@passflow/core 0.2.0 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/index.js +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +936 -708
  4. package/dist/index.mjs.map +1 -1
  5. package/dist/lib/api/axios-client.d.ts.map +1 -1
  6. package/dist/lib/api/model.d.ts +68 -1
  7. package/dist/lib/api/model.d.ts.map +1 -1
  8. package/dist/lib/api/two-factor.d.ts +51 -1
  9. package/dist/lib/api/two-factor.d.ts.map +1 -1
  10. package/dist/lib/m2m/client.d.ts.map +1 -1
  11. package/dist/lib/passflow.d.ts.map +1 -1
  12. package/dist/lib/services/auth-service.d.ts +1 -1
  13. package/dist/lib/services/auth-service.d.ts.map +1 -1
  14. package/dist/lib/services/two-factor-service.d.ts +41 -1
  15. package/dist/lib/services/two-factor-service.d.ts.map +1 -1
  16. package/dist/lib/storage/index.d.ts +10 -0
  17. package/dist/lib/storage/index.d.ts.map +1 -1
  18. package/dist/lib/store.d.ts +17 -1
  19. package/dist/lib/store.d.ts.map +1 -1
  20. package/dist/{tsconfig.tsbuildinfo → tsconfig.build.tsbuildinfo} +1 -1
  21. package/package.json +4 -5
  22. package/dist/tests/storage/fake-storage.d.ts +0 -7
  23. package/dist/tests/storage/fake-storage.d.ts.map +0 -1
  24. package/dist/tests/storage/storage-manager.test.d.ts +0 -2
  25. package/dist/tests/storage/storage-manager.test.d.ts.map +0 -1
package/dist/index.mjs CHANGED
@@ -1,20 +1,20 @@
1
- import D from "axios";
1
+ import F from "axios";
2
2
  import { v4 as H } from "uuid";
3
3
  import { startRegistration as K, startAuthentication as j } from "@simplewebauthn/browser";
4
- const z = "0.1.47", X = {
4
+ const z = "0.2.10", X = {
5
5
  version: z
6
- }, C = "X-Passflow-Clientid", _ = "Authorization", W = "X-Passflow-DeviceId", J = "X-Passflow-DeviceType", Z = X.version, Ne = ["id", "offline", "openid"], Q = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], G = "https://auth.passflow.cloud", Ke = "default", ee = 500, te = 600, se = 100, re = 6e4, V = 30, ie = 3, oe = 30, ne = 200, ae = (i) => {
6
+ }, C = "X-Passflow-Clientid", I = "Authorization", W = "X-Passflow-DeviceId", J = "X-Passflow-DeviceType", Z = X.version, Ne = ["id", "offline", "openid"], Q = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], V = "https://auth.passflow.cloud", Ke = "default", ee = 500, te = 600, re = 100, se = 6e4, G = 30, ie = 3, oe = 30, ne = 200, ae = (i) => {
7
7
  const e = [];
8
8
  let t;
9
9
  for (t in i) {
10
- const s = i[t];
11
- if (s === void 0)
10
+ const r = i[t];
11
+ if (r === void 0)
12
12
  continue;
13
- const r = { tenant: { id: s.tenant_id, name: s.tenant_name } };
14
- r.groups = s.groups ? Object.keys(s.groups).map((o) => {
15
- const n = s.groups[o] || [];
16
- return { group: { id: o, name: s.group_names?.[o] ?? "unknown" }, roles: n };
17
- }) : [], r.tenantRoles = r.groups?.find((o) => o.group.id === s.root_group_id), e.push(r);
13
+ const s = { tenant: { id: r.tenant_id, name: r.tenant_name } };
14
+ s.groups = r.groups ? Object.keys(r.groups).map((o) => {
15
+ const n = r.groups[o] || [];
16
+ return { group: { id: o, name: r.group_names?.[o] ?? "unknown" }, roles: n };
17
+ }) : [], s.tenantRoles = s.groups?.find((o) => o.group.id === r.root_group_id), e.push(s);
18
18
  }
19
19
  return { raw: i, tenants: e };
20
20
  };
@@ -38,8 +38,8 @@ class he {
38
38
  isTokenTypeExpired(e) {
39
39
  const t = this.storageManager.getToken(e);
40
40
  if (!t) return !0;
41
- const s = y(t);
42
- return s ? S(s) : !0;
41
+ const r = v(t);
42
+ return r ? S(r) : !0;
43
43
  }
44
44
  /**
45
45
  * Parse token from storage by type.
@@ -51,22 +51,22 @@ class he {
51
51
  parseTokenType(e) {
52
52
  const t = this.storageManager.getToken(e);
53
53
  if (t)
54
- return y(t);
54
+ return v(t);
55
55
  }
56
56
  }
57
- function S(i, e = V) {
57
+ function S(i, e = G) {
58
58
  return Math.floor(Date.now() / 1e3) + e > i.exp;
59
59
  }
60
- function y(i) {
60
+ function v(i) {
61
61
  const e = i.split(".")[1];
62
62
  if (!e) throw new Error("Invalid token string");
63
- const t = e.replace(/-/g, "+").replace(/_/g, "/"), s = t + "=".repeat((4 - t.length % 4) % 4), r = ce(s), o = decodeURIComponent(
64
- r.split("").map((d) => "%" + ("00" + d.charCodeAt(0).toString(16)).slice(-2)).join("")
63
+ const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = t + "=".repeat((4 - t.length % 4) % 4), s = ce(r), o = decodeURIComponent(
64
+ s.split("").map((d) => "%" + ("00" + d.charCodeAt(0).toString(16)).slice(-2)).join("")
65
65
  ), n = JSON.parse(o);
66
66
  return n.membership = n.passflow_tm && n.type !== "invite" ? ae(n.passflow_tm) : void 0, n;
67
67
  }
68
- var k = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i.two_factor = "2fa", i))(k || {}), v = /* @__PURE__ */ ((i) => (i.JsonBody = "json_body", i.Cookie = "cookie", i.Mobile = "mobile", i.BFF = "bff", i))(v || {}), q = /* @__PURE__ */ ((i) => (i.Unknown = "unknown", i.Valid = "valid", i.Invalid = "invalid", i))(q || {});
69
- class B {
68
+ var p = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i.two_factor = "2fa", i))(p || {}), y = /* @__PURE__ */ ((i) => (i.JsonBody = "json_body", i.Cookie = "cookie", i.Mobile = "mobile", i.BFF = "bff", i))(y || {}), q = /* @__PURE__ */ ((i) => (i.Unknown = "unknown", i.Valid = "valid", i.Invalid = "invalid", i))(q || {});
69
+ class Y {
70
70
  constructor(e) {
71
71
  this.storageManager = e, this.mode = "json_body", this.sessionState = "unknown", this.isInitializedFlag = !1, this.STORAGE_PREFIX = "passflow_", this.DELIVERY_MODE_KEY = `${this.STORAGE_PREFIX}delivery_mode`, this.SESSION_STATE_KEY = `${this.STORAGE_PREFIX}session_state`, this.loadPersistedMode(), this.loadPersistedSessionState();
72
72
  }
@@ -166,7 +166,7 @@ class B {
166
166
  loadPersistedMode() {
167
167
  try {
168
168
  const e = this.storageManager.storage.getItem(this.DELIVERY_MODE_KEY);
169
- e && Object.values(v).includes(e) && (this.mode = e, this.isInitializedFlag = !0);
169
+ e && Object.values(y).includes(e) && (this.mode = e, this.isInitializedFlag = !0);
170
170
  } catch {
171
171
  }
172
172
  }
@@ -227,8 +227,8 @@ class $ {
227
227
  * In JSON mode: save all tokens (existing behavior)
228
228
  */
229
229
  saveTokens(e, t) {
230
- const { id_token: s, access_token: r, refresh_token: o, scopes: n } = e;
231
- t === v.Cookie || t === v.BFF ? s && this.storage.setItem(this.ID_TOKEN_KEY, s) : (s && this.storage.setItem(this.getKeyForTokenType(k.id_token), s), r && this.storage.setItem(this.getKeyForTokenType(k.access_token), r), o && this.storage.setItem(this.getKeyForTokenType(k.refresh_token), o), n && this.storage.setItem(this.scopes, n.join(",")));
230
+ const { id_token: r, access_token: s, refresh_token: o, scopes: n } = e;
231
+ t === y.Cookie || t === y.BFF ? r && this.storage.setItem(this.ID_TOKEN_KEY, r) : (r && this.storage.setItem(this.getKeyForTokenType(p.id_token), r), s && this.storage.setItem(this.getKeyForTokenType(p.access_token), s), o && this.storage.setItem(this.getKeyForTokenType(p.refresh_token), o), n && this.storage.setItem(this.scopes, n.join(",")));
232
232
  }
233
233
  getToken(e) {
234
234
  const t = this.getKeyForTokenType(e);
@@ -241,31 +241,45 @@ class $ {
241
241
  */
242
242
  getTokens() {
243
243
  const e = this.getDeliveryMode();
244
- if (e === v.Cookie || e === v.BFF) {
245
- const s = this.storage.getItem(this.ID_TOKEN_KEY);
246
- return s ? {
247
- id_token: s
244
+ if (e === y.Cookie || e === y.BFF) {
245
+ const r = this.storage.getItem(this.ID_TOKEN_KEY);
246
+ return r ? {
247
+ id_token: r
248
248
  // access_token and refresh_token are in HttpOnly cookies, not localStorage
249
249
  } : void 0;
250
250
  }
251
- const t = this.storage.getItem(this.getKeyForTokenType(k.access_token));
251
+ const t = this.storage.getItem(this.getKeyForTokenType(p.access_token));
252
252
  if (t)
253
253
  return {
254
254
  access_token: t,
255
- id_token: this.storage.getItem(this.getKeyForTokenType(k.id_token)) ?? void 0,
256
- refresh_token: this.storage.getItem(this.getKeyForTokenType(k.refresh_token)) ?? void 0,
255
+ id_token: this.storage.getItem(this.getKeyForTokenType(p.id_token)) ?? void 0,
256
+ refresh_token: this.storage.getItem(this.getKeyForTokenType(p.refresh_token)) ?? void 0,
257
257
  scopes: this.storage.getItem(this.scopes)?.split(",") ?? void 0
258
258
  };
259
259
  }
260
260
  getScopes() {
261
261
  return this.storage.getItem(this.scopes)?.split(",") ?? void 0;
262
262
  }
263
+ /**
264
+ * Check if JSON mode tokens exist in storage (ignores delivery mode)
265
+ * Used to detect stale state where delivery_mode is set but JSON tokens exist
266
+ */
267
+ hasJsonModeTokens() {
268
+ return !!this.storage.getItem(this.getKeyForTokenType(p.access_token));
269
+ }
270
+ /**
271
+ * Check if cookie mode ID token exists in storage
272
+ * Used to detect legitimate cookie/BFF mode sessions
273
+ */
274
+ hasCookieModeIdToken() {
275
+ return !!this.storage.getItem(this.ID_TOKEN_KEY);
276
+ }
263
277
  deleteToken(e) {
264
278
  const t = this.getKeyForTokenType(e);
265
279
  this.storage.removeItem(t);
266
280
  }
267
281
  deleteTokens() {
268
- this.storage.removeItem(this.getKeyForTokenType(k.id_token)), this.storage.removeItem(this.getKeyForTokenType(k.access_token)), this.storage.removeItem(this.getKeyForTokenType(k.refresh_token)), this.storage.removeItem(this.scopes), this.clearIdToken();
282
+ this.storage.removeItem(this.getKeyForTokenType(p.id_token)), this.storage.removeItem(this.getKeyForTokenType(p.access_token)), this.storage.removeItem(this.getKeyForTokenType(p.refresh_token)), this.storage.removeItem(this.scopes), this.clearIdToken(), this.clearDeliveryMode(), this.clearCsrfToken();
269
283
  }
270
284
  getDeviceId() {
271
285
  return this.storage.getItem(this.deviceId) ?? void 0;
@@ -310,7 +324,7 @@ class $ {
310
324
  getDeliveryMode() {
311
325
  try {
312
326
  const e = this.storage.getItem(this.DELIVERY_MODE_KEY);
313
- if (e && Object.values(v).includes(e))
327
+ if (e && Object.values(y).includes(e))
314
328
  return e;
315
329
  } catch {
316
330
  }
@@ -386,7 +400,7 @@ class $ {
386
400
  return `${this.keyStoragePrefix}${e}`;
387
401
  }
388
402
  }
389
- class Y {
403
+ class B {
390
404
  constructor(e) {
391
405
  this.storageManager = e ?? new $();
392
406
  }
@@ -402,31 +416,31 @@ class Y {
402
416
  return H();
403
417
  }
404
418
  }
405
- var E = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(E || {}), h = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.validateSession = "/user/me", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i.twoFactor = "/user/2fa", i.twoFactorStatus = "/user/2fa/status", i.twoFactorSetupBegin = "/user/2fa/setup/begin", i.twoFactorSetupConfirm = "/user/2fa/setup/confirm", i.twoFactorVerify = "/auth/2fa/verify", i.twoFactorRecovery = "/auth/2fa/recovery", i.twoFactorRegenerateCodes = "/user/2fa/recovery-codes/regenerate", i.twoFactorSetupMagicLink = "/auth/2fa-setup", i))(h || {}), w = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(w || {});
419
+ var E = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(E || {}), c = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.validateSession = "/user/me", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i.twoFactor = "/user/2fa", i.twoFactorStatus = "/user/2fa/status", i.twoFactorSetupBegin = "/user/2fa/setup/begin", i.twoFactorSetupConfirm = "/user/2fa/setup/confirm", i.twoFactorVerify = "/auth/2fa/verify", i.twoFactorRecovery = "/auth/2fa/recovery", i.twoFactorRegenerateCodes = "/user/2fa/recovery-codes/regenerate", i.twoFactorSetupMagicLink = "/auth/2fa-setup", i.TwoFactorMethodsAvailable = "/v2/user/2fa/methods/available", i.TwoFactorMethodsRegistered = "/v2/user/2fa/methods", i.TwoFactorMethodSetupBegin = "/v2/user/2fa/methods/:method/setup/begin", i.TwoFactorMethodSetupConfirm = "/v2/user/2fa/methods/:method/setup/confirm", i.TwoFactorMethodRemove = "/v2/user/2fa/methods/:id", i.TwoFactorChallenge = "/v2/auth/2fa/challenge", i.TwoFactorVerifyV2 = "/v2/auth/2fa/verify", i.TwoFactorAlternative = "/v2/auth/2fa/alternative", i.TwoFactorTrustedDevices = "/v2/user/2fa/trusted-devices", i.TwoFactorTrustedDeviceRevoke = "/v2/user/2fa/trusted-devices/:id", i))(c || {}), T = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(T || {});
406
420
  class u extends Error {
407
421
  constructor(e) {
408
422
  super(), this.id = e?.id ?? "unknown", this.message = e?.message ?? e ?? "Something went wrong", this.status = e?.status ?? 500, this.location = e?.location ?? "unknown", this.time = e?.time ?? (/* @__PURE__ */ new Date()).toISOString();
409
423
  }
410
424
  }
411
- var de = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(de || {}), I = /* @__PURE__ */ ((i) => (i.web = "web", i))(I || {});
412
- function A(i, e) {
425
+ var de = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(de || {}), b = /* @__PURE__ */ ((i) => (i.web = "web", i))(b || {});
426
+ function m(i, e) {
413
427
  let t = i;
414
- return Object.entries(e).forEach(([s, r]) => {
415
- t = t.replace(`:${s}`, r);
428
+ return Object.entries(e).forEach(([r, s]) => {
429
+ t = t.replace(`:${r}`, s);
416
430
  }), t;
417
431
  }
418
432
  var ue = /* @__PURE__ */ ((i) => (i.Disabled = "disabled", i.Optional = "optional", i.Required = "required", i))(ue || {});
419
433
  const le = 3, ge = 1e3;
420
- class T {
421
- constructor(e, t, s) {
434
+ class _ {
435
+ constructor(e, t, r) {
422
436
  this.refreshPromise = null, this.isRefreshing = !1, this.origin = typeof window < "u" ? window.location.origin : "", this.defaultHeaders = {
423
437
  Accept: "application/json",
424
438
  "Content-Type": "application/json"
425
439
  }, this.nonAccessTokenEndpoints = ["/auth/", "/settings", "/settings/"], this.protectedEndpoints = ["logout", "refresh"];
426
- const { url: r, appId: o, keyStoragePrefix: n } = e;
427
- this.url = r || G, this.storageManager = t ?? new $({
440
+ const { url: s, appId: o, keyStoragePrefix: n } = e;
441
+ this.url = s || V, this.storageManager = t ?? new $({
428
442
  prefix: n ?? ""
429
- }), this.deviceService = s ?? new Y(this.storageManager), this.tokenService = new he(this.storageManager), this.tokenDeliveryManager = new B(this.storageManager), o && (this.appId = o, this.defaultHeaders = {
443
+ }), this.deviceService = r ?? new B(this.storageManager), this.tokenService = new he(this.storageManager), this.tokenDeliveryManager = new Y(this.storageManager), o && (this.appId = o, this.defaultHeaders = {
430
444
  ...this.defaultHeaders,
431
445
  [C]: o
432
446
  });
@@ -435,49 +449,49 @@ class T {
435
449
  ...this.defaultHeaders,
436
450
  [W]: d,
437
451
  [J]: "web"
438
- }, this.detectCookieSupport(), this.instance = D.create({
452
+ }, this.detectCookieSupport(), this.instance = F.create({
439
453
  baseURL: this.url,
440
454
  headers: { ...this.defaultHeaders }
441
- }), this.instance.interceptors.request.use(async (c) => {
442
- if (this.isNonAuthEndpoint(c.url))
443
- return c;
455
+ }), this.instance.interceptors.request.use(async (h) => {
456
+ if (this.isNonAuthEndpoint(h.url))
457
+ return h;
444
458
  if (this.tokenDeliveryManager.isCookieMode()) {
445
- c.withCredentials = !0;
446
- const p = this.storageManager.getCsrfToken();
447
- return p && (c.headers["X-CSRF-Token"] = p), c;
459
+ h.withCredentials = !0;
460
+ const f = this.storageManager.getCsrfToken();
461
+ return f && (h.headers["X-CSRF-Token"] = f), h;
448
462
  }
449
- if (c.url?.includes("refresh")) {
463
+ if (h.url?.includes("refresh")) {
450
464
  if (this.isRefreshing) {
451
- const p = new AbortController();
452
- return p.abort(), c.signal = p.signal, c;
465
+ const f = new AbortController();
466
+ return f.abort(), h.signal = f.signal, h;
453
467
  }
454
- return c;
468
+ return h;
455
469
  }
456
470
  const g = this.storageManager.getTokens();
457
471
  if (g?.access_token) {
458
- const p = y(g.access_token);
459
- if (S(p, V) && g.refresh_token)
472
+ const f = v(g.access_token);
473
+ if (S(f, G) && g.refresh_token)
460
474
  try {
461
475
  if (this.refreshPromise) {
462
- const f = await this.refreshPromise;
463
- return f?.data?.access_token && (c.headers[_] = `Bearer ${f.data.access_token}`), c;
476
+ const k = await this.refreshPromise;
477
+ return k?.data?.access_token && (h.headers[I] = `Bearer ${k.data.access_token}`), h;
464
478
  }
465
479
  this.refreshPromise = this.refreshTokens();
466
480
  try {
467
- const f = await this.refreshPromise;
468
- return f?.data?.access_token && (c.headers[_] = `Bearer ${f.data.access_token}`), c;
481
+ const k = await this.refreshPromise;
482
+ return k?.data?.access_token && (h.headers[I] = `Bearer ${k.data.access_token}`), h;
469
483
  } finally {
470
484
  this.refreshPromise = null;
471
485
  }
472
- } catch (f) {
473
- return this.refreshPromise = null, this.isRefreshing = !1, this.storageManager.deleteTokens(), Promise.reject(f);
486
+ } catch (k) {
487
+ return this.refreshPromise = null, this.isRefreshing = !1, this.storageManager.deleteTokens(), Promise.reject(k);
474
488
  }
475
- return c.headers[_] = `Bearer ${g.access_token}`, c;
489
