@monocloud/auth-core 0.1.3 → 0.1.4

package/dist/utils/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","names":["payload: { session: MonoCloudSession; expiresAt?: number }","payload: { authState: T; expiresAt?: number }"],"sources":["../../src/utils/index.ts"],"sourcesContent":["import type {\n  AuthState,\n  CallbackParams,\n  IdTokenClaims,\n  MonoCloudSession,\n  MonoCloudUser,\n} from '../types';\nimport {\n  arrayBufferToBase64,\n  arrayBufferToString,\n  encodeBase64Url,\n  fromB64Url,\n  now,\n  randomBytes,\n  stringToArrayBuffer,\n} from './internal';\n\nconst PBKDF2_ITERATIONS = 310_000;\nconst SALT_LENGTH = 16;\nconst GCM_IV_LENGTH = 12;\n\nconst deriveEncryptionKey = async (\n  secret: string,\n  salt: Uint8Array\n): Promise<CryptoKey> => {\n  const baseKey = await crypto.subtle.importKey(\n    'raw',\n    stringToArrayBuffer(secret) as BufferSource,\n    'PBKDF2',\n    false,\n    ['deriveKey']\n  );\n\n  return crypto.subtle.deriveKey(\n    {\n      name: 'PBKDF2',\n      salt: salt as BufferSource,\n      iterations: PBKDF2_ITERATIONS,\n      hash: 'SHA-256',\n    },\n    baseKey,\n    { name: 'AES-GCM', length: 256 },\n    false,\n    ['encrypt', 'decrypt']\n  );\n};\n\n/**\n * Parses callback parameters from a URL, a URLSearchParams object, or a query string.\n */\nexport const parseCallbackParams = (\n  queryOrUrl: string | URL | URLSearchParams\n): CallbackParams => {\n  let params;\n\n  if (queryOrUrl instanceof URL) {\n    params = queryOrUrl.searchParams;\n  } else if (queryOrUrl instanceof URLSearchParams) {\n    params = queryOrUrl;\n  } else {\n    try {\n      params = new URL(queryOrUrl).searchParams;\n    } catch {\n      // eslint-disable-next-line no-param-reassign\n      queryOrUrl =\n        queryOrUrl.startsWith('?') || queryOrUrl.startsWith('#')\n          ? queryOrUrl.substring(1)\n          : queryOrUrl;\n      params = new URLSearchParams(queryOrUrl);\n    }\n  }\n\n  const expiresIn = params.get('expires_in');\n\n  return {\n    state: params.get('state') ?? undefined,\n    accessToken: params.get('access_token') ?? undefined,\n    idToken: params.get('id_token') ?? undefined,\n    refreshToken: params.get('refresh_token') ?? undefined,\n    sessionState: params.get('session_state') ?? undefined,\n    expiresIn: expiresIn ? parseInt(expiresIn, 10) : undefined,\n    code: params.get('code') ?? undefined,\n    error: params.get('error') ?? undefined,\n    errorDescription: params.get('error_description') ?? undefined,\n  };\n};\n\n/**\n * Encrypts a given string using a secret with AES-GCM.\n *\n * @param data - The plaintext data to encrypt.\n * @param secret - The secret used to derive the encryption key.\n * @returns Base64-encoded ciphertext.\n */\nexport const encrypt = async (\n  data: string,\n  secret: string\n): Promise<string> => {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const iv = crypto.getRandomValues(new Uint8Array(GCM_IV_LENGTH));\n  const plaintextBuffer = stringToArrayBuffer(data);\n  const key = await deriveEncryptionKey(secret, salt);\n\n  const ciphertext = await crypto.subtle.encrypt(\n    {\n      name: 'AES-GCM',\n      iv,\n    },\n    key,\n    plaintextBuffer as BufferSource\n  );\n\n  const resultBuffer = new Uint8Array(\n    salt.byteLength + iv.byteLength + ciphertext.byteLength\n  );\n  resultBuffer.set(salt, 0);\n  resultBuffer.set(iv, salt.byteLength);\n  resultBuffer.set(new Uint8Array(ciphertext), salt.byteLength + iv.byteLength);\n\n  return arrayBufferToBase64(resultBuffer);\n};\n\n/**\n * Decrypts an encrypted string using a secret with AES-GCM.\n *\n * @param encrypted - The ciphertext to decrypt.\n * @param secret - The secret used to derive the decryption key.\n *\n * @returns Decrypted plaintext string or undefined if decryption fails.\n */\nexport const decrypt = async (\n  encrypted: string,\n  secret: string\n): Promise<string | undefined> => {\n  try {\n    const ciphertextBuffer = Uint8Array.from(atob(fromB64Url(encrypted)), c =>\n      c.charCodeAt(0)\n    );\n\n    if (ciphertextBuffer.byteLength <= SALT_LENGTH + GCM_IV_LENGTH) {\n      return undefined;\n    }\n\n    const salt = ciphertextBuffer.slice(0, SALT_LENGTH);\n    const iv = ciphertextBuffer.slice(SALT_LENGTH, SALT_LENGTH + GCM_IV_LENGTH);\n    const encryptedPayload = ciphertextBuffer.slice(\n      SALT_LENGTH + GCM_IV_LENGTH\n    );\n    const key = await deriveEncryptionKey(secret, salt);\n    const decryptedBuffer = await crypto.subtle.decrypt(\n      {\n        name: 'AES-GCM',\n        iv,\n      },\n      key,\n      encryptedPayload\n    );\n    return arrayBufferToString(decryptedBuffer);\n  } catch {\n    return undefined;\n  }\n};\n\n/**\n * Encrypts a MonoCloud session object with a secret and optional time-to-live (TTL).\n *\n * @param session - The session object to encrypt.\n * @param secret - The secret used for encryption.\n * @param ttl - Optional time-to-live in seconds, after which the session expires.\n * @returns Encrypted session string.\n */\nexport const encryptSession = (\n  session: MonoCloudSession,\n  secret: string,\n  ttl?: number\n): Promise<string> => {\n  let expiresAt;\n\n  if (typeof ttl === 'number') {\n    expiresAt = now() + ttl;\n  }\n  return encrypt(JSON.stringify({ session, expiresAt }), secret);\n};\n\n/**\n * Decrypts an encrypted MonoCloud session.\n *\n * @param encryptedSession - The encrypted session string to decrypt.\n * @param secret - The secret used for decryption.\n *\n * @returns Session object on success.\n *\n * @throws If decryption fails or the session has expired\n */\nexport const decryptSession = async (\n  encryptedSession: string,\n  secret: string\n): Promise<MonoCloudSession> => {\n  const decryptedText = await decrypt(encryptedSession, secret);\n\n  if (!decryptedText) {\n    throw new Error('Invalid session data');\n  }\n\n  let payload: { session: MonoCloudSession; expiresAt?: number };\n  try {\n    payload = JSON.parse(decryptedText);\n  } catch {\n    throw new Error('Invalid session data');\n  }\n\n  const { session, expiresAt } = payload;\n\n  if (!session) {\n    throw new Error('Invalid session data');\n  }\n\n  if (typeof expiresAt === 'number' && expiresAt < now()) {\n    throw new Error('Session Expired');\n  }\n\n  return session;\n};\n\n/**\n * Encrypts an AuthState object with a secret and optional time-to-live (TTL).\n *\n * @param authState - A type that extends the AuthState interface.\n * @param secret - The secret used for encryption.\n * @param ttl - Optional time-to-live in seconds, after which the auth state expires.\n *\n * @returns Encrypted auth state string.\n */\nexport const encryptAuthState = <T extends AuthState>(\n  authState: T,\n  secret: string,\n  ttl?: number\n): Promise<string> => {\n  let expiresAt;\n\n  if (typeof ttl === 'number') {\n    expiresAt = now() + ttl;\n  }\n\n  return encrypt(JSON.stringify({ authState, expiresAt }), secret);\n};\n\n/**\n * Decrypts an encrypted AuthState.