@lit-protocol/vincent-app-sdk 1.0.2 → 1.0.3-beta.1

package/dist/src/jwt/core/create.d.ts

@@ -1,22 +1,4 @@
-import type { PKPEthersWallet } from '@lit-protocol/pkp-ethers';
 import type { JWTConfig } from '../types';
-/**
- * Creates a signer function compatible with did-jwt that uses a PKP wallet for signing
- *
- * This function returns a signing function that conforms to the did-jwt library's
- * signer interface. When called, it signs data using the PKP wallet, formatting
- * the signature according to ES256K requirements (without recovery parameter).
- *
- * @param pkpWallet - The PKP Ethers wallet instance that will be used for signing
- * @returns A signing function that takes data and returns a base64url-encoded signature
- * @example
- * ```typescript
- * const pkpWallet = new PKPEthersWallet({ ... });
- * const signer = createPKPSigner(pkpWallet);
- * const signature = await signer('data to sign');
- * ```
- */
-export declare function createPKPSigner(pkpWallet: PKPEthersWallet): (data: string | Uint8Array) => Promise<string>;
 /**
  * Creates a JWT signed by a PKP wallet using the ES256K algorithm
  *
@@ -26,6 +8,7 @@ export declare function createPKPSigner(pkpWallet: PKPEthersWallet): (data: stri
  *
  * @param config - Configuration object containing all parameters for JWT creation
  * @returns A promise that resolves to the signed JWT string
+ * @hidden
  * @example
  * ```typescript
  * const jwt = await createPKPSignedJWT({
@@ -37,5 +20,5 @@ export declare function createPKPSigner(pkpWallet: PKPEthersWallet): (data: stri
  * });
  * ```
  */
-export declare function createPKPSignedJWT(config: JWTConfig): Promise<string>;
+export declare function create(config: JWTConfig): Promise<string>;
 //# sourceMappingURL=create.d.ts.map

package/dist/src/jwt/core/create.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAqB,MAAM,UAAU,CAAC;AAE7D;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,eAAe,IAwB1C,MAAM,MAAM,GAAG,UAAU,KAAG,OAAO,CAAC,MAAM,CAAC,CAuB1D;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAoC3E"}
+{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,SAAS,EAAyB,MAAM,UAAU,CAAC;AA8CjE;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,MAAM,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAoC/D"}