+ return h.headers[I] = `Bearer ${g.access_token}`, h;
476
490
  }
477
- return c;
491
+ return h;
478
492
  }), this.instance.interceptors.response.use(
479
- (c) => c,
480
- async (c) => (c.response?.status === 401 && this.tokenDeliveryManager.setSessionInvalid(), c.response?.status === 429 ? await this.handleRateLimitError(c) : this.handleAxiosError(c))
493
+ (h) => h,
494
+ async (h) => (h.response?.status === 401 && this.tokenDeliveryManager.setSessionInvalid(), h.response?.status === 429 ? await this.handleRateLimitError(h) : this.handleAxiosError(h))
481
495
  );
482
496
  }
483
497
  isProtectedEndpoint(e) {
@@ -495,7 +509,7 @@ class T {
495
509
  try {
496
510
  document.cookie = "passflow_test=1; SameSite=Lax";
497
511
  const e = document.cookie.indexOf("passflow_test=1") !== -1;
498
- document.cookie = "passflow_test=; expires=Thu, 01 Jan 1970 00:00:00 UTC", !e && this.tokenDeliveryManager.isCookieMode() && console.warn("[Passflow SDK] Cookies are blocked. Cookie mode may not work.");
512
+ document.cookie = "passflow_test=; expires=Thu, 01 Jan 1970 00:00:00 UTC", !e && this.tokenDeliveryManager.isCookieMode();
499
513
  } catch {
500
514
  }
501
515
  }
@@ -506,7 +520,7 @@ class T {
506
520
  async refreshTokens() {
507
521
  if (this.tokenDeliveryManager.isCookieMode()) {
508
522
  const e = await this.instance.post(
509
- h.refresh,
523
+ c.refresh,
510
524
  {},
511
525
  // Empty body
512
526
  { withCredentials: !0 }
@@ -517,23 +531,23 @@ class T {
517
531
  if (!e?.refresh_token)
518
532
  throw new Error("No refresh token available");
519
533
  this.isRefreshing = !0;
520
- const s = {
534
+ const r = {
521
535
  refresh_token: e.refresh_token,
522
536
  scopes: t
523
- }, r = await this.instance.post(h.refresh, s, {
537
+ }, s = await this.instance.post(c.refresh, r, {
524
538
  headers: {
525
- [_]: `Bearer ${e.refresh_token}`
539
+ [I]: `Bearer ${e.refresh_token}`
526
540
  }
527
541
  });
528
- return r.data && this.storageManager.saveTokens(r.data), this.isRefreshing = !1, r;
542
+ return s.data && this.storageManager.saveTokens(s.data), this.isRefreshing = !1, s;
529
543
  }
530
544
  }
531
545
  async handleRateLimitError(e) {
532
546
  const t = e.config;
533
547
  if (!t)
534
548
  return Promise.reject(e);
535
- const s = t.method?.toUpperCase();
536
- if (!["GET", "HEAD", "OPTIONS"].includes(s || ""))
549
+ const r = t.method?.toUpperCase();
550
+ if (!["GET", "HEAD", "OPTIONS"].includes(r || ""))
537
551
  return Promise.reject(e);
538
552
  const o = t._retryCount || 0;
539
553
  if (o >= le)
@@ -541,25 +555,25 @@ class T {
541
555
  let n = ge * Math.pow(2, o);
542
556
  const d = e.response?.headers?.["retry-after"];
543
557
  if (d) {
544
- const c = Number.parseInt(d, 10);
545
- if (!Number.isNaN(c))
546
- n = c * 1e3;
558
+ const h = Number.parseInt(d, 10);
559
+ if (!Number.isNaN(h))
560
+ n = h * 1e3;
547
561
  else {
548
562
  const g = new Date(d);
549
563
  Number.isNaN(g.getTime()) || (n = Math.max(0, g.getTime() - Date.now()));
550
564
  }
551
565
  }
552
- return await new Promise((c) => setTimeout(c, n)), t._retryCount = o + 1, this.instance.request(t);
566
+ return await new Promise((h) => setTimeout(h, n)), t._retryCount = o + 1, this.instance.request(t);
553
567
  }
554
568
  // eslint-disable-next-line complexity
555
569
  // biome-ignore lint/suspicious/useAwait: <explanation>
556
570
  async handleAxiosError(e) {
557
571
  if (!e.response)
558
572
  return Promise.reject(e);
559
- const t = e.response.status, s = e.response.data;
560
- if ("error" in s && typeof s.error == "object" && s.error !== null) {
561
- const { error: r } = s;
562
- return Promise.reject(new u(r));
573
+ const t = e.response.status, r = e.response.data;
574
+ if ("error" in r && typeof r.error == "object" && r.error !== null) {
575
+ const { error: s } = r;
576
+ return Promise.reject(new u(s));
563
577
  }
564
578
  return Promise.reject(
565
579
  new u({
@@ -571,24 +585,24 @@ class T {
571
585
  })
572
586
  );
573
587
  }
574
- async send(e, t, s) {
588
+ async send(e, t, r) {
575
589
  return (await this.instance.request({
576
590
  method: e,
577
591
  url: t,
578
- ...s
592
+ ...r
579
593
  })).data;
580
594
  }
581
595
  get(e, t) {
582
596
  return this.send(E.GET, e, t);
583
597
  }
584
- post(e, t, s) {
585
- return this.send(E.POST, e, { data: t, ...s });
598
+ post(e, t, r) {
599
+ return this.send(E.POST, e, { data: t, ...r });
586
600
  }
587
- put(e, t, s) {
588
- return this.send(E.PUT, e, { data: t, ...s });
601
+ put(e, t, r) {
602
+ return this.send(E.PUT, e, { data: t, ...r });
589
603
  }
590
- patch(e, t, s) {
591
- return this.send(E.PATCH, e, { data: t, ...s });
604
+ patch(e, t, r) {
605
+ return this.send(E.PATCH, e, { data: t, ...r });
592
606
  }
593
607
  delete(e, t) {
594
608
  return this.send(E.DELETE, e, t);
@@ -607,151 +621,151 @@ class T {
607
621
  }
608
622
  }
609
623
  class pe {
610
- constructor(e, t, s) {
611
- this.axiosClient = new T(e, t, s);
624
+ constructor(e, t, r) {
625
+ this.axiosClient = new _(e, t, r);
612
626
  }
613
627
  setAppId(e) {
614
628
  this.axiosClient.setAppId(e);
615
629
  }
616
630
  getAppSettings() {
617
- return this.axiosClient.get(h.appSettings);
631
+ return this.axiosClient.get(c.appSettings);
618
632
  }
619
633
  }
620
634
  class fe {
621
- constructor(e, t, s) {
622
- this.axiosClient = new T(e, t, s);
635
+ constructor(e, t, r) {
636
+ this.axiosClient = new _(e, t, r);
623
637
  }
624
638
  setAppId(e) {
625
639
  this.axiosClient.setAppId(e);
626
640
  }
627
- refreshToken(e, t, s) {
628
- const r = {
629
- access: s,
641
+ refreshToken(e, t, r) {
642
+ const s = {
643
+ access: r,
630
644
  scopes: t
631
645
  };
632
- return this.axiosClient.post(h.refresh, r, {
646
+ return this.axiosClient.post(c.refresh, s, {
633
647
  headers: {
634
- [_]: `Bearer ${e}`
648
+ [I]: `Bearer ${e}`
635
649
  }
636
650
  });
637
651
  }
638
- signIn(e, t, s) {
639
- const r = {
652
+ signIn(e, t, r) {
653
+ const s = {
640
654
  ...e,
641
655
  device: t,
642
- os: s
656
+ os: r
643
657
  };
644
658
  return this.axiosClient.post(
645
- h.signin,
646
- r
659
+ c.signin,
660
+ s
647
661
  );
648
662
  }
649
663
  signUp(e) {
650
- const { create_tenant: t, anonymous: s } = e, r = {
664
+ const { create_tenant: t, anonymous: r } = e, s = {
651
665
  ...e,
652
666
  create_tenant: t ?? !1,
653
- anonymous: s ?? !1
667
+ anonymous: r ?? !1
654
668
  };
655
669
  return this.axiosClient.post(
656
- h.signup,
657
- r
670
+ c.signup,
671
+ s
658
672
  );
659
673
  }
660
- passwordlessSignIn(e, t, s) {
661
- const { create_tenant: r } = e, o = {
674
+ passwordlessSignIn(e, t, r) {
675
+ const { create_tenant: s } = e, o = {
662
676
  ...e,
663
- create_tenant: r ?? !1,
677
+ create_tenant: s ?? !1,
664
678
  device: t,
665
- os: s
679
+ os: r
666
680
  };
667
681
  return this.axiosClient.post(
668
- h.passwordless,
682
+ c.passwordless,
669
683
  o
670
684
  );
671
685
  }
672
686
  passwordlessSignInComplete(e) {
673
687
  return this.axiosClient.post(
674
- h.passwordlessComplete,
688
+ c.passwordlessComplete,
675
689
  e
676
690
  );
677
691
  }
678
- logOut(e, t, s = !1) {
679
- const r = s ? void 0 : { refresh_token: t, device: e }, o = s ? w.logout : h.logout;
680
- return this.axiosClient.post(o, r);
692
+ logOut(e, t, r = !1) {
693
+ const s = r ? void 0 : { refresh_token: t, device: e }, o = r ? T.logout : c.logout;
694
+ return this.axiosClient.post(o, s);
681
695
  }
682
696
  validateSession() {
683
- return this.axiosClient.get(h.validateSession);
697
+ return this.axiosClient.get(c.validateSession);
684
698
  }
685
699
  sendPasswordResetEmail(e) {
686
700
  return this.axiosClient.post(
687
- h.sendPasswordResetEmail,
701
+ c.sendPasswordResetEmail,
688
702
  e
689
703
  );
690
704
  }
691
- resetPassword(e, t, s) {
692
- const r = {
705
+ resetPassword(e, t, r) {
706
+ const s = {
693
707
  password: e,
694
708
  scopes: t
695
709
  };
696
- return this.axiosClient.post(h.resetPassword, r, {
710
+ return this.axiosClient.post(c.resetPassword, s, {
697
711
  headers: {
698
- [_]: `Bearer ${s}`,
712
+ [I]: `Bearer ${r}`,
699
713
  [C]: void 0
700
714
  }
701
715
  });
702
716
  }
703
- passkeyRegisterStart(e, t, s, r = !1) {
717
+ passkeyRegisterStart(e, t, r, s = !1) {
704
718
  const { create_tenant: o } = e, n = {
705
719
  ...e,
706
720
  create_tenant: o ?? !1,
707
721
  device: t,
708
- os: s
709
- }, d = r ? w.passkeyRegisterStart : h.passkeyRegisterStart;
722
+ os: r
723
+ }, d = s ? T.passkeyRegisterStart : c.passkeyRegisterStart;
710
724
  return this.axiosClient.post(d, n);
711
725
  }
712
- passkeyRegisterComplete(e, t, s, r = !1) {
726
+ passkeyRegisterComplete(e, t, r, s = !1) {
713
727
  const o = {
714
- challenge_id: s,
728
+ challenge_id: r,
715
729
  device: t,
716
730
  passkey_data: e
717
- }, n = r ? w.passkeyRegisterComplete : h.passkeyRegisterComplete;
731
+ }, n = s ? T.passkeyRegisterComplete : c.passkeyRegisterComplete;
718
732
  return this.axiosClient.post(n, o);
719
733
  }
720
- passkeyAuthenticateStart(e, t, s, r = !1) {
734
+ passkeyAuthenticateStart(e, t, r, s = !1) {
721
735
  const o = {
722
736
  ...e,
723
737
  user_id: e.user_id ?? "",
724
738
  device: t,
725
- os: s
726
- }, n = r ? w.passkeyAuthenticateStart : h.passkeyAuthenticateStart;
739
+ os: r
740
+ }, n = s ? T.passkeyAuthenticateStart : c.passkeyAuthenticateStart;
727
741
  return this.axiosClient.post(
728
742
  n,
729
743
  o
730
744
  );
731
745
  }
732
- passkeyAuthenticateComplete(e, t, s, r = !1) {
746
+ passkeyAuthenticateComplete(e, t, r, s = !1) {
733
747
  const o = {
734
- challenge_id: s,
748
+ challenge_id: r,
735
749
  device: t,
736
750
  passkey_data: e
737
- }, n = r ? w.passkeyAuthenticateComplete : h.passkeyAuthenticateComplete;
751
+ }, n = s ? T.passkeyAuthenticateComplete : c.passkeyAuthenticateComplete;
738
752
  return this.axiosClient.post(n, o);
739
753
  }
740
- passkeyValidate(e, t, s, r = !1, o) {
754
+ passkeyValidate(e, t, r, s = !1, o) {
741
755
  const n = {
742
756
  otp: e,
743
757
  device: t,
744
- challenge_id: s
758
+ challenge_id: r
745
759
  };
746
- let d = h.passkeyValidate;
747
- !o && r && (d = w.passkeyValidate);
748
- const c = o ? { [C]: o } : {};
749
- return this.axiosClient.post(d, n, { headers: c });
760
+ let d = c.passkeyValidate;
761
+ !o && s && (d = T.passkeyValidate);
762
+ const h = o ? { [C]: o } : {};
763
+ return this.axiosClient.post(d, n, { headers: h });
750
764
  }
751
765
  }
752
766
  class ke {
753
- constructor(e, t, s) {
754
- this.axiosClient = new T(e, t, s);
767
+ constructor(e, t, r) {
768
+ this.axiosClient = new _(e, t, r);
755
769
  }
756
770
  setAppId(e) {
757
771
  this.axiosClient.setAppId(e);
@@ -763,7 +777,7 @@ class ke {
763
777
  */
764
778
  requestInviteLink(e) {
765
779
  return this.axiosClient.post(
766
- h.requestInvitation,
780
+ c.requestInvitation,
767
781
  e
768
782
  );
769
783
  }
@@ -775,12 +789,12 @@ class ke {
775
789
  getInvitations(e) {
776
790
  const t = {};
777
791
  e.groupID && (t.group_id = e.groupID.toString()), e.skip !== void 0 && (t.skip = e.skip.toString()), e.limit !== void 0 && (t.limit = e.limit.toString());
778
- const s = A(h.invitationsPath, {
792
+ const r = m(c.invitationsPath, {
779
793
  tenantID: e.tenantID
780
794
  });
781
- return this.axiosClient.get(s, { params: t }).then((r) => ({
782
- invites: r.invites,
783
- nextPageSkip: r.next_page_skip
795
+ return this.axiosClient.get(r, { params: t }).then((s) => ({
796
+ invites: s.invites,
797
+ nextPageSkip: s.next_page_skip
784
798
  }));
785
799
  }
786
800
  /**
@@ -789,7 +803,7 @@ class ke {
789
803
  * @returns Promise with success response
790
804
  */
791
805
  deleteInvitation(e) {
792
- const t = A(h.invitationDelete, {
806
+ const t = m(c.invitationDelete, {
793
807
  invitationID: e
794
808
  });
795
809
  return this.axiosClient.delete(t);
@@ -800,7 +814,7 @@ class ke {
800
814
  * @returns Promise with success response
801
815
  */
802
816
  resendInvitation(e) {
803
- const t = A(h.invitationResend, {
817
+ const t = m(c.invitationResend, {
804
818
  invitationID: e
805
819
  });
806
820
  return this.axiosClient.post(t, {});
@@ -811,44 +825,44 @@ class ke {
811
825
  * @returns Promise with the link
812
826
  */
813
827
  getInvitationLink(e) {
814
- const t = A(h.invitationGetLink, {
828
+ const t = m(c.invitationGetLink, {
815
829
  invitationID: e
816
830
  });
817
831
  return this.axiosClient.get(t);
818
832
  }
819
833
  }
820
- class ye {
821
- constructor(e, t, s) {
822
- this.axiosClient = new T(e, t, s);
834
+ class ve {
835
+ constructor(e, t, r) {
836
+ this.axiosClient = new _(e, t, r);
823
837
  }
824
838
  setAppId(e) {
825
839
  this.axiosClient.setAppId(e);
826
840
  }
827
841
  getSettingsAll() {
828
- return this.axiosClient.get(h.settingsAll);
842
+ return this.axiosClient.get(c.settingsAll);
829
843
  }
830
844
  getPasswordPolicySettings() {
831
- return this.axiosClient.get(h.settingsPasswordPolicy);
845
+ return this.axiosClient.get(c.settingsPasswordPolicy);
832
846
  }
833
847
  getPasskeySettings() {
834
- return this.axiosClient.get(h.settingsPasskey);
848
+ return this.axiosClient.get(c.settingsPasskey);
835
849
  }
836
850
  }
837
- class ve {
838
- constructor(e, t, s) {
839
- this.axiosClient = new T(e, t, s);
851
+ class ye {
852
+ constructor(e, t, r) {
853
+ this.axiosClient = new _(e, t, r);
840
854
  }
841
855
  setAppId(e) {
842
856
  this.axiosClient.setAppId(e);
843
857
  }
844
858
  joinInvitation(e, t) {
845
- const s = {
859
+ const r = {
846
860
  invite_token: e,
847
861
  scopes: t
848
862
  };
849
863
  return this.axiosClient.post(
850
- h.joinInvitation,
851
- s
864
+ c.joinInvitation,
865
+ r
852
866
  );
853
867
  }
854
868
  createTenant(e) {
@@ -856,7 +870,7 @@ class ve {
856
870
  name: e
857
871
  };
858
872
  return this.axiosClient.post(
859
- h.tenantPath,
873
+ c.tenantPath,
860
874
  t
861
875
  );
862
876
  }
@@ -866,7 +880,7 @@ class ve {
866
880
  * @param tenantId Tenant ID
867
881
  */
868
882
  getTenantDetails(e) {
869
- const t = `${h.tenantPath}/${e}`;
883
+ const t = `${c.tenantPath}/${e}`;
870
884
  return this.axiosClient.get(t);
871
885
  }
872
886
  /**
@@ -875,22 +889,22 @@ class ve {
875
889
  * @param name New tenant name
876
890
  */
877
891
  updateTenant(e, t) {
878
- const s = `${h.tenantPath}/${e}`, r = { name: t };
879
- return this.axiosClient.put(s, r);
892
+ const r = `${c.tenantPath}/${e}`, s = { name: t };
893
+ return this.axiosClient.put(r, s);
880
894
  }
881
895
  /**
882
896
  * Delete a tenant
883
897
  * @param tenantId Tenant ID
884
898
  */
885
899
  deleteTenant(e) {
886
- const t = `${h.tenantPath}/${e}`;
900
+ const t = `${c.tenantPath}/${e}`;
887
901
  return this.axiosClient.delete(t);
888
902
  }
889
903
  /**
890
904
  * Get user's tenant memberships
891
905
  */
892
906
  getUserTenantMembership() {
893
- return this.axiosClient.get(h.tenantPath);
907
+ return this.axiosClient.get(c.tenantPath);
894
908
  }
895
909
  // 2. Group Management
896
910
  /**
@@ -899,8 +913,8 @@ class ve {
899
913
  * @param name Group name
900
914
  */
901
915
  createGroup(e, t) {
902
- const s = `${h.tenantPath}/${e}/group`, r = { name: t };
903
- return this.axiosClient.post(s, r);
916
+ const r = `${c.tenantPath}/${e}/group`, s = { name: t };
917
+ return this.axiosClient.post(r, s);
904
918
  }
905
919
  /**
906
920
  * Get group information
@@ -908,8 +922,8 @@ class ve {
908
922
  * @param groupId Group ID
909
923
  */
910
924
  getGroupInfo(e, t) {
911
- const s = `${h.tenantPath}/${e}/group/${t}`;
912
- return this.axiosClient.get(s);
925
+ const r = `${c.tenantPath}/${e}/group/${t}`;
926
+ return this.axiosClient.get(r);
913
927
  }
914
928
  /**
915
929
  * Update a group
@@ -917,9 +931,9 @@ class ve {
917
931
  * @param groupId Group ID
918
932
  * @param name New group name
919
933
  */
920
- updateGroup(e, t, s) {
921
- const r = `${h.tenantPath}/${e}/group/${t}`, o = { name: s };
922
- return this.axiosClient.put(r, o);
934
+ updateGroup(e, t, r) {
935
+ const s = `${c.tenantPath}/${e}/group/${t}`, o = { name: r };
936
+ return this.axiosClient.put(s, o);
923
937
  }
924
938
  /**
925
939
  * Delete a group
@@ -927,8 +941,8 @@ class ve {
927
941
  * @param groupId Group ID
928
942
  */
929
943
  deleteGroup(e, t) {
930
- const s = `${h.tenantPath}/${e}/group/${t}`;
931
- return this.axiosClient.delete(s);
944
+ const r = `${c.tenantPath}/${e}/group/${t}`;
945
+ return this.axiosClient.delete(r);
932
946
  }
933
947
  /**
934
948
  * Add a user to a group
@@ -937,8 +951,8 @@ class ve {
937
951
  * @param userId User ID
938
952
  * @param role Role to assign
939
953
  */
940
- addUserToGroup(e, t, s, r) {
941
- const o = `${h.tenantPath}/${e}/group/${t}/add`, n = { user_id: s, role: r };
954
+ addUserToGroup(e, t, r, s) {
955
+ const o = `${c.tenantPath}/${e}/group/${t}/add`, n = { user_id: r, role: s };
942
956
  return this.axiosClient.post(o, n);
943
957
  }
944
958
  /**
@@ -948,8 +962,8 @@ class ve {
948
