@opentdf/sdk 0.13.0 → 0.14.0-beta.134

package/dist/cjs/src/auth/token-providers.js

@@ -0,0 +1,247 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.clientCredentialsTokenProvider = clientCredentialsTokenProvider;
+exports.refreshTokenProvider = refreshTokenProvider;
+exports.externalJwtTokenProvider = externalJwtTokenProvider;
+const errors_js_1 = require("../errors.js");
+const utils_js_1 = require("../utils.js");
+function resolveTokenEndpoint(oidcOrigin, override) {
+    if (override?.trim())
+        return override;
+    const base = oidcOrigin?.trim();
+    if (!base) {
+        throw new errors_js_1.ConfigurationError('oidcOrigin or oidcTokenEndpoint is required');
+    }
+    return `${(0, utils_js_1.rstrip)(base, '/')}/protocol/openid-connect/token`;
+}
+/**
+ * Decode a JWT's exp claim without verifying the signature.
+ * Returns the expiration time in seconds since epoch, or undefined if not present.
+ */
+function getJwtExpiration(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return undefined;
+        // Base64url decode the payload
+        const payload = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+        const padded = payload + '='.repeat((4 - (payload.length % 4)) % 4);
+        const decoded = JSON.parse(atob(padded));
+        return typeof decoded.exp === 'number' ? decoded.exp : undefined;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Compute the absolute expiry (seconds since epoch) for a token response.
+ * Prefers `expires_in` from the token response, falls back to the JWT `exp` claim.
+ */
+function resolveTokenExpiry(accessToken, expiresIn) {
+    if (typeof expiresIn === 'number') {
+        return Date.now() / 1000 + expiresIn;
+    }
+    return getJwtExpiration(accessToken);
+}
+function isTokenExpired(expiry, bufferSeconds = 30) {
+    if (expiry === undefined)
+        return true;
+    return Date.now() / 1000 >= expiry - bufferSeconds;
+}
+async function fetchToken(tokenEndpoint, body) {
+    const response = await fetch(tokenEndpoint, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: new URLSearchParams(body).toString(),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new errors_js_1.TdfError(`Token request failed: POST [${tokenEndpoint}] => ${response.status} ${response.statusText}: ${text}`);
+    }
+    return (await response.json());
+}
+/**
+ * Creates a TokenProvider that obtains tokens via the OAuth2 client credentials grant.
+ * Tokens are cached and automatically refreshed when expired.
+ *
+ * **Not for browser use.** Client secrets must not be exposed in client-side code.
+ * Use this only in server-side (Node.js/Deno) environments.
+ *
+ * @example
+ * ```ts
+ * const client = new OpenTDF({
+ *   interceptors: [authTokenInterceptor(clientCredentialsTokenProvider({
+ *     clientId: 'opentdf',
+ *     clientSecret: 'secret',
+ *     oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
+ *   }))],
+ *   platformUrl: 'http://localhost:8080',
+ * });
+ * ```
+ */
+function clientCredentialsTokenProvider(options) {
+    if (!options.clientId || !options.clientSecret) {
+        throw new errors_js_1.ConfigurationError('clientId and clientSecret are required');
+    }
+    const tokenEndpoint = resolveTokenEndpoint(options.oidcOrigin, options.oidcTokenEndpoint);
+    let cachedToken;
+    let cachedExpiry;
+    let inFlight;
+    return async () => {
+        if (cachedToken && !isTokenExpired(cachedExpiry)) {
+            return cachedToken;
+        }
+        if (!inFlight) {
+            inFlight = (async () => {
+                try {
+                    const resp = await fetchToken(tokenEndpoint, {
+                        grant_type: 'client_credentials',
+                        client_id: options.clientId,
+                        client_secret: options.clientSecret,
+                    });
+                    cachedToken = resp.access_token;
+                    cachedExpiry = resolveTokenExpiry(resp.access_token, resp.expires_in);
+                    return cachedToken;
+                }
+                finally {
+                    inFlight = undefined;
+                }
+            })();
+        }
+        return inFlight;
+    };
+}
+/**
+ * Creates a TokenProvider that uses a refresh token to obtain access tokens.
+ * On the first call, exchanges the refresh token. Subsequent calls use the
+ * latest refresh token from the IdP response.
+ *
+ * @example
+ * ```ts
+ * const client = new OpenTDF({
+ *   interceptors: [authTokenInterceptor(refreshTokenProvider({
+ *     clientId: 'my-app',
+ *     refreshToken: 'refresh-token-from-login',
+ *     oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
+ *   }))],
+ *   platformUrl: 'http://localhost:8080',
+ * });
+ * ```
+ */
+function refreshTokenProvider(options) {
+    if (!options.clientId || !options.refreshToken) {
+        throw new errors_js_1.ConfigurationError('clientId and refreshToken are required');
+    }
+    const tokenEndpoint = resolveTokenEndpoint(options.oidcOrigin, options.oidcTokenEndpoint);
+    let currentRefreshToken = options.refreshToken;
+    let cachedToken;
+    let cachedExpiry;
+    let inFlight;
+    return async () => {
+        if (cachedToken && !isTokenExpired(cachedExpiry)) {
+            return cachedToken;
+        }
+        if (!inFlight) {
+            inFlight = (async () => {
+                try {
+                    const resp = await fetchToken(tokenEndpoint, {
+                        grant_type: 'refresh_token',
+                        refresh_token: currentRefreshToken,
+                        client_id: options.clientId,
+                    });
+                    cachedToken = resp.access_token;
+                    cachedExpiry = resolveTokenExpiry(resp.access_token, resp.expires_in);
+                    if (resp.refresh_token) {
+                        currentRefreshToken = resp.refresh_token;
+                    }
+                    return cachedToken;
+                }
+                finally {
+                    inFlight = undefined;
+                }
+            })();
+        }
+        return inFlight;
+    };
+}
+/**
+ * Creates a TokenProvider that exchanges an external JWT for a platform token
+ * via RFC 8693 token exchange. After the initial exchange, uses the refresh
+ * token for subsequent calls.
+ *
+ * @example
+ * ```ts
+ * const client = new OpenTDF({
+ *   interceptors: [authTokenInterceptor(externalJwtTokenProvider({
+ *     clientId: 'my-app',
+ *     externalJwt: 'eyJhbGciOi...',
+ *     oidcOrigin: 'http://localhost:8080/auth/realms/opentdf',
+ *   }))],
+ *   platformUrl: 'http://localhost:8080',
+ * });
+ * ```
+ */
+function externalJwtTokenProvider(options) {
+    if (!options.clientId || !options.externalJwt) {
+        throw new errors_js_1.ConfigurationError('clientId and externalJwt are required');
+    }
+    const tokenEndpoint = resolveTokenEndpoint(options.oidcOrigin, options.oidcTokenEndpoint);
+    let cachedToken;
+    let cachedExpiry;
+    let currentRefreshToken;
+    let initialExchangeDone = false;
+    let inFlight;
+    return async () => {
+        if (cachedToken && !isTokenExpired(cachedExpiry)) {
+            return cachedToken;
+        }
+        if (!inFlight) {
+            inFlight = (async () => {
+                try {
+                    let resp;
+                    if (!initialExchangeDone) {
+                        resp = await fetchToken(tokenEndpoint, {
+                            grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
+                            subject_token: options.externalJwt,
+                            subject_token_type: 'urn:ietf:params:oauth:token-type:jwt',
+                            audience: options.clientId,
+                            client_id: options.clientId,
+                        });
+                        initialExchangeDone = true;
+                    }
+                    else if (currentRefreshToken) {
+                        resp = await fetchToken(tokenEndpoint, {