package/dist/src/jwt/core/create.js

@@ -1,10 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createPKPSigner = createPKPSigner;
-exports.createPKPSignedJWT = createPKPSignedJWT;
+exports.create = create;
 const tslib_1 = require("tslib");
 const didJWT = tslib_1.__importStar(require("did-jwt"));
 const ethers_1 = require("ethers");
+const utils_1 = require("ethers/lib/utils");
+const base64_1 = require("./utils/base64");
 /**
  * Creates a signer function compatible with did-jwt that uses a PKP wallet for signing
  *
@@ -14,6 +15,7 @@ const ethers_1 = require("ethers");
  *
  * @param pkpWallet - The PKP Ethers wallet instance that will be used for signing
  * @returns A signing function that takes data and returns a base64url-encoded signature
+ * @private
  * @example
  * ```typescript
  * const pkpWallet = new PKPEthersWallet({ ... });
@@ -22,22 +24,6 @@ const ethers_1 = require("ethers");
  * ```
  */
 function createPKPSigner(pkpWallet) {
-    /**
-     * Converts a hex string to a Uint8Array
-     *
-     * @param hex - The hex string to convert (with or without 0x prefix)
-     * @returns A Uint8Array representation of the hex string
-     */
-    const hexToUint8Array = (hex) => {
-        if (hex.startsWith('0x')) {
-            hex = hex.slice(2);
-        }
-        const bytes = new Uint8Array(hex.length / 2);
-        for (let i = 0; i < hex.length; i += 2) {
-            bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
-        }
-        return bytes;
-    };
     /**
      * The actual signer function conforming to the did-jwt signer interface
      *
@@ -48,19 +34,13 @@ function createPKPSigner(pkpWallet) {
         const dataBytes = typeof data === 'string' ? Uint8Array.from(Buffer.from(data, 'utf8')) : data;
         const sig = await pkpWallet.signMessage(dataBytes);
         const { r, s } = ethers_1.ethers.utils.splitSignature(sig);
-        const rBytes = hexToUint8Array(r.slice(2));
-        const sBytes = hexToUint8Array(s.slice(2));
+        const rBytes = (0, utils_1.arrayify)(r);
+        const sBytes = (0, utils_1.arrayify)(s);
         // ES256K signature is r and s concatenated (64 bytes total)
         const sigBytes = new Uint8Array(64);
         sigBytes.set(rBytes, 0);
         sigBytes.set(sBytes, 32);
-        // Convert to base64url encoding
-        const base64Sig = Buffer.from(sigBytes)
-            .toString('base64')
-            .replace(/\+/g, '-')
-            .replace(/\//g, '_')
-            .replace(/=/g, '');
-        return base64Sig;
+        return (0, base64_1.toBase64Url)(sigBytes);
     };
 }
 /**
@@ -72,6 +52,7 @@ function createPKPSigner(pkpWallet) {
  *
  * @param config - Configuration object containing all parameters for JWT creation
  * @returns A promise that resolves to the signed JWT string
+ * @hidden
  * @example
  * ```typescript
  * const jwt = await createPKPSignedJWT({
@@ -83,7 +64,7 @@ function createPKPSigner(pkpWallet) {
  * });
  * ```
  */
-async function createPKPSignedJWT(config) {
+async function create(config) {
     const { app, pkpWallet, pkp, payload, expiresInMinutes, audience, authentication } = config;
     const signer = createPKPSigner(pkpWallet);
     // iat and exp are expressed in seconds https://datatracker.ietf.org/doc/html/rfc7519

package/dist/src/jwt/core/create.js.map

@@ -1 +1 @@
-{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":";;AAsBA,0CA+CC;AAsBD,gDAoCC;;AA/HD,wDAAkC;AAClC,mCAAgC;AAKhC;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,eAAe,CAAC,SAA0B;IACxD;;;;;OAKG;IACH,MAAM,eAAe,GAAG,CAAC,GAAW,EAAc,EAAE;QAClD,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IAEF;;;;;OAKG;IACH,OAAO,KAAK,EAAE,IAAyB,EAAmB,EAAE;QAC1D,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,eAAM,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAElD,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3C,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACpC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACxB,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAEzB,gCAAgC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;aACpC,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAErB,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACI,KAAK,UAAU,kBAAkB,CAAC,MAAiB;IACxD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;IAC5F,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAE1C,qFAAqF;IACrF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,GAAG,gBAAgB,GAAG,EAAE,CAAC;IAExC,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,CAAC;IAEnD,MAAM,WAAW,GAAsB;QACrC,GAAG,OAAO;QACV,GAAG,EAAE,QAAQ;QACb,GAAG;QACH,GAAG;QACH,GAAG,EAAE,YAAY,aAAa,EAAE;QAChC,GAAG;QACH,GAAG;QACH,cAAc,EAAE;YACd,IAAI,EAAE,cAAc,CAAC,IAAI;YACzB,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;KACF,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAChC,WAAW,EACX;QACE,MAAM,EAAE,YAAY,aAAa,EAAE;QACnC,MAAM;KACP,EACD;QACE,GAAG,EAAE,QAAQ;KACd,CACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../../src/jwt/core/create.ts"],"names":[],"mappings":";;AAyEA,wBAoCC;;AA7GD,wDAAkC;AAClC,mCAAgC;AAChC,4CAA4C;AAM5C,2CAA6C;AAE7C;;;;;;;;;;;;;;;;GAgBG;AACH,SAAS,eAAe,CAAC,SAA0B;IACjD;;;;;OAKG;IACH,OAAO,KAAK,EAAE,IAAyB,EAAmB,EAAE;QAC1D,MAAM,SAAS,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE/F,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,eAAM,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAElD,MAAM,MAAM,GAAG,IAAA,gBAAQ,EAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,GAAG,IAAA,gBAAQ,EAAC,CAAC,CAAC,CAAC;QAE3B,4DAA4D;QAC5D,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACpC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACxB,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAEzB,OAAO,IAAA,oBAAW,EAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,MAAM,CAAC,MAAiB;IAC5C,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;IAC5F,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAE1C,qFAAqF;IACrF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,GAAG,gBAAgB,GAAG,EAAE,CAAC;IAExC,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,CAAC;IAEnD,MAAM,WAAW,GAA0B;QACzC,GAAG,OAAO;QACV,GAAG,EAAE,QAAQ;QACb,GAAG;QACH,GAAG;QACH,GAAG,EAAE,YAAY,aAAa,EAAE;QAChC,GAAG;QACH,GAAG;QACH,cAAc,EAAE;YACd,IAAI,EAAE,cAAc,CAAC,IAAI;YACzB,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;KACF,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,SAAS,CAChC,WAAW,EACX;QACE,MAAM,EAAE,YAAY,aAAa,EAAE;QACnC,MAAM;KACP,EACD;QACE,GAAG,EAAE,QAAQ;KACd,CACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/src/jwt/core/isExpired.d.ts

