@nauth-toolkit/social-google 0.1.13 → 0.1.17

package/dist/src/google-social-auth.service.js

@@ -1,24 +1,70 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.GoogleSocialAuthService = void 0;
+// Public API imports
 const core_1 = require("@nauth-toolkit/core");
+// Internal API imports (for provider implementations)
 const internal_1 = require("@nauth-toolkit/core/internal");
 const google_oauth_client_1 = require("./google-oauth.client");
 const token_verifier_service_1 = require("./token-verifier.service");
+/**
+ * Google Social Authentication Service (Platform-Agnostic)
+ *
+ * Handles Google OAuth flow including:
+ * - OAuth web flow (redirect-based)
+ * - Native mobile token verification
+ * - Account linking
+ *
+ * This is a plain TypeScript class with no framework dependencies.
+ * Use `@nauth-toolkit/social-google/nestjs` for NestJS integration.
+ *
+ * @example
+ * ```typescript
+ * // Direct instantiation (platform-agnostic)
+ * const googleAuth = new GoogleSocialAuthService(
+ *   config,
+ *   logger,
+ *   authService,
+ *   socialAuthService,
+ *   jwtService,
+ *   sessionService,
+ *   challengeHelper,
+ *   clientInfoService,
+ *   auditService,
+ *   stateStore,
+ *   phoneVerificationService,
+ *   tokenVerifier
+ * );
+ * ```
+ */
 class GoogleSocialAuthService extends internal_1.BaseSocialAuthProviderService {
     providerName = 'google';
     oauthClient;
     tokenVerifier;
-    constructor(config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, stateStore, userRepository, phoneVerificationService, auditService, trustedDeviceService, tokenVerifier) {
+    constructor(config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, 
+    // State store shared across all providers
+    stateStore, userRepository, 
+    // Phone verification service (optional - only available when SMS provider is configured)
+    phoneVerificationService, 
+    // Audit service (optional - only available when auditLogs.enabled is true)
+    auditService, 
+    // Trusted device service (optional - only available when rememberDevices is enabled)
+    trustedDeviceService, 
+    // Google-specific token verifier (optional, fallback to TOKEN_VERIFIER)
+    tokenVerifier) {
         super(config, logger, authService, socialAuthService, jwtService, sessionService, challengeHelper, clientInfoService, stateStore, userRepository, phoneVerificationService, auditService, trustedDeviceService);
+        // Initialize Google OAuth client only if enabled
         const providerConfig = this.getProviderConfig();
         if (!providerConfig || !providerConfig.enabled) {
+            // Service can exist but be disabled - don't initialize OAuth client
+            // Schema validation ensures credentials are present when enabled=true
             this.oauthClient = null;
             this.tokenVerifier = null;
             return;
         }
         const webClientId = Array.isArray(providerConfig.clientId) ? providerConfig.clientId[0] : providerConfig.clientId;
         if (!webClientId || !providerConfig.clientSecret) {
+            // Schema validation should catch this, but double-check for safety
             throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Google OAuth clientId and clientSecret are required when enabled');
         }
         this.oauthClient = new google_oauth_client_1.GoogleOAuthClient({
@@ -27,9 +73,13 @@ class GoogleSocialAuthService extends internal_1.BaseSocialAuthProviderService {
             redirectUri: providerConfig.callbackUrl || '',
             scopes: providerConfig.scopes || ['openid', 'email', 'profile'],
         });
+        // Use provided token verifier or create default one
         this.tokenVerifier = tokenVerifier || new token_verifier_service_1.TokenVerifierService(config);
         this.logger?.debug?.('GoogleSocialAuthService initialized');
     }
+    /**
+     * Generate OAuth authorization URL for Google
+     */
     async getAuthUrl(state) {
         if (!this.oauthClient) {
             throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Google OAuth is not enabled');
@@ -37,6 +87,11 @@ class GoogleSocialAuthService extends internal_1.BaseSocialAuthProviderService {
         const finalState = state || this.generateState();
         return this.oauthClient.getAuthorizationUrl(finalState);
     }
+    /**
+     * Get OAuth user profile from callback
+     *
+     * Exchanges authorization code for access token and fetches user profile.
+     */
     async getOAuthProfile(code, _state) {
         if (!this.oauthClient) {
             throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Google OAuth is not enabled');
@@ -45,9 +100,14 @@ class GoogleSocialAuthService extends internal_1.BaseSocialAuthProviderService {
         if (!providerConfig || !providerConfig.callbackUrl) {
             throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Google OAuth callback URL is not configured');
         }
+        // Exchange code for access token
         const tokens = await this.oauthClient.exchangeCodeForToken(code, providerConfig.callbackUrl);
+        // Get user profile from Google
         return await this.oauthClient.getUserProfile(tokens.accessToken);
     }
+    /**
+     * Verify Google ID token from native mobile apps
+     */
     async verifyNativeToken(idToken, _accessToken, profileData) {
         const providerConfig = this.getProviderConfig();
         if (!providerConfig) {
@@ -57,8 +117,10 @@ class GoogleSocialAuthService extends internal_1.BaseSocialAuthProviderService {
         if (!this.tokenVerifier?.verifyGoogleToken) {
             throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_CONFIG_MISSING, 'Google token verifier is not available');
         }
+        // Verify ID token with Google's public keys
         const verified = (await this.tokenVerifier.verifyGoogleToken(idToken, clientIds));
         this.logger?.debug?.(`Verified Google token for: ${verified.email}`);
+        // CRITICAL: Require email from all social providers for signup
         if (!verified.email || !verified.email_verified) {
             throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_EMAIL_REQUIRED, 'Email is required and must be verified by Google.');
         }

