@medplum/core 1.0.5 → 1.0.6

package/dist/esm/{client.js → client.mjs}

@@ -1,17 +1,17 @@
-import { __classPrivateFieldSet, __classPrivateFieldGet, __awaiter } from './node_modules/tslib/tslib.es6.js';
-import { LRUCache } from './cache.js';
-import { getRandomString, encryptSHA256 } from './crypto.js';
-import { EventTarget } from './eventtarget.js';
-import { parseJWTPayload } from './jwt.js';
-import { ReadablePromise } from './readablepromise.js';
-import { ClientStorage } from './storage.js';
-import { globalSchema, indexStructureDefinition, indexSearchParameter } from './types.js';
-import { createReference, arrayBufferToBase64 } from './utils.js';
+import { __classPrivateFieldSet, __classPrivateFieldGet } from './node_modules/tslib/tslib.es6.mjs';
+import { LRUCache } from './cache.mjs';
+import { getRandomString, encryptSHA256 } from './crypto.mjs';
+import { EventTarget } from './eventtarget.mjs';
+import { parseJWTPayload } from './jwt.mjs';
+import { ReadablePromise } from './readablepromise.mjs';
+import { ClientStorage } from './storage.mjs';
+import { globalSchema, indexStructureDefinition, indexSearchParameter } from './types.mjs';
+import { createReference, arrayBufferToBase64 } from './utils.mjs';
 
 // PKCE auth based on:
 // https://aws.amazon.com/blogs/security/how-to-add-authentication-single-page-web-application-with-amazon-cognito-oauth2-implementation/
 var _MedplumClient_instances, _MedplumClient_fetch, _MedplumClient_createPdf, _MedplumClient_storage, _MedplumClient_requestCache, _MedplumClient_cacheTime, _MedplumClient_baseUrl, _MedplumClient_authorizeUrl, _MedplumClient_tokenUrl, _MedplumClient_logoutUrl, _MedplumClient_onUnauthenticated, _MedplumClient_clientId, _MedplumClient_clientSecret, _MedplumClient_accessToken, _MedplumClient_refreshToken, _MedplumClient_refreshPromise, _MedplumClient_profilePromise, _MedplumClient_profile, _MedplumClient_config, _MedplumClient_addLogin, _MedplumClient_refreshProfile, _MedplumClient_getCacheEntry, _MedplumClient_setCacheEntry, _MedplumClient_request, _MedplumClient_addFetchOptionsDefaults, _MedplumClient_setRequestContentType, _MedplumClient_setRequestBody, _MedplumClient_handleUnauthenticated, _MedplumClient_requestAuthorization, _MedplumClient_refresh, _MedplumClient_fetchTokens, _MedplumClient_verifyTokens, _MedplumClient_setupStorageListener;
-const MEDPLUM_VERSION = "1.0.5-53328b63";
+const MEDPLUM_VERSION = "1.0.6-5860113c";
 const DEFAULT_BASE_URL = 'https://api.medplum.com/';
 const DEFAULT_RESOURCE_CACHE_SIZE = 1000;
 const DEFAULT_CACHE_TIME = 60000; // 60 seconds
@@ -72,7 +72,6 @@ const PATCH_CONTENT_TYPE = 'application/json-patch+json';
  */
 class MedplumClient extends EventTarget {
     constructor(options) {
-        var _a, _b;
         super();
         _MedplumClient_instances.add(this);
         _MedplumClient_fetch.set(this, void 0);
@@ -93,22 +92,22 @@ class MedplumClient extends EventTarget {
         _MedplumClient_profilePromise.set(this, void 0);
         _MedplumClient_profile.set(this, void 0);
         _MedplumClient_config.set(this, void 0);
-        if (options === null || options === void 0 ? void 0 : options.baseUrl) {
+        if (options?.baseUrl) {
             if (!options.baseUrl.startsWith('http')) {
                 throw new Error('Base URL must start with http or https');
             }
         }
-        __classPrivateFieldSet(this, _MedplumClient_fetch, (options === null || options === void 0 ? void 0 : options.fetch) || window.fetch.bind(window), "f");
-        __classPrivateFieldSet(this, _MedplumClient_createPdf, options === null || options === void 0 ? void 0 : options.createPdf, "f");
+        __classPrivateFieldSet(this, _MedplumClient_fetch, options?.fetch || window.fetch.bind(window), "f");
+        __classPrivateFieldSet(this, _MedplumClient_createPdf, options?.createPdf, "f");
         __classPrivateFieldSet(this, _MedplumClient_storage, new ClientStorage(), "f");
-        __classPrivateFieldSet(this, _MedplumClient_requestCache, new LRUCache((_a = options === null || options === void 0 ? void 0 : options.resourceCacheSize) !== null && _a !== void 0 ? _a : DEFAULT_RESOURCE_CACHE_SIZE), "f");