@@ -0,0 +1,9 @@
+import type { VincentJWT } from '../types';
+/** Checks if a JWT is expired based on its 'exp' claim
+ *
+ * @returns true if expired, false otherwise
+ * @param decodedJWT
+ * @category API
+ */
+export declare function isExpired(decodedJWT: VincentJWT): boolean;
+//# sourceMappingURL=isExpired.d.ts.map

package/dist/src/jwt/core/isExpired.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isExpired.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAE3C;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAWzD"}

package/dist/src/jwt/core/{utils/isJWTExpired.js → isExpired.js}

@@ -1,12 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isJWTExpired = isJWTExpired;
+exports.isExpired = isExpired;
 /** Checks if a JWT is expired based on its 'exp' claim
  *
  * @returns true if expired, false otherwise
  * @param decodedJWT
+ * @category API
  */
-function isJWTExpired(decodedJWT) {
+function isExpired(decodedJWT) {
     const { payload } = decodedJWT;
     // Tokens that never expire are treated as expired for security.
     if (!payload.exp) {
@@ -16,4 +17,4 @@ function isJWTExpired(decodedJWT) {
     const currentTime = Math.floor(Date.now() / 1000);
     return currentTime >= payload.exp;
 }
-//# sourceMappingURL=isJWTExpired.js.map
+//# sourceMappingURL=isExpired.js.map

package/dist/src/jwt/core/isExpired.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isExpired.js","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":";;AAQA,8BAWC;AAjBD;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,UAAsB;IAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;IAE/B,gEAAgE;IAChE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;AACpC,CAAC"}

package/dist/src/jwt/core/utils/base64.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Decodes a base64 or base64url string into a Uint8Array.
+ * Works in Node.js, Deno, browsers, and Web Workers.
+ *
+ * No Buffer polyfill requirement.
+ */
+export declare function fromBase64(base64: string): Uint8Array;
+/**
+ * Converts a Uint8Array to a base64url-encoded string.
+ * Works in all JS environments (Node.js, Deno, browser, Web Workers).
+ * No Buffer polyfill requirement.
+ */
+export declare function toBase64Url(bytes: Uint8Array): string;
+//# sourceMappingURL=base64.d.ts.map

package/dist/src/jwt/core/utils/base64.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAuBrD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAkBrD"}