package/dist/src/google-social-auth.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"google-social-auth.service.js","sourceRoot":"","sources":["../../src/google-social-auth.service.ts"],"names":[],"mappings":";;;AACA,8CAa6B;AAE7B,2DAOsC;AAEtC,+DAA0D;AAC1D,qEAA8F;AAiC9F,MAAa,uBAAwB,SAAQ,wCAA6B;IAC/D,YAAY,GAAG,QAAQ,CAAC;IAChB,WAAW,CAA2B;IACtC,aAAa,CAA+B;IAE7D,YACE,MAAmB,EACnB,MAAmB,EACnB,WAAwB,EACxB,iBAAoC,EACpC,UAAsB,EACtB,cAA8B,EAC9B,eAA2C,EAC3C,iBAAoC,EAEpC,UAAgE,EAChE,cAAoC,EAEpC,wBAAmD,EAEnD,YAA+B,EAE/B,oBAA2C,EAE3C,aAAqC;QAErC,KAAK,CACH,MAAM,EACN,MAAM,EACN,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,wBAAwB,EACxB,YAAY,EACZ,oBAAoB,CACrB,CAAC;QAGF,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAG/C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC;QAElH,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;YAEjD,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,qBAAqB,EACnC,kEAAkE,CACnE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,uCAAiB,CAAC;YACvC,QAAQ,EAAE,WAAW;YACrB,YAAY,EAAE,cAAc,CAAC,YAAY;YACzC,WAAW,EAAE,cAAc,CAAC,WAAW,IAAI,EAAE;YAC7C,MAAM,EAAE,cAAc,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;SAChE,CAAC,CAAC;QAGH,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,IAAI,6CAA0B,CAAC,MAAM,CAAC,CAAC;QAE7E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,qCAAqC,CAAC,CAAC;IAC9D,CAAC;IAKD,KAAK,CAAC,UAAU,CAAC,KAAc;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,6BAA6B,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,CAAC;IAOS,KAAK,CAAC,eAAe,CAAC,IAAY,EAAE,MAAc;QAC1D,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,6BAA6B,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,6CAA6C,CAAC,CAAC;QAC/G,CAAC;QAGD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,WAAW,CAAC,CAAC;QAG7F,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC;IAKS,KAAK,CAAC,iBAAiB,CAC/B,OAAe,EACf,YAAqB,EACrB,WAAqB;QAErB,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,gCAAgC,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,iBAAiB,EAAE,CAAC;YAC3C,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,wCAAwC,CAAC,CAAC;QAC1G,CAAC;QAGD,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,OAAO,EAAE,SAAS,CAAC,CAA+B,CAAC;QAChH,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;QAGrE,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,qBAAqB,EACnC,mDAAmD,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAyF,CAAC;QACnH,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,GAAG;YAChB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,UAAU,IAAI,gBAAgB,EAAE,SAAS,IAAI,IAAI;YACrE,QAAQ,EAAE,QAAQ,CAAC,WAAW,IAAI,gBAAgB,EAAE,UAAU,IAAI,IAAI;YACtE,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,gBAAgB,EAAE,QAAQ,IAAI,IAAI;YAC/D,QAAQ,EAAE,QAAQ,CAAC,cAAc;YACjC,GAAG,EAAE,QAA8C;SACpD,CAAC;IACJ,CAAC;CACF;AAtJD,0DAsJC"}