+                            grant_type: 'refresh_token',
+                            refresh_token: currentRefreshToken,
+                            client_id: options.clientId,
+                        });
+                    }
+                    else {
+                        // Re-exchange the original JWT if no refresh token available
+                        resp = await fetchToken(tokenEndpoint, {
+                            grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange',
+                            subject_token: options.externalJwt,
+                            subject_token_type: 'urn:ietf:params:oauth:token-type:jwt',
+                            audience: options.clientId,
+                            client_id: options.clientId,
+                        });
+                    }
+                    cachedToken = resp.access_token;
+                    cachedExpiry = resolveTokenExpiry(resp.access_token, resp.expires_in);
+                    if (resp.refresh_token) {
+                        currentRefreshToken = resp.refresh_token;
+                    }
+                    return cachedToken;
+                }
+                finally {
+                    inFlight = undefined;
+                }
+            })();
+        }
+        return inFlight;
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidG9rZW4tcHJvdmlkZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2F1dGgvdG9rZW4tcHJvdmlkZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBMElBLHdFQWlDQztBQW1CRCxvREFtQ0M7QUFtQkQsNERBMERDO0FBN1NELDRDQUE0RDtBQUM1RCwwQ0FBcUM7QUFxRHJDLFNBQVMsb0JBQW9CLENBQUMsVUFBa0IsRUFBRSxRQUFpQjtJQUNqRSxJQUFJLFFBQVEsRUFBRSxJQUFJLEVBQUU7UUFBRSxPQUFPLFFBQVEsQ0FBQztJQUN0QyxNQUFNLElBQUksR0FBRyxVQUFVLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDaEMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ1YsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDZDQUE2QyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUNELE9BQU8sR0FBRyxJQUFBLGlCQUFNLEVBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxnQ0FBZ0MsQ0FBQztBQUM5RCxDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsU0FBUyxnQkFBZ0IsQ0FBQyxLQUFhO0lBQ3JDLElBQUksQ0FBQztRQUNILE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDL0IsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLFNBQVMsQ0FBQztRQUN6QywrQkFBK0I7UUFDL0IsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMvRCxNQUFNLE1BQU0sR0FBRyxPQUFPLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUNwRSxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQ3pDLE9BQU8sT0FBTyxPQUFPLENBQUMsR0FBRyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO0lBQ25FLENBQUM7SUFBQyxNQUFNLENBQUM7UUFDUCxPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7R0FHRztBQUNILFNBQVMsa0JBQWtCLENBQUMsV0FBbUIsRUFBRSxTQUFrQjtJQUNqRSxJQUFJLE9BQU8sU0FBUyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksR0FBRyxTQUFTLENBQUM7SUFDdkMsQ0FBQztJQUNELE9BQU8sZ0JBQWdCLENBQUMsV0FBVyxDQUFDLENBQUM7QUFDdkMsQ0FBQztBQUVELFNBQVMsY0FBYyxDQUFDLE1BQTBCLEVBQUUsYUFBYSxHQUFHLEVBQUU7SUFDcEUsSUFBSSxNQUFNLEtBQUssU0FBUztRQUFFLE9BQU8sSUFBSSxDQUFDO0lBQ3RDLE9BQU8sSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksSUFBSSxNQUFNLEdBQUcsYUFBYSxDQUFDO0FBQ3JELENBQUM7QUFFRCxLQUFLLFVBQVUsVUFBVSxDQUN2QixhQUFxQixFQUNyQixJQUE0QjtJQUU1QixNQUFNLFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxhQUFhLEVBQUU7UUFDMUMsTUFBTSxFQUFFLE1BQU07UUFDZCxPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsbUNBQW1DO1lBQ25ELE1BQU0sRUFBRSxrQkFBa0I7U0FDM0I7UUFDRCxJQUFJLEVBQUUsSUFBSSxlQUFlLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxFQUFFO0tBQzNDLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLEdBQUcsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDbkMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLCtCQUErQixhQUFhLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxLQUFLLElBQUksRUFBRSxDQUN0RyxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQyxJQUFJLEVBQUUsQ0FBa0IsQ0FBQztBQUNsRCxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQWtCRztBQUNILFNBQWdCLDhCQUE4QixDQUM1QyxPQUE4QztJQUU5QyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztRQUMvQyxNQUFNLElBQUksOEJBQWtCLENBQUMsd0NBQXdDLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBQ0QsTUFBTSxhQUFhLEdBQUcsb0JBQW9CLENBQUMsT0FBTyxDQUFDLFVBQVUsRUFBRSxPQUFPLENBQUMsaUJBQWlCLENBQUMsQ0FBQztJQUMxRixJQUFJLFdBQStCLENBQUM7SUFDcEMsSUFBSSxZQUFnQyxDQUFDO0lBQ3JDLElBQUksUUFBcUMsQ0FBQztJQUUxQyxPQUFPLEtBQUssSUFBSSxFQUFFO1FBQ2hCLElBQUksV0FBVyxJQUFJLENBQUMsY0FBYyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUM7WUFDakQsT0FBTyxXQUFXLENBQUM7UUFDckIsQ0FBQztRQUNELElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNkLFFBQVEsR0FBRyxDQUFDLEtBQUssSUFBSSxFQUFFO2dCQUNyQixJQUFJLENBQUM7b0JBQ0gsTUFBTSxJQUFJLEdBQUcsTUFBTSxVQUFVLENBQUMsYUFBYSxFQUFFO3dCQUMzQyxVQUFVLEVBQUUsb0JBQW9CO3dCQUNoQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFFBQVE7d0JBQzNCLGFBQWEsRUFBRSxPQUFPLENBQUMsWUFBWTtxQkFDcEMsQ0FBQyxDQUFDO29CQUNILFdBQVcsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDO29CQUNoQyxZQUFZLEdBQUcsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7b0JBQ3RFLE9BQU8sV0FBVyxDQUFDO2dCQUNyQixDQUFDO3dCQUFTLENBQUM7b0JBQ1QsUUFBUSxHQUFHLFNBQVMsQ0FBQztnQkFDdkIsQ0FBQztZQUNILENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDUCxDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7Ozs7O0dBZ0JHO0FBQ0gsU0FBZ0Isb0JBQW9CLENBQUMsT0FBb0M7SUFDdkUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDL0MsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHdDQUF3QyxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUNELE1BQU0sYUFBYSxHQUFHLG9CQUFvQixDQUFDLE9BQU8sQ0FBQyxVQUFVLEVBQUUsT0FBTyxDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDMUYsSUFBSSxtQkFBbUIsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDO0lBQy9DLElBQUksV0FBK0IsQ0FBQztJQUNwQyxJQUFJLFlBQWdDLENBQUM7SUFDckMsSUFBSSxRQUFxQyxDQUFDO0lBRTFDLE9BQU8sS0FBSyxJQUFJLEVBQUU7UUFDaEIsSUFBSSxXQUFXLElBQUksQ0FBQyxjQUFjLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQztZQUNqRCxPQUFPLFdBQVcsQ0FBQztRQUNyQixDQUFDO1FBQ0QsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2QsUUFBUSxHQUFHLENBQUMsS0FBSyxJQUFJLEVBQUU7Z0JBQ3JCLElBQUksQ0FBQztvQkFDSCxNQUFNLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxhQUFhLEVBQUU7d0JBQzNDLFVBQVUsRUFBRSxlQUFlO3dCQUMzQixhQUFhLEVBQUUsbUJBQW1CO3dCQUNsQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFFBQVE7cUJBQzVCLENBQUMsQ0FBQztvQkFDSCxXQUFXLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztvQkFDaEMsWUFBWSxHQUFHLGtCQUFrQixDQUFDLElBQUksQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUFDO29CQUN0RSxJQUFJLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQzt3QkFDdkIsbUJBQW1CLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQztvQkFDM0MsQ0FBQztvQkFDRCxPQUFPLFdBQVcsQ0FBQztnQkFDckIsQ0FBQzt3QkFBUyxDQUFDO29CQUNULFFBQVEsR0FBRyxTQUFTLENBQUM7Z0JBQ3ZCLENBQUM7WUFDSCxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ1AsQ0FBQztRQUNELE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7OztHQWdCRztBQUNILFNBQWdCLHdCQUF3QixDQUFDLE9BQXdDO0lBQy9FLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLENBQUMsT0FBTyxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQzlDLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO0lBQ3hFLENBQUM7SUFDRCxNQUFNLGFBQWEsR0FBRyxvQkFBb0IsQ0FBQyxPQUFPLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQzFGLElBQUksV0FBK0IsQ0FBQztJQUNwQyxJQUFJLFlBQWdDLENBQUM7SUFDckMsSUFBSSxtQkFBdUMsQ0FBQztJQUM1QyxJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztJQUNoQyxJQUFJLFFBQXFDLENBQUM7SUFFMUMsT0FBTyxLQUFLLElBQUksRUFBRTtRQUNoQixJQUFJLFdBQVcsSUFBSSxDQUFDLGNBQWMsQ0FBQyxZQUFZLENBQUMsRUFBRSxDQUFDO1lBQ2pELE9BQU8sV0FBVyxDQUFDO1FBQ3JCLENBQUM7UUFDRCxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDZCxRQUFRLEdBQUcsQ0FBQyxLQUFLLElBQUksRUFBRTtnQkFDckIsSUFBSSxDQUFDO29CQUNILElBQUksSUFBbUIsQ0FBQztvQkFDeEIsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7d0JBQ3pCLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxhQUFhLEVBQUU7NEJBQ3JDLFVBQVUsRUFBRSxpREFBaUQ7NEJBQzdELGFBQWEsRUFBRSxPQUFPLENBQUMsV0FBVzs0QkFDbEMsa0JBQWtCLEVBQUUsc0NBQXNDOzRCQUMxRCxRQUFRLEVBQUUsT0FBTyxDQUFDLFFBQVE7NEJBQzFCLFNBQVMsRUFBRSxPQUFPLENBQUMsUUFBUTt5QkFDNUIsQ0FBQyxDQUFDO3dCQUNILG1CQUFtQixHQUFHLElBQUksQ0FBQztvQkFDN0IsQ0FBQzt5QkFBTSxJQUFJLG1CQUFtQixFQUFFLENBQUM7d0JBQy9CLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxhQUFhLEVBQUU7NEJBQ3JDLFVBQVUsRUFBRSxlQUFlOzRCQUMzQixhQUFhLEVBQUUsbUJBQW1COzRCQUNsQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFFBQVE7eUJBQzVCLENBQUMsQ0FBQztvQkFDTCxDQUFDO3lCQUFNLENBQUM7d0JBQ04sNkRBQTZEO3dCQUM3RCxJQUFJLEdBQUcsTUFBTSxVQUFVLENBQUMsYUFBYSxFQUFFOzRCQUNyQyxVQUFVLEVBQUUsaURBQWlEOzRCQUM3RCxhQUFhLEVBQUUsT0FBTyxDQUFDLFdBQVc7NEJBQ2xDLGtCQUFrQixFQUFFLHNDQUFzQzs0QkFDMUQsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFROzRCQUMxQixTQUFTLEVBQUUsT0FBTyxDQUFDLFFBQVE7eUJBQzVCLENBQUMsQ0FBQztvQkFDTCxDQUFDO29CQUVELFdBQVcsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDO29CQUNoQyxZQUFZLEdBQUcsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7b0JBQ3RFLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO3dCQUN2QixtQkFBbUIsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDO29CQUMzQyxDQUFDO29CQUNELE9BQU8sV0FBVyxDQUFDO2dCQUNyQixDQUFDO3dCQUFTLENBQUM7b0JBQ1QsUUFBUSxHQUFHLFNBQVMsQ0FBQztnQkFDdkIsQ0FBQztZQUNILENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDUCxDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUM7SUFDbEIsQ0FBQyxDQUFDO0FBQ0osQ0FBQyJ9

package/dist/cjs/src/index.js

@@ -36,13 +36,27 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ConfigurationError = exports.AttributeNotFoundError = exports.AttributeValidationError = exports.NetworkError = exports.DecryptError = exports.InvalidFileError = exports.IntegrityError = exports.PermissionDeniedError = exports.TdfError = exports.PlatformClient = exports.tdfSpecVersion = exports.clientType = exports.version = exports.attributeValueExists = exports.attributeExists = exports.validateAttributes = exports.listAttributes = exports.attributeFQNsAsValues = exports.AuthProviders = exports.withHeaders = exports.HttpRequest = void 0;
+exports.ConfigurationError = exports.AttributeNotFoundError = exports.AttributeValidationError = exports.NetworkError = exports.DecryptError = exports.InvalidFileError = exports.IntegrityError = exports.PermissionDeniedError = exports.TdfError = exports.PlatformClient = exports.tdfSpecVersion = exports.clientType = exports.version = exports.attributeValueExists = exports.attributeExists = exports.validateAttributes = exports.listAttributes = exports.withRequestToken = exports.forToken = exports.forUserName = exports.forClientId = exports.forEmail = exports.attributeFQNsAsValues = exports.externalJwtTokenProvider = exports.refreshTokenProvider = exports.clientCredentialsTokenProvider = exports.authProviderInterceptor = exports.authTokenDPoPInterceptor = exports.authTokenInterceptor = exports.AuthProviders = exports.withHeaders = exports.HttpRequest = void 0;
 var auth_js_1 = require("./auth/auth.js");
 Object.defineProperty(exports, "HttpRequest", { enumerable: true, get: function () { return auth_js_1.HttpRequest; } });
 Object.defineProperty(exports, "withHeaders", { enumerable: true, get: function () { return auth_js_1.withHeaders; } });
 exports.AuthProviders = __importStar(require("./auth/providers.js"));
+var interceptors_js_1 = require("./auth/interceptors.js");
+Object.defineProperty(exports, "authTokenInterceptor", { enumerable: true, get: function () { return interceptors_js_1.authTokenInterceptor; } });
+Object.defineProperty(exports, "authTokenDPoPInterceptor", { enumerable: true, get: function () { return interceptors_js_1.authTokenDPoPInterceptor; } });
+Object.defineProperty(exports, "authProviderInterceptor", { enumerable: true, get: function () { return interceptors_js_1.authProviderInterceptor; } });
+var token_providers_js_1 = require("./auth/token-providers.js");
+Object.defineProperty(exports, "clientCredentialsTokenProvider", { enumerable: true, get: function () { return token_providers_js_1.clientCredentialsTokenProvider; } });
+Object.defineProperty(exports, "refreshTokenProvider", { enumerable: true, get: function () { return token_providers_js_1.refreshTokenProvider; } });
+Object.defineProperty(exports, "externalJwtTokenProvider", { enumerable: true, get: function () { return token_providers_js_1.externalJwtTokenProvider; } });
 var api_js_1 = require("./policy/api.js");
 Object.defineProperty(exports, "attributeFQNsAsValues", { enumerable: true, get: function () { return api_js_1.attributeFQNsAsValues; } });
+var entity_identifiers_js_1 = require("./platform/authorization/entity-identifiers.js");
+Object.defineProperty(exports, "forEmail", { enumerable: true, get: function () { return entity_identifiers_js_1.forEmail; } });
+Object.defineProperty(exports, "forClientId", { enumerable: true, get: function () { return entity_identifiers_js_1.forClientId; } });
+Object.defineProperty(exports, "forUserName", { enumerable: true, get: function () { return entity_identifiers_js_1.forUserName; } });
+Object.defineProperty(exports, "forToken", { enumerable: true, get: function () { return entity_identifiers_js_1.forToken; } });
+Object.defineProperty(exports, "withRequestToken", { enumerable: true, get: function () { return entity_identifiers_js_1.withRequestToken; } });
 var discovery_js_1 = require("./policy/discovery.js");
 Object.defineProperty(exports, "listAttributes", { enumerable: true, get: function () { return discovery_js_1.listAttributes; } });
 Object.defineProperty(exports, "validateAttributes", { enumerable: true, get: function () { return discovery_js_1.validateAttributes; } });
@@ -67,4 +81,4 @@ Object.defineProperty(exports, "AttributeNotFoundError", { enumerable: true, get
 Object.defineProperty(exports, "ConfigurationError", { enumerable: true, get: function () { return errors_js_1.ConfigurationError; } });
 __exportStar(require("./seekable.js"), exports);
 __exportStar(require("../tdf3/src/models/index.js"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMENBQThGO0FBQWpELHNHQUFBLFdBQVcsT0FBQTtBQUFFLHNHQUFBLFdBQVcsT0FBQTtBQUNyRSxxRUFBcUQ7QUFDckQsMENBQXdEO0FBQS9DLCtHQUFBLHFCQUFxQixPQUFBO0FBQzlCLHNEQUsrQjtBQUo3Qiw4R0FBQSxjQUFjLE9BQUE7QUFDZCxrSEFBQSxrQkFBa0IsT0FBQTtBQUNsQiwrR0FBQSxlQUFlLE9BQUE7QUFDZixvSEFBQSxvQkFBb0IsT0FBQTtBQUV0QiwyQ0FBbUU7QUFBMUQscUdBQUEsT0FBTyxPQUFBO0FBQUUsd0dBQUEsVUFBVSxPQUFBO0FBQUUsNEdBQUEsY0FBYyxPQUFBO0FBQzVDLDZDQUFrRztBQUF6Riw2R0FBQSxjQUFjLE9BQUE7QUFDdkIsK0NBQTZCO0FBQzdCLHlDQVVxQjtBQVRuQixxR0FBQSxRQUFRLE9BQUE7QUFDUixrSEFBQSxxQkFBcUIsT0FBQTtBQUNyQiwyR0FBQSxjQUFjLE9BQUE7QUFDZCw2R0FBQSxnQkFBZ0IsT0FBQTtBQUNoQix5R0FBQSxZQUFZLE9BQUE7QUFDWix5R0FBQSxZQUFZLE9BQUE7QUFDWixxSEFBQSx3QkFBd0IsT0FBQTtBQUN4QixtSEFBQSxzQkFBc0IsT0FBQTtBQUN0QiwrR0FBQSxrQkFBa0IsT0FBQTtBQUVwQixnREFBOEI7QUFDOUIsOERBQTRDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsMENBQThGO0FBQWpELHNHQUFBLFdBQVcsT0FBQTtBQUFFLHNHQUFBLFdBQVcsT0FBQTtBQUNyRSxxRUFBcUQ7QUFDckQsMERBU2dDO0FBUjlCLHVIQUFBLG9CQUFvQixPQUFBO0FBQ3BCLDJIQUFBLHdCQUF3QixPQUFBO0FBQ3hCLDBIQUFBLHVCQUF1QixPQUFBO0FBT3pCLGdFQU9tQztBQU5qQyxvSUFBQSw4QkFBOEIsT0FBQTtBQUM5QiwwSEFBQSxvQkFBb0IsT0FBQTtBQUNwQiw4SEFBQSx3QkFBd0IsT0FBQTtBQUsxQiwwQ0FBd0Q7QUFBL0MsK0dBQUEscUJBQXFCLE9BQUE7QUFDOUIsd0ZBTXdEO0FBTHRELGlIQUFBLFFBQVEsT0FBQTtBQUNSLG9IQUFBLFdBQVcsT0FBQTtBQUNYLG9IQUFBLFdBQVcsT0FBQTtBQUNYLGlIQUFBLFFBQVEsT0FBQTtBQUNSLHlIQUFBLGdCQUFnQixPQUFBO0FBRWxCLHNEQUsrQjtBQUo3Qiw4R0FBQSxjQUFjLE9BQUE7QUFDZCxrSEFBQSxrQkFBa0IsT0FBQTtBQUNsQiwrR0FBQSxlQUFlLE9BQUE7QUFDZixvSEFBQSxvQkFBb0IsT0FBQTtBQUV0QiwyQ0FBbUU7QUFBMUQscUdBQUEsT0FBTyxPQUFBO0FBQUUsd0dBQUEsVUFBVSxPQUFBO0FBQUUsNEdBQUEsY0FBYyxPQUFBO0FBQzVDLDZDQUFrRztBQUF6Riw2R0FBQSxjQUFjLE9BQUE7QUFDdkIsK0NBQTZCO0FBQzdCLHlDQVVxQjtBQVRuQixxR0FBQSxRQUFRLE9BQUE7QUFDUixrSEFBQSxxQkFBcUIsT0FBQTtBQUNyQiwyR0FBQSxjQUFjLE9BQUE7QUFDZCw2R0FBQSxnQkFBZ0IsT0FBQTtBQUNoQix5R0FBQSxZQUFZLE9BQUE7QUFDWix5R0FBQSxZQUFZLE9BQUE7QUFDWixxSEFBQSx3QkFBd0IsT0FBQTtBQUN4QixtSEFBQSxzQkFBc0IsT0FBQTtBQUN0QiwrR0FBQSxrQkFBa0IsT0FBQTtBQUVwQixnREFBOEI7QUFDOUIsOERBQTRDIn0=

package/dist/cjs/src/opentdf.js

@@ -52,18 +52,10 @@ const index_js_3 = require("./encodings/index.js");
  * It also requires a platform URL to be set, which is used to fetch key access servers and policies.