-        __classPrivateFieldSet(this, _MedplumClient_cacheTime, (_b = options === null || options === void 0 ? void 0 : options.cacheTime) !== null && _b !== void 0 ? _b : DEFAULT_CACHE_TIME, "f");
-        __classPrivateFieldSet(this, _MedplumClient_baseUrl, ensureTrailingSlash(options === null || options === void 0 ? void 0 : options.baseUrl) || DEFAULT_BASE_URL, "f");
-        __classPrivateFieldSet(this, _MedplumClient_clientId, (options === null || options === void 0 ? void 0 : options.clientId) || '', "f");
-        __classPrivateFieldSet(this, _MedplumClient_authorizeUrl, (options === null || options === void 0 ? void 0 : options.authorizeUrl) || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/authorize', "f");
-        __classPrivateFieldSet(this, _MedplumClient_tokenUrl, (options === null || options === void 0 ? void 0 : options.tokenUrl) || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/token', "f");
-        __classPrivateFieldSet(this, _MedplumClient_logoutUrl, (options === null || options === void 0 ? void 0 : options.logoutUrl) || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/logout', "f");
-        __classPrivateFieldSet(this, _MedplumClient_onUnauthenticated, options === null || options === void 0 ? void 0 : options.onUnauthenticated, "f");
+        __classPrivateFieldSet(this, _MedplumClient_requestCache, new LRUCache(options?.resourceCacheSize ?? DEFAULT_RESOURCE_CACHE_SIZE), "f");
+        __classPrivateFieldSet(this, _MedplumClient_cacheTime, options?.cacheTime ?? DEFAULT_CACHE_TIME, "f");
+        __classPrivateFieldSet(this, _MedplumClient_baseUrl, ensureTrailingSlash(options?.baseUrl) || DEFAULT_BASE_URL, "f");
+        __classPrivateFieldSet(this, _MedplumClient_clientId, options?.clientId || '', "f");
+        __classPrivateFieldSet(this, _MedplumClient_authorizeUrl, options?.authorizeUrl || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/authorize', "f");
+        __classPrivateFieldSet(this, _MedplumClient_tokenUrl, options?.tokenUrl || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/token', "f");
+        __classPrivateFieldSet(this, _MedplumClient_logoutUrl, options?.logoutUrl || __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + 'oauth2/logout', "f");
+        __classPrivateFieldSet(this, _MedplumClient_onUnauthenticated, options?.onUnauthenticated, "f");
         const activeLogin = this.getActiveLogin();
         if (activeLogin) {
             __classPrivateFieldSet(this, _MedplumClient_accessToken, activeLogin.accessToken, "f");
@@ -283,10 +282,12 @@ class MedplumClient extends EventTarget {
      * @param newUserRequest Register request including email and password.
      * @returns Promise to the authentication response.
      */
-    startNewUser(newUserRequest) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield this.startPkce();
-            return this.post('auth/newuser', Object.assign(Object.assign({}, newUserRequest), { codeChallengeMethod: 'S256', codeChallenge: sessionStorage.getItem('codeChallenge') }));
+    async startNewUser(newUserRequest) {
+        await this.startPkce();
+        return this.post('auth/newuser', {
+            ...newUserRequest,
+            codeChallengeMethod: 'S256',
+            codeChallenge: sessionStorage.getItem('codeChallenge'),
         });
     }
     /**
@@ -297,10 +298,8 @@ class MedplumClient extends EventTarget {
      * @param newProjectRequest Register request including email and password.
      * @returns Promise to the authentication response.
      */
-    startNewProject(newProjectRequest) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.post('auth/newproject', newProjectRequest);
-        });
+    async startNewProject(newProjectRequest) {
+        return this.post('auth/newproject', newProjectRequest);
     }
     /**
      * Initiates a new patient flow.
@@ -310,10 +309,8 @@ class MedplumClient extends EventTarget {
      * @param newPatientRequest Register request including email and password.
      * @returns Promise to the authentication response.
      */
-    startNewPatient(newPatientRequest) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.post('auth/newpatient', newPatientRequest);
-        });
+    async startNewPatient(newPatientRequest) {
+        return this.post('auth/newpatient', newPatientRequest);
     }
     /**
      * Initiates a user login flow.