\n *\n * @param encryptedAuthState - The encrypted auth state string to decrypt.\n * @param secret - The secret used for decryption.\n *\n * @returns State object on success\n *\n * @throws If decryption fails or the auth state has expired\n *\n */\nexport const decryptAuthState = async <T extends AuthState>(\n  encryptedAuthState: string,\n  secret: string\n): Promise<T> => {\n  const decryptedText = await decrypt(encryptedAuthState, secret);\n\n  if (!decryptedText) {\n    throw new Error('Invalid auth state');\n  }\n\n  let payload: { authState: T; expiresAt?: number };\n  try {\n    payload = JSON.parse(decryptedText);\n  } catch {\n    throw new Error('Invalid auth state');\n  }\n\n  const { authState, expiresAt } = payload;\n\n  if (!authState) {\n    throw new Error('Invalid auth state');\n  }\n\n  if (typeof expiresAt === 'number' && expiresAt < now()) {\n    throw new Error('Auth state expired');\n  }\n\n  return authState;\n};\n\n/**\n * Checks if a user is a member of a specified group or groups.\n *\n * @param user - The user.\n * @param groups - An array of group names or IDs to check membership against.\n * @param groupsClaim - The claim in the user object that contains groups.\n * @param matchAll - If `true`, requires the user to be in all specified groups; if `false`, checks if the user is in at least one of the groups.\n *\n * @returns `true` if the user is in the specified groups, `false` otherwise.\n */\nexport const isUserInGroup = (\n  user: MonoCloudUser | IdTokenClaims,\n  groups: string[],\n  groupsClaim = 'groups',\n  matchAll = false\n): boolean => {\n  const userGroups = (user[groupsClaim] ?? []) as (\n    | string\n    | { id: string; name: string }\n  )[];\n\n  if (!Array.isArray(groups) || groups.length === 0) {\n    return true;\n  }\n\n  if (!Array.isArray(userGroups) || userGroups.length === 0) {\n    return false;\n  }\n\n  let matched = false;\n\n  for (const expectedGroup of groups) {\n    const userInGroup = userGroups.some(\n      g =>\n        (typeof g === 'string' && g === expectedGroup) ||\n        (typeof g === 'object' &&\n          (g.id === expectedGroup || g.name === expectedGroup))\n    );\n\n    if (!matchAll && userInGroup) {\n      return userInGroup;\n    }\n\n    if (matchAll && !userInGroup) {\n      return false;\n    }\n\n    matched = userInGroup;\n  }\n\n  return matched;\n};\n\n/**\n * Generates a random state string.\n */\nexport const generateState = (): string => randomBytes(32);\n\n/**\n * Generates a PKCE (Proof Key for Code Exchange) code verifier and code challenge.\n *\n */\nexport const generatePKCE = async (): Promise<{\n  codeVerifier: string;\n  codeChallenge: string;\n}> => {\n  const codeVerifier = randomBytes(32);\n  return {\n    codeVerifier,\n    codeChallenge: encodeBase64Url(\n      await crypto.subtle.digest(\n        'SHA-256',\n        stringToArrayBuffer(codeVerifier) as BufferSource\n      )\n    ),\n  };\n};\n\n/**\n * Generates a random nonce string.\n */\nexport const generateNonce = (): string => randomBytes(32);\n\n/**\n * @ignore\n * Merges multiple arrays of strings, removing duplicates.\n *\n * @param args - List of arrays to merge\n *\n * @returns A new array containing unique strings from both input arrays, or `undefined` if both inputs are `undefined`.\n */\nexport const mergeArrays = (\n  ...args: (string[] | undefined)[]\n): string[] | undefined => {\n  const arrays = args.filter(x => Array.isArray(x));\n  return arrays.length > 0\n    ? Array.from(new Set(arrays.reduce((acc, x) => [...acc, ...x], [])))\n    : undefined;\n};\n"],"mappings":";;;AAiBA,MAAM,oBAAoB;AAC1B,MAAM,cAAc;AACpB,MAAM,gBAAgB;AAEtB,MAAM,sBAAsB,OAC1B,QACA,SACuB;CACvB,MAAM,UAAU,MAAM,OAAO,OAAO,UAClC,OACA,oBAAoB,OAAO,EAC3B,UACA,OACA,CAAC,YAAY,CACd;AAED,QAAO,OAAO,OAAO,UACnB;EACE,MAAM;EACA;EACN,YAAY;EACZ,MAAM;EACP,EACD,SACA;EAAE,MAAM;EAAW,QAAQ;EAAK,EAChC,OACA,CAAC,WAAW,UAAU,CACvB;;;;;AAMH,MAAa,uBACX,eACmB;CACnB,IAAI;AAEJ,KAAI,sBAAsB,IACxB,UAAS,WAAW;UACX,sBAAsB,gBAC/B,UAAS;KAET,KAAI;AACF,WAAS,IAAI,IAAI,WAAW,CAAC;SACvB;AAEN,eACE,WAAW,WAAW,IAAI,IAAI,WAAW,WAAW,IAAI,GACpD,WAAW,UAAU,EAAE,GACvB;AACN,WAAS,IAAI,gBAAgB,WAAW;;CAI5C,MAAM,YAAY,OAAO,IAAI,aAAa;AAE1C,QAAO;EACL,OAAO,OAAO,IAAI,QAAQ,IAAI;EAC9B,aAAa,OAAO,IAAI,eAAe,IAAI;EAC3C,SAAS,OAAO,IAAI,WAAW,IAAI;EACnC,cAAc,OAAO,IAAI,gBAAgB,IAAI;EAC7C,cAAc,OAAO,IAAI,gBAAgB,IAAI;EAC7C,WAAW,YAAY,SAAS,WAAW,GAAG,GAAG;EACjD,MAAM,OAAO,IAAI,OAAO,IAAI;EAC5B,OAAO,OAAO,IAAI,QAAQ,IAAI;EAC9B,kBAAkB,OAAO,IAAI,oBAAoB,IAAI;EACtD;;;;;;;;;AAUH,MAAa,UAAU,OACrB,MACA,WACoB;CACpB,MAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,YAAY,CAAC;CAChE,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,cAAc,CAAC;CAChE,MAAM,kBAAkB,oBAAoB,KAAK;CACjD,MAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK;CAEnD,MAAM,aAAa,MAAM,OAAO,OAAO,QACrC;EACE,MAAM;EACN;EACD,EACD,KACA,gBACD;CAED,MAAM,eAAe,IAAI,WACvB,KAAK,aAAa,GAAG,aAAa,WAAW,WAC9C;AACD,cAAa,IAAI,MAAM,EAAE;AACzB,cAAa,IAAI,IAAI,KAAK,WAAW;AACrC,cAAa,IAAI,IAAI,WAAW,WAAW,EAAE,KAAK,aAAa,GAAG,WAAW;AAE7E,QAAO,oBAAoB,aAAa;;;;;;;;;;AAW1C,MAAa,UAAU,OACrB,WACA,WACgC;AAChC,KAAI;EACF,MAAM,mBAAmB,WAAW,KAAK,KAAK,WAAW,UAAU,CAAC,GAAE,MACpE,EAAE,WAAW,EAAE,CAChB;AAED,MAAI,iBAAiB,cAAc,cAAc,cAC/C;EAGF,MAAM,OAAO,iBAAiB,MAAM,GAAG,YAAY;EACnD,MAAM,KAAK,iBAAiB,MAAM,aAAa,cAAc,cAAc;EAC3E,MAAM,mBAAmB,iBAAiB,MACxC,cAAc,cACf;EACD,MAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK;AASnD,SAAO,oBARiB,MAAM,OAAO,OAAO,QAC1C;GACE,MAAM;GACN;GACD,EACD,KACA,iBACD,CAC0C;SACrC;AACN;;;;;;;;;;;AAYJ,MAAa,kBACX,SACA,QACA,QACoB;CACpB,IAAI;AAEJ,KAAI,OAAO,QAAQ,SACjB,aAAY,KAAK,GAAG;AAEtB,QAAO,QAAQ,KAAK,UAAU;EAAE;EAAS;EAAW,CAAC,EAAE,OAAO;;;;;;;;;;;;AAahE,MAAa,iBAAiB,OAC5B,kBACA,WAC8B;CAC9B,MAAM,gBAAgB,MAAM,QAAQ,kBAAkB,OAAO;AAE7D,KAAI,CAAC,cACH,OAAM,IAAI,MAAM,uBAAuB;CAGzC,IAAIA;AACJ,KAAI;AACF,YAAU,KAAK,MAAM,cAAc;SAC7B;AACN,QAAM,IAAI,MAAM,uBAAuB;;CAGzC,MAAM,EAAE,SAAS,cAAc;AAE/B,KAAI,CAAC,QACH,OAAM,IAAI,MAAM,uBAAuB;AAGzC,KAAI,OAAO,cAAc,YAAY,YAAY,KAAK,CACpD,OAAM,IAAI,MAAM,kBAAkB;AAGpC,QAAO;;;;;;;;;;;AAYT,MAAa,oBACX,WACA,QACA,QACoB;CACpB,IAAI;AAEJ,KAAI,OAAO,QAAQ,SACjB,aAAY,KAAK,GAAG;AAGtB,QAAO,QAAQ,KAAK,UAAU;EAAE;EAAW;EAAW,CAAC,EAAE,OAAO;;;;;;;;;;;;;AAclE,MAAa,mBAAmB,OAC9B,oBACA,WACe;CACf,MAAM,gBAAgB,MAAM,QAAQ,oBAAoB,OAAO;AAE/D,KAAI,CAAC,cACH,OAAM,IAAI,MAAM,qBAAqB;CAGvC,IAAIC;AACJ,KAAI;AACF,YAAU,KAAK,MAAM,cAAc;SAC7B;AACN,QAAM,IAAI,MAAM,qBAAqB;;CAGvC,MAAM,EAAE,WAAW,cAAc;AAEjC,KAAI,CAAC,UACH,OAAM,IAAI,MAAM,qBAAqB;AAGvC,KAAI,OAAO,cAAc,YAAY,YAAY,KAAK,CACpD,OAAM,IAAI,MAAM,qBAAqB;AAGvC,QAAO;;;;;;;;;;;;AAaT,MAAa,iBACX,MACA,QACA,cAAc,UACd,WAAW,UACC;CACZ,MAAM,aAAc,KAAK,gBAAgB,EAAE;AAK3C,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C,QAAO;AAGT,KAAI,CAAC,MAAM,QAAQ,WAAW,IAAI,WAAW,WAAW,EACtD,QAAO;CAGT,IAAI,UAAU;AAEd,MAAK,MAAM,iBAAiB,QAAQ;EAClC,MAAM,cAAc,WAAW,MAC7B,MACG,OAAO,MAAM,YAAY,MAAM,iBAC/B,OAAO,MAAM,aACX,EAAE,OAAO,iBAAiB,EAAE,SAAS,eAC3C;AAED,MAAI,CAAC,YAAY,YACf,QAAO;AAGT,MAAI,YAAY,CAAC,YACf,QAAO;AAGT,YAAU;;AAGZ,QAAO;;;;;AAMT,MAAa,sBAA8B,YAAY,GAAG;;;;;AAM1D,MAAa,eAAe,YAGtB;CACJ,MAAM,eAAe,YAAY,GAAG;AACpC,QAAO;EACL;EACA,eAAe,gBACb,MAAM,OAAO,OAAO,OAClB,WACA,oBAAoB,aAAa,CAClC,CACF;EACF;;;;;AAMH,MAAa,sBAA8B,YAAY,GAAG;;;;;;;;;AAU1D,MAAa,eACX,GAAG,SACsB;CACzB,MAAM,SAAS,KAAK,QAAO,MAAK,MAAM,QAAQ,EAAE,CAAC;AACjD,QAAO,OAAO,SAAS,IACnB,MAAM,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,MAAM,CAAC,GAAG,KAAK,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAClE"}