+{"version":3,"file":"google-social-auth.service.js","sourceRoot":"","sources":["../../src/google-social-auth.service.ts"],"names":[],"mappings":";;;AAAA,qBAAqB;AACrB,8CAa6B;AAC7B,sDAAsD;AACtD,2DAOsC;AAEtC,+DAA0D;AAC1D,qEAA8F;AAG9F;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAa,uBAAwB,SAAQ,wCAA6B;IAC/D,YAAY,GAAG,QAAQ,CAAC;IAChB,WAAW,CAA2B;IACtC,aAAa,CAA+B;IAE7D,YACE,MAAmB,EACnB,MAAmB,EACnB,WAAwB,EACxB,iBAAoC,EACpC,UAAsB,EACtB,cAA8B,EAC9B,eAA2C,EAC3C,iBAAoC;IACpC,0CAA0C;IAC1C,UAAgE,EAChE,cAAoC;IACpC,yFAAyF;IACzF,wBAAmD;IACnD,2EAA2E;IAC3E,YAA+B;IAC/B,qFAAqF;IACrF,oBAA2C;IAC3C,wEAAwE;IACxE,aAAqC;QAErC,KAAK,CACH,MAAM,EACN,MAAM,EACN,WAAW,EACX,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,wBAAwB,EACxB,YAAY,EACZ,oBAAoB,CACrB,CAAC;QAEF,iDAAiD;QACjD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC/C,oEAAoE;YACpE,sEAAsE;YACtE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,QAAQ,CAAC;QAElH,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;YACjD,mEAAmE;YACnE,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,qBAAqB,EACnC,kEAAkE,CACnE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,WAAW,GAAG,IAAI,uCAAiB,CAAC;YACvC,QAAQ,EAAE,WAAW;YACrB,YAAY,EAAE,cAAc,CAAC,YAAY;YACzC,WAAW,EAAE,cAAc,CAAC,WAAW,IAAI,EAAE;YAC7C,MAAM,EAAE,cAAc,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC;SAChE,CAAC,CAAC;QAEH,oDAAoD;QACpD,IAAI,CAAC,aAAa,GAAG,aAAa,IAAI,IAAI,6CAA0B,CAAC,MAAM,CAAC,CAAC;QAE7E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,qCAAqC,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,KAAc;QAC7B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,6BAA6B,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,WAAW,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED;;;;OAIG;IACO,KAAK,CAAC,eAAe,CAAC,IAAY,EAAE,MAAc;QAC1D,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,6BAA6B,CAAC,CAAC;QAC/F,CAAC;QAED,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,IAAI,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;YACnD,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,6CAA6C,CAAC,CAAC;QAC/G,CAAC;QAED,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,IAAI,EAAE,cAAc,CAAC,WAAW,CAAC,CAAC;QAE7F,+BAA+B;QAC/B,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACO,KAAK,CAAC,iBAAiB,CAC/B,OAAe,EACf,YAAqB,EACrB,WAAqB;QAErB,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAChD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,gCAAgC,CAAC,CAAC;QAClG,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,iBAAiB,EAAE,CAAC;YAC3C,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,wCAAwC,CAAC,CAAC;QAC1G,CAAC;QAED,4CAA4C;QAC5C,MAAM,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,OAAO,EAAE,SAAS,CAAC,CAA+B,CAAC;QAChH,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;QAErE,+DAA+D;QAC/D,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YAChD,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,qBAAqB,EACnC,mDAAmD,CACpD,CAAC;QACJ,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAyF,CAAC;QACnH,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,GAAG;YAChB,KAAK,EAAE,QAAQ,CAAC,KAAK;YACrB,SAAS,EAAE,QAAQ,CAAC,UAAU,IAAI,gBAAgB,EAAE,SAAS,IAAI,IAAI;YACrE,QAAQ,EAAE,QAAQ,CAAC,WAAW,IAAI,gBAAgB,EAAE,UAAU,IAAI,IAAI;YACtE,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,gBAAgB,EAAE,QAAQ,IAAI,IAAI;YAC/D,QAAQ,EAAE,QAAQ,CAAC,cAAc;YACjC,GAAG,EAAE,QAA8C;SACpD,CAAC;IACJ,CAAC;CACF;AAtJD,0DAsJC"}