962
  * @param userId User ID
949
963
  * @param roles Roles to remove
950
964
  */
951
- removeUserRolesFromGroup(e, t, s, r) {
952
- const o = `${h.tenantPath}/${e}/group/${t}/remove_roles`, n = { user_id: s, roles: r };
965
+ removeUserRolesFromGroup(e, t, r, s) {
966
+ const o = `${c.tenantPath}/${e}/group/${t}/remove_roles`, n = { user_id: r, roles: s };
953
967
  return this.axiosClient.post(o, n);
954
968
  }
955
969
  /**
@@ -959,8 +973,8 @@ class ve {
959
973
  * @param userId User ID
960
974
  * @param roles New roles to assign
961
975
  */
962
- changeUserRoles(e, t, s, r) {
963
- const o = `${h.tenantPath}/${e}/group/${t}/change`, n = { user_id: s, roles: r };
976
+ changeUserRoles(e, t, r, s) {
977
+ const o = `${c.tenantPath}/${e}/group/${t}/change`, n = { user_id: r, roles: s };
964
978
  return this.axiosClient.post(o, n);
965
979
  }
966
980
  /**
@@ -969,9 +983,9 @@ class ve {
969
983
  * @param groupId Group ID
970
984
  * @param userId User ID
971
985
  */
972
- deleteUserFromGroup(e, t, s) {
973
- const r = `${h.tenantPath}/${e}/group/${t}/${s}`;
974
- return this.axiosClient.delete(r);
986
+ deleteUserFromGroup(e, t, r) {
987
+ const s = `${c.tenantPath}/${e}/group/${t}/${r}`;
988
+ return this.axiosClient.delete(s);
975
989
  }
976
990
  // 3. Role Management
977
991
  /**
@@ -979,7 +993,7 @@ class ve {
979
993
  * @param tenantId Tenant ID
980
994
  */
981
995
  getRolesForTenant(e) {
982
- const t = `${h.tenantPath}/${e}/role`;
996
+ const t = `${c.tenantPath}/${e}/role`;
983
997
  return this.axiosClient.get(t);
984
998
  }
985
999
  /**
@@ -988,8 +1002,8 @@ class ve {
988
1002
  * @param name Role name
989
1003
  */
990
1004
  createRoleForTenant(e, t) {
991
- const s = `${h.tenantPath}/${e}/role`, r = { name: t };
992
- return this.axiosClient.post(s, r);
1005
+ const r = `${c.tenantPath}/${e}/role`, s = { name: t };
1006
+ return this.axiosClient.post(r, s);
993
1007
  }
994
1008
  /**
995
1009
  * Update a role
@@ -997,9 +1011,9 @@ class ve {
997
1011
  * @param roleId Role ID
998
1012
  * @param name New role name
999
1013
  */
1000
- updateRole(e, t, s) {
1001
- const r = `${h.tenantPath}/${e}/role/${t}`, o = { name: s };
1002
- return this.axiosClient.put(r, o);
1014
+ updateRole(e, t, r) {
1015
+ const s = `${c.tenantPath}/${e}/role/${t}`, o = { name: r };
1016
+ return this.axiosClient.put(s, o);
1003
1017
  }
1004
1018
  /**
1005
1019
  * Delete a role
@@ -1007,8 +1021,8 @@ class ve {
1007
1021
  * @param roleId Role ID
1008
1022
  */
1009
1023
  deleteRole(e, t) {
1010
- const s = `${h.tenantPath}/${e}/role/${t}`;
1011
- return this.axiosClient.delete(s);
1024
+ const r = `${c.tenantPath}/${e}/role/${t}`;
1025
+ return this.axiosClient.delete(r);
1012
1026
  }
1013
1027
  // 4. User Management in Tenants
1014
1028
  /**
@@ -1017,8 +1031,8 @@ class ve {
1017
1031
  * @param userId User ID
1018
1032
  */
1019
1033
  deleteUserFromTenant(e, t) {
1020
- const s = `${h.tenantPath}/${e}/user/${t}`;
1021
- return this.axiosClient.delete(s);
1034
+ const r = `${c.tenantPath}/${e}/user/${t}`;
1035
+ return this.axiosClient.delete(r);
1022
1036
  }
1023
1037
  // 5. Invitation Management
1024
1038
  /**
@@ -1028,10 +1042,10 @@ class ve {
1028
1042
  * @param limit Maximum number of invitations to return
1029
1043
  * @param skip Number of invitations to skip
1030
1044
  */
1031
- getGroupInvitations(e, t, s, r) {
1032
- const o = `${h.tenantPath}/${e}/group/${t}/invitations`;
1045
+ getGroupInvitations(e, t, r, s) {
1046
+ const o = `${c.tenantPath}/${e}/group/${t}/invitations`;
1033
1047
  return this.axiosClient.get(o, {
1034
- params: { limit: s, skip: r }
1048
+ params: { limit: r, skip: s }
1035
1049
  });
1036
1050
  }
1037
1051
  /**
@@ -1040,10 +1054,10 @@ class ve {
1040
1054
  * @param limit Maximum number of invitations to return
1041
1055
  * @param skip Number of invitations to skip
1042
1056
  */
1043
- getTenantInvitations(e, t, s) {
1044
- const r = `${h.tenantPath}/${e}/invitations`;
1045
- return this.axiosClient.get(r, {
1046
- params: { limit: t, skip: s }
1057
+ getTenantInvitations(e, t, r) {
1058
+ const s = `${c.tenantPath}/${e}/invitations`;
1059
+ return this.axiosClient.get(s, {
1060
+ params: { limit: t, skip: r }
1047
1061
  });
1048
1062
  }
1049
1063
  /**
@@ -1052,9 +1066,9 @@ class ve {
1052
1066
  * @param groupId Group ID
1053
1067
  * @param inviteId Invitation ID
1054
1068
  */
1055
- invalidateInviteById(e, t, s) {
1056
- const r = `${h.tenantPath}/${e}/group/${t}/invite/${s}`;
1057
- return this.axiosClient.delete(r);
1069
+ invalidateInviteById(e, t, r) {
1070
+ const s = `${c.tenantPath}/${e}/group/${t}/invite/${r}`;
1071
+ return this.axiosClient.delete(s);
1058
1072
  }
1059
1073
  /**
1060
1074
  * Invalidate an invitation by email
@@ -1062,14 +1076,14 @@ class ve {
1062
1076
  * @param groupId Group ID
1063
1077
  * @param email Email address
1064
1078
  */
1065
- invalidateInviteByEmail(e, t, s) {
1066
- const r = `${h.tenantPath}/${e}/group/${t}/invite/email/${s}`;
1067
- return this.axiosClient.delete(r);
1079
+ invalidateInviteByEmail(e, t, r) {
1080
+ const s = `${c.tenantPath}/${e}/group/${t}/invite/email/${r}`;
1081
+ return this.axiosClient.delete(s);
1068
1082
  }
1069
1083
  }
1070
- class Se {
1071
- constructor(e, t, s) {
1072
- this.axiosClient = new T(e, t, s);
1084
+ class me {
1085
+ constructor(e, t, r) {
1086
+ this.axiosClient = new _(e, t, r);
1073
1087
  }
1074
1088
  setAppId(e) {
1075
1089
  this.axiosClient.setAppId(e);
@@ -1079,7 +1093,7 @@ class Se {
1079
1093
  * GET /user/2fa/status
1080
1094
  */
1081
1095
  getStatus() {
1082
- return this.axiosClient.get(h.twoFactorStatus);
1096
+ return this.axiosClient.get(c.twoFactorStatus);
1083
1097
  }
1084
1098
  /**
1085
1099
  * Begin 2FA setup process
@@ -1087,7 +1101,7 @@ class Se {
1087
1101
  * Returns secret and QR code for authenticator app
1088
1102
  */
1089
1103
  beginSetup() {
1090
- return this.axiosClient.post(h.twoFactorSetupBegin, {});
1104
+ return this.axiosClient.post(c.twoFactorSetupBegin, {});
1091
1105
  }
1092
1106
  /**
1093
1107
  * Confirm 2FA setup with TOTP code
@@ -1096,7 +1110,7 @@ class Se {
1096
1110
  */
1097
1111
  confirmSetup(e) {
1098
1112
  return this.axiosClient.post(
1099
- h.twoFactorSetupConfirm,
1113
+ c.twoFactorSetupConfirm,
1100
1114
  e
1101
1115
  );
1102
1116
  }
@@ -1106,10 +1120,10 @@ class Se {
1106
1120
  * Uses tfa_token as Bearer token for authentication
1107
1121
  */
1108
1122
  verify(e) {
1109
- const { tfa_token: t, code: s } = e;
1123
+ const { tfa_token: t, code: r } = e;
1110
1124
  return this.axiosClient.post(
1111
- h.twoFactorVerify,
1112
- { code: s },
1125
+ c.twoFactorVerify,
1126
+ { code: r },
1113
1127
  {
1114
1128
  headers: {
1115
1129
  Authorization: `Bearer ${t}`
@@ -1123,10 +1137,10 @@ class Se {
1123
1137
  * Uses tfa_token as Bearer token for authentication
1124
1138
  */
1125
1139
  useRecoveryCode(e) {
1126
- const { tfa_token: t, recovery_code: s } = e;
1140
+ const { tfa_token: t, recovery_code: r } = e;
1127
1141
  return this.axiosClient.post(
1128
- h.twoFactorRecovery,
1129
- { recovery_code: s },
1142
+ c.twoFactorRecovery,
1143
+ { recovery_code: r },
1130
1144
  {
1131
1145
  headers: {
1132
1146
  Authorization: `Bearer ${t}`
@@ -1139,7 +1153,7 @@ class Se {
1139
1153
  * DELETE /user/2fa
1140
1154
  */
1141
1155
  disable(e) {
1142
- return this.axiosClient.delete(h.twoFactor, { data: e });
1156
+ return this.axiosClient.delete(c.twoFactor, { data: e });
1143
1157
  }
1144
1158
  /**
1145
1159
  * Regenerate recovery codes
@@ -1147,7 +1161,7 @@ class Se {
1147
1161
  */
1148
1162
  regenerateRecoveryCodes(e) {
1149
1163
  return this.axiosClient.post(
1150
- h.twoFactorRegenerateCodes,
1164
+ c.twoFactorRegenerateCodes,
1151
1165
  e
1152
1166
  );
1153
1167
  }
@@ -1166,26 +1180,29 @@ class Se {
1166
1180
  * @returns Validation response with scoped session token or error
1167
1181
  */
1168
1182
  validateTwoFactorSetupMagicLink(e) {
1169
- const t = `${h.twoFactorSetupMagicLink}/${e}`;
1183
+ const t = `${c.twoFactorSetupMagicLink}/${e}`;
1170
1184
  return this.axiosClient.get(t, {
1171
1185
  // Override default auth headers (this is a public endpoint)
1172
1186
  transformRequest: [
1173
- (s, r) => (r && delete r.Authorization, s)
1187
+ (r, s) => (s && delete s.Authorization, r)
1174
1188
  ]
1175
- }).then((s) => ({
1176
- success: !0,
1177
- sessionToken: s.session_token,
1178
- userId: s.user_id,
1179
- expiresIn: s.expires_in,
1180
- appId: s.app_id
1181
- })).catch((s) => {
1182
- if (s.response) {
1183
- const r = s.response.status, o = s.response.data || {}, n = s.response.headers?.["retry-after"] ? parseInt(s.response.headers["retry-after"], 10) : void 0;
1189
+ }).then((r) => {
1190
+ const s = r;
1191
+ return {
1192
+ success: !0,
1193
+ sessionToken: s.session_token,
1194
+ userId: s.user_id,
1195
+ expiresIn: s.expires_in,
1196
+ appId: s.app_id
1197
+ };
1198
+ }).catch((r) => {
1199
+ if (r.response) {
1200
+ const s = r.response.status, o = r.response.data || {}, n = r.response.headers?.["retry-after"] ? parseInt(r.response.headers["retry-after"], 10) : void 0;
1184
1201
  return {
1185
1202
  success: !1,
1186
1203
  error: {
1187
- code: o.error || this.mapStatusToErrorCode(r),
1188
- message: o.message || this.getDefaultErrorMessage(r),
1204
+ code: o.error || this.mapStatusToErrorCode(s),
1205
+ message: o.message || this.getDefaultErrorMessage(s),
1189
1206
  retryAfter: n
1190
1207
  }
1191
1208
  };
@@ -1194,7 +1211,7 @@ class Se {
1194
1211
  success: !1,
1195
1212
  error: {
1196
1213
  code: "SERVER_ERROR",
1197
- message: s instanceof Error ? s.message : "Unable to connect to the server. Please check your connection."
1214
+ message: r instanceof Error ? r.message : "Unable to connect to the server. Please check your connection."
1198
1215
  }
1199
1216
  };
1200
1217
  });
@@ -1233,53 +1250,139 @@ class Se {
1233
1250
  return "An error occurred while validating the magic link.";
1234
1251
  }
1235
1252
  }
1253
+ // ============================================
1254
+ // v2 Multi-Method 2FA API Methods
1255
+ // ============================================
1256
+ /**
1257
+ * Get available 2FA methods for current user
1258
+ * GET /v2/user/2fa/methods/available
1259
+ */
1260
+ getAvailableMethods() {
1261
+ return this.axiosClient.get(c.TwoFactorMethodsAvailable);
1262
+ }
1263
+ /**
1264
+ * Get registered 2FA methods for current user
1265
+ * GET /v2/user/2fa/methods
1266
+ */
1267
+ getRegisteredMethods() {
1268
+ return this.axiosClient.get(c.TwoFactorMethodsRegistered);
1269
+ }
1270
+ /**
1271
+ * Begin 2FA method setup
1272
+ * POST /v2/user/2fa/methods/:method/setup/begin
1273
+ */
1274
+ beginMethodSetup(e) {
1275
+ const t = m(c.TwoFactorMethodSetupBegin, { method: e });
1276
+ return this.axiosClient.post(t, {});
1277
+ }
1278
+ /**
1279
+ * Confirm 2FA method setup
1280
+ * POST /v2/user/2fa/methods/:method/setup/confirm
1281
+ */
1282
+ confirmMethodSetup(e, t) {
1283
+ const r = m(c.TwoFactorMethodSetupConfirm, { method: e });
1284
+ return this.axiosClient.post(r, t);
1285
+ }
1286
+ /**
1287
+ * Remove registered 2FA method
1288
+ * DELETE /v2/user/2fa/methods/:id
1289
+ */
1290
+ removeMethod(e) {
1291
+ const t = m(c.TwoFactorMethodRemove, { id: e });
1292
+ return this.axiosClient.delete(t);
1293
+ }
1294
+ /**
1295
+ * Request 2FA challenge during login
1296
+ * POST /v2/auth/2fa/challenge
1297
+ */
1298
+ requestChallenge(e) {
1299
+ return this.axiosClient.post(
1300
+ c.TwoFactorChallenge,
1301
+ e
1302
+ );
1303
+ }
1304
+ /**
1305
+ * Verify 2FA challenge (v2)
1306
+ * POST /v2/auth/2fa/verify
1307
+ */
1308
+ verifyV2(e) {
1309
+ return this.axiosClient.post(
1310
+ c.TwoFactorVerifyV2,
1311
+ e
1312
+ );
1313
+ }
1314
+ /**
1315
+ * Switch to alternative 2FA method during challenge
1316
+ * POST /v2/auth/2fa/alternative
1317
+ */
1318
+ switchToAlternative(e) {
1319
+ return this.axiosClient.post(
1320
+ c.TwoFactorAlternative,
1321
+ e
1322
+ );
1323
+ }
1324
+ /**
1325
+ * Get trusted devices
1326
+ * GET /v2/user/2fa/trusted-devices
1327
+ */
1328
+ getTrustedDevices() {
1329
+ return this.axiosClient.get(c.TwoFactorTrustedDevices);
1330
+ }
1331
+ /**
1332
+ * Revoke trusted device
1333
+ * DELETE /v2/user/2fa/trusted-devices/:id
1334
+ */
1335
+ revokeTrustedDevice(e) {
1336
+ const t = m(c.TwoFactorTrustedDeviceRevoke, { id: e });
1337
+ return this.axiosClient.delete(t);
1338
+ }
1236
1339
  }
1237
- class me {
1238
- constructor(e, t, s) {
1239
- this.axiosClient = new T(e, t, s);
1340
+ class Se {
1341
+ constructor(e, t, r) {
1342
+ this.axiosClient = new _(e, t, r);
1240
1343
  }
1241
1344
  setAppId(e) {
1242
1345
  this.axiosClient.setAppId(e);
1243
1346
  }
1244
1347
  getUserPasskeys() {
1245
- return this.axiosClient.get(h.userPasskey);
1348
+ return this.axiosClient.get(c.userPasskey);
1246
1349
  }
1247
1350
  renameUserPasskey(e, t) {
1248
1351
  return this.axiosClient.patch(
1249
- `${h.userPasskey}/${t}`,
1352
+ `${c.userPasskey}/${t}`,
1250
1353
  {
1251
1354
  name: e
1252
1355
  }
1253
1356
  );
1254
1357
  }
1255
1358
  deleteUserPasskey(e) {
1256
- return this.axiosClient.delete(`${h.userPasskey}/${e}`);
1359
+ return this.axiosClient.delete(`${c.userPasskey}/${e}`);
1257
1360
  }
1258
1361
  addUserPasskeyStart({
1259
1362
  relyingPartyId: e,
1260
1363
  deviceId: t,
1261
- os: s,
1262
- passkeyDisplayName: r,
1364
+ os: r,
1365
+ passkeyDisplayName: s,
1263
1366
  passkeyUsername: o
1264
1367
  }) {
1265
1368
  const n = {
1266
- passkey_display_name: r,
1369
+ passkey_display_name: s,
1267
1370
  passkey_username: o,
1268
1371
  relying_party_id: e,
1269
1372
  deviceId: t,
1270
- os: s
1373
+ os: r
1271
1374
  };
1272
- return this.axiosClient.post(h.addUserPasskey, n);
1375
+ return this.axiosClient.post(c.addUserPasskey, n);
1273
1376
  }
1274
- addUserPasskeyComplete(e, t, s) {
1275
- return this.axiosClient.post(h.completeAddUserPasskey, {
1276
- challenge_id: s,
1377
+ addUserPasskeyComplete(e, t, r) {
1378
+ return this.axiosClient.post(c.completeAddUserPasskey, {
1379
+ challenge_id: r,
1277
1380
  device: t,
1278
1381
  passkey_data: e
1279
1382
  });
1280
1383
  }
1281
1384
  }
1282
- var a = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.SessionRestored = "session:restored", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i.TwoFactorRequired = "2fa:required", i.TwoFactorSetupStarted = "2fa:setup_started", i.TwoFactorEnabled = "2fa:enabled", i.TwoFactorDisabled = "2fa:disabled", i.TwoFactorVerified = "2fa:verified", i.TwoFactorRecoveryUsed = "2fa:recovery_used", i.TwoFactorRecoveryCodesLow = "2fa:recovery_low", i.TwoFactorRecoveryCodesExhausted = "2fa:recovery_exhausted", i.TwoFactorSetupMagicLinkValidated = "2fa:magic_link_validated", i.TwoFactorSetupMagicLinkFailed = "2fa:magic_link_failed", i))(a || {});
1385
+ var a = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.SessionRestored = "session:restored", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i.TwoFactorRequired = "2fa:required", i.TwoFactorSetupStarted = "2fa:setup_started", i.TwoFactorEnabled = "2fa:enabled", i.TwoFactorDisabled = "2fa:disabled", i.TwoFactorVerified = "2fa:verified", i.TwoFactorRecoveryUsed = "2fa:recovery_used", i.TwoFactorRecoveryCodesLow = "2fa:recovery_low", i.TwoFactorRecoveryCodesExhausted = "2fa:recovery_exhausted", i.TwoFactorSetupMagicLinkValidated = "2fa:magic_link_validated", i.TwoFactorSetupMagicLinkFailed = "2fa:magic_link_failed", i.TwoFactorChallengeReceived = "two_factor_challenge_received", i.TwoFactorMethodSwitched = "two_factor_method_switched", i.TwoFactorDeviceTrusted = "two_factor_device_trusted", i))(a || {});
1283
1386
  class we {
1284
1387
  constructor() {
1285
1388
  this.subscribers = /* @__PURE__ */ new Map();
@@ -1291,8 +1394,8 @@ class we {
1291
1394
  */
1292
1395
  subscribe(e, t) {
1293
1396
  if (t?.length) {
1294
- const s = new Set(t);
1295
- this.subscribers.set(e, s);
1397
+ const r = new Set(t);
1398
+ this.subscribers.set(e, r);
1296
1399
  } else
1297
1400
  this.subscribers.set(e, null);
1298
1401
  }
@@ -1306,8 +1409,8 @@ class we {
1306
1409
  this.subscribers.delete(e);
1307
1410
  return;
1308
1411
  }
1309
- const s = this.subscribers.get(e);
1310
- s && (t.forEach((r) => s.delete(r)), s.size === 0 && this.subscribers.delete(e));
1412
+ const r = this.subscribers.get(e);
1413
+ r && (t.forEach((s) => r.delete(s)), r.size === 0 && this.subscribers.delete(e));
1311
1414
  }
1312
1415
  /**
1313
1416
  * Notify subscribers of an event
@@ -1315,22 +1418,22 @@ class we {
1315
1418
  * @param payload Event-specific payload data
1316
1419
  */
1317
1420
  notify(e, t) {
1318
- this.subscribers.forEach((s, r) => {
1319
- (!s || s.has(e)) && r.onAuthChange?.(e, t);
1421
+ this.subscribers.forEach((r, s) => {
1422
+ (!r || r.has(e)) && s.onAuthChange?.(e, t);
1320
1423
  });
1321
1424
  }
1322
1425
  }
1323
- function F(i) {
1426
+ function D(i) {
1324
1427
  if (!i || typeof i != "string") return !1;
1325
1428
