@lumiapassport/core 1.4.0 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/dist/auth/index.cjs +16 -2
  2. package/dist/auth/index.cjs.map +1 -1
  3. package/dist/auth/index.d.cts +21 -1
  4. package/dist/auth/index.d.ts +21 -1
  5. package/dist/auth/index.js +16 -3
  6. package/dist/auth/index.js.map +1 -1
  7. package/dist/bundler/index.cjs +1 -1
  8. package/dist/bundler/index.cjs.map +1 -1
  9. package/dist/bundler/index.js +1 -1
  10. package/dist/bundler/index.js.map +1 -1
  11. package/dist/clients/index.cjs +1 -1
  12. package/dist/clients/index.cjs.map +1 -1
  13. package/dist/clients/index.js +1 -1
  14. package/dist/clients/index.js.map +1 -1
  15. package/dist/index.cjs +18 -3
  16. package/dist/index.cjs.map +1 -1
  17. package/dist/index.d.cts +1 -1
  18. package/dist/index.d.ts +1 -1
  19. package/dist/index.js +18 -4
  20. package/dist/index.js.map +1 -1
  21. package/dist/internal/error-tracking.cjs +1 -1
  22. package/dist/internal/error-tracking.js +1 -1
  23. package/package.json +1 -1
package/dist/auth/index.cjs CHANGED
@@ -328,6 +328,7 @@ var JwtTokenManager = class {
328
328
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {
329
329
  method: "POST",
330
330
  headers: { "Content-Type": "application/json" },
331
+ credentials: "include",
331
332
  body: JSON.stringify({ refreshToken })
332
333
  });
333
334
  if (!response.ok) {
@@ -398,7 +399,8 @@ async function logout(manager = jwtTokenManager) {
398
399
  headers: {
399
400
  Authorization: authHeader,
400
401
  "Content-Type": "application/json"
401
- }
402
+ },
403
+ credentials: "include"
402
404
  });
403
405
  }
404
406
  } catch (error) {
@@ -416,7 +418,8 @@ async function verifyToken(manager = jwtTokenManager) {
416
418
  try {
417
419
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/verify`), {
418
420
  method: "GET",
419
- headers: { Authorization: authHeader }
421
+ headers: { Authorization: authHeader },
422
+ credentials: "include"
420
423
  });
421
424
  if (!response.ok) {
422
425
  console.log("[JWT] Token verification failed:", response.status);
@@ -489,6 +492,13 @@ async function ensureValidToken(manager = jwtTokenManager) {
489
492
  console.log("[JWT] No refresh token available, user needs to re-authenticate");
490
493
  return false;
491
494
  }
495
+ async function getValidTokens(manager = jwtTokenManager) {
496
+ const hasValidToken = await ensureValidToken(manager);
497
+ if (!hasValidToken) {
498
+ return null;
499
+ }
500
+ return manager.getTokens();
501
+ }
492
502
  async function authenticatedFetch(url, options = {}, manager = jwtTokenManager) {
493
503
  const hasValidToken = await ensureValidToken(manager);
494
504
  if (!hasValidToken) {
@@ -527,6 +537,7 @@ async function loginWithUserId(userId, options) {
527
537
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/login`), {
528
538
  method: "POST",
529
539
  headers: { "Content-Type": "application/json" },
540
+ credentials: "include",
530
541
  body: JSON.stringify({ userId })
531
542
  });
532
543
  if (!response.ok) {
@@ -543,6 +554,7 @@ async function loginWithEmail(email, code, options) {
543
554
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/email/verify-code`), {
544
555
  method: "POST",
545
556
  headers: { "Content-Type": "application/json" },
557
+ credentials: "include",
546
558
  body: JSON.stringify({ email, code })
547
559
  });
548
560
  if (!response.ok) {
@@ -559,6 +571,7 @@ async function loginWithTelegram(telegramData, options) {
559
571
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/telegram/login`), {
560
572
  method: "POST",
561
573
  headers: { "Content-Type": "application/json" },
574
+ credentials: "include",
562
575
  body: JSON.stringify(telegramData)
563
576
  });
564
577
  if (!response.ok) {
@@ -593,6 +606,7 @@ exports.base64urlToUint8Array = base64urlToUint8Array;
593
606
  exports.configureJwtModule = configureJwtModule;
594
607
  exports.createJwtTokenManager = createJwtTokenManager;
595
608
  exports.ensureValidToken = ensureValidToken;
609
+ exports.getValidTokens = getValidTokens;
596
610
  exports.jwtTokenManager = jwtTokenManager;
597
611
  exports.loginWithEmail = loginWithEmail;
598
612
  exports.loginWithTelegram = loginWithTelegram;
package/dist/auth/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/auth/base64url.ts","../../src/auth/storage.ts","../../src/utils/project-id.ts","../../src/auth/jwt.ts"],"names":[],"mappings":";;;AAUO,SAAS,uBAAuB,MAAA,EAA6B;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAChF;AAOO,SAAS,sBAAsB,SAAA,EAA+B;AACnE,EAAA,MAAM,MAAA,GAAS,UAAU,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC7D,EAAA,MAAM,MAAM,MAAA,CAAO,MAAA,GAAS,IAAI,CAAA,GAAK,MAAA,CAAO,SAAS,CAAA,GAAK,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,MAAA,GAAS,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA;AACtC,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;AAOO,SAAS,oBAAoB,MAAA,EAA6B;AAC/D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;;;ACbO,IAAM,gBAAN,MAA4C;AAAA,EACzC,OAAA,uBAAc,GAAA,EAAoB;AAAA,EAE1C,QAAQ,GAAA,EAA4B;AAClC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAAA,EAClC;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC7B;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAiB;AACf,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,OAAA,CAAQ,IAAA;AAAA,EACtB;AACF;AAMO,IAAM,sBAAN,MAAkD;AAAA,EAC/C,QAAA,GAAiC,IAAA;AAAA,EAEzC,WAAA,GAAc;AAEZ,IAAA,IAAI,CAAC,IAAA,CAAK,uBAAA,EAAwB,EAAG;AACnC,MAAA,OAAA,CAAQ,KAAK,sEAAsE,CAAA;AACnF,MAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAAA,IACpC;AAAA,EACF;AAAA,EAEQ,uBAAA,GAAmC;AACzC,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,OAAA,GAAU,GAAA,GAAM,GAAA,CAAI,YAAA,GAAe,KAAA,CAAA;AACzC,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,OAAA,GAAU,wBAAA;AAChB,MAAA,OAAA,CAAQ,OAAA,CAAQ,SAAS,MAAM,CAAA;AAC/B,MAAA,OAAA,CAAQ,WAAW,OAAO,CAAA;AAC1B,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,QAAQ,GAAA,EAA4B;AAClC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AAAA,IAClC;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,KAAA,GAAQ,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAG,CAAA,IAAK,IAAA;AACjD,MAAA,OAAO,KAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,8CAA8C,KAAK,CAAA;AACjE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAChC,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,IACvC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAE/D,MAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,QAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAClC,QAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,WAAW,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,WAAW,GAAG,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,+CAA+C,KAAK,CAAA;AAAA,IACpE;AAAA,EACF;AACF;AAWA,eAAsB,UAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,OAAO,MAAA,YAAkB,OAAA,GAAU,MAAM,MAAA,GAAS,MAAA;AACpD;AAKA,eAAsB,UAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AACzC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;AAKA,eAAsB,aAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA;AACrC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;ACjLO,SAAS,YAAA,GAAmC;AAOjD,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,OAAS,WAAmB,MAAA,CAAe,oBAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,iBAAA,CAAkB,KAAa,SAAA,EAA4B;AACzE,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,aAAa,YAAA,EAAa;AACtC,IAAA,IAAI,GAAA,EAAK;AACP,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,QAAA,CAAS,GAAG,IAAI,GAAA,GAAM,GAAA;AAC5C,MAAA,OAAO,GAAG,GAAG,CAAA,EAAG,SAAS,CAAA,UAAA,EAAa,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA;AAAA,IAC/D;AAAA,EACF,SAAS,KAAA,EAAO;AAAA,EAEhB;AACA,EAAA,OAAO,GAAA;AACT;;;ACtCA,IAAM,iBAAA,GAAoB,2BAAA;AAC1B,IAAM,WAAA,GAAc,gCAAA;AAQpB,IAAI,cAAA;AAMG,SAAS,mBAAmB,MAAA,EAGhC;AACD,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,cAAA,GAAiB,MAAM,MAAA,CAAO,MAAA;AAAA,EAChC;AAGF;AAGA,IAAM,aAAA,GAA6D,mCAAA;AAEnE,SAAS,SAAA,GAAoB;AAI3B,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA,EAAe;AAAA,EACxB;AAGA,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,MAAM,QAAA,GAAa,WAAmB,MAAA,CAAe,kBAAA;AACrD,IAAA,IAAI,UAAU,MAAA,EAAQ;AACpB,MAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IAClB;AAAA,EACF;AAGA,EAAmB;AACjB,IAAA,OAAO,aAAA;AAAA,EACT;AAIF;AAmDO,IAAM,kBAAN,MAAsB;AAAA,EACnB,MAAA,GAA2B,IAAA;AAAA,EAC3B,OAAA;AAAA,EACA,cAAA,GAA0C,IAAA;AAAA;AAAA,EAElD,YAAY,OAAA,EAAwB;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA,IAAW,IAAI,mBAAA,EAAoB;AAClD,IAAA,OAAA,CAAQ,IAAI,uCAAuC,CAAA;AACnD,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,EAC7B;AAAA,EAEA,MAAc,qBAAA,GAAuC;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAQ,iBAAiB,CAAA;AAC3D,MAAA,OAAA,CAAQ,GAAA,CAAI,oCAAA,EAAsC,CAAC,CAAC,MAAM,CAAA;AAE1D,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,MAAM,CAAA;AAC/B,QAAA,OAAA,CAAQ,IAAI,sBAAA,EAAwB;AAAA,UAClC,cAAA,EAAgB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,WAAA;AAAA,UAC/B,eAAA,EAAiB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,YAAA;AAAA,UAChC,MAAA,EAAQ,KAAK,MAAA,EAAQ,MAAA;AAAA,UACrB,SAAA,EAAW,KAAK,MAAA,EAAQ,SAAA;AAAA,UACxB,WAAA,EAAa,KAAK,GAAA,EAAI;AAAA,UACtB,YAAA,EAAc,IAAA,CAAK,MAAA,EAAQ,SAAA,GAAA,CAAa,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,IAAK,GAAA,GAAO;AAAA,SACtF,CAAA;AAED,QAAA,IAAI,IAAA,CAAK,MAAA,IAAU,IAAA,CAAK,cAAA,EAAe,EAAG;AACxC,UAAA,OAAA,CAAQ,IAAI,+BAA+B,CAAA;AAG3C,UAAA,IAAI,IAAA,CAAK,OAAO,YAAA,EAAc;AAC5B,YAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAAA,UAE/E,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,YAAA,MAAM,KAAK,WAAA,EAAY;AAAA,UACzB;AAAA,QACF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AAAA,QAC3D;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAAA,MAChD;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAC/D,MAAA,MAAM,KAAK,WAAA,EAAY;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,mBAAA,GAAqC;AACjD,IAAA,IAAI;AACF,MAAA,IAAI,KAAK,MAAA,EAAQ;AACf,QAAA,MAAM,WAAA,GAAc,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,MAAM,CAAA;AAC9C,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,WAAW,CAAA;AACzD,QAAA,MAAM,KAAK,OAAA,CAAQ,OAAA,CAAQ,WAAA,EAAa,IAAA,CAAK,OAAO,MAAM,CAAA;AAAA,MAC5D;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAAA,IAChE;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,QAAA,EAAwC;AACtD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAS,SAAA,GAAY,GAAA;AACpD,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,cAAc,QAAA,CAAS,YAAA;AAAA,MACvB,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,SAAA;AAAA,MACA,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,MAAA,EAAQ,SAAS,MAAA,IAAU,IAAA;AAAA,MAC3B,WAAA,EAAa,SAAS,WAAA,IAAe,IAAA;AAAA,MACrC,SAAA,EAAW,QAAA,CAAS,SAAA,IAAa;AAAC,KACpC;AAEA,IAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,EACjC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AAEzB,IAAA,OAAO,KAAK,MAAA,CAAO,WAAA;AAAA,EACrB;AAAA,EAEA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,YAAA,IAAgB,IAAA;AAAA,EACtC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,YAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,MAAA,EAAQ,SAAA,IAAa,EAAC;AAAA,EACpC;AAAA,EAEA,SAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,MAAM,qBAAqB,WAAA,EAAqC;AAC9D,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,MAAM,kBAAkB,WAAA,EAA2C;AACjE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,cAAA,GAA0B;AACxB,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,SAAS,EAAA,GAAK,GAAA;AACpB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,SAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,MAAO,SAAA,GAAY,MAAA;AAErC,IAAA,OAAO,SAAA;AAAA,EACT;AAAA,EAEA,eAAA,GAA2B;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,KAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,cAAA,EAAe,EAAG;AAC1B,MAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,WAAA;AAAA,IACvB;AAGA,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