }
+    return fields;
+};
+exports.resolveCertBinding = resolveCertBinding;
+//# sourceMappingURL=resolve-cert-binding.js.map

package/dist/internal/utils/resolve-cert-binding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve-cert-binding.js","sourceRoot":"","sources":["../../../src/internal/utils/resolve-cert-binding.ts"],"names":[],"mappings":";;;AACA,yCAA0C;AAGnC,MAAM,kBAAkB,GAAG,CAChC,OAAiB,EACjB,IAAqC,EACA,EAAE;IACvC,MAAM,QAAQ,GACZ,IAAI,KAAK,MAAM;QACb,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,IAAI,KAAK,SAAS;YAClB,CAAC,CAAC,OAAO,CAAC,cAAc;gBACtB,CAAC,CAAC,YAAY;gBACd,CAAC,CAAC,MAAM;YACV,CAAC,CAAC,IAAI,CAAC;IAEb,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IAE1C,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;QAC5B,MAAM,IAAI,mBAAU,CAAC,wDAAwD,EAAE;YAC7E,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAA4B;QACtC,OAAO,EAAE,OAAO,CAAC,qBAAqB,IAAI,SAAS;KACpD,CAAC;IAEF,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG;YACR,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/E,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AA/BW,QAAA,kBAAkB,sBA+B7B"}

package/dist/internal/utils/token-header.d.ts

@@ -1,4 +1,4 @@
-import { DecodedTokenHeader, ParsedTokenHeader, RawTokenHeaderClaims, TokenHeaderOptions } from "../../types";
-export declare const mapTokenHeader: (options: TokenHeaderOptions) => RawTokenHeaderClaims;
+import { CertificateHeaderFields, DecodedTokenHeader, ParsedTokenHeader, RawTokenHeaderClaims, TokenHeaderOptions } from "../../types";
+export declare const mapTokenHeader: (options: TokenHeaderOptions, cert?: CertificateHeaderFields) => RawTokenHeaderClaims;
 export declare const parseTokenHeader: <T extends ParsedTokenHeader = ParsedTokenHeader>(decoded: DecodedTokenHeader) => T;
 //# sourceMappingURL=token-header.d.ts.map

package/dist/internal/utils/token-header.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/token-header.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EACnB,MAAM,aAAa,CAAC;AAErB,eAAO,MAAM,cAAc,GAAI,SAAS,kBAAkB,KAAG,oBAgE5D,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,iBAAiB,GAAG,iBAAiB,EAC9E,SAAS,kBAAkB,KAC1B,CAiEF,CAAC"}
+{"version":3,"file":"token-header.d.ts","sourceRoot":"","sources":["../../../src/internal/utils/token-header.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EACnB,MAAM,aAAa,CAAC;AAGrB,eAAO,MAAM,cAAc,GACzB,SAAS,kBAAkB,EAC3B,OAAM,uBAA4B,KACjC,oBAsDF,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAAI,CAAC,SAAS,iBAAiB,GAAG,iBAAiB,EAC9E,SAAS,kBAAkB,KAC1B,CA+DF,CAAC"}