  * @example
  * ```
- * import { type Chunker, OpenTDF } from '@opentdf/sdk';
- *
- * const oidcCredentials: RefreshTokenCredentials = {
- *   clientId: keycloakClientId,
- *   exchange: 'refresh',
- *   refreshToken: refreshToken,
- *   oidcOrigin: keycloakUrl,
- * };
- * const authProvider = await AuthProviders.refreshAuthProvider(oidcCredentials);
+ * import { authTokenInterceptor, OpenTDF } from '@opentdf/sdk';
  *
  * const client = new OpenTDF({
- *   authProvider,
+ *   interceptors: [authTokenInterceptor(() => `${myAuth.token.accessToken}`)],
  *   platformUrl: 'https://platform.example.com',
  * });
  *
@@ -76,8 +68,12 @@ const index_js_3 = require("./encodings/index.js");
  * ```
  */
 class OpenTDF {
-    constructor({ authProvider, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
+    constructor({ authProvider, interceptors, dpopKeys, defaultCreateOptions, defaultReadOptions, disableDPoP, policyEndpoint, platformUrl, cryptoService, }) {
+        if (!authProvider && !interceptors?.length) {
+            throw new errors_js_1.ConfigurationError('Either authProvider or interceptors must be provided.');
+        }
         this.authProvider = authProvider;
+        this.interceptors = interceptors;
         this.defaultCreateOptions = defaultCreateOptions || {};
         this.defaultReadOptions = defaultReadOptions || {};
         this.dpopEnabled = !disableDPoP;
@@ -93,6 +89,7 @@ class OpenTDF {
         this.dpopKeys = dpopKeys ?? this.cryptoService.generateSigningKeyPair();
         this.tdf3Client = new index_js_2.Client({
             authProvider,
+            interceptors,
             dpopEnabled: this.dpopEnabled,
             dpopKeys: this.dpopEnabled ? this.dpopKeys : undefined,
             kasEndpoint: this.platformUrl || 'https://disallow.all.invalid',
@@ -100,21 +97,32 @@ class OpenTDF {
             policyEndpoint,
             cryptoService: this.cryptoService,
         });
-        // Eagerly bind DPoP keys to the auth provider so PlatformClient
-        // can make gRPC calls without waiting for a TDF operation first.
-        // Note: TDF3Client.createSessionKeys() also calls updateClientPublicKey
-        // with the same keys, but the duplicate call is benign —
-        // refreshTokenClaimsWithClientPubkeyIfNeeded short-circuits when
-        // the signing key hasn't changed.
-        this.ready = this.dpopEnabled
-            ? this.dpopKeys.then((keys) => authProvider.updateClientPublicKey(keys))
-            : Promise.resolve();
-        // Prevent unhandled rejection if caller doesn't await ready.
-        // The error will still surface via TDF3Client's own key binding
-        // when encrypt/decrypt is called.
-        this.ready.catch((err) => {
-            console.warn('OpenTDF: DPoP key binding failed during initialization:', err);
-        });
+        if (interceptors?.length && !authProvider) {
+            // Interceptor path: no updateClientPublicKey needed.
+            // DPoP key binding is handled by the interceptor itself.
+            this.ready = Promise.resolve();
+        }
+        else if (authProvider) {
+            // Legacy AuthProvider path: eagerly bind DPoP keys to the auth provider
+            // so PlatformClient can make gRPC calls without waiting for a TDF
+            // operation first.
+            // Note: TDF3Client.createSessionKeys() also calls updateClientPublicKey
+            // with the same keys, but the duplicate call is benign —
+            // refreshTokenClaimsWithClientPubkeyIfNeeded short-circuits when
+            // the signing key hasn't changed.
+            this.ready = this.dpopEnabled
+                ? this.dpopKeys.then((keys) => authProvider.updateClientPublicKey(keys))
+                : Promise.resolve();
+            // Prevent unhandled rejection if caller doesn't await ready.
+            // The error will still surface via TDF3Client's own key binding
+            // when encrypt/decrypt is called.
+            this.ready.catch((err) => {
+                console.warn('OpenTDF: DPoP key binding failed during initialization:', err);
+            });
+        }
+        else {
+            this.ready = Promise.resolve();
+        }
     }
     /** Creates a new TDF stream. */
     async createTDF(opts) {
@@ -243,21 +251,21 @@ class ZTDFReader {
             throw new errors_js_1.ConfigurationError('platformUrl is required when allowedKasEndpoints is empty');
         }
         const dpopKeys = await this.client.dpopKeys;
-        const { authProvider, cryptoService } = this.client;
-        if (!authProvider) {
-            throw new errors_js_1.ConfigurationError('authProvider is required');
+        const { auth, cryptoService } = this.client;
+        if (!auth) {
+            throw new errors_js_1.ConfigurationError('authProvider or interceptors are required');
         }
         let allowList;
         if (this.opts.allowedKASEndpoints?.length || this.opts.ignoreAllowlist) {
             allowList = new access_js_1.OriginAllowList(this.opts.allowedKASEndpoints || [], this.opts.ignoreAllowlist);
         }
         else if (this.opts.platformUrl) {
-            allowList = await (0, access_js_1.fetchKeyAccessServers)(this.opts.platformUrl, authProvider);
+            allowList = await (0, access_js_1.fetchKeyAccessServers)(this.opts.platformUrl, auth);
         }
         const overview = await this.overview;
         const oldStream = await (0, tdf_js_1.decryptStreamFrom)({
             allowList,
-            authProvider,
+            auth,
             chunker: this.source,
             concurrencyLimit: 1,
             cryptoService,
@@ -305,4 +313,4 @@ class ZTDFReader {
         return this.requiredObligations ?? { fqns: [] };
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUNBLDJDQUFtRTtBQUNuRSx3REFBbUU7QUFBMUQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLCtDQUFpRjtBQUNqRiwwREFBbUU7QUFFbkUsa0ZBQW9FO0FBTXBFLDJDQUtxQjtBQTZCbkIscUdBOUJBLGdDQUFvQixPQThCQTtBQXBCdEIsK0NBSzRCO0FBQzVCLG1EQUE4QztBQXNNOUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQThCRztBQUNILE1BQWEsT0FBTztJQXNCbEIsWUFBWSxFQUNWLFlBQVksRUFDWixRQUFRLEVBQ1Isb0JBQW9CLEVBQ3BCLGtCQUFrQixFQUNsQixXQUFXLEVBQ1gsY0FBYyxFQUNkLFdBQVcsRUFDWCxhQUFhLEdBQ0U7UUFDZixJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUNqQyxJQUFJLENBQUMsb0JBQW9CLEdBQUcsb0JBQW9CLElBQUksRUFBRSxDQUFDO1FBQ3ZELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxrQkFBa0IsSUFBSSxFQUFFLENBQUM7UUFDbkQsSUFBSSxDQUFDLFdBQVcsR0FBRyxDQUFDLFdBQVcsQ0FBQztRQUNoQyxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ2hCLElBQUksQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDO1FBQ2pDLENBQUM7YUFBTSxDQUFDO1lBQ04sT0FBTyxDQUFDLElBQUksQ0FDVix1SEFBdUgsQ0FDeEgsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLENBQUMsY0FBYyxHQUFHLGNBQWMsSUFBSSxFQUFFLENBQUM7UUFDM0MsSUFBSSxDQUFDLGFBQWEsR0FBRyxhQUFhLElBQUksb0JBQW9CLENBQUM7UUFDM0QsZ0VBQWdFO1FBQ2hFLElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztRQUN4RSxJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksaUJBQVUsQ0FBQztZQUMvQixZQUFZO1lBQ1osV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLFFBQVEsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3RELFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxJQUFJLDhCQUE4QjtZQUMvRCxXQUFXO1lBQ1gsY0FBYztZQUNkLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUNsQyxDQUFDLENBQUM7UUFDSCxnRUFBZ0U7UUFDaEUsaUVBQWlFO1FBQ2pFLHdFQUF3RTtRQUN4RSx5REFBeUQ7UUFDekQsaUVBQWlFO1FBQ2pFLGtDQUFrQztRQUNsQyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxXQUFXO1lBQzNCLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsWUFBWSxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxDQUFDO1lBQ3hFLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDdEIsNkRBQTZEO1FBQzdELGdFQUFnRTtRQUNoRSxrQ0FBa0M7UUFDbEMsSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUN2QixPQUFPLENBQUMsSUFBSSxDQUFDLHlEQUF5RCxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQy9FLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELGdDQUFnQztJQUNoQyxLQUFLLENBQUMsU0FBUyxDQUFDLElBQXNCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFVBQVUsQ0FBQyxJQUF1QjtRQUN0QyxJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUM7WUFDOUMsTUFBTSxFQUFFLE1BQU0sSUFBQSw0QkFBYyxFQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7WUFFekMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtZQUN2QyxhQUFhLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhO1lBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0I7WUFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixLQUFLLEVBQUU7Z0JBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQzVCO1lBQ0QsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixvQkFBb0IsRUFBRSxJQUFJLENBQUMsb0JBQW9CO1lBQy9DLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztTQUNwQyxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELHNEQUFzRDtJQUN0RCxJQUFJLENBQUMsSUFBaUI7UUFDcEIsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUMvQyxPQUFPLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFpQjtRQUMxQixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSztRQUNILGdEQUFnRDtJQUNsRCxDQUFDO0NBQ0Y7QUExSEQsMEJBMEhDO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBQSx3QkFBVSxFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLDRCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBQSxzQkFBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxZQUFZLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUNwRCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELElBQUksU0FBc0MsQ0FBQztRQUUzQyxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLEVBQUUsTUFBTSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDdkUsU0FBUyxHQUFHLElBQUksMkJBQWUsQ0FDN0IsSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLEVBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUMxQixDQUFDO1FBQ0osQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztZQUNqQyxTQUFTLEdBQUcsTUFBTSxJQUFBLGlDQUFxQixFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBQy9FLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFBLDBCQUFpQixFQUN2QztZQUNFLFNBQVM7WUFDVCxZQUFZO1lBQ1osT0FBTyxFQUFFLElBQUksQ0FBQyxNQUFNO1lBQ3BCLGdCQUFnQixFQUFFLENBQUM7WUFDbkIsYUFBYTtZQUNiLFFBQVE7WUFDUix1QkFBdUIsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyx1QkFBdUI7WUFDekUsYUFBYSxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFDN0IsZUFBZSxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLGVBQWU7WUFDekQseUJBQXlCO1lBQ3pCLGtCQUFrQjtZQUNsQixvQkFBb0I7WUFDcEIsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsSUFBSSxFQUFFO1NBQ2xFLEVBQ0QsUUFBUSxDQUNULENBQUM7UUFDRixJQUFJLENBQUMsbUJBQW1CLEdBQUc7WUFDekIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxXQUFXLEVBQUU7U0FDOUIsQ0FBQztRQUNGLE1BQU0sTUFBTSxHQUFvQixTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ2pELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDckQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUs7UUFDVCx5REFBeUQ7SUFDM0QsQ0FBQztJQUVELDRDQUE0QztJQUM1QyxLQUFLLENBQUMsUUFBUTtRQUNaLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxPQUFPLFFBQVEsQ0FBQyxRQUFRLENBQUM7SUFDM0IsQ0FBQztJQUVELDhDQUE4QztJQUM5QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sVUFBVSxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4RSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBVyxDQUFDO1FBQ2hELE9BQU8sTUFBTSxFQUFFLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVztRQUNmLElBQUksSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDN0IsT0FBTyxJQUFJLENBQUMsbUJBQW1CLENBQUM7UUFDbEMsQ0FBQztRQUNELE1BQU0sSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ3JCLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2xELENBQUM7Q0FDRiJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3BlbnRkZi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9vcGVudGRmLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUVBLDJDQUFtRTtBQUNuRSx3REFBbUU7QUFBMUQsc0dBQUEsTUFBTSxPQUFjO0FBQzdCLCtDQUFpRjtBQUNqRiwwREFBbUU7QUFFbkUsa0ZBQW9FO0FBTXBFLDJDQUtxQjtBQTZCbkIscUdBOUJBLGdDQUFvQixPQThCQTtBQXBCdEIsK0NBSzRCO0FBQzVCLG1EQUE4QztBQStNOUM7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FzQkc7QUFDSCxNQUFhLE9BQU87SUF3QmxCLFlBQVksRUFDVixZQUFZLEVBQ1osWUFBWSxFQUNaLFFBQVEsRUFDUixvQkFBb0IsRUFDcEIsa0JBQWtCLEVBQ2xCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsV0FBVyxFQUNYLGFBQWEsR0FDRTtRQUNmLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDM0MsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHVEQUF1RCxDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUNELElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxvQkFBb0IsR0FBRyxvQkFBb0IsSUFBSSxFQUFFLENBQUM7UUFDdkQsSUFBSSxDQUFDLGtCQUFrQixHQUFHLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsV0FBVyxHQUFHLENBQUMsV0FBVyxDQUFDO1FBQ2hDLElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsSUFBSSxDQUFDLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDakMsQ0FBQzthQUFNLENBQUM7WUFDTixPQUFPLENBQUMsSUFBSSxDQUNWLHVIQUF1SCxDQUN4SCxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxJQUFJLEVBQUUsQ0FBQztRQUMzQyxJQUFJLENBQUMsYUFBYSxHQUFHLGFBQWEsSUFBSSxvQkFBb0IsQ0FBQztRQUMzRCxnRUFBZ0U7UUFDaEUsSUFBSSxDQUFDLFFBQVEsR0FBRyxRQUFRLElBQUksSUFBSSxDQUFDLGFBQWEsQ0FBQyxzQkFBc0IsRUFBRSxDQUFDO1FBQ3hFLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxpQkFBVSxDQUFDO1lBQy9CLFlBQVk7WUFDWixZQUFZO1lBQ1osV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLFFBQVEsRUFBRSxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxTQUFTO1lBQ3RELFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVyxJQUFJLDhCQUE4QjtZQUMvRCxXQUFXO1lBQ1gsY0FBYztZQUNkLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYTtTQUNsQyxDQUFDLENBQUM7UUFFSCxJQUFJLFlBQVksRUFBRSxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUMxQyxxREFBcUQ7WUFDckQseURBQXlEO1lBQ3pELElBQUksQ0FBQyxLQUFLLEdBQUcsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ2pDLENBQUM7YUFBTSxJQUFJLFlBQVksRUFBRSxDQUFDO1lBQ3hCLHdFQUF3RTtZQUN4RSxrRUFBa0U7WUFDbEUsbUJBQW1CO1lBQ25CLHdFQUF3RTtZQUN4RSx5REFBeUQ7WUFDekQsaUVBQWlFO1lBQ2pFLGtDQUFrQztZQUNsQyxJQUFJLENBQUMsS0FBSyxHQUFHLElBQUksQ0FBQyxXQUFXO2dCQUMzQixDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLFlBQVksQ0FBQyxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDeEUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN0Qiw2REFBNkQ7WUFDN0QsZ0VBQWdFO1lBQ2hFLGtDQUFrQztZQUNsQyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO2dCQUN2QixPQUFPLENBQUMsSUFBSSxDQUFDLHlEQUF5RCxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQy9FLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQzthQUFNLENBQUM7WUFDTixJQUFJLENBQUMsS0FBSyxHQUFHLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNqQyxDQUFDO0lBQ0gsQ0FBQztJQUVELGdDQUFnQztJQUNoQyxLQUFLLENBQUMsU0FBUyxDQUFDLElBQXNCO1FBQ3BDLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMvQixDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLFVBQVUsQ0FBQyxJQUF1QjtRQUN0QyxJQUFJLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDO1FBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUM7WUFDOUMsTUFBTSxFQUFFLE1BQU0sSUFBQSw0QkFBYyxFQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7WUFFekMsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtZQUN2QyxhQUFhLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhO1lBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0I7WUFDM0MsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixLQUFLLEVBQUU7Z0JBQ0wsVUFBVSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQzVCO1lBQ0QsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixvQkFBb0IsRUFBRSxJQUFJLENBQUMsb0JBQW9CO1lBQy9DLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztTQUNwQyxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBb0IsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNqRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE1BQU0sQ0FBQyxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDdEQsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVELHNEQUFzRDtJQUN0RCxJQUFJLENBQUMsSUFBaUI7UUFDcEIsSUFBSSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUMvQyxPQUFPLElBQUksaUJBQWlCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQzNDLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFpQjtRQUMxQixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9CLE9BQU8sTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQzFCLENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSztRQUNILGdEQUFnRDtJQUNsRCxDQUFDO0NBQ0Y7QUE1SUQsMEJBNElDO0FBRUQsb0RBQW9EO0FBQ3BELE1BQU0saUJBQWlCO0lBR3JCLFlBQ1csS0FBYyxFQUNkLElBQWlCO1FBRGpCLFVBQUssR0FBTCxLQUFLLENBQVM7UUFDZCxTQUFJLEdBQUosSUFBSSxDQUFhO1FBSDVCLFVBQUssR0FBa0YsTUFBTSxDQUFDO1FBSzVGLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxzREFBc0Q7SUFDdEQsS0FBSyxDQUFDLFdBQVc7UUFDZixJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDbkQsQ0FBQztRQUNELElBQUksQ0FBQyxLQUFLLEdBQUcsV0FBVyxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBQSx3QkFBVSxFQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxNQUFNLEdBQUcsTUFBTSxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3JELElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ2pELENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsS0FBSyxJQUFJLElBQUksTUFBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdDLElBQUksQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDcEIsTUFBTSxJQUFJLDRCQUFnQixDQUFDLDZDQUE2QyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3BGLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDMUIsQ0FBQztJQUVELDZDQUE2QztJQUM3QyxLQUFLLENBQUMsVUFBVTtRQUNkLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNuQyxPQUFPLE1BQU0sQ0FBQyxVQUFVLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkNBQTJDO0lBQzNDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRCw0QkFBNEI7SUFDNUIsS0FBSyxDQUFDLEtBQUs7UUFDVCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTztRQUNULENBQUM7UUFDRCxJQUFJLElBQUksQ0FBQyxLQUFLLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDMUIsaUNBQWlDO1lBQ2pDLElBQUksQ0FBQyxLQUFLLEdBQUcsTUFBTSxDQUFDO1lBQ3BCLE9BQU87UUFDVCxDQUFDO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxTQUFTLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ25DLE9BQU8sTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDOUIsSUFBSSxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUM7UUFDdEIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDbkMsT0FBTyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7SUFDOUIsQ0FBQztDQUNGO0FBRUQsK0JBQStCO0FBQy9CLE1BQU0sVUFBVTtJQUlkLFlBQ1csTUFBa0IsRUFDbEIsSUFBaUIsRUFDakIsTUFBZTtRQUZmLFdBQU0sR0FBTixNQUFNLENBQVk7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBYTtRQUNqQixXQUFNLEdBQU4sTUFBTSxDQUFTO1FBRXhCLElBQUksQ0FBQyxRQUFRLEdBQUcsSUFBQSxzQkFBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLE9BQU87UUFDWCxNQUFNLEVBQ0oseUJBQXlCLEVBQ3pCLFFBQVEsRUFBRSxrQkFBa0IsRUFDNUIsb0JBQW9CLEdBQ3JCLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQztRQUVkLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLGVBQWUsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQzNGLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQzVGLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBRTVDLE1BQU0sRUFBRSxJQUFJLEVBQUUsYUFBYSxFQUFFLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQztRQUM1QyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDVixNQUFNLElBQUksOEJBQWtCLENBQUMsMkNBQTJDLENBQUMsQ0FBQztRQUM1RSxDQUFDO1FBRUQsSUFBSSxTQUFzQyxDQUFDO1FBRTNDLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsRUFBRSxNQUFNLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN2RSxTQUFTLEdBQUcsSUFBSSwyQkFBZSxDQUM3QixJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixJQUFJLEVBQUUsRUFDbkMsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQzFCLENBQUM7UUFDSixDQUFDO2FBQU0sSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2pDLFNBQVMsR0FBRyxNQUFNLElBQUEsaUNBQXFCLEVBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDdkUsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQztRQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUEsMEJBQWlCLEVBQ3ZDO1lBQ0UsU0FBUztZQUNULElBQUk7WUFDSixPQUFPLEVBQUUsSUFBSSxDQUFDLE1BQU07WUFDcEIsZ0JBQWdCLEVBQUUsQ0FBQztZQUNuQixhQUFhO1lBQ2IsUUFBUTtZQUNSLHVCQUF1QixFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLHVCQUF1QjtZQUN6RSxhQUFhLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM3QixlQUFlLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsZUFBZTtZQUN6RCx5QkFBeUI7WUFDekIsa0JBQWtCO1lBQ2xCLG9CQUFvQjtZQUNwQixzQkFBc0IsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLHlCQUF5QixJQUFJLEVBQUU7U0FDbEUsRUFDRCxRQUFRLENBQ1QsQ0FBQztRQUNGLElBQUksQ0FBQyxtQkFBbUIsR0FBRztZQUN6QixJQUFJLEVBQUUsU0FBUyxDQUFDLFdBQVcsRUFBRTtTQUM5QixDQUFDO1FBQ0YsTUFBTSxNQUFNLEdBQW9CLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDakQsTUFBTSxDQUFDLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNyRCxNQUFNLENBQUMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3RELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSztRQUNULHlEQUF5RDtJQUMzRCxDQUFDO0lBRUQsNENBQTRDO0lBQzVDLEtBQUssQ0FBQyxRQUFRO1FBQ1osTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDO1FBQ3JDLE9BQU8sUUFBUSxDQUFDLFFBQVEsQ0FBQztJQUMzQixDQUFDO0lBRUQsOENBQThDO0lBQzlDLEtBQUssQ0FBQyxVQUFVO1FBQ2QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDdkMsTUFBTSxVQUFVLEdBQUcsaUJBQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3hFLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFXLENBQUM7UUFDaEQsT0FBTyxNQUFNLEVBQUUsSUFBSSxFQUFFLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDcEUsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxXQUFXO1FBQ2YsSUFBSSxJQUFJLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUM3QixPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQztRQUNsQyxDQUFDO1FBQ0QsTUFBTSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDckIsT0FBTyxJQUFJLENBQUMsbUJBQW1CLElBQUksRUFBRSxJQUFJLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFDbEQsQ0FBQztDQUNGIn0=

package/dist/cjs/src/platform/authorization/entity-identifiers.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.forEmail = forEmail;
+exports.forClientId = forClientId;
+exports.forUserName = forUserName;
+exports.forToken = forToken;
+exports.withRequestToken = withRequestToken;
+const protobuf_1 = require("@bufbuild/protobuf");
+const wkt_1 = require("@bufbuild/protobuf/wkt");
+const authorization_pb_js_1 = require("./v2/authorization_pb.js");
+const entity_pb_js_1 = require("../entity/entity_pb.js");
+/**
+ * Convenience constructors for {@link EntityIdentifier}, mirroring the Go SDK
+ * helpers (`ForEmail`, `ForClientID`, etc.).
+ *
+ * Each function builds a complete `EntityIdentifier` so callers avoid deeply
+ * nested object literals.
+ *
+ * @example
+ * ```ts
+ * // Before
+ * const eid = create(EntityIdentifierSchema, {
+ *   identifier: {
+ *     case: 'entityChain',
+ *     value: create(EntityChainSchema, {
+ *       entities: [create(EntitySchema, {
+ *         entityType: { case: 'emailAddress', value: 'jen@example.com' },
+ *         category: Entity_Category.SUBJECT,
+ *       })],
+ *     }),
+ *   },
+ * });
+ *
+ * // After
+ * const eid = forEmail('jen@example.com');
+ * ```
+ */
+/** Returns an EntityIdentifier for a subject identified by email address. */
+function forEmail(email) {
+    return fromEntity((0, protobuf_1.create)(entity_pb_js_1.EntitySchema, {
+        entityType: { case: 'emailAddress', value: email },
+        category: entity_pb_js_1.Entity_Category.SUBJECT,
+    }));
+}
+/** Returns an EntityIdentifier for a subject identified by client ID. */
+function forClientId(clientId) {
+    return fromEntity((0, protobuf_1.create)(entity_pb_js_1.EntitySchema, {
+        entityType: { case: 'clientId', value: clientId },
+        category: entity_pb_js_1.Entity_Category.SUBJECT,
+    }));
+}
+/** Returns an EntityIdentifier for a subject identified by username. */
+function forUserName(userName) {
+    return fromEntity((0, protobuf_1.create)(entity_pb_js_1.EntitySchema, {
+        entityType: { case: 'userName', value: userName },
+        category: entity_pb_js_1.Entity_Category.SUBJECT,
+    }));
+}
+/** Returns an EntityIdentifier that resolves the entity from the given JWT. */
+function forToken(jwt) {
+    return (0, protobuf_1.create)(authorization_pb_js_1.EntityIdentifierSchema, {
+        identifier: {
+            case: 'token',
+            value: (0, protobuf_1.create)(entity_pb_js_1.TokenSchema, { jwt }),
+        },
+    });
+}
+/**
+ * Returns an EntityIdentifier that instructs the authorization service to
+ * derive the entity from the request's Authorization header token.