  const e = i.split(".");
1326
1429
  if (e.length !== 3) return !1;
1327
1430
  const t = /^[A-Za-z0-9_-]+$/;
1328
- return e.every((s) => t.test(s) && s.length > 0);
1431
+ return e.every((r) => t.test(r) && r.length > 0);
1329
1432
  }
1330
1433
  function Te(i) {
1331
1434
  return i.replace(/<[^>]*>/g, "").substring(0, ne);
1332
1435
  }
1333
- function M(i) {
1436
+ function P(i) {
1334
1437
  if (!i || typeof i != "string") return !1;
1335
1438
  const e = i.trim();
1336
1439
  return e.length === 0 ? !1 : /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e);
@@ -1340,7 +1443,7 @@ function x(i) {
1340
1443
  const e = i.trim();
1341
1444
  return /^\+[1-9]\d{1,14}$/.test(e);
1342
1445
  }
1343
- function Ee(i) {
1446
+ function _e(i) {
1344
1447
  if (!i || typeof i != "string") return !1;
1345
1448
  const e = i.trim();
1346
1449
  return e.length < ie || e.length > oe ? !1 : /^[a-zA-Z0-9_-]+$/.test(e);
@@ -1348,14 +1451,14 @@ function Ee(i) {
1348
1451
  function R(i, e = 6) {
1349
1452
  return !i || typeof i != "string" ? !1 : (e === 8 ? /^\d{8}$/ : /^\d{6}$/).test(i);
1350
1453
  }
1351
- function _e(i) {
1454
+ function Ee(i) {
1352
1455
  if (!i || typeof i != "string") return null;
1353
1456
  const e = i.toUpperCase().replace(/\s+/g, "");
1354
1457
  return /^[A-Z0-9-]{4,16}$/.test(e) ? e : null;
1355
1458
  }
1356
1459
  class Ie {
1357
- constructor(e, t, s, r, o, n, d, c, g, p, f, b) {
1358
- this.authApi = e, this.deviceService = t, this.storageManager = s, this.subscribeStore = r, this.tokenCacheService = o, this.scopes = n, this.createTenantForNewUser = d, this.origin = c, this.url = g, this.sessionCallbacks = p, this.appId = f, this.tokenExchangeConfig = b, this.tokenDeliveryManager = new B(s), b?.enabled && this.tokenDeliveryManager.setMode(v.BFF), this.initializeSession();
1460
+ constructor(e, t, r, s, o, n, d, h, g, f, k, A) {
1461
+ this.authApi = e, this.deviceService = t, this.storageManager = r, this.subscribeStore = s, this.tokenCacheService = o, this.scopes = n, this.createTenantForNewUser = d, this.origin = h, this.url = g, this.sessionCallbacks = f, this.appId = k, this.tokenExchangeConfig = A, this.tokenDeliveryManager = new Y(r), A?.enabled && this.tokenDeliveryManager.setMode(y.BFF), this.initializeSession();
1359
1462
  }
1360
1463
  /**
1361
1464
  * Initialize session state on page load for cookie/BFF mode
@@ -1401,100 +1504,91 @@ class Ie {
1401
1504
  * Forward tokens to BFF server for httpOnly cookie storage
1402
1505
  */
1403
1506
  async forwardTokensToBFF(e) {
1404
- if (!this.tokenExchangeConfig?.callbackUrl) {
1405
- console.warn("[Passflow SDK] BFF mode enabled but callbackUrl not configured");
1507
+ if (!this.tokenExchangeConfig?.callbackUrl)
1406
1508
  return;
1407
- }
1408
- try {
1409
- const t = await fetch(this.tokenExchangeConfig.callbackUrl, {
1410
- method: "POST",
1411
- credentials: "include",
1412
- // Include/set httpOnly cookies
1413
- headers: {
1414
- "Content-Type": "application/json"
1415
- },
1416
- body: JSON.stringify({
1417
- access_token: e.access_token,
1418
- refresh_token: e.refresh_token,
1419
- id_token: e.id_token,
1420
- // expires_in is returned by the server but not typed in the SDK
1421
- expires_in: e.expires_in
1422
- })
1423
- });
1424
- if (!t.ok) {
1425
- const s = await t.text();
1426
- throw console.error("[Passflow SDK] Failed to forward tokens to BFF:", s), new Error(`BFF token storage failed: ${t.status}`);
1427
- }
1428
- console.log("[Passflow SDK] Tokens forwarded to BFF successfully");
1429
- } catch (t) {
1430
- throw console.error("[Passflow SDK] Error forwarding tokens to BFF:", t), t;
1431
- }
1509
+ const t = await fetch(this.tokenExchangeConfig.callbackUrl, {
1510
+ method: "POST",
1511
+ credentials: "include",
1512
+ // Include/set httpOnly cookies
1513
+ headers: {
1514
+ "Content-Type": "application/json"
1515
+ },
1516
+ body: JSON.stringify({
1517
+ access_token: e.access_token,
1518
+ refresh_token: e.refresh_token,
1519
+ id_token: e.id_token,
1520
+ // expires_in is returned by the server but not typed in the SDK
1521
+ expires_in: e.expires_in
1522
+ })
1523
+ });
1524
+ if (!t.ok)
1525
+ throw new Error(`BFF token storage failed: ${t.status}`);
1432
1526
  }
1433
1527
  async signIn(e) {
1434
- if ("email" in e && e.email && !M(e.email)) {
1435
- const r = new Error("Invalid email format"), o = {
1528
+ if ("email" in e && e.email && !P(e.email)) {
1529
+ const s = new Error("Invalid email format"), o = {
1436
1530
  message: "Invalid email format",
1437
- originalError: r,
1531
+ originalError: s,
1438
1532
  code: "VALIDATION_ERROR"
1439
1533
  };
1440
- throw this.subscribeStore.notify(a.Error, o), r;
1534
+ throw this.subscribeStore.notify(a.Error, o), s;
1441
1535
  }
1442
- if ("username" in e && e.username && !Ee(e.username)) {
1443
- const r = new Error(
1536
+ if ("username" in e && e.username && !_e(e.username)) {
1537
+ const s = new Error(
1444
1538
  "Invalid username format. Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens"
1445
1539
  ), o = {
1446
1540
  message: "Invalid username format. Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens",
1447
- originalError: r,
1541
+ originalError: s,
1448
1542
  code: "VALIDATION_ERROR"
1449
1543
  };
1450
- throw this.subscribeStore.notify(a.Error, o), r;
1544
+ throw this.subscribeStore.notify(a.Error, o), s;
1451
1545
  }
1452
1546
  if ("phone" in e && e.phone && !x(e.phone)) {
1453
- const r = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1547
+ const s = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1454
1548
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1455
- originalError: r,
1549
+ originalError: s,
1456
1550
  code: "VALIDATION_ERROR"
1457
1551
  };
1458
- throw this.subscribeStore.notify(a.Error, o), r;
1552
+ throw this.subscribeStore.notify(a.Error, o), s;
1459
1553
  }
1460
1554
  this.subscribeStore.notify(a.SignInStart, { email: e.email });
1461
- const t = this.deviceService.getDeviceId(), s = I.web;
1555
+ const t = this.deviceService.getDeviceId(), r = b.web;
1462
1556
  e.scopes = e.scopes ?? this.scopes;
1463
1557
  try {
1464
- const r = await this.authApi.signIn(e, t, s);
1465
- return "requires_2fa" in r && r.requires_2fa === !0 || "tfa_token" in r && r.tfa_token ? (this.subscribeStore.notify(a.TwoFactorRequired, {
1558
+ const s = await this.authApi.signIn(e, t, r);
1559
+ return "requires_2fa" in s && s.requires_2fa === !0 || "tfa_token" in s && s.tfa_token ? (this.subscribeStore.notify(a.TwoFactorRequired, {
1466
1560
  email: e.email || "",
1467
- challengeId: r.challenge_id || "",
1468
- tfaToken: r.tfa_token || ""
1469
- }), r) : (await this.processAuthResponse(r, e.scopes), this.subscribeStore.notify(a.SignIn, {
1470
- tokens: r,
1561
+ challengeId: s.challenge_id || "",
1562
+ tfaToken: s.tfa_token || ""
1563
+ }), s) : (await this.processAuthResponse(s, e.scopes), this.subscribeStore.notify(a.SignIn, {
1564
+ tokens: s,
1471
1565
  parsedTokens: this.tokenCacheService.getParsedTokens()
1472
- }), await this.submitSessionCheck(), r);
1473
- } catch (r) {
1566
+ }), await this.submitSessionCheck(), s);
1567
+ } catch (s) {
1474
1568
  const o = {
1475
- message: r instanceof Error ? r.message : "Sign in failed",
1476
- originalError: r,
1477
- code: r instanceof u ? r.id : void 0
1569
+ message: s instanceof Error ? s.message : "Sign in failed",
1570
+ originalError: s,
1571
+ code: s instanceof u ? s.id : void 0
1478
1572
  };
1479
- throw this.subscribeStore.notify(a.Error, o), r;
1573
+ throw this.subscribeStore.notify(a.Error, o), s;
1480
1574
  }
1481
1575
  }
1482
1576
  async signUp(e) {
1483
- if (e.user.email && !M(e.user.email)) {
1484
- const t = new Error("Invalid email format"), s = {
1577
+ if (e.user.email && !P(e.user.email)) {
1578
+ const t = new Error("Invalid email format"), r = {
1485
1579
  message: "Invalid email format",
1486
1580
  originalError: t,
1487
1581
  code: "VALIDATION_ERROR"
1488
1582
  };
1489
- throw this.subscribeStore.notify(a.Error, s), t;
1583
+ throw this.subscribeStore.notify(a.Error, r), t;
1490
1584
  }
1491
1585
  if (e.user.phone_number && !x(e.user.phone_number)) {
1492
- const t = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), s = {
1586
+ const t = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), r = {
1493
1587
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1494
1588
  originalError: t,
1495
1589
  code: "VALIDATION_ERROR"
1496
1590
  };
1497
- throw this.subscribeStore.notify(a.Error, s), t;
1591
+ throw this.subscribeStore.notify(a.Error, r), t;
1498
1592
  }
1499
1593
  this.subscribeStore.notify(a.RegisterStart, { email: e.user.email }), e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1500
1594
  try {
@@ -1504,42 +1598,42 @@ class Ie {
1504
1598
  parsedTokens: this.tokenCacheService.getParsedTokens()
1505
1599
  }), await this.submitSessionCheck(), t;
1506
1600
  } catch (t) {
1507
- const s = {
1601
+ const r = {
1508
1602
  message: t instanceof Error ? t.message : "Sign up failed",
1509
1603
  originalError: t,
1510
1604
  code: t instanceof u ? t.id : void 0
1511
1605
  };
1512
- throw this.subscribeStore.notify(a.Error, s), t;
1606
+ throw this.subscribeStore.notify(a.Error, r), t;
1513
1607
  }
1514
1608
  }
1515
1609
  async passwordlessSignIn(e) {
1516
- if (e.email && !M(e.email)) {
1517
- const r = new Error("Invalid email format"), o = {
1610
+ if (e.email && !P(e.email)) {
1611
+ const s = new Error("Invalid email format"), o = {
1518
1612
  message: "Invalid email format",
1519
- originalError: r,
1613
+ originalError: s,
1520
1614
  code: "VALIDATION_ERROR"
1521
1615
  };
1522
- throw this.subscribeStore.notify(a.Error, o), r;
1616
+ throw this.subscribeStore.notify(a.Error, o), s;
1523
1617
  }
1524
1618
  if (e.phone && !x(e.phone)) {
1525
- const r = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1619
+ const s = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1526
1620
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1527
- originalError: r,
1621
+ originalError: s,
1528
1622
  code: "VALIDATION_ERROR"
1529
1623
  };
1530
- throw this.subscribeStore.notify(a.Error, o), r;
1624
+ throw this.subscribeStore.notify(a.Error, o), s;
1531
1625
  }
1532
1626
  this.subscribeStore.notify(a.SignInStart, { email: e.email }), e.scopes = e.scopes ?? this.scopes;
1533
- const t = this.deviceService.getDeviceId(), s = I.web;
1627
+ const t = this.deviceService.getDeviceId(), r = b.web;
1534
1628
  try {
1535
- return await this.authApi.passwordlessSignIn(e, t, s);
1536
- } catch (r) {
1629
+ return await this.authApi.passwordlessSignIn(e, t, r);
1630
+ } catch (s) {
1537
1631
  const o = {
1538
- message: r instanceof Error ? r.message : "Failed to send passwordless sign-in link",
1539
- originalError: r,
1540
- code: r instanceof u ? r.id : void 0
1632
+ message: s instanceof Error ? s.message : "Failed to send passwordless sign-in link",
1633
+ originalError: s,
1634
+ code: s instanceof u ? s.id : void 0
1541
1635
  };
1542
- throw this.subscribeStore.notify(a.Error, o), r;
1636
+ throw this.subscribeStore.notify(a.Error, o), s;
1543
1637
  }
1544
1638
  }
1545
1639
  async passwordlessSignInComplete(e) {
@@ -1551,33 +1645,30 @@ class Ie {
1551
1645
  parsedTokens: this.tokenCacheService.getParsedTokens()
1552
1646
  }), await this.submitSessionCheck(), t;
1553
1647
  } catch (t) {
1554
- const s = {
1648
+ const r = {
1555
1649
  message: t instanceof Error ? t.message : "Passwordless sign in failed",
1556
1650
  originalError: t,
1557
1651
  code: t instanceof u ? t.id : void 0
1558
1652
  };
1559
- throw this.subscribeStore.notify(a.Error, s), t;
1653
+ throw this.subscribeStore.notify(a.Error, r), t;
1560
1654
  }
1561
1655
  }
1562
1656
  async logOut() {
1563
1657
  if (this.tokenDeliveryManager.isBFFMode() && this.tokenExchangeConfig?.logoutUrl)
1564
1658
  try {
1565
- const e = await fetch(this.tokenExchangeConfig.logoutUrl, {
1659
+ (await fetch(this.tokenExchangeConfig.logoutUrl, {
1566
1660
  method: "POST",
1567
1661
  credentials: "include"
1568
1662
  // Include httpOnly cookies
1569
- });
1570
- e.ok || console.warn("[Passflow SDK] BFF logout failed:", await e.text());
1571
- } catch (e) {
1572
- console.warn("[Passflow SDK] BFF logout error:", e);
1663
+ })).ok;
1664
+ } catch {
1573
1665
  }
1574
1666
  else {
1575
- const e = this.storageManager.getToken(k.refresh_token), t = this.storageManager.getDeviceId();
1667
+ const e = this.storageManager.getToken(p.refresh_token), t = this.storageManager.getDeviceId();
1576
1668
  try {
1577
1669
  if ((await this.authApi.logOut(t, e, !this.appId)).status !== "ok")
1578
1670
  throw new Error("Logout failed");
1579
- } catch (s) {
1580
- console.warn("[Passflow SDK] Logout API failed, clearing local state anyway:", s);
1671
+ } catch {
1581
1672
  }
1582
1673
  }
1583
1674
  this.storageManager.deleteTokens(), this.storageManager.clearIdToken(), this.storageManager.clearCsrfToken(), this.tokenDeliveryManager.reset(), this.subscribeStore.notify(a.SignOut, {});
@@ -1585,95 +1676,95 @@ class Ie {
1585
1676
  async refreshToken() {
1586
1677
  if (this.subscribeStore.notify(a.RefreshStart, {}), this.tokenDeliveryManager.isBFFMode() && this.tokenExchangeConfig?.refreshUrl)
1587
1678
  try {
1588
- const s = await fetch(this.tokenExchangeConfig.refreshUrl, {
1679
+ const r = await fetch(this.tokenExchangeConfig.refreshUrl, {
1589
1680
  method: "POST",
1590
1681
  credentials: "include"
1591
1682
  // Include httpOnly cookies
1592
1683
  });
1593
- if (!s.ok)
1684
+ if (!r.ok)
1594
1685
  throw this.tokenDeliveryManager.setSessionInvalid(), new Error("BFF token refresh failed");
1595
- const r = await s.json();
1596
- return this.tokenDeliveryManager.setSessionValid(), r.id_token && this.storageManager.setIdToken(r.id_token), this.subscribeStore.notify(a.Refresh, {
1597
- tokens: r,
1686
+ const s = await r.json();
1687
+ return this.tokenDeliveryManager.setSessionValid(), s.id_token && this.storageManager.setIdToken(s.id_token), this.subscribeStore.notify(a.Refresh, {
1688
+ tokens: s,
1598
1689
  parsedTokens: this.tokenCacheService.getParsedTokens()
1599
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, r;
1600
- } catch (s) {
1690
+ }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, s;
1691
+ } catch (r) {
1601
1692
  this.tokenDeliveryManager.setSessionInvalid();
1602
- const r = {
1603
- message: s instanceof Error ? s.message : "Token refresh failed",
1604
- originalError: s
1693
+ const s = {
1694
+ message: r instanceof Error ? r.message : "Token refresh failed",
1695
+ originalError: r
1605
1696
  };
1606
- throw this.subscribeStore.notify(a.Error, r), s;
1697
+ throw this.subscribeStore.notify(a.Error, s), r;
1607
1698
  }
1608
1699
  if (this.tokenDeliveryManager.isCookieMode())
1609
1700
  try {
1610
- const s = await this.authApi.refreshToken("", this.scopes);
1611
- return this.tokenDeliveryManager.setSessionValid(), await this.processAuthResponse(s, this.scopes), this.subscribeStore.notify(a.Refresh, {
1612
- tokens: s,
1701
+ const r = await this.authApi.refreshToken("", this.scopes);
1702
+ return this.tokenDeliveryManager.setSessionValid(), await this.processAuthResponse(r, this.scopes), this.subscribeStore.notify(a.Refresh, {
1703
+ tokens: r,
1613
1704
  parsedTokens: this.tokenCacheService.getParsedTokens()
1614
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, s;
1615
- } catch (s) {
1705
+ }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, r;
1706
+ } catch (r) {
1616
1707
  this.tokenDeliveryManager.setSessionInvalid();
1617
- const r = {
1618
- message: s instanceof Error ? s.message : "Token refresh failed",
1619
- originalError: s,
1620
- code: s instanceof u ? s.id : void 0
1708
+ const s = {
1709
+ message: r instanceof Error ? r.message : "Token refresh failed",
1710
+ originalError: r,
1711
+ code: r instanceof u ? r.id : void 0
1621
1712
  };
1622
- throw this.subscribeStore.notify(a.Error, r), s;
1713
+ throw this.subscribeStore.notify(a.Error, s), r;
1623
1714
  }
1624
1715
  const e = this.storageManager.getTokens();
1625
1716
  if (e) {
1626
1717
  if (!e?.refresh_token) {
1627
- const s = new Error("No refresh token found"), r = {
1718
+ const r = new Error("No refresh token found"), s = {
1628
1719
  message: "No refresh token found",
1629
- originalError: s
1720
+ originalError: r
1630
1721
  };
1631
- throw this.subscribeStore.notify(a.Error, r), s;
1722
+ throw this.subscribeStore.notify(a.Error, s), r;
1632
1723
  }
1633
1724
  } else {
1634
- const s = new Error("No tokens found"), r = {
1725
+ const r = new Error("No tokens found"), s = {
1635
1726
  message: "No tokens found",
1636
- originalError: s
1727
+ originalError: r
1637
1728
  };
1638
- throw this.subscribeStore.notify(a.Error, r), s;
1729
+ throw this.subscribeStore.notify(a.Error, s), r;
1639
1730
  }
1640
1731
  const t = e?.scopes ?? this.scopes;
1641
1732
  try {
1642
- const s = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
1643