package/dist/src/index.d.ts

@@ -1,3 +1,9 @@
+/**
+ * @nauth-toolkit/social-google
+ *
+ * Platform-agnostic Google OAuth provider for nauth-toolkit.
+ * For NestJS integration, use '@nauth-toolkit/social-google/nestjs'
+ */
 export { GoogleOAuthClient } from './google-oauth.client';
 export { TokenVerifierService } from './token-verifier.service';
 export { GoogleSocialAuthService } from './google-social-auth.service';

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,cAAc,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,cAAc,wBAAwB,CAAC"}

package/dist/src/index.js

@@ -1,4 +1,10 @@
 "use strict";
+/**
+ * @nauth-toolkit/social-google
+ *
+ * Platform-agnostic Google OAuth provider for nauth-toolkit.
+ * For NestJS integration, use '@nauth-toolkit/social-google/nestjs'
+ */
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);

package/dist/src/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAOA,6DAA0D;AAAjD,wHAAA,iBAAiB,OAAA;AAC1B,mEAAgE;AAAvD,8HAAA,oBAAoB,OAAA;AAC7B,2EAAuE;AAA9D,qIAAA,uBAAuB,OAAA;AAEhC,yDAAuC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;AAEH,6DAA0D;AAAjD,wHAAA,iBAAiB,OAAA;AAC1B,mEAAgE;AAAvD,8HAAA,oBAAoB,OAAA;AAC7B,2EAAuE;AAA9D,qIAAA,uBAAuB,OAAA;AAEhC,yDAAuC"}

package/dist/src/token-verifier.service.d.ts

@@ -1,6 +1,30 @@
 import { NAuthConfig, ITokenVerifierService } from '@nauth-toolkit/core';
 import { VerifiedGoogleTokenProfile } from './verified-token-profile.interface';
+/**
+ * jose module type (ESM-only dependency).
+ *
+ * IMPORTANT: `jose@6` is ESM-only. This package is compiled to CommonJS by default,
+ * so we load jose via dynamic import to avoid `ERR_REQUIRE_ESM` at runtime.
+ */
 type JoseModule = typeof import('jose');
+/**
+ * Token Verifier Service for Google OAuth (Platform-Agnostic)
+ *
+ * Handles secure verification of Google ID tokens using JWKS public keys.
+ * Uses cryptographic signature verification to ensure tokens are authentic.
+ *
+ * Security Features:
+ * - Google: Verifies JWT signature with Google's JWKS public keys using jwks-rsa
+ *
+ * This is a plain TypeScript class with no framework dependencies.
+ *
+ * @example
+ * ```typescript
+ * const verifier = new TokenVerifierService(config);
+ * const profile = await verifier.verifyGoogleToken(idToken, clientId);
+ * console.log(profile.email); // Verified email from Google
+ * ```
+ */
 export declare class TokenVerifierService implements ITokenVerifierService {
     private googleJWKS;
     private readonly logger;
@@ -9,6 +33,27 @@ export declare class TokenVerifierService implements ITokenVerifierService {
     constructor(config: NAuthConfig, loadJose?: () => Promise<JoseModule>);
     private getJose;
     private getGoogleJWKS;
+    /**
+     * Verify Google ID token with JWT signature validation
+     *
+     * Fetches Google's public keys from their JWKS endpoint and verifies the
+     * JWT signature to ensure authenticity.
+     *
+     * @param idToken - ID token from Google OAuth
+     * @param clientId - Google OAuth client ID for audience validation (supports multiple IDs)
+     * @returns Verified user profile data
+     * @throws {BadRequestException} When token is invalid, expired, or signature fails
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   const profile = await verifier.verifyGoogleToken(idToken, ['web-client-id', 'ios-client-id']);
+     *   console.log(`Verified email: ${profile.email}`);
+     * } catch (error) {
+     *   console.error('Token verification failed:', error.message);
+     * }
+     * ```
+     */
     verifyGoogleToken(idToken: string, clientId: string | string[]): Promise<VerifiedGoogleTokenProfile>;
 }
 export {};