@@ -321,12 +318,14 @@ class MedplumClient extends EventTarget {
      * @param loginRequest Login request including email and password.
      * @returns Promise to the authentication response.
      */
-    startLogin(loginRequest) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            const { codeChallenge, codeChallengeMethod } = this.getCodeChallenge(loginRequest);
-            return this.post('auth/login', Object.assign(Object.assign({}, loginRequest), { clientId: (_a = loginRequest.clientId) !== null && _a !== void 0 ? _a : __classPrivateFieldGet(this, _MedplumClient_clientId, "f"), scope: loginRequest.scope, codeChallengeMethod,
-                codeChallenge }));
+    async startLogin(loginRequest) {
+        const { codeChallenge, codeChallengeMethod } = this.getCodeChallenge(loginRequest);
+        return this.post('auth/login', {
+            ...loginRequest,
+            clientId: loginRequest.clientId ?? __classPrivateFieldGet(this, _MedplumClient_clientId, "f"),
+            scope: loginRequest.scope,
+            codeChallengeMethod,
+            codeChallenge,
         });
     }
     /**
@@ -337,12 +336,14 @@ class MedplumClient extends EventTarget {
      * @param loginRequest Login request including Google credential response.
      * @returns Promise to the authentication response.
      */
-    startGoogleLogin(loginRequest) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            const { codeChallenge, codeChallengeMethod } = this.getCodeChallenge(loginRequest);
-            return this.post('auth/google', Object.assign(Object.assign({}, loginRequest), { clientId: (_a = loginRequest.clientId) !== null && _a !== void 0 ? _a : __classPrivateFieldGet(this, _MedplumClient_clientId, "f"), scope: loginRequest.scope, codeChallengeMethod,
-                codeChallenge }));
+    async startGoogleLogin(loginRequest) {
+        const { codeChallenge, codeChallengeMethod } = this.getCodeChallenge(loginRequest);
+        return this.post('auth/google', {
+            ...loginRequest,
+            clientId: loginRequest.clientId ?? __classPrivateFieldGet(this, _MedplumClient_clientId, "f"),
+            scope: loginRequest.scope,
+            codeChallengeMethod,
+            codeChallenge,
         });
     }
     getCodeChallenge(loginRequest) {
@@ -375,18 +376,16 @@ class MedplumClient extends EventTarget {
      * This may result in navigating away to the sign in page.
      * @category Authentication
      */
-    signInWithRedirect() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const urlParams = new URLSearchParams(window.location.search);
-            const code = urlParams.get('code');
-            if (!code) {
-                yield __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_requestAuthorization).call(this);
-                return undefined;
-            }
-            else {
-                return this.processCode(code);
-            }
-        });
+    async signInWithRedirect() {
+        const urlParams = new URLSearchParams(window.location.search);
+        const code = urlParams.get('code');
+        if (!code) {
+            await __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_requestAuthorization).call(this);
+            return undefined;
+        }
+        else {
+            return this.processCode(code);
+        }
     }
     /**
      * Tries to sign out the user.
@@ -502,7 +501,7 @@ class MedplumClient extends EventTarget {
         if (cached) {
             return cached.value;
         }
-        const promise = new ReadablePromise(this.search(resourceType, url.searchParams, options).then((b) => { var _a, _b; return (_b = (_a = b.entry) === null || _a === void 0 ? void 0 : _a[0]) === null || _b === void 0 ? void 0 : _b.resource; }));
+        const promise = new ReadablePromise(this.search(resourceType, url.searchParams, options).then((b) => b.entry?.[0]?.resource));
         __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_setCacheEntry).call(this, cacheKey, promise);
         return promise;
     }
@@ -535,7 +534,7 @@ class MedplumClient extends EventTarget {
         if (cached) {
             return cached.value;
         }
-        const promise = new ReadablePromise(this.search(resourceType, query, options).then((b) => { var _a, _b; return (_b = (_a = b.entry) === null || _a === void 0 ? void 0 : _a.map((e) => e.resource)) !== null && _b !== void 0 ? _b : []; }));
+        const promise = new ReadablePromise(this.search(resourceType, query, options).then((b) => b.entry?.map((e) => e.resource) ?? []));
         __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_setCacheEntry).call(this, cacheKey, promise);
         return promise;
     }
@@ -563,8 +562,7 @@ class MedplumClient extends EventTarget {
      * @returns The resource if it is available in the cache; undefined otherwise.
