@medplum/core 0.4.0 → 0.5.1

package/dist/esm/index.js

@@ -21,42 +21,59 @@ function __awaiter(thisArg, _arguments, P, generator) {
         function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
+}
+
+function __classPrivateFieldGet(receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+}
+
+function __classPrivateFieldSet(receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
 }
 
+var _LRUCache_instances, _LRUCache_max, _LRUCache_cache, _LRUCache_first;
 /**
  * LRU cache (least recently used)
  * Source: https://stackoverflow.com/a/46432113
  */
 class LRUCache {
     constructor(max = 10) {
-        this.max = max;
-        this.cache = new Map();
+        _LRUCache_instances.add(this);
+        _LRUCache_max.set(this, void 0);
+        _LRUCache_cache.set(this, void 0);
+        __classPrivateFieldSet(this, _LRUCache_max, max, "f");
+        __classPrivateFieldSet(this, _LRUCache_cache, new Map(), "f");
     }
     clear() {
-        this.cache.clear();
+        __classPrivateFieldGet(this, _LRUCache_cache, "f").clear();
     }
     get(key) {
-        const item = this.cache.get(key);
+        const item = __classPrivateFieldGet(this, _LRUCache_cache, "f").get(key);
         if (item) {
-            this.cache.delete(key);
-            this.cache.set(key, item);
+            __classPrivateFieldGet(this, _LRUCache_cache, "f").delete(key);
+            __classPrivateFieldGet(this, _LRUCache_cache, "f").set(key, item);
         }
         return item;
     }
     set(key, val) {
-        if (this.cache.has(key)) {
-            this.cache.delete(key);
+        if (__classPrivateFieldGet(this, _LRUCache_cache, "f").has(key)) {
+            __classPrivateFieldGet(this, _LRUCache_cache, "f").delete(key);
         }
-        else if (this.cache.size >= this.max) {
-            this.cache.delete(this.first());
+        else if (__classPrivateFieldGet(this, _LRUCache_cache, "f").size >= __classPrivateFieldGet(this, _LRUCache_max, "f")) {
+            __classPrivateFieldGet(this, _LRUCache_cache, "f").delete(__classPrivateFieldGet(this, _LRUCache_instances, "m", _LRUCache_first).call(this));
         }
-        this.cache.set(key, val);
-    }
-    first() {
-        // This works because the Map class maintains ordered keys.
-        return this.cache.keys().next().value;
+        __classPrivateFieldGet(this, _LRUCache_cache, "f").set(key, val);
     }
-}
+}
+_LRUCache_max = new WeakMap(), _LRUCache_cache = new WeakMap(), _LRUCache_instances = new WeakSet(), _LRUCache_first = function _LRUCache_first() {
+    // This works because the Map class maintains ordered keys.
+    return __classPrivateFieldGet(this, _LRUCache_cache, "f").keys().next().value;
+};
 
 function formatAddress(address, options) {
     const builder = [];
@@ -125,6 +142,15 @@ function createReference(resource) {
 function getReferenceString(resource) {
     return resource.resourceType + '/' + resource.id;
 }
+/**
+ * Returns the ID portion of a reference.
+ * @param reference A FHIR reference.
+ * @returns The ID portion of a reference.
+ */
+function resolveId(reference) {
+    var _a;
+    return (_a = reference === null || reference === void 0 ? void 0 : reference.reference) === null || _a === void 0 ? void 0 : _a.split('/')[1];
+}
 /**
  * Returns true if the resource is a "ProfileResource".
  * @param resource The FHIR resource.
@@ -347,18 +373,20 @@ function encryptSHA256(str) {
 /*
  * Based on: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget
  */
+var _EventTarget_listeners;
 class EventTarget {
     constructor() {
-        this.listeners = {};
+        _EventTarget_listeners.set(this, void 0);
+        __classPrivateFieldSet(this, _EventTarget_listeners, {}, "f");
     }
     addEventListener(type, callback) {
-        if (!this.listeners[type]) {
-            this.listeners[type] = [];
+        if (!__classPrivateFieldGet(this, _EventTarget_listeners, "f")[type]) {
+            __classPrivateFieldGet(this, _EventTarget_listeners, "f")[type] = [];
         }
-        this.listeners[type].push(callback);
+        __classPrivateFieldGet(this, _EventTarget_listeners, "f")[type].push(callback);
     }
     removeEventListeneer(type, callback) {
-        const array = this.listeners[type];
+        const array = __classPrivateFieldGet(this, _EventTarget_listeners, "f")[type];
         if (!array) {
             return;
         }
@@ -370,13 +398,14 @@ class EventTarget {
         }
     }
     dispatchEvent(event) {
-        const array = this.listeners[event.type];
+        const array = __classPrivateFieldGet(this, _EventTarget_listeners, "f")[event.type];
         if (array) {
             array.forEach((listener) => listener.call(this, event));
         }
         return !event.defaultPrevented;
     }
-}
+}
+_EventTarget_listeners = new WeakMap();
 
 /**
  * Decodes a section of a JWT.
@@ -609,13 +638,17 @@ const PREFIX_OPERATORS = [
  * @returns Parsed search definition.
