@passflow/core 0.2.8 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/dist/index.js +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +1010 -773
  4. package/dist/index.mjs.map +1 -1
  5. package/dist/lib/api/model.d.ts +68 -1
  6. package/dist/lib/api/model.d.ts.map +1 -1
  7. package/dist/lib/api/two-factor.d.ts +51 -1
  8. package/dist/lib/api/two-factor.d.ts.map +1 -1
  9. package/dist/lib/passflow.d.ts.map +1 -1
  10. package/dist/lib/services/two-factor-service.d.ts +41 -1
  11. package/dist/lib/services/two-factor-service.d.ts.map +1 -1
  12. package/dist/lib/storage/index.d.ts +10 -0
  13. package/dist/lib/storage/index.d.ts.map +1 -1
  14. package/dist/lib/store.d.ts +17 -1
  15. package/dist/lib/store.d.ts.map +1 -1
  16. package/package.json +1 -1
package/dist/index.mjs CHANGED
@@ -1,20 +1,20 @@
1
- import D from "axios";
1
+ import F from "axios";
2
2
  import { v4 as H } from "uuid";
3
3
  import { startRegistration as K, startAuthentication as j } from "@simplewebauthn/browser";
4
- const z = "0.2.8", X = {
4
+ const z = "0.2.10", X = {
5
5
  version: z
6
- }, C = "X-Passflow-Clientid", _ = "Authorization", W = "X-Passflow-DeviceId", J = "X-Passflow-DeviceType", Z = X.version, Ne = ["id", "offline", "openid"], Q = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], G = "https://auth.passflow.cloud", Ke = "default", ee = 500, te = 600, se = 100, re = 6e4, V = 30, ie = 3, ne = 30, oe = 200, ae = (i) => {
6
+ }, C = "X-Passflow-Clientid", I = "Authorization", W = "X-Passflow-DeviceId", J = "X-Passflow-DeviceType", Z = X.version, Ne = ["id", "offline", "openid"], Q = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], V = "https://auth.passflow.cloud", Ke = "default", ee = 500, te = 600, re = 100, se = 6e4, G = 30, ie = 3, oe = 30, ne = 200, ae = (i) => {
7
7
  const e = [];
8
8
  let t;
9
9
  for (t in i) {
10
- const s = i[t];
11
- if (s === void 0)
10
+ const r = i[t];
11
+ if (r === void 0)
12
12
  continue;
13
- const r = { tenant: { id: s.tenant_id, name: s.tenant_name } };
14
- r.groups = s.groups ? Object.keys(s.groups).map((n) => {
15
- const o = s.groups[n] || [];
16
- return { group: { id: n, name: s.group_names?.[n] ?? "unknown" }, roles: o };
17
- }) : [], r.tenantRoles = r.groups?.find((n) => n.group.id === s.root_group_id), e.push(r);
13
+ const s = { tenant: { id: r.tenant_id, name: r.tenant_name } };
14
+ s.groups = r.groups ? Object.keys(r.groups).map((o) => {
15
+ const n = r.groups[o] || [];
16
+ return { group: { id: o, name: r.group_names?.[o] ?? "unknown" }, roles: n };
17
+ }) : [], s.tenantRoles = s.groups?.find((o) => o.group.id === r.root_group_id), e.push(s);
18
18
  }
19
19
  return { raw: i, tenants: e };
20
20
  };
@@ -38,8 +38,8 @@ class he {
38
38
  isTokenTypeExpired(e) {
39
39
  const t = this.storageManager.getToken(e);
40
40
  if (!t) return !0;
41
- const s = y(t);
42
- return s ? m(s) : !0;
41
+ const r = v(t);
42
+ return r ? S(r) : !0;
43
43
  }
44
44
  /**
45
45
  * Parse token from storage by type.
@@ -51,21 +51,21 @@ class he {
51
51
  parseTokenType(e) {
52
52
  const t = this.storageManager.getToken(e);
53
53
  if (t)
54
- return y(t);
54
+ return v(t);
55
55
  }
56
56
  }
57
- function m(i, e = V) {
57
+ function S(i, e = G) {
58
58
  return Math.floor(Date.now() / 1e3) + e > i.exp;
59
59
  }
60
- function y(i) {
60
+ function v(i) {
61
61
  const e = i.split(".")[1];
62
62
  if (!e) throw new Error("Invalid token string");
63
- const t = e.replace(/-/g, "+").replace(/_/g, "/"), s = t + "=".repeat((4 - t.length % 4) % 4), r = ce(s), n = decodeURIComponent(
64
- r.split("").map((d) => "%" + ("00" + d.charCodeAt(0).toString(16)).slice(-2)).join("")
65
- ), o = JSON.parse(n);
66
- return o.membership = o.passflow_tm && o.type !== "invite" ? ae(o.passflow_tm) : void 0, o;
63
+ const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = t + "=".repeat((4 - t.length % 4) % 4), s = ce(r), o = decodeURIComponent(
64
+ s.split("").map((d) => "%" + ("00" + d.charCodeAt(0).toString(16)).slice(-2)).join("")
65
+ ), n = JSON.parse(o);
66
+ return n.membership = n.passflow_tm && n.type !== "invite" ? ae(n.passflow_tm) : void 0, n;
67
67
  }
68
- var k = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i.two_factor = "2fa", i))(k || {}), v = /* @__PURE__ */ ((i) => (i.JsonBody = "json_body", i.Cookie = "cookie", i.Mobile = "mobile", i.BFF = "bff", i))(v || {}), q = /* @__PURE__ */ ((i) => (i.Unknown = "unknown", i.Valid = "valid", i.Invalid = "invalid", i))(q || {});
68
+ var p = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i.two_factor = "2fa", i))(p || {}), y = /* @__PURE__ */ ((i) => (i.JsonBody = "json_body", i.Cookie = "cookie", i.Mobile = "mobile", i.BFF = "bff", i))(y || {}), q = /* @__PURE__ */ ((i) => (i.Unknown = "unknown", i.Valid = "valid", i.Invalid = "invalid", i))(q || {});
69
69
  class Y {
70
70
  constructor(e) {
71
71
  this.storageManager = e, this.mode = "json_body", this.sessionState = "unknown", this.isInitializedFlag = !1, this.STORAGE_PREFIX = "passflow_", this.DELIVERY_MODE_KEY = `${this.STORAGE_PREFIX}delivery_mode`, this.SESSION_STATE_KEY = `${this.STORAGE_PREFIX}session_state`, this.loadPersistedMode(), this.loadPersistedSessionState();
@@ -166,7 +166,7 @@ class Y {
166
166
  loadPersistedMode() {
167
167
  try {
168
168
  const e = this.storageManager.storage.getItem(this.DELIVERY_MODE_KEY);
169
- e && Object.values(v).includes(e) && (this.mode = e, this.isInitializedFlag = !0);
169
+ e && Object.values(y).includes(e) && (this.mode = e, this.isInitializedFlag = !0);
170
170
  } catch {
171
171
  }
172
172
  }
@@ -227,8 +227,8 @@ class $ {
227
227
  * In JSON mode: save all tokens (existing behavior)
228
228
  */
229
229
  saveTokens(e, t) {
230
- const { id_token: s, access_token: r, refresh_token: n, scopes: o } = e;
231
- t === v.Cookie || t === v.BFF ? s && this.storage.setItem(this.ID_TOKEN_KEY, s) : (s && this.storage.setItem(this.getKeyForTokenType(k.id_token), s), r && this.storage.setItem(this.getKeyForTokenType(k.access_token), r), n && this.storage.setItem(this.getKeyForTokenType(k.refresh_token), n), o && this.storage.setItem(this.scopes, o.join(",")));
230
+ const { id_token: r, access_token: s, refresh_token: o, scopes: n } = e;
231
+ t === y.Cookie || t === y.BFF ? r && this.storage.setItem(this.ID_TOKEN_KEY, r) : (r && this.storage.setItem(this.getKeyForTokenType(p.id_token), r), s && this.storage.setItem(this.getKeyForTokenType(p.access_token), s), o && this.storage.setItem(this.getKeyForTokenType(p.refresh_token), o), n && this.storage.setItem(this.scopes, n.join(",")));
232
232
  }
233
233
  getToken(e) {
234
234
  const t = this.getKeyForTokenType(e);
@@ -241,31 +241,45 @@ class $ {
241
241
  */
242
242
  getTokens() {
243
243
  const e = this.getDeliveryMode();
244
- if (e === v.Cookie || e === v.BFF) {
245
- const s = this.storage.getItem(this.ID_TOKEN_KEY);
246
- return s ? {
247
- id_token: s
244
+ if (e === y.Cookie || e === y.BFF) {
245
+ const r = this.storage.getItem(this.ID_TOKEN_KEY);
246
+ return r ? {
247
+ id_token: r
248
248
  // access_token and refresh_token are in HttpOnly cookies, not localStorage
249
249
  } : void 0;
250
250
  }
251
- const t = this.storage.getItem(this.getKeyForTokenType(k.access_token));
251
+ const t = this.storage.getItem(this.getKeyForTokenType(p.access_token));
252
252
  if (t)
253
253
  return {
254
254
  access_token: t,
255
- id_token: this.storage.getItem(this.getKeyForTokenType(k.id_token)) ?? void 0,
256
- refresh_token: this.storage.getItem(this.getKeyForTokenType(k.refresh_token)) ?? void 0,
255
+ id_token: this.storage.getItem(this.getKeyForTokenType(p.id_token)) ?? void 0,
256
+ refresh_token: this.storage.getItem(this.getKeyForTokenType(p.refresh_token)) ?? void 0,