      */
     getCached(resourceType, id) {
-        var _a;
-        const cached = (_a = __classPrivateFieldGet(this, _MedplumClient_requestCache, "f").get(this.fhirUrl(resourceType, id).toString())) === null || _a === void 0 ? void 0 : _a.value;
+        const cached = __classPrivateFieldGet(this, _MedplumClient_requestCache, "f").get(this.fhirUrl(resourceType, id).toString())?.value;
         return cached && cached.isOk() ? cached.read() : undefined;
     }
     /**
@@ -627,7 +625,7 @@ class MedplumClient extends EventTarget {
      * @returns The resource if available; undefined otherwise.
      */
     readReference(reference, options = {}) {
-        const refString = reference === null || reference === void 0 ? void 0 : reference.reference;
+        const refString = reference?.reference;
         if (!refString) {
             return new ReadablePromise(Promise.reject(new Error('Missing reference')));
         }
@@ -655,12 +653,11 @@ class MedplumClient extends EventTarget {
      * @param resourceType The FHIR resource type.
      * @returns Promise to a schema with the requested resource type.
      */
-    requestSchema(resourceType) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (resourceType in globalSchema.types) {
-                return globalSchema;
-            }
-            const query = `{
+    async requestSchema(resourceType) {
+        if (resourceType in globalSchema.types) {
+            return globalSchema;
+        }
+        const query = `{
       StructureDefinitionList(name: "${resourceType}") {
         name,
         description,
@@ -689,15 +686,14 @@ class MedplumClient extends EventTarget {
         target
       }
     }`.replace(/\s+/g, ' ');
-            const response = (yield this.graphql(query));
-            for (const structureDefinition of response.data.StructureDefinitionList) {
-                indexStructureDefinition(structureDefinition);
-            }
-            for (const searchParameter of response.data.SearchParameterList) {
-                indexSearchParameter(searchParameter);
-            }
-            return globalSchema;
-        });
+        const response = (await this.graphql(query));
+        for (const structureDefinition of response.data.StructureDefinitionList) {
+            indexStructureDefinition(structureDefinition);
+        }
+        for (const searchParameter of response.data.SearchParameterList) {
+            indexSearchParameter(searchParameter);
+        }
+        return globalSchema;
     }
     /**
      * Reads resource history by resource type and ID.
@@ -835,11 +831,8 @@ class MedplumClient extends EventTarget {
      * @param query The search query for an equivalent resource (should not include resource type or "?").
      * @returns The result of the create operation.
      */
-    createResourceIfNoneExist(resource, query) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            return ((_a = (yield this.searchOne(resource.resourceType, query))) !== null && _a !== void 0 ? _a : this.createResource(resource));
-        });
+    async createResourceIfNoneExist(resource, query) {
+        return ((await this.searchOne(resource.resourceType, query)) ?? this.createResource(resource));
     }
     /**
      * Creates a FHIR `Binary` resource with the provided data content.
@@ -926,14 +919,12 @@ class MedplumClient extends EventTarget {
      * @param docDefinition The PDF document definition.
      * @returns The result of the create operation.
      */
-    createPdf(docDefinition, filename, tableLayouts, fonts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!__classPrivateFieldGet(this, _MedplumClient_createPdf, "f")) {
-                throw new Error('PDF creation not enabled');
-            }
-            const blob = yield __classPrivateFieldGet(this, _MedplumClient_createPdf, "f").call(this, docDefinition, tableLayouts, fonts);
-            return this.createBinary(blob, filename, 'application/pdf');
-        });
+    async createPdf(docDefinition, filename, tableLayouts, fonts) {
+        if (!__classPrivateFieldGet(this, _MedplumClient_createPdf, "f")) {
+            throw new Error('PDF creation not enabled');
+        }
+        const blob = await __classPrivateFieldGet(this, _MedplumClient_createPdf, "f").call(this, docDefinition, tableLayouts, fonts);
+        return this.createBinary(blob, filename, 'application/pdf');
     }
     /**
      * Creates a FHIR `Communication` resource with the provided data content.
@@ -995,20 +986,18 @@ class MedplumClient extends EventTarget {
      * @param resource The FHIR resource to update.
      * @returns The result of the update operation.
      */
-    updateResource(resource) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!resource.resourceType) {
-                throw new Error('Missing resourceType');
-            }
-            if (!resource.id) {
-                throw new Error('Missing id');
-            }
-            this.invalidateSearches(resource.resourceType);
-            const result = yield this.put(this.fhirUrl(resource.resourceType, resource.id), resource);
-            // On 304 not modified, result will be undefined
-            // Return the user input instead
-            return result !== null && result !== void 0 ? result : resource;
-        });
+    async updateResource(resource) {
+        if (!resource.resourceType) {
+            throw new Error('Missing resourceType');
+        }
+        if (!resource.id) {
+            throw new Error('Missing id');
+        }
+        this.invalidateSearches(resource.resourceType);
+        const result = await this.put(this.fhirUrl(resource.resourceType, resource.id), resource);
+        // On 304 not modified, result will be undefined
+        // Return the user input instead
+        return result ?? resource;
     }
     /**
      * Updates a FHIR resource using JSONPatch operations.