+ */
+function withRequestToken() {
+    return (0, protobuf_1.create)(authorization_pb_js_1.EntityIdentifierSchema, {
+        identifier: {
+            case: 'withRequestToken',
+            value: (0, protobuf_1.create)(wkt_1.BoolValueSchema, { value: true }),
+        },
+    });
+}
+function fromEntity(entity) {
+    return (0, protobuf_1.create)(authorization_pb_js_1.EntityIdentifierSchema, {
+        identifier: {
+            case: 'entityChain',
+            value: (0, protobuf_1.create)(entity_pb_js_1.EntityChainSchema, { entities: [entity] }),
+        },
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW50aXR5LWlkZW50aWZpZXJzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vc3JjL3BsYXRmb3JtL2F1dGhvcml6YXRpb24vZW50aXR5LWlkZW50aWZpZXJzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBMENBLDRCQU9DO0FBR0Qsa0NBT0M7QUFHRCxrQ0FPQztBQUdELDRCQU9DO0FBTUQsNENBT0M7QUE1RkQsaURBQTRDO0FBQzVDLGdEQUF5RDtBQUN6RCxrRUFHa0M7QUFDbEMseURBTWdDO0FBRWhDOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBeUJHO0FBRUgsNkVBQTZFO0FBQzdFLFNBQWdCLFFBQVEsQ0FBQyxLQUFhO0lBQ3BDLE9BQU8sVUFBVSxDQUNmLElBQUEsaUJBQU0sRUFBQywyQkFBWSxFQUFFO1FBQ25CLFVBQVUsRUFBRSxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsS0FBSyxFQUFFLEtBQUssRUFBRTtRQUNsRCxRQUFRLEVBQUUsOEJBQWUsQ0FBQyxPQUFPO0tBQ2xDLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQztBQUVELHlFQUF5RTtBQUN6RSxTQUFnQixXQUFXLENBQUMsUUFBZ0I7SUFDMUMsT0FBTyxVQUFVLENBQ2YsSUFBQSxpQkFBTSxFQUFDLDJCQUFZLEVBQUU7UUFDbkIsVUFBVSxFQUFFLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsUUFBUSxFQUFFO1FBQ2pELFFBQVEsRUFBRSw4QkFBZSxDQUFDLE9BQU87S0FDbEMsQ0FBQyxDQUNILENBQUM7QUFDSixDQUFDO0FBRUQsd0VBQXdFO0FBQ3hFLFNBQWdCLFdBQVcsQ0FBQyxRQUFnQjtJQUMxQyxPQUFPLFVBQVUsQ0FDZixJQUFBLGlCQUFNLEVBQUMsMkJBQVksRUFBRTtRQUNuQixVQUFVLEVBQUUsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxRQUFRLEVBQUU7UUFDakQsUUFBUSxFQUFFLDhCQUFlLENBQUMsT0FBTztLQUNsQyxDQUFDLENBQ0gsQ0FBQztBQUNKLENBQUM7QUFFRCwrRUFBK0U7QUFDL0UsU0FBZ0IsUUFBUSxDQUFDLEdBQVc7SUFDbEMsT0FBTyxJQUFBLGlCQUFNLEVBQUMsNENBQXNCLEVBQUU7UUFDcEMsVUFBVSxFQUFFO1lBQ1YsSUFBSSxFQUFFLE9BQU87WUFDYixLQUFLLEVBQUUsSUFBQSxpQkFBTSxFQUFDLDBCQUFXLEVBQUUsRUFBRSxHQUFHLEVBQUUsQ0FBQztTQUNwQztLQUNGLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxTQUFnQixnQkFBZ0I7SUFDOUIsT0FBTyxJQUFBLGlCQUFNLEVBQUMsNENBQXNCLEVBQUU7UUFDcEMsVUFBVSxFQUFFO1lBQ1YsSUFBSSxFQUFFLGtCQUFrQjtZQUN4QixLQUFLLEVBQUUsSUFBQSxpQkFBTSxFQUFDLHFCQUFlLEVBQUUsRUFBRSxLQUFLLEVBQUUsSUFBSSxFQUFFLENBQUM7U0FDaEQ7S0FDRixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsU0FBUyxVQUFVLENBQUMsTUFBYztJQUNoQyxPQUFPLElBQUEsaUJBQU0sRUFBQyw0Q0FBc0IsRUFBRTtRQUNwQyxVQUFVLEVBQUU7WUFDVixJQUFJLEVBQUUsYUFBYTtZQUNuQixLQUFLLEVBQUUsSUFBQSxpQkFBTSxFQUFDLGdDQUFpQixFQUFFLEVBQUUsUUFBUSxFQUFFLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztTQUN6RDtLQUNGLENBQUMsQ0FBQztBQUNMLENBQUMifQ==

package/dist/cjs/src/platform.js

@@ -38,6 +38,7 @@ exports.PlatformClient = exports.platformConnect = exports.platformConnectWeb =
 exports.platformConnectWeb = __importStar(require("@connectrpc/connect-web"));
 exports.platformConnect = __importStar(require("@connectrpc/connect"));
 const connect_web_1 = require("@connectrpc/connect-web");
+const interceptors_js_1 = require("./auth/interceptors.js");
 const connect_1 = require("@connectrpc/connect");
 const wellknown_configuration_pb_js_1 = require("./platform/wellknownconfiguration/wellknown_configuration_pb.js");
 const authorization_pb_js_1 = require("./platform/authorization/authorization_pb.js");
@@ -82,8 +83,7 @@ class PlatformClient {
     constructor(options) {
         const interceptors = [];
         if (options.authProvider) {
-            const authInterceptor = createAuthInterceptor(options.authProvider);
-            interceptors.push(authInterceptor);
+            interceptors.push((0, interceptors_js_1.authProviderInterceptor)(options.authProvider));
         }
         if (options.interceptors?.length) {
             interceptors.push(...options.interceptors);
@@ -114,47 +114,4 @@ class PlatformClient {
     }
 }
 exports.PlatformClient = PlatformClient;
-/**
- * Creates an interceptor that adds authentication headers to outgoing requests.
- *
- * This function uses the provided `AuthProvider` to generate authentication credentials
- * for each request. The `AuthProvider` is expected to implement a `withCreds` method
- * that returns an object containing authentication headers. These headers are then
- * added to the request before it is sent to the server.