  */
 function parseSearchDefinition(location) {
-    const resourceType = location.pathname.split('/').pop();
+    const resourceType = location.pathname
+        .replace(/(^\/)|(\/$)/g, '') // Remove leading and trailing slashes
+        .split('/')
+        .pop();
     const params = new URLSearchParams(location.search);
-    const filters = [];
-    const sortRules = [];
-    let fields;
-    let page = 0;
-    let count = 10;
+    let filters = undefined;
+    let sortRules = undefined;
+    let fields = undefined;
+    let page = undefined;
+    let count = undefined;
+    let total = undefined;
     params.forEach((value, key) => {
         if (key === '_fields') {
             fields = value.split(',');
@@ -626,10 +659,15 @@ function parseSearchDefinition(location) {
         else if (key === '_count') {
             count = parseInt(value);
         }
+        else if (key === '_total') {
+            total = value;
+        }
         else if (key === '_sort') {
+            sortRules = sortRules || [];
             sortRules.push(parseSortRule(value));
         }
         else {
+            filters = filters || [];
             filters.push(parseSearchFilter(key, value));
         }
     });
@@ -639,6 +677,7 @@ function parseSearchDefinition(location) {
         fields,
         page,
         count,
+        total,
         sortRules,
     };
 }
@@ -707,13 +746,9 @@ function formatSearchQuery(definition) {
         params.push('_fields=' + definition.fields.join(','));
     }
     if (definition.filters) {
-        definition.filters.forEach((filter) => {
-            const modifier = MODIFIER_OPERATORS.includes(filter.operator) ? ':' + filter.operator : '';
-            const prefix = PREFIX_OPERATORS.includes(filter.operator) ? filter.operator : '';
-            params.push(`${filter.code}${modifier}=${prefix}${encodeURIComponent(filter.value)}`);
-        });
+        definition.filters.forEach((filter) => params.push(formatFilter(filter)));
     }
-    if (definition.sortRules) {
+    if (definition.sortRules && definition.sortRules.length > 0) {
         params.push(formatSortRules(definition.sortRules));
     }
     if (definition.page && definition.page > 0) {
@@ -722,12 +757,20 @@ function formatSearchQuery(definition) {
     if (definition.count && definition.count > 0) {
         params.push('_count=' + definition.count);
     }
+    if (definition.total) {
+        params.push('_total=' + encodeURIComponent(definition.total));
+    }
     if (params.length === 0) {
         return '';
     }
     params.sort();
     return '?' + params.join('&');
 }
+function formatFilter(filter) {
+    const modifier = MODIFIER_OPERATORS.includes(filter.operator) ? ':' + filter.operator : '';
+    const prefix = PREFIX_OPERATORS.includes(filter.operator) ? filter.operator : '';
+    return `${filter.code}${modifier}=${prefix}${encodeURIComponent(filter.value)}`;
+}
 function formatSortRules(sortRules) {
     if (!sortRules || sortRules.length === 0) {
         return '';
@@ -735,6 +778,7 @@ function formatSortRules(sortRules) {
     return '_sort=' + sortRules.map((sr) => (sr.descending ? '-' + sr.code : sr.code)).join(',');
 }
 
+var _ClientStorage_storage, _MemoryStorage_data;
 /**
  * The ClientStorage class is a utility class for storing strings and objects.
  *
@@ -744,20 +788,21 @@ function formatSortRules(sortRules) {
  */
 class ClientStorage {
     constructor() {
-        this.storage = typeof localStorage !== 'undefined' ? localStorage : new MemoryStorage();
+        _ClientStorage_storage.set(this, void 0);
+        __classPrivateFieldSet(this, _ClientStorage_storage, typeof localStorage !== 'undefined' ? localStorage : new MemoryStorage(), "f");
     }
     clear() {
-        this.storage.clear();
+        __classPrivateFieldGet(this, _ClientStorage_storage, "f").clear();
     }
     getString(key) {
-        return this.storage.getItem(key) || undefined;
+        return __classPrivateFieldGet(this, _ClientStorage_storage, "f").getItem(key) || undefined;
     }
     setString(key, value) {
         if (value) {
-            this.storage.setItem(key, value);
+            __classPrivateFieldGet(this, _ClientStorage_storage, "f").setItem(key, value);
         }
         else {
-            this.storage.removeItem(key);
+            __classPrivateFieldGet(this, _ClientStorage_storage, "f").removeItem(key);
         }
     }
     getObject(key) {
@@ -768,56 +813,59 @@ class ClientStorage {
         this.setString(key, value ? stringify(value) : undefined);
     }
 }
+_ClientStorage_storage = new WeakMap();
 /**
  * The MemoryStorage class is a minimal in-memory implementation of the Storage interface.
  */
 class MemoryStorage {
     constructor() {
-        this.data = new Map();
+        _MemoryStorage_data.set(this, void 0);
+        __classPrivateFieldSet(this, _MemoryStorage_data, new Map(), "f");
     }
     /**
      * Returns the number of key/value pairs.
      */
     get length() {
-        return this.data.size;
+        return __classPrivateFieldGet(this, _MemoryStorage_data, "f").size;
     }
     /**
      * Removes all key/value pairs, if there are any.
      */
     clear() {
-        this.data.clear();
+        __classPrivateFieldGet(this, _MemoryStorage_data, "f").clear();
     }
     /**
      * Returns the current value associated with the given key, or null if the given key does not exist.
      */
     getItem(key) {
         var _a;
-        return (_a = this.data.get(key)) !== null && _a !== void 0 ? _a : null;
+        return (_a = __classPrivateFieldGet(this, _MemoryStorage_data, "f").get(key)) !== null && _a !== void 0 ? _a : null;
     }
     /**
      * Sets the value of the pair identified by key to value, creating a new key/value pair if none existed for key previously.
      */
     setItem(key, value) {
         if (value) {
-            this.data.set(key, value);
+            __classPrivateFieldGet(this, _MemoryStorage_data, "f").set(key, value);
         }
         else {
-            this.data.delete(key);
+            __classPrivateFieldGet(this, _MemoryStorage_data, "f").delete(key);
         }
     }
     /**
      * Removes the key/value pair with the given key, if a key/value pair with the given key exists.
      */
     removeItem(key) {
-        this.data.delete(key);
+        __classPrivateFieldGet(this, _MemoryStorage_data, "f").delete(key);
     }
     /**
      * Returns the name of the nth key, or null if n is greater than or equal to the number of key/value pairs.
      */
     key(index) {
-        return Array.from(this.data.keys())[index];
+        return Array.from(__classPrivateFieldGet(this, _MemoryStorage_data, "f").keys())[index];
     }
-}
+}
+_MemoryStorage_data = new WeakMap();
 
 /**
  * List of property types.
@@ -894,6 +942,21 @@ var PropertyType;
 function createSchema() {
     return { types: {} };
 }
+function createTypeSchema(typeName, description) {
+    return {
+        display: typeName,
+        description,
+        properties: {},
+        searchParams: {
+            _lastUpdated: {
+                base: [typeName],
+                code: '_lastUpdated',
+                type: 'date',
+                expression: typeName + '.meta.lastUpdated',
+            },
+        },
+    };
+}
 /**
  * Indexes a StructureDefinition for fast lookup.
  * See comments on IndexedStructureDefinition for more details.