package/dist/src/jwt/core/utils/base64.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromBase64 = fromBase64;
+exports.toBase64Url = toBase64Url;
+/**
+ * Decodes a base64 or base64url string into a Uint8Array.
+ * Works in Node.js, Deno, browsers, and Web Workers.
+ *
+ * No Buffer polyfill requirement.
+ */
+function fromBase64(base64) {
+    // Normalize base64url → base64
+    const normalized = base64
+        .replace(/-/g, '+')
+        .replace(/_/g, '/')
+        .padEnd(Math.ceil(base64.length / 4) * 4, '=');
+    // Node.js
+    if (typeof Buffer !== 'undefined' && typeof Buffer.from === 'function') {
+        return new Uint8Array(Buffer.from(normalized, 'base64'));
+    }
+    // Browser / Web Worker / Deno
+    if (typeof atob !== 'undefined') {
+        const binary = atob(normalized);
+        const bytes = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i++) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes;
+    }
+    throw new Error('No base64 decoding method available in this environment.');
+}
+/**
+ * Converts a Uint8Array to a base64url-encoded string.
+ * Works in all JS environments (Node.js, Deno, browser, Web Workers).
+ * No Buffer polyfill requirement.
+ */
+function toBase64Url(bytes) {
+    // Node.js
+    if (typeof Buffer !== 'undefined' && typeof Buffer.from === 'function') {
+        return Buffer.from(bytes)
+            .toString('base64')
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=+$/, '');
+    }
+    // Browser / Deno / Web Worker
+    if (typeof btoa !== 'undefined') {
+        const binString = String.fromCharCode(...bytes);
+        const base64 = btoa(binString);
+        return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+    }
+    throw new Error('No base64 encoding method available in this environment.');
+}
+//# sourceMappingURL=base64.js.map

package/dist/src/jwt/core/utils/base64.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":";;AAMA,gCAuBC;AAOD,kCAkBC;AAtDD;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,MAAc;IACvC,+BAA+B;IAC/B,MAAM,UAAU,GAAG,MAAM;SACtB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;IAEjD,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC;AAED;;;;GAIG;AACH,SAAgB,WAAW,CAAC,KAAiB;IAC3C,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACtB,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC"}

package/dist/src/jwt/core/utils/index.d.ts

@@ -1,5 +1,4 @@
 export { isDefinedObject } from './definedObject';
-export { isJWTExpired } from './isJWTExpired';
 export { validateJWTTime } from './validateJWTTime';
 export { splitJWT } from './splitJWT';
 export { processJWTSignature } from './processJWTSignature';

package/dist/src/jwt/core/utils/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/src/jwt/core/utils/index.js

@@ -1,10 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.processJWTSignature = exports.splitJWT = exports.validateJWTTime = exports.isJWTExpired = exports.isDefinedObject = void 0;
+exports.processJWTSignature = exports.splitJWT = exports.validateJWTTime = exports.isDefinedObject = void 0;
 var definedObject_1 = require("./definedObject");
 Object.defineProperty(exports, "isDefinedObject", { enumerable: true, get: function () { return definedObject_1.isDefinedObject; } });
-var isJWTExpired_1 = require("./isJWTExpired");
-Object.defineProperty(exports, "isJWTExpired", { enumerable: true, get: function () { return isJWTExpired_1.isJWTExpired; } });
 var validateJWTTime_1 = require("./validateJWTTime");
 Object.defineProperty(exports, "validateJWTTime", { enumerable: true, get: function () { return validateJWTTime_1.validateJWTTime; } });
 var splitJWT_1 = require("./splitJWT");

package/dist/src/jwt/core/utils/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":";;;AAAA,iDAAkD;AAAzC,gHAAA,eAAe,OAAA;AACxB,+CAA8C;AAArC,4GAAA,YAAY,OAAA;AACrB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,uCAAsC;AAA7B,oGAAA,QAAQ,OAAA;AACjB,6DAA4D;AAAnD,0HAAA,mBAAmB,OAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":";;;AAAA,iDAAkD;AAAzC,gHAAA,eAAe,OAAA;AACxB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,uCAAsC;AAA7B,oGAAA,QAAQ,OAAA;AACjB,6DAA4D;AAAnD,0HAAA,mBAAmB,OAAA"}

package/dist/src/jwt/core/utils/processJWTSignature.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"processJWTSignature.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/processJWTSignature.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,CAYjE"}
+{"version":3,"file":"processJWTSignature.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/processJWTSignature.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,CAEjE"}