257
257
  scopes: this.storage.getItem(this.scopes)?.split(",") ?? void 0
258
258
  };
259
259
  }
260
260
  getScopes() {
261
261
  return this.storage.getItem(this.scopes)?.split(",") ?? void 0;
262
262
  }
263
+ /**
264
+ * Check if JSON mode tokens exist in storage (ignores delivery mode)
265
+ * Used to detect stale state where delivery_mode is set but JSON tokens exist
266
+ */
267
+ hasJsonModeTokens() {
268
+ return !!this.storage.getItem(this.getKeyForTokenType(p.access_token));
269
+ }
270
+ /**
271
+ * Check if cookie mode ID token exists in storage
272
+ * Used to detect legitimate cookie/BFF mode sessions
273
+ */
274
+ hasCookieModeIdToken() {
275
+ return !!this.storage.getItem(this.ID_TOKEN_KEY);
276
+ }
263
277
  deleteToken(e) {
264
278
  const t = this.getKeyForTokenType(e);
265
279
  this.storage.removeItem(t);
266
280
  }
267
281
  deleteTokens() {
268
- this.storage.removeItem(this.getKeyForTokenType(k.id_token)), this.storage.removeItem(this.getKeyForTokenType(k.access_token)), this.storage.removeItem(this.getKeyForTokenType(k.refresh_token)), this.storage.removeItem(this.scopes), this.clearIdToken();
282
+ this.storage.removeItem(this.getKeyForTokenType(p.id_token)), this.storage.removeItem(this.getKeyForTokenType(p.access_token)), this.storage.removeItem(this.getKeyForTokenType(p.refresh_token)), this.storage.removeItem(this.scopes), this.clearIdToken(), this.clearDeliveryMode(), this.clearCsrfToken();
269
283
  }
270
284
  getDeviceId() {
271
285
  return this.storage.getItem(this.deviceId) ?? void 0;
@@ -310,7 +324,7 @@ class $ {
310
324
  getDeliveryMode() {
311
325
  try {
312
326
  const e = this.storage.getItem(this.DELIVERY_MODE_KEY);
313
- if (e && Object.values(v).includes(e))
327
+ if (e && Object.values(y).includes(e))
314
328
  return e;
315
329
  } catch {
316
330
  }
@@ -402,82 +416,82 @@ class B {
402
416
  return H();
403
417
  }
404
418
  }
405
- var E = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(E || {}), h = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.validateSession = "/user/me", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i.twoFactor = "/user/2fa", i.twoFactorStatus = "/user/2fa/status", i.twoFactorSetupBegin = "/user/2fa/setup/begin", i.twoFactorSetupConfirm = "/user/2fa/setup/confirm", i.twoFactorVerify = "/auth/2fa/verify", i.twoFactorRecovery = "/auth/2fa/recovery", i.twoFactorRegenerateCodes = "/user/2fa/recovery-codes/regenerate", i.twoFactorSetupMagicLink = "/auth/2fa-setup", i))(h || {}), w = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(w || {});
419
+ var E = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(E || {}), c = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.validateSession = "/user/me", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i.twoFactor = "/user/2fa", i.twoFactorStatus = "/user/2fa/status", i.twoFactorSetupBegin = "/user/2fa/setup/begin", i.twoFactorSetupConfirm = "/user/2fa/setup/confirm", i.twoFactorVerify = "/auth/2fa/verify", i.twoFactorRecovery = "/auth/2fa/recovery", i.twoFactorRegenerateCodes = "/user/2fa/recovery-codes/regenerate", i.twoFactorSetupMagicLink = "/auth/2fa-setup", i.TwoFactorMethodsAvailable = "/v2/user/2fa/methods/available", i.TwoFactorMethodsRegistered = "/v2/user/2fa/methods", i.TwoFactorMethodSetupBegin = "/v2/user/2fa/methods/:method/setup/begin", i.TwoFactorMethodSetupConfirm = "/v2/user/2fa/methods/:method/setup/confirm", i.TwoFactorMethodRemove = "/v2/user/2fa/methods/:id", i.TwoFactorChallenge = "/v2/auth/2fa/challenge", i.TwoFactorVerifyV2 = "/v2/auth/2fa/verify", i.TwoFactorAlternative = "/v2/auth/2fa/alternative", i.TwoFactorTrustedDevices = "/v2/user/2fa/trusted-devices", i.TwoFactorTrustedDeviceRevoke = "/v2/user/2fa/trusted-devices/:id", i))(c || {}), T = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(T || {});
406
420
  class u extends Error {
407
421
  constructor(e) {
408
422
  super(), this.id = e?.id ?? "unknown", this.message = e?.message ?? e ?? "Something went wrong", this.status = e?.status ?? 500, this.location = e?.location ?? "unknown", this.time = e?.time ?? (/* @__PURE__ */ new Date()).toISOString();
409
423
  }
410
424
  }
411
- var de = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(de || {}), I = /* @__PURE__ */ ((i) => (i.web = "web", i))(I || {});
412
- function A(i, e) {
425
+ var de = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(de || {}), b = /* @__PURE__ */ ((i) => (i.web = "web", i))(b || {});
426
+ function m(i, e) {
413
427
  let t = i;
414
- return Object.entries(e).forEach(([s, r]) => {
415
- t = t.replace(`:${s}`, r);
428
+ return Object.entries(e).forEach(([r, s]) => {
429
+ t = t.replace(`:${r}`, s);
416
430
  }), t;
417
431
  }
418
432
  var ue = /* @__PURE__ */ ((i) => (i.Disabled = "disabled", i.Optional = "optional", i.Required = "required", i))(ue || {});
419
433
  const le = 3, ge = 1e3;
420
- class T {
421
- constructor(e, t, s) {
434
+ class _ {
435
+ constructor(e, t, r) {
422
436
  this.refreshPromise = null, this.isRefreshing = !1, this.origin = typeof window < "u" ? window.location.origin : "", this.defaultHeaders = {
423
437
  Accept: "application/json",
424
438
  "Content-Type": "application/json"
425
439
  }, this.nonAccessTokenEndpoints = ["/auth/", "/settings", "/settings/"], this.protectedEndpoints = ["logout", "refresh"];
426
- const { url: r, appId: n, keyStoragePrefix: o } = e;
427
- this.url = r || G, this.storageManager = t ?? new $({
428
- prefix: o ?? ""
429
- }), this.deviceService = s ?? new B(this.storageManager), this.tokenService = new he(this.storageManager), this.tokenDeliveryManager = new Y(this.storageManager), n && (this.appId = n, this.defaultHeaders = {
440
+ const { url: s, appId: o, keyStoragePrefix: n } = e;
441
+ this.url = s || V, this.storageManager = t ?? new $({
442
+ prefix: n ?? ""
443
+ }), this.deviceService = r ?? new B(this.storageManager), this.tokenService = new he(this.storageManager), this.tokenDeliveryManager = new Y(this.storageManager), o && (this.appId = o, this.defaultHeaders = {
430
444
  ...this.defaultHeaders,
431
- [C]: n
445
+ [C]: o
432
446
  });
433
447
  const d = this.deviceService.getDeviceId();
434
448
  this.defaultHeaders = {
435
449
  ...this.defaultHeaders,
436
450
  [W]: d,
437
451
  [J]: "web"
438
- }, this.detectCookieSupport(), this.instance = D.create({
452
+ }, this.detectCookieSupport(), this.instance = F.create({
439
453
  baseURL: this.url,
440
454
  headers: { ...this.defaultHeaders }
441
- }), this.instance.interceptors.request.use(async (c) => {
442
- if (this.isNonAuthEndpoint(c.url))
443
- return c;
455
+ }), this.instance.interceptors.request.use(async (h) => {
456
+ if (this.isNonAuthEndpoint(h.url))
457
+ return h;
444
458
  if (this.tokenDeliveryManager.isCookieMode()) {
445
- c.withCredentials = !0;
446
- const p = this.storageManager.getCsrfToken();
447
- return p && (c.headers["X-CSRF-Token"] = p), c;
459
+ h.withCredentials = !0;
460
+ const f = this.storageManager.getCsrfToken();
461
+ return f && (h.headers["X-CSRF-Token"] = f), h;
448
462
  }
449
- if (c.url?.includes("refresh")) {
463
+ if (h.url?.includes("refresh")) {
450
464
  if (this.isRefreshing) {
451
- const p = new AbortController();
452
- return p.abort(), c.signal = p.signal, c;
465
+ const f = new AbortController();
466
+ return f.abort(), h.signal = f.signal, h;
453
467
  }
454
- return c;
468
+ return h;
455
469
  }
456
470
  const g = this.storageManager.getTokens();
457
471
  if (g?.access_token) {
458
- const p = y(g.access_token);
459
- if (m(p, V) && g.refresh_token)
472
+ const f = v(g.access_token);
473
+ if (S(f, G) && g.refresh_token)
460
474
  try {
461
475
  if (this.refreshPromise) {
462
- const f = await this.refreshPromise;