+{"version":3,"file":"index.mjs","names":[],"sources":["../../src/utils/index.ts"],"sourcesContent":["import type {\n  AuthState,\n  CallbackParams,\n  IdTokenClaims,\n  MonoCloudSession,\n  MonoCloudUser,\n} from '../types';\nimport {\n  arrayBufferToBase64,\n  arrayBufferToString,\n  encodeBase64Url,\n  fromB64Url,\n  now,\n  randomBytes,\n  stringToArrayBuffer,\n} from './internal';\n\nconst PBKDF2_ITERATIONS = 310_000;\nconst SALT_LENGTH = 16;\nconst GCM_IV_LENGTH = 12;\n\nconst deriveEncryptionKey = async (\n  secret: string,\n  salt: Uint8Array\n): Promise<CryptoKey> => {\n  const baseKey = await crypto.subtle.importKey(\n    'raw',\n    stringToArrayBuffer(secret) as BufferSource,\n    'PBKDF2',\n    false,\n    ['deriveKey']\n  );\n\n  return crypto.subtle.deriveKey(\n    {\n      name: 'PBKDF2',\n      salt: salt as BufferSource,\n      iterations: PBKDF2_ITERATIONS,\n      hash: 'SHA-256',\n    },\n    baseKey,\n    { name: 'AES-GCM', length: 256 },\n    false,\n    ['encrypt', 'decrypt']\n  );\n};\n\n/**\n * Parses callback parameters from a URL, a URLSearchParams object, or a query string.\n */\nexport const parseCallbackParams = (\n  queryOrUrl: string | URL | URLSearchParams\n): CallbackParams => {\n  let params;\n\n  if (queryOrUrl instanceof URL) {\n    params = queryOrUrl.searchParams;\n  } else if (queryOrUrl instanceof URLSearchParams) {\n    params = queryOrUrl;\n  } else {\n    try {\n      params = new URL(queryOrUrl).searchParams;\n    } catch {\n      // eslint-disable-next-line no-param-reassign\n      queryOrUrl =\n        queryOrUrl.startsWith('?') || queryOrUrl.startsWith('#')\n          ? queryOrUrl.substring(1)\n          : queryOrUrl;\n      params = new URLSearchParams(queryOrUrl);\n    }\n  }\n\n  const expiresIn = params.get('expires_in');\n\n  return {\n    state: params.get('state') ?? undefined,\n    accessToken: params.get('access_token') ?? undefined,\n    idToken: params.get('id_token') ?? undefined,\n    refreshToken: params.get('refresh_token') ?? undefined,\n    sessionState: params.get('session_state') ?? undefined,\n    expiresIn: expiresIn ? parseInt(expiresIn, 10) : undefined,\n    code: params.get('code') ?? undefined,\n    error: params.get('error') ?? undefined,\n    errorDescription: params.get('error_description') ?? undefined,\n  };\n};\n\n/**\n * Encrypts a given string using a secret with AES-GCM.\n *\n * @param data - The plaintext data to encrypt.\n * @param secret - The secret used to derive the encryption key.\n * @returns Base64-encoded ciphertext.\n */\nexport const encrypt = async (\n  data: string,\n  secret: string\n): Promise<string> => {\n  const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n  const iv = crypto.getRandomValues(new Uint8Array(GCM_IV_LENGTH));\n  const plaintextBuffer = stringToArrayBuffer(data);\n  const key = await deriveEncryptionKey(secret, salt);\n\n  const ciphertext = await crypto.subtle.encrypt(\n    {\n      name: 'AES-GCM',\n      iv,\n    },\n    key,\n    plaintextBuffer as BufferSource\n  );\n\n  const resultBuffer = new Uint8Array(\n    salt.byteLength + iv.byteLength + ciphertext.byteLength\n  );\n  resultBuffer.set(salt, 0);\n  resultBuffer.set(iv, salt.byteLength);\n  resultBuffer.set(new Uint8Array(ciphertext), salt.byteLength + iv.byteLength);\n\n  return arrayBufferToBase64(resultBuffer);\n};\n\n/**\n * Decrypts an encrypted string using a secret with AES-GCM.\n *\n * @param encrypted - The ciphertext to decrypt.\n * @param secret - The secret used to derive the decryption key.\n *\n * @returns Decrypted plaintext string or undefined if decryption fails.\n */\nexport const decrypt = async (\n  encrypted: string,\n  secret: string\n): Promise<string | undefined> => {\n  try {\n    const ciphertextBuffer = Uint8Array.from(atob(fromB64Url(encrypted)), c =>\n      c.charCodeAt(0)\n    );\n\n    if (ciphertextBuffer.byteLength <= SALT_LENGTH + GCM_IV_LENGTH) {\n      return undefined;\n    }\n\n    const salt = ciphertextBuffer.slice(0, SALT_LENGTH);\n    const iv = ciphertextBuffer.slice(SALT_LENGTH, SALT_LENGTH + GCM_IV_LENGTH);\n    const encryptedPayload = ciphertextBuffer.slice(\n      SALT_LENGTH + GCM_IV_LENGTH\n    );\n    const key = await deriveEncryptionKey(secret, salt);\n    const decryptedBuffer = await crypto.subtle.decrypt(\n      {\n        name: 'AES-GCM',\n        iv,\n      },\n      key,\n      encryptedPayload\n    );\n    return arrayBufferToString(decryptedBuffer);\n  } catch {\n    return undefined;\n  }\n};\n\n/**\n * Encrypts a MonoCloud session object with a secret and optional time-to-live (TTL).\n *\n * @param session - The session object to encrypt.\n * @param secret - The secret used for encryption.\n * @param ttl - Optional time-to-live in seconds, after which the session expires.\n * @returns Encrypted session string.\n */\nexport const encryptSession = (\n  session: MonoCloudSession,\n  secret: string,\n  ttl?: number\n): Promise<string> => {\n  let expiresAt;\n\n  if (typeof ttl === 'number') {\n    expiresAt = now() + ttl;\n  }\n  return encrypt(JSON.stringify({ session, expiresAt }), secret);\n};\n\n/**\n * Decrypts an encrypted MonoCloud session.\n *\n * @param encryptedSession - The encrypted session string to decrypt.\n * @param secret - The secret used for decryption.\n *\n * @returns Session object on success.\n *\n * @throws If decryption fails or the session has expired\n */\nexport const decryptSession = async (\n  encryptedSession: string,\n  secret: string\n): Promise<MonoCloudSession> => {\n  const decryptedText = await decrypt(encryptedSession, secret);\n\n  if (!decryptedText) {\n    throw new Error('Invalid session data');\n  }\n\n  let payload: { session: MonoCloudSession; expiresAt?: number };\n  try {\n    payload = JSON.parse(decryptedText);\n  } catch {\n    throw new Error('Invalid session data');\n  }\n\n  const { session, expiresAt } = payload;\n\n  if (!session) {\n    throw new Error('Invalid session data');\n  }\n\n  if (typeof expiresAt === 'number' && expiresAt < now()) {\n    throw new Error('Session Expired');\n  }\n\n  return session;\n};\n\n/**\n * Encrypts an AuthState object with a secret and optional time-to-live (TTL).\n *\n * @param authState - A type that extends the AuthState interface.\n * @param secret - The secret used for encryption.\n * @param ttl - Optional time-to-live in seconds, after which the auth state expires.\n *\n * @returns Encrypted auth state string.