package/dist/src/jwt/core/utils/processJWTSignature.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.processJWTSignature = processJWTSignature;
+const base64_1 = require("./base64");
 /** Processes a JWT signature from base64url to binary
  * @ignore
  *
@@ -8,14 +9,6 @@ exports.processJWTSignature = processJWTSignature;
  * @returns A Uint8Array of the binary signature
  */
 function processJWTSignature(signature) {
-    // Convert base64url to base64
-    let base64 = signature.replace(/-/g, '+').replace(/_/g, '/');
-    // Pad with '=' if needed
-    while (base64.length % 4) {
-        base64 += '=';
-    }
-    // Decode base64 to binary
-    const binary = Buffer.from(base64, 'base64');
-    return new Uint8Array(binary);
+    return (0, base64_1.fromBase64)(signature);
 }
 //# sourceMappingURL=processJWTSignature.js.map

package/dist/src/jwt/core/utils/processJWTSignature.js.map

@@ -1 +1 @@
-{"version":3,"file":"processJWTSignature.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/processJWTSignature.ts"],"names":[],"mappings":";;AAMA,kDAYC;AAlBD;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,8BAA8B;IAC9B,IAAI,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAE7D,yBAAyB;IACzB,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7C,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC"}
+{"version":3,"file":"processJWTSignature.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/processJWTSignature.ts"],"names":[],"mappings":";;AAQA,kDAEC;AAVD,qCAAsC;AAEtC;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,OAAO,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}

package/dist/src/jwt/core/validate.d.ts

@@ -1,23 +1,29 @@
-import { VincentJWT } from '../types';
-/**
- * Decodes and verifies an {@link VincentJWT} token in string form
- *
- * This function returns the decoded {@link VincentJWT} object only if:
- * 1. The JWT signature is valid
- * 2. The JWT is not expired
- * 3. All time claims (nbf, iat) are valid
- * 4. The JWT has an audience claim that includes the expected audience
- *
- * @param {string} jwt - The JWT string to verify
- * @param {string} expectedAudience - String that should be in the audience claim(s)
- *
- * @returns {VincentJWT} The decoded VincentJWT object if it was verified successfully
- */
-export declare function verifyJWT(jwt: string, expectedAudience: string): VincentJWT;
-/** This function uses the did-jwt library to decode a JWT string into its payload adding any extra Vincent fields
- *
- * @param {string} jwt - The JWT string to decode
- * @returns The decoded Vincent JWT fields
- */
-export declare function decodeJWT(jwt: string): VincentJWT;
+import type { VincentJWT, VincentJWTAppSpecific } from '../types';
+export declare function verify({ jwt, expectedAudience, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: undefined;
+}): VincentJWT;
+export declare function verify({ jwt, expectedAudience, requiredAppId, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: number;
+}): VincentJWTAppSpecific;
+export declare function verify({ jwt, expectedAudience, requiredAppId, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: number | undefined;
+}): VincentJWT | VincentJWTAppSpecific;
+export declare function decode({ jwt, requiredAppId, }: {
+    jwt: string;
+    requiredAppId: undefined;
+}): VincentJWT;
+export declare function decode({ jwt, requiredAppId, }: {
+    jwt: string;
+    requiredAppId: number;
+}): VincentJWTAppSpecific;
+export declare function decode({ jwt, requiredAppId, }: {
+    jwt: string;
+    requiredAppId: number | undefined;
+}): VincentJWT | VincentJWTAppSpecific;
 //# sourceMappingURL=validate.d.ts.map

package/dist/src/jwt/core/validate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAStC;;;;;;;;;;;;;GAaG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,UAAU,CAwE3E;AAED;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAgBjD"}
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAMlE,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,GACjB,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,SAAS,CAAC;CAC1B,GAAG,UAAU,CAAC;AAEf,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG,qBAAqB,CAAC;AAE1B,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;CACnC,GAAG,UAAU,GAAG,qBAAqB,CAAC;AA4GvC,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,SAAS,CAAC;CAC1B,GAAG,UAAU,CAAC;AAEf,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG,qBAAqB,CAAC;AAE1B,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;CACnC,GAAG,UAAU,GAAG,qBAAqB,CAAC"}