package/dist/src/token-verifier.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"token-verifier.service.d.ts","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAA8C,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAQhF,KAAK,UAAU,GAAG,cAAc,MAAM,CAAC,CAAC;AAoBxC,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,OAAO,CAAC,UAAU,CAA6D;IAC/E,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4B;IACrD,OAAO,CAAC,iBAAiB,CAAoC;gBAEjD,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;YAKvD,OAAO;YAOP,aAAa;IA6BrB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,0BAA0B,CAAC;CAkE3G"}
+{"version":3,"file":"token-verifier.service.d.ts","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAA8C,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACrH,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAEhF;;;;;GAKG;AACH,KAAK,UAAU,GAAG,cAAc,MAAM,CAAC,CAAC;AAExC;;;;;;;;;;;;;;;;;GAiBG;AACH,qBAAa,oBAAqB,YAAW,qBAAqB;IAChE,OAAO,CAAC,UAAU,CAA6D;IAC/E,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAA4B;IACrD,OAAO,CAAC,iBAAiB,CAAoC;gBAEjD,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;YAKvD,OAAO;YAOP,aAAa;IAQ3B;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,0BAA0B,CAAC;CAkE3G"}

package/dist/src/token-verifier.service.js

@@ -35,6 +35,24 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TokenVerifierService = void 0;
 const core_1 = require("@nauth-toolkit/core");
+/**
+ * Token Verifier Service for Google OAuth (Platform-Agnostic)
+ *
+ * Handles secure verification of Google ID tokens using JWKS public keys.
+ * Uses cryptographic signature verification to ensure tokens are authentic.
+ *
+ * Security Features:
+ * - Google: Verifies JWT signature with Google's JWKS public keys using jwks-rsa
+ *
+ * This is a plain TypeScript class with no framework dependencies.
+ *
+ * @example
+ * ```typescript
+ * const verifier = new TokenVerifierService(config);
+ * const profile = await verifier.verifyGoogleToken(idToken, clientId);
+ * console.log(profile.email); // Verified email from Google
+ * ```
+ */
 class TokenVerifierService {
     googleJWKS = null;
     logger;
@@ -54,15 +72,39 @@ class TokenVerifierService {
         if (this.googleJWKS)
             return this.googleJWKS;
         const jose = await this.getJose();
+        // Initialize Google Remote JWKS (fetched and cached by jose)
         this.googleJWKS = jose.createRemoteJWKSet(new URL('https://www.googleapis.com/oauth2/v3/certs'));
         return this.googleJWKS;
     }
+    /**
+     * Verify Google ID token with JWT signature validation
+     *
+     * Fetches Google's public keys from their JWKS endpoint and verifies the
+     * JWT signature to ensure authenticity.
+     *
+     * @param idToken - ID token from Google OAuth
+     * @param clientId - Google OAuth client ID for audience validation (supports multiple IDs)
+     * @returns Verified user profile data
+     * @throws {BadRequestException} When token is invalid, expired, or signature fails
+     *
+     * @example
+     * ```typescript
+     * try {
+     *   const profile = await verifier.verifyGoogleToken(idToken, ['web-client-id', 'ios-client-id']);
+     *   console.log(`Verified email: ${profile.email}`);
+     * } catch (error) {
+     *   console.error('Token verification failed:', error.message);
+     * }
+     * ```
+     */
     async verifyGoogleToken(idToken, clientId) {
         try {
             const jose = await this.getJose();
             const googleJWKS = await this.getGoogleJWKS();
+            // Support multiple client IDs (web, iOS, Android)
             const clientIds = Array.isArray(clientId) ? clientId : [clientId];
             this.logger?.debug?.(`[TokenVerifier] Verifying Google token with ${clientIds.length} accepted client ID(s)`);
+            // Verify token with jose using Google's JWKS; try each audience if multiple provided
             let verified;
             let lastError;
             for (const aud of clientIds) {
@@ -70,7 +112,7 @@ class TokenVerifierService {
                     verified = await jose.jwtVerify(idToken, googleJWKS, {
                         issuer: 'https://accounts.google.com',
                         audience: aud,
-                        clockTolerance: 300,
+                        clockTolerance: 300, // 5 minutes leeway
                     });
                     break;
                 }
@@ -86,6 +128,7 @@ class TokenVerifierService {
             if (!payload.email_verified) {
                 throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_EMAIL_REQUIRED, 'Google email not verified');
             }
+            // Validate required fields (sub and email are required by JWT spec and Google tokens)
             if (!payload.sub || !payload.email) {
                 throw new core_1.NAuthException(core_1.AuthErrorCode.SOCIAL_TOKEN_INVALID, 'Missing required fields in Google token (sub or email)');
             }