463
- return f?.data?.access_token && (c.headers[_] = `Bearer ${f.data.access_token}`), c;
476
+ const k = await this.refreshPromise;
477
+ return k?.data?.access_token && (h.headers[I] = `Bearer ${k.data.access_token}`), h;
464
478
  }
465
479
  this.refreshPromise = this.refreshTokens();
466
480
  try {
467
- const f = await this.refreshPromise;
468
- return f?.data?.access_token && (c.headers[_] = `Bearer ${f.data.access_token}`), c;
481
+ const k = await this.refreshPromise;
482
+ return k?.data?.access_token && (h.headers[I] = `Bearer ${k.data.access_token}`), h;
469
483
  } finally {
470
484
  this.refreshPromise = null;
471
485
  }
472
- } catch (f) {
473
- return this.refreshPromise = null, this.isRefreshing = !1, this.storageManager.deleteTokens(), Promise.reject(f);
486
+ } catch (k) {
487
+ return this.refreshPromise = null, this.isRefreshing = !1, this.storageManager.deleteTokens(), Promise.reject(k);
474
488
  }
475
- return c.headers[_] = `Bearer ${g.access_token}`, c;
489
+ return h.headers[I] = `Bearer ${g.access_token}`, h;
476
490
  }
477
- return c;
491
+ return h;
478
492
  }), this.instance.interceptors.response.use(
479
- (c) => c,
480
- async (c) => (c.response?.status === 401 && this.tokenDeliveryManager.setSessionInvalid(), c.response?.status === 429 ? await this.handleRateLimitError(c) : this.handleAxiosError(c))
493
+ (h) => h,
494
+ async (h) => (h.response?.status === 401 && this.tokenDeliveryManager.setSessionInvalid(), h.response?.status === 429 ? await this.handleRateLimitError(h) : this.handleAxiosError(h))
481
495
  );
482
496
  }
483
497
  isProtectedEndpoint(e) {
@@ -506,7 +520,7 @@ class T {
506
520
  async refreshTokens() {
507
521
  if (this.tokenDeliveryManager.isCookieMode()) {
508
522
  const e = await this.instance.post(
509
- h.refresh,
523
+ c.refresh,
510
524
  {},
511
525
  // Empty body
512
526
  { withCredentials: !0 }
@@ -517,49 +531,49 @@ class T {
517
531
  if (!e?.refresh_token)
518
532
  throw new Error("No refresh token available");
519
533
  this.isRefreshing = !0;
520
- const s = {
534
+ const r = {
521
535
  refresh_token: e.refresh_token,
522
536
  scopes: t
523
- }, r = await this.instance.post(h.refresh, s, {
537
+ }, s = await this.instance.post(c.refresh, r, {
524
538
  headers: {
525
- [_]: `Bearer ${e.refresh_token}`
539
+ [I]: `Bearer ${e.refresh_token}`
526
540
  }
527
541
  });
528
- return r.data && this.storageManager.saveTokens(r.data), this.isRefreshing = !1, r;
542
+ return s.data && this.storageManager.saveTokens(s.data), this.isRefreshing = !1, s;
529
543
  }
530
544
  }
531
545
  async handleRateLimitError(e) {
532
546
  const t = e.config;
533
547
  if (!t)
534
548
  return Promise.reject(e);
535
- const s = t.method?.toUpperCase();
536
- if (!["GET", "HEAD", "OPTIONS"].includes(s || ""))
549
+ const r = t.method?.toUpperCase();
550
+ if (!["GET", "HEAD", "OPTIONS"].includes(r || ""))
537
551
  return Promise.reject(e);
538
- const n = t._retryCount || 0;
539
- if (n >= le)
552
+ const o = t._retryCount || 0;
553
+ if (o >= le)
540
554
  return Promise.reject(e);
541
- let o = ge * Math.pow(2, n);
555
+ let n = ge * Math.pow(2, o);
542
556
  const d = e.response?.headers?.["retry-after"];
543
557
  if (d) {
544
- const c = Number.parseInt(d, 10);
545
- if (!Number.isNaN(c))
546
- o = c * 1e3;
558
+ const h = Number.parseInt(d, 10);
559
+ if (!Number.isNaN(h))
560
+ n = h * 1e3;
547
561
  else {
548
562
  const g = new Date(d);
549
- Number.isNaN(g.getTime()) || (o = Math.max(0, g.getTime() - Date.now()));
563
+ Number.isNaN(g.getTime()) || (n = Math.max(0, g.getTime() - Date.now()));
550
564
  }
551
565
  }
552
- return await new Promise((c) => setTimeout(c, o)), t._retryCount = n + 1, this.instance.request(t);
566
+ return await new Promise((h) => setTimeout(h, n)), t._retryCount = o + 1, this.instance.request(t);
553
567
  }
554
568
  // eslint-disable-next-line complexity
555
569
  // biome-ignore lint/suspicious/useAwait: <explanation>
556
570
  async handleAxiosError(e) {
557
571
  if (!e.response)
558
572
  return Promise.reject(e);
559
- const t = e.response.status, s = e.response.data;
560
- if ("error" in s && typeof s.error == "object" && s.error !== null) {
561
- const { error: r } = s;
562
- return Promise.reject(new u(r));
573
+ const t = e.response.status, r = e.response.data;
574
+ if ("error" in r && typeof r.error == "object" && r.error !== null) {
575
+ const { error: s } = r;
576
+ return Promise.reject(new u(s));
563
577
  }
564
578
  return Promise.reject(
565
579
  new u({
@@ -571,24 +585,24 @@ class T {
571
585
  })
572
586
  );
573
587
  }
574
- async send(e, t, s) {
588
+ async send(e, t, r) {
575
589
  return (await this.instance.request({
576
590
  method: e,
577
591
  url: t,
578
- ...s
592
+ ...r
579
593
  })).data;
580
594
  }
581
595
  get(e, t) {
582
596
  return this.send(E.GET, e, t);
583
597
  }
584
- post(e, t, s) {
585
- return this.send(E.POST, e, { data: t, ...s });
598
+ post(e, t, r) {
599
+ return this.send(E.POST, e, { data: t, ...r });
586
600
  }
587
- put(e, t, s) {
588
- return this.send(E.PUT, e, { data: t, ...s });
601
+ put(e, t, r) {
602
+ return this.send(E.PUT, e, { data: t, ...r });
589
603
  }
590
- patch(e, t, s) {
591
- return this.send(E.PATCH, e, { data: t, ...s });
604
+ patch(e, t, r) {
605
+ return this.send(E.PATCH, e, { data: t, ...r });
592
606
  }
593
607
  delete(e, t) {
594
608
  return this.send(E.DELETE, e, t);
@@ -607,151 +621,151 @@ class T {
607
621
  }
608
622
  }
609
623
  class pe {
610
- constructor(e, t, s) {
611
- this.axiosClient = new T(e, t, s);
624
+ constructor(e, t, r) {
625
+ this.axiosClient = new _(e, t, r);
612
626
  }
613
627
  setAppId(e) {
614
628
  this.axiosClient.setAppId(e);
615
629
  }
616
630
  getAppSettings() {
617
- return this.axiosClient.get(h.appSettings);
631
+ return this.axiosClient.get(c.appSettings);
618
632
  }
619
633
  }
620
634
  class fe {
621
- constructor(e, t, s) {
622
- this.axiosClient = new T(e, t, s);
635
+ constructor(e, t, r) {
636
+ this.axiosClient = new _(e, t, r);
623
637
  }
624
638
  setAppId(e) {
625
639
  this.axiosClient.setAppId(e);
626
640
  }
627
- refreshToken(e, t, s) {
628
- const r = {
629
- access: s,
641
+ refreshToken(e, t, r) {
642
+ const s = {
643
+ access: r,
630
644
  scopes: t
631
645
  };
632
- return this.axiosClient.post(h.refresh, r, {
646
+ return this.axiosClient.post(c.refresh, s, {
633
647
  headers: {
634
- [_]: `Bearer ${e}`
648
+ [I]: `Bearer ${e}`
635
649
  }
636
650
  });
637
651
  }
638
- signIn(e, t, s) {
639
- const r = {
652
+ signIn(e, t, r) {
653
+ const s = {
640
654
  ...e,
641
655
  device: t,
642
- os: s
656
+ os: r
643
657
  };
644
658
  return this.axiosClient.post(
645
- h.signin,
646
- r
659
+ c.signin,
660
+ s
647
661
  );
648
662
  }
649
663
  signUp(e) {
650
- const { create_tenant: t, anonymous: s } = e, r = {
664
+ const { create_tenant: t, anonymous: r } = e, s = {
651
665
  ...e,
652
666
  create_tenant: t ?? !1,
653
- anonymous: s ?? !1
667
+ anonymous: r ?? !1
654
668
  };
655
669
  return this.axiosClient.post(
656
- h.signup,
657
- r
670
+ c.signup,
671
+ s
658
672
  );
659
673
  }
660
- passwordlessSignIn(e, t, s) {
661
- const { create_tenant: r } = e, n = {
674
+ passwordlessSignIn(e, t, r) {
675
+ const { create_tenant: s } = e, o = {
662
676
  ...e,
663
- create_tenant: r ?? !1,
677
+ create_tenant: s ?? !1,
664
678
  device: t,
665
- os: s
679
+ os: r
666
680
  };
667
681
  return this.axiosClient.post(
668
- h.passwordless,
669
- n
682
+ c.passwordless,
683
+ o
670
684
  );
671
685
  }
672
686
  passwordlessSignInComplete(e) {
673
687
  return this.axiosClient.post(
674
- h.passwordlessComplete,
688
+ c.passwordlessComplete,
675
689