,YAAA;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,GAA6B;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,iBAAiB,CAAA;AAC/C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,kBAAA,GAAuC;AAE3C,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,IAAI,sEAAsE,CAAA;AAClF,MAAA,OAAO,IAAA,CAAK,cAAA;AAAA,IACd;AAEA,IAAA,MAAM,YAAA,GAAe,KAAK,eAAA,EAAgB;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAA,CAAQ,KAAK,8CAA8C,CAAA;AAC3D,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,OAAA,CAAQ,IAAI,+CAA+C,CAAA;AAG3D,IAAA,IAAA,CAAK,kBAAkB,YAAY;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,mBAAmB,CAAA,EAAG;AAAA,UACjF,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,UAC9C,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,cAAc;AAAA,SACtC,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,OAAA,CAAQ,GAAA,CAAI,yCAAA,EAA2C,QAAA,CAAS,MAAM,CAAA;AAEtE,UAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,YAAA,IAAI;AACF,cAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,cAAA,OAAA,CAAQ,GAAA,CAAI,oCAAoC,SAAS,CAAA;AAGzD,cAAA,QAAQ,UAAU,UAAA;AAAY,gBAC5B,KAAK,mBAAA;AACH,kBAAA,OAAA,CAAQ,IAAI,wDAAwD,CAAA;AACpE,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA,gBAET,KAAK,eAAA;AAAA,gBACL;AACE,kBAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA;AACX,YACF,SAAS,UAAA,EAAY;AACnB,cAAA,OAAA,CAAQ,IAAA,CAAK,qDAAqD,UAAU,CAAA;AAC5E,cAAA,MAAM,KAAK,WAAA,EAAY;AACvB,cAAA,OAAO,KAAA;AAAA,YACT;AAAA,UACF,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,6EAA6E,CAAA;AACzF,YAAA,OAAO,KAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,MAAM,eAAA,GAAkB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC5C,QAAA,OAAA,CAAQ,GAAA,CAAI,gDAAA,EAAkD,eAAA,CAAgB,SAAA,EAAW,SAAS,CAAA;AAElG,QAAA,IAAI,KAAK,MAAA,EAAQ;AAEf,UAAA,IAAA,CAAK,MAAA,CAAO,cAAc,eAAA,CAAgB,WAAA;AAC1C,UAAA,IAAA,CAAK,MAAA,CAAO,eAAe,eAAA,CAAgB,YAAA;AAC3C,UAAA,IAAA,CAAK,MAAA,CAAO,YAAY,eAAA,CAAgB,SAAA;AACxC,UAAA,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,gBAAgB,SAAA,GAAY,GAAA;AACjE,UAAA,MAAM,KAAK,mBAAA,EAAoB;AAC/B,UAAA,OAAA,CAAQ,IAAI,yCAAyC,CAAA;AACrD,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,OAAA,CAAQ,MAAM,oCAAoC,CAAA;AAClD,QAAA,OAAO,KAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AAEzD,QAAA,OAAO,KAAA;AAAA,MACT,CAAA,SAAE;AAEA,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AACtB,QAAA,OAAA,CAAQ,IAAI,kDAAkD,CAAA;AAAA,MAChE;AAAA,IACF,CAAA,GAAG;AAEH,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,aAAA,GAA+B;AAC7B,IAAA,MAAM,KAAA,GAAQ,KAAK,cAAA,EAAe;AAClC,IAAA,OAAO,KAAA,GAAQ,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,GAAK,IAAA;AAAA,EACrC;AACF;AAGO,IAAM,eAAA,GAAkB,IAAI,eAAA;AAK5B,SAAS,sBAAsB,OAAA,EAAwC;AAC5E,EAAA,OAAO,IAAI,gBAAgB,OAAO,CAAA;AACpC;AAIA,eAAsB,MAAA,CAAO,UAA2B,eAAA,EAAgC;AACtF,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,MAAM,iBAAA,CAAkB,CAAA,EAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,QAC/D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,UAAA;AAAA,UACf,cAAA,EAAgB;AAAA;AAClB,OACD,CAAA;AAAA,IACH;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,uBAAuB,KAAK,CAAA;AAAA,EAC5C,CAAA,SAAE;AACA,IAAA,MAAM,QAAQ,WAAA,EAAY;AAAA,EAC5B;AACF;AAEA,eAAsB,WAAA,CAAY,UAA2B,eAAA,EAAiD;AAC5G,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAA,CAAQ,IAAI,iDAAiD,CAAA;AAC7D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,MAChF,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,EAAE,aAAA,EAAe,UAAA;AAAW,KACtC,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,OAAA,CAAQ,GAAA,CAAI,kCAAA,EAAoC,QAAA,CAAS,MAAM,CAAA;AAE/D,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,UAAA,OAAA,CAAQ,GAAA,CAAI,4BAA4B,SAAS,CAAA;AAGjD,UAAA,QAAQ,UAAU,UAAA;AAAY,YAC5B,KAAK,eAAA;AACH,cAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,cAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,cAAA,IAAI,cAAA,EAAgB;AAClB,gBAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AACvE,gBAAA,OAAO,MAAM,YAAY,OAAO,CAAA;AAAA,cAClC,CAAA,MAAO;AACL,gBAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AACzD,gBAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,gBAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,cACxB;AAAA,YAEF,KAAK,mBAAA;AACH,cAAA,OAAA,CAAQ,IAAI,qDAAqD,CAAA;AACjE,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,YAExB,KAAK,eAAA;AAAA,YACL;AACE,cAAA,OAAA,CAAQ,IAAI,sCAAsC,CAAA;AAClD,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA;AAC1B,QACF,SAAS,UAAA,EAAY;AACnB,UAAA,OAAA,CAAQ,IAAA,CAAK,6CAA6C,UAAU,CAAA;AACpE,UAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,UAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,QACxB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,yDAAyD,CAAA;AACrE,QAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,MACxB;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,IAAA,OAAA,CAAQ,GAAA,CAAI,wCAAwC,cAAc,CAAA;AAElE,IAAA,IAAI,eAAe,KAAA,EAAO;AACxB,MAAA,IAAI,OAAO,cAAA,CAAe,WAAA,KAAgB,SAAA,EAAW;AACnD,QAAA,MAAM,OAAA,CAAQ,oBAAA,CAAqB,cAAA,CAAe,WAAW,CAAA;AAAA,MAC/D;AAEA,MAAA,IAAI,OAAA,CAAQ,WAAU,EAAG;AACvB,QAAA,IAAI,cAAA,CAAe,gBAAgB,KAAA,CAAA,EAAW;AAC5C,UAAA,MAAM,OAAA,CAAQ,iBAAA,CAAkB,cAAA,CAAe,WAAW,CAAA;AAAA,QAC5D;AAAA,MAEF;AAAA,IACF;AAEA,IAAA,OAAO,cAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAC9D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AACF;AAEA,eAAsB,gBAAA,CAAiB,UAA2B,eAAA,EAAmC;AAEnG,EAAA,IAAI,QAAQ,eAAA,EAAgB,IAAK,CAAC,OAAA,CAAQ,gBAAe,EAAG;AAC1D,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,8DAA8D,CAAA;AAG1E,EAAA,MAAM,YAAA,GAAe,QAAQ,eAAA,EAAgB;AAC7C,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,IAAI,mEAAmE,CAAA;AAC/E,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,OAAA,CAAQ,GAAA,CAAI,iCAAiC,cAAc,CAAA;AAC3D,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAC7E,EAAA,OAAO,KAAA;AACT;AAEA,eAAsB,mBACpB,GAAA,EACA,OAAA,GAAuB,EAAC,EACxB,UAA2B,eAAA,EACR;AACnB,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC3D;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,gBAAA,GAAmB,kBAAkB,GAAG,CAAA;AAC9C,EAAA,MAAM,cAAA,GAA8B;AAAA,IAClC,GAAG,OAAA;AAAA,IACH,OAAA,EAAS;AAAA,MACP,GAAG,OAAA,CAAQ,OAAA;AAAA,MACX,aAAA,EAAe,UAAA;AAAA,MACf,cAAA,EAAgB;AAAA;AAClB,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,gBAAA,EAAkB,cAAc,CAAA;AAG7D,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,MAAM,aAAA,GAAgB,QAAQ,aAAA,EAAc;AAC5C,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,cAAA,CAAe,OAAA,GAAU;AAAA,UACvB,GAAG,cAAA,CAAe,OAAA;AAAA,UAClB,aAAA,EAAe;AAAA,SACjB;AACA,QAAA,OAAO,KAAA,CAAM,kBAAkB,cAAc,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAIA,eAAsB,eAAA,CAAgB,QAAgB,OAAA,EAA+D;AACnH,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,iBAAiB,CAAA,EAAG;AAAA,IAC/E,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,QAAQ;AAAA,GAChC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,cAAc,CAAA;AAClE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,cAAA,CAAe,KAAA,EAAe,IAAA,EAAc,OAAA,EAA+D;AAC/H,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,6BAA6B,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,MAAM;AAAA,GACrC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,2BAA2B,CAAA;AAC/E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC9E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,iBAAA,CAAkB,cAQrC,OAAA,EAA+D;AAChE,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,0BAA0B,CAAA,EAAG;AAAA,IACxF,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,YAAY;AAAA,GAClC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,uBAAuB,CAAA;AAC3E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,kBAAA,CAAmB,UAA2B,eAAA,EAAmC;AACrG,EAAA,IAAI;AACF,IAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,OAAO,CAAA;AAC9C,IAAA,IAAI,YAAA,EAAc,KAAA,IAAS,OAAO,YAAA,CAAa,gBAAgB,SAAA,EAAW;AACxE,MAAA,OAAO,YAAA,CAAa,WAAA;AAAA,IACtB;AACA,IAAA,OAAO,KAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Base64URL encoding/decoding utilities\n * Used for WebAuthn and JWT operations\n */\n\n/**\n * Convert ArrayBuffer to Base64URL string\n * @param buffer - ArrayBuffer to convert\n * @returns Base64URL encoded string\n */\nexport function arrayBufferToBase64url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/g, '');\n}\n\n/**\n * Convert Base64URL string to Uint8Array\n * @param base64url - Base64URL string to convert\n * @returns Uint8Array\n */\nexport function base64urlToUint8Array(base64url: string): Uint8Array {\n const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');\n const pad = base64.length % 4 ? 4 - (base64.length % 4) : 0;\n const padded = base64 + '='.repeat(pad);\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\n/**\n * Convert ArrayBuffer to standard Base64 string (not URL-safe)\n * @param buffer - ArrayBuffer to convert\n * @returns Base64 encoded string\n */\nexport function arrayBufferToBase64(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n}\n","/**\n * Storage abstraction layer for tokens and keyshares\n * Allows the core package to work in both browser and Node.js environments\n */\n\n/**\n * Storage interface for storing key-value pairs\n * Can be implemented for different storage backends (localStorage, Redis, memory, etc.)\n */\nexport interface TokenStorage {\n /**\n * Get item from storage\n * @param key - Storage key\n * @returns Value or null if not found\n */\n getItem(key: string): Promise<string | null> | string | null;\n\n /**\n * Set item in storage\n * @param key - Storage key\n * @param value - Value to store\n */\n setItem(key: string, value: string): Promise<void> | void;\n\n /**\n * Remove item from storage\n * @param key - Storage key\n */\n removeItem(key: string): Promise<void> | void;\n}\n\n/**\n * In-memory storage adapter\n * Useful for server-side usage where persistence is not required\n */\nexport class MemoryStorage implements TokenStorage {\n private storage = new Map<string, string>();\n\n getItem(key: string): string | null {\n return this.storage.get(key) || null;\n }\n\n setItem(key: string, value: string): void {\n this.storage.set(key, value);\n }\n\n removeItem(key: string): void {\n this.storage.delete(key);\n }\n\n /**\n * Clear all items from memory storage\n */\n clear(): void {\n this.storage.clear();\n }\n\n /**\n * Get all keys in storage\n */\n keys(): string[] {\n return Array.from(this.storage.keys());\n }\n\n /**\n * Get number of items in storage\n */\n get size(): number {\n return this.storage.size;\n }\n}\n\n/**\n * LocalStorage adapter for browser environments\n * Falls back to memory storage if localStorage is not available\n */\nexport class LocalStorageAdapter implements TokenStorage {\n private fallback: MemoryStorage | null = null;\n\n constructor() {\n // Check if localStorage is available\n if (!this.isLocalStorageAvailable()) {\n console.warn('[Storage] localStorage not available, falling back to memory storage');\n this.fallback = new MemoryStorage();\n }\n }\n\n private isLocalStorageAvailable(): boolean {\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const storage = win ? win.localStorage : undefined;\n if (!storage) {\n return false;\n }\n // Test if we can actually use localStorage (some browsers block it in private mode)\n const testKey = '__lumia_storage_test__';\n storage.setItem(testKey, 'test');\n storage.removeItem(testKey);\n return true;\n } catch {\n return false;\n }\n }\n\n getItem(key: string): string | null {\n if (this.fallback) {\n return this.fallback.getItem(key);\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const value = win?.localStorage?.getItem(key) || null;\n return value;\n } catch (error) {\n console.error('[Storage] Error reading from localStorage:', error);\n return null;\n }\n }\n\n setItem(key: string, value: string): void {\n if (this.fallback) {\n this.fallback.setItem(key, value);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.setItem(key, value);\n } catch (error) {\n console.error('[Storage] Error writing to localStorage:', error);\n // Initialize