\n */\nexport const encryptAuthState = <T extends AuthState>(\n  authState: T,\n  secret: string,\n  ttl?: number\n): Promise<string> => {\n  let expiresAt;\n\n  if (typeof ttl === 'number') {\n    expiresAt = now() + ttl;\n  }\n\n  return encrypt(JSON.stringify({ authState, expiresAt }), secret);\n};\n\n/**\n * Decrypts an encrypted AuthState.\n *\n * @param encryptedAuthState - The encrypted auth state string to decrypt.\n * @param secret - The secret used for decryption.\n *\n * @returns State object on success\n *\n * @throws If decryption fails or the auth state has expired\n *\n */\nexport const decryptAuthState = async <T extends AuthState>(\n  encryptedAuthState: string,\n  secret: string\n): Promise<T> => {\n  const decryptedText = await decrypt(encryptedAuthState, secret);\n\n  if (!decryptedText) {\n    throw new Error('Invalid auth state');\n  }\n\n  let payload: { authState: T; expiresAt?: number };\n  try {\n    payload = JSON.parse(decryptedText);\n  } catch {\n    throw new Error('Invalid auth state');\n  }\n\n  const { authState, expiresAt } = payload;\n\n  if (!authState) {\n    throw new Error('Invalid auth state');\n  }\n\n  if (typeof expiresAt === 'number' && expiresAt < now()) {\n    throw new Error('Auth state expired');\n  }\n\n  return authState;\n};\n\n/**\n * Checks if a user is a member of a specified group or groups.\n *\n * @param user - The user.\n * @param groups - An array of group names or IDs to check membership against.\n * @param groupsClaim - The claim in the user object that contains groups.\n * @param matchAll - If `true`, requires the user to be in all specified groups; if `false`, checks if the user is in at least one of the groups.\n *\n * @returns `true` if the user is in the specified groups, `false` otherwise.\n */\nexport const isUserInGroup = (\n  user: MonoCloudUser | IdTokenClaims,\n  groups: string[],\n  groupsClaim = 'groups',\n  matchAll = false\n): boolean => {\n  const userGroups = (user[groupsClaim] ?? []) as (\n    | string\n    | { id: string; name: string }\n  )[];\n\n  if (!Array.isArray(groups) || groups.length === 0) {\n    return true;\n  }\n\n  if (!Array.isArray(userGroups) || userGroups.length === 0) {\n    return false;\n  }\n\n  let matched = false;\n\n  for (const expectedGroup of groups) {\n    const userInGroup = userGroups.some(\n      g =>\n        (typeof g === 'string' && g === expectedGroup) ||\n        (typeof g === 'object' &&\n          (g.id === expectedGroup || g.name === expectedGroup))\n    );\n\n    if (!matchAll && userInGroup) {\n      return userInGroup;\n    }\n\n    if (matchAll && !userInGroup) {\n      return false;\n    }\n\n    matched = userInGroup;\n  }\n\n  return matched;\n};\n\n/**\n * Generates a random state string.\n */\nexport const generateState = (): string => randomBytes(32);\n\n/**\n * Generates a PKCE (Proof Key for Code Exchange) code verifier and code challenge.\n *\n */\nexport const generatePKCE = async (): Promise<{\n  codeVerifier: string;\n  codeChallenge: string;\n}> => {\n  const codeVerifier = randomBytes(32);\n  return {\n    codeVerifier,\n    codeChallenge: encodeBase64Url(\n      await crypto.subtle.digest(\n        'SHA-256',\n        stringToArrayBuffer(codeVerifier) as BufferSource\n      )\n    ),\n  };\n};\n\n/**\n * Generates a random nonce string.\n */\nexport const generateNonce = (): string => randomBytes(32);\n\n/**\n * @ignore\n * Merges multiple arrays of strings, removing duplicates.\n *\n * @param args - List of arrays to merge\n *\n * @returns A new array containing unique strings from both input arrays, or `undefined` if both inputs are `undefined`.\n */\nexport const mergeArrays = (\n  ...args: (string[] | undefined)[]\n): string[] | undefined => {\n  const arrays = args.filter(x => Array.isArray(x));\n  return arrays.length > 0\n    ? Array.from(new Set(arrays.reduce((acc, x) => [...acc, ...x], [])))\n    : undefined;\n};\n"],"mappings":";;;AAiBA,MAAM,oBAAoB;AAC1B,MAAM,cAAc;AACpB,MAAM,gBAAgB;AAEtB,MAAM,sBAAsB,OAC1B,QACA,SACuB;CACvB,MAAM,UAAU,MAAM,OAAO,OAAO,UAClC,OACA,oBAAoB,OAAO,EAC3B,UACA,OACA,CAAC,YAAY,CACd;AAED,QAAO,OAAO,OAAO,UACnB;EACE,MAAM;EACA;EACN,YAAY;EACZ,MAAM;EACP,EACD,SACA;EAAE,MAAM;EAAW,QAAQ;EAAK,EAChC,OACA,CAAC,WAAW,UAAU,CACvB;;;;;AAMH,MAAa,uBACX,eACmB;CACnB,IAAI;AAEJ,KAAI,sBAAsB,IACxB,UAAS,WAAW;UACX,sBAAsB,gBAC/B,UAAS;KAET,KAAI;AACF,WAAS,IAAI,IAAI,WAAW,CAAC;SACvB;AAEN,eACE,WAAW,WAAW,IAAI,IAAI,WAAW,WAAW,IAAI,GACpD,WAAW,UAAU,EAAE,GACvB;AACN,WAAS,IAAI,gBAAgB,WAAW;;CAI5C,MAAM,YAAY,OAAO,IAAI,aAAa;AAE1C,QAAO;EACL,OAAO,OAAO,IAAI,QAAQ,IAAI;EAC9B,aAAa,OAAO,IAAI,eAAe,IAAI;EAC3C,SAAS,OAAO,IAAI,WAAW,IAAI;EACnC,cAAc,OAAO,IAAI,gBAAgB,IAAI;EAC7C,cAAc,OAAO,IAAI,gBAAgB,IAAI;EAC7C,WAAW,YAAY,SAAS,WAAW,GAAG,GAAG;EACjD,MAAM,OAAO,IAAI,OAAO,IAAI;EAC5B,OAAO,OAAO,IAAI,QAAQ,IAAI;EAC9B,kBAAkB,OAAO,IAAI,oBAAoB,IAAI;EACtD;;;;;;;;;AAUH,MAAa,UAAU,OACrB,MACA,WACoB;CACpB,MAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,YAAY,CAAC;CAChE,MAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,cAAc,CAAC;CAChE,MAAM,kBAAkB,oBAAoB,KAAK;CACjD,MAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK;CAEnD,MAAM,aAAa,MAAM,OAAO,OAAO,QACrC;EACE,MAAM;EACN;EACD,EACD,KACA,gBACD;CAED,MAAM,eAAe,IAAI,WACvB,KAAK,aAAa,GAAG,aAAa,WAAW,WAC9C;AACD,cAAa,IAAI,MAAM,EAAE;AACzB,cAAa,IAAI,IAAI,KAAK,WAAW;AACrC,cAAa,IAAI,IAAI,WAAW,WAAW,EAAE,KAAK,aAAa,GAAG,WAAW;AAE7E,QAAO,oBAAoB,aAAa;;;;;;;;;;AAW1C,MAAa,UAAU,OACrB,WACA,WACgC;AAChC,KAAI;EACF,MAAM,mBAAmB,WAAW,KAAK,KAAK,WAAW,UAAU,CAAC,GAAE,MACpE,EAAE,WAAW,EAAE,CAChB;AAED,MAAI,iBAAiB,cAAc,cAAc,cAC/C;EAGF,MAAM,OAAO,iBAAiB,MAAM,GAAG,YAAY;EACnD,MAAM,KAAK,iBAAiB,MAAM,aAAa,cAAc,cAAc;EAC3E,MAAM,mBAAmB,iBAAiB,MACxC,cAAc,cACf;EACD,MAAM,MAAM,MAAM,oBAAoB,QAAQ,KAAK;AASnD,SAAO,oBARiB,MAAM,OAAO,OAAO,QAC1C;GACE,MAAM;GACN;GACD,EACD,KACA,iBACD,CAC0C;SACrC;AACN;;;;;;;;;;;AAYJ,MAAa,kBACX,SACA,QACA,QACoB;CACpB,IAAI;AAEJ,KAAI,OAAO,QAAQ,SACjB,aAAY,KAAK,GAAG;AAEtB,QAAO,QAAQ,KAAK,UAAU;EAAE;EAAS;EAAW,CAAC,EAAE,OAAO;;;;;;;;;;;;AAahE,MAAa,iBAAiB,OAC5B,kBACA,WAC8B;CAC9B,MAAM,gBAAgB,MAAM,QAAQ,kBAAkB,OAAO;AAE7D,KAAI,CAAC,cACH,OAAM,IAAI,MAAM,uBAAuB;CAGzC,IAAI;AACJ,KAAI;AACF,YAAU,KAAK,MAAM,cAAc;SAC7B;AACN,QAAM,IAAI,MAAM,uBAAuB;;CAGzC,MAAM,EAAE,SAAS,cAAc;AAE/B,KAAI,CAAC,QACH,OAAM,IAAI,MAAM,uBAAuB;AAGzC,KAAI,OAAO,cAAc,YAAY,YAAY,KAAK,CACpD,OAAM,IAAI,MAAM,kBAAkB;AAGpC,QAAO;;;;;;;;;;;AAYT,MAAa,oBACX,WACA,QACA,QACoB;CACpB,IAAI;AAEJ,KAAI,OAAO,QAAQ,SACjB,aAAY,KAAK,GAAG;AAGtB,QAAO,QAAQ,KAAK,UAAU;EAAE;EAAW;EAAW,CAAC,EAAE,OAAO;;;;;;;;;;;;;AAclE,MAAa,mBAAmB,OAC9B,oBACA,WACe;CACf,MAAM,gBAAgB,MAAM,QAAQ,oBAAoB,OAAO;AAE/D,KAAI,CAAC,cACH,OAAM,IAAI,MAAM,qBAAqB;CAGvC,IAAI;AACJ,KAAI;AACF,YAAU,KAAK,MAAM,cAAc;SAC7B;AACN,QAAM,IAAI,MAAM,qBAAqB;;CAGvC,MAAM,EAAE,WAAW,cAAc;AAEjC,KAAI,CAAC,UACH,OAAM,IAAI,MAAM,qBAAqB;AAGvC,KAAI,OAAO,cAAc,YAAY,YAAY,KAAK,CACpD,OAAM,IAAI,MAAM,qBAAqB;AAGvC,QAAO;;;;;;;;;;;;AAaT,MAAa,iBACX,MACA,QACA,cAAc,UACd,WAAW,UACC;CACZ,MAAM,aAAc,KAAK,gBAAgB,EAAE;AAK3C,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C,QAAO;AAGT,KAAI,CAAC,MAAM,QAAQ,WAAW,IAAI,WAAW,WAAW,EACtD,QAAO;CAGT,IAAI,UAAU;AAEd,MAAK,MAAM,iBAAiB,QAAQ;EAClC,MAAM,cAAc,WAAW,MAC7B,MACG,OAAO,MAAM,YAAY,MAAM,iBAC/B,OAAO,MAAM,aACX,EAAE,OAAO,iBAAiB,EAAE,SAAS,eAC3C;AAED,MAAI,CAAC,YAAY,YACf,QAAO;AAGT,MAAI,YAAY,CAAC,YACf,QAAO;AAGT,YAAU;;AAGZ,QAAO;;;;;AAMT,MAAa,sBAA8B,YAAY,GAAG;;;;;AAM1D,MAAa,eAAe,YAGtB;CACJ,MAAM,eAAe,YAAY,GAAG;AACpC,QAAO;EACL;EACA,eAAe,gBACb,MAAM,OAAO,OAAO,OAClB,WACA,oBAAoB,aAAa,CAClC,CACF;EACF;;;;;AAMH,MAAa,sBAA8B,YAAY,GAAG;;;;;;;;;AAU1D,MAAa,eACX,GAAG,SACsB;CACzB,MAAM,SAAS,KAAK,QAAO,MAAK,MAAM,QAAQ,EAAE,CAAC;AACjD,QAAO,OAAO,SAAS,IACnB,MAAM,KAAK,IAAI,IAAI,OAAO,QAAQ,KAAK,MAAM,CAAC,GAAG,KAAK,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,GAClE"}