  e
676
690
  );
677
691
  }
678
- logOut(e, t, s = !1) {
679
- const r = s ? void 0 : { refresh_token: t, device: e }, n = s ? w.logout : h.logout;
680
- return this.axiosClient.post(n, r);
692
+ logOut(e, t, r = !1) {
693
+ const s = r ? void 0 : { refresh_token: t, device: e }, o = r ? T.logout : c.logout;
694
+ return this.axiosClient.post(o, s);
681
695
  }
682
696
  validateSession() {
683
- return this.axiosClient.get(h.validateSession);
697
+ return this.axiosClient.get(c.validateSession);
684
698
  }
685
699
  sendPasswordResetEmail(e) {
686
700
  return this.axiosClient.post(
687
- h.sendPasswordResetEmail,
701
+ c.sendPasswordResetEmail,
688
702
  e
689
703
  );
690
704
  }
691
- resetPassword(e, t, s) {
692
- const r = {
705
+ resetPassword(e, t, r) {
706
+ const s = {
693
707
  password: e,
694
708
  scopes: t
695
709
  };
696
- return this.axiosClient.post(h.resetPassword, r, {
710
+ return this.axiosClient.post(c.resetPassword, s, {
697
711
  headers: {
698
- [_]: `Bearer ${s}`,
712
+ [I]: `Bearer ${r}`,
699
713
  [C]: void 0
700
714
  }
701
715
  });
702
716
  }
703
- passkeyRegisterStart(e, t, s, r = !1) {
704
- const { create_tenant: n } = e, o = {
717
+ passkeyRegisterStart(e, t, r, s = !1) {
718
+ const { create_tenant: o } = e, n = {
705
719
  ...e,
706
- create_tenant: n ?? !1,
720
+ create_tenant: o ?? !1,
707
721
  device: t,
708
- os: s
709
- }, d = r ? w.passkeyRegisterStart : h.passkeyRegisterStart;
710
- return this.axiosClient.post(d, o);
722
+ os: r
723
+ }, d = s ? T.passkeyRegisterStart : c.passkeyRegisterStart;
724
+ return this.axiosClient.post(d, n);
711
725
  }
712
- passkeyRegisterComplete(e, t, s, r = !1) {
713
- const n = {
714
- challenge_id: s,
726
+ passkeyRegisterComplete(e, t, r, s = !1) {
727
+ const o = {
728
+ challenge_id: r,
715
729
  device: t,
716
730
  passkey_data: e
717
- }, o = r ? w.passkeyRegisterComplete : h.passkeyRegisterComplete;
718
- return this.axiosClient.post(o, n);
731
+ }, n = s ? T.passkeyRegisterComplete : c.passkeyRegisterComplete;
732
+ return this.axiosClient.post(n, o);
719
733
  }
720
- passkeyAuthenticateStart(e, t, s, r = !1) {
721
- const n = {
734
+ passkeyAuthenticateStart(e, t, r, s = !1) {
735
+ const o = {
722
736
  ...e,
723
737
  user_id: e.user_id ?? "",
724
738
  device: t,
725
- os: s
726
- }, o = r ? w.passkeyAuthenticateStart : h.passkeyAuthenticateStart;
739
+ os: r
740
+ }, n = s ? T.passkeyAuthenticateStart : c.passkeyAuthenticateStart;
727
741
  return this.axiosClient.post(
728
- o,
729
- n
742
+ n,
743
+ o
730
744
  );
731
745
  }
732
- passkeyAuthenticateComplete(e, t, s, r = !1) {
733
- const n = {
734
- challenge_id: s,
746
+ passkeyAuthenticateComplete(e, t, r, s = !1) {
747
+ const o = {
748
+ challenge_id: r,
735
749
  device: t,
736
750
  passkey_data: e
737
- }, o = r ? w.passkeyAuthenticateComplete : h.passkeyAuthenticateComplete;
738
- return this.axiosClient.post(o, n);
751
+ }, n = s ? T.passkeyAuthenticateComplete : c.passkeyAuthenticateComplete;
752
+ return this.axiosClient.post(n, o);
739
753
  }
740
- passkeyValidate(e, t, s, r = !1, n) {
741
- const o = {
754
+ passkeyValidate(e, t, r, s = !1, o) {
755
+ const n = {
742
756
  otp: e,
743
757
  device: t,
744
- challenge_id: s
758
+ challenge_id: r
745
759
  };
746
- let d = h.passkeyValidate;
747
- !n && r && (d = w.passkeyValidate);
748
- const c = n ? { [C]: n } : {};
749
- return this.axiosClient.post(d, o, { headers: c });
760
+ let d = c.passkeyValidate;
761
+ !o && s && (d = T.passkeyValidate);
762
+ const h = o ? { [C]: o } : {};
763
+ return this.axiosClient.post(d, n, { headers: h });
750
764
  }
751
765
  }
752
766
  class ke {
753
- constructor(e, t, s) {
754
- this.axiosClient = new T(e, t, s);
767
+ constructor(e, t, r) {
768
+ this.axiosClient = new _(e, t, r);
755
769
  }
756
770
  setAppId(e) {
757
771
  this.axiosClient.setAppId(e);
@@ -763,7 +777,7 @@ class ke {
763
777
  */
764
778
  requestInviteLink(e) {
765
779
  return this.axiosClient.post(
766
- h.requestInvitation,
780
+ c.requestInvitation,
767
781
  e
768
782
  );
769
783
  }
@@ -775,12 +789,12 @@ class ke {
775
789
  getInvitations(e) {
776
790
  const t = {};
777
791
  e.groupID && (t.group_id = e.groupID.toString()), e.skip !== void 0 && (t.skip = e.skip.toString()), e.limit !== void 0 && (t.limit = e.limit.toString());
778
- const s = A(h.invitationsPath, {
792
+ const r = m(c.invitationsPath, {
779
793
  tenantID: e.tenantID
780
794
  });
781
- return this.axiosClient.get(s, { params: t }).then((r) => ({
782
- invites: r.invites,
783
- nextPageSkip: r.next_page_skip
795
+ return this.axiosClient.get(r, { params: t }).then((s) => ({
796
+ invites: s.invites,
797
+ nextPageSkip: s.next_page_skip
784
798
  }));
785
799
  }
786
800
  /**
@@ -789,7 +803,7 @@ class ke {
789
803
  * @returns Promise with success response
790
804
  */
791
805
  deleteInvitation(e) {
792
- const t = A(h.invitationDelete, {
806
+ const t = m(c.invitationDelete, {
793
807
  invitationID: e
794
808
  });
795
809
  return this.axiosClient.delete(t);
@@ -800,7 +814,7 @@ class ke {
800
814
  * @returns Promise with success response
801
815
  */
802
816
  resendInvitation(e) {
803
- const t = A(h.invitationResend, {
817
+ const t = m(c.invitationResend, {
804
818
  invitationID: e
805
819
  });
806
820
  return this.axiosClient.post(t, {});
@@ -811,44 +825,44 @@ class ke {
811
825
  * @returns Promise with the link
812
826
  */
813
827
  getInvitationLink(e) {
814
- const t = A(h.invitationGetLink, {
828
+ const t = m(c.invitationGetLink, {
815
829
  invitationID: e
816
830
  });
817
831
  return this.axiosClient.get(t);
818
832
  }
819
833
  }
820
- class ye {
821
- constructor(e, t, s) {
822
- this.axiosClient = new T(e, t, s);
834
+ class ve {
835
+ constructor(e, t, r) {
836
+ this.axiosClient = new _(e, t, r);
823
837
  }
824
838
  setAppId(e) {
825
839
  this.axiosClient.setAppId(e);
826
840
  }
827
841
  getSettingsAll() {
828
- return this.axiosClient.get(h.settingsAll);
842
+ return this.axiosClient.get(c.settingsAll);
829
843
  }
830
844
  getPasswordPolicySettings() {
831
- return this.axiosClient.get(h.settingsPasswordPolicy);
845
+ return this.axiosClient.get(c.settingsPasswordPolicy);
832
846
  }
833
847
  getPasskeySettings() {
834
- return this.axiosClient.get(h.settingsPasskey);
848
+ return this.axiosClient.get(c.settingsPasskey);
835
849
  }
836
850
  }
837
- class ve {
838
- constructor(e, t, s) {
839
- this.axiosClient = new T(e, t, s);
851
+ class ye {
852
+ constructor(e, t, r) {
853
+ this.axiosClient = new _(e, t, r);
840
854
  }
841
855
  setAppId(e) {
842
856
  this.axiosClient.setAppId(e);
843
857
  }
844
858
  joinInvitation(e, t) {
845
- const s = {
859
+ const r = {
846
860
  invite_token: e,
847
861
  scopes: t
848
862
  };
849
863
  return this.axiosClient.post(
850
- h.joinInvitation,
851
- s
864
+ c.joinInvitation,
865
+ r
852
866
  );
853
867
  }
854
868
  createTenant(e) {
@@ -856,7 +870,7 @@ class ve {
856
870
  name: e
857
871
  };
858
872
  return this.axiosClient.post(
859
- h.tenantPath,
873
+ c.tenantPath,
860
874
  t
861
875
  );
862
876
  }
@@ -866,7 +880,7 @@ class ve {
866
880
  * @param tenantId Tenant ID
867
881
  */
868
882
  getTenantDetails(e) {
869
- const t = `${h.tenantPath}/${e}`;
883
+ const t = `${c.tenantPath}/${e}`;
870
884
  return this.axiosClient.get(t);
871
885
  }
872
886
  /**
@@ -875,22 +889,22 @@ class ve {
875
889
  * @param name New tenant name
876
890
  */
877
891
  updateTenant(e, t) {
878
- const s = `${h.tenantPath}/${e}`, r = { name: t };
879
- return this.axiosClient.put(s, r);
892
+ const r = `${c.tenantPath}/${e}`, s = { name: t };
893
+ return this.axiosClient.put(r, s);
880
894
  }
881
895
  /**
882
896
  * Delete a tenant