fallback if localStorage fails\n if (!this.fallback) {\n this.fallback = new MemoryStorage();\n this.fallback.setItem(key, value);\n }\n }\n }\n\n removeItem(key: string): void {\n if (this.fallback) {\n this.fallback.removeItem(key);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.removeItem(key);\n } catch (error) {\n console.error('[Storage] Error removing from localStorage:', error);\n }\n }\n}\n\n/**\n * Keyshare storage interface (same as TokenStorage but with a different name for clarity)\n */\nexport interface KeyshareStorage extends TokenStorage {}\n\n/**\n * Helper to normalize storage operations to always be async\n * This allows mixing sync and async storage implementations\n */\nexport async function storageGet(\n storage: TokenStorage,\n key: string\n): Promise<string | null> {\n const result = storage.getItem(key);\n return result instanceof Promise ? await result : result;\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageSet(\n storage: TokenStorage,\n key: string,\n value: string\n): Promise<void> {\n const result = storage.setItem(key, value);\n if (result instanceof Promise) {\n await result;\n }\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageRemove(\n storage: TokenStorage,\n key: string\n): Promise<void> {\n const result = storage.removeItem(key);\n if (result instanceof Promise) {\n await result;\n }\n}\n","/**\n * Project ID management for Lumia Passport Core\n * Adapted to work in both browser and Node.js environments\n */\n\nlet globalProjectId: string | undefined;\n\n/**\n * Set the global project ID\n * @param projectId - The project ID to set\n */\nexport function setProjectId(projectId: string): void {\n globalProjectId = projectId;\n}\n\n/**\n * Get the current project ID\n * Priority: 1. Explicitly set via setProjectId(), 2. window.__LUMIA_PROJECT_ID__ (browser only)\n */\nexport function getProjectId(): string | undefined {\n // First check explicitly set projectId\n if (globalProjectId) {\n return globalProjectId;\n }\n\n // Fallback to window global (browser only)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n return ((globalThis as any).window as any).__LUMIA_PROJECT_ID__;\n }\n\n return undefined;\n}\n\n/**\n * Add projectId to URL query parameters\n * @param url - The URL to add projectId to\n * @param projectId - Optional explicit projectId (uses getProjectId() if not provided)\n */\nexport function addProjectIdToUrl(url: string, projectId?: string): string {\n try {\n const pid = projectId || getProjectId();\n if (pid) {\n const separator = url.includes('?') ? '&' : '?';\n return `${url}${separator}projectId=${encodeURIComponent(pid)}`;\n }\n } catch (error) {\n // Silently fail and return original URL\n }\n return url;\n}\n\n/**\n * Clear the globally set project ID\n */\nexport function clearProjectId(): void {\n globalProjectId = undefined;\n}\n","/**\n * JWT Token Management\n * Adapted from lumia-passport-ui-kit/src/internal/auth/jwt.ts\n * Browser-specific features (passkey auth) remain in UI kit\n */\n\nimport type { TokenStorage } from './storage';\nimport { LocalStorageAdapter } from './storage';\nimport { addProjectIdToUrl } from '../utils/project-id';\n\n// Token storage keys\nconst TOKEN_STORAGE_KEY = 'lumia-passport-jwt-tokens';\nconst USER_ID_KEY = 'lumia-passport-current-user-id';\n\n// Build-time injected URLs (tsup.define)\ndeclare const __LUMIA_TSS_URL__: string;\ndeclare const __LUMIA_BUNDLER_URL__: string;\ndeclare const __LUMIA_SHARE_VAULT_URL__: string;\n\n// Service URL provider - will be set by config\nlet tssUrlProvider: (() => string) | undefined;\n\n/**\n * Configure JWT module with service URLs\n * Call this from createLumiaPassportCore (backend usage)\n */\nexport function configureJwtModule(config: {\n tssUrl?: string;\n projectId?: string;\n}) {\n if (config.tssUrl) {\n tssUrlProvider = () => config.tssUrl!;\n }\n // Note: projectId is now handled via addProjectIdToUrl from utils/project-id\n // which reads from window.__LUMIA_PROJECT_ID__ or can be set via setProjectId()\n}\n\n// Build-time default from .env (will be replaced by tsup define)\nconst BUILD_TSS_URL = (typeof __LUMIA_TSS_URL__ !== 'undefined' && __LUMIA_TSS_URL__) || '';\n\nfunction getTssUrl(): string {\n // Priority: runtime config > window.__LUMIA_SERVICES__ > build-time default > hardcoded fallback\n\n // 1. Runtime config (backend usage via configureJwtModule)\n if (tssUrlProvider) {\n return tssUrlProvider();\n }\n\n // 2. Browser runtime config from LumiaPassportProvider (window.__LUMIA_SERVICES__)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n const services = ((globalThis as any).window as any).__LUMIA_SERVICES__;\n if (services?.tssUrl) {\n return services.tssUrl;\n }\n }\n\n // 3. Build-time injected default (from .env during pnpm build)\n if (BUILD_TSS_URL) {\n return BUILD_TSS_URL;\n }\n\n // 4. Hardcoded fallback\n return 'http://localhost:9256';\n}\n\n// addProjectIdToUrl is imported from '../utils/project-id'\n// It automatically reads from window.__LUMIA_PROJECT_ID__ or global setProjectId()\n\n// Types\nexport interface JwtTokens {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n expiresAt: number;\n hasKeyshare?: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface LoginResponse {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n hasKeyshare: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface RefreshResponse {\n accessToken: string;\n refreshToken: string;\n expiresIn: number;\n}\n\nexport interface VerifyResponse {\n valid: boolean;\n userId?: string;\n sessionId?: string;\n exp?: number;\n hasKeyshare?: boolean;\n displayName?: string | null;\n avatar?: string | null;\n}\n\n/**\n * JWT Token Manager\n * Handles token storage, refresh, and validation\n */\nexport class JwtTokenManager {\n private tokens: JwtTokens | null = null;\n private storage: TokenStorage;\n private refreshPromise: Promise<boolean> | null = null; // Mutex for refresh operations\n\n constructor(storage?: TokenStorage) {\n this.storage = storage || new LocalStorageAdapter();\n console.log('[JWT] JwtTokenManager initializing...');\n this.loadTokensFromStorage();\n }\n\n private async loadTokensFromStorage(): Promise<void> {\n try {\n const stored = await this.storage.getItem(TOKEN_STORAGE_KEY);\n console.log('[JWT] Loading tokens from storage:', !!stored);\n\n if (stored) {\n this.tokens = JSON.parse(stored);\n console.log('[JWT] Parsed tokens:', {\n hasAccessToken: !!this.tokens?.accessToken,\n hasRefreshToken: !!this.tokens?.refreshToken,\n userId: this.tokens?.userId,\n expiresAt: this.tokens?.expiresAt,\n currentTime: Date.now(),\n timeToExpiry: this.tokens?.expiresAt ? (this.tokens.expiresAt - Date.now()) / 1000 : 'N/A'\n });\n\n if (this.tokens && this.isTokenExpired()) {\n console.log('[JWT] Access token is expired');\n\n // Check if we have a refresh token to attempt renewal\n if (this.tokens.refreshToken) {\n console.log('[JWT] Refresh token available, will attempt renewal when needed');\n // Keep tokens - they will be refreshed on the first API call via ensureValidToken()\n } else {\n console.log('[JWT] No refresh token available, clearing tokens');\n await this.clearTokens();\n }\n } else {\n console.log('[JWT] Access token is valid, keeping tokens');\n }\n } else {\n console.log('[JWT] No tokens found in storage');\n }\n } catch (error) {\n console.error('[JWT] Error loading tokens from storage:', error);\n await this.clearTokens();\n }\n }\n\n private async saveTokensToStorage(): Promise<void> {\n try {\n if (this.tokens) {\n const tokenString = JSON.stringify(this.tokens);\n await this.storage.setItem(TOKEN_STORAGE_KEY, tokenString);\n await this.storage.setItem(USER_ID_KEY, this.tokens.userId);\n }\n } catch (error) {\n console.error('[JWT] Failed to save tokens to storage:', error);\n }\n }\n\n async setTokens(response: LoginResponse): Promise<void> {\n const expiresAt = Date.now() + response.expiresIn * 1000;\n this.tokens = {\n accessToken: response.accessToken,\n refreshToken: response.refreshToken,\n userId: response.userId,\n expiresIn: response.expiresIn,\n expiresAt,\n hasKeyshare: response.hasKeyshare,\n isNewUser: response.isNewUser,\n avatar: response.avatar ?? null,\n displayName: response.displayName ?? null,\n providers: response.providers ?? []\n };\n\n await this.saveTokensToStorage();\n }\n\n getAccessToken(): string | null {\n if (!this.tokens) return null;\n // Return access token even if expired - ensureValidToken() will handle refresh\n return this.tokens.accessToken;\n }\n\n getRefreshToken(): string | null {\n return this.tokens?.refreshToken || null;\n }\n\n getUserId(): string | null {\n return this.tokens?.userId || null;\n }\n\n getHasKeyshare(): boolean | null {\n return this.tokens?.hasKeyshare ?? null;\n }\n\n getAvatar(): string | null {\n return this.tokens?.avatar || null;\n }\n\n getDisplayName(): string | null {\n return this.tokens?.displayName || null;\n }\n\n getProviders(): string[] {\n return this.tokens?.providers ?? [];\n }\n\n getTokens(): JwtTokens | null {\n return this.tokens;\n }\n\n async updateKeyshareStatus(hasKeyshare: boolean): Promise<void> {\n if (this.tokens) {\n this.tokens.hasKeyshare = hasKeyshare;\n await this.saveTokensToStorage();\n }\n }\n\n async updateDisplayName(displayName: string | null): Promise<void> {\n if (this.tokens) {\n this.tokens.displayName = displayName;\n await this.saveTokensToStorage();\n }\n }\n\n isTokenExpired(): boolean {\n if (!this.tokens) {\n return true;\n }\n\n const buffer = 30 * 1000; // 30 seconds buffer\n const now = Date.now();\n const expiresAt = this.tokens.expiresAt;\n const isExpired = now > (expiresAt - buffer);\n\n return isExpired;\n }\n\n isAuthenticated(): boolean {\n // Consider authenticated if we have either valid access token OR refresh token\n if (!this.tokens) return false;\n\n if (!this.isTokenExpired()) {\n return !!this.tokens.accessToken;\n }\n\n // If access token is expired but we have refresh token, we're still authenticated\n return !!this.tokens.refreshToken;\n }\n\n async clearTokens(): Promise<void> {\n this.tokens = null;\n await this.storage.removeItem(TOKEN_STORAGE_KEY);\n await this.storage.removeItem(USER_ID_KEY);\n }\n\n async refreshAccessToken(): Promise<boolean> {\n // If refresh is already in progress, wait for it to complete\n if (this.refreshPromise) {\n console.log('[JWT] Refresh already in progress, waiting for existing operation...');\n return this.refreshPromise;\n }\n\n const refreshToken = this.getRefreshToken();\n if (!refreshToken) {\n console.warn('[JWT] No refresh token available for refresh');\n return false;\n }\n\n console.log('[JWT] Starting new token refresh operation...');\n\n // Create and store the refresh promise (mutex pattern)\n this.refreshPromise = (async () => {\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ refreshToken })\n });\n\n if (!response.ok) {\n console.log('[JWT] Token refresh failed with status:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] Refresh 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Refresh token session not found, clearing tokens');\n await this.clearTokens();\n return false;\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid refresh token, clearing tokens');\n await this.clearTokens();\n return false;\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse refresh 401 error response:', parseError);\n await this.clearTokens();\n return false;\n }\n } else {\n console.log('[JWT] Non-401 error during refresh, keeping tokens (might be network error)');\n return false;\n }\n }\n\n const refreshResponse = await response.json() as RefreshResponse;\n console.log('[JWT] Token refresh successful, new expiry in:', refreshResponse.expiresIn, 'seconds');\n\n if (this.tokens) {\n // Update both access and refresh tokens (token rotation)\n