- return s.scopes = t, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), this.subscribeStore.notify(a.Refresh, {
1644
- tokens: s,
1733
+ const r = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
1734
+ return r.scopes = t, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), this.subscribeStore.notify(a.Refresh, {
1735
+ tokens: r,
1645
1736
  parsedTokens: this.tokenCacheService.getParsedTokens()
1646
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, this.tokenCacheService.startTokenCheck(), s;
1647
- } catch (s) {
1648
- const r = {
1649
- message: s instanceof Error ? s.message : "Token refresh failed",
1650
- originalError: s,
1651
- code: s instanceof u ? s.id : void 0,
1652
- details: D.isAxiosError(s) && s.response ? {
1653
- status: s.response.status,
1654
- data: s.response.data
1737
+ }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, this.tokenCacheService.startTokenCheck(), r;
1738
+ } catch (r) {
1739
+ const s = {
1740
+ message: r instanceof Error ? r.message : "Token refresh failed",
1741
+ originalError: r,
1742
+ code: r instanceof u ? r.id : void 0,
1743
+ details: F.isAxiosError(r) && r.response ? {
1744
+ status: r.response.status,
1745
+ data: r.response.data
1655
1746
  } : void 0
1656
1747
  };
1657
- throw this.subscribeStore.notify(a.Error, r), s instanceof u ? s : D.isAxiosError(s) && s.response && s.response?.status >= 400 && s.response?.status < 500 ? new Error(`Getting unknown error message from server with code:${s.response.status}`) : s;
1748
+ throw this.subscribeStore.notify(a.Error, s), r instanceof u ? r : F.isAxiosError(r) && r.response && r.response?.status >= 400 && r.response?.status < 500 ? new Error(`Getting unknown error message from server with code:${r.response.status}`) : r;
1658
1749
  }
1659
1750
  }
1660
1751
  async sendPasswordResetEmail(e) {
1661
1752
  try {
1662
1753
  return await this.authApi.sendPasswordResetEmail(e);
1663
1754
  } catch (t) {
1664
- const s = {
1755
+ const r = {
1665
1756
  message: t instanceof Error ? t.message : "Failed to send password reset email",
1666
1757
  originalError: t,
1667
1758
  code: t instanceof u ? t.id : void 0
1668
1759
  };
1669
- throw this.subscribeStore.notify(a.Error, s), t;
1760
+ throw this.subscribeStore.notify(a.Error, r), t;
1670
1761
  }
1671
1762
  }
1672
1763
  async resetPassword(e, t) {
1673
1764
  this.subscribeStore.notify(a.SignInStart, {});
1674
- const r = new URLSearchParams(window.location.search).get("token") ?? void 0, o = t ?? this.scopes;
1765
+ const s = new URLSearchParams(window.location.search).get("token") ?? void 0, o = t ?? this.scopes;
1675
1766
  try {
1676
- const n = await this.authApi.resetPassword(e, o, r);
1767
+ const n = await this.authApi.resetPassword(e, o, s);
1677
1768
  return await this.processAuthResponse(n, o), this.subscribeStore.notify(a.SignIn, {
1678
1769
  tokens: n,
1679
1770
  parsedTokens: this.tokenCacheService.getParsedTokens()
@@ -1689,74 +1780,74 @@ class Ie {
1689
1780
  }
1690
1781
  async passkeyRegister(e) {
1691
1782
  this.subscribeStore.notify(a.RegisterStart, {});
1692
- const t = this.deviceService.getDeviceId(), s = I.web;
1783
+ const t = this.deviceService.getDeviceId(), r = b.web;
1693
1784
  e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1694
1785
  try {
1695
- const { challenge_id: r, publicKey: o } = await this.authApi.passkeyRegisterStart(e, t, s, !this.appId);
1786
+ const { challenge_id: s, publicKey: o } = await this.authApi.passkeyRegisterStart(e, t, r, !this.appId);
1696
1787
  o.user.id = btoa(o.user.id);
1697
1788
  const n = await K({
1698
1789
  optionsJSON: o
1699
1790
  }), d = await this.authApi.passkeyRegisterComplete(
1700
1791
  n,
1701
1792
  t,
1702
- r,
1793
+ s,
1703
1794
  !this.appId
1704
1795
  );
1705
1796
  return await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(a.Register, {
1706
1797
  tokens: d,
1707
1798
  parsedTokens: this.tokenCacheService.getParsedTokens()
1708
1799
  }), await this.submitSessionCheck(), d;
1709
- } catch (r) {
1800
+ } catch (s) {
1710
1801
  const o = {
1711
- message: r instanceof Error ? r.message : "Passkey registration failed",
1712
- originalError: r,
1713
- code: r instanceof u ? r.id : void 0
1802
+ message: s instanceof Error ? s.message : "Passkey registration failed",
1803
+ originalError: s,
1804
+ code: s instanceof u ? s.id : void 0
1714
1805
  };
1715
- throw this.subscribeStore.notify(a.Error, o), r;
1806
+ throw this.subscribeStore.notify(a.Error, o), s;
1716
1807
  }
1717
1808
  }
1718
1809
  async passkeyAuthenticate(e) {
1719
1810
  this.subscribeStore.notify(a.SignInStart, {});
1720
- const t = this.deviceService.getDeviceId(), s = I.web;
1811
+ const t = this.deviceService.getDeviceId(), r = b.web;
1721
1812
  e.scopes = e.scopes ?? this.scopes;
1722
1813
  try {
1723
- const { challenge_id: r, publicKey: o } = await this.authApi.passkeyAuthenticateStart(e, t, s, !this.appId), n = await j({
1814
+ const { challenge_id: s, publicKey: o } = await this.authApi.passkeyAuthenticateStart(e, t, r, !this.appId), n = await j({
1724
1815
  optionsJSON: o
1725
1816
  }), d = await this.authApi.passkeyAuthenticateComplete(
1726
1817
  n,
1727
1818
  t,
1728
- r,
1819
+ s,
1729
1820
  !this.appId
1730
1821
  );
1731
1822
  return "access_token" in d && (await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(a.SignIn, {
1732
1823
  tokens: d,
1733
1824
  parsedTokens: this.tokenCacheService.getParsedTokens()
1734
1825
  }), await this.submitSessionCheck()), d;
1735
- } catch (r) {
1826
+ } catch (s) {
1736
1827
  const o = {
1737
- message: r instanceof Error ? r.message : "Passkey authentication failed",
1738
- originalError: r,
1739
- code: r instanceof u ? r.id : void 0
1828
+ message: s instanceof Error ? s.message : "Passkey authentication failed",
1829
+ originalError: s,
1830
+ code: s instanceof u ? s.id : void 0
1740
1831
  };
1741
- throw this.subscribeStore.notify(a.Error, o), r;
1832
+ throw this.subscribeStore.notify(a.Error, o), s;
1742
1833
  }
1743
1834
  }
1744
1835
  createFederatedAuthUrl(e) {
1745
1836
  const t = `/auth/federated/start/${e.provider}`;
1746
1837
  if (!this.appId) throw new Error("AppId is required for federated auth");
1747
- const r = {
1838
+ const s = {
1748
1839
  scopes: (e.scopes ?? this.scopes).join(" "),
1749
1840
  redirect_url: e.redirect_url ?? this.origin,
1750
1841
  appId: this.appId,
1751
1842
  ...e.invite_token ? { invite_token: e.invite_token } : {},
1752
1843
  ...e.create_tenant ? { create_tenant: e.create_tenant.toString() } : {},
1753
1844
  ...e.device ? { device: e.device } : {}
1754
- }, o = new URL(t, this.url), n = new URLSearchParams(r);
1845
+ }, o = new URL(t, this.url), n = new URLSearchParams(s);
1755
1846
  return o.search = n.toString(), o.toString();
1756
1847
  }
1757
1848
  federatedAuthWithPopup(e) {
1758
1849
  this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
1759
- const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s }), o = window.open(r, "_blank", `width=${ee},height=${te}`);
1850
+ const t = e.scopes ?? this.scopes, r = this.deviceService.getDeviceId(), s = this.createFederatedAuthUrl({ ...e, scopes: t, device: r }), o = window.open(s, "_blank", `width=${ee},height=${te}`);
1760
1851
  if (!o) {
1761
1852
  this.federatedAuthWithRedirect(e);
1762
1853
  return;
@@ -1764,74 +1855,74 @@ class Ie {
1764
1855
  const n = Date.now(), d = setInterval(() => {
1765
1856
  if (o.closed) {
1766
1857
  clearInterval(d);
1767
- const c = {
1858
+ const h = {
1768
1859
  message: "Authentication popup was closed",
1769
1860
  code: "POPUP_CLOSED"
1770
1861
  };
1771
- this.subscribeStore.notify(a.Error, c);
1862
+ this.subscribeStore.notify(a.Error, h);
1772
1863
  return;
1773
1864
  }
1774
- if (Date.now() - n > re) {
1865
+ if (Date.now() - n > se) {
1775
1866
  clearInterval(d), o.close();
1776
- const c = {
1867
+ const h = {
1777
1868
  message: "Authentication popup timed out",
1778
1869
  code: "POPUP_TIMEOUT"
1779
1870
  };
1780
- this.subscribeStore.notify(a.Error, c);
1871
+ this.subscribeStore.notify(a.Error, h);
1781
1872
  return;
1782
1873
  }
1783
1874
  try {
1784
1875
  if (o.location.href.startsWith(this.origin)) {
1785
- const c = new URLSearchParams(o.location.search), g = c.get("access_token") || "", p = c.get("refresh_token") || "", f = c.get("id_token") || "", b = {
1876
+ const h = new URLSearchParams(o.location.search), g = h.get("access_token") || "", f = h.get("refresh_token") || "", k = h.get("id_token") || "", A = {
1786
1877
  access_token: g,
1787
- refresh_token: p || void 0,
1788
- id_token: f || void 0,
1878
+ refresh_token: f || void 0,
1879
+ id_token: k || void 0,
1789
1880
  scopes: t
1790
1881
  };
1791
- this.processAuthResponse(b, t).then(() => {
1882
+ this.processAuthResponse(A, t).then(() => {
1792
1883
  this.subscribeStore.notify(a.SignIn, {
1793
- tokens: b,
1884
+ tokens: A,
1794
1885
  parsedTokens: this.tokenCacheService.getParsedTokens()
1795
1886
  }), window.location.href = `${this.origin}`;
1796
1887
  }), clearInterval(d), o.close();
1797
1888
  }
1798
1889
  } catch {
1799
1890
  }
1800
- }, se);
1891
+ }, re);
1801
1892
  }
1802
1893
  federatedAuthWithRedirect(e) {
1803
1894
  this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
1804
- const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s });
1805
- window.location.href = r;
1895
+ const t = e.scopes ?? this.scopes, r = this.deviceService.getDeviceId(), s = this.createFederatedAuthUrl({ ...e, scopes: t, device: r });
1896
+ window.location.href = s;
1806
1897
  }
1807
1898
  // Helper methods for authentication UI redirect
1808
1899
  authRedirectUrl(e = {}) {
1809
1900
  try {
1810
- const { url: t, redirectUrl: s, scopes: r, appId: o } = e ?? {}, n = new URL(t ?? this.url);
1901
+ const { url: t, redirectUrl: r, scopes: s, appId: o } = e ?? {}, n = new URL(t ?? this.url);
1811
1902
  n.pathname = (n.pathname.endsWith("/") ? n.pathname : n.pathname + "/") + "web";
1812
- const d = r ?? this.scopes, c = {
1903
+ const d = s ?? this.scopes, h = {
1813
1904
  appId: o ?? this.appId ?? "",
1814
- redirectto: s ?? window.location.href,
1905
+ redirectto: r ?? window.location.href,
1815
1906
  scopes: d.join(",")
1816
- }, g = new URLSearchParams(c);
1907
+ }, g = new URLSearchParams(h);
1817
1908
  return n.search = g.toString(), n.toString();
1818
1909
  } catch (t) {
1819
- const s = {
1910
+ const r = {
1820
1911
  message: t instanceof Error ? t.message : "Failed to create auth redirect URL",
1821
1912
  originalError: t
1822
1913
  };
1823
- throw this.subscribeStore.notify(a.Error, s), t;
1914
+ throw this.subscribeStore.notify(a.Error, r), t;
1824
1915
  }
1825
1916
  }
1826
1917
  authRedirect(e = {}) {
1827
1918
  try {
1828
1919
  window.location.href = this.authRedirectUrl(e);
1829
1920
  } catch (t) {
1830
- const s = {
1921
+ const r = {
1831
1922
  message: t instanceof Error ? t.message : "Failed to redirect to auth page",
1832
1923
  originalError: t
1833
1924
  };
1834
- throw this.subscribeStore.notify(a.Error, s), t;
1925
+ throw this.subscribeStore.notify(a.Error, r), t;
1835
1926
  }
1836
1927
  }
1837
1928
  /**
@@ -1841,33 +1932,33 @@ class Ie {
1841
1932
  isAuthenticated(e) {
1842
1933
  try {
1843
1934
  if (this.tokenDeliveryManager.isCookieMode() || this.tokenDeliveryManager.isBFFMode()) {
1844
- const t = !!e?.id_token || !!this.storageManager.getIdToken(), s = this.tokenDeliveryManager.isSessionValid(), r = this.tokenDeliveryManager.isSessionUnknown();
1845
- return t && (s || r);
1935
+ const t = !!e?.id_token || !!this.storageManager.getIdToken(), r = this.tokenDeliveryManager.isSessionValid(), s = this.tokenDeliveryManager.isSessionUnknown();
1936
+ return t && (r || s);
1846
1937
  }
1847
1938
  return !e || !e.access_token ? !1 : !S(e.access_token) || e.refresh_token !== void 0 && !S(e.refresh_token);
1848
1939
  } catch (t) {
1849
- const s = {
1940
+ const r = {
1850
1941
  message: t instanceof Error ? t.message : "Failed to check authentication status",
1851
1942
  originalError: t
1852
1943
  };
1853
- return this.subscribeStore.notify(a.Error, s), !1;
1944
+ return this.subscribeStore.notify(a.Error, r), !1;
1854
1945
  }
1855
1946
  }
1856
1947
  /**
1857
1948
  * Handle session check and callbacks
1858
1949
  */
1859
1950
  async submitSessionCheck(e = !1) {
1860
- let t, s;
1951
+ let t, r;
1861
1952
  try {
1862
- t = await this.getTokens(e), s = this.tokenCacheService.getParsedTokens();
1863
- } catch (r) {
1953
+ t = await this.getTokens(e), r = this.tokenCacheService.getParsedTokens();
1954
+ } catch (s) {
1864
1955
  const o = {
1865
- message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
1866
- originalError: r
1956
+ message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
1957
+ originalError: s
1867
1958
  };
1868
1959
  this.subscribeStore.notify(a.Error, o), t = void 0;
1869
1960
  }
1870
- return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: s }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
1961
+ return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: r }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
1871
1962
  }
1872
1963
  /**
1873
1964
  * Get tokens and refresh if needed
@@ -1877,19 +1968,19 @@ class Ie {
1877
1968
  async getTokens(e) {
1878
1969
  try {
1879
1970
  if (this.tokenDeliveryManager.isCookieMode() || this.tokenDeliveryManager.isBFFMode()) {
1880
- const r = this.storageManager.getTokens();
1881
- return r?.id_token ? this.tokenDeliveryManager.isSessionInvalid() && e ? await this.refreshToken() : r : void 0;
1971
+ const s = this.storageManager.getTokens();
1972
+ return s?.id_token ? this.tokenDeliveryManager.isSessionInvalid() && e ? await this.refreshToken() : s : void 0;
1882
1973
  }
1883
1974
  const t = this.storageManager.getTokens();
1884
1975
  if (!t || !t.access_token) return;
1885
- const s = y(t.access_token);
1886
- return S(s) ? e ? await this.refreshToken() : void 0 : t;
1976
+ const r = v(t.access_token);
1977
+ return S(r) ? e ? await this.refreshToken() : void 0 : t;
1887
1978
  } catch (t) {
1888
- const s = {
1979
+ const r = {
1889
1980
  message: t instanceof Error ? t.message : "Failed to get tokens",
1890
1981
  originalError: t
1891
1982
  };
1892
- this.subscribeStore.notify(a.Error, s);
1983
+ this.subscribeStore.notify(a.Error, r);
1893
1984
  return;
1894
1985
  }
1895
1986
  }
@@ -1939,7 +2030,7 @@ class be {
1939
2030
  return this.invitationApi.getInvitationLink(e);
1940
2031
  }
1941
2032
  }
1942
- class Ce {
2033
+ class Ae {
1943
2034
  error(e, ...t) {
1944
2035
  console.error(e, ...t);
1945
2036
  }
@@ -1953,17 +2044,17 @@ class Ce {
1953
2044
  console.debug(e, ...t);
1954
2045
  }
1955
2046
  }
1956
- function Ae() {
1957
- return new Ce();
2047
+ function Ce() {
2048
+ return new Ae();
1958
2049
  }
1959
2050
  class Re {
1960
2051
  constructor(e) {
1961
2052
  this.data = this.normalize(e);
1962
2053
  }
1963
2054
  normalize(e) {
1964
- const t = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), o = [];
2055
+ const t = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), o = [];
1965
2056
  return e.groups?.forEach((n) => {
1966
- s.set(n.id, {
2057
+ r.set(n.id, {
1967
2058
  id: n.id,
1968
2059
  name: n.name,
1969
2060
  default: n.default ?? !1,
@@ -1971,7 +2062,7 @@ class Re {
1971
2062
  created_at: n.created_at
1972
2063
  });
1973
2064
  }), e.roles?.forEach((n) => {
1974
- r.set(n.id, {
2065
+ s.set(n.id, {
1975
2066
  id: n.id,
1976
2067
  tenant_id: n.tenant_id,
1977
2068
  name: n.name
@@ -1983,21 +2074,21 @@ class Re {
1983
2074
  name: d.name ?? null,
1984
2075
  email: d.email ?? null,
1985
2076
  phone: d.phone ?? null
1986
- }), d && n.group_id && s.has(n.group_id) && o.push({
2077
+ }), d && n.group_id && r.has(n.group_id) && o.push({
1987
2078
  userId: d.id,
1988
2079
  groupId: n.group_id,
1989
- roleIds: n.roles?.map((c) => c.id) ?? []
2080
+ roleIds: n.roles?.map((h) => h.id) ?? []
1990
2081
  });
1991
2082
  }), {
1992
2083
  tenant_id: e.tenant_id,
1993
2084
  tenant_name: e.tenant_name,
1994
2085
  users: Array.from(t.values()),
1995
- groups: Array.from(s.values()),
1996
- roles: Array.from(r.values()),
2086
+ groups: Array.from(r.values()),
2087
+ roles: Array.from(s.values()),
1997
2088
  memberships: o,
1998
2089
  usersById: t,
1999
- groupsById: s,
2000
- rolesById: r
2090
+ groupsById: r,
2091
+ rolesById: s
2001
2092
  };
2002
2093
  }
2003
2094
  /**
@@ -2016,8 +2107,8 @@ class Re {
2016
2107
  * Returns all roles that the specified user has in the specified group.
2017
2108
  */
2018
2109
  getUserRolesInGroup(e, t) {
2019
- const s = this.data.memberships.find((r) => r.userId === e && r.groupId === t);
2020
- return s ? s.roleIds.map((r) => this.data.rolesById.get(r)).filter((r) => r !== void 0) : [];
2110
+ const r = this.data.memberships.find((s) => s.userId === e && s.groupId === t);
2111
+ return r ? r.roleIds.map((s) => this.data.rolesById.get(s)).filter((s) => s !== void 0) : [];
2021
2112
  }
2022
2113
  /**
2023
2114
  * Returns the full TenantData object.