@@ -1243,18 +1232,16 @@ class MedplumClient extends EventTarget {
     /**
      * @category Authentication
      */
-    setActiveLogin(login) {
-        return __awaiter(this, void 0, void 0, function* () {
-            __classPrivateFieldSet(this, _MedplumClient_accessToken, login.accessToken, "f");
-            __classPrivateFieldSet(this, _MedplumClient_refreshToken, login.refreshToken, "f");
-            __classPrivateFieldSet(this, _MedplumClient_profile, undefined, "f");
-            __classPrivateFieldSet(this, _MedplumClient_config, undefined, "f");
-            __classPrivateFieldGet(this, _MedplumClient_storage, "f").setObject('activeLogin', login);
-            __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addLogin).call(this, login);
-            __classPrivateFieldGet(this, _MedplumClient_requestCache, "f").clear();
-            __classPrivateFieldSet(this, _MedplumClient_refreshPromise, undefined, "f");
-            yield __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_refreshProfile).call(this);
-        });
+    async setActiveLogin(login) {
+        __classPrivateFieldSet(this, _MedplumClient_accessToken, login.accessToken, "f");
+        __classPrivateFieldSet(this, _MedplumClient_refreshToken, login.refreshToken, "f");
+        __classPrivateFieldSet(this, _MedplumClient_profile, undefined, "f");
+        __classPrivateFieldSet(this, _MedplumClient_config, undefined, "f");
+        __classPrivateFieldGet(this, _MedplumClient_storage, "f").setObject('activeLogin', login);
+        __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addLogin).call(this, login);
+        __classPrivateFieldGet(this, _MedplumClient_requestCache, "f").clear();
+        __classPrivateFieldSet(this, _MedplumClient_refreshPromise, undefined, "f");
+        await __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_refreshProfile).call(this);
     }
     /**
      * @category Authentication
@@ -1275,8 +1262,7 @@ class MedplumClient extends EventTarget {
      * @category Authentication
      */
     getLogins() {
-        var _a;
-        return (_a = __classPrivateFieldGet(this, _MedplumClient_storage, "f").getObject('logins')) !== null && _a !== void 0 ? _a : [];
+        return __classPrivateFieldGet(this, _MedplumClient_storage, "f").getObject('logins') ?? [];
     }
     /**
      * @category Authentication
@@ -1293,13 +1279,11 @@ class MedplumClient extends EventTarget {
     /**
      * @category User Profile
      */
-    getProfileAsync() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (__classPrivateFieldGet(this, _MedplumClient_profilePromise, "f")) {
-                yield __classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
-            }
-            return this.getProfile();
-        });
+    async getProfileAsync() {
+        if (__classPrivateFieldGet(this, _MedplumClient_profilePromise, "f")) {
+            await __classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
+        }
+        return this.getProfile();
     }
     /**
      * @category User Profile
@@ -1314,30 +1298,26 @@ class MedplumClient extends EventTarget {
      * @param url The URL to request.
      * @returns Promise to the response body as a blob.
      */
-    download(url, options = {}) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
-                yield __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
-            }
-            __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addFetchOptionsDefaults).call(this, options);
-            const response = yield __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, url.toString(), options);
-            return response.blob();
-        });
+    async download(url, options = {}) {
+        if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
+            await __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
+        }
+        __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addFetchOptionsDefaults).call(this, options);
+        const response = await __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, url.toString(), options);
+        return response.blob();
     }
     /**
      * Starts a new PKCE flow.
      * These PKCE values are stateful, and must survive redirects and page refreshes.
      */
-    startPkce() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const pkceState = getRandomString();
-            sessionStorage.setItem('pkceState', pkceState);
-            const codeVerifier = getRandomString();
-            sessionStorage.setItem('codeVerifier', codeVerifier);
-            const arrayHash = yield encryptSHA256(codeVerifier);
-            const codeChallenge = arrayBufferToBase64(arrayHash).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-            sessionStorage.setItem('codeChallenge', codeChallenge);
-        });
+    async startPkce() {
+        const pkceState = getRandomString();
+        sessionStorage.setItem('pkceState', pkceState);
+        const codeVerifier = getRandomString();
+        sessionStorage.setItem('codeVerifier', codeVerifier);
+        const arrayHash = await encryptSHA256(codeVerifier);
+        const codeChallenge = arrayBufferToBase64(arrayHash).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+        sessionStorage.setItem('codeChallenge', codeChallenge);
     }
     /**
      * Processes an OAuth authorization code.