package/dist/utils/internal.cjs

@@ -1,24 +1,366 @@
-const require_internal = require('../internal-DytuO03E.cjs');
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
-exports.arrayBufferToBase64 = require_internal.arrayBufferToBase64;
-exports.arrayBufferToString = require_internal.arrayBufferToString;
-exports.decodeBase64Url = require_internal.decodeBase64Url;
-exports.encodeBase64Url = require_internal.encodeBase64Url;
-exports.ensureLeadingSlash = require_internal.ensureLeadingSlash;
-exports.findToken = require_internal.findToken;
-exports.fromB64Url = require_internal.fromB64Url;
-exports.getBoolean = require_internal.getBoolean;
-exports.getNumber = require_internal.getNumber;
-exports.getPublicSigKeyFromIssuerJwks = require_internal.getPublicSigKeyFromIssuerJwks;
-exports.isAbsoluteUrl = require_internal.isAbsoluteUrl;
-exports.isJsonObject = require_internal.isJsonObject;
-exports.isPresent = require_internal.isPresent;
-exports.isSameHost = require_internal.isSameHost;
-exports.now = require_internal.now;
-exports.parseSpaceSeparated = require_internal.parseSpaceSeparated;
-exports.parseSpaceSeparatedSet = require_internal.parseSpaceSeparatedSet;
-exports.randomBytes = require_internal.randomBytes;
-exports.removeTrailingSlash = require_internal.removeTrailingSlash;
-exports.setsEqual = require_internal.setsEqual;
-exports.stringToArrayBuffer = require_internal.stringToArrayBuffer;
-exports.toB64Url = require_internal.toB64Url;
+//#region src/utils/internal.ts
+/**
+* @ignore
+* Converts a string to a Base64URL encoded string.
+*
+* @param input - The string to encode.
+*
+* @returns The Base64URL encoded string.
+*/
+const toB64Url = (input) => input.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+/**
+* @ignore
+* Parses a string value into a boolean.
+*
+* @param value - The string value to parse.
+*
+* @returns `true` if "true", `false` if "false", otherwise `undefined`.
+*/
+const getBoolean = (value) => {
+	const v = value?.toLowerCase()?.trim();
+	if (v === "true") return true;
+	if (v === "false") return false;
+};
+/**
+* @ignore
+* Parses a string value into a number.
+*
+* @param value - The string value to parse.
+*
+* @returns The parsed number, or `undefined` if empty or invalid.
+*/
+const getNumber = (value) => {
+	const v = value?.trim();
+	if (v === void 0 || v.length === 0) return;
+	const p = parseInt(v, 10);
+	return Number.isNaN(p) ? void 0 : p;
+};
+/**
+* @ignore
+* Ensures that a string has a leading forward slash.
+*
+* @param val - The string to check.
+*
+* @returns The string with a leading slash.
+*/
+const ensureLeadingSlash = (val) => {
+	const v = val?.trim();
+	if (!v) return v;
+	return v.startsWith("/") ? v : `/${v}`;
+};
+/**
+* @ignore
+* Removes a trailing forward slash from a string.
+*
+* @param val - The string to check.
+*
+* @returns The string without a trailing slash.
+*/
+const removeTrailingSlash = (val) => {
+	const v = val?.trim();
+	if (!v) return v;
+	return v.endsWith("/") ? v.substring(0, v.length - 1) : v;
+};
+/**
+* @ignore
+* Checks if a value is present (not null, undefined, or an empty string).
+*
+* @param value - The value to check.
+*
+* @returns `true` if the value is present, `false` otherwise.
+*/
+const isPresent = (value) => {
+	if (typeof value === "boolean" || typeof value === "number") return true;
+	const v = value?.trim();
+	return v !== void 0 && v !== null && v.length > 0;
+};
+/**
+* @ignore
+* Checks if a URL is an absolute URL (starts with http:// or https://).
+*
+* @param url - The URL to check.
+*
+* @returns `true` if absolute, `false` otherwise.
+*/
+const isAbsoluteUrl = (url) => (url?.startsWith("http://") || url?.startsWith("https://")) ?? false;
+/**
+* @ignore
+* Checks if two URLs have the same origin (host and port).
+*
+* @param url - The first URL.
+* @param urlToCheck - The second URL to compare against.
+*
+* @returns `true` if they share the same origin, `false` otherwise.
+*/
+const isSameHost = (url, urlToCheck) => {
+	try {
+		const u = new URL(url);
+		const u2 = new URL(urlToCheck);
+		return u.origin === u2.origin;
+	} catch {
+		return false;
+	}
+};
+/**
+* @ignore
+* Converts a string to a Uint8Array using TextEncoder.
+*
+* @param str - The string to convert.
+*
+* @returns A Uint8Array representation of the string.
+*/
+const stringToArrayBuffer = (str) => {
+	return new TextEncoder().encode(str);
+};
+/**
+* @ignore
+* Converts an ArrayBuffer to a string using TextDecoder.
+*
+* @param buffer - The buffer to convert.
+*
+* @returns The decoded string.
+*/
+const arrayBufferToString = (buffer) => {
+	return new TextDecoder().decode(buffer);
+};
+/**
+* @ignore
+* Converts a Base64URL string back to a standard Base64 string with padding.
+*
+* @param input - The Base64URL string.
+*
+* @returns A standard Base64 string.
+*/
+const fromB64Url = (input) => {
+	let str = input;
+	if (str.length % 4 !== 0) str += "===".slice(0, 4 - str.length % 4);
+	str = str.replace(/-/g, "+").replace(/_/g, "/");
+	return str;
+};
+/**
+* @ignore
+* Decodes a Base64URL encoded string.
+*
+* @param input - The Base64URL string to decode.
+*
+* @returns The decoded plaintext string.
+*/
+const decodeBase64Url = (input) => atob(fromB64Url(input).replace(/\s/g, ""));
+/**
+* @ignore
+* Converts a Uint8Array to a Base64URL encoded string.
+*
+* @param buffer - The buffer to encode.
+*
+* @returns The Base64URL encoded string.
+*/
+const arrayBufferToBase64 = (buffer) => {
+	const binary = new Uint8Array(buffer).reduce((acc, byte) => acc + String.fromCharCode(byte), "");
+	return btoa(binary).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+};
+/**
+* @ignore
+* Gets the current Unix timestamp in seconds.
+*
+* @returns The current timestamp.
+*/
+const now = () => Math.ceil(Date.now() / 1e3);
+const SUPPORTED_JWS_ALGS = [
+	"RS256",
+	"RS384",
+	"RS512",
+	"PS256",
+	"PS384",
+	"PS512",
+	"ES256",
+	"ES384",
+	"ES512"
+];
+/**
+* Retrieves a public CryptoKey from a JWK set based on the JWS header.
+*
+* @param jwks - The set of JSON Web Keys.
+* @param header - The JWS header containing the algorithm and key ID.
+*
+* @returns A promise that resolves to the CryptoKey.
+*
+* @throws If no applicable key or multiple keys are found or the algorithm is unsupported.