@@ -906,11 +969,7 @@ function indexStructureDefinition(schema, structureDefinition) {
     if (!typeName) {
         return;
     }
-    schema.types[typeName] = {
-        display: typeName,
-        description: structureDefinition.description,
-        properties: {},
-    };
+    schema.types[typeName] = createTypeSchema(typeName, structureDefinition.description);
     const elements = (_a = structureDefinition.snapshot) === null || _a === void 0 ? void 0 : _a.element;
     if (elements) {
         // Filter out any elements missing path or type
@@ -938,12 +997,8 @@ function indexType(schema, element) {
     const parts = path.split('.');
     const typeName = buildTypeName(parts);
     if (!(typeName in schema.types)) {
-        schema.types[typeName] = {
-            display: typeName,
-            description: element.definition,
-            parentType: buildTypeName(parts.slice(0, parts.length - 1)),
-            properties: {},
-        };
+        schema.types[typeName] = createTypeSchema(typeName, element.definition);
+        schema.types[typeName].parentType = buildTypeName(parts.slice(0, parts.length - 1));
     }
 }
 /**
@@ -991,6 +1046,10 @@ function getPropertyDisplayName(property) {
     // For example, for path "Patient.birthDate"
     // the property name is "birthDate"
     const propertyName = property.path.replaceAll('[x]', '').split('.').pop();
+    // Special case for ID
+    if (propertyName === 'id') {
+        return 'ID';
+    }
     // Split by capital letters
     // Capitalize the first letter of each word
     // Join together with spaces in between
@@ -1006,6 +1065,8 @@ function getPropertyDisplayName(property) {
 }
 
 // PKCE auth ased on:
+// https://aws.amazon.com/blogs/security/how-to-add-authentication-single-page-web-application-with-amazon-cognito-oauth2-implementation/
+var _MedplumClient_instances, _MedplumClient_fetch, _MedplumClient_storage, _MedplumClient_schema, _MedplumClient_resourceCache, _MedplumClient_baseUrl, _MedplumClient_clientId, _MedplumClient_authorizeUrl, _MedplumClient_tokenUrl, _MedplumClient_logoutUrl, _MedplumClient_onUnauthenticated, _MedplumClient_accessToken, _MedplumClient_refreshToken, _MedplumClient_refreshPromise, _MedplumClient_profilePromise, _MedplumClient_profile, _MedplumClient_config, _MedplumClient_addLogin, _MedplumClient_refreshProfile, _MedplumClient_request, _MedplumClient_buildFetchOptions, _MedplumClient_handleUnauthenticated, _MedplumClient_startPkce, _MedplumClient_requestAuthorization, _MedplumClient_refresh, _MedplumClient_fetchTokens, _MedplumClient_verifyTokens, _MedplumClient_setupStorageListener;
 const DEFAULT_BASE_URL = 'https://api.medplum.com/';
 const DEFAULT_SCOPE = 'launch/patient openid fhirUser offline_access user/*.*';
 const DEFAULT_RESOURCE_CACHE_SIZE = 1000;
@@ -1016,6 +1077,23 @@ class MedplumClient extends EventTarget {
     constructor(options) {
         var _a;
         super();
+        _MedplumClient_instances.add(this);
+        _MedplumClient_fetch.set(this, void 0);
+        _MedplumClient_storage.set(this, void 0);
+        _MedplumClient_schema.set(this, void 0);
+        _MedplumClient_resourceCache.set(this, void 0);
+        _MedplumClient_baseUrl.set(this, void 0);
+        _MedplumClient_clientId.set(this, void 0);
+        _MedplumClient_authorizeUrl.set(this, void 0);
+        _MedplumClient_tokenUrl.set(this, void 0);
+        _MedplumClient_logoutUrl.set(this, void 0);
+        _MedplumClient_onUnauthenticated.set(this, void 0);
+        _MedplumClient_accessToken.set(this, void 0);
+        _MedplumClient_refreshToken.set(this, void 0);
+        _MedplumClient_refreshPromise.set(this, void 0);
+        _MedplumClient_profilePromise.set(this, void 0);
+        _MedplumClient_profile.set(this, void 0);
+        _MedplumClient_config.set(this, void 0);
         if (options === null || options === void 0 ? void 0 : options.baseUrl) {
             if (!options.baseUrl.startsWith('http')) {
                 throw new Error('Base URL must start with http or https');
@@ -1024,39 +1102,47 @@ class MedplumClient extends EventTarget {
                 throw new Error('Base URL must end with a trailing slash');
             }
         }
-        this.fetch = (options === null || options === void 0 ? void 0 : options.fetch) || window.fetch.bind(window);
-        this.storage = new ClientStorage();
-        this.schema = createSchema();
-        this.resourceCache = new LRUCache((_a = options === null || options === void 0 ? void 0 : options.resourceCacheSize) !== null && _a !== void 0 ? _a : DEFAULT_RESOURCE_CACHE_SIZE);
-        this.baseUrl = (options === null || options === void 0 ? void 0 : options.baseUrl) || DEFAULT_BASE_URL;
-        this.clientId = (options === null || options === void 0 ? void 0 : options.clientId) || '';
-        this.authorizeUrl = (options === null || options === void 0 ? void 0 : options.authorizeUrl) || this.baseUrl + 'oauth2/authorize';
-        this.tokenUrl = (options === null || options === void 0 ? void 0 : options.tokenUrl) || this.baseUrl + 'oauth2/token';
-        this.logoutUrl = (options === null || options === void 0 ? void 0 : options.logoutUrl) || this.baseUrl + 'oauth2/logout';
-        this.onUnauthenticated = options === null || options === void 0 ? void 0 : options.onUnauthenticated;
-        this.loading = false;
-        this.refreshProfile().catch(console.log);
-        this.setupStorageListener();
+        __classPrivateFieldSet(this, _MedplumClient_fetch, (options === null || options === void 0 ? void 0 : options.fetch) || window.fetch.bind(window), "f");
+        __classPrivateFieldSet(this, _MedplumClient_storage, new ClientStorage(), "f");
+        __classPrivateFieldSet(this, _MedplumClient_schema, createSchema(), "f");
+        __classPrivateFieldSet(this, _MedplumClient_resourceCache, new LRUCache((_a = options === null || options === void 0 ? void 0 : options.resourceCacheSize) !== null && _a !== void 0 ? _a : DEFAULT_RESOURCE_CACHE_SIZE), "f");
+        __classPrivateFieldSet(this, _MedplumClient_baseUrl, (options === null || options === void 0 ? void 0 : options.baseUrl) || DEFAULT_BASE_URL, "f");
+        __classPrivateFieldSet(this, _MedplumClient_clientId, (options === null || options === void 0 ? void 0 : options.clientId) || '', "f");
+        __classPrivateFieldSet(this, _MedplumClient_authorizeUrl, (options === null || options === void 0 ? void 0 : options.authorizeUrl) || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/authorize', "f");
+        __classPrivateFieldSet(this, _MedplumClient_tokenUrl, (options === null || options === void 0 ? void 0 : options.tokenUrl) || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/token', "f");
+        __classPrivateFieldSet(this, _MedplumClient_logoutUrl, (options === null || options === void 0 ? void 0 : options.logoutUrl) || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/logout', "f");
+        __classPrivateFieldSet(this, _MedplumClient_onUnauthenticated, options === null || options === void 0 ? void 0 : options.onUnauthenticated, "f");
+        const activeLogin = this.getActiveLogin();
+        if (activeLogin) {
+            __classPrivateFieldSet(this, _MedplumClient_accessToken, activeLogin.accessToken, "f");
+            __classPrivateFieldSet(this, _MedplumClient_refreshToken, activeLogin.refreshToken, "f");
+            __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_refreshProfile).call(this).catch(console.log);
+        }
+        __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_setupStorageListener).call(this);
     }
     /**
      * Clears all auth state including local storage and session storage.