@@ -1364,39 +1344,35 @@ class MedplumClient extends EventTarget {
      * @param clientSecret The client secret.
      * @returns Promise that resolves to the client profile.
      */
-    startClientLogin(clientId, clientSecret) {
-        return __awaiter(this, void 0, void 0, function* () {
-            __classPrivateFieldSet(this, _MedplumClient_clientId, clientId, "f");
-            __classPrivateFieldSet(this, _MedplumClient_clientSecret, clientSecret, "f");
-            const formBody = new URLSearchParams();
-            formBody.set('grant_type', 'client_credentials');
-            formBody.set('client_id', clientId);
-            formBody.set('client_secret', clientSecret);
-            return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_fetchTokens).call(this, formBody);
-        });
+    async startClientLogin(clientId, clientSecret) {
+        __classPrivateFieldSet(this, _MedplumClient_clientId, clientId, "f");
+        __classPrivateFieldSet(this, _MedplumClient_clientSecret, clientSecret, "f");
+        const formBody = new URLSearchParams();
+        formBody.set('grant_type', 'client_credentials');
+        formBody.set('client_id', clientId);
+        formBody.set('client_secret', clientSecret);
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_fetchTokens).call(this, formBody);
     }
 }
 _MedplumClient_fetch = new WeakMap(), _MedplumClient_createPdf = new WeakMap(), _MedplumClient_storage = new WeakMap(), _MedplumClient_requestCache = new WeakMap(), _MedplumClient_cacheTime = new WeakMap(), _MedplumClient_baseUrl = new WeakMap(), _MedplumClient_authorizeUrl = new WeakMap(), _MedplumClient_tokenUrl = new WeakMap(), _MedplumClient_logoutUrl = new WeakMap(), _MedplumClient_onUnauthenticated = new WeakMap(), _MedplumClient_clientId = new WeakMap(), _MedplumClient_clientSecret = new WeakMap(), _MedplumClient_accessToken = new WeakMap(), _MedplumClient_refreshToken = new WeakMap(), _MedplumClient_refreshPromise = new WeakMap(), _MedplumClient_profilePromise = new WeakMap(), _MedplumClient_profile = new WeakMap(), _MedplumClient_config = new WeakMap(), _MedplumClient_instances = new WeakSet(), _MedplumClient_addLogin = function _MedplumClient_addLogin(newLogin) {
-    const logins = this.getLogins().filter((login) => { var _a, _b; return ((_a = login.profile) === null || _a === void 0 ? void 0 : _a.reference) !== ((_b = newLogin.profile) === null || _b === void 0 ? void 0 : _b.reference); });
+    const logins = this.getLogins().filter((login) => login.profile?.reference !== newLogin.profile?.reference);
     logins.push(newLogin);
     __classPrivateFieldGet(this, _MedplumClient_storage, "f").setObject('logins', logins);
-}, _MedplumClient_refreshProfile = function _MedplumClient_refreshProfile() {
-    return __awaiter(this, void 0, void 0, function* () {
-        __classPrivateFieldSet(this, _MedplumClient_profilePromise, new Promise((resolve, reject) => {
-            this.get('auth/me')
-                .then((result) => {
-                __classPrivateFieldSet(this, _MedplumClient_profilePromise, undefined, "f");
-                __classPrivateFieldSet(this, _MedplumClient_profile, result.profile, "f");
-                __classPrivateFieldSet(this, _MedplumClient_config, result.config, "f");
-                this.dispatchEvent({ type: 'change' });
-                resolve(__classPrivateFieldGet(this, _MedplumClient_profile, "f"));
-            })
-                .catch(reject);
-        }), "f");
-        return __classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
-    });
+}, _MedplumClient_refreshProfile = async function _MedplumClient_refreshProfile() {
+    __classPrivateFieldSet(this, _MedplumClient_profilePromise, new Promise((resolve, reject) => {
+        this.get('auth/me')
+            .then((result) => {
+            __classPrivateFieldSet(this, _MedplumClient_profilePromise, undefined, "f");
+            __classPrivateFieldSet(this, _MedplumClient_profile, result.profile, "f");
+            __classPrivateFieldSet(this, _MedplumClient_config, result.config, "f");
+            this.dispatchEvent({ type: 'change' });
+            resolve(__classPrivateFieldGet(this, _MedplumClient_profile, "f"));
+        })
+            .catch(reject);
+    }), "f");
+    return __classPrivateFieldGet(this, _MedplumClient_profilePromise, "f");
 }, _MedplumClient_getCacheEntry = function _MedplumClient_getCacheEntry(key, options) {