883
897
  * @param tenantId Tenant ID
884
898
  */
885
899
  deleteTenant(e) {
886
- const t = `${h.tenantPath}/${e}`;
900
+ const t = `${c.tenantPath}/${e}`;
887
901
  return this.axiosClient.delete(t);
888
902
  }
889
903
  /**
890
904
  * Get user's tenant memberships
891
905
  */
892
906
  getUserTenantMembership() {
893
- return this.axiosClient.get(h.tenantPath);
907
+ return this.axiosClient.get(c.tenantPath);
894
908
  }
895
909
  // 2. Group Management
896
910
  /**
@@ -899,8 +913,8 @@ class ve {
899
913
  * @param name Group name
900
914
  */
901
915
  createGroup(e, t) {
902
- const s = `${h.tenantPath}/${e}/group`, r = { name: t };
903
- return this.axiosClient.post(s, r);
916
+ const r = `${c.tenantPath}/${e}/group`, s = { name: t };
917
+ return this.axiosClient.post(r, s);
904
918
  }
905
919
  /**
906
920
  * Get group information
@@ -908,8 +922,8 @@ class ve {
908
922
  * @param groupId Group ID
909
923
  */
910
924
  getGroupInfo(e, t) {
911
- const s = `${h.tenantPath}/${e}/group/${t}`;
912
- return this.axiosClient.get(s);
925
+ const r = `${c.tenantPath}/${e}/group/${t}`;
926
+ return this.axiosClient.get(r);
913
927
  }
914
928
  /**
915
929
  * Update a group
@@ -917,9 +931,9 @@ class ve {
917
931
  * @param groupId Group ID
918
932
  * @param name New group name
919
933
  */
920
- updateGroup(e, t, s) {
921
- const r = `${h.tenantPath}/${e}/group/${t}`, n = { name: s };
922
- return this.axiosClient.put(r, n);
934
+ updateGroup(e, t, r) {
935
+ const s = `${c.tenantPath}/${e}/group/${t}`, o = { name: r };
936
+ return this.axiosClient.put(s, o);
923
937
  }
924
938
  /**
925
939
  * Delete a group
@@ -927,8 +941,8 @@ class ve {
927
941
  * @param groupId Group ID
928
942
  */
929
943
  deleteGroup(e, t) {
930
- const s = `${h.tenantPath}/${e}/group/${t}`;
931
- return this.axiosClient.delete(s);
944
+ const r = `${c.tenantPath}/${e}/group/${t}`;
945
+ return this.axiosClient.delete(r);
932
946
  }
933
947
  /**
934
948
  * Add a user to a group
@@ -937,9 +951,9 @@ class ve {
937
951
  * @param userId User ID
938
952
  * @param role Role to assign
939
953
  */
940
- addUserToGroup(e, t, s, r) {
941
- const n = `${h.tenantPath}/${e}/group/${t}/add`, o = { user_id: s, role: r };
942
- return this.axiosClient.post(n, o);
954
+ addUserToGroup(e, t, r, s) {
955
+ const o = `${c.tenantPath}/${e}/group/${t}/add`, n = { user_id: r, role: s };
956
+ return this.axiosClient.post(o, n);
943
957
  }
944
958
  /**
945
959
  * Remove user roles from a group
@@ -948,9 +962,9 @@ class ve {
948
962
  * @param userId User ID
949
963
  * @param roles Roles to remove
950
964
  */
951
- removeUserRolesFromGroup(e, t, s, r) {
952
- const n = `${h.tenantPath}/${e}/group/${t}/remove_roles`, o = { user_id: s, roles: r };
953
- return this.axiosClient.post(n, o);
965
+ removeUserRolesFromGroup(e, t, r, s) {
966
+ const o = `${c.tenantPath}/${e}/group/${t}/remove_roles`, n = { user_id: r, roles: s };
967
+ return this.axiosClient.post(o, n);
954
968
  }
955
969
  /**
956
970
  * Change user roles in a group
@@ -959,9 +973,9 @@ class ve {
959
973
  * @param userId User ID
960
974
  * @param roles New roles to assign
961
975
  */
962
- changeUserRoles(e, t, s, r) {
963
- const n = `${h.tenantPath}/${e}/group/${t}/change`, o = { user_id: s, roles: r };
964
- return this.axiosClient.post(n, o);
976
+ changeUserRoles(e, t, r, s) {
977
+ const o = `${c.tenantPath}/${e}/group/${t}/change`, n = { user_id: r, roles: s };
978
+ return this.axiosClient.post(o, n);
965
979
  }
966
980
  /**
967
981
  * Delete a user from a group
@@ -969,9 +983,9 @@ class ve {
969
983
  * @param groupId Group ID
970
984
  * @param userId User ID
971
985
  */
972
- deleteUserFromGroup(e, t, s) {
973
- const r = `${h.tenantPath}/${e}/group/${t}/${s}`;
974
- return this.axiosClient.delete(r);
986
+ deleteUserFromGroup(e, t, r) {
987
+ const s = `${c.tenantPath}/${e}/group/${t}/${r}`;
988
+ return this.axiosClient.delete(s);
975
989
  }
976
990
  // 3. Role Management
977
991
  /**
@@ -979,7 +993,7 @@ class ve {
979
993
  * @param tenantId Tenant ID
980
994
  */
981
995
  getRolesForTenant(e) {
982
- const t = `${h.tenantPath}/${e}/role`;
996
+ const t = `${c.tenantPath}/${e}/role`;
983
997
  return this.axiosClient.get(t);
984
998
  }
985
999
  /**
@@ -988,8 +1002,8 @@ class ve {
988
1002
  * @param name Role name
989
1003
  */
990
1004
  createRoleForTenant(e, t) {
991
- const s = `${h.tenantPath}/${e}/role`, r = { name: t };
992
- return this.axiosClient.post(s, r);
1005
+ const r = `${c.tenantPath}/${e}/role`, s = { name: t };
1006
+ return this.axiosClient.post(r, s);
993
1007
  }
994
1008
  /**
995
1009
  * Update a role
@@ -997,9 +1011,9 @@ class ve {
997
1011
  * @param roleId Role ID
998
1012
  * @param name New role name
999
1013
  */
1000
- updateRole(e, t, s) {
1001
- const r = `${h.tenantPath}/${e}/role/${t}`, n = { name: s };
1002
- return this.axiosClient.put(r, n);
1014
+ updateRole(e, t, r) {
1015
+ const s = `${c.tenantPath}/${e}/role/${t}`, o = { name: r };
1016
+ return this.axiosClient.put(s, o);
1003
1017
  }
1004
1018
  /**
1005
1019
  * Delete a role
@@ -1007,8 +1021,8 @@ class ve {
1007
1021
  * @param roleId Role ID
1008
1022
  */
1009
1023
  deleteRole(e, t) {
1010
- const s = `${h.tenantPath}/${e}/role/${t}`;
1011
- return this.axiosClient.delete(s);
1024
+ const r = `${c.tenantPath}/${e}/role/${t}`;
1025
+ return this.axiosClient.delete(r);
1012
1026
  }
1013
1027
  // 4. User Management in Tenants
1014
1028
  /**
@@ -1017,8 +1031,8 @@ class ve {
1017
1031
  * @param userId User ID
1018
1032
  */
1019
1033
  deleteUserFromTenant(e, t) {
1020
- const s = `${h.tenantPath}/${e}/user/${t}`;
1021
- return this.axiosClient.delete(s);
1034
+ const r = `${c.tenantPath}/${e}/user/${t}`;
1035
+ return this.axiosClient.delete(r);
1022
1036
  }
1023
1037
  // 5. Invitation Management
1024
1038
  /**
@@ -1028,10 +1042,10 @@ class ve {
1028
1042
  * @param limit Maximum number of invitations to return
1029
1043
  * @param skip Number of invitations to skip
1030
1044
  */
1031
- getGroupInvitations(e, t, s, r) {
1032
- const n = `${h.tenantPath}/${e}/group/${t}/invitations`;
1033
- return this.axiosClient.get(n, {
1034
- params: { limit: s, skip: r }
1045
+ getGroupInvitations(e, t, r, s) {
1046
+ const o = `${c.tenantPath}/${e}/group/${t}/invitations`;
1047
+ return this.axiosClient.get(o, {
1048
+ params: { limit: r, skip: s }
1035
1049
  });
1036
1050
  }
1037
1051
  /**
@@ -1040,10 +1054,10 @@ class ve {
1040
1054
  * @param limit Maximum number of invitations to return
1041
1055
  * @param skip Number of invitations to skip
1042
1056
  */
1043
- getTenantInvitations(e, t, s) {
1044
- const r = `${h.tenantPath}/${e}/invitations`;
1045
- return this.axiosClient.get(r, {
1046
- params: { limit: t, skip: s }
1057
+ getTenantInvitations(e, t, r) {
1058
+ const s = `${c.tenantPath}/${e}/invitations`;
1059
+ return this.axiosClient.get(s, {
1060
+ params: { limit: t, skip: r }
1047
1061
  });
1048
1062
  }
1049
1063
  /**
@@ -1052,9 +1066,9 @@ class ve {
1052
1066
  * @param groupId Group ID
1053
1067
  * @param inviteId Invitation ID
1054
1068
  */
1055
- invalidateInviteById(e, t, s) {
1056
- const r = `${h.tenantPath}/${e}/group/${t}/invite/${s}`;
1057
- return this.axiosClient.delete(r);
1069
+ invalidateInviteById(e, t, r) {
1070
+ const s = `${c.tenantPath}/${e}/group/${t}/invite/${r}`;
1071
+ return this.axiosClient.delete(s);
1058
1072
  }
1059
1073
  /**
1060
1074
  * Invalidate an invitation by email
@@ -1062,14 +1076,14 @@ class ve {
1062
1076
  * @param groupId Group ID
1063
1077
  * @param email Email address
1064
1078
  */
1065
- invalidateInviteByEmail(e, t, s) {
1066
- const r = `${h.tenantPath}/${e}/group/${t}/invite/email/${s}`;