@@ -2026,9 +2117,9 @@ class Re {
2026
2117
  return this.data;
2027
2118
  }
2028
2119
  }
2029
- class Pe {
2030
- constructor(e, t, s) {
2031
- this.tenantApi = e, this.scopes = t, this.logger = s || Ae();
2120
+ class Me {
2121
+ constructor(e, t, r) {
2122
+ this.tenantApi = e, this.scopes = t, this.logger = r || Ce();
2032
2123
  }
2033
2124
  /**
2034
2125
  * Handle Passflow API errors
@@ -2037,11 +2128,11 @@ class Pe {
2037
2128
  * @throws Formatted error with Passflow API error details
2038
2129
  */
2039
2130
  handlePassflowError(e, t) {
2040
- if (D.isAxiosError(e) && e.response?.data) {
2041
- const s = e.response.data;
2042
- if (typeof s == "object" && s !== null && "error" in s && typeof s.error == "object" && s.error !== null) {
2043
- const r = s.error;
2044
- throw this.logger.error(`${t}: ${r.id} - ${r.message} (Status: ${r.status})`), new Error(`Passflow API Error: ${r.id} - ${r.message} (Status: ${r.status})`);
2131
+ if (F.isAxiosError(e) && e.response?.data) {
2132
+ const r = e.response.data;
2133
+ if (typeof r == "object" && r !== null && "error" in r && typeof r.error == "object" && r.error !== null) {
2134
+ const s = r.error;
2135
+ throw this.logger.error(`${t}: ${s.id} - ${s.message} (Status: ${s.status})`), new Error(`Passflow API Error: ${s.id} - ${s.message} (Status: ${s.status})`);
2045
2136
  }
2046
2137
  }
2047
2138
  throw this.logger.error(`${t}:`, e), e instanceof Error ? e : new Error(String(e));
@@ -2054,10 +2145,10 @@ class Pe {
2054
2145
  */
2055
2146
  async joinInvitation(e, t) {
2056
2147
  try {
2057
- const s = t ?? this.scopes;
2058
- return await this.tenantApi.joinInvitation(e, s);
2059
- } catch (s) {
2060
- this.handlePassflowError(s, "Join invitation failed");
2148
+ const r = t ?? this.scopes;
2149
+ return await this.tenantApi.joinInvitation(e, r);
2150
+ } catch (r) {
2151
+ this.handlePassflowError(r, "Join invitation failed");
2061
2152
  }
2062
2153
  }
2063
2154
  /**
@@ -2112,8 +2203,8 @@ class Pe {
2112
2203
  async updateTenant(e, t) {
2113
2204
  try {
2114
2205
  return await this.tenantApi.updateTenant(e, t);
2115
- } catch (s) {
2116
- this.handlePassflowError(s, `Update tenant failed for tenant ID ${e}`);
2206
+ } catch (r) {
2207
+ this.handlePassflowError(r, `Update tenant failed for tenant ID ${e}`);
2117
2208
  }
2118
2209
  }
2119
2210
  /**
@@ -2149,8 +2240,8 @@ class Pe {
2149
2240
  async createGroup(e, t) {
2150
2241
  try {
2151
2242
  return await this.tenantApi.createGroup(e, t);
2152
- } catch (s) {
2153
- this.handlePassflowError(s, `Group creation failed for tenant ID ${e}`);
2243
+ } catch (r) {
2244
+ this.handlePassflowError(r, `Group creation failed for tenant ID ${e}`);
2154
2245
  }
2155
2246
  }
2156
2247
  /**
@@ -2162,8 +2253,8 @@ class Pe {
2162
2253
  async getGroupInfo(e, t) {
2163
2254
  try {
2164
2255
  return await this.tenantApi.getGroupInfo(e, t);
2165
- } catch (s) {
2166
- this.handlePassflowError(s, `Get group info failed for tenant ID ${e}, group ID ${t}`);
2256
+ } catch (r) {
2257
+ this.handlePassflowError(r, `Get group info failed for tenant ID ${e}, group ID ${t}`);
2167
2258
  }
2168
2259
  }
2169
2260
  /**
@@ -2173,11 +2264,11 @@ class Pe {
2173
2264
  * @param name New group name
2174
2265
  * @returns Promise with group response
2175
2266
  */
2176
- async updateGroup(e, t, s) {
2267
+ async updateGroup(e, t, r) {
2177
2268
  try {
2178
- return await this.tenantApi.updateGroup(e, t, s);
2179
- } catch (r) {
2180
- this.handlePassflowError(r, `Update group failed for tenant ID ${e}, group ID ${t}`);
2269
+ return await this.tenantApi.updateGroup(e, t, r);
2270
+ } catch (s) {
2271
+ this.handlePassflowError(s, `Update group failed for tenant ID ${e}, group ID ${t}`);
2181
2272
  }
2182
2273
  }
2183
2274
  /**
@@ -2189,8 +2280,8 @@ class Pe {
2189
2280
  async deleteGroup(e, t) {
2190
2281
  try {
2191
2282
  return await this.tenantApi.deleteGroup(e, t);
2192
- } catch (s) {
2193
- this.handlePassflowError(s, `Delete group failed for tenant ID ${e}, group ID ${t}`);
2283
+ } catch (r) {
2284
+ this.handlePassflowError(r, `Delete group failed for tenant ID ${e}, group ID ${t}`);
2194
2285
  }
2195
2286
  }
2196
2287
  /**
@@ -2201,13 +2292,13 @@ class Pe {
2201
2292
  * @param role Role to assign
2202
2293
  * @returns Promise with status response
2203
2294
  */
2204
- async addUserToGroup(e, t, s, r) {
2295
+ async addUserToGroup(e, t, r, s) {
2205
2296
  try {
2206
- return await this.tenantApi.addUserToGroup(e, t, s, r);
2297
+ return await this.tenantApi.addUserToGroup(e, t, r, s);
2207
2298
  } catch (o) {
2208
2299
  this.handlePassflowError(
2209
2300
  o,
2210
- `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2301
+ `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2211
2302
  );
2212
2303
  }
2213
2304
  }
@@ -2219,13 +2310,13 @@ class Pe {
2219
2310
  * @param roles Roles to remove
2220
2311
  * @returns Promise with status response
2221
2312
  */
2222
- async removeUserRolesFromGroup(e, t, s, r) {
2313
+ async removeUserRolesFromGroup(e, t, r, s) {
2223
2314
  try {
2224
- return await this.tenantApi.removeUserRolesFromGroup(e, t, s, r);
2315
+ return await this.tenantApi.removeUserRolesFromGroup(e, t, r, s);
2225
2316
  } catch (o) {
2226
2317
  this.handlePassflowError(
2227
2318
  o,
2228
- `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2319
+ `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2229
2320
  );
2230
2321
  }
2231
2322
  }
@@ -2237,13 +2328,13 @@ class Pe {
2237
2328
  * @param roles New roles to assign
2238
2329
  * @returns Promise with status response
2239
2330
  */
2240
- async changeUserRoles(e, t, s, r) {
2331
+ async changeUserRoles(e, t, r, s) {
2241
2332
  try {
2242
- return await this.tenantApi.changeUserRoles(e, t, s, r);
2333
+ return await this.tenantApi.changeUserRoles(e, t, r, s);
2243
2334
  } catch (o) {
2244
2335
  this.handlePassflowError(
2245
2336
  o,
2246
- `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2337
+ `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2247
2338
  );
2248
2339
  }
2249
2340
  }
@@ -2254,13 +2345,13 @@ class Pe {
2254
2345
  * @param userId User ID
2255
2346
  * @returns Promise with status response
2256
2347
  */
2257
- async deleteUserFromGroup(e, t, s) {
2348
+ async deleteUserFromGroup(e, t, r) {
2258
2349
  try {
2259
- return await this.tenantApi.deleteUserFromGroup(e, t, s);
2260
- } catch (r) {
2350
+ return await this.tenantApi.deleteUserFromGroup(e, t, r);
2351
+ } catch (s) {
2261
2352
  this.handlePassflowError(
2262
- r,
2263
- `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2353
+ s,
2354
+ `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2264
2355
  );
2265
2356
  }
2266
2357
  }
@@ -2286,8 +2377,8 @@ class Pe {
2286
2377
  async createRoleForTenant(e, t) {
2287
2378
  try {
2288
2379
  return await this.tenantApi.createRoleForTenant(e, t);
2289
- } catch (s) {
2290
- this.handlePassflowError(s, `Create role for tenant failed for tenant ID ${e}`);
2380
+ } catch (r) {
2381
+ this.handlePassflowError(r, `Create role for tenant failed for tenant ID ${e}`);
2291
2382
  }
2292
2383
  }
2293
2384
  /**
@@ -2297,11 +2388,11 @@ class Pe {
2297
2388
  * @param name New role name
2298
2389
  * @returns Promise with role response
2299
2390
  */
2300
- async updateRole(e, t, s) {
2391
+ async updateRole(e, t, r) {
2301
2392
  try {
2302
- return await this.tenantApi.updateRole(e, t, s);
2303
- } catch (r) {
2304
- this.handlePassflowError(r, `Update role failed for tenant ID ${e}, role ID ${t}`);
2393
+ return await this.tenantApi.updateRole(e, t, r);
2394
+ } catch (s) {
2395
+ this.handlePassflowError(s, `Update role failed for tenant ID ${e}, role ID ${t}`);
2305
2396
  }
2306
2397
  }
2307
2398
  /**
@@ -2313,8 +2404,8 @@ class Pe {
2313
2404
  async deleteRole(e, t) {
2314
2405
  try {
2315
2406
  return await this.tenantApi.deleteRole(e, t);
2316
- } catch (s) {
2317
- this.handlePassflowError(s, `Delete role failed for tenant ID ${e}, role ID ${t}`);
2407
+ } catch (r) {
2408
+ this.handlePassflowError(r, `Delete role failed for tenant ID ${e}, role ID ${t}`);
2318
2409
  }
2319
2410
  }
2320
2411
  // 4. User Management in Tenants
@@ -2327,8 +2418,8 @@ class Pe {
2327
2418
  async deleteUserFromTenant(e, t) {
2328
2419
  try {
2329
2420
  return await this.tenantApi.deleteUserFromTenant(e, t);
2330
- } catch (s) {
2331
- this.handlePassflowError(s, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
2421
+ } catch (r) {
2422
+ this.handlePassflowError(r, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
2332
2423
  }
2333
2424
  }
2334
2425
  // 5. Invitation Management
@@ -2340,9 +2431,9 @@ class Pe {
2340
2431
  * @param skip Number of invitations to skip
2341
2432
  * @returns Promise with invitations response
2342
2433
  */
2343
- async getGroupInvitations(e, t, s, r) {
2434
+ async getGroupInvitations(e, t, r, s) {
2344
2435
  try {
2345
- return await this.tenantApi.getGroupInvitations(e, t, s, r);
2436
+ return await this.tenantApi.getGroupInvitations(e, t, r, s);
2346
2437
  } catch (o) {
2347
2438
  this.handlePassflowError(o, `Get group invitations failed for tenant ID ${e}, group ID ${t}`);
2348
2439
  }
@@ -2354,11 +2445,11 @@ class Pe {
2354
2445
  * @param skip Number of invitations to skip
2355
2446
  * @returns Promise with invitations response
2356
2447
  */
2357
- async getTenantInvitations(e, t, s) {
2448
+ async getTenantInvitations(e, t, r) {
2358
2449
  try {
2359
- return await this.tenantApi.getTenantInvitations(e, t, s);
2360
- } catch (r) {
2361
- this.handlePassflowError(r, `Get tenant invitations failed for tenant ID ${e}`);
2450
+ return await this.tenantApi.getTenantInvitations(e, t, r);
2451
+ } catch (s) {
2452
+ this.handlePassflowError(s, `Get tenant invitations failed for tenant ID ${e}`);
2362
2453
  }
2363
2454
  }
2364
2455
  /**
@@ -2368,13 +2459,13 @@ class Pe {
2368
2459
  * @param inviteId Invitation ID
2369
2460
  * @returns Promise with empty record
2370
2461
  */
2371
- async invalidateInviteById(e, t, s) {
2462
+ async invalidateInviteById(e, t, r) {
2372
2463
  try {
2373
- return await this.tenantApi.invalidateInviteById(e, t, s);
2374
- } catch (r) {
2464
+ return await this.tenantApi.invalidateInviteById(e, t, r);
2465
+ } catch (s) {
2375
2466
  this.handlePassflowError(
2376
- r,
2377
- `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${s}`
2467
+ s,
2468
+ `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${r}`
2378
2469
  );
2379
2470
  }
2380
2471
  }
@@ -2385,20 +2476,20 @@ class Pe {
2385
2476
  * @param email Email address
2386
2477
  * @returns Promise with empty record
2387
2478
  */
2388
- async invalidateInviteByEmail(e, t, s) {
2479
+ async invalidateInviteByEmail(e, t, r) {
2389
2480
  try {
2390
- return await this.tenantApi.invalidateInviteByEmail(e, t, s);
2391
- } catch (r) {
2481
+ return await this.tenantApi.invalidateInviteByEmail(e, t, r);
2482
+ } catch (s) {
2392
2483
  this.handlePassflowError(
2393
- r,
2394
- `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${s}`
2484
+ s,
2485
+ `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${r}`
2395
2486
  );
2396
2487
  }
2397
2488
  }
2398
2489
  }
2399
- class De {
2400
- constructor(e, t, s) {
2401
- this.storageManager = e, this.authApi = t, this.subscribeStore = s, this.checkInterval = null, this.CHECK_INTERVAL = 6e4, this.visibilityChangeHandler = null, this.isRefreshing = !1, this.tokenExpiredFlag = !1, this.storageManager = e, this.authApi = t, this.setupPageUnloadHandler();
2490
+ class Fe {
2491
+ constructor(e, t, r) {
2492
+ this.storageManager = e, this.authApi = t, this.subscribeStore = r, this.checkInterval = null, this.CHECK_INTERVAL = 6e4, this.visibilityChangeHandler = null, this.isRefreshing = !1, this.tokenExpiredFlag = !1, this.storageManager = e, this.authApi = t, this.setupPageUnloadHandler();
2402
2493
  }
2403
2494
  initialize() {
2404
2495
  try {
@@ -2411,7 +2502,7 @@ class De {
2411
2502
  this.setTokensCache(e), this.startTokenCheck();
2412
2503
  return;
2413
2504
  }
2414
- const t = y(e.access_token);
2505
+ const t = v(e.access_token);
2415
2506
  S(t) ? (this.tokenExpiredFlag = !0, this.stopTokenCheck(), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 })) : (this.setTokensCache(e), this.startTokenCheck());
2416
2507
  } catch (e) {
2417
2508
  const t = {
@@ -2428,11 +2519,11 @@ class De {
2428
2519
  const t = await this.authApi.refreshToken(e?.refresh_token ?? "", e.scopes ?? [], e.access_token);
2429
2520
  this.setTokensCache(t), this.subscribeStore.notify(a.Refresh, { tokens: t, parsedTokens: this.getParsedTokens() }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenExpiredFlag = !1, this.startTokenCheck();
2430
2521
  } catch (t) {
2431
- const s = {
2522
+ const r = {
2432
2523
  message: t instanceof Error ? t.message : "Failed to get tokens",
2433
2524
  originalError: t
2434
2525
  };
2435
- this.subscribeStore.notify(a.Error, s), this.setTokensCache(void 0);
2526
+ this.subscribeStore.notify(a.Error, r), this.setTokensCache(void 0);
2436
2527
  } finally {
2437
2528
  this.isRefreshing = !1;
2438
2529
  }
@@ -2464,9 +2555,9 @@ class De {
2464
2555
  }
2465
2556
  setTokensCache(e) {
2466
2557
  this.tokensCache = e, e ? this.parsedTokensCache = {
2467
- access_token: e.access_token ? y(e.access_token) : void 0,
2468
- id_token: e.id_token ? y(e.id_token) : void 0,
2469
- refresh_token: e.refresh_token ? y(e.refresh_token) : void 0,
2558
+ access_token: e.access_token ? v(e.access_token) : void 0,
2559
+ id_token: e.id_token ? v(e.id_token) : void 0,
2560
+ refresh_token: e.refresh_token ? v(e.refresh_token) : void 0,
2470
2561
  scopes: e.scopes
2471
2562
  } : this.parsedTokensCache = void 0;
2472
2563
  }
@@ -2478,7 +2569,7 @@ class De {
2478
2569
  if (!this.tokensCache) return this.tokensCache;
2479
2570
  if (!this.tokensCache.access_token)
2480
2571
  return this.tokensCache;
2481
- const e = y(this.tokensCache.access_token);
2572
+ const e = v(this.tokensCache.access_token);
2482
2573
  return S(e) && !this.tokenExpiredFlag ? (await this.refreshTokensCache(this.tokensCache), this.tokensCache) : this.tokensCache;
2483
2574
  } catch (e) {
2484
2575
  const t = {
@@ -2496,32 +2587,32 @@ class De {
2496
2587
  if (!this.tokensCache) return !0;
2497
2588
  if (!this.tokensCache.access_token)
2498
2589
  return !1;
2499
- const e = y(this.tokensCache.access_token);
2590
+ const e = v(this.tokensCache.access_token);
2500
2591
  return S(e);
2501
2592
  }
2502
2593
  }
2503
- class Fe {
2594
+ class De {
2504
2595
  constructor(e, t) {
2505
2596
  this.twoFactorApi = e, this.subscribeStore = t, this.PARTIAL_AUTH_TIMEOUT_MS = 300 * 1e3, this.SESSION_STORAGE_KEY = "passflow_2fa_challenge", this.totpDigits = 6;
2506
- const s = {
2507
- onAuthChange: (r, o) => {
2508
- if (r === a.TwoFactorRequired) {
2597
+ const r = {
2598
+ onAuthChange: (s, o) => {
2599
+ if (s === a.TwoFactorRequired) {
2509
2600
  const n = o;
2510
2601
  this.setPartialAuthState(n.email, n.challengeId, n.tfaToken);
2511
2602
  }
2512
2603
  }
2513
2604
  };
2514
- this.subscribeStore.subscribe(s, [a.TwoFactorRequired]);
2605
+ this.subscribeStore.subscribe(r, [a.TwoFactorRequired]);
2515
2606
  }
2516
2607
  /**
2517
2608
  * Emit error event and throw the error
2518
2609
  * Helper method to ensure errors are properly emitted to subscribers
2519
2610
  */
2520
2611
  emitErrorAndThrow(e, t) {
2521
- const s = {
2612
+ const r = e, s = {
2522
2613
  message: e instanceof Error ? e.message : `${t} failed`,
2523
2614
  originalError: e,
2524
- code: e?.id || void 0
2615
+ code: r?.id || void 0
2525
2616
  };
2526
2617
  throw this.subscribeStore.notify(a.Error, s), e;
2527
2618
  }
@@ -2594,24 +2685,24 @@ class Fe {
2594
2685
  */
2595
2686
  async useRecoveryCode(e) {
2596
2687
  try {
2597
- const t = _e(e);
2688
+ const t = Ee(e);
2598
2689
  if (!t)
2599
2690
  throw new Error("Invalid recovery code format. Expected format: XXXX-XXXX or XXXXXXXX (alphanumeric).");
2600
2691