      */
     clear() {
-        this.storage.clear();
-        this.resourceCache.clear();
+        __classPrivateFieldGet(this, _MedplumClient_storage, "f").clear();
+        __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").clear();
+        __classPrivateFieldSet(this, _MedplumClient_accessToken, undefined, "f");
+        __classPrivateFieldSet(this, _MedplumClient_refreshToken, undefined, "f");
+        __classPrivateFieldSet(this, _MedplumClient_profile, undefined, "f");
+        __classPrivateFieldSet(this, _MedplumClient_config, undefined, "f");
         this.dispatchEvent({ type: 'change' });
     }
     get(url) {
-        return this.request('GET', url);
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_request).call(this, 'GET', url);
     }
     post(url, body, contentType) {
-        return this.request('POST', url, contentType, body);
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_request).call(this, 'POST', url, contentType, body);
     }
     put(url, body, contentType) {
-        return this.request('PUT', url, contentType, body);
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_request).call(this, 'PUT', url, contentType, body);
     }
     delete(url) {
-        return this.request('DELETE', url);
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_request).call(this, 'DELETE', url);
     }
     /**
      * Tries to register a new user.
@@ -1078,12 +1164,12 @@ class MedplumClient extends EventTarget {
      */
     startLogin(email, password, remember) {
         return __awaiter(this, void 0, void 0, function* () {
-            yield this.startPkce();
+            yield __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_startPkce).call(this);
             return this.post('auth/login', {
-                clientId: this.clientId,
+                clientId: __classPrivateFieldGet(this, _MedplumClient_clientId, "f"),
                 scope: DEFAULT_SCOPE,
                 codeChallengeMethod: 'S256',
-                codeChallenge: this.storage.getString('codeChallenge'),
+                codeChallenge: __classPrivateFieldGet(this, _MedplumClient_storage, "f").getString('codeChallenge'),
                 email,
                 password,
                 remember: !!remember,
@@ -1099,7 +1185,7 @@ class MedplumClient extends EventTarget {
      */
     startGoogleLogin(googleResponse) {
         return __awaiter(this, void 0, void 0, function* () {
-            yield this.startPkce();
+            yield __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_startPkce).call(this);
             return this.post('auth/google', googleResponse);
         });
     }
@@ -1120,7 +1206,7 @@ class MedplumClient extends EventTarget {
         const urlParams = new URLSearchParams(window.location.search);
         const code = urlParams.get('code');
         if (!code) {
-            this.requestAuthorization();
+            __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_requestAuthorization).call(this);
             return undefined;
         }
         else {
@@ -1132,7 +1218,7 @@ class MedplumClient extends EventTarget {
      * See: https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html
      */
     signOutWithRedirect() {
-        window.location.assign(this.logoutUrl);
+        window.location.assign(__classPrivateFieldGet(this, _MedplumClient_logoutUrl, "f"));
     }
     /**
      * Builds a FHIR URL from a collection of URL path components.
@@ -1141,7 +1227,7 @@ class MedplumClient extends EventTarget {
      * @returns The well-formed FHIR URL.
      */
     fhirUrl(...path) {
-        const builder = [this.baseUrl, 'fhir/R4'];
+        const builder = [__classPrivateFieldGet(this, _MedplumClient_baseUrl, "f"), 'fhir/R4'];
         path.forEach((p) => builder.push('/', encodeURIComponent(p)));
         return builder.join('');
     }
@@ -1172,7 +1258,7 @@ class MedplumClient extends EventTarget {
      * @returns The resource if it is available in the cache; undefined otherwise.
      */
     getCached(resourceType, id) {
-        const cached = this.resourceCache.get(resourceType + '/' + id);
+        const cached = __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").get(resourceType + '/' + id);
         if (cached && !('then' in cached)) {
             return cached;
         }
@@ -1185,7 +1271,7 @@ class MedplumClient extends EventTarget {
      * @returns The resource if it is available in the cache; undefined otherwise.
      */
     getCachedReference(reference) {
-        const cached = this.resourceCache.get(reference.reference);
+        const cached = __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").get(reference.reference);
         if (cached && !('then' in cached)) {
             return cached;
         }
@@ -1194,14 +1280,14 @@ class MedplumClient extends EventTarget {
     read(resourceType, id) {
         const cacheKey = resourceType + '/' + id;
         const promise = this.get(this.fhirUrl(resourceType, id)).then((resource) => {
-            this.resourceCache.set(cacheKey, resource);
+            __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").set(cacheKey, resource);
             return resource;
         });
-        this.resourceCache.set(cacheKey, promise);
+        __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").set(cacheKey, promise);
         return promise;
     }
     readCached(resourceType, id) {
-        const cached = this.resourceCache.get(resourceType + '/' + id);
+        const cached = __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").get(resourceType + '/' + id);
         return cached ? Promise.resolve(cached) : this.read(resourceType, id);
     }
     readReference(reference) {
@@ -1228,7 +1314,7 @@ class MedplumClient extends EventTarget {
      * @returns The schema if immediately available, undefined otherwise.
      */
     getSchema() {
-        return this.schema;
+        return __classPrivateFieldGet(this, _MedplumClient_schema, "f");
     }
     /**
      * Requests the schema for a resource type.