1067
- return this.axiosClient.delete(r);
1079
+ invalidateInviteByEmail(e, t, r) {
1080
+ const s = `${c.tenantPath}/${e}/group/${t}/invite/email/${r}`;
1081
+ return this.axiosClient.delete(s);
1068
1082
  }
1069
1083
  }
1070
1084
  class me {
1071
- constructor(e, t, s) {
1072
- this.axiosClient = new T(e, t, s);
1085
+ constructor(e, t, r) {
1086
+ this.axiosClient = new _(e, t, r);
1073
1087
  }
1074
1088
  setAppId(e) {
1075
1089
  this.axiosClient.setAppId(e);
@@ -1079,7 +1093,7 @@ class me {
1079
1093
  * GET /user/2fa/status
1080
1094
  */
1081
1095
  getStatus() {
1082
- return this.axiosClient.get(h.twoFactorStatus);
1096
+ return this.axiosClient.get(c.twoFactorStatus);
1083
1097
  }
1084
1098
  /**
1085
1099
  * Begin 2FA setup process
@@ -1087,7 +1101,7 @@ class me {
1087
1101
  * Returns secret and QR code for authenticator app
1088
1102
  */
1089
1103
  beginSetup() {
1090
- return this.axiosClient.post(h.twoFactorSetupBegin, {});
1104
+ return this.axiosClient.post(c.twoFactorSetupBegin, {});
1091
1105
  }
1092
1106
  /**
1093
1107
  * Confirm 2FA setup with TOTP code
@@ -1096,7 +1110,7 @@ class me {
1096
1110
  */
1097
1111
  confirmSetup(e) {
1098
1112
  return this.axiosClient.post(
1099
- h.twoFactorSetupConfirm,
1113
+ c.twoFactorSetupConfirm,
1100
1114
  e
1101
1115
  );
1102
1116
  }
@@ -1106,10 +1120,10 @@ class me {
1106
1120
  * Uses tfa_token as Bearer token for authentication
1107
1121
  */
1108
1122
  verify(e) {
1109
- const { tfa_token: t, code: s } = e;
1123
+ const { tfa_token: t, code: r } = e;
1110
1124
  return this.axiosClient.post(
1111
- h.twoFactorVerify,
1112
- { code: s },
1125
+ c.twoFactorVerify,
1126
+ { code: r },
1113
1127
  {
1114
1128
  headers: {
1115
1129
  Authorization: `Bearer ${t}`
@@ -1123,10 +1137,10 @@ class me {
1123
1137
  * Uses tfa_token as Bearer token for authentication
1124
1138
  */
1125
1139
  useRecoveryCode(e) {
1126
- const { tfa_token: t, recovery_code: s } = e;
1140
+ const { tfa_token: t, recovery_code: r } = e;
1127
1141
  return this.axiosClient.post(
1128
- h.twoFactorRecovery,
1129
- { recovery_code: s },
1142
+ c.twoFactorRecovery,
1143
+ { recovery_code: r },
1130
1144
  {
1131
1145
  headers: {
1132
1146
  Authorization: `Bearer ${t}`
@@ -1139,7 +1153,7 @@ class me {
1139
1153
  * DELETE /user/2fa
1140
1154
  */
1141
1155
  disable(e) {
1142
- return this.axiosClient.delete(h.twoFactor, { data: e });
1156
+ return this.axiosClient.delete(c.twoFactor, { data: e });
1143
1157
  }
1144
1158
  /**
1145
1159
  * Regenerate recovery codes
@@ -1147,7 +1161,7 @@ class me {
1147
1161
  */
1148
1162
  regenerateRecoveryCodes(e) {
1149
1163
  return this.axiosClient.post(
1150
- h.twoFactorRegenerateCodes,
1164
+ c.twoFactorRegenerateCodes,
1151
1165
  e
1152
1166
  );
1153
1167
  }
@@ -1166,30 +1180,30 @@ class me {
1166
1180
  * @returns Validation response with scoped session token or error
1167
1181
  */
1168
1182
  validateTwoFactorSetupMagicLink(e) {
1169
- const t = `${h.twoFactorSetupMagicLink}/${e}`;
1183
+ const t = `${c.twoFactorSetupMagicLink}/${e}`;
1170
1184
  return this.axiosClient.get(t, {
1171
1185
  // Override default auth headers (this is a public endpoint)
1172
1186
  transformRequest: [
1173
- (s, r) => (r && delete r.Authorization, s)
1187
+ (r, s) => (s && delete s.Authorization, r)
1174
1188
  ]
1175
- }).then((s) => {
1176
- const r = s;
1189
+ }).then((r) => {
1190
+ const s = r;
1177
1191
  return {
1178
1192
  success: !0,
1179
- sessionToken: r.session_token,
1180
- userId: r.user_id,
1181
- expiresIn: r.expires_in,
1182
- appId: r.app_id
1193
+ sessionToken: s.session_token,
1194
+ userId: s.user_id,
1195
+ expiresIn: s.expires_in,
1196
+ appId: s.app_id
1183
1197
  };
1184
- }).catch((s) => {
1185
- if (s.response) {
1186
- const r = s.response.status, n = s.response.data || {}, o = s.response.headers?.["retry-after"] ? parseInt(s.response.headers["retry-after"], 10) : void 0;
1198
+ }).catch((r) => {
1199
+ if (r.response) {
1200
+ const s = r.response.status, o = r.response.data || {}, n = r.response.headers?.["retry-after"] ? parseInt(r.response.headers["retry-after"], 10) : void 0;
1187
1201
  return {
1188
1202
  success: !1,
1189
1203
  error: {
1190
- code: n.error || this.mapStatusToErrorCode(r),
1191
- message: n.message || this.getDefaultErrorMessage(r),
1192
- retryAfter: o
1204
+ code: o.error || this.mapStatusToErrorCode(s),
1205
+ message: o.message || this.getDefaultErrorMessage(s),
1206
+ retryAfter: n
1193
1207
  }
1194
1208
  };
1195
1209
  }
@@ -1197,7 +1211,7 @@ class me {
1197
1211
  success: !1,
1198
1212
  error: {
1199
1213
  code: "SERVER_ERROR",
1200
- message: s instanceof Error ? s.message : "Unable to connect to the server. Please check your connection."
1214
+ message: r instanceof Error ? r.message : "Unable to connect to the server. Please check your connection."
1201
1215
  }
1202
1216
  };
1203
1217
  });
@@ -1236,53 +1250,139 @@ class me {
1236
1250
  return "An error occurred while validating the magic link.";
1237
1251
  }
1238
1252
  }
1253
+ // ============================================
1254
+ // v2 Multi-Method 2FA API Methods
1255
+ // ============================================
1256
+ /**
1257
+ * Get available 2FA methods for current user
1258
+ * GET /v2/user/2fa/methods/available
1259
+ */
1260
+ getAvailableMethods() {
1261
+ return this.axiosClient.get(c.TwoFactorMethodsAvailable);
1262
+ }
1263
+ /**
1264
+ * Get registered 2FA methods for current user
1265
+ * GET /v2/user/2fa/methods
1266
+ */
1267
+ getRegisteredMethods() {
1268
+ return this.axiosClient.get(c.TwoFactorMethodsRegistered);
1269
+ }
1270
+ /**
1271
+ * Begin 2FA method setup
1272
+ * POST /v2/user/2fa/methods/:method/setup/begin
1273
+ */
1274
+ beginMethodSetup(e) {
1275
+ const t = m(c.TwoFactorMethodSetupBegin, { method: e });
1276
+ return this.axiosClient.post(t, {});
1277
+ }
1278
+ /**
1279
+ * Confirm 2FA method setup
1280
+ * POST /v2/user/2fa/methods/:method/setup/confirm
1281
+ */
1282
+ confirmMethodSetup(e, t) {
1283
+ const r = m(c.TwoFactorMethodSetupConfirm, { method: e });
1284
+ return this.axiosClient.post(r, t);
1285
+ }
1286
+ /**
1287
+ * Remove registered 2FA method
1288
+ * DELETE /v2/user/2fa/methods/:id
1289
+ */
1290
+ removeMethod(e) {
1291
+ const t = m(c.TwoFactorMethodRemove, { id: e });
1292
+ return this.axiosClient.delete(t);
1293
+ }
1294
+ /**
1295
+ * Request 2FA challenge during login
1296
+ * POST /v2/auth/2fa/challenge
1297
+ */
1298
+ requestChallenge(e) {
1299
+ return this.axiosClient.post(
1300
+ c.TwoFactorChallenge,
1301
+ e
1302
+ );
1303
+ }
1304
+ /**
1305
+ * Verify 2FA challenge (v2)
1306
+ * POST /v2/auth/2fa/verify
1307
+ */
1308
+ verifyV2(e) {
1309
+ return this.axiosClient.post(
1310
+ c.TwoFactorVerifyV2,
1311
+ e
1312
+ );
1313
+ }
1314
+ /**
1315
+ * Switch to alternative 2FA method during challenge
1316
+ * POST /v2/auth/2fa/alternative
1317
+ */
1318
+ switchToAlternative(e) {
1319
+ return this.axiosClient.post(
1320
+ c.TwoFactorAlternative,
1321
+ e
1322
+ );
1323
+ }
1324
+ /**
1325
+ * Get trusted devices
1326
+ * GET /v2/user/2fa/trusted-devices
1327
+ */
1328
+ getTrustedDevices() {
1329
+ return this.axiosClient.get(c.TwoFactorTrustedDevices);
1330
+ }
1331
+ /**
1332
+ * Revoke trusted device
1333
+ * DELETE /v2/user/2fa/trusted-devices/:id
1334
+ */
1335
+ revokeTrustedDevice(e) {
1336
+ const t = m(c.TwoFactorTrustedDeviceRevoke, { id: e });
1337
+ return this.axiosClient.delete(t);
1338
+ }
1239
1339
  }
1240
1340
  class Se {
1241
- constructor(e, t, s) {
1242
- this.axiosClient = new T(e, t, s);
1341
+ constructor(e, t, r) {
1342
+ this.axiosClient = new _(e, t, r);
1243
1343
  }
1244
1344
  setAppId(e) {
1245