this.tokens.accessToken = refreshResponse.accessToken;\n this.tokens.refreshToken = refreshResponse.refreshToken;\n this.tokens.expiresIn = refreshResponse.expiresIn;\n this.tokens.expiresAt = Date.now() + refreshResponse.expiresIn * 1000;\n await this.saveTokensToStorage();\n console.log('[JWT] Refreshed tokens saved to storage');\n return true;\n }\n\n console.error('[JWT] No existing tokens to update');\n return false;\n } catch (error) {\n console.error('[JWT] Token refresh network error:', error);\n // Don't clear tokens on network errors - might be temporary\n return false;\n } finally {\n // Clear the mutex when operation completes (success or failure)\n this.refreshPromise = null;\n console.log('[JWT] Refresh operation completed, mutex cleared');\n }\n })();\n\n return this.refreshPromise;\n }\n\n getAuthHeader(): string | null {\n const token = this.getAccessToken();\n return token ? `Bearer ${token}` : null;\n }\n}\n\n// Default instance with LocalStorage\nexport const jwtTokenManager = new JwtTokenManager();\n\n/**\n * Create a custom JWT token manager with specific storage\n */\nexport function createJwtTokenManager(storage: TokenStorage): JwtTokenManager {\n return new JwtTokenManager(storage);\n}\n\n// Authentication functions\n\nexport async function logout(manager: JwtTokenManager = jwtTokenManager): Promise<void> {\n try {\n const authHeader = manager.getAuthHeader();\n if (authHeader) {\n await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/logout`), {\n method: 'POST',\n headers: {\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n }\n });\n }\n } catch (error) {\n console.error('[JWT] Logout error:', error);\n } finally {\n await manager.clearTokens();\n }\n}\n\nexport async function verifyToken(manager: JwtTokenManager = jwtTokenManager): Promise<VerifyResponse | null> {\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n console.log('[JWT] No auth header available for verification');\n return { valid: false };\n }\n\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/verify`), {\n method: 'GET',\n headers: { Authorization: authHeader }\n });\n\n if (!response.ok) {\n console.log('[JWT] Token verification failed:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'TOKEN_EXPIRED':\n console.log('[JWT] Access token expired, attempting refresh...');\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n console.log('[JWT] Token refreshed successfully, retrying verification');\n return await verifyToken(manager);\n } else {\n console.log('[JWT] Token refresh failed, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Session not found or revoked, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid token, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse 401 error response:', parseError);\n await manager.clearTokens();\n return { valid: false };\n }\n } else {\n console.log('[JWT] Non-401 error during verification, keeping tokens');\n return { valid: false };\n }\n }\n\n const verifyResponse = await response.json() as VerifyResponse;\n console.log('[JWT] Token verification successful:', verifyResponse);\n\n if (verifyResponse.valid) {\n if (typeof verifyResponse.hasKeyshare === 'boolean') {\n await manager.updateKeyshareStatus(verifyResponse.hasKeyshare);\n }\n // Update displayName and avatar if present\n if (manager.getTokens()) {\n if (verifyResponse.displayName !== undefined) {\n await manager.updateDisplayName(verifyResponse.displayName);\n }\n // Avatar update would need similar method\n }\n }\n\n return verifyResponse;\n } catch (error) {\n console.error('[JWT] Token verification network error:', error);\n return { valid: false };\n }\n}\n\nexport async function ensureValidToken(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n // Check if current access token is valid (not expired)\n if (manager.isAuthenticated() && !manager.isTokenExpired()) {\n return true;\n }\n\n console.log('[JWT] Access token expired or missing, attempting refresh...');\n\n // Try to refresh using refresh token\n const refreshToken = manager.getRefreshToken();\n if (refreshToken) {\n console.log('[JWT] Refresh token available, attempting to refresh access token');\n const refreshSuccess = await manager.refreshAccessToken();\n console.log('[JWT] Refresh attempt result:', refreshSuccess);\n return refreshSuccess;\n }\n\n console.log('[JWT] No refresh token available, user needs to re-authenticate');\n return false;\n}\n\nexport async function authenticatedFetch(\n url: string,\n options: RequestInit = {},\n manager: JwtTokenManager = jwtTokenManager\n): Promise<Response> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n throw new Error('No valid authentication token available');\n }\n\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n throw new Error('Failed to get authentication header');\n }\n\n const urlWithProjectId = addProjectIdToUrl(url);\n const requestOptions: RequestInit = {\n ...options,\n headers: {\n ...options.headers,\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n }\n };\n\n const response = await fetch(urlWithProjectId, requestOptions);\n\n // Handle 401 by attempting token refresh\n if (response.status === 401) {\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n const newAuthHeader = manager.getAuthHeader();\n if (newAuthHeader) {\n requestOptions.headers = {\n ...requestOptions.headers,\n Authorization: newAuthHeader\n };\n return fetch(urlWithProjectId, requestOptions);\n }\n }\n }\n\n return response;\n}\n\n// Login functions (non-passkey)\n\nexport async function loginWithUserId(userId: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ userId })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Login failed');\n throw new Error(`Login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithEmail(email: string, code: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/email/verify-code`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ email, code })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Email verification failed');\n throw new Error(`Email verification failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithTelegram(telegramData: {\n id: number;\n first_name: string;\n last_name?: string;\n username?: string;\n photo_url?: string;\n auth_date: number;\n hash: string;\n}, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/telegram/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify(telegramData)\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Telegram login failed');\n throw new Error(`Telegram login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function syncKeyshareStatus(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n try {\n const verification = await verifyToken(manager);\n if (verification?.valid && typeof verification.hasKeyshare === 'boolean') {\n return verification.hasKeyshare;\n }\n return false;\n } catch {\n return false;\n }\n}\n"]}
1
+ {"version":3,"sources":["../../src/auth/base64url.ts","../../src/auth/storage.ts","../../src/utils/project-id.ts","../../src/auth/jwt.ts"],"names":[],"mappings":";;;AAUO,SAAS,uBAAuB,MAAA,EAA6B;AAClE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,IAAA,CAAK,MAAM,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,QAAQ,EAAE,CAAA;AAChF;AAOO,SAAS,sBAAsB,SAAA,EAA+B;AACnE,EAAA,MAAM,MAAA,GAAS,UAAU,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAM,GAAG,CAAA;AAC7D,EAAA,MAAM,MAAM,MAAA,CAAO,MAAA,GAAS,IAAI,CAAA,GAAK,MAAA,CAAO,SAAS,CAAA,GAAK,CAAA;AAC1D,EAAA,MAAM,MAAA,GAAS,MAAA,GAAS,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA;AACtC,EAAA,MAAM,MAAA,GAAS,KAAK,MAAM,CAAA;AAC1B,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAA,CAAO,MAAM,CAAA;AAC1C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,CAAO,QAAQ,CAAA,EAAA,EAAK;AACtC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,UAAA,CAAW,CAAC,CAAA;AAAA,EAChC;AACA,EAAA,OAAO,KAAA;AACT;AAOO,SAAS,oBAAoB,MAAA,EAA6B;AAC/D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,YAAY,CAAA,EAAA,EAAK;AACzC,IAAA,MAAA,IAAU,MAAA,CAAO,YAAA,CAAa,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACxC;AACA,EAAA,OAAO,KAAK,MAAM,CAAA;AACpB;;;ACbO,IAAM,gBAAN,MAA4C;AAAA,EACzC,OAAA,uBAAc,GAAA,EAAoB;AAAA,EAE1C,QAAQ,GAAA,EAA4B;AAClC,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAG,CAAA,IAAK,IAAA;AAAA,EAClC;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,GAAA,EAAK,KAAK,CAAA;AAAA,EAC7B;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAA,CAAK,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EACzB;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,QAAQ,KAAA,EAAM;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAA,GAAiB;AACf,IAAA,OAAO,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,IAAA,GAAe;AACjB,IAAA,OAAO,KAAK,OAAA,CAAQ,IAAA;AAAA,EACtB;AACF;AAMO,IAAM,sBAAN,MAAkD;AAAA,EAC/C,QAAA,GAAiC,IAAA;AAAA,EAEzC,WAAA,GAAc;AAEZ,IAAA,IAAI,CAAC,IAAA,CAAK,uBAAA,EAAwB,EAAG;AACnC,MAAA,OAAA,CAAQ,KAAK,sEAAsE,CAAA;AACnF,MAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAAA,IACpC;AAAA,EACF;AAAA,EAEQ,uBAAA,GAAmC;AACzC,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,OAAA,GAAU,GAAA,GAAM,GAAA,CAAI,YAAA,GAAe,KAAA,CAAA;AACzC,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,OAAA,GAAU,wBAAA;AAChB,MAAA,OAAA,CAAQ,OAAA,CAAQ,SAAS,MAAM,CAAA;AAC/B,MAAA,OAAA,CAAQ,WAAW,OAAO,CAAA;AAC1B,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,QAAQ,GAAA,EAA4B;AAClC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAG,CAAA;AAAA,IAClC;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,MAAM,KAAA,GAAQ,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAG,CAAA,IAAK,IAAA;AACjD,MAAA,OAAO,KAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,8CAA8C,KAAK,CAAA;AACjE,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA,EAEA,OAAA,CAAQ,KAAa,KAAA,EAAqB;AACxC,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAChC,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,IACvC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAE/D,MAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,QAAA,IAAA,CAAK,QAAA,GAAW,IAAI,aAAA,EAAc;AAClC,QAAA,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,WAAW,GAAA,EAAmB;AAC5B,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,IAAA,CAAK,QAAA,CAAS,WAAW,GAAG,CAAA;AAC5B,MAAA;AAAA,IACF;AACA,IAAA,IAAI;AAEF,MAAA,MAAM,GAAA,GAAM,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA;AACrE,MAAA,GAAA,EAAK,YAAA,EAAc,WAAW,GAAG,CAAA;AAAA,IACnC,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,+CAA+C,KAAK,CAAA;AAAA,IACpE;AAAA,EACF;AACF;AAWA,eAAsB,UAAA,CACpB,SACA,GAAA,EACwB;AACxB,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AAClC,EAAA,OAAO,MAAA,YAAkB,OAAA,GAAU,MAAM,MAAA,GAAS,MAAA;AACpD;AAKA,eAAsB,UAAA,CACpB,OAAA,EACA,GAAA,EACA,KAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AACzC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;AAKA,eAAsB,aAAA,CACpB,SACA,GAAA,EACe;AACf,EAAA,MAAM,MAAA,GAAS,OAAA,CAAQ,UAAA,CAAW,GAAG,CAAA;AACrC,EAAA,IAAI,kBAAkB,OAAA,EAAS;AAC7B,IAAA,MAAM,MAAA;AAAA,EACR;AACF;ACjLO,SAAS,YAAA,GAAmC;AAOjD,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,OAAS,WAAmB,MAAA,CAAe,oBAAA;AAAA,EAC7C;AAEA,EAAA,OAAO,MAAA;AACT;AAOO,SAAS,iBAAA,CAAkB,KAAa,SAAA,EAA4B;AACzE,EAAA,IAAI;AACF,IAAA,MAAM,GAAA,GAAM,aAAa,YAAA,EAAa;AACtC,IAAA,IAAI,GAAA,EAAK;AACP,MAAA,MAAM,SAAA,GAAY,GAAA,CAAI,QAAA,CAAS,GAAG,IAAI,GAAA,GAAM,GAAA;AAC5C,MAAA,OAAO,GAAG,GAAG,CAAA,EAAG,SAAS,CAAA,UAAA,EAAa,kBAAA,CAAmB,GAAG,CAAC,CAAA,CAAA;AAAA,IAC/D;AAAA,EACF,SAAS,KAAA,EAAO;AAAA,EAEhB;AACA,EAAA,OAAO,GAAA;AACT;;;ACtCA,IAAM,iBAAA,GAAoB,2BAAA;AAC1B,IAAM,WAAA,GAAc,gCAAA;AAQpB,IAAI,cAAA;AAMG,SAAS,mBAAmB,MAAA,EAGhC;AACD,EAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,IAAA,cAAA,GAAiB,MAAM,MAAA,CAAO,MAAA;AAAA,EAChC;AAGF;AAGA,IAAM,aAAA,GAA6D,mCAAA;AAEnE,SAAS,SAAA,GAAoB;AAI3B,EAAA,IAAI,cAAA,EAAgB;AAClB,IAAA,OAAO,cAAA,EAAe;AAAA,EACxB;AAGA,EAAA,IAAI,OAAO,UAAA,KAAe,WAAA,IAAgB,UAAA,CAAmB,MAAA,EAAQ;AACnE,IAAA,MAAM,QAAA,GAAa,WAAmB,MAAA,CAAe,kBAAA;AACrD,IAAA,IAAI,UAAU,MAAA,EAAQ;AACpB,MAAA,OAAO,QAAA,CAAS,MAAA;AAAA,IAClB;AAAA,EACF;AAGA,EAAmB;AACjB,IAAA,OAAO,aAAA;AAAA,EACT;AAIF;AAmDO,IAAM,kBAAN,MAAsB;AAAA,EACnB,MAAA,GAA2B,IAAA;AAAA,EAC3B,OAAA;AAAA,EACA,cAAA,GAA0C,IAAA;AAAA;AAAA,EAElD,YAAY,OAAA,EAAwB;AAClC,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA,IAAW,IAAI,mBAAA,EAAoB;AAClD,IAAA,OAAA,CAAQ,IAAI,uCAAuC,CAAA;AACnD,IAAA,IAAA,CAAK,qBAAA,EAAsB;AAAA,EAC7B;AAAA,EAEA,MAAc,qBAAA,GAAuC;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAQ,iBAAiB,CAAA;AAC3D,MAAA,OAAA,CAAQ,GAAA,CAAI,oCAAA,EAAsC,CAAC,CAAC,MAAM,CAAA;AAE1D,MAAA,IAAI,MAAA,EAAQ;AACV,QAAA,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,MAAM,CAAA;AAC/B,QAAA,OAAA,CAAQ,IAAI,sBAAA,EAAwB;AAAA,UAClC,cAAA,EAAgB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,WAAA;AAAA,UAC/B,eAAA,EAAiB,CAAC,CAAC,IAAA,CAAK,MAAA,EAAQ,YAAA;AAAA,UAChC,MAAA,EAAQ,KAAK,MAAA,EAAQ,MAAA;AAAA,UACrB,SAAA,EAAW,KAAK,MAAA,EAAQ,SAAA;AAAA,UACxB,WAAA,EAAa,KAAK,GAAA,EAAI;AAAA,UACtB,YAAA,EAAc,IAAA,CAAK,MAAA,EAAQ,SAAA,GAAA,CAAa,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,IAAK,GAAA,GAAO;AAAA,SACtF,CAAA;AAED,QAAA,IAAI,IAAA,CAAK,MAAA,IAAU,IAAA,CAAK,cAAA,EAAe,EAAG;AACxC,UAAA,OAAA,CAAQ,IAAI,+BAA+B,CAAA;AAG3C,UAAA,IAAI,IAAA,CAAK,OAAO,YAAA,EAAc;AAC5B,YAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAAA,UAE/E,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,YAAA,MAAM,KAAK,WAAA,EAAY;AAAA,UACzB;AAAA,QACF,CAAA,MAAO;AACL,UAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AAAA,QAC3D;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAAA,MAChD;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,4CAA4C,KAAK,CAAA;AAC/D,MAAA,MAAM,KAAK,WAAA,EAAY;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAc,mBAAA,GAAqC;AACjD,IAAA,IAAI;AACF,MAAA,IAAI,KAAK,MAAA,EAAQ;AACf,QAAA,MAAM,WAAA,GAAc,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,MAAM,CAAA;AAC9C,QAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,iBAAA,EAAmB,WAAW,CAAA;AACzD,QAAA,MAAM,KAAK,OAAA,CAAQ,OAAA,CAAQ,WAAA,EAAa,IAAA,CAAK,OAAO,MAAM,CAAA;AAAA,MAC5D;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAAA,IAChE;AAAA,EACF;AAAA,EAEA,MAAM,UAAU,QAAA,EAAwC;AACtD,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,SAAS,SAAA,GAAY,GAAA;AACpD,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,cAAc,QAAA,CAAS,YAAA;AAAA,MACvB,QAAQ,QAAA,CAAS,MAAA;AAAA,MACjB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,SAAA;AAAA,MACA,aAAa,QAAA,CAAS,WAAA;AAAA,MACtB,WAAW,QAAA,CAAS,SAAA;AAAA,MACpB,MAAA,EAAQ,SAAS,MAAA,IAAU,IAAA;AAAA,MAC3B,WAAA,EAAa,SAAS,WAAA,IAAe,IAAA;AAAA,MACrC,SAAA,EAAW,QAAA,CAAS,SAAA,IAAa;AAAC,KACpC;AAEA,IAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,EACjC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA;AAEzB,IAAA,OAAO,KAAK,MAAA,CAAO,WAAA;AAAA,EACrB;AAAA,EAEA,eAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,YAAA,IAAgB,IAAA;AAAA,EACtC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAiC;AAC/B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,SAAA,GAA2B;AACzB,IAAA,OAAO,IAAA,CAAK,QAAQ,MAAA,IAAU,IAAA;AAAA,EAChC;AAAA,EAEA,cAAA,GAAgC;AAC9B,IAAA,OAAO,IAAA,CAAK,QAAQ,WAAA,IAAe,IAAA;AAAA,EACrC;AAAA,EAEA,YAAA,GAAyB;AACvB,IAAA,OAAO,IAAA,CAAK,MAAA,EAAQ,SAAA,IAAa,EAAC;AAAA,EACpC;AAAA,EAEA,SAAA,GAA8B;AAC5B,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA,EAEA,MAAM,qBAAqB,WAAA,EAAqC;AAC9D,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,MAAM,kBAAkB,WAAA,EAA2C;AACjE,IAAA,IAAI,KAAK,MAAA,EAAQ;AACf,MAAA,IAAA,CAAK,OAAO,WAAA,GAAc,WAAA;AAC1B,MAAA,MAAM,KAAK,mBAAA,EAAoB;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,cAAA,GAA0B;AACxB,IAAA,IAAI,CAAC,KAAK,MAAA,EAAQ;AAChB,MAAA,OAAO,IAAA;AAAA,IACT;AAEA,IAAA,MAAM,SAAS,EAAA,GAAK,GAAA;AACpB,IAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,IAAA,MAAM,SAAA,GAAY,KAAK,MAAA,CAAO,SAAA;AAC9B,IAAA,MAAM,SAAA,GAAY,MAAO,SAAA,GAAY,MAAA;AAErC,IAAA,OAAO,SAAA;AAAA,EACT;AAAA,EAEA,eAAA,GAA2B;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,EAAQ,OAAO,KAAA;AAEzB,IAAA,IAAI,CAAC,IAAA,CAAK,cAAA,EAAe,EAAG;AAC1B,MAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,WAAA;AAAA,IACvB;AAGA,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,MAAA,CAAO,YAAA;AAAA,EACvB;AAAA,EAEA,MAAM,WAAA,GAA6B;AACjC,IAAA,IAAA,CAAK,MAAA,GAAS,IAAA;AACd,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,iBAAiB,CAAA;AAC/C,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAM,kBAAA,GAAuC;AAE3C,IAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,MAAA,OAAA,CAAQ,IAAI,sEAAsE,CAAA;AAClF,MAAA,OAAO,IAAA,CAAK,cAAA;AAAA,IACd;AAEA,IAAA,MAAM,YAAA,GAAe,KAAK,eAAA,EAAgB;AAC1C,IAAA,IAAI,CAAC,YAAA,EAAc;AACjB,MAAA,OAAA,CAAQ,KAAK,8CAA8C,CAAA;AAC3D,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,OAAA,CAAQ,IAAI,+CAA+C,CAAA;AAG3D,IAAA,IAAA,CAAK,kBAAkB,YAAY;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,mBAAmB,CAAA,EAAG;AAAA,UACjF,MAAA,EAAQ,MAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,UAC9C,WAAA,EAAa,SAAA;AAAA,UACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,cAAc;AAAA,SACtC,CAAA;AAED,QAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,UAAA,OAAA,CAAQ,GAAA,CAAI,yCAAA,EAA2C,QAAA,CAAS,MAAM,CAAA;AAEtE,UAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,YAAA,IAAI;AACF,cAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,cAAA,OAAA,CAAQ,GAAA,CAAI,oCAAoC,SAAS,CAAA;AAGzD,cAAA,QAAQ,UAAU,UAAA;AAAY,gBAC5B,KAAK,mBAAA;AACH,kBAAA,OAAA,CAAQ,IAAI,wDAAwD,CAAA;AACpE,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA,gBAET,KAAK,eAAA;AAAA,gBACL;AACE,kBAAA,OAAA,CAAQ,IAAI,8CAA8C,CAAA;AAC1D,kBAAA,MAAM,KAAK,WAAA,EAAY;AACvB,kBAAA,OAAO,KAAA;AAAA;AACX,YACF,SAAS,UAAA,EAAY;AACnB,cAAA,OAAA,CAAQ,IAAA,CAAK,qDAAqD,UAAU,CAAA;AAC5E,cAAA,MAAM,KAAK,WAAA,EAAY;AACvB,cAAA,OAAO,KAAA;AAAA,YACT;AAAA,UACF,CAAA,MAAO;AACL,YAAA,OAAA,CAAQ,IAAI,6EAA6E,CAAA;AACzF,YAAA,OAAO,KAAA;AAAA,UACT;AAAA,QACF;AAEA,QAAA,MAAM,eAAA,GAAkB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC5C,QAAA,OAAA,CAAQ,GAAA,CAAI,gDAAA,EAAkD,eAAA,CAAgB,SAAA,EAAW,SAAS,CAAA;AAElG,QAAA,IAAI,KAAK,MAAA,EAAQ;AAEf,UAAA,IAAA,CAAK,MAAA,CAAO,cAAc,eAAA,CAAgB,WAAA;AAC1C,UAAA,IAAA,CAAK,MAAA,CAAO,eAAe,eAAA,CAAgB,YAAA;AAC3C,UAAA,IAAA,CAAK,MAAA,CAAO,YAAY,eAAA,CAAgB,SAAA;AACxC,UAAA,IAAA,CAAK,OAAO,SAAA,GAAY,IAAA,CAAK,GAAA,EAAI,GAAI,gBAAgB,SAAA,GAAY,GAAA;AACjE,UAAA,MAAM,KAAK,mBAAA,EAAoB;AAC/B,UAAA,OAAA,CAAQ,IAAI,yCAAyC,CAAA;AACrD,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,OAAA,CAAQ,MAAM,oCAAoC,CAAA;AAClD,QAAA,OAAO,KAAA;AAAA,MACT,SAAS,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,KAAA,CAAM,sCAAsC,KAAK,CAAA;AAEzD,QAAA,OAAO,KAAA;AAAA,MACT,CAAA,SAAE;AAEA,QAAA,IAAA,CAAK,cAAA,GAAiB,IAAA;AACtB,QAAA,OAAA,CAAQ,IAAI,kDAAkD,CAAA;AAAA,MAChE;AAAA,IACF,CAAA,GAAG;AAEH,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,aAAA,GAA+B;AAC7B,IAAA,MAAM,KAAA,GAAQ,KAAK,cAAA,EAAe;AAClC,IAAA,OAAO,KAAA,GAAQ,CAAA,OAAA,EAAU,KAAK,CAAA,CAAA,GAAK,IAAA;AAAA,EACrC;AACF;AAGO,IAAM,eAAA,GAAkB,IAAI,eAAA;AAK5B,SAAS,sBAAsB,OAAA,EAAwC;AAC5E,EAAA,OAAO,IAAI,gBAAgB,OAAO,CAAA;AACpC;AAIA,eAAsB,MAAA,CAAO,UAA2B,eAAA,EAAgC;AACtF,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,IAAA,IAAI,UAAA,EAAY;AACd,MAAA,MAAM,MAAM,iBAAA,CAAkB,CAAA,EAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,QAC/D,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,aAAA,EAAe,UAAA;AAAA,UACf,cAAA,EAAgB;AAAA,SAClB;AAAA,QACA,WAAA,EAAa;AAAA,OACd,CAAA;AAAA,IACH;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,uBAAuB,KAAK,CAAA;AAAA,EAC5C,CAAA,SAAE;AACA,IAAA,MAAM,QAAQ,WAAA,EAAY;AAAA,EAC5B;AACF;AAEA,eAAsB,WAAA,CAAY,UAA2B,eAAA,EAAiD;AAC5G,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,OAAA,CAAQ,IAAI,iDAAiD,CAAA;AAC7D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,kBAAkB,CAAA,EAAG;AAAA,MAChF,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,EAAE,aAAA,EAAe,UAAA,EAAW;AAAA,MACrC,WAAA,EAAa;AAAA,KACd,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,OAAA,CAAQ,GAAA,CAAI,kCAAA,EAAoC,QAAA,CAAS,MAAM,CAAA;AAE/D,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,UAAA,OAAA,CAAQ,GAAA,CAAI,4BAA4B,SAAS,CAAA;AAGjD,UAAA,QAAQ,UAAU,UAAA;AAAY,YAC5B,KAAK,eAAA;AACH,cAAA,OAAA,CAAQ,IAAI,mDAAmD,CAAA;AAC/D,cAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,cAAA,IAAI,cAAA,EAAgB;AAClB,gBAAA,OAAA,CAAQ,IAAI,2DAA2D,CAAA;AACvE,gBAAA,OAAO,MAAM,YAAY,OAAO,CAAA;AAAA,cAClC,CAAA,MAAO;AACL,gBAAA,OAAA,CAAQ,IAAI,6CAA6C,CAAA;AACzD,gBAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,gBAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,cACxB;AAAA,YAEF,KAAK,mBAAA;AACH,cAAA,OAAA,CAAQ,IAAI,qDAAqD,CAAA;AACjE,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,YAExB,KAAK,eAAA;AAAA,YACL;AACE,cAAA,OAAA,CAAQ,IAAI,sCAAsC,CAAA;AAClD,cAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,cAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA;AAC1B,QACF,SAAS,UAAA,EAAY;AACnB,UAAA,OAAA,CAAQ,IAAA,CAAK,6CAA6C,UAAU,CAAA;AACpE,UAAA,MAAM,QAAQ,WAAA,EAAY;AAC1B,UAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,QACxB;AAAA,MACF,CAAA,MAAO;AACL,QAAA,OAAA,CAAQ,IAAI,yDAAyD,CAAA;AACrE,QAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,MACxB;AAAA,IACF;AAEA,IAAA,MAAM,cAAA,GAAiB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC3C,IAAA,OAAA,CAAQ,GAAA,CAAI,wCAAwC,cAAc,CAAA;AAElE,IAAA,IAAI,eAAe,KAAA,EAAO;AACxB,MAAA,IAAI,OAAO,cAAA,CAAe,WAAA,KAAgB,SAAA,EAAW;AACnD,QAAA,MAAM,OAAA,CAAQ,oBAAA,CAAqB,cAAA,CAAe,WAAW,CAAA;AAAA,MAC/D;AAEA,MAAA,IAAI,OAAA,CAAQ,WAAU,EAAG;AACvB,QAAA,IAAI,cAAA,CAAe,gBAAgB,KAAA,CAAA,EAAW;AAC5C,UAAA,MAAM,OAAA,CAAQ,iBAAA,CAAkB,cAAA,CAAe,WAAW,CAAA;AAAA,QAC5D;AAAA,MAEF;AAAA,IACF;AAEA,IAAA,OAAO,cAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,2CAA2C,KAAK,CAAA;AAC9D,IAAA,OAAO,EAAE,OAAO,KAAA,EAAM;AAAA,EACxB;AACF;AAEA,eAAsB,gBAAA,CAAiB,UAA2B,eAAA,EAAmC;AAEnG,EAAA,IAAI,QAAQ,eAAA,EAAgB,IAAK,CAAC,OAAA,CAAQ,gBAAe,EAAG;AAC1D,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,8DAA8D,CAAA;AAG1E,EAAA,MAAM,YAAA,GAAe,QAAQ,eAAA,EAAgB;AAC7C,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAA,CAAQ,IAAI,mEAAmE,CAAA;AAC/E,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,OAAA,CAAQ,GAAA,CAAI,iCAAiC,cAAc,CAAA;AAC3D,IAAA,OAAO,cAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,iEAAiE,CAAA;AAC7E,EAAA,OAAO,KAAA;AACT;AAqBA,eAAsB,cAAA,CAAe,UAA2B,eAAA,EAA4C;AAC1G,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,OAAO,QAAQ,SAAA,EAAU;AAC3B;AAEA,eAAsB,mBACpB,GAAA,EACA,OAAA,GAAuB,EAAC,EACxB,UAA2B,eAAA,EACR;AACnB,EAAA,MAAM,aAAA,GAAgB,MAAM,gBAAA,CAAiB,OAAO,CAAA;AACpD,EAAA,IAAI,CAAC,aAAA,EAAe;AAClB,IAAA,MAAM,IAAI,MAAM,yCAAyC,CAAA;AAAA,EAC3D;AAEA,EAAA,MAAM,UAAA,GAAa,QAAQ,aAAA,EAAc;AACzC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAAA,EACvD;AAEA,EAAA,MAAM,gBAAA,GAAmB,kBAAkB,GAAG,CAAA;AAC9C,EAAA,MAAM,cAAA,GAA8B;AAAA,IAClC,GAAG,OAAA;AAAA,IACH,OAAA,EAAS;AAAA,MACP,GAAG,OAAA,CAAQ,OAAA;AAAA,MACX,aAAA,EAAe,UAAA;AAAA,MACf,cAAA,EAAgB;AAAA;AAClB,GACF;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,gBAAA,EAAkB,cAAc,CAAA;AAG7D,EAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,IAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,kBAAA,EAAmB;AACxD,IAAA,IAAI,cAAA,EAAgB;AAClB,MAAA,MAAM,aAAA,GAAgB,QAAQ,aAAA,EAAc;AAC5C,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,cAAA,CAAe,OAAA,GAAU;AAAA,UACvB,GAAG,cAAA,CAAe,OAAA;AAAA,UAClB,aAAA,EAAe;AAAA,SACjB;AACA,QAAA,OAAO,KAAA,CAAM,kBAAkB,cAAc,CAAA;AAAA,MAC/C;AAAA,IACF;AAAA,EACF;AAEA,EAAA,OAAO,QAAA;AACT;AAIA,eAAsB,eAAA,CAAgB,QAAgB,OAAA,EAA+D;AACnH,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,iBAAiB,CAAA,EAAG;AAAA,IAC/E,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,EAAE,QAAQ;AAAA,GAChC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,cAAc,CAAA;AAClE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EACjE;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,cAAA,CAAe,KAAA,EAAe,IAAA,EAAc,OAAA,EAA+D;AAC/H,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,6BAA6B,CAAA,EAAG;AAAA,IAC3F,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,KAAA,EAAO,MAAM;AAAA,GACrC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,2BAA2B,CAAA;AAC/E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC9E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,iBAAA,CAAkB,cAQrC,OAAA,EAA+D;AAChE,EAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,iBAAA,CAAkB,GAAG,SAAA,EAAW,0BAA0B,CAAA,EAAG;AAAA,IACxF,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,IAC9C,WAAA,EAAa,SAAA;AAAA,IACb,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,YAAY;AAAA,GAClC,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,IAAA,MAAM,YAAY,MAAM,QAAA,CAAS,MAAK,CAAE,KAAA,CAAM,MAAM,uBAAuB,CAAA;AAC3E,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,uBAAA,EAA0B,SAAS,MAAM,CAAA,CAAA,EAAI,SAAS,CAAA,CAAE,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,QAAA,CAAS,IAAA,EAAK;AAC1C,EAAA,IAAI,CAAC,SAAS,aAAA,EAAe;AAC3B,IAAA,MAAM,eAAA,CAAgB,UAAU,aAAa,CAAA;AAAA,EAC/C;AACA,EAAA,OAAO,aAAA;AACT;AAEA,eAAsB,kBAAA,CAAmB,UAA2B,eAAA,EAAmC;AACrG,EAAA,IAAI;AACF,IAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,OAAO,CAAA;AAC9C,IAAA,IAAI,YAAA,EAAc,KAAA,IAAS,OAAO,YAAA,CAAa,gBAAgB,SAAA,EAAW;AACxE,MAAA,OAAO,YAAA,CAAa,WAAA;AAAA,IACtB;AACA,IAAA,OAAO,KAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF","file":"index.cjs","sourcesContent":["/**\n * Base64URL encoding/decoding utilities\n * Used for WebAuthn and JWT operations\n */\n\n/**\n * Convert ArrayBuffer to Base64URL string\n * @param buffer - ArrayBuffer to convert\n * @returns Base64URL encoded string\n */\nexport function arrayBufferToBase64url(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/g, '');\n}\n\n/**\n * Convert Base64URL string to Uint8Array\n * @param base64url - Base64URL string to convert\n * @returns Uint8Array\n */\nexport function base64urlToUint8Array(base64url: string): Uint8Array {\n const base64 = base64url.replace(/-/g, '+').replace(/_/g, '/');\n const pad = base64.length % 4 ? 4 - (base64.length % 4) : 0;\n const padded = base64 + '='.repeat(pad);\n const binary = atob(padded);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\n/**\n * Convert ArrayBuffer to standard Base64 string (not URL-safe)\n * @param buffer - ArrayBuffer to convert\n * @returns Base64 encoded string\n */\nexport function arrayBufferToBase64(buffer: ArrayBuffer): string {\n const bytes = new Uint8Array(buffer);\n let binary = '';\n for (let i = 0; i < bytes.byteLength; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n}\n","/**\n * Storage abstraction layer for tokens and keyshares\n * Allows the core package to work in both browser and Node.js environments\n */\n\n/**\n * Storage interface for storing key-value pairs\n * Can be implemented for different storage backends (localStorage, Redis, memory, etc.)\n */\nexport interface TokenStorage {\n /**\n * Get item from storage\n * @param key - Storage key\n * @returns Value or null if not found\n */\n getItem(key: string): Promise<string | null> | string | null;\n\n /**\n * Set item in storage\n * @param key - Storage key\n * @param value - Value to store\n */\n setItem(key: string, value: string): Promise<void> | void;\n\n /**\n * Remove item from storage\n * @param key - Storage key\n */\n removeItem(key: string): Promise<void> | void;\n}\n\n/**\n * In-memory storage adapter\n * Useful for server-side usage where persistence is not required\n */\nexport class MemoryStorage implements TokenStorage {\n private storage = new Map<string, string>();\n\n getItem(key: string): string | null {\n return this.storage.get(key) || null;\n }\n\n setItem(key: string, value: string): void {\n this.storage.set(key, value);\n }\n\n removeItem(key: string): void {\n this.storage.delete(key);\n }\n\n /**\n * Clear all items from memory storage\n */\n clear(): void {\n this.storage.clear();\n }\n\n /**\n * Get all keys in storage\n */\n keys(): string[] {\n return Array.from(this.storage.keys());\n }\n\n /**\n * Get number of items in storage\n */\n get size(): number {\n return this.storage.size;\n }\n}\n\n/**\n * LocalStorage adapter for browser environments\n * Falls back to memory storage if localStorage is not available\n */\nexport class LocalStorageAdapter implements TokenStorage {\n private fallback: MemoryStorage | null = null;\n\n constructor() {\n // Check if localStorage is available\n if (!this.isLocalStorageAvailable()) {\n console.warn('[Storage] localStorage not available, falling back to memory storage');\n this.fallback = new MemoryStorage();\n }\n }\n\n private isLocalStorageAvailable(): boolean {\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const storage = win ? win.localStorage : undefined;\n if (!storage) {\n return false;\n }\n // Test if we can actually use localStorage (some browsers block it in private mode)\n const testKey = '__lumia_storage_test__';\n storage.setItem(testKey, 'test');\n storage.removeItem(testKey);\n return true;\n } catch {\n return false;\n }\n }\n\n getItem(key: string): string | null {\n if (this.fallback) {\n return this.fallback.getItem(key);\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n const value = win?.localStorage?.getItem(key) || null;\n return value;\n } catch (error) {\n console.error('[Storage] Error reading from localStorage:', error);\n return null;\n }\n }\n\n setItem(key: string, value: string): void {\n if (this.fallback) {\n this.fallback.setItem(key, value);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.setItem(key, value);\n } catch (error) {\n console.error('[Storage] Error writing to localStorage:', error);\n // Initialize fallback if localStorage fails\n if (!this.fallback) {\n this.fallback = new MemoryStorage();\n this.fallback.setItem(key, value);\n }\n }\n }\n\n removeItem(key: string): void {\n if (this.fallback) {\n this.fallback.removeItem(key);\n return;\n }\n try {\n // @ts-ignore - accessing global window object\n const win = typeof globalThis !== 'undefined' && (globalThis as any).window;\n win?.localStorage?.removeItem(key);\n } catch (error) {\n console.error('[Storage] Error removing from localStorage:', error);\n }\n }\n}\n\n/**\n * Keyshare storage interface (same as TokenStorage but with a different name for clarity)\n */\nexport interface KeyshareStorage extends TokenStorage {}\n\n/**\n * Helper to normalize storage operations to always be async\n * This allows mixing sync and async storage implementations\n */\nexport async function storageGet(\n storage: TokenStorage,\n key: string\n): Promise<string | null> {\n const result = storage.getItem(key);\n return result instanceof Promise ? await result : result;\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageSet(\n storage: TokenStorage,\n key: string,\n value: string\n): Promise<void> {\n const result = storage.setItem(key, value);\n if (result instanceof Promise) {\n await result;\n }\n}\n\n/**\n * Helper to normalize storage operations to always be async\n */\nexport async function storageRemove(\n storage: TokenStorage,\n key: string\n): Promise<void> {\n const result = storage.removeItem(key);\n if (result instanceof Promise) {\n await result;\n }\n}\n","/**\n * Project ID management for Lumia Passport Core\n * Adapted to work in both browser and Node.js environments\n */\n\nlet globalProjectId: string | undefined;\n\n/**\n * Set the global project ID\n * @param projectId - The project ID to set\n */\nexport function setProjectId(projectId: string): void {\n globalProjectId = projectId;\n}\n\n/**\n * Get the current project ID\n * Priority: 1. Explicitly set via setProjectId(), 2. window.__LUMIA_PROJECT_ID__ (browser only)\n */\nexport function getProjectId(): string | undefined {\n // First check explicitly set projectId\n if (globalProjectId) {\n return globalProjectId;\n }\n\n // Fallback to window global (browser only)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n return ((globalThis as any).window as any).__LUMIA_PROJECT_ID__;\n }\n\n return undefined;\n}\n\n/**\n * Add projectId to URL query parameters\n * @param url - The URL to add projectId to\n * @param projectId - Optional explicit projectId (uses getProjectId() if not provided)\n */\nexport function addProjectIdToUrl(url: string, projectId?: string): string {\n try {\n const pid = projectId || getProjectId();\n if (pid) {\n const separator = url.includes('?') ? '&' : '?';\n return `${url}${separator}projectId=${encodeURIComponent(pid)}`;\n }\n } catch (error) {\n // Silently fail and return original URL\n }\n return url;\n}\n\n/**\n * Clear the globally set project ID\n */\nexport function clearProjectId(): void {\n globalProjectId = undefined;\n}\n","/**\n * JWT Token Management\n * Adapted from lumia-passport-ui-kit/src/internal/auth/jwt.ts\n * Browser-specific features (passkey auth) remain in UI kit\n */\n\nimport type { TokenStorage } from './storage';\nimport { LocalStorageAdapter } from './storage';\nimport { addProjectIdToUrl } from '../utils/project-id';\n\n// Token storage keys\nconst TOKEN_STORAGE_KEY = 'lumia-passport-jwt-tokens';\nconst USER_ID_KEY = 'lumia-passport-current-user-id';\n\n// Build-time injected URLs (tsup.define)\ndeclare const __LUMIA_TSS_URL__: string;\ndeclare const __LUMIA_BUNDLER_URL__: string;\ndeclare const __LUMIA_SHARE_VAULT_URL__: string;\n\n// Service URL provider - will be set by config\nlet tssUrlProvider: (() => string) | undefined;\n\n/**\n * Configure JWT module with service URLs\n * Call this from createLumiaPassportCore (backend usage)\n */\nexport function configureJwtModule(config: {\n tssUrl?: string;\n projectId?: string;\n}) {\n if (config.tssUrl) {\n tssUrlProvider = () => config.tssUrl!;\n }\n // Note: projectId is now handled via addProjectIdToUrl from utils/project-id\n // which reads from window.__LUMIA_PROJECT_ID__ or can be set via setProjectId()\n}\n\n// Build-time default from .env (will be replaced by tsup define)\nconst BUILD_TSS_URL = (typeof __LUMIA_TSS_URL__ !== 'undefined' && __LUMIA_TSS_URL__) || '';\n\nfunction getTssUrl(): string {\n // Priority: runtime config > window.__LUMIA_SERVICES__ > build-time default > hardcoded fallback\n\n // 1. Runtime config (backend usage via configureJwtModule)\n if (tssUrlProvider) {\n return tssUrlProvider();\n }\n\n // 2. Browser runtime config from LumiaPassportProvider (window.__LUMIA_SERVICES__)\n if (typeof globalThis !== 'undefined' && (globalThis as any).window) {\n const services = ((globalThis as any).window as any).__LUMIA_SERVICES__;\n if (services?.tssUrl) {\n return services.tssUrl;\n }\n }\n\n // 3. Build-time injected default (from .env during pnpm build)\n if (BUILD_TSS_URL) {\n return BUILD_TSS_URL;\n }\n\n // 4. Hardcoded fallback\n return 'http://localhost:9256';\n}\n\n// addProjectIdToUrl is imported from '../utils/project-id'\n// It automatically reads from window.__LUMIA_PROJECT_ID__ or global setProjectId()\n\n// Types\nexport interface JwtTokens {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n expiresAt: number;\n hasKeyshare?: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface LoginResponse {\n accessToken: string;\n refreshToken: string;\n userId: string;\n expiresIn: number;\n hasKeyshare: boolean;\n isNewUser?: boolean;\n avatar?: string | null;\n displayName?: string | null;\n providers?: string[]; // List of connected auth providers (email, passkey, wallet, etc.)