package/dist/src/token-verifier.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"token-verifier.service.js","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,8CAAqH;AA6BrH,MAAa,oBAAoB;IACvB,UAAU,GAAwD,IAAI,CAAC;IAC9D,MAAM,CAAc;IACpB,QAAQ,CAA4B;IAC7C,iBAAiB,GAA+B,IAAI,CAAC;IAE7D,YAAY,MAAmB,EAAE,QAAoC;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAqB,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,kDAAO,MAAM,GAAwB,CAAC,CAAC;IAC5E,CAAC;IAEO,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QAElC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,4CAA4C,CAAC,CAAC,CAAC;QACjG,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAuBD,KAAK,CAAC,iBAAiB,CAAC,OAAe,EAAE,QAA2B;QAClE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAG9C,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,+CAA+C,SAAS,CAAC,MAAM,wBAAwB,CAAC,CAAC;YAG9G,IAAI,QAA6C,CAAC;YAClD,IAAI,SAAkB,CAAC;YACvB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,IAAI,CAAC;oBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,UAAU,EAAE;wBACnD,MAAM,EAAE,6BAA6B;wBACrC,QAAQ,EAAE,GAAG;wBACb,cAAc,EAAE,GAAG;qBACpB,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,SAAS,GAAG,GAAG,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,GAAG,GAAG,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC7E,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,4BAA4B,GAAG,EAAE,CAAC,CAAC;YAClG,CAAC;YAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAMxB,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC5B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,2BAA2B,CAAC,CAAC;YAC7F,CAAC;YAGD,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnC,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,oBAAoB,EAClC,wDAAwD,CACzD,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,mDAAmD,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAEvF,OAAO;gBACL,GAAG,EAAE,OAAO,CAAC,GAAa;gBAC1B,KAAK,EAAE,OAAO,CAAC,KAAe;gBAC9B,cAAc,EAAE,OAAO,CAAC,cAAyB;gBACjD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,qDAAqD,YAAY,EAAE,CAAC,CAAC;YAC1F,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,qCAAqC,YAAY,EAAE,CAAC,CAAC;QACpH,CAAC;IACH,CAAC;CACF;AAjHD,oDAiHC"}
+{"version":3,"file":"token-verifier.service.js","sourceRoot":"","sources":["../../src/token-verifier.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AACA,8CAAqH;AAWrH;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,oBAAoB;IACvB,UAAU,GAAwD,IAAI,CAAC;IAC9D,MAAM,CAAc;IACpB,QAAQ,CAA4B;IAC7C,iBAAiB,GAA+B,IAAI,CAAC;IAE7D,YAAY,MAAmB,EAAE,QAAoC;QACnE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAqB,CAAC;QAC3C,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,CAAC,GAAG,EAAE,CAAC,kDAAO,MAAM,GAAwB,CAAC,CAAC;IAC5E,CAAC;IAEO,KAAK,CAAC,OAAO;QACnB,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC5B,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC;IACtC,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QAClC,6DAA6D;QAC7D,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,4CAA4C,CAAC,CAAC,CAAC;QACjG,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,KAAK,CAAC,iBAAiB,CAAC,OAAe,EAAE,QAA2B;QAClE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAE9C,kDAAkD;YAClD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,+CAA+C,SAAS,CAAC,MAAM,wBAAwB,CAAC,CAAC;YAE9G,qFAAqF;YACrF,IAAI,QAA6C,CAAC;YAClD,IAAI,SAAkB,CAAC;YACvB,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;gBAC5B,IAAI,CAAC;oBACH,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,UAAU,EAAE;wBACnD,MAAM,EAAE,6BAA6B;wBACrC,QAAQ,EAAE,GAAG;wBACb,cAAc,EAAE,GAAG,EAAE,mBAAmB;qBACzC,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,SAAS,GAAG,GAAG,CAAC;gBAClB,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,GAAG,GAAG,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;gBAC7E,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,4BAA4B,GAAG,EAAE,CAAC,CAAC;YAClG,CAAC;YAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAMxB,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC5B,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,qBAAqB,EAAE,2BAA2B,CAAC,CAAC;YAC7F,CAAC;YAED,sFAAsF;YACtF,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnC,MAAM,IAAI,qBAAc,CACtB,oBAAa,CAAC,oBAAoB,EAClC,wDAAwD,CACzD,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,mDAAmD,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAEvF,OAAO;gBACL,GAAG,EAAE,OAAO,CAAC,GAAa;gBAC1B,KAAK,EAAE,OAAO,CAAC,KAAe;gBAC9B,cAAc,EAAE,OAAO,CAAC,cAAyB;gBACjD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,qDAAqD,YAAY,EAAE,CAAC,CAAC;YAC1F,MAAM,IAAI,qBAAc,CAAC,oBAAa,CAAC,oBAAoB,EAAE,qCAAqC,YAAY,EAAE,CAAC,CAAC;QACpH,CAAC;IACH,CAAC;CACF;AAjHD,oDAiHC"}