- *
- */
-function createAuthInterceptor(authProvider) {
-    const authInterceptor = (next) => async (req) => {
-        const url = new URL(req.url);
-        const pathOnly = url.pathname;
-        // Signs only the path of the url in the request
-        let token;
-        try {
-            token = await authProvider.withCreds({
-                url: pathOnly,
-                method: 'POST',
-                // Start with any headers Connect already has
-                headers: {
-                    ...Object.fromEntries(req.header.entries()),
-                    'Content-Type': 'application/json',
-                },
-            });
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            if (msg.includes('public key') || msg.includes('updateClientPublicKey')) {
-                throw new Error('PlatformClient: DPoP key binding is not complete. ' +
-                    'If you are using OpenTDF with PlatformClient, create OpenTDF first and ' +
-                    '`await client.ready` before constructing PlatformClient. ' +
-                    `Original error: ${msg}`);
-            }
-            throw err;
-        }
-        Object.entries(token.headers).forEach(([key, value]) => {
-            req.header.set(key, value);
-        });
-        return await next(req);
-    };
-    return authInterceptor;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhdGZvcm0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGxhdGZvcm0udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsK0JBQStCO0FBQy9CLDhFQUE4RDtBQUM5RCx1RUFBdUQ7QUFFdkQseURBQWlFO0FBR2pFLGlEQUF3RTtBQUN4RSxtSEFBbUc7QUFDbkcsc0ZBQW9GO0FBQ3BGLHlGQUFpSDtBQUNqSCxpR0FBOEY7QUFDOUYsd0RBQXlEO0FBQ3pELDJFQUF3RTtBQUN4RSxvRkFBa0Y7QUFDbEYscUhBQWdIO0FBQ2hILCtGQUE0RjtBQUM1Rix1RkFBK0Y7QUFDL0Ysb0ZBQWlGO0FBQ2pGLGlIQUE4RztBQUM5RyxxR0FBa0c7QUFDbEcsa0dBQStGO0FBQy9GLHdFQUFzRTtBQWdDdEU7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBdUJHO0FBRUgsTUFBYSxjQUFjO0lBSXpCLFlBQVksT0FBOEI7UUFDeEMsTUFBTSxZQUFZLEdBQWtCLEVBQUUsQ0FBQztRQUV2QyxJQUFJLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN6QixNQUFNLGVBQWUsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDcEUsWUFBWSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUNyQyxDQUFDO1FBRUQsSUFBSSxPQUFPLENBQUMsWUFBWSxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLElBQUEsb0NBQXNCLEVBQUM7WUFDdkMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxXQUFXO1lBQzVCLFlBQVk7U0FDYixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsRUFBRSxHQUFHO1lBQ1IsYUFBYSxFQUFFLElBQUEsc0JBQVksRUFBQywwQ0FBb0IsRUFBRSxTQUFTLENBQUM7WUFDNUQsZ0JBQWdCLEVBQUUsSUFBQSxzQkFBWSxFQUFDLGlEQUF1QixFQUFFLFNBQVMsQ0FBQztZQUNsRSxNQUFNLEVBQUUsSUFBQSxzQkFBWSxFQUFDLHlCQUFhLEVBQUUsU0FBUyxDQUFDO1lBQzlDLE1BQU0sRUFBRSxJQUFBLHNCQUFZLEVBQUMsNkJBQWEsRUFBRSxTQUFTLENBQUM7WUFDOUMsVUFBVSxFQUFFLElBQUEsc0JBQVksRUFBQyxvQ0FBaUIsRUFBRSxTQUFTLENBQUM7WUFDdEQsdUJBQXVCLEVBQUUsSUFBQSxzQkFBWSxFQUFDLGlFQUE4QixFQUFFLFNBQVMsQ0FBQztZQUNoRixhQUFhLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDJDQUFvQixFQUFFLFNBQVMsQ0FBQztZQUM1RCxTQUFTLEVBQUUsSUFBQSxzQkFBWSxFQUFDLG1DQUFnQixFQUFFLFNBQVMsQ0FBQztZQUNwRCxVQUFVLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDJCQUFpQixFQUFFLFNBQVMsQ0FBQztZQUN0RCxtQkFBbUIsRUFBRSxJQUFBLHNCQUFZLEVBQUMsdURBQTBCLEVBQUUsU0FBUyxDQUFDO1lBQ3hFLGVBQWUsRUFBRSxJQUFBLHNCQUFZLEVBQUMsK0NBQXNCLEVBQUUsU0FBUyxDQUFDO1lBQ2hFLGNBQWMsRUFBRSxJQUFBLHNCQUFZLEVBQUMsNkNBQXFCLEVBQUUsU0FBUyxDQUFDO1lBQzlELE1BQU0sRUFBRSxJQUFBLHNCQUFZLEVBQUMsNEJBQWEsRUFBRSxTQUFTLENBQUM7WUFDOUMsU0FBUyxFQUFFLElBQUEsc0JBQVksRUFBQyxnREFBZ0IsRUFBRSxTQUFTLENBQUM7U0FDckQsQ0FBQztRQUVGLElBQUksQ0FBQyxFQUFFLEdBQUc7WUFDUixhQUFhLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDBDQUFzQixFQUFFLFNBQVMsQ0FBQztTQUMvRCxDQUFDO0lBQ0osQ0FBQztDQUNGO0FBMUNELHdDQTBDQztBQUVEOzs7Ozs7OztHQVFHO0FBQ0gsU0FBUyxxQkFBcUIsQ0FBQyxZQUEwQjtJQUN2RCxNQUFNLGVBQWUsR0FBZ0IsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtRQUMzRCxNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDN0IsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQztRQUM5QixnREFBZ0Q7UUFDaEQsSUFBSSxLQUFLLENBQUM7UUFDVixJQUFJLENBQUM7WUFDSCxLQUFLLEdBQUcsTUFBTSxZQUFZLENBQUMsU0FBUyxDQUFDO2dCQUNuQyxHQUFHLEVBQUUsUUFBUTtnQkFDYixNQUFNLEVBQUUsTUFBTTtnQkFDZCw2Q0FBNkM7Z0JBQzdDLE9BQU8sRUFBRTtvQkFDUCxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsQ0FBQztvQkFDM0MsY0FBYyxFQUFFLGtCQUFrQjtpQkFDbkM7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sR0FBRyxHQUFHLEdBQUcsWUFBWSxLQUFLLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUM3RCxJQUFJLEdBQUcsQ0FBQyxRQUFRLENBQUMsWUFBWSxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsQ0FBQyx1QkFBdUIsQ0FBQyxFQUFFLENBQUM7Z0JBQ3hFLE1BQU0sSUFBSSxLQUFLLENBQ2Isb0RBQW9EO29CQUNsRCx5RUFBeUU7b0JBQ3pFLDJEQUEyRDtvQkFDM0QsbUJBQW1CLEdBQUcsRUFBRSxDQUMzQixDQUFDO1lBQ0osQ0FBQztZQUNELE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7WUFDckQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzdCLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUN6QixDQUFDLENBQUM7SUFDRixPQUFPLGVBQWUsQ0FBQztBQUN6QixDQUFDIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhdGZvcm0uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGxhdGZvcm0udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsK0JBQStCO0FBQy9CLDhFQUE4RDtBQUM5RCx1RUFBdUQ7QUFFdkQseURBQWlFO0FBRWpFLDREQUFpRTtBQUVqRSxpREFBd0U7QUFDeEUsbUhBQW1HO0FBQ25HLHNGQUFvRjtBQUNwRix5RkFBaUg7QUFDakgsaUdBQThGO0FBQzlGLHdEQUF5RDtBQUN6RCwyRUFBd0U7QUFDeEUsb0ZBQWtGO0FBQ2xGLHFIQUFnSDtBQUNoSCwrRkFBNEY7QUFDNUYsdUZBQStGO0FBQy9GLG9GQUFpRjtBQUNqRixpSEFBOEc7QUFDOUcscUdBQWtHO0FBQ2xHLGtHQUErRjtBQUMvRix3RUFBc0U7QUFtQ3RFOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXVCRztBQUVILE1BQWEsY0FBYztJQUl6QixZQUFZLE9BQThCO1FBQ3hDLE1BQU0sWUFBWSxHQUFrQixFQUFFLENBQUM7UUFFdkMsSUFBSSxPQUFPLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDekIsWUFBWSxDQUFDLElBQUksQ0FBQyxJQUFBLHlDQUF1QixFQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxJQUFJLE9BQU8sQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakMsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUM3QyxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsSUFBQSxvQ0FBc0IsRUFBQztZQUN2QyxPQUFPLEVBQUUsT0FBTyxDQUFDLFdBQVc7WUFDNUIsWUFBWTtTQUNiLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxFQUFFLEdBQUc7WUFDUixhQUFhLEVBQUUsSUFBQSxzQkFBWSxFQUFDLDBDQUFvQixFQUFFLFNBQVMsQ0FBQztZQUM1RCxnQkFBZ0IsRUFBRSxJQUFBLHNCQUFZLEVBQUMsaURBQXVCLEVBQUUsU0FBUyxDQUFDO1lBQ2xFLE1BQU0sRUFBRSxJQUFBLHNCQUFZLEVBQUMseUJBQWEsRUFBRSxTQUFTLENBQUM7WUFDOUMsTUFBTSxFQUFFLElBQUEsc0JBQVksRUFBQyw2QkFBYSxFQUFFLFNBQVMsQ0FBQztZQUM5QyxVQUFVLEVBQUUsSUFBQSxzQkFBWSxFQUFDLG9DQUFpQixFQUFFLFNBQVMsQ0FBQztZQUN0RCx1QkFBdUIsRUFBRSxJQUFBLHNCQUFZLEVBQUMsaUVBQThCLEVBQUUsU0FBUyxDQUFDO1lBQ2hGLGFBQWEsRUFBRSxJQUFBLHNCQUFZLEVBQUMsMkNBQW9CLEVBQUUsU0FBUyxDQUFDO1lBQzVELFNBQVMsRUFBRSxJQUFBLHNCQUFZLEVBQUMsbUNBQWdCLEVBQUUsU0FBUyxDQUFDO1lBQ3BELFVBQVUsRUFBRSxJQUFBLHNCQUFZLEVBQUMsMkJBQWlCLEVBQUUsU0FBUyxDQUFDO1lBQ3RELG1CQUFtQixFQUFFLElBQUEsc0JBQVksRUFBQyx1REFBMEIsRUFBRSxTQUFTLENBQUM7WUFDeEUsZUFBZSxFQUFFLElBQUEsc0JBQVksRUFBQywrQ0FBc0IsRUFBRSxTQUFTLENBQUM7WUFDaEUsY0FBYyxFQUFFLElBQUEsc0JBQVksRUFBQyw2Q0FBcUIsRUFBRSxTQUFTLENBQUM7WUFDOUQsTUFBTSxFQUFFLElBQUEsc0JBQVksRUFBQyw0QkFBYSxFQUFFLFNBQVMsQ0FBQztZQUM5QyxTQUFTLEVBQUUsSUFBQSxzQkFBWSxFQUFDLGdEQUFnQixFQUFFLFNBQVMsQ0FBQztTQUNyRCxDQUFDO1FBRUYsSUFBSSxDQUFDLEVBQUUsR0FBRztZQUNSLGFBQWEsRUFBRSxJQUFBLHNCQUFZLEVBQUMsMENBQXNCLEVBQUUsU0FBUyxDQUFDO1NBQy9ELENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF6Q0Qsd0NBeUNDIn0=