1345
  this.axiosClient.setAppId(e);
1246
1346
  }
1247
1347
  getUserPasskeys() {
1248
- return this.axiosClient.get(h.userPasskey);
1348
+ return this.axiosClient.get(c.userPasskey);
1249
1349
  }
1250
1350
  renameUserPasskey(e, t) {
1251
1351
  return this.axiosClient.patch(
1252
- `${h.userPasskey}/${t}`,
1352
+ `${c.userPasskey}/${t}`,
1253
1353
  {
1254
1354
  name: e
1255
1355
  }
1256
1356
  );
1257
1357
  }
1258
1358
  deleteUserPasskey(e) {
1259
- return this.axiosClient.delete(`${h.userPasskey}/${e}`);
1359
+ return this.axiosClient.delete(`${c.userPasskey}/${e}`);
1260
1360
  }
1261
1361
  addUserPasskeyStart({
1262
1362
  relyingPartyId: e,
1263
1363
  deviceId: t,
1264
- os: s,
1265
- passkeyDisplayName: r,
1266
- passkeyUsername: n
1364
+ os: r,
1365
+ passkeyDisplayName: s,
1366
+ passkeyUsername: o
1267
1367
  }) {
1268
- const o = {
1269
- passkey_display_name: r,
1270
- passkey_username: n,
1368
+ const n = {
1369
+ passkey_display_name: s,
1370
+ passkey_username: o,
1271
1371
  relying_party_id: e,
1272
1372
  deviceId: t,
1273
- os: s
1373
+ os: r
1274
1374
  };
1275
- return this.axiosClient.post(h.addUserPasskey, o);
1375
+ return this.axiosClient.post(c.addUserPasskey, n);
1276
1376
  }
1277
- addUserPasskeyComplete(e, t, s) {
1278
- return this.axiosClient.post(h.completeAddUserPasskey, {
1279
- challenge_id: s,
1377
+ addUserPasskeyComplete(e, t, r) {
1378
+ return this.axiosClient.post(c.completeAddUserPasskey, {
1379
+ challenge_id: r,
1280
1380
  device: t,
1281
1381
  passkey_data: e
1282
1382
  });
1283
1383
  }
1284
1384
  }
1285
- var a = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.SessionRestored = "session:restored", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i.TwoFactorRequired = "2fa:required", i.TwoFactorSetupStarted = "2fa:setup_started", i.TwoFactorEnabled = "2fa:enabled", i.TwoFactorDisabled = "2fa:disabled", i.TwoFactorVerified = "2fa:verified", i.TwoFactorRecoveryUsed = "2fa:recovery_used", i.TwoFactorRecoveryCodesLow = "2fa:recovery_low", i.TwoFactorRecoveryCodesExhausted = "2fa:recovery_exhausted", i.TwoFactorSetupMagicLinkValidated = "2fa:magic_link_validated", i.TwoFactorSetupMagicLinkFailed = "2fa:magic_link_failed", i))(a || {});
1385
+ var a = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.SessionRestored = "session:restored", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i.TwoFactorRequired = "2fa:required", i.TwoFactorSetupStarted = "2fa:setup_started", i.TwoFactorEnabled = "2fa:enabled", i.TwoFactorDisabled = "2fa:disabled", i.TwoFactorVerified = "2fa:verified", i.TwoFactorRecoveryUsed = "2fa:recovery_used", i.TwoFactorRecoveryCodesLow = "2fa:recovery_low", i.TwoFactorRecoveryCodesExhausted = "2fa:recovery_exhausted", i.TwoFactorSetupMagicLinkValidated = "2fa:magic_link_validated", i.TwoFactorSetupMagicLinkFailed = "2fa:magic_link_failed", i.TwoFactorChallengeReceived = "two_factor_challenge_received", i.TwoFactorMethodSwitched = "two_factor_method_switched", i.TwoFactorDeviceTrusted = "two_factor_device_trusted", i))(a || {});
1286
1386
  class we {
1287
1387
  constructor() {
1288
1388
  this.subscribers = /* @__PURE__ */ new Map();
@@ -1294,8 +1394,8 @@ class we {
1294
1394
  */
1295
1395
  subscribe(e, t) {
1296
1396
  if (t?.length) {
1297
- const s = new Set(t);
1298
- this.subscribers.set(e, s);
1397
+ const r = new Set(t);
1398
+ this.subscribers.set(e, r);
1299
1399
  } else
1300
1400
  this.subscribers.set(e, null);
1301
1401
  }
@@ -1309,8 +1409,8 @@ class we {
1309
1409
  this.subscribers.delete(e);
1310
1410
  return;
1311
1411
  }
1312
- const s = this.subscribers.get(e);
1313
- s && (t.forEach((r) => s.delete(r)), s.size === 0 && this.subscribers.delete(e));
1412
+ const r = this.subscribers.get(e);
1413
+ r && (t.forEach((s) => r.delete(s)), r.size === 0 && this.subscribers.delete(e));
1314
1414
  }
1315
1415
  /**
1316
1416
  * Notify subscribers of an event
@@ -1318,22 +1418,22 @@ class we {
1318
1418
  * @param payload Event-specific payload data
1319
1419
  */
1320
1420
  notify(e, t) {
1321
- this.subscribers.forEach((s, r) => {
1322
- (!s || s.has(e)) && r.onAuthChange?.(e, t);
1421
+ this.subscribers.forEach((r, s) => {
1422
+ (!r || r.has(e)) && s.onAuthChange?.(e, t);
1323
1423
  });
1324
1424
  }
1325
1425
  }
1326
- function M(i) {
1426
+ function D(i) {
1327
1427
  if (!i || typeof i != "string") return !1;
1328
1428
  const e = i.split(".");
1329
1429
  if (e.length !== 3) return !1;
1330
1430
  const t = /^[A-Za-z0-9_-]+$/;
1331
- return e.every((s) => t.test(s) && s.length > 0);
1431
+ return e.every((r) => t.test(r) && r.length > 0);
1332
1432
  }
1333
1433
  function Te(i) {
1334
- return i.replace(/<[^>]*>/g, "").substring(0, oe);
1434
+ return i.replace(/<[^>]*>/g, "").substring(0, ne);
1335
1435
  }
1336
- function F(i) {
1436
+ function P(i) {
1337
1437
  if (!i || typeof i != "string") return !1;
1338
1438
  const e = i.trim();
1339
1439
  return e.length === 0 ? !1 : /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e);
@@ -1343,22 +1443,22 @@ function x(i) {
1343
1443
  const e = i.trim();
1344
1444
  return /^\+[1-9]\d{1,14}$/.test(e);
1345
1445
  }
1346
- function Ee(i) {
1446
+ function _e(i) {
1347
1447
  if (!i || typeof i != "string") return !1;
1348
1448
  const e = i.trim();
1349
- return e.length < ie || e.length > ne ? !1 : /^[a-zA-Z0-9_-]+$/.test(e);
1449
+ return e.length < ie || e.length > oe ? !1 : /^[a-zA-Z0-9_-]+$/.test(e);
1350
1450
  }
1351
1451
  function R(i, e = 6) {
1352
1452
  return !i || typeof i != "string" ? !1 : (e === 8 ? /^\d{8}$/ : /^\d{6}$/).test(i);
1353
1453
  }
1354
- function _e(i) {
1454
+ function Ee(i) {
1355
1455
  if (!i || typeof i != "string") return null;
1356
1456
  const e = i.toUpperCase().replace(/\s+/g, "");
1357
1457
  return /^[A-Z0-9-]{4,16}$/.test(e) ? e : null;
1358
1458
  }
1359
1459
  class Ie {
1360
- constructor(e, t, s, r, n, o, d, c, g, p, f, b) {
1361
- this.authApi = e, this.deviceService = t, this.storageManager = s, this.subscribeStore = r, this.tokenCacheService = n, this.scopes = o, this.createTenantForNewUser = d, this.origin = c, this.url = g, this.sessionCallbacks = p, this.appId = f, this.tokenExchangeConfig = b, this.tokenDeliveryManager = new Y(s), b?.enabled && this.tokenDeliveryManager.setMode(v.BFF), this.initializeSession();
1460
+ constructor(e, t, r, s, o, n, d, h, g, f, k, A) {
1461
+ this.authApi = e, this.deviceService = t, this.storageManager = r, this.subscribeStore = s, this.tokenCacheService = o, this.scopes = n, this.createTenantForNewUser = d, this.origin = h, this.url = g, this.sessionCallbacks = f, this.appId = k, this.tokenExchangeConfig = A, this.tokenDeliveryManager = new Y(r), A?.enabled && this.tokenDeliveryManager.setMode(y.BFF), this.initializeSession();
1362
1462
  }
1363
1463
  /**
1364
1464
  * Initialize session state on page load for cookie/BFF mode
@@ -1425,70 +1525,70 @@ class Ie {
1425
1525
  throw new Error(`BFF token storage failed: ${t.status}`);
1426
1526
  }
1427
1527
  async signIn(e) {
1428
- if ("email" in e && e.email && !F(e.email)) {
1429
- const r = new Error("Invalid email format"), n = {
1528
+ if ("email" in e && e.email && !P(e.email)) {
1529
+ const s = new Error("Invalid email format"), o = {
1430
1530
  message: "Invalid email format",
1431
- originalError: r,
1531
+ originalError: s,
1432
1532
  code: "VALIDATION_ERROR"
1433
1533
  };
1434
- throw this.subscribeStore.notify(a.Error, n), r;
1534
+ throw this.subscribeStore.notify(a.Error, o), s;
1435
1535
  }
1436
- if ("username" in e && e.username && !Ee(e.username)) {
1437
- const r = new Error(
1536
+ if ("username" in e && e.username && !_e(e.username)) {
1537
+ const s = new Error(
1438
1538