-    if (__classPrivateFieldGet(this, _MedplumClient_cacheTime, "f") <= 0 || (options === null || options === void 0 ? void 0 : options.cache) === 'no-cache' || (options === null || options === void 0 ? void 0 : options.cache) === 'reload') {
+    if (__classPrivateFieldGet(this, _MedplumClient_cacheTime, "f") <= 0 || options?.cache === 'no-cache' || options?.cache === 'reload') {
         return undefined;
     }
     const entry = __classPrivateFieldGet(this, _MedplumClient_requestCache, "f").get(key);
@@ -1408,31 +1384,37 @@ _MedplumClient_fetch = new WeakMap(), _MedplumClient_createPdf = new WeakMap(),
     if (__classPrivateFieldGet(this, _MedplumClient_cacheTime, "f") > 0) {
         __classPrivateFieldGet(this, _MedplumClient_requestCache, "f").set(key, { requestTime: Date.now(), value });
     }
-}, _MedplumClient_request = function _MedplumClient_request(method, url, options = {}) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
-            yield __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
-        }
-        if (!url.startsWith('http')) {
-            url = __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + url;
-        }
-        options.method = method;
-        __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addFetchOptionsDefaults).call(this, options);
-        const response = yield __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, url, options);
-        if (response.status === 401) {
-            // Refresh and try again
-            return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_handleUnauthenticated).call(this, method, url, options);
-        }
-        if (response.status === 204 || response.status === 304) {
-            // No content or change
-            return undefined;
-        }
-        const obj = yield response.json();
-        if (response.status >= 400) {
-            throw obj;
-        }
-        return obj;
-    });
+}, _MedplumClient_request = 
+/**
+ * Makes an HTTP request.
+ * @param {string} method
+ * @param {string} url
+ * @param {string=} contentType
+ * @param {Object=} body
+ */
+async function _MedplumClient_request(method, url, options = {}) {
+    if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
+        await __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
+    }
+    if (!url.startsWith('http')) {
+        url = __classPrivateFieldGet(this, _MedplumClient_baseUrl, "f") + url;
+    }
+    options.method = method;
+    __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_addFetchOptionsDefaults).call(this, options);
+    const response = await __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, url, options);
+    if (response.status === 401) {
+        // Refresh and try again
+        return __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_handleUnauthenticated).call(this, method, url, options);
+    }
+    if (response.status === 204 || response.status === 304) {
+        // No content or change
+        return undefined;
+    }
+    const obj = await response.json();
+    if (response.status >= 400) {
+        throw obj;
+    }
+    return obj;
 }, _MedplumClient_addFetchOptionsDefaults = function _MedplumClient_addFetchOptionsDefaults(options) {
     if (!options.headers) {
         options.headers = {};
@@ -1476,18 +1458,22 @@ _MedplumClient_fetch = new WeakMap(), _MedplumClient_createPdf = new WeakMap(),
         __classPrivateFieldGet(this, _MedplumClient_onUnauthenticated, "f").call(this);
     }
     return Promise.reject(new Error('Unauthenticated'));
-}, _MedplumClient_requestAuthorization = function _MedplumClient_requestAuthorization() {
-    return __awaiter(this, void 0, void 0, function* () {
-        yield this.startPkce();
-        const url = new URL(__classPrivateFieldGet(this, _MedplumClient_authorizeUrl, "f"));
-        url.searchParams.set('response_type', 'code');
-        url.searchParams.set('state', sessionStorage.getItem('pkceState'));
-        url.searchParams.set('client_id', __classPrivateFieldGet(this, _MedplumClient_clientId, "f"));
-        url.searchParams.set('redirect_uri', getBaseUrl());
-        url.searchParams.set('code_challenge_method', 'S256');
-        url.searchParams.set('code_challenge', sessionStorage.getItem('codeChallenge'));
-        window.location.assign(url.toString());
-    });
+}, _MedplumClient_requestAuthorization = 
+/**
+ * Redirects the user to the login screen for authorization.
+ * Clears all auth state including local storage and session storage.