@@ -1238,8 +1324,8 @@ class MedplumClient extends EventTarget {
      */
     requestSchema(resourceType) {
         return __awaiter(this, void 0, void 0, function* () {
-            if (resourceType in this.schema.types) {
-                return Promise.resolve(this.schema);
+            if (resourceType in __classPrivateFieldGet(this, _MedplumClient_schema, "f").types) {
+                return Promise.resolve(__classPrivateFieldGet(this, _MedplumClient_schema, "f"));
             }
             const query = `{
       StructureDefinitionList(name: "${encodeURIComponent(resourceType)}") {
@@ -1265,17 +1351,19 @@ class MedplumClient extends EventTarget {
       SearchParameterList(base: "${encodeURIComponent(resourceType)}") {
         base,
         code,
-        type
+        type,
+        expression,
+        target
       }
     }`.replace(/\s+/g, ' ');
             const response = (yield this.graphql(query));
             for (const structureDefinition of response.data.StructureDefinitionList) {
-                indexStructureDefinition(this.schema, structureDefinition);
+                indexStructureDefinition(__classPrivateFieldGet(this, _MedplumClient_schema, "f"), structureDefinition);
             }
             for (const searchParameter of response.data.SearchParameterList) {
-                indexSearchParameter(this.schema, searchParameter);
+                indexSearchParameter(__classPrivateFieldGet(this, _MedplumClient_schema, "f"), searchParameter);
             }
-            return this.schema;
+            return __classPrivateFieldGet(this, _MedplumClient_schema, "f");
         });
     }
     readHistory(resourceType, id) {
@@ -1303,7 +1391,7 @@ class MedplumClient extends EventTarget {
         return this.put(this.fhirUrl(resource.resourceType, resource.id), resource);
     }
     patch(resourceType, id, operations) {
-        return this.request('PATCH', this.fhirUrl(resourceType, id), PATCH_CONTENT_TYPE, operations);
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_request).call(this, 'PATCH', this.fhirUrl(resourceType, id), PATCH_CONTENT_TYPE, operations);
     }
     deleteResource(resourceType, id) {
         return this.delete(this.fhirUrl(resourceType, id));
@@ -1312,159 +1400,55 @@ class MedplumClient extends EventTarget {
         return this.post(this.fhirUrl('$graphql'), { query }, JSON_CONTENT_TYPE);
     }
     getActiveLogin() {
-        return this.storage.getObject('activeLogin');
+        return __classPrivateFieldGet(this, _MedplumClient_storage, "f").getObject('activeLogin');
     }
     setActiveLogin(login) {
         return __awaiter(this, void 0, void 0, function* () {
-            this.storage.setObject('activeLogin', login);
-            this.addLogin(login);
-            this.resourceCache.clear();
-            this.refreshPromise = undefined;
-            yield this.refreshProfile();
+            __classPrivateFieldSet(this, _MedplumClient_accessToken, login.accessToken, "f");
+            __classPrivateFieldSet(this, _MedplumClient_refreshToken, login.refreshToken, "f");
+            __classPrivateFieldSet(this, _MedplumClient_profile, undefined, "f");
+            __classPrivateFieldSet(this, _MedplumClient_config, undefined, "f");
+            __classPrivateFieldGet(this, _MedplumClient_storage, "f").setObject('activeLogin', login);
+            __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addLogin).call(this, login);
+            __classPrivateFieldGet(this, _MedplumClient_resourceCache, "f").clear();
+            __classPrivateFieldSet(this, _MedplumClient_refreshPromise, undefined, "f");
+            yield __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_refreshProfile).call(this);
         });
     }
     getLogins() {
         var _a;
-        return (_a = this.storage.getObject('logins')) !== null && _a !== void 0 ? _a : [];
-    }
-    addLogin(newLogin) {
-        const logins = this.getLogins().filter((login) => { var _a, _b; return ((_a = login.profile) === null || _a === void 0 ? void 0 : _a.reference) !== ((_b = newLogin.profile) === null || _b === void 0 ? void 0 : _b.reference); });
-        logins.push(newLogin);
-        this.storage.setObject('logins', logins);
+        return (_a = __classPrivateFieldGet(this, _MedplumClient_storage, "f").getObject('logins')) !== null && _a !== void 0 ? _a : [];
     }
-    refreshProfile() {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            const reference = (_a = this.getActiveLogin()) === null || _a === void 0 ? void 0 : _a.profile;
-            if (reference === null || reference === void 0 ? void 0 : reference.reference) {
-                this.loading = true;
-                this.storage.setObject('profile', yield this.readCachedReference(reference));
-                this.loading = false;
-                this.dispatchEvent({ type: 'change' });
-            }
-            return this.getProfile();
-        });
+    isLoading() {
+        return !!__classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
     }
     getProfile() {
-        return this.storage.getObject('profile');
+        return __classPrivateFieldGet(this, _MedplumClient_profile, "f");
     }
-    isLoading() {
-        return this.loading;
-    }
-    /**
-     * Makes an HTTP request.
-     * @param {string} method
-     * @param {string} url
-     * @param {string=} contentType
-     * @param {Object=} body
-     */
-    request(method, url, contentType, body) {
-        var _a;
+    getProfileAsync() {
         return __awaiter(this, void 0, void 0, function* () {
-            if (this.refreshPromise) {
-                yield this.refreshPromise;
-            }
-            if (!url.startsWith('http')) {
-                url = this.baseUrl + url;
-            }
-            const headers = {
-                'Content-Type': contentType || FHIR_CONTENT_TYPE,
-            };
-            const accessToken = (_a = this.getActiveLogin()) === null || _a === void 0 ? void 0 : _a.accessToken;
-            if (accessToken) {
-                headers['Authorization'] = 'Bearer ' + accessToken;
-            }
-            const options = {
-                method: method,
-                cache: 'no-cache',
-                credentials: 'include',
-                headers,
-            };
-            if (body) {
-                if (typeof body === 'string' || (typeof File !== 'undefined' && body instanceof File)) {
-                    options.body = body;
-                }
-                else {
-                    options.body = stringify(body);
-                }
-            }
-            const response = yield this.fetch(url, options);
-            if (response.status === 401) {
-                // Refresh and try again
-                return this.handleUnauthenticated(method, url, contentType, body);
-            }
-            if (response.status === 204 || response.status === 304) {
-                // No content or change
-                return undefined;
+            if (__classPrivateFieldGet(this, _MedplumClient_profilePromise, "f")) {
+                yield __classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
             }
-            const obj = yield response.json();
-            if (obj.resourceType === 'OperationOutcome' && !isOk(obj)) {
-                return Promise.reject(obj);
-            }
-            return obj;
+            return this.getProfile();
         });
     }
-    /**
-     * Handles an unauthenticated response from the server.
-     * First, tries to refresh the access token and retry the request.