package/dist/src/jwt/core/validate.js

@@ -1,13 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyJWT = verifyJWT;
-exports.decodeJWT = decodeJWT;
+exports.verify = verify;
+exports.decode = decode;
 const tslib_1 = require("tslib");
 const secp256k1 = tslib_1.__importStar(require("@noble/secp256k1"));
 const didJWT = tslib_1.__importStar(require("did-jwt"));
 const did_jwt_1 = require("did-jwt");
 const ethers_1 = require("ethers");
-const utils_1 = require("./utils");
+const utils_1 = require("ethers/lib/utils");
+const typeGuards_1 = require("../typeGuards");
+const isExpired_1 = require("./isExpired");
+const utils_2 = require("./utils");
 /**
  * Decodes and verifies an {@link VincentJWT} token in string form
  *
@@ -17,25 +20,43 @@ const utils_1 = require("./utils");
  * 3. All time claims (nbf, iat) are valid
  * 4. The JWT has an audience claim that includes the expected audience
  *
- * @param {string} jwt - The JWT string to verify
- * @param {string} expectedAudience - String that should be in the audience claim(s)
+ * @param params
+ * @param jwt - The JWT string to verify
+ * @param expectedAudience - String that should be in the audience claim(s)
+ * @param requiredAppId - The appId that should be in the payload of the JWT. If app is not defined, or app.id is different, this method will throw.
  *
  * @returns {VincentJWT} The decoded VincentJWT object if it was verified successfully
+ *
+ * @category API
+ * @inline
+ * @expand
+ * @function
+ *
+ * @example
+ * ```typescript
+ *  import { verify } from '@lit-protocol/vincent-app-sdk/jwt';
+ *
+ *  try {
+ *    const decodedAndVerifiedVincentJWT = verify({ jwt, expectedAudience: 'https://myapp.com', requiredAppId: 555 });
+ *   } catch(e) {
+ *    // Handle invalid/expired JWT casew
+ *  }
+ * ```
  */
-function verifyJWT(jwt, expectedAudience) {
+function verify({ jwt, expectedAudience, requiredAppId, }) {
     if (!expectedAudience) {
         throw new Error(`You must provide an expectedAudience`);
     }
-    const decoded = decodeJWT(jwt);
+    const decoded = decode({ jwt, requiredAppId });
     const { aud, exp, pkp } = decoded.payload;
     if (!exp) {
         throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT does not contain an expiration claim (exp)`);
     }
-    const isExpired = (0, utils_1.isJWTExpired)(decoded);
-    if (isExpired) {
+    const expired = (0, isExpired_1.isExpired)(decoded);
+    if (expired) {
         throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT expired at ${exp}`);
     }
-    (0, utils_1.validateJWTTime)(decoded.payload, Math.floor(Date.now() / 1000));
+    (0, utils_2.validateJWTTime)(decoded.payload, Math.floor(Date.now() / 1000));
     // Always validate audience - reject if no audience claim or expected audience isn't included
     if (!aud) {
         throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT does not contain an audience claim (aud)`);
@@ -45,23 +66,17 @@ function verifyJWT(jwt, expectedAudience) {
         throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_AUDIENCE}: Expected audience ${expectedAudience} not found in aud claim`);
     }
     try {
-        const { signedData, signature } = (0, utils_1.splitJWT)(jwt);
+        const { signedData, signature } = (0, utils_2.splitJWT)(jwt);
         // Process signature from base64url to binary
-        const signatureBytes = (0, utils_1.processJWTSignature)(signature);
+        const signatureBytes = (0, utils_2.processJWTSignature)(signature);
         // Extract r and s values from the signature
         const r = signatureBytes.slice(0, 32);
         const s = signatureBytes.slice(32, 64);
-        // Process public key
-        let publicKey = pkp.publicKey;
-        if (publicKey.startsWith('0x')) {
-            publicKey = publicKey.substring(2);
-        }
-        const publicKeyBytes = Buffer.from(publicKey, 'hex');