+ * See: https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint
+ */
+async function _MedplumClient_requestAuthorization() {
+    await this.startPkce();
+    const url = new URL(__classPrivateFieldGet(this, _MedplumClient_authorizeUrl, "f"));
+    url.searchParams.set('response_type', 'code');
+    url.searchParams.set('state', sessionStorage.getItem('pkceState'));
+    url.searchParams.set('client_id', __classPrivateFieldGet(this, _MedplumClient_clientId, "f"));
+    url.searchParams.set('redirect_uri', getBaseUrl());
+    url.searchParams.set('code_challenge_method', 'S256');
+    url.searchParams.set('code_challenge', sessionStorage.getItem('codeChallenge'));
+    window.location.assign(url.toString());
 }, _MedplumClient_refresh = function _MedplumClient_refresh() {
     if (__classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f")) {
         return __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
@@ -1505,43 +1491,52 @@ _MedplumClient_fetch = new WeakMap(), _MedplumClient_createPdf = new WeakMap(),
         return __classPrivateFieldGet(this, _MedplumClient_refreshPromise, "f");
     }
     return undefined;
-}, _MedplumClient_fetchTokens = function _MedplumClient_fetchTokens(formBody) {
-    return __awaiter(this, void 0, void 0, function* () {
-        return __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, __classPrivateFieldGet(this, _MedplumClient_tokenUrl, "f"), {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-            body: formBody,
-            credentials: 'include',
-        })
-            .then((response) => {
-            if (!response.ok) {
-                throw new Error('Failed to fetch tokens');
-            }
-            return response.json();
-        })
-            .then((tokens) => __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_verifyTokens).call(this, tokens))
-            .then(() => this.getProfile());
-    });
-}, _MedplumClient_verifyTokens = function _MedplumClient_verifyTokens(tokens) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const token = tokens.access_token;
-        // Verify token has not expired
-        const tokenPayload = parseJWTPayload(token);
-        if (Date.now() >= tokenPayload.exp * 1000) {
-            this.clear();
-            throw new Error('Token expired');
-        }
-        // Verify app_client_id
-        if (__classPrivateFieldGet(this, _MedplumClient_clientId, "f") && tokenPayload.client_id !== __classPrivateFieldGet(this, _MedplumClient_clientId, "f")) {
-            this.clear();
-            throw new Error('Token was not issued for this audience');
+}, _MedplumClient_fetchTokens = 
+/**
+ * Makes a POST request to the tokens endpoint.
+ * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
+ * @param formBody Token parameters in URL encoded format.
+ */
+async function _MedplumClient_fetchTokens(formBody) {
+    return __classPrivateFieldGet(this, _MedplumClient_fetch, "f").call(this, __classPrivateFieldGet(this, _MedplumClient_tokenUrl, "f"), {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: formBody,
+        credentials: 'include',
+    })
+        .then((response) => {
+        if (!response.ok) {
+            throw new Error('Failed to fetch tokens');
         }
-        yield this.setActiveLogin({
-            accessToken: token,
-            refreshToken: tokens.refresh_token,
-            project: tokens.project,
-            profile: tokens.profile,
-        });
+        return response.json();
+    })
+        .then((tokens) => __classPrivateFieldGet(this, _MedplumClient_instances, "m", _MedplumClient_verifyTokens).call(this, tokens))
+        .then(() => this.getProfile());
+}, _MedplumClient_verifyTokens = 
+/**
+ * Verifies the tokens received from the auth server.
+ * Validates the JWT against the JWKS.
+ * See: https://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
+ * @param tokens
+ */
+async function _MedplumClient_verifyTokens(tokens) {
+    const token = tokens.access_token;
+    // Verify token has not expired
+    const tokenPayload = parseJWTPayload(token);
+    if (Date.now() >= tokenPayload.exp * 1000) {
+        this.clear();
+        throw new Error('Token expired');
+    }
+    // Verify app_client_id
+    if (__classPrivateFieldGet(this, _MedplumClient_clientId, "f") && tokenPayload.client_id !== __classPrivateFieldGet(this, _MedplumClient_clientId, "f")) {
+        this.clear();
+        throw new Error('Token was not issued for this audience');
+    }
+    await this.setActiveLogin({
+        accessToken: token,
+        refreshToken: tokens.refresh_token,
+        project: tokens.project,
+        profile: tokens.profile,
     });
 }, _MedplumClient_setupStorageListener = function _MedplumClient_setupStorageListener() {
     try {
@@ -1573,4 +1568,4 @@ function ensureTrailingSlash(url) {
 }
 
 export { MEDPLUM_VERSION, MedplumClient };
-//# sourceMappingURL=client.js.map
+//# sourceMappingURL=client.mjs.map