-     * Otherwise, calls unauthenticated callbacks and rejects.
-     * @param method The HTTP method of the original request.
-     * @param url The URL of the original request.
-     * @param contentType The content type of the original request.
-     * @param body The body of the original request.
-     */
-    handleUnauthenticated(method, url, contentType, body) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.refresh()
-                .then(() => this.request(method, url, contentType, body))
-                .catch((error) => {
-                this.clear();
-                if (this.onUnauthenticated) {
-                    this.onUnauthenticated();
-                }
-                return Promise.reject(error);
-            });
-        });
+    getUserConfiguration() {
+        return __classPrivateFieldGet(this, _MedplumClient_config, "f");
     }
     /**
-     * Starts a new PKCE flow.
-     * These PKCE values are stateful, and must survive redirects and page refreshes.
+     * Downloads the URL as a blob.
+     * @param url The URL to request.
+     * @returns Promise to the response body as a blob.
      */
-    startPkce() {
+    download(url) {
         return __awaiter(this, void 0, void 0, function* () {
-            const pkceState = getRandomString();
-            this.storage.setString('pkceState', pkceState);
-            const codeVerifier = getRandomString();
-            this.storage.setString('codeVerifier', codeVerifier);
-            const arrayHash = yield encryptSHA256(codeVerifier);
-            const codeChallenge = arrayBufferToBase64(arrayHash).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-            this.storage.setString('codeChallenge', codeChallenge);
-        });
-    }
-    /**
-     * Redirects the user to the login screen for authorization.
-     * Clears all auth state including local storage and session storage.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint
-     */
-    requestAuthorization() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.authorizeUrl) {
-                throw new Error('Missing authorize URL');
+            if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
+                yield __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
             }
-            this.startPkce();
-            window.location.assign(this.authorizeUrl +
-                '?response_type=code' +
-                '&state=' +
-                encodeURIComponent(this.storage.getString('pkceState')) +
-                '&client_id=' +
-                encodeURIComponent(this.clientId) +
-                '&redirect_uri=' +
-                encodeURIComponent(getBaseUrl()) +
-                '&scope=' +
-                encodeURIComponent(DEFAULT_SCOPE) +
-                '&code_challenge_method=S256' +
-                '&code_challenge=' +
-                encodeURIComponent(this.storage.getString('codeChallenge')));
+            const options = __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_buildFetchOptions).call(this, 'GET');
+            const response = yield __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, url, options);
+            return response.blob();
         });
     }
     /**
@@ -1473,18 +1457,18 @@ class MedplumClient extends EventTarget {
      * @param code The authorization code received by URL parameter.
      */
     processCode(code) {
-        const pkceState = this.storage.getString('pkceState');
+        const pkceState = __classPrivateFieldGet(this, _MedplumClient_storage, "f").getString('pkceState');
         if (!pkceState) {
             this.clear();
             throw new Error('Invalid PCKE state');
         }
-        const codeVerifier = this.storage.getString('codeVerifier');
+        const codeVerifier = __classPrivateFieldGet(this, _MedplumClient_storage, "f").getString('codeVerifier');
         if (!codeVerifier) {
             this.clear();
             throw new Error('Invalid PCKE code verifier');
         }
-        return this.fetchTokens('grant_type=authorization_code' +
-            (this.clientId ? '&client_id=' + encodeURIComponent(this.clientId) : '') +
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_fetchTokens).call(this, 'grant_type=authorization_code' +
+            (__classPrivateFieldGet(this, _MedplumClient_clientId, "f") ? '&client_id=' + encodeURIComponent(__classPrivateFieldGet(this, _MedplumClient_clientId, "f")) : '') +
             '&code_verifier=' +
             encodeURIComponent(codeVerifier) +
             '&redirect_uri=' +
@@ -1492,102 +1476,185 @@ class MedplumClient extends EventTarget {
             '&code=' +
             encodeURIComponent(code));
     }
-    /**
-     * Tries to refresh the auth tokens.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens
-     */
-    refresh() {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            if (this.refreshPromise) {
-                return this.refreshPromise;
-            }
-            const refreshToken = (_a = this.getActiveLogin()) === null || _a === void 0 ? void 0 : _a.refreshToken;
-            if (!refreshToken) {
-                this.clear();
-                return Promise.reject('Invalid refresh token');
-            }
-            this.refreshPromise = this.fetchTokens('grant_type=refresh_token' +
-                '&client_id=' +
-                encodeURIComponent(this.clientId) +
-                '&refresh_token=' +
-                encodeURIComponent(refreshToken));
-            yield this.refreshPromise;
-        });
+}
+_MedplumClient_fetch = new WeakMap(), _MedplumClient_storage = new WeakMap(), _MedplumClient_schema = new WeakMap(), _MedplumClient_resourceCache = new WeakMap(), _MedplumClient_baseUrl = new WeakMap(), _MedplumClient_clientId = new WeakMap(), _MedplumClient_authorizeUrl = new WeakMap(), _MedplumClient_tokenUrl = new WeakMap(), _MedplumClient_logoutUrl = new WeakMap(), _MedplumClient_onUnauthenticated = new WeakMap(), _MedplumClient_accessToken = new WeakMap(), _MedplumClient_refreshToken = new WeakMap(), _MedplumClient_refreshPromise = new WeakMap(), _MedplumClient_profilePromise = new WeakMap(), _MedplumClient_profile = new WeakMap(), _MedplumClient_config = new WeakMap(), _MedplumClient_instances = new WeakSet(), _MedplumClient_addLogin = function _MedplumClient_addLogin(newLogin) {
+    const logins = this.getLogins().filter((login) => { var _a, _b; return ((_a = login.profile) === null || _a === void 0 ? void 0 : _a.reference) !== ((_b = newLogin.profile) === null || _b === void 0 ? void 0 : _b.reference); });
+    logins.push(newLogin);
+    __classPrivateFieldGet(this, _MedplumClient_storage, "f").setObject('logins', logins);
+}, _MedplumClient_refreshProfile = function _MedplumClient_refreshProfile() {
+    return __awaiter(this, void 0, void 0, function* () {
+        __classPrivateFieldSet(this, _MedplumClient_profilePromise, new Promise((resolve, reject) => {
+            this.get('auth/me')
+                .then((result) => {
+                __classPrivateFieldSet(this, _MedplumClient_profilePromise, undefined, "f");
+                __classPrivateFieldSet(this, _MedplumClient_profile, result.profile, "f");
+                __classPrivateFieldSet(this, _MedplumClient_config, result.config, "f");
+                this.dispatchEvent({ type: 'change' });
+                resolve(__classPrivateFieldGet(this, _MedplumClient_profile, "f"));
+            })
+                .catch(reject);
+        }), "f");
+        return __classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
+    });
+}, _MedplumClient_request = function _MedplumClient_request(method, url, contentType, body) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
+            yield __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
+        }
+        if (!url.startsWith('http')) {
+            url = __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + url;
+        }
+        const options = __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_buildFetchOptions).call(this, method, contentType, body);
+        const response = yield __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, url, options);
+        if (response.status === 401) {
+            // Refresh and try again
+            return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_handleUnauthenticated).call(this, method, url, contentType, body);
+        }
+        if (response.status === 204 || response.status === 304) {
+            // No content or change
+            return undefined;
+        }
+        const obj = yield response.json();
+        if (obj.resourceType === 'OperationOutcome' && !isOk(obj)) {
+            return Promise.reject(obj);
+        }
+        return obj;
+    });
+}, _MedplumClient_buildFetchOptions = function _MedplumClient_buildFetchOptions(method, contentType, body) {
+    const headers = {
+        'Content-Type': contentType || FHIR_CONTENT_TYPE,
+    };
+    if (__classPrivateFieldGet(this, _MedplumClient_accessToken, "f")) {
+        headers['Authorization'] = 'Bearer ' + __classPrivateFieldGet(this, _MedplumClient_accessToken, "f");
+    }
+    const options = {
+        method: method,
+        cache: 'no-cache',
+        credentials: 'include',
+        headers,
+    };
+    if (body) {
+        if (typeof body === 'string' || (typeof File !== 'undefined' && body instanceof File)) {
+            options.body = body;
+        }
+        else {
+            options.body = stringify(body);
+        }
     }
-    /**
-     * Makes a POST request to the tokens endpoint.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
-     * @param formBody Token parameters in URL encoded format.