+        const publicKeyBytes = (0, utils_1.arrayify)(pkp.publicKey);
         // PKPEthersWallet.signMessage() adds Ethereum prefix, so we need to add it here too
         const ethPrefixedMessage = '\x19Ethereum Signed Message:\n' + signedData.length + signedData;
-        const messageBuffer = Buffer.from(ethPrefixedMessage, 'utf8');
-        const messageHash = ethers_1.ethers.utils.keccak256(messageBuffer);
-        const messageHashBytes = Buffer.from(messageHash.substring(2), 'hex');
+        const messageHash = ethers_1.ethers.utils.keccak256((0, utils_1.toUtf8Bytes)(ethPrefixedMessage));
+        const messageHashBytes = (0, utils_1.arrayify)(messageHash);
         const signatureForSecp = new Uint8Array([...r, ...s]);
         // Verify the signature against the public key
         const isVerified = secp256k1.verify(signatureForSecp, messageHashBytes, publicKeyBytes);
@@ -74,22 +89,54 @@ function verifyJWT(jwt, expectedAudience) {
         throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_SIGNATURE}: Invalid signature: ${error.message}`);
     }
 }
-/** This function uses the did-jwt library to decode a JWT string into its payload adding any extra Vincent fields
+/** Decodes a Vincent JWT in string form and returns an {@link VincentJWT} decoded object for your use
  *
- * @param {string} jwt - The JWT string to decode
- * @returns The decoded Vincent JWT fields
- */
-function decodeJWT(jwt) {
+ * @param jwt - The jwt in string form. It will be decoded and checked to be sure it is not malformed.
+ * @param requiredAppId - The appId that should be in the payload of the JWT. If app is not defined, or app.id is different, this method will throw.
+ *
+ * <div class="box info-box">
+ *   <p class="box-title info-box-title">
+ *     <span class="box-icon info-icon">Info</span> Note
+ *   </p>
+ * This method only <i><b>decodes</b></i> the JWT_ -- you still need to {@link verify} the JWT to be sure it is valid!
+ * If the JWT is expired, you need to use a {@link webAuthClient.WebAuthClient | WebAuthClient} to get a new JWT.
+ *
+ * See {@link webAuthClient.getWebAuthClient | getWebAuthClient}
+ *
+ * </div>
+ * @inline
+ * @expand
+ * @function
+ * @category API
+ *
+ * @example
+ *  ```typescript
+ *   import { decode, isExpired } from '@lit-protocol/vincent-app-sdk/jwt';
+ *
+ *   const decodedVincentJWT = decode({ jwt, requiredAppId: 555 });
+ *   const isJWTExpired = isExpired(decodedVincentJWT);
+ *
+ *   if(!isJWTExpired) {
+ *     // User is logged in
+ *     // You still need to verify the JWT!
+ *   } else {
+ *     // User needs to get a new JWT
+ *     webAuthClient.redirectToDelegationAuthPage({redirectUri: window.location.href });
+ *   }
+ *
+ *  ```
+ * */
+function decode({ jwt, requiredAppId, }) {
     const decodedJwt = didJWT.decodeJWT(jwt);
-    const { app, authentication, pkp } = decodedJwt.payload;
-    if (!(0, utils_1.isDefinedObject)(app)) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "app" field in JWT payload.`);
-    }
-    if (!(0, utils_1.isDefinedObject)(authentication)) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "authentication" field in JWT payload.`);
-    }
-    if (!(0, utils_1.isDefinedObject)(pkp)) {
-        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "pkp" field in JWT payload.`);
+    (0, typeGuards_1.assertIsVincentJWT)(decodedJwt);
+    if (requiredAppId) {
+        if (!(0, typeGuards_1.isAppSpecificJWT)(decodedJwt)) {
+            throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT is not app specific; cannot verify requiredAppId`);
+        }
+        const { app } = decodedJwt.payload;
+        if (requiredAppId !== app.id) {
+            throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: appId in JWT does not match requiredAppId. Expected ${requiredAppId}, got ${app.id} `);
+        }
     }
     return decodedJwt;
 }