\n}\n\nexport interface RefreshResponse {\n accessToken: string;\n refreshToken: string;\n expiresIn: number;\n}\n\nexport interface VerifyResponse {\n valid: boolean;\n userId?: string;\n sessionId?: string;\n exp?: number;\n hasKeyshare?: boolean;\n displayName?: string | null;\n avatar?: string | null;\n}\n\n/**\n * JWT Token Manager\n * Handles token storage, refresh, and validation\n */\nexport class JwtTokenManager {\n private tokens: JwtTokens | null = null;\n private storage: TokenStorage;\n private refreshPromise: Promise<boolean> | null = null; // Mutex for refresh operations\n\n constructor(storage?: TokenStorage) {\n this.storage = storage || new LocalStorageAdapter();\n console.log('[JWT] JwtTokenManager initializing...');\n this.loadTokensFromStorage();\n }\n\n private async loadTokensFromStorage(): Promise<void> {\n try {\n const stored = await this.storage.getItem(TOKEN_STORAGE_KEY);\n console.log('[JWT] Loading tokens from storage:', !!stored);\n\n if (stored) {\n this.tokens = JSON.parse(stored);\n console.log('[JWT] Parsed tokens:', {\n hasAccessToken: !!this.tokens?.accessToken,\n hasRefreshToken: !!this.tokens?.refreshToken,\n userId: this.tokens?.userId,\n expiresAt: this.tokens?.expiresAt,\n currentTime: Date.now(),\n timeToExpiry: this.tokens?.expiresAt ? (this.tokens.expiresAt - Date.now()) / 1000 : 'N/A'\n });\n\n if (this.tokens && this.isTokenExpired()) {\n console.log('[JWT] Access token is expired');\n\n // Check if we have a refresh token to attempt renewal\n if (this.tokens.refreshToken) {\n console.log('[JWT] Refresh token available, will attempt renewal when needed');\n // Keep tokens - they will be refreshed on the first API call via ensureValidToken()\n } else {\n console.log('[JWT] No refresh token available, clearing tokens');\n await this.clearTokens();\n }\n } else {\n console.log('[JWT] Access token is valid, keeping tokens');\n }\n } else {\n console.log('[JWT] No tokens found in storage');\n }\n } catch (error) {\n console.error('[JWT] Error loading tokens from storage:', error);\n await this.clearTokens();\n }\n }\n\n private async saveTokensToStorage(): Promise<void> {\n try {\n if (this.tokens) {\n const tokenString = JSON.stringify(this.tokens);\n await this.storage.setItem(TOKEN_STORAGE_KEY, tokenString);\n await this.storage.setItem(USER_ID_KEY, this.tokens.userId);\n }\n } catch (error) {\n console.error('[JWT] Failed to save tokens to storage:', error);\n }\n }\n\n async setTokens(response: LoginResponse): Promise<void> {\n const expiresAt = Date.now() + response.expiresIn * 1000;\n this.tokens = {\n accessToken: response.accessToken,\n refreshToken: response.refreshToken,\n userId: response.userId,\n expiresIn: response.expiresIn,\n expiresAt,\n hasKeyshare: response.hasKeyshare,\n isNewUser: response.isNewUser,\n avatar: response.avatar ?? null,\n displayName: response.displayName ?? null,\n providers: response.providers ?? []\n };\n\n await this.saveTokensToStorage();\n }\n\n getAccessToken(): string | null {\n if (!this.tokens) return null;\n // Return access token even if expired - ensureValidToken() will handle refresh\n return this.tokens.accessToken;\n }\n\n getRefreshToken(): string | null {\n return this.tokens?.refreshToken || null;\n }\n\n getUserId(): string | null {\n return this.tokens?.userId || null;\n }\n\n getHasKeyshare(): boolean | null {\n return this.tokens?.hasKeyshare ?? null;\n }\n\n getAvatar(): string | null {\n return this.tokens?.avatar || null;\n }\n\n getDisplayName(): string | null {\n return this.tokens?.displayName || null;\n }\n\n getProviders(): string[] {\n return this.tokens?.providers ?? [];\n }\n\n getTokens(): JwtTokens | null {\n return this.tokens;\n }\n\n async updateKeyshareStatus(hasKeyshare: boolean): Promise<void> {\n if (this.tokens) {\n this.tokens.hasKeyshare = hasKeyshare;\n await this.saveTokensToStorage();\n }\n }\n\n async updateDisplayName(displayName: string | null): Promise<void> {\n if (this.tokens) {\n this.tokens.displayName = displayName;\n await this.saveTokensToStorage();\n }\n }\n\n isTokenExpired(): boolean {\n if (!this.tokens) {\n return true;\n }\n\n const buffer = 30 * 1000; // 30 seconds buffer\n const now = Date.now();\n const expiresAt = this.tokens.expiresAt;\n const isExpired = now > (expiresAt - buffer);\n\n return isExpired;\n }\n\n isAuthenticated(): boolean {\n // Consider authenticated if we have either valid access token OR refresh token\n if (!this.tokens) return false;\n\n if (!this.isTokenExpired()) {\n return !!this.tokens.accessToken;\n }\n\n // If access token is expired but we have refresh token, we're still authenticated\n return !!this.tokens.refreshToken;\n }\n\n async clearTokens(): Promise<void> {\n this.tokens = null;\n await this.storage.removeItem(TOKEN_STORAGE_KEY);\n await this.storage.removeItem(USER_ID_KEY);\n }\n\n async refreshAccessToken(): Promise<boolean> {\n // If refresh is already in progress, wait for it to complete\n if (this.refreshPromise) {\n console.log('[JWT] Refresh already in progress, waiting for existing operation...');\n return this.refreshPromise;\n }\n\n const refreshToken = this.getRefreshToken();\n if (!refreshToken) {\n console.warn('[JWT] No refresh token available for refresh');\n return false;\n }\n\n console.log('[JWT] Starting new token refresh operation...');\n\n // Create and store the refresh promise (mutex pattern)\n this.refreshPromise = (async () => {\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ refreshToken })\n });\n\n if (!response.ok) {\n console.log('[JWT] Token refresh failed with status:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] Refresh 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Refresh token session not found, clearing tokens');\n await this.clearTokens();\n return false;\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid refresh token, clearing tokens');\n await this.clearTokens();\n return false;\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse refresh 401 error response:', parseError);\n await this.clearTokens();\n return false;\n }\n } else {\n console.log('[JWT] Non-401 error during refresh, keeping tokens (might be network error)');\n return false;\n }\n }\n\n const refreshResponse = await response.json() as RefreshResponse;\n console.log('[JWT] Token refresh successful, new expiry in:', refreshResponse.expiresIn, 'seconds');\n\n if (this.tokens) {\n // Update both access and refresh tokens (token rotation)\n this.tokens.accessToken = refreshResponse.accessToken;\n this.tokens.refreshToken = refreshResponse.refreshToken;\n this.tokens.expiresIn = refreshResponse.expiresIn;\n this.tokens.expiresAt = Date.now() + refreshResponse.expiresIn * 1000;\n await this.saveTokensToStorage();\n console.log('[JWT] Refreshed tokens saved to storage');\n return true;\n }\n\n console.error('[JWT] No existing tokens to update');\n return false;\n } catch (error) {\n console.error('[JWT] Token refresh network error:', error);\n // Don't clear tokens on network errors - might be temporary\n return false;\n } finally {\n // Clear the mutex when operation completes (success or failure)\n this.refreshPromise = null;\n console.log('[JWT] Refresh operation completed, mutex cleared');\n }\n })();\n\n return this.refreshPromise;\n }\n\n getAuthHeader(): string | null {\n const token = this.getAccessToken();\n return token ? `Bearer ${token}` : null;\n }\n}\n\n// Default instance with LocalStorage\nexport const jwtTokenManager = new JwtTokenManager();\n\n/**\n * Create a custom JWT token manager with specific storage\n */\nexport function createJwtTokenManager(storage: TokenStorage): JwtTokenManager {\n return new JwtTokenManager(storage);\n}\n\n// Authentication functions\n\nexport async function logout(manager: JwtTokenManager = jwtTokenManager): Promise<void> {\n try {\n const authHeader = manager.getAuthHeader();\n if (authHeader) {\n await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/logout`), {\n method: 'POST',\n headers: {\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n },\n credentials: 'include'\n });\n }\n } catch (error) {\n console.error('[JWT] Logout error:', error);\n } finally {\n await manager.clearTokens();\n }\n}\n\nexport async function verifyToken(manager: JwtTokenManager = jwtTokenManager): Promise<VerifyResponse | null> {\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n console.log('[JWT] No auth header available for verification');\n return { valid: false };\n }\n\n try {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/verify`), {\n method: 'GET',\n headers: { Authorization: authHeader },\n credentials: 'include'\n });\n\n if (!response.ok) {\n console.log('[JWT] Token verification failed:', response.status);\n\n if (response.status === 401) {\n try {\n const errorData: any = await response.json();\n console.log('[JWT] 401 Error details:', errorData);\n\n // Handle backend error codes\n switch (errorData.error_code) {\n case 'TOKEN_EXPIRED':\n console.log('[JWT] Access token expired, attempting refresh...');\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n console.log('[JWT] Token refreshed successfully, retrying verification');\n return await verifyToken(manager);\n } else {\n console.log('[JWT] Token refresh failed, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n\n case 'SESSION_NOT_FOUND':\n console.log('[JWT] Session not found or revoked, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n\n case 'INVALID_TOKEN':\n default:\n console.log('[JWT] Invalid token, clearing tokens');\n await manager.clearTokens();\n return { valid: false };\n }\n } catch (parseError) {\n console.warn('[JWT] Could not parse 401 error response:', parseError);\n await manager.clearTokens();\n return { valid: false };\n }\n } else {\n console.log('[JWT] Non-401 error during verification, keeping tokens');\n return { valid: false };\n }\n }\n\n const verifyResponse = await response.json() as VerifyResponse;\n console.log('[JWT] Token verification successful:', verifyResponse);\n\n if (verifyResponse.valid) {\n if (typeof verifyResponse.hasKeyshare === 'boolean') {\n await manager.updateKeyshareStatus(verifyResponse.hasKeyshare);\n }\n // Update displayName and avatar if present\n if (manager.getTokens()) {\n if (verifyResponse.displayName !== undefined) {\n await manager.updateDisplayName(verifyResponse.displayName);\n }\n // Avatar update would need similar method\n }\n }\n\n return verifyResponse;\n } catch (error) {\n console.error('[JWT] Token verification network error:', error);\n return { valid: false };\n }\n}\n\nexport async function ensureValidToken(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n // Check if current access token is valid (not expired)\n if (manager.isAuthenticated() && !manager.isTokenExpired()) {\n return true;\n }\n\n console.log('[JWT] Access token expired or missing, attempting refresh...');\n\n // Try to refresh using refresh token\n const refreshToken = manager.getRefreshToken();\n if (refreshToken) {\n console.log('[JWT] Refresh token available, attempting to refresh access token');\n const refreshSuccess = await manager.refreshAccessToken();\n console.log('[JWT] Refresh attempt result:', refreshSuccess);\n return refreshSuccess;\n }\n\n console.log('[JWT] No refresh token available, user needs to re-authenticate');\n return false;\n}\n\n/**\n * Get current tokens, automatically refreshing them if expired\n * Recommended for integrators who need fresh tokens for backend validation via JWK\n *\n * @returns Current tokens if valid or successfully refreshed, null if refresh failed\n * @example\n * ```ts\n * // Get fresh tokens for backend validation\n * const tokens = await getValidTokens();\n * if (tokens) {\n * // Send accessToken to your backend for JWK signature verification\n * console.log('Access Token:', tokens.accessToken);\n * console.log('User ID:', tokens.userId);\n * } else {\n * // Token refresh failed, user needs to re-authenticate\n * console.log('Please login again');\n * }\n * ```\n */\nexport async function getValidTokens(manager: JwtTokenManager = jwtTokenManager): Promise<JwtTokens | null> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n return null;\n }\n return manager.getTokens();\n}\n\nexport async function authenticatedFetch(\n url: string,\n options: RequestInit = {},\n manager: JwtTokenManager = jwtTokenManager\n): Promise<Response> {\n const hasValidToken = await ensureValidToken(manager);\n if (!hasValidToken) {\n throw new Error('No valid authentication token available');\n }\n\n const authHeader = manager.getAuthHeader();\n if (!authHeader) {\n throw new Error('Failed to get authentication header');\n }\n\n const urlWithProjectId = addProjectIdToUrl(url);\n const requestOptions: RequestInit = {\n ...options,\n headers: {\n ...options.headers,\n Authorization: authHeader,\n 'Content-Type': 'application/json'\n }\n };\n\n const response = await fetch(urlWithProjectId, requestOptions);\n\n // Handle 401 by attempting token refresh\n if (response.status === 401) {\n const refreshSuccess = await manager.refreshAccessToken();\n if (refreshSuccess) {\n const newAuthHeader = manager.getAuthHeader();\n if (newAuthHeader) {\n requestOptions.headers = {\n ...requestOptions.headers,\n Authorization: newAuthHeader\n };\n return fetch(urlWithProjectId, requestOptions);\n }\n }\n }\n\n return response;\n}\n\n// Login functions (non-passkey)\n\nexport async function loginWithUserId(userId: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ userId })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Login failed');\n throw new Error(`Login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithEmail(email: string, code: string, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/email/verify-code`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify({ email, code })\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Email verification failed');\n throw new Error(`Email verification failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function loginWithTelegram(telegramData: {\n id: number;\n first_name: string;\n last_name?: string;\n username?: string;\n photo_url?: string;\n auth_date: number;\n hash: string;\n}, options?: { skipTokenSave?: boolean }): Promise<LoginResponse> {\n const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/telegram/login`), {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n credentials: 'include',\n body: JSON.stringify(telegramData)\n });\n\n if (!response.ok) {\n const errorText = await response.text().catch(() => 'Telegram login failed');\n throw new Error(`Telegram login failed: ${response.status} ${errorText}`);\n }\n\n const loginResponse = await response.json() as LoginResponse;\n if (!options?.skipTokenSave) {\n await jwtTokenManager.setTokens(loginResponse);\n }\n return loginResponse;\n}\n\nexport async function syncKeyshareStatus(manager: JwtTokenManager = jwtTokenManager): Promise<boolean> {\n try {\n const verification = await verifyToken(manager);\n if (verification?.valid && typeof verification.hasKeyshare === 'boolean') {\n return verification.hasKeyshare;\n }\n return false;\n } catch {\n return false;\n }\n}\n"]}
package/dist/auth/index.d.cts CHANGED
@@ -188,6 +188,26 @@ declare function createJwtTokenManager(storage: TokenStorage): JwtTokenManager;
188
188
  declare function logout(manager?: JwtTokenManager): Promise<void>;
189
189
  declare function verifyToken(manager?: JwtTokenManager): Promise<VerifyResponse | null>;
190
190
  declare function ensureValidToken(manager?: JwtTokenManager): Promise<boolean>;
191
+ /**
192
+ * Get current tokens, automatically refreshing them if expired
193
+ * Recommended for integrators who need fresh tokens for backend validation via JWK
194
+ *
195
+ * @returns Current tokens if valid or successfully refreshed, null if refresh failed
196
+ * @example
197
+ * ```ts
198
+ * // Get fresh tokens for backend validation
199
+ * const tokens = await getValidTokens();
200
+ * if (tokens) {
201
+ * // Send accessToken to your backend for JWK signature verification
202
+ * console.log('Access Token:', tokens.accessToken);
203
+ * console.log('User ID:', tokens.userId);
204
+ * } else {
205
+ * // Token refresh failed, user needs to re-authenticate
206
+ * console.log('Please login again');
207
+ * }
208
+ * ```
209
+ */
210
+ declare function getValidTokens(manager?: JwtTokenManager): Promise<JwtTokens | null>;
191
211
  declare function authenticatedFetch(url: string, options?: RequestInit, manager?: JwtTokenManager): Promise<Response>;
192
212
  declare function loginWithUserId(userId: string, options?: {
193
213
  skipTokenSave?: boolean;
@@ -208,4 +228,4 @@ declare function loginWithTelegram(telegramData: {
208
228
  }): Promise<LoginResponse>;
209
229
  declare function syncKeyshareStatus(manager?: JwtTokenManager): Promise<boolean>;
210
230
 
211
- export { JwtTokenManager, type JwtTokens, type KeyshareStorage, LocalStorageAdapter, type LoginResponse, MemoryStorage, type RefreshResponse, type TokenStorage, type VerifyResponse, arrayBufferToBase64, arrayBufferToBase64url, authenticatedFetch, base64urlToUint8Array, configureJwtModule, createJwtTokenManager, ensureValidToken, jwtTokenManager, loginWithEmail, loginWithTelegram, loginWithUserId, logout, storageGet, storageRemove, storageSet, syncKeyshareStatus, verifyToken };
231
+ export { JwtTokenManager, type JwtTokens, type KeyshareStorage, LocalStorageAdapter, type LoginResponse, MemoryStorage, type RefreshResponse, type TokenStorage, type VerifyResponse, arrayBufferToBase64, arrayBufferToBase64url, authenticatedFetch, base64urlToUint8Array, configureJwtModule, createJwtTokenManager, ensureValidToken, getValidTokens, jwtTokenManager, loginWithEmail, loginWithTelegram, loginWithUserId, logout, storageGet, storageRemove, storageSet, syncKeyshareStatus, verifyToken };
package/dist/auth/index.d.ts CHANGED
@@ -188,6 +188,26 @@ declare function createJwtTokenManager(storage: TokenStorage): JwtTokenManager;
188
188
  declare function logout(manager?: JwtTokenManager): Promise<void>;
189
189
  declare function verifyToken(manager?: JwtTokenManager): Promise<VerifyResponse | null>;
190
190
  declare function ensureValidToken(manager?: JwtTokenManager): Promise<boolean>;
191
+ /**
192
+ * Get current tokens, automatically refreshing them if expired
193
+ * Recommended for integrators who need fresh tokens for backend validation via JWK
194
+ *
195
+ * @returns Current tokens if valid or successfully refreshed, null if refresh failed
196
+ * @example
197
+ * ```ts
198
+ * // Get fresh tokens for backend validation
199
+ * const tokens = await getValidTokens();
200
+ * if (tokens) {
201
+ * // Send accessToken to your backend for JWK signature verification
202
+ * console.log('Access Token:', tokens.accessToken);
203
+ * console.log('User ID:', tokens.userId);
204
+ * } else {
205
+ * // Token refresh failed, user needs to re-authenticate
206
+ * console.log('Please login again');
207
+ * }
208
+ * ```
209
+ */
210
+ declare function getValidTokens(manager?: JwtTokenManager): Promise<JwtTokens | null>;
191
211
  declare function authenticatedFetch(url: string, options?: RequestInit, manager?: JwtTokenManager): Promise<Response>;
192
212
  declare function loginWithUserId(userId: string, options?: {
193
213
  skipTokenSave?: boolean;
@@ -208,4 +228,4 @@ declare function loginWithTelegram(telegramData: {
208
228
  }): Promise<LoginResponse>;
209
229
  declare function syncKeyshareStatus(manager?: JwtTokenManager): Promise<boolean>;
210
230
 
211
- export { JwtTokenManager, type JwtTokens, type KeyshareStorage, LocalStorageAdapter, type LoginResponse, MemoryStorage, type RefreshResponse, type TokenStorage, type VerifyResponse, arrayBufferToBase64, arrayBufferToBase64url, authenticatedFetch, base64urlToUint8Array, configureJwtModule, createJwtTokenManager, ensureValidToken, jwtTokenManager, loginWithEmail, loginWithTelegram, loginWithUserId, logout, storageGet, storageRemove, storageSet, syncKeyshareStatus, verifyToken };
231
+ export { JwtTokenManager, type JwtTokens, type KeyshareStorage, LocalStorageAdapter, type LoginResponse, MemoryStorage, type RefreshResponse, type TokenStorage, type VerifyResponse, arrayBufferToBase64, arrayBufferToBase64url, authenticatedFetch, base64urlToUint8Array, configureJwtModule, createJwtTokenManager, ensureValidToken, getValidTokens, jwtTokenManager, loginWithEmail, loginWithTelegram, loginWithUserId, logout, storageGet, storageRemove, storageSet, syncKeyshareStatus, verifyToken };
package/dist/auth/index.js CHANGED
@@ -326,6 +326,7 @@ var JwtTokenManager = class {
326
326
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/refresh`), {
327
327
  method: "POST",
328
328
  headers: { "Content-Type": "application/json" },
329
+ credentials: "include",
329
330
  body: JSON.stringify({ refreshToken })
330
331
  });
331
332
  if (!response.ok) {
@@ -396,7 +397,8 @@ async function logout(manager = jwtTokenManager) {
396
397
  headers: {
397
398
  Authorization: authHeader,
398
399
  "Content-Type": "application/json"
399
- }
400
+ },
401
+ credentials: "include"
400
402
  });
401
403
  }
402
404
  } catch (error) {
@@ -414,7 +416,8 @@ async function verifyToken(manager = jwtTokenManager) {
414
416
  try {
415
417
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/verify`), {
416
418
  method: "GET",
417
- headers: { Authorization: authHeader }
419
+ headers: { Authorization: authHeader },
420
+ credentials: "include"
418
421
  });
419
422
  if (!response.ok) {
420
423
  console.log("[JWT] Token verification failed:", response.status);
@@ -487,6 +490,13 @@ async function ensureValidToken(manager = jwtTokenManager) {
487
490
  console.log("[JWT] No refresh token available, user needs to re-authenticate");
488
491
  return false;
489
492
  }
493
+ async function getValidTokens(manager = jwtTokenManager) {
494
+ const hasValidToken = await ensureValidToken(manager);
495
+ if (!hasValidToken) {
496
+ return null;
497
+ }
498
+ return manager.getTokens();
499
+ }
490
500
  async function authenticatedFetch(url, options = {}, manager = jwtTokenManager) {
491
501
  const hasValidToken = await ensureValidToken(manager);
492
502
  if (!hasValidToken) {
@@ -525,6 +535,7 @@ async function loginWithUserId(userId, options) {
525
535
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/login`), {
526
536
  method: "POST",
527
537
  headers: { "Content-Type": "application/json" },
538
+ credentials: "include",
528
539
  body: JSON.stringify({ userId })
529
540
  });
530
541
  if (!response.ok) {
@@ -541,6 +552,7 @@ async function loginWithEmail(email, code, options) {
541
552
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/email/verify-code`), {
542
553
  method: "POST",
543
554
  headers: { "Content-Type": "application/json" },
555
+ credentials: "include",
544
556
  body: JSON.stringify({ email, code })
545
557
  });
546
558
  if (!response.ok) {
@@ -557,6 +569,7 @@ async function loginWithTelegram(telegramData, options) {
557
569
  const response = await fetch(addProjectIdToUrl(`${getTssUrl()}/api/auth/telegram/login`), {
558
570
  method: "POST",
559
571
  headers: { "Content-Type": "application/json" },
572
+ credentials: "include",
560
573
  body: JSON.stringify(telegramData)
561
574
  });
562
575
  if (!response.ok) {
@@ -581,6 +594,6 @@ async function syncKeyshareStatus(manager = jwtTokenManager) {
581
594
  }
582
595
  }
583
596
 
584
- export { JwtTokenManager, LocalStorageAdapter, MemoryStorage, arrayBufferToBase64, arrayBufferToBase64url, authenticatedFetch, base64urlToUint8Array, configureJwtModule, createJwtTokenManager, ensureValidToken, jwtTokenManager, loginWithEmail, loginWithTelegram, loginWithUserId, logout, storageGet, storageRemove, storageSet, syncKeyshareStatus, verifyToken };
597
+ export { JwtTokenManager, LocalStorageAdapter, MemoryStorage, arrayBufferToBase64, arrayBufferToBase64url, authenticatedFetch, base64urlToUint8Array, configureJwtModule, createJwtTokenManager, ensureValidToken, getValidTokens, jwtTokenManager, loginWithEmail, loginWithTelegram, loginWithUserId, logout, storageGet, storageRemove, storageSet, syncKeyshareStatus, verifyToken };
585
598
  //# sourceMappingURL=index.js.map
586
599
  //# sourceMappingURL=index.js.map