+*/
+const getPublicSigKeyFromIssuerJwks = async (jwks, header) => {
+	const { alg, kid } = header;
+	if (!SUPPORTED_JWS_ALGS.includes(alg)) throw new Error("unsupported JWS \"alg\" identifier");
+	let kty;
+	switch (alg.slice(0, 2)) {
+		case "RS":
+		case "PS":
+			kty = "RSA";
+			break;
+		case "ES":
+			kty = "EC";
+			break;
+	}
+	const { 0: jwk, length } = jwks.filter((jwk) => {
+		if (jwk.kty !== kty) return false;
+		if (kid !== void 0 && kid !== jwk.kid) return false;
+		if (jwk.alg !== void 0 && alg !== jwk.alg) return false;
+		if (jwk.use !== void 0 && jwk.use !== "sig") return false;
+		if (jwk.key_ops?.includes("verify") === false) return false;
+		switch (true) {
+			case alg === "ES256" && jwk.crv !== "P-256":
+			case alg === "ES384" && jwk.crv !== "P-384":
+			case alg === "ES512" && jwk.crv !== "P-521": return false;
+		}
+		return true;
+	});
+	if (length !== 1) throw new Error("error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required");
+	let algorithm;
+	switch (alg) {
+		case "PS256":
+		case "PS384":
+		case "PS512":
+			algorithm = {
+				name: "RSA-PSS",
+				hash: `SHA-${alg.slice(-3)}`
+			};
+			break;
+		case "RS256":
+		case "RS384":
+		case "RS512":
+			algorithm = {
+				name: "RSASSA-PKCS1-v1_5",
+				hash: `SHA-${alg.slice(-3)}`
+			};
+			break;
+		case "ES256":
+		case "ES384":
+			algorithm = {
+				name: "ECDSA",
+				namedCurve: `P-${alg.slice(-3)}`
+			};
+			break;
+		case "ES512":
+			algorithm = {
+				name: "ECDSA",
+				namedCurve: "P-521"
+			};
+			break;
+	}
+	const { ext, key_ops, use, ...k } = jwk;
+	const key = await crypto.subtle.importKey("jwk", k, algorithm, true, ["verify"]);
+	if (key.type !== "public") throw new Error("jwks_uri must only contain public keys");
+	return key;
+};
+const CHUNK_SIZE = 32768;
+/**
+* @ignore
+* Encodes a Uint8Array or ArrayBuffer into a Base64URL string using chunked processing.
+*
+* @param input - The data to encode.
+*
+* @returns The Base64URL encoded string.
+*/
+const encodeBase64Url = (input) => {
+	if (input instanceof ArrayBuffer) input = new Uint8Array(input);
+	const arr = [];
+	for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) arr.push(String.fromCharCode.apply(null, Array.from(new Uint8Array(input.slice(i, i + CHUNK_SIZE)))));
+	return btoa(arr.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+};
+/**
+* @ignore
+* Generates a random Base64URL encoded string.
+*
+* @param length - The number of random bytes to generate.
+*
+* @returns A random Base64URL string.
+*/
+const randomBytes = (length = 32) => encodeBase64Url(crypto.getRandomValues(new Uint8Array(length)));
+/**
+* @ignore
+* Checks if a value is a non-null, non-array JSON object.
+*
+* @param input - The value to check.
+*
+* @returns `true` if the value is a JSON object.
+*/
+const isJsonObject = (input) => {
+	if (input === null || typeof input !== "object" || Array.isArray(input)) return false;
+	return true;
+};
+/**
+* @ignore
+* Parses a space-separated string into an array of strings.
+*
+* @param s - The space-separated string.
+*
+* @returns An array of strings, or `undefined` if input is empty.
+*/
+const parseSpaceSeparated = (s) => s?.split(/\s+/).map((x) => x.trim()).filter(Boolean);
+/**
+* @ignore
+* Parses a space-separated string into a Set of strings.
+*
+* @param s - The space-separated string.
+*
+* @returns A Set containing the unique strings.
+*/
+const parseSpaceSeparatedSet = (s) => {
+	if (!s) return /* @__PURE__ */ new Set();
+	return new Set(parseSpaceSeparated(s));
+};
+/**
+* @ignore
+* Compares two Sets for equality.
+*
+* @param a - The first Set
+* @param b - The second Set
+* @param strict - If `true`, requires both sets to be the same size. @defaultValue true
+*
+* @returns `true` if the sets are equal
+*/
+const setsEqual = (a, b, strict = true) => {
+	if (strict && a.size !== b.size) return false;
+	for (const v of a) if (!b.has(v)) return false;
+	return true;
+};
+/**
+* Finds a specific access token in an array based on resource and scopes.
+*
+* @param tokens - The array of access tokens.
+* @param resource - Space-separated resource indicators.
+* @param scopes - Space-separated scopes.
+*
+* @returns The matching AccessToken, or `undefined` if not found.
+*/
+const findToken = (tokens, resource, scopes) => {
+	if (!Array.isArray(tokens) || tokens.length === 0) return;
+	const desiredResource = parseSpaceSeparatedSet(resource);
+	const desiredScopes = parseSpaceSeparatedSet(scopes);
+	return tokens.find((t) => setsEqual(desiredResource, parseSpaceSeparatedSet(t.resource)) && setsEqual(desiredScopes, parseSpaceSeparatedSet(t.requestedScopes)));
+};
+
+//#endregion
+exports.arrayBufferToBase64 = arrayBufferToBase64;
+exports.arrayBufferToString = arrayBufferToString;
+exports.decodeBase64Url = decodeBase64Url;
+exports.encodeBase64Url = encodeBase64Url;
+exports.ensureLeadingSlash = ensureLeadingSlash;
+exports.findToken = findToken;
+exports.fromB64Url = fromB64Url;
+exports.getBoolean = getBoolean;
+exports.getNumber = getNumber;
+exports.getPublicSigKeyFromIssuerJwks = getPublicSigKeyFromIssuerJwks;
+exports.isAbsoluteUrl = isAbsoluteUrl;
+exports.isJsonObject = isJsonObject;
+exports.isPresent = isPresent;
+exports.isSameHost = isSameHost;
+exports.now = now;
+exports.parseSpaceSeparated = parseSpaceSeparated;
+exports.parseSpaceSeparatedSet = parseSpaceSeparatedSet;
+exports.randomBytes = randomBytes;
+exports.removeTrailingSlash = removeTrailingSlash;
+exports.setsEqual = setsEqual;
+exports.stringToArrayBuffer = stringToArrayBuffer;
+exports.toB64Url = toB64Url;
+//# sourceMappingURL=internal.cjs.map

package/dist/utils/internal.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"internal.cjs","names":[],"sources":["../../src/utils/internal.ts"],"sourcesContent":["import type {\n  AccessToken,\n  Jwk,\n  JWSAlgorithm,\n  JwsHeaderParameters,\n} from '../types';\n\n/**\n * @ignore\n * Converts a string to a Base64URL encoded string.\n *\n * @param input - The string to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const toB64Url = (input: string): string =>\n  input.replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n\n/**\n * @ignore\n * Parses a string value into a boolean.\n *\n * @param value - The string value to parse.\n *\n * @returns `true` if \"true\", `false` if \"false\", otherwise `undefined`.\n */\nexport const getBoolean = (value?: string): boolean | undefined => {\n  const v = value?.toLowerCase()?.trim();\n\n  if (v === 'true') {\n    return true;\n  }\n\n  if (v === 'false') {\n    return false;\n  }\n\n  return undefined;\n};\n\n/**\n * @ignore\n * Parses a string value into a number.\n *\n * @param value - The string value to parse.\n *\n * @returns The parsed number, or `undefined` if empty or invalid.\n */\nexport const getNumber = (value?: string): number | undefined => {\n  const v = value?.trim();\n\n  if (v === undefined || v.length === 0) {\n    return undefined;\n  }\n\n  const p = parseInt(v, 10);\n\n  return Number.isNaN(p) ? undefined : p;\n};\n\n/**\n * @ignore\n * Ensures that a string has a leading forward slash.\n *\n * @param val - The string to check.\n *\n * @returns The string with a leading slash.\n */\nexport const ensureLeadingSlash = (val?: string): string => {\n  const v = val?.trim();\n\n  if (!v) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    return v!;\n  }\n\n  return v.startsWith('/') ? v : `/${v}`;\n};\n\n/**\n * @ignore\n * Removes a trailing forward slash from a string.\n *\n * @param val - The string to check.