-     */
-    fetchTokens(formBody) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!this.tokenUrl) {
-                return Promise.reject('Missing token URL');
+    return options;
+}, _MedplumClient_handleUnauthenticated = function _MedplumClient_handleUnauthenticated(method, url, contentType, body) {
+    return __awaiter(this, void 0, void 0, function* () {
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_refresh).call(this)
+            .then(() => __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_request).call(this, method, url, contentType, body))
+            .catch((error) => {
+            this.clear();
+            if (__classPrivateFieldGet(this, _MedplumClient_onUnauthenticated, "f")) {
+                __classPrivateFieldGet(this, _MedplumClient_onUnauthenticated, "f").call(this);
             }
-            return this.fetch(this.tokenUrl, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-                body: formBody,
-            })
-                .then((response) => {
-                if (!response.ok) {
-                    return Promise.reject('Failed to fetch tokens');
-                }
-                return response.json();
-            })
-                .then((tokens) => this.verifyTokens(tokens))
-                .then(() => this.getProfile());
+            return Promise.reject(error);
         });
-    }
-    /**
-     * Verifies the tokens received from the auth server.
-     * Validates the JWT against the JWKS.
-     * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
-     * @param tokens
-     */
-    verifyTokens(tokens) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const token = tokens.access_token;
-            // Verify token has not expired
-            const tokenPayload = parseJWTPayload(token);
-            if (Date.now() >= tokenPayload.exp * 1000) {
-                this.clear();
-                return Promise.reject('Token expired');
+    });
+}, _MedplumClient_startPkce = function _MedplumClient_startPkce() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const pkceState = getRandomString();
+        __classPrivateFieldGet(this, _MedplumClient_storage, "f").setString('pkceState', pkceState);
+        const codeVerifier = getRandomString();
+        __classPrivateFieldGet(this, _MedplumClient_storage, "f").setString('codeVerifier', codeVerifier);
+        const arrayHash = yield encryptSHA256(codeVerifier);
+        const codeChallenge = arrayBufferToBase64(arrayHash).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+        __classPrivateFieldGet(this, _MedplumClient_storage, "f").setString('codeChallenge', codeChallenge);
+    });
+}, _MedplumClient_requestAuthorization = function _MedplumClient_requestAuthorization() {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (!__classPrivateFieldGet(this, _MedplumClient_authorizeUrl, "f")) {
+            throw new Error('Missing authorize URL');
+        }
+        __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_startPkce).call(this);
+        window.location.assign(__classPrivateFieldGet(this, _MedplumClient_authorizeUrl, "f") +
+            '?response_type=code' +
+            '&state=' +
+            encodeURIComponent(__classPrivateFieldGet(this, _MedplumClient_storage, "f").getString('pkceState')) +
+            '&client_id=' +
+            encodeURIComponent(__classPrivateFieldGet(this, _MedplumClient_clientId, "f")) +
+            '&redirect_uri=' +
+            encodeURIComponent(getBaseUrl()) +
+            '&scope=' +
+            encodeURIComponent(DEFAULT_SCOPE) +
+            '&code_challenge_method=S256' +
+            '&code_challenge=' +
+            encodeURIComponent(__classPrivateFieldGet(this, _MedplumClient_storage, "f").getString('codeChallenge')));
+    });
+}, _MedplumClient_refresh = function _MedplumClient_refresh() {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
+            return __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
+        }
+        if (!__classPrivateFieldGet(this, _MedplumClient_refreshToken, "f")) {
+            this.clear();
+            return Promise.reject('Invalid refresh token');
+        }
+        __classPrivateFieldSet(this, _MedplumClient_refreshPromise, __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_fetchTokens).call(this, 'grant_type=refresh_token' +
+            '&client_id=' +
+            encodeURIComponent(__classPrivateFieldGet(this, _MedplumClient_clientId, "f")) +
+            '&refresh_token=' +
+            encodeURIComponent(__classPrivateFieldGet(this, _MedplumClient_refreshToken, "f"))), "f");
+        yield __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
+    });
+}, _MedplumClient_fetchTokens = function _MedplumClient_fetchTokens(formBody) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (!__classPrivateFieldGet(this, _MedplumClient_tokenUrl, "f")) {
+            return Promise.reject('Missing token URL');
+        }
+        return __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, __classPrivateFieldGet(this, _MedplumClient_tokenUrl, "f"), {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: formBody,
+        })
+            .then((response) => {
+            if (!response.ok) {
+                return Promise.reject('Failed to fetch tokens');
             }
-            // Verify app_client_id
-            if (this.clientId && tokenPayload.client_id !== this.clientId) {
-                this.clear();
-                return Promise.reject('Token was not issued for this audience');
+            return response.json();
+        })
+            .then((tokens) => __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_verifyTokens).call(this, tokens))
+            .then(() => this.getProfile());
+    });
+}, _MedplumClient_verifyTokens = function _MedplumClient_verifyTokens(tokens) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const token = tokens.access_token;
+        // Verify token has not expired
+        const tokenPayload = parseJWTPayload(token);
+        if (Date.now() >= tokenPayload.exp * 1000) {
+            this.clear();
+            return Promise.reject('Token expired');
+        }
+        // Verify app_client_id
+        if (__classPrivateFieldGet(this, _MedplumClient_clientId, "f") && tokenPayload.client_id !== __classPrivateFieldGet(this, _MedplumClient_clientId, "f")) {
+            this.clear();
+            return Promise.reject('Token was not issued for this audience');
+        }
+        yield this.setActiveLogin({
+            accessToken: token,
+            refreshToken: tokens.refresh_token,
+            project: tokens.project,
+            profile: tokens.profile,
+        });
+    });
+}, _MedplumClient_setupStorageListener = function _MedplumClient_setupStorageListener() {
+    try {
+        window.addEventListener('storage', (e) => {
+            if (e.key === null || e.key === 'activeLogin') {
+                // Storage events fire when different tabs make changes.