  if (this.recoverPartialAuthState(), !this.isVerificationRequired())
2601
2692
  throw new Error("2FA verification expired or not required. User must sign in first.");
2602
2693
  if (!this.partialAuthState?.tfaToken)
2603
2694
  throw new Error("No TFA token found. User must sign in first.");
2604
- const s = await this.twoFactorApi.useRecoveryCode({
2695
+ const r = await this.twoFactorApi.useRecoveryCode({
2605
2696
  recovery_code: t,
2606
2697
  tfa_token: this.partialAuthState.tfaToken
2607
2698
  });
2608
- return this.clearPartialAuthState(), s.remaining_recovery_codes === 0 ? this.subscribeStore.notify(a.TwoFactorRecoveryCodesExhausted, { tokens: s }) : s.remaining_recovery_codes <= 2 && this.subscribeStore.notify(a.TwoFactorRecoveryCodesLow, {
2609
- tokens: s,
2610
- remainingCodes: s.remaining_recovery_codes
2699
+ return this.clearPartialAuthState(), r.remaining_recovery_codes === 0 ? this.subscribeStore.notify(a.TwoFactorRecoveryCodesExhausted, { tokens: r }) : r.remaining_recovery_codes <= 2 && this.subscribeStore.notify(a.TwoFactorRecoveryCodesLow, {
2700
+ tokens: r,
2701
+ remainingCodes: r.remaining_recovery_codes
2611
2702
  }), this.subscribeStore.notify(a.TwoFactorRecoveryUsed, {
2612
- tokens: s,
2613
- remainingCodes: s.remaining_recovery_codes
2614
- }), this.subscribeStore.notify(a.TwoFactorVerified, { tokens: s }), s;
2703
+ tokens: r,
2704
+ remainingCodes: r.remaining_recovery_codes
2705
+ }), this.subscribeStore.notify(a.TwoFactorVerified, { tokens: r }), r;
2615
2706
  } catch (t) {
2616
2707
  this.emitErrorAndThrow(t, "Use recovery code");
2617
2708
  }
@@ -2636,8 +2727,8 @@ class Fe {
2636
2727
  if (!R(e, this.totpDigits))
2637
2728
  throw new Error(`Invalid TOTP code format. Code must be exactly ${this.totpDigits} digits.`);
2638
2729
  try {
2639
- const t = await this.twoFactorApi.regenerateRecoveryCodes({ code: e }), s = [...t.recovery_codes];
2640
- return t.recovery_codes = [], t.recovery_codes = s, t;
2730
+ const t = await this.twoFactorApi.regenerateRecoveryCodes({ code: e }), r = [...t.recovery_codes];
2731
+ return t.recovery_codes = [], t.recovery_codes = r, t;
2641
2732
  } catch (t) {
2642
2733
  this.emitErrorAndThrow(t, "Regenerate recovery codes");
2643
2734
  }
@@ -2653,11 +2744,11 @@ class Fe {
2653
2744
  * Set partial auth state when login requires 2FA
2654
2745
  * Called internally via event listener when AuthService emits TwoFactorRequired
2655
2746
  */
2656
- setPartialAuthState(e, t, s) {
2747
+ setPartialAuthState(e, t, r) {
2657
2748
  if (this.partialAuthState = {
2658
2749
  email: e,
2659
2750
  challengeId: t,
2660
- tfaToken: s,
2751
+ tfaToken: r,
2661
2752
  timestamp: Date.now(),
2662
2753
  expiresAt: Date.now() + this.PARTIAL_AUTH_TIMEOUT_MS
2663
2754
  }, typeof sessionStorage < "u")
@@ -2771,8 +2862,133 @@ class Fe {
2771
2862
  getTotpDigits() {
2772
2863
  return this.totpDigits;
2773
2864
  }
2865
+ // ============================================
2866
+ // v2 Multi-Method 2FA Service Methods
2867
+ // ============================================
2868
+ /**
2869
+ * Get available 2FA methods for current user
2870
+ */
2871
+ async getAvailableMethods() {
2872
+ try {
2873
+ return await this.twoFactorApi.getAvailableMethods();
2874
+ } catch (e) {
2875
+ this.emitErrorAndThrow(e, "Get available 2FA methods");
2876
+ }
2877
+ }
2878
+ /**
2879
+ * Get registered 2FA methods for current user
2880
+ */
2881
+ async getRegisteredMethods() {
2882
+ try {
2883
+ return await this.twoFactorApi.getRegisteredMethods();
2884
+ } catch (e) {
2885
+ this.emitErrorAndThrow(e, "Get registered 2FA methods");
2886
+ }
2887
+ }
2888
+ /**
2889
+ * Begin 2FA method setup
2890
+ */
2891
+ async beginMethodSetup(e) {
2892
+ try {
2893
+ const t = await this.twoFactorApi.beginMethodSetup(e);
2894
+ return this.subscribeStore.notify(a.TwoFactorSetupStarted, { secret: "", method: e }), t;
2895
+ } catch (t) {
2896
+ this.emitErrorAndThrow(t, "Begin 2FA method setup");
2897
+ }
2898
+ }
2899
+ /**
2900
+ * Confirm 2FA method setup
2901
+ */
2902
+ async confirmMethodSetup(e, t) {
2903
+ try {
2904
+ const r = await this.twoFactorApi.confirmMethodSetup(e, t);
2905
+ return this.subscribeStore.notify(a.TwoFactorEnabled, {
2906
+ recoveryCodes: [],
2907
+ clearRecoveryCodes: () => {
2908
+ }
2909
+ }), r;
2910
+ } catch (r) {
2911
+ this.emitErrorAndThrow(r, "Confirm 2FA method setup");
2912
+ }
2913
+ }
2914
+ /**
2915
+ * Remove registered 2FA method
2916
+ */
2917
+ async removeMethod(e) {
2918
+ try {
2919
+ await this.twoFactorApi.removeMethod(e);
2920
+ } catch (t) {
2921
+ this.emitErrorAndThrow(t, "Remove 2FA method");
2922
+ }
2923
+ }
2924
+ /**
2925
+ * Request 2FA challenge during login
2926
+ */
2927
+ async requestChallenge(e) {
2928
+ try {
2929
+ const t = await this.twoFactorApi.requestChallenge(e);
2930
+ return this.subscribeStore.notify(a.TwoFactorChallengeReceived, {
2931
+ challengeId: t.challenge_id,
2932
+ method: t.method,
2933
+ alternativeMethods: t.alternative_methods
2934
+ }), t;
2935
+ } catch (t) {
2936
+ this.emitErrorAndThrow(t, "Request 2FA challenge");
2937
+ }
2938
+ }
2939
+ /**
2940
+ * Verify 2FA challenge (v2)
2941
+ */
2942
+ async verifyV2(e) {
2943
+ try {
2944
+ const t = await this.twoFactorApi.verifyV2(e);
2945
+ return t.success && (this.subscribeStore.notify(a.TwoFactorVerified, {
2946
+ tokens: {
2947
+ access_token: t.access_token,
2948
+ refresh_token: t.refresh_token
2949
+ }
2950
+ }), t.device_trusted && this.subscribeStore.notify(a.TwoFactorDeviceTrusted, {})), t;
2951
+ } catch (t) {
2952
+ this.emitErrorAndThrow(t, "Verify 2FA challenge");
2953
+ }
2954
+ }
2955
+ /**
2956
+ * Switch to alternative 2FA method during challenge
2957
+ */
2958
+ async switchToAlternative(e) {
2959
+ try {
2960
+ const t = await this.twoFactorApi.switchToAlternative(e);
2961
+ return this.subscribeStore.notify(a.TwoFactorMethodSwitched, {
2962
+ challengeId: t.challenge_id,
2963
+ method: t.method,
2964
+ alternativeMethods: t.alternative_methods
2965
+ }), t;
2966
+ } catch (t) {
2967
+ this.emitErrorAndThrow(t, "Switch to alternative 2FA method");
2968
+ }
2969
+ }
2970
+ /**
2971
+ * Get trusted devices
2972
+ */
2973
+ async getTrustedDevices() {
2974
+ try {
2975
+ return await this.twoFactorApi.getTrustedDevices();
2976
+ } catch (e) {
2977
+ this.emitErrorAndThrow(e, "Get trusted devices");
2978
+ }
2979
+ }
2980
+ /**
2981
+ * Revoke trusted device
2982
+ */
2983
+ async revokeTrustedDevice(e) {
2984
+ try {
2985
+ await this.twoFactorApi.revokeTrustedDevice(e);
2986
+ } catch (t) {
2987
+ this.emitErrorAndThrow(t, "Revoke trusted device");
2988
+ }
2989
+ }
2774
2990
  }
2775
- class Me {
2991
+ class Pe {
2776
2992
  constructor(e, t) {
2777
2993
  this.userAPI = e, this.deviceService = t;
2778
2994
  }
@@ -2808,18 +3024,18 @@ class Me {
2808
3024
  async addUserPasskey({
2809
3025
  relyingPartyId: e,
2810
3026
  passkeyUsername: t,
2811
- passkeyDisplayName: s
3027
+ passkeyDisplayName: r
2812
3028
  } = {}) {
2813
- const r = this.deviceService.getDeviceId(), o = I.web, { challenge_id: n, publicKey: d } = await this.userAPI.addUserPasskeyStart({
3029
+ const s = this.deviceService.getDeviceId(), o = b.web, { challenge_id: n, publicKey: d } = await this.userAPI.addUserPasskeyStart({
2814
3030
  relyingPartyId: e || window?.location?.hostname,
2815
- deviceId: r,
3031
+ deviceId: s,
2816
3032
  os: o,
2817
- passkeyDisplayName: s,
3033
+ passkeyDisplayName: r,
2818
3034
  passkeyUsername: t
2819
3035
  });
2820
3036
  d.user.id = btoa(d.user.id);
2821
- const c = await K({ optionsJSON: d });
2822
- return await this.userAPI.addUserPasskeyComplete(c, r, n);
3037
+ const h = await K({ optionsJSON: d });
3038
+ return await this.userAPI.addUserPasskeyComplete(h, s, n);
2823
3039
  }
2824
3040
  }
2825
3041
  const O = class O {
@@ -2831,10 +3047,10 @@ const O = class O {
2831
3047
  }) => {
2832
3048
  this.createSessionCallback = o, this.expiredSessionCallback = n, this.doRefreshTokens = d, await this.submitSessionCheck();
2833
3049
  };
2834
- const { url: t, appId: s, scopes: r } = e;
2835
- this.url = t || G, this.appId = s, this.storageManager = new $({
3050
+ const { url: t, appId: r, scopes: s } = e;
3051
+ this.url = t || V, this.appId = r, this.storageManager = new $({
2836
3052
  prefix: e.keyStoragePrefix ?? ""
2837
- }), this.deviceService = new Y(this.storageManager), this.authApi = new fe(e, this.storageManager, this.deviceService), this.appApi = new pe(e, this.storageManager, this.deviceService), this.userApi = new me(e, this.storageManager, this.deviceService), this.settingApi = new ye(e, this.storageManager, this.deviceService), this.tenantApi = new ve(e, this.storageManager, this.deviceService), this.invitationApi = new ke(e, this.storageManager, this.deviceService), this.twoFactorApi = new Se(e, this.storageManager, this.deviceService), this.subscribeStore = new we(), this.tokenCacheService = new De(this.storageManager, this.authApi, this.subscribeStore), this.scopes = r ?? Q, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new Ie(
3053
+ }), this.deviceService = new B(this.storageManager), this.authApi = new fe(e, this.storageManager, this.deviceService), this.appApi = new pe(e, this.storageManager, this.deviceService), this.userApi = new Se(e, this.storageManager, this.deviceService), this.settingApi = new ve(e, this.storageManager, this.deviceService), this.tenantApi = new ye(e, this.storageManager, this.deviceService), this.invitationApi = new ke(e, this.storageManager, this.deviceService), this.twoFactorApi = new me(e, this.storageManager, this.deviceService), this.subscribeStore = new we(), this.tokenCacheService = new Fe(this.storageManager, this.authApi, this.subscribeStore), this.scopes = s ?? Q, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new Ie(
2838
3054
  this.authApi,
2839
3055
  this.deviceService,
2840
3056
  this.storageManager,
@@ -2850,7 +3066,7 @@ const O = class O {
2850
3066
  },
2851
3067
  this.appId ?? "",
2852
3068
  e.tokenExchange
2853
- ), this.userService = new Me(this.userApi, this.deviceService), this.tenantService = new Pe(this.tenantApi, this.scopes), this.tenant = this.tenantService, this.invitationService = new be(this.invitationApi), this.twoFactorService = new Fe(this.twoFactorApi, this.subscribeStore), this.twoFactor = this.twoFactorService, e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
3069
+ ), this.userService = new Pe(this.userApi, this.deviceService), this.tenantService = new Me(this.tenantApi, this.scopes), this.tenant = this.tenantService, this.invitationService = new be(this.invitationApi), this.twoFactorService = new De(this.twoFactorApi, this.subscribeStore), this.twoFactor = this.twoFactorService, e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
2854
3070
  }
2855
3071
  /**
2856
3072
  * Update the appId and propagate it to all API clients.
@@ -2871,12 +3087,12 @@ const O = class O {
2871
3087
  let e, t;
2872
3088
  try {
2873
3089
  e = await this.authService.getTokens(this.doRefreshTokens), t = this.tokenCacheService.getParsedTokens();
2874
- } catch (s) {
2875
- const r = {
2876
- message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
2877
- originalError: s
3090
+ } catch (r) {
3091
+ const s = {
3092
+ message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
3093
+ originalError: r
2878
3094
  };
2879
- this.subscribeStore.notify(a.Error, r), e = void 0;
3095
+ this.subscribeStore.notify(a.Error, s), e = void 0;
2880
3096
  }
2881
3097
  e && this.createSessionCallback && await this.createSessionCallback({ tokens: e, parsedTokens: t }), !e && this.expiredSessionCallback && await this.expiredSessionCallback();
2882
3098
  }
@@ -2951,50 +3167,50 @@ const O = class O {
2951
3167
  checkAndSetTokens() {
2952
3168
  let e = new URLSearchParams(window.location.search), t = !1;
2953
3169
  if (!e.get("access_token") && window.location.hash) {
2954
- const c = new URLSearchParams(window.location.hash.substring(1));
2955
- c.get("access_token") && (e = c, t = !0);
3170
+ const h = new URLSearchParams(window.location.hash.substring(1));
3171
+ h.get("access_token") && (e = h, t = !0);
2956
3172
  }
2957
- const s = e.get("access_token"), r = e.get("refresh_token"), o = e.get("id_token"), n = e.get("scopes")?.split(",") ?? this.scopes;
3173
+ const r = e.get("access_token"), s = e.get("refresh_token"), o = e.get("id_token"), n = e.get("scopes")?.split(",") ?? this.scopes;
2958
3174
  let d;
2959
- if (s) {
2960
- if (!F(s)) {
2961
- const c = {
3175
+ if (r) {
3176
+ if (!D(r)) {
3177
+ const h = {
2962
3178
  message: "Invalid access token format received",
2963
3179
  code: "INVALID_TOKEN_FORMAT"
2964
3180
  };
2965
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3181
+ this.subscribeStore.notify(a.Error, h), this.cleanupUrlParams(t);
2966
3182
  return;
2967
3183
  }
2968
- if (r && !F(r)) {
2969
- const c = {
3184
+ if (s && !D(s)) {
3185
+ const h = {
2970
3186
  message: "Invalid refresh token format received",
2971
3187
  code: "INVALID_TOKEN_FORMAT"
2972
3188
  };
2973
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3189
+ this.subscribeStore.notify(a.Error, h), this.cleanupUrlParams(t);
2974
3190
  return;
2975
3191
  }
2976
- if (o && !F(o)) {
2977
- const c = {
3192
+ if (o && !D(o)) {
3193
+ const h = {
2978
3194
  message: "Invalid ID token format received",
2979
3195
  code: "INVALID_TOKEN_FORMAT"
2980
3196
  };
2981
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3197
+ this.subscribeStore.notify(a.Error, h), this.cleanupUrlParams(t);
2982
3198
  return;
2983
3199
  }
2984
3200
  return d = {
2985
- access_token: s,
2986
- refresh_token: r ?? void 0,
3201
+ access_token: r,
3202
+ refresh_token: s ?? void 0,
2987
3203
  id_token: o ?? void 0,
2988
3204
  scopes: n
2989
- }, this.storageManager.saveTokens(d), this.tokenCacheService.setTokensCache(d), this.subscribeStore.notify(a.SignIn, { tokens: d, parsedTokens: this.getParsedTokens() }), this.submitSessionCheck(), this.cleanupUrlParams(t), this.error = void 0, d;
3205
+ }, this.storageManager.clearDeliveryMode(), this.storageManager.saveTokens(d), this.tokenCacheService.setTokensCache(d), this.subscribeStore.notify(a.SignIn, { tokens: d, parsedTokens: this.getParsedTokens() }), this.submitSessionCheck(), this.cleanupUrlParams(t), this.error = void 0, d;
2990
3206
  } else
2991
3207
  this.error = this.checkErrorsFromURL();
2992
3208
  }
2993
3209
  checkErrorsFromURL() {
2994
3210
  const t = new URLSearchParams(window.location.search).get("error");
2995
3211
  if (t) {
2996
- const s = Te(t);
2997
- return new Error(s);
3212
+ const r = Te(t);
3213
+ return new Error(r);
2998
3214
  }
2999
3215
  }
3000
3216
  cleanupUrlParams(e = !1) {
@@ -3006,7 +3222,19 @@ const O = class O {
3006
3222
  }
3007
3223
  }
3008
3224
  setTokensToCacheFromLocalStorage() {
3009
- const e = this.storageManager.getTokens();
3225
+ let e = this.storageManager.getTokens();
3226
+ if (!e?.access_token && this.storageManager.getDeliveryMode()) {
3227
+ if (e?.id_token && this.storageManager.hasCookieModeIdToken()) {
3228
+ this.tokenCacheService.setTokensCache(e);
3229
+ return;
3230
+ }
3231
+ if (this.storageManager.hasJsonModeTokens())
3232
+ this.storageManager.clearDeliveryMode(), e = this.storageManager.getTokens();
3233
+ else {
3234
+ this.storageManager.deleteTokens();
3235
+ return;
3236
+ }
3237
+ }
3010
3238
  e && this.tokenCacheService.setTokensCache(e);
3011
3239
  }
3012
3240
  /**
@@ -3204,12 +3432,12 @@ const O = class O {
3204
3432
  * @throws The original error after handling
3205
3433
  */
3206
3434
  handleError(e, t) {
3207
- const s = {
3435
+ const r = {
3208
3436
  message: e instanceof Error ? e.message : `${t} failed`,
3209
3437
  originalError: e,
3210
3438
  code: e instanceof u ? e.id : void 0
3211
3439
  };
3212
- throw this.subscribeStore.notify(a.Error, s), e;
3440
+ throw this.subscribeStore.notify(a.Error, r), e;
3213
3441
  }
3214
3442
  /**
3215
3443
  * Sign out the current user and clear all tokens.