\n *\n * @returns The string without a trailing slash.\n */\nexport const removeTrailingSlash = (val?: string): string => {\n  const v = val?.trim();\n\n  if (!v) {\n    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n    return v!;\n  }\n\n  return v.endsWith('/') ? v.substring(0, v.length - 1) : v;\n};\n\n/**\n * @ignore\n * Checks if a value is present (not null, undefined, or an empty string).\n *\n * @param value - The value to check.\n *\n * @returns `true` if the value is present, `false` otherwise.\n */\nexport const isPresent = (value?: string | number | boolean): boolean => {\n  if (typeof value === 'boolean' || typeof value === 'number') {\n    return true;\n  }\n  const v = value?.trim();\n  return v !== undefined && v !== null && v.length > 0;\n};\n\n/**\n * @ignore\n * Checks if a URL is an absolute URL (starts with http:// or https://).\n *\n * @param url - The URL to check.\n *\n * @returns `true` if absolute, `false` otherwise.\n */\nexport const isAbsoluteUrl = (url: string): boolean =>\n  (url?.startsWith('http://') || url?.startsWith('https://')) ?? false;\n\n/**\n * @ignore\n * Checks if two URLs have the same origin (host and port).\n *\n * @param url - The first URL.\n * @param urlToCheck - The second URL to compare against.\n *\n * @returns `true` if they share the same origin, `false` otherwise.\n */\nexport const isSameHost = (url: string, urlToCheck: string): boolean => {\n  try {\n    const u = new URL(url);\n    const u2 = new URL(urlToCheck);\n\n    return u.origin === u2.origin;\n  } catch {\n    return false;\n  }\n};\n\n/**\n * @ignore\n * Converts a string to a Uint8Array using TextEncoder.\n *\n * @param str - The string to convert.\n *\n * @returns A Uint8Array representation of the string.\n */\nexport const stringToArrayBuffer = (str: string): Uint8Array => {\n  const encoder = new TextEncoder();\n  return encoder.encode(str);\n};\n\n/**\n * @ignore\n * Converts an ArrayBuffer to a string using TextDecoder.\n *\n * @param buffer - The buffer to convert.\n *\n * @returns The decoded string.\n */\nexport const arrayBufferToString = (buffer: ArrayBuffer): string => {\n  const decoder = new TextDecoder();\n  return decoder.decode(buffer);\n};\n\n/**\n * @ignore\n * Converts a Base64URL string back to a standard Base64 string with padding.\n *\n * @param input - The Base64URL string.\n *\n * @returns A standard Base64 string.\n */\nexport const fromB64Url = (input: string): string => {\n  let str = input;\n  if (str.length % 4 !== 0) {\n    str += '==='.slice(0, 4 - (str.length % 4));\n  }\n\n  str = str.replace(/-/g, '+').replace(/_/g, '/');\n\n  return str;\n};\n\n/**\n * @ignore\n * Decodes a Base64URL encoded string.\n *\n * @param input - The Base64URL string to decode.\n *\n * @returns The decoded plaintext string.\n */\nexport const decodeBase64Url = (input: string): string =>\n  atob(fromB64Url(input).replace(/\\s/g, ''));\n\n/**\n * @ignore\n * Converts a Uint8Array to a Base64URL encoded string.\n *\n * @param buffer - The buffer to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const arrayBufferToBase64 = (buffer: Uint8Array): string => {\n  const bytes = new Uint8Array(buffer);\n  const binary = bytes.reduce(\n    (acc, byte) => acc + String.fromCharCode(byte),\n    ''\n  );\n  return btoa(binary).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Gets the current Unix timestamp in seconds.\n *\n * @returns The current timestamp.\n */\nexport const now = (): number => Math.ceil(Date.now() / 1000);\n\nconst SUPPORTED_JWS_ALGS: JWSAlgorithm[] = [\n  'RS256',\n  'RS384',\n  'RS512',\n  'PS256',\n  'PS384',\n  'PS512',\n  'ES256',\n  'ES384',\n  'ES512',\n];\n\n/**\n * Retrieves a public CryptoKey from a JWK set based on the JWS header.\n *\n * @param jwks - The set of JSON Web Keys.\n * @param header - The JWS header containing the algorithm and key ID.\n *\n * @returns A promise that resolves to the CryptoKey.\n *\n * @throws If no applicable key or multiple keys are found or the algorithm is unsupported.\n */\nexport const getPublicSigKeyFromIssuerJwks = async (\n  jwks: Jwk[],\n  header: JwsHeaderParameters\n): Promise<CryptoKey> => {\n  const { alg, kid } = header;\n\n  if (!SUPPORTED_JWS_ALGS.includes(alg)) {\n    throw new Error('unsupported JWS \"alg\" identifier');\n  }\n\n  let kty: string;\n  switch (alg.slice(0, 2)) {\n    case 'RS': // Fall through\n    case 'PS':\n      kty = 'RSA';\n      break;\n    case 'ES':\n      kty = 'EC';\n      break;\n  }\n\n  const candidates = jwks.filter(jwk => {\n    // filter keys based on the mapping of signature algorithms to Key Type\n    if (jwk.kty !== kty) {\n      return false;\n    }\n\n    // filter keys based on the JWK Key ID in the header\n    if (kid !== undefined && kid !== jwk.kid) {\n      return false;\n    }\n\n    // filter keys based on the key's declared Algorithm\n    if (jwk.alg !== undefined && alg !== jwk.alg) {\n      return false;\n    }\n\n    // filter keys based on the key's declared Public Key Use\n    if (jwk.use !== undefined && jwk.use !== 'sig') {\n      return false;\n    }\n\n    // filter keys based on the key's declared Key Operations\n    if (jwk.key_ops?.includes('verify') === false) {\n      return false;\n    }\n\n    // filter keys based on alg-specific key requirements\n    switch (true) {\n      case alg === 'ES256' && jwk.crv !== 'P-256': // Fall through\n      case alg === 'ES384' && jwk.crv !== 'P-384': // Fall through\n      case alg === 'ES512' && jwk.crv !== 'P-521': // Fall through\n        return false;\n    }\n\n    return true;\n  });\n\n  const { 0: jwk, length } = candidates;\n\n  if (length !== 1) {\n    throw new Error(\n      'error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required'\n    );\n  }\n\n  let algorithm:\n    | RsaHashedImportParams\n    | EcKeyImportParams\n    | AlgorithmIdentifier;\n\n  switch (alg) {\n    case 'PS256': // Fall through\n    case 'PS384': // Fall through\n    case 'PS512':\n      algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n      break;\n    case 'RS256': // Fall through\n    case 'RS384': // Fall through\n    case 'RS512':\n      algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n      break;\n    case 'ES256': // Fall through\n    case 'ES384':\n      algorithm = { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n      break;\n    case 'ES512':\n      algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n      break;\n  }\n\n  const { ext, key_ops, use, ...k } = jwk;\n\n  const key = await crypto.subtle.importKey('jwk', k, algorithm, true, [\n    'verify',\n  ]);\n\n  if (key.type !== 'public') {\n    throw new Error('jwks_uri must only contain public keys');\n  }\n\n  return key;\n};\n\nconst CHUNK_SIZE = 0x8000;\n\n/**\n * @ignore\n * Encodes a Uint8Array or ArrayBuffer into a Base64URL string using chunked processing.\n *\n * @param input - The data to encode.\n *\n * @returns The Base64URL encoded string.\n */\nexport const encodeBase64Url = (input: Uint8Array | ArrayBuffer): string => {\n  if (input instanceof ArrayBuffer) {\n    // eslint-disable-next-line no-param-reassign\n    input = new Uint8Array(input);\n  }\n\n  const arr = [];\n  for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n    arr.push(\n      String.fromCharCode.apply(\n        null,\n        Array.from(new Uint8Array(input.slice(i, i + CHUNK_SIZE)))\n      )\n    );\n  }\n  return btoa(arr.join(''))\n    .replace(/=/g, '')\n    .replace(/\\+/g, '-')\n    .replace(/\\//g, '_');\n};\n\n/**\n * @ignore\n * Generates a random Base64URL encoded string.