+                // On storage clear (key === null) or activeLogin change (key === 'activeLogin')
+                // Refresh the page to ensure the active login is up to date.
+                window.location.reload();
             }
-            yield this.setActiveLogin({
-                accessToken: token,
-                refreshToken: tokens.refresh_token,
-                project: tokens.project,
-                profile: tokens.profile,
-            });
         });
     }
-    /**
-     * Sets up a listener for window storage events.
-     * This synchronizes state across browser windows and browser tabs.
-     */
-    setupStorageListener() {
-        try {
-            window.addEventListener('storage', (e) => {
-                if (e.key === null || e.key === 'activeLogin') {
-                    // Storage events fire when different tabs make changes.
-                    // On storage clear (key === null) or activeLogin change (key === 'activeLogin')
-                    // Refresh the page to ensure the active login is up to date.
-                    window.location.reload();
-                }
-            });
-        }
-        catch (err) {
-            // Silently ignore if this environment does not support storage events
-        }
+    catch (err) {
+        // Silently ignore if this environment does not support storage events
     }
-}
+};
 /**
  * Returns the base URL for the current page.
  */
@@ -1623,6 +1690,9 @@ var SearchParameterType;
  */
 function getSearchParameterDetails(structureDefinitions, resourceType, searchParam) {
     var _a, _b, _c, _d;
+    if (searchParam.code === '_lastUpdated') {
+        return { columnName: 'lastUpdated', type: SearchParameterType.DATETIME };
+    }
     const columnName = convertCodeToColumnName(searchParam.code);
     const expression = (_a = getExpressionForResourceType(resourceType, searchParam.expression)) === null || _a === void 0 ? void 0 : _a.split('.');
     if (!expression) {
@@ -1631,20 +1701,21 @@ function getSearchParameterDetails(structureDefinitions, resourceType, searchPar
         return { columnName, type: SearchParameterType.TEXT };
     }
     let baseType = resourceType;
+    let elementDefinition = undefined;
     let propertyType = undefined;
     let array = false;
     for (let i = 1; i < expression.length; i++) {
         const propertyName = expression[i];
-        const propertyDef = (_c = (_b = structureDefinitions.types[baseType]) === null || _b === void 0 ? void 0 : _b.properties) === null || _c === void 0 ? void 0 : _c[propertyName];
-        if (!propertyDef) {
+        elementDefinition = (_c = (_b = structureDefinitions.types[baseType]) === null || _b === void 0 ? void 0 : _b.properties) === null || _c === void 0 ? void 0 : _c[propertyName];
+        if (!elementDefinition) {
             // This happens on complex properties such as "collected[x]"/"collectedDateTime"/"collectedPeriod"
             // In the future, explore returning multiple column definitions
             return { columnName, type: SearchParameterType.TEXT, array };
         }
-        if (propertyDef.max === '*') {
+        if (elementDefinition.max === '*') {
             array = true;
         }
-        propertyType = (_d = propertyDef.type) === null || _d === void 0 ? void 0 : _d[0].code;
+        propertyType = (_d = elementDefinition.type) === null || _d === void 0 ? void 0 : _d[0].code;
         if (!propertyType) {
             // This happens when one of parent properties uses contentReference
             // In the future, explore following the reference
@@ -1660,7 +1731,7 @@ function getSearchParameterDetails(structureDefinitions, resourceType, searchPar
         }
     }
     const type = getSearchParameterType(searchParam, propertyType);
-    return { columnName, type, array };
+    return { columnName, type, elementDefinition, array };
 }
 /**
  * Converts a hyphen-delimited code to camelCase string.
@@ -1717,5 +1788,5 @@ function simplifyExpression(input) {
     return result;
 }
 
-export { MedplumClient, OperationOutcomeError, Operator, PropertyType, SearchParameterType, accessDenied, allOk, arrayBufferToBase64, arrayBufferToHex, assertOk, badRequest, buildTypeName, capitalize, createReference, createSchema, created, deepEquals, formatAddress, formatFamilyName, formatGivenName, formatHumanName, formatSearchQuery, getDateProperty, getDisplayString, getExpressionForResourceType, getImageSrc, getPropertyDisplayName, getReferenceString, getSearchParameterDetails, getStatus, gone, indexSearchParameter, indexStructureDefinition, isGone, isLowerCase, isNotFound, isOk, isProfileResource, notFound, notModified, parseSearchDefinition, stringify };
+export { MedplumClient, OperationOutcomeError, Operator, PropertyType, SearchParameterType, accessDenied, allOk, arrayBufferToBase64, arrayBufferToHex, assertOk, badRequest, buildTypeName, capitalize, createReference, createSchema, createTypeSchema, created, deepEquals, formatAddress, formatFamilyName, formatGivenName, formatHumanName, formatSearchQuery, getDateProperty, getDisplayString, getExpressionForResourceType, getImageSrc, getPropertyDisplayName, getReferenceString, getSearchParameterDetails, getStatus, gone, indexSearchParameter, indexStructureDefinition, isGone, isLowerCase, isNotFound, isOk, isProfileResource, notFound, notModified, parseSearchDefinition, resolveId, stringify };
 //# sourceMappingURL=index.js.map