@@ -3620,8 +3848,8 @@ const O = class O {
3620
3848
  async renameUserPasskey(e, t) {
3621
3849
  try {
3622
3850
  return await this.userService.renameUserPasskey(e, t);
3623
- } catch (s) {
3624
- this.handleError(s, "Rename user passkey");
3851
+ } catch (r) {
3852
+ this.handleError(r, "Rename user passkey");
3625
3853
  }
3626
3854
  }
3627
3855
  /**
@@ -3681,10 +3909,10 @@ const O = class O {
3681
3909
  */
3682
3910
  async joinInvitation(e, t) {
3683
3911
  try {
3684
- const s = await this.tenant.joinInvitation(e, t);
3685
- return s.scopes = t ?? this.scopes, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), s;
3686
- } catch (s) {
3687
- this.handleError(s, "Join invitation");
3912
+ const r = await this.tenant.joinInvitation(e, t);
3913
+ return r.scopes = t ?? this.scopes, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), r;
3914
+ } catch (r) {
3915
+ this.handleError(r, "Join invitation");
3688
3916
  }
3689
3917
  }
3690
3918
  /**
@@ -3695,10 +3923,10 @@ const O = class O {
3695
3923
  */
3696
3924
  async createTenant(e, t) {
3697
3925
  try {
3698
- const s = await this.tenant.createTenant(e);
3699
- return t && await this.refreshToken(), s;
3700
- } catch (s) {
3701
- this.handleError(s, "Create tenant");
3926
+ const r = await this.tenant.createTenant(e);
3927
+ return t && await this.refreshToken(), r;
3928
+ } catch (r) {
3929
+ this.handleError(r, "Create tenant");
3702
3930
  }
3703
3931
  }
3704
3932
  // Invitation methods delegated to InvitationService
@@ -4172,15 +4400,15 @@ class l extends Error {
4172
4400
  /**
4173
4401
  * Create an M2MError from an OAuth 2.0 error response
4174
4402
  */
4175
- static fromOAuthError(e, t, s) {
4176
- const r = s ? l.parseRateLimitHeaders(s) : void 0;
4403
+ static fromOAuthError(e, t, r) {
4404
+ const s = r ? l.parseRateLimitHeaders(r) : void 0;
4177
4405
  return new l({
4178
4406
  code: e.error,
4179
4407
  message: e.error_description ?? l.getDefaultMessage(e.error),
4180
4408
  status: t,
4181
4409
  errorUri: e.error_uri,
4182
- rateLimitInfo: r,
4183
- headers: s
4410
+ rateLimitInfo: s,
4411
+ headers: r
4184
4412
  });
4185
4413
  }
4186
4414
  /**
@@ -4198,12 +4426,12 @@ class l extends Error {
4198
4426
  * Parse rate limit headers from response
4199
4427
  */
4200
4428
  static parseRateLimitHeaders(e) {
4201
- const t = e["x-ratelimit-limit"], s = e["x-ratelimit-remaining"], r = e["x-ratelimit-reset"] || e["retry-after"];
4202
- if (t && s && r)
4429
+ const t = e["x-ratelimit-limit"], r = e["x-ratelimit-remaining"], s = e["x-ratelimit-reset"] || e["retry-after"];
4430
+ if (t && r && s)
4203
4431
  return {
4204
4432
  limit: parseInt(t, 10),
4205
- remaining: parseInt(s, 10),
4206
- reset: parseInt(r, 10)
4433
+ remaining: parseInt(r, 10),
4434
+ reset: parseInt(s, 10)
4207
4435
  };
4208
4436
  }
4209
4437
  /**
@@ -4270,7 +4498,7 @@ class N extends l {
4270
4498
  }), this.name = "M2MNetworkError";
4271
4499
  }
4272
4500
  }
4273
- class P extends l {
4501
+ class M extends l {
4274
4502
  constructor(e, t) {
4275
4503
  super({
4276
4504
  code: "invalid_request",
@@ -4289,7 +4517,7 @@ class U extends l {
4289
4517
  }), this.name = "M2MConfigError";
4290
4518
  }
4291
4519
  }
4292
- const Ge = {
4520
+ const Ve = {
4293
4521
  InvalidRequest: "invalid_request",
4294
4522
  InvalidClient: "invalid_client",
4295
4523
  InvalidGrant: "invalid_grant",
@@ -4299,7 +4527,7 @@ const Ge = {
4299
4527
  RateLimitExceeded: "rate_limit_exceeded",
4300
4528
  ServerError: "server_error",
4301
4529
  TemporarilyUnavailable: "temporarily_unavailable"
4302
- }, m = {
4530
+ }, w = {
4303
4531
  /** Default token endpoint path */
4304
4532
  TOKEN_ENDPOINT: "/oauth2/token",
4305
4533
  /** Default request timeout in milliseconds */
@@ -4317,18 +4545,18 @@ class xe {
4317
4545
  constructor() {
4318
4546
  this.cache = /* @__PURE__ */ new Map();
4319
4547
  }
4320
- async get(e) {
4548
+ get(e) {
4321
4549
  const t = this.cache.get(e);
4322
- return t ? Date.now() >= t.expiresAt ? (this.cache.delete(e), null) : t.token : null;
4550
+ return t ? Date.now() >= t.expiresAt ? (this.cache.delete(e), Promise.resolve(null)) : Promise.resolve(t.token) : Promise.resolve(null);
4323
4551
  }
4324
- async set(e, t, s) {
4325
- this.cache.set(e, {
4552
+ set(e, t, r) {
4553
+ return this.cache.set(e, {
4326
4554
  token: t,
4327
- expiresAt: Date.now() + s * 1e3
4328
- });
4555
+ expiresAt: Date.now() + r * 1e3
4556
+ }), Promise.resolve();
4329
4557
  }
4330
- async delete(e) {
4331
- this.cache.delete(e);
4558
+ delete(e) {
4559
+ return this.cache.delete(e), Promise.resolve();
4332
4560
  }
4333
4561
  }
4334
4562
  const Ue = {
@@ -4339,7 +4567,7 @@ const Ue = {
4339
4567
  return Math.pow(2, i - 1) * 1e3;
4340
4568
  }
4341
4569
  };
4342
- class Ve {
4570
+ class Ge {
4343
4571
  /**
4344
4572
  * Create a new M2M client
4345
4573
  *
@@ -4370,23 +4598,23 @@ class Ve {
4370
4598
  scopes: e.scopes,
4371
4599
  audience: e.audience,
4372
4600
  autoRefresh: e.autoRefresh ?? !1,
4373
- refreshThreshold: e.refreshThreshold ?? m.REFRESH_THRESHOLD,
4374
- timeout: e.timeout ?? m.TIMEOUT,
4375
- retries: e.retries ?? m.RETRIES,
4376
- retryDelay: e.retryDelay ?? m.RETRY_DELAY,
4601
+ refreshThreshold: e.refreshThreshold ?? w.REFRESH_THRESHOLD,
4602
+ timeout: e.timeout ?? w.TIMEOUT,
4603
+ retries: e.retries ?? w.RETRIES,
4604
+ retryDelay: e.retryDelay ?? w.RETRY_DELAY,
4377
4605
  retryStrategy: e.retryStrategy,
4378
4606
  cache: e.cache,
4379
4607
  onTokenRequest: e.onTokenRequest,
4380
4608
  onTokenResponse: e.onTokenResponse,
4381
4609
  onError: e.onError
4382
- }, this.cache = e.cache ?? new xe(), this.retryStrategy = e.retryStrategy ?? Ue, this.tokenEndpoint = `${t}${m.TOKEN_ENDPOINT}`;
4610
+ }, this.cache = e.cache ?? new xe(), this.retryStrategy = e.retryStrategy ?? Ue, this.tokenEndpoint = `${t}${w.TOKEN_ENDPOINT}`;
4383
4611
  }
4384
4612
  /**
4385
4613
  * Get the cache key for this client
4386
4614
  */
4387
4615
  getCacheKey(e, t) {
4388
- const s = e?.sort().join(",") || "", r = t?.sort().join(",") || "";
4389
- return `m2m:${this.config.clientId}:${s}:${r}`;
4616
+ const r = e?.sort().join(",") || "", s = t?.sort().join(",") || "";
4617
+ return `m2m:${this.config.clientId}:${r}:${s}`;
4390
4618
  }
4391
4619
  /**
4392
4620
  * Request an access token from the authorization server
@@ -4408,13 +4636,13 @@ class Ve {
4408
4636
  * ```
4409
4637
  */
4410
4638
  async getToken(e) {
4411
- const t = e?.scopes ?? this.config.scopes, s = e?.audience ?? this.config.audience, r = this.getCacheKey(t, s);
4639
+ const t = e?.scopes ?? this.config.scopes, r = e?.audience ?? this.config.audience, s = this.getCacheKey(t, r);
4412
4640
  if (!e?.forceRefresh) {
4413
- const o = await this.cache.get(r);
4641
+ const o = await this.cache.get(s);
4414
4642
  if (o && !this.isTokenExpired(o))
4415
4643
  return o;
4416
4644
  }
4417
- return this.requestToken(t, s, r);
4645
+ return this.requestToken(t, r, s);
4418
4646
  }
4419
4647
  /**
4420
4648
  * Get a valid token, automatically refreshing if needed
@@ -4432,32 +4660,32 @@ class Ve {
4432
4660
  * ```
4433
4661
  */
4434
4662
  async getValidToken() {
4435
- const e = this.config.scopes, t = this.config.audience, s = this.getCacheKey(e, t), r = await this.cache.get(s);
4436
- if (r) {
4437
- if (this.config.autoRefresh && this.isTokenExpired(r, this.config.refreshThreshold))
4438
- return this.requestToken(e, t, s);
4439
- if (!this.isTokenExpired(r))
4440
- return r;
4663
+ const e = this.config.scopes, t = this.config.audience, r = this.getCacheKey(e, t), s = await this.cache.get(r);
4664
+ if (s) {
4665
+ if (this.config.autoRefresh && this.isTokenExpired(s, this.config.refreshThreshold))
4666
+ return this.requestToken(e, t, r);
4667
+ if (!this.isTokenExpired(s))
4668
+ return s;
4441
4669
  }
4442
- return this.requestToken(e, t, s);
4670
+ return this.requestToken(e, t, r);
4443
4671
  }
4444
4672
  /**
4445
4673
  * Request a new token from the authorization server
4446
4674
  */
4447
- async requestToken(e, t, s) {
4448
- const r = {
4675
+ async requestToken(e, t, r) {
4676
+ const s = {
4449
4677
  grant_type: "client_credentials",
4450
4678
  client_id: this.config.clientId,
4451
4679
  client_secret: this.config.clientSecret
4452
4680
  };
4453
- e && e.length > 0 && (r.scope = e.join(" ")), t && t.length > 0 && (r.audience = t.join(" ")), this.config.onTokenRequest && this.config.onTokenRequest({
4681
+ e && e.length > 0 && (s.scope = e.join(" ")), t && t.length > 0 && (s.audience = t.join(" ")), this.config.onTokenRequest && this.config.onTokenRequest({
4454
4682
  clientId: this.config.clientId,
4455
4683
  scopes: e ?? [],
4456
4684
  audience: t ?? [],
4457
4685
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
4458
4686
  });
4459
- const o = await this.executeWithRetry(() => this.doTokenRequest(r));
4460
- return o.issued_at = Math.floor(Date.now() / 1e3), s && await this.cache.set(s, o, o.expires_in), this.config.onTokenResponse && this.config.onTokenResponse(o), o;
4687
+ const o = await this.executeWithRetry(() => this.doTokenRequest(s));
4688
+ return o.issued_at = Math.floor(Date.now() / 1e3), r && await this.cache.set(r, o, o.expires_in), this.config.onTokenResponse && this.config.onTokenResponse(o), o;
4461
4689
  }
4462
4690
  /**
4463
4691
  * Execute the actual HTTP request to the token endpoint
@@ -4465,25 +4693,25 @@ class Ve {
4465
4693
  async doTokenRequest(e) {
4466
4694
  const t = new URLSearchParams();
4467
4695
  t.append("grant_type", e.grant_type), t.append("client_id", e.client_id), t.append("client_secret", e.client_secret), e.scope && t.append("scope", e.scope), e.audience && t.append("audience", e.audience);
4468
- const s = new AbortController(), r = setTimeout(() => s.abort(), this.config.timeout);
4696
+ const r = new AbortController(), s = setTimeout(() => r.abort(), this.config.timeout);
4469
4697
  try {
4470
4698
  const o = await fetch(this.tokenEndpoint, {
4471
4699
  method: "POST",
4472
4700
  headers: {
4473
- "Content-Type": m.CONTENT_TYPE,
4701
+ "Content-Type": w.CONTENT_TYPE,
4474
4702
  Accept: "application/json"
4475
4703
  },
4476
4704
  body: t.toString(),
4477
- signal: s.signal
4705
+ signal: r.signal
4478
4706
  });
4479
- clearTimeout(r);
4707
+ clearTimeout(s);
4480
4708
  const n = {};
4481
- o.headers.forEach((c, g) => {
4482
- n[g.toLowerCase()] = c;
4709
+ o.headers.forEach((h, g) => {
4710
+ n[g.toLowerCase()] = h;
4483
4711
  });
4484
4712
  const d = await o.json();
4485
4713
  if (!o.ok) {
4486
- const c = l.fromOAuthError(
4714
+ const h = l.fromOAuthError(
4487
4715
  {
4488
4716
  error: d.error || "server_error",
4489
4717
  error_description: d.error_description || d.message,
@@ -4493,13 +4721,13 @@ class Ve {
4493
4721
  n
4494
4722
  );
4495
4723
  throw this.config.onError && this.config.onError({
4496
- error: c.code,
4497
- error_description: c.message
4498
- }), c;
4724
+ error: h.code,
4725
+ error_description: h.message
4726
+ }), h;
4499
4727
  }
4500
4728
  return d;
4501
4729
  } catch (o) {
4502
- throw clearTimeout(r), o instanceof Error && o.name === "AbortError" ? new N(`Request timed out after ${this.config.timeout}ms`) : o instanceof TypeError && o.message.includes("fetch") ? new N(`Network error: ${o.message}`, o) : o instanceof l ? o : l.fromError(o instanceof Error ? o : new Error(String(o)));
4730
+ throw clearTimeout(s), o instanceof Error && o.name === "AbortError" ? new N(`Request timed out after ${this.config.timeout}ms`) : o instanceof TypeError && o.message.includes("fetch") ? new N(`Network error: ${o.message}`, o) : o instanceof l ? o : l.fromError(o instanceof Error ? o : new Error(String(o)));
4503
4731
  }
4504
4732
  }
4505
4733
  /**
@@ -4507,18 +4735,18 @@ class Ve {
4507
4735
  */
4508
4736
  async executeWithRetry(e) {
4509
4737
  let t;
4510
- for (let s = 1; s <= this.config.retries; s++)
4738
+ for (let r = 1; r <= this.config.retries; r++)
4511
4739
  try {
4512
4740
  return await e();
4513
- } catch (r) {
4514
- if (!(r instanceof l))
4515
- throw r;
4516
- if (t = r, s < this.config.retries && this.retryStrategy.shouldRetry({ code: r.code, status: r.status }, s)) {
4517
- const o = this.retryStrategy.getDelay(s);
4741
+ } catch (s) {
4742
+ if (!(s instanceof l))
4743
+ throw s;
4744
+ if (t = s, r < this.config.retries && this.retryStrategy.shouldRetry({ code: s.code, status: s.status }, r)) {
4745
+ const o = this.retryStrategy.getDelay(r);
4518
4746
  await this.sleep(o);
4519
4747
  continue;
4520
4748
  }
4521
- throw r;
4749
+ throw s;
4522
4750
  }
4523
4751
  throw t ?? new l({ code: "server_error", message: "Request failed after retries" });
4524
4752
  }
@@ -4572,8 +4800,8 @@ class Ve {
4572
4800
  */
4573
4801
  isTokenExpired(e, t = 0) {
4574
4802
  if (!e) return !0;
4575
- const s = Math.floor(Date.now() / 1e3), o = (e.issued_at ?? s - e.expires_in) + e.expires_in;
4576
- return s >= o - t;
4803
+ const r = Math.floor(Date.now() / 1e3), o = (e.issued_at ?? r - e.expires_in) + e.expires_in;
4804
+ return r >= o - t;
4577
4805
  }
4578
4806
  /**
4579
4807
  * Parse token claims from a JWT access token
@@ -4594,14 +4822,14 @@ class Ve {
4594
4822
  try {
4595
4823
  const t = e.split(".");
4596
4824
  if (t.length !== 3)
4597
- throw new P("Invalid JWT format: expected 3 parts");
4598
- const s = t[1];
4599
- if (!s)
4600
- throw new P("Invalid JWT format: missing payload");
4601
- const r = atob(s.replace(/-/g, "+").replace(/_/g, "/")), o = JSON.parse(r);
4825
+ throw new M("Invalid JWT format: expected 3 parts");
4826
+ const r = t[1];
4827
+ if (!r)
4828
+ throw new M("Invalid JWT format: missing payload");
4829
+ const s = atob(r.replace(/-/g, "+").replace(/_/g, "/")), o = JSON.parse(s);
4602
4830
  return o.scopes && typeof o.scopes == "string" ? o.scopes = o.scopes.split(" ") : o.scopes || (o.scopes = []), o;
4603
4831
  } catch (t) {
4604
- throw t instanceof P ? t : new P(`Failed to parse token: ${t instanceof Error ? t.message : "Unknown error"}`);
4832
+ throw t instanceof M ? t : new M(`Failed to parse token: ${t instanceof Error ? t.message : "Unknown error"}`);
4605
4833
  }
4606
4834
  }
4607
4835
  /**
@@ -4636,29 +4864,29 @@ class Ve {
4636
4864
  const e = this.getCachedToken();
4637
4865
  if (!e)
4638
4866
  return;
4639
- const t = `${this.config.url}/oauth2/revoke`, s = new URLSearchParams();
4640
- s.append("token", e.access_token), s.append("client_id", this.config.clientId), s.append("client_secret", this.config.clientSecret);
4867
+ const t = `${this.config.url}/oauth2/revoke`, r = new URLSearchParams();
4868
+ r.append("token", e.access_token), r.append("client_id", this.config.clientId), r.append("client_secret", this.config.clientSecret);
4641
4869
  try {
4642
- const r = await fetch(t, {
4870
+ const s = await fetch(t, {
4643
4871
  method: "POST",
4644
4872
  headers: {
4645
- "Content-Type": m.CONTENT_TYPE
4873
+ "Content-Type": w.CONTENT_TYPE
4646
4874
  },
4647
- body: s.toString()
4875
+ body: r.toString()
4648
4876
  });
4649
- if (!r.ok && r.status !== 200) {
4650
- const o = await r.json().catch(() => ({}));
4877
+ if (!s.ok && s.status !== 200) {
4878
+ const o = await s.json().catch(() => ({}));
4651
4879
  throw l.fromOAuthError(
4652
4880
  {
4653
4881
  error: o.error || "server_error",
4654
4882
  error_description: o.error_description || "Token revocation failed"
4655
4883
  },
4656
- r.status
4884
+ s.status
4657
4885
  );
4658
4886
  }
4659
4887
  this.clearCache();
4660
- } catch (r) {
4661
- throw r instanceof l ? r : l.fromError(r instanceof Error ? r : new Error(String(r)));
4888
+ } catch (s) {
4889
+ throw s instanceof l ? s : l.fromError(s instanceof Error ? s : new Error(String(s)));
4662
4890
  }
4663
4891
  }
4664
4892
  /**
@@ -4688,7 +4916,7 @@ class Ve {
4688
4916
  }
4689
4917
  export {
4690
4918
  C as APP_ID_HEADER_KEY,
4691
- _ as AUTHORIZATION_HEADER_KEY,
4919
+ I as AUTHORIZATION_HEADER_KEY,
4692
4920
  pe as AppAPI,
4693
4921
  fe as AuthAPI,
4694
4922
  Ie as AuthService,
@@ -4699,51 +4927,51 @@ export {
4699
4927
  ne as ERROR_MESSAGE_MAX_LENGTH,
4700
4928
  ke as InvitationAPI,
4701
4929
  be as InvitationService,
4702
- Ve as M2MClient,
4930
+ Ge as M2MClient,
4703
4931
  U as M2MConfigError,
4704
4932
  l as M2MError,
4705
- Ge as M2MErrorCodes,
4933
+ Ve as M2MErrorCodes,
4706
4934
  N as M2MNetworkError,
4707
- P as M2MTokenParseError,
4708
- m as M2M_DEFAULTS,
4935
+ M as M2MTokenParseError,
4936
+ w as M2M_DEFAULTS,
4709
4937
  Ne as MINIMAL_DEFAULT_SCOPES,
4710
- I as OS,
4711
- G as PASSFLOW_CLOUD_URL,
4938
+ b as OS,
4939
+ V as PASSFLOW_CLOUD_URL,
4712
4940
  te as POPUP_HEIGHT,
4713
- se as POPUP_POLL_INTERVAL_MS,
4714
- re as POPUP_TIMEOUT_MS,
4941
+ re as POPUP_POLL_INTERVAL_MS,
4942
+ se as POPUP_TIMEOUT_MS,
4715
4943
  ee as POPUP_WIDTH,
4716
4944
  L as Passflow,
4717
- w as PassflowAdminEndpointPaths,
4718
- h as PassflowEndpointPaths,
4945
+ T as PassflowAdminEndpointPaths,
4946
+ c as PassflowEndpointPaths,
4719
4947
  u as PassflowError,
4720
4948
  a as PassflowEvent,
4721
4949
  de as Providers,
4722
4950
  E as RequestMethod,
4723
4951
  Z as SDK_VERSION,
4724
4952
  q as SessionState,
4725
- ye as SettingAPI,
4726
- V as TOKEN_EXPIRY_BUFFER_SECONDS,
4727
- ve as TenantAPI,
4728
- Pe as TenantService,
4953
+ ve as SettingAPI,
4954
+ G as TOKEN_EXPIRY_BUFFER_SECONDS,
4955
+ ye as TenantAPI,
4956
+ Me as TenantService,
4729
4957
  Re as TenantUserMembership,
4730
- De as TokenCacheService,
4731
- v as TokenDeliveryMode,
4732
- k as TokenType,
4733
- Se as TwoFactorApiClient,
4958
+ Fe as TokenCacheService,
4959
+ y as TokenDeliveryMode,
4960
+ p as TokenType,
4961
+ me as TwoFactorApiClient,
4734
4962
  ue as TwoFactorPolicy,
4735
- Fe as TwoFactorService,
4963
+ De as TwoFactorService,
4736
4964
  oe as USERNAME_MAX_LENGTH,
4737
4965
  ie as USERNAME_MIN_LENGTH,
4738
- me as UserAPI,
4739
- Me as UserService,
4966
+ Se as UserAPI,
4967
+ Pe as UserService,
4740
4968
  S as isTokenExpired,
4741
- M as isValidEmail,
4742
- F as isValidJWTFormat,
4969
+ P as isValidEmail,
4970
+ D as isValidJWTFormat,
4743
4971
  x as isValidPhoneNumber,
4744
- Ee as isValidUsername,
4745
- y as parseToken,
4746
- A as pathWithParams,
4972
+ _e as isValidUsername,
4973
+ v as parseToken,
4974
+ m as pathWithParams,
4747
4975
  Te as sanitizeErrorMessage
4748
4976
  };
4749
4977
  //# sourceMappingURL=index.mjs.map