\n *\n * @param length - The number of random bytes to generate.\n *\n * @returns A random Base64URL string.\n */\nexport const randomBytes = (length = 32): string =>\n  encodeBase64Url(crypto.getRandomValues(new Uint8Array(length)));\n\n/**\n * @ignore\n * Checks if a value is a non-null, non-array JSON object.\n *\n * @param input - The value to check.\n *\n * @returns `true` if the value is a JSON object.\n */\nexport const isJsonObject = <T>(input: unknown): input is T => {\n  if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n    return false;\n  }\n\n  return true;\n};\n\n/**\n * @ignore\n * Parses a space-separated string into an array of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns An array of strings, or `undefined` if input is empty.\n */\nexport const parseSpaceSeparated = (s?: string): string[] | undefined =>\n  s\n    ?.split(/\\s+/)\n    .map(x => x.trim())\n    .filter(Boolean);\n\n/**\n * @ignore\n * Parses a space-separated string into a Set of strings.\n *\n * @param s - The space-separated string.\n *\n * @returns A Set containing the unique strings.\n */\nexport const parseSpaceSeparatedSet = (s?: string): Set<string> => {\n  if (!s) {\n    return new Set();\n  }\n\n  return new Set(parseSpaceSeparated(s));\n};\n\n/**\n * @ignore\n * Compares two Sets for equality.\n *\n * @param a - The first Set\n * @param b - The second Set\n * @param strict - If `true`, requires both sets to be the same size. @defaultValue true\n *\n * @returns `true` if the sets are equal\n */\nexport const setsEqual = (\n  a: Set<string>,\n  b: Set<string>,\n  strict = true\n): boolean => {\n  if (strict && a.size !== b.size) {\n    return false;\n  }\n\n  for (const v of a) {\n    if (!b.has(v)) {\n      return false;\n    }\n  }\n\n  return true;\n};\n\n/**\n * Finds a specific access token in an array based on resource and scopes.\n *\n * @param tokens - The array of access tokens.\n * @param resource - Space-separated resource indicators.\n * @param scopes - Space-separated scopes.\n *\n * @returns The matching AccessToken, or `undefined` if not found.\n */\nexport const findToken = (\n  tokens?: AccessToken[],\n  resource?: string,\n  scopes?: string\n): AccessToken | undefined => {\n  if (!Array.isArray(tokens) || tokens.length === 0) {\n    return undefined;\n  }\n\n  const desiredResource = parseSpaceSeparatedSet(resource);\n  const desiredScopes = parseSpaceSeparatedSet(scopes);\n\n  return tokens.find(\n    t =>\n      setsEqual(desiredResource, parseSpaceSeparatedSet(t.resource)) &&\n      setsEqual(desiredScopes, parseSpaceSeparatedSet(t.requestedScopes))\n  );\n};\n"],"mappings":";;;;;;;;;;;AAeA,MAAa,YAAY,UACvB,MAAM,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,GAAG;;;;;;;;;AAUlE,MAAa,cAAc,UAAwC;CACjE,MAAM,IAAI,OAAO,aAAa,EAAE,MAAM;AAEtC,KAAI,MAAM,OACR,QAAO;AAGT,KAAI,MAAM,QACR,QAAO;;;;;;;;;;AAcX,MAAa,aAAa,UAAuC;CAC/D,MAAM,IAAI,OAAO,MAAM;AAEvB,KAAI,MAAM,UAAa,EAAE,WAAW,EAClC;CAGF,MAAM,IAAI,SAAS,GAAG,GAAG;AAEzB,QAAO,OAAO,MAAM,EAAE,GAAG,SAAY;;;;;;;;;;AAWvC,MAAa,sBAAsB,QAAyB;CAC1D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,WAAW,IAAI,GAAG,IAAI,IAAI;;;;;;;;;;AAWrC,MAAa,uBAAuB,QAAyB;CAC3D,MAAM,IAAI,KAAK,MAAM;AAErB,KAAI,CAAC,EAEH,QAAO;AAGT,QAAO,EAAE,SAAS,IAAI,GAAG,EAAE,UAAU,GAAG,EAAE,SAAS,EAAE,GAAG;;;;;;;;;;AAW1D,MAAa,aAAa,UAA+C;AACvE,KAAI,OAAO,UAAU,aAAa,OAAO,UAAU,SACjD,QAAO;CAET,MAAM,IAAI,OAAO,MAAM;AACvB,QAAO,MAAM,UAAa,MAAM,QAAQ,EAAE,SAAS;;;;;;;;;;AAWrD,MAAa,iBAAiB,SAC3B,KAAK,WAAW,UAAU,IAAI,KAAK,WAAW,WAAW,KAAK;;;;;;;;;;AAWjE,MAAa,cAAc,KAAa,eAAgC;AACtE,KAAI;EACF,MAAM,IAAI,IAAI,IAAI,IAAI;EACtB,MAAM,KAAK,IAAI,IAAI,WAAW;AAE9B,SAAO,EAAE,WAAW,GAAG;SACjB;AACN,SAAO;;;;;;;;;;;AAYX,MAAa,uBAAuB,QAA4B;AAE9D,QADgB,IAAI,aAAa,CAClB,OAAO,IAAI;;;;;;;;;;AAW5B,MAAa,uBAAuB,WAAgC;AAElE,QADgB,IAAI,aAAa,CAClB,OAAO,OAAO;;;;;;;;;;AAW/B,MAAa,cAAc,UAA0B;CACnD,IAAI,MAAM;AACV,KAAI,IAAI,SAAS,MAAM,EACrB,QAAO,MAAM,MAAM,GAAG,IAAK,IAAI,SAAS,EAAG;AAG7C,OAAM,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI;AAE/C,QAAO;;;;;;;;;;AAWT,MAAa,mBAAmB,UAC9B,KAAK,WAAW,MAAM,CAAC,QAAQ,OAAO,GAAG,CAAC;;;;;;;;;AAU5C,MAAa,uBAAuB,WAA+B;CAEjE,MAAM,SADQ,IAAI,WAAW,OAAO,CACf,QAClB,KAAK,SAAS,MAAM,OAAO,aAAa,KAAK,EAC9C,GACD;AACD,QAAO,KAAK,OAAO,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;;;;;;AAS/E,MAAa,YAAoB,KAAK,KAAK,KAAK,KAAK,GAAG,IAAK;AAE7D,MAAM,qBAAqC;CACzC;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACD;;;;;;;;;;;AAYD,MAAa,gCAAgC,OAC3C,MACA,WACuB;CACvB,MAAM,EAAE,KAAK,QAAQ;AAErB,KAAI,CAAC,mBAAmB,SAAS,IAAI,CACnC,OAAM,IAAI,MAAM,qCAAmC;CAGrD,IAAI;AACJ,SAAQ,IAAI,MAAM,GAAG,EAAE,EAAvB;EACE,KAAK;EACL,KAAK;AACH,SAAM;AACN;EACF,KAAK;AACH,SAAM;AACN;;CAwCJ,MAAM,EAAE,GAAG,KAAK,WArCG,KAAK,QAAO,QAAO;AAEpC,MAAI,IAAI,QAAQ,IACd,QAAO;AAIT,MAAI,QAAQ,UAAa,QAAQ,IAAI,IACnC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,QAAQ,IAAI,IACvC,QAAO;AAIT,MAAI,IAAI,QAAQ,UAAa,IAAI,QAAQ,MACvC,QAAO;AAIT,MAAI,IAAI,SAAS,SAAS,SAAS,KAAK,MACtC,QAAO;AAIT,UAAQ,MAAR;GACE,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ;GACpC,KAAK,QAAQ,WAAW,IAAI,QAAQ,QAClC,QAAO;;AAGX,SAAO;GACP;AAIF,KAAI,WAAW,EACb,OAAM,IAAI,MACR,0HACD;CAGH,IAAI;AAKJ,SAAQ,KAAR;EACE,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAW,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AAC7D;EACF,KAAK;EACL,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAqB,MAAM,OAAO,IAAI,MAAM,GAAG;IAAI;AACvE;EACF,KAAK;EACL,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY,KAAK,IAAI,MAAM,GAAG;IAAI;AAC/D;EACF,KAAK;AACH,eAAY;IAAE,MAAM;IAAS,YAAY;IAAS;AAClD;;CAGJ,MAAM,EAAE,KAAK,SAAS,KAAK,GAAG,MAAM;CAEpC,MAAM,MAAM,MAAM,OAAO,OAAO,UAAU,OAAO,GAAG,WAAW,MAAM,CACnE,SACD,CAAC;AAEF,KAAI,IAAI,SAAS,SACf,OAAM,IAAI,MAAM,yCAAyC;AAG3D,QAAO;;AAGT,MAAM,aAAa;;;;;;;;;AAUnB,MAAa,mBAAmB,UAA4C;AAC1E,KAAI,iBAAiB,YAEnB,SAAQ,IAAI,WAAW,MAAM;CAG/B,MAAM,MAAM,EAAE;AACd,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACzC,KAAI,KACF,OAAO,aAAa,MAClB,MACA,MAAM,KAAK,IAAI,WAAW,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,CAAC,CAC3D,CACF;AAEH,QAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CACtB,QAAQ,MAAM,GAAG,CACjB,QAAQ,OAAO,IAAI,CACnB,QAAQ,OAAO,IAAI;;;;;;;;;;AAWxB,MAAa,eAAe,SAAS,OACnC,gBAAgB,OAAO,gBAAgB,IAAI,WAAW,OAAO,CAAC,CAAC;;;;;;;;;AAUjE,MAAa,gBAAmB,UAA+B;AAC7D,KAAI,UAAU,QAAQ,OAAO,UAAU,YAAY,MAAM,QAAQ,MAAM,CACrE,QAAO;AAGT,QAAO;;;;;;;;;;AAWT,MAAa,uBAAuB,MAClC,GACI,MAAM,MAAM,CACb,KAAI,MAAK,EAAE,MAAM,CAAC,CAClB,OAAO,QAAQ;;;;;;;;;AAUpB,MAAa,0BAA0B,MAA4B;AACjE,KAAI,CAAC,EACH,wBAAO,IAAI,KAAK;AAGlB,QAAO,IAAI,IAAI,oBAAoB,EAAE,CAAC;;;;;;;;;;;;AAaxC,MAAa,aACX,GACA,GACA,SAAS,SACG;AACZ,KAAI,UAAU,EAAE,SAAS,EAAE,KACzB,QAAO;AAGT,MAAK,MAAM,KAAK,EACd,KAAI,CAAC,EAAE,IAAI,EAAE,CACX,QAAO;AAIX,QAAO;;;;;;;;;;;AAYT,MAAa,aACX,QACA,UACA,WAC4B;AAC5B,KAAI,CAAC,MAAM,QAAQ,OAAO,IAAI,OAAO,WAAW,EAC9C;CAGF,MAAM,kBAAkB,uBAAuB,SAAS;CACxD,MAAM,gBAAgB,uBAAuB,OAAO;AAEpD,QAAO,OAAO,MACZ,MACE,UAAU,iBAAiB,uBAAuB,EAAE,SAAS,CAAC,IAC9D,UAAU,eAAe,uBAAuB,EAAE,gBAAgB,CAAC,CACtE"}

package/dist/utils/internal.d.cts

@@ -1,7 +1,6 @@
-import { g as Jwk, t as AccessToken, v as JwsHeaderParameters } from "../types-CnxqWHwA.cjs";
+import { g as Jwk, t as AccessToken, v as JwsHeaderParameters } from "../types-BAE9nCpJ.cjs";
 
 //#region src/utils/internal.d.ts
-
 /**
  * @ignore
  * Converts a string to a Base64URL encoded string.

package/dist/utils/internal.d.mts

@@ -1,7 +1,6 @@
-import { g as Jwk, t as AccessToken, v as JwsHeaderParameters } from "../types-DwJl9ZUf.mjs";
+import { g as Jwk, t as AccessToken, v as JwsHeaderParameters } from "../types-D3lVLgLQ.mjs";
 
 //#region src/utils/internal.d.ts
-
 /**
  * @ignore
  * Converts a string to a Base64URL encoded string.