package/dist/src/jwt/core/validate.js.map

@@ -1 +1 @@
-{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":";;AA2BA,8BAwEC;AAOD,8BAgBC;;AA1HD,oEAA8C;AAC9C,wDAAkC;AAClC,qCAAoC;AACpC,mCAAgC;AAEhC,mCAMiB;AAEjB;;;;;;;;;;;;;GAaG;AACH,SAAgB,SAAS,CAAC,GAAW,EAAE,gBAAwB;IAC7D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAE1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,SAAS,GAAG,IAAA,oBAAY,EAAC,OAAO,CAAC,CAAC;IACxC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,oBAAoB,GAAG,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,IAAA,uBAAe,EAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAEhE,6FAA6F;IAC7F,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,gDAAgD,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,gBAAgB,uBAAuB,gBAAgB,yBAAyB,CAC9F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAC;QAEhD,6CAA6C;QAC7C,MAAM,cAAc,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,CAAC;QAEtD,4CAA4C;QAC5C,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAEvC,qBAAqB;QACrB,IAAI,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAC9B,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/B,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC;QAED,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAErD,oFAAoF;QACpF,MAAM,kBAAkB,GAAG,gCAAgC,GAAG,UAAU,CAAC,MAAM,GAAG,UAAU,CAAC;QAC7F,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;QAE9D,MAAM,WAAW,GAAG,eAAM,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAEtE,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEtD,8CAA8C;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAExF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,iBAAiB,wBAAyB,KAAe,CAAC,OAAO,EAAE,CACjF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAgB,SAAS,CAAC,GAAW;IACnC,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAEzC,MAAM,EAAE,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;IAExD,IAAI,CAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,uCAAuC,CAAC,CAAC;IACnF,CAAC;IACD,IAAI,CAAC,IAAA,uBAAe,EAAC,cAAc,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IACD,IAAI,CAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,uCAAuC,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,UAAwB,CAAC;AAClC,CAAC"}
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":";;AAyEA,wBAwEC;AA+DD,wBA2BC;;AA3OD,oEAA8C;AAC9C,wDAAkC;AAClC,qCAAoC;AACpC,mCAAgC;AAChC,4CAAyD;AAIzD,8CAAqE;AACrE,2CAAwC;AACxC,mCAAyE;AA+BzE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GAKd;IACC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,CAAC;IAC/C,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAE1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAC,CAAC;IACnC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,oBAAoB,GAAG,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,IAAA,uBAAe,EAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAEhE,6FAA6F;IAC7F,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,gDAAgD,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,gBAAgB,uBAAuB,gBAAgB,yBAAyB,CAC9F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAC;QAEhD,6CAA6C;QAC7C,MAAM,cAAc,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,CAAC;QAEtD,4CAA4C;QAC5C,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAEvC,MAAM,cAAc,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/C,oFAAoF;QACpF,MAAM,kBAAkB,GAAG,gCAAgC,GAAG,UAAU,CAAC,MAAM,GAAG,UAAU,CAAC;QAC7F,MAAM,WAAW,GAAG,eAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAC5E,MAAM,gBAAgB,GAAG,IAAA,gBAAQ,EAAC,WAAW,CAAC,CAAC;QAE/C,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEtD,8CAA8C;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAExF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,iBAAiB,wBAAyB,KAAe,CAAC,OAAO,EAAE,CACjF,CAAC;IACJ,CAAC;AACH,CAAC;AA0BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoCK;AACL,SAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GAId;IACC,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAEzC,IAAA,+BAAkB,EAAC,UAAU,CAAC,CAAC;IAE/B,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAA,6BAAgB,EAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,wDAAwD,CACjF,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;QACnC,IAAI,aAAa,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,yDAAyD,aAAa,SAAS,GAAG,CAAC,EAAE,GAAG,CACjH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}