package/dist/src/verified-token-profile.interface.d.ts

@@ -1,9 +1,33 @@
+/**
+ * Verified Token Profile - Google OAuth
+ *
+ * Standardized return type for Google token verification.
+ * This is provider-specific and should not be in core.
+ */
 export interface VerifiedGoogleTokenProfile {
+    /**
+     * Google user ID (sub claim)
+     */
     sub: string;
+    /**
+     * User's email address
+     */
     email: string;
+    /**
+     * Whether the email is verified by Google
+     */
     email_verified: boolean;
+    /**
+     * User's first name (given name)
+     */
     given_name?: string;
+    /**
+     * User's last name (family name)
+     */
     family_name?: string;
+    /**
+     * User's profile picture URL
+     */
     picture?: string;
 }
 //# sourceMappingURL=verified-token-profile.interface.d.ts.map

package/dist/src/verified-token-profile.interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verified-token-profile.interface.d.ts","sourceRoot":"","sources":["../../src/verified-token-profile.interface.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,0BAA0B;IAIzC,GAAG,EAAE,MAAM,CAAC;IAKZ,KAAK,EAAE,MAAM,CAAC;IAKd,cAAc,EAAE,OAAO,CAAC;IAKxB,UAAU,CAAC,EAAE,MAAM,CAAC;IAKpB,WAAW,CAAC,EAAE,MAAM,CAAC;IAKrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}
+{"version":3,"file":"verified-token-profile.interface.d.ts","sourceRoot":"","sources":["../../src/verified-token-profile.interface.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,0BAA0B;IACzC;;OAEG;IACH,GAAG,EAAE,MAAM,CAAC;IAEZ;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,cAAc,EAAE,OAAO,CAAC;IAExB;;OAEG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB"}