  "Invalid username format. Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens"
1439
- ), n = {
1539
+ ), o = {
1440
1540
  message: "Invalid username format. Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens",
1441
- originalError: r,
1541
+ originalError: s,
1442
1542
  code: "VALIDATION_ERROR"
1443
1543
  };
1444
- throw this.subscribeStore.notify(a.Error, n), r;
1544
+ throw this.subscribeStore.notify(a.Error, o), s;
1445
1545
  }
1446
1546
  if ("phone" in e && e.phone && !x(e.phone)) {
1447
- const r = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), n = {
1547
+ const s = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1448
1548
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1449
- originalError: r,
1549
+ originalError: s,
1450
1550
  code: "VALIDATION_ERROR"
1451
1551
  };
1452
- throw this.subscribeStore.notify(a.Error, n), r;
1552
+ throw this.subscribeStore.notify(a.Error, o), s;
1453
1553
  }
1454
1554
  this.subscribeStore.notify(a.SignInStart, { email: e.email });
1455
- const t = this.deviceService.getDeviceId(), s = I.web;
1555
+ const t = this.deviceService.getDeviceId(), r = b.web;
1456
1556
  e.scopes = e.scopes ?? this.scopes;
1457
1557
  try {
1458
- const r = await this.authApi.signIn(e, t, s);
1459
- return "requires_2fa" in r && r.requires_2fa === !0 || "tfa_token" in r && r.tfa_token ? (this.subscribeStore.notify(a.TwoFactorRequired, {
1558
+ const s = await this.authApi.signIn(e, t, r);
1559
+ return "requires_2fa" in s && s.requires_2fa === !0 || "tfa_token" in s && s.tfa_token ? (this.subscribeStore.notify(a.TwoFactorRequired, {
1460
1560
  email: e.email || "",
1461
- challengeId: r.challenge_id || "",
1462
- tfaToken: r.tfa_token || ""
1463
- }), r) : (await this.processAuthResponse(r, e.scopes), this.subscribeStore.notify(a.SignIn, {
1464
- tokens: r,
1561
+ challengeId: s.challenge_id || "",
1562
+ tfaToken: s.tfa_token || ""
1563
+ }), s) : (await this.processAuthResponse(s, e.scopes), this.subscribeStore.notify(a.SignIn, {
1564
+ tokens: s,
1465
1565
  parsedTokens: this.tokenCacheService.getParsedTokens()
1466
- }), await this.submitSessionCheck(), r);
1467
- } catch (r) {
1468
- const n = {
1469
- message: r instanceof Error ? r.message : "Sign in failed",
1470
- originalError: r,
1471
- code: r instanceof u ? r.id : void 0
1566
+ }), await this.submitSessionCheck(), s);
1567
+ } catch (s) {
1568
+ const o = {
1569
+ message: s instanceof Error ? s.message : "Sign in failed",
1570
+ originalError: s,
1571
+ code: s instanceof u ? s.id : void 0
1472
1572
  };
1473
- throw this.subscribeStore.notify(a.Error, n), r;
1573
+ throw this.subscribeStore.notify(a.Error, o), s;
1474
1574
  }
1475
1575
  }
1476
1576
  async signUp(e) {
1477
- if (e.user.email && !F(e.user.email)) {
1478
- const t = new Error("Invalid email format"), s = {
1577
+ if (e.user.email && !P(e.user.email)) {
1578
+ const t = new Error("Invalid email format"), r = {
1479
1579
  message: "Invalid email format",
1480
1580
  originalError: t,
1481
1581
  code: "VALIDATION_ERROR"
1482
1582
  };
1483
- throw this.subscribeStore.notify(a.Error, s), t;
1583
+ throw this.subscribeStore.notify(a.Error, r), t;
1484
1584
  }
1485
1585
  if (e.user.phone_number && !x(e.user.phone_number)) {
1486
- const t = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), s = {
1586
+ const t = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), r = {
1487
1587
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1488
1588
  originalError: t,
1489
1589
  code: "VALIDATION_ERROR"
1490
1590
  };
1491
- throw this.subscribeStore.notify(a.Error, s), t;
1591
+ throw this.subscribeStore.notify(a.Error, r), t;
1492
1592
  }
1493
1593
  this.subscribeStore.notify(a.RegisterStart, { email: e.user.email }), e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1494
1594
  try {
@@ -1498,42 +1598,42 @@ class Ie {
1498
1598
  parsedTokens: this.tokenCacheService.getParsedTokens()
1499
1599
  }), await this.submitSessionCheck(), t;
1500
1600
  } catch (t) {
1501
- const s = {
1601
+ const r = {
1502
1602
  message: t instanceof Error ? t.message : "Sign up failed",
1503
1603
  originalError: t,
1504
1604
  code: t instanceof u ? t.id : void 0
1505
1605
  };
1506
- throw this.subscribeStore.notify(a.Error, s), t;
1606
+ throw this.subscribeStore.notify(a.Error, r), t;
1507
1607
  }
1508
1608
  }
1509
1609
  async passwordlessSignIn(e) {
1510
- if (e.email && !F(e.email)) {
1511
- const r = new Error("Invalid email format"), n = {
1610
+ if (e.email && !P(e.email)) {
1611
+ const s = new Error("Invalid email format"), o = {
1512
1612
  message: "Invalid email format",
1513
- originalError: r,
1613
+ originalError: s,
1514
1614
  code: "VALIDATION_ERROR"
1515
1615
  };
1516
- throw this.subscribeStore.notify(a.Error, n), r;
1616
+ throw this.subscribeStore.notify(a.Error, o), s;
1517
1617
  }
1518
1618
  if (e.phone && !x(e.phone)) {
1519
- const r = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), n = {
1619
+ const s = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1520
1620
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1521
- originalError: r,
1621
+ originalError: s,
1522
1622
  code: "VALIDATION_ERROR"
1523
1623
  };
1524
- throw this.subscribeStore.notify(a.Error, n), r;
1624
+ throw this.subscribeStore.notify(a.Error, o), s;
1525
1625
  }
1526
1626
  this.subscribeStore.notify(a.SignInStart, { email: e.email }), e.scopes = e.scopes ?? this.scopes;
1527
- const t = this.deviceService.getDeviceId(), s = I.web;
1627
+ const t = this.deviceService.getDeviceId(), r = b.web;
1528
1628
  try {
1529
- return await this.authApi.passwordlessSignIn(e, t, s);
1530
- } catch (r) {
1531
- const n = {
1532
- message: r instanceof Error ? r.message : "Failed to send passwordless sign-in link",
1533
- originalError: r,
1534
- code: r instanceof u ? r.id : void 0
1629
+ return await this.authApi.passwordlessSignIn(e, t, r);
1630
+ } catch (s) {
1631
+ const o = {
1632
+ message: s instanceof Error ? s.message : "Failed to send passwordless sign-in link",
1633
+ originalError: s,
1634
+ code: s instanceof u ? s.id : void 0
1535
1635
  };
1536
- throw this.subscribeStore.notify(a.Error, n), r;
1636
+ throw this.subscribeStore.notify(a.Error, o), s;
1537
1637
  }
1538
1638
  }
1539
1639
  async passwordlessSignInComplete(e) {
@@ -1545,12 +1645,12 @@ class Ie {
1545
1645
  parsedTokens: this.tokenCacheService.getParsedTokens()
1546
1646
  }), await this.submitSessionCheck(), t;
1547
1647
  } catch (t) {
1548
- const s = {
1648
+ const r = {
1549
1649
  message: t instanceof Error ? t.message : "Passwordless sign in failed",
1550
1650
  originalError: t,
1551
1651
  code: t instanceof u ? t.id : void 0
1552
1652
  };
1553
- throw this.subscribeStore.notify(a.Error, s), t;
1653
+ throw this.subscribeStore.notify(a.Error, r), t;
1554
1654
  }
1555
1655
  }
1556
1656
  async logOut() {
@@ -1564,7 +1664,7 @@ class Ie {
1564
1664
  } catch {
1565
1665
  }
1566
1666
  else {
1567
- const e = this.storageManager.getToken(k.refresh_token), t = this.storageManager.getDeviceId();
1667
+ const e = this.storageManager.getToken(p.refresh_token), t = this.storageManager.getDeviceId();
1568
1668
  try {
1569
1669
  if ((await this.authApi.logOut(t, e, !this.appId)).status !== "ok")
1570
1670
  throw new Error("Logout failed");
@@ -1576,253 +1676,253 @@ class Ie {
1576
1676
  async refreshToken() {
1577
1677
  if (this.subscribeStore.notify(a.RefreshStart, {}), this.tokenDeliveryManager.isBFFMode() && this.tokenExchangeConfig?.refreshUrl)
1578
1678
  try {
1579
- const s = await fetch(this.tokenExchangeConfig.refreshUrl, {
1679
+ const r = await fetch(this.tokenExchangeConfig.refreshUrl, {
1580
1680
  method: "POST",
1581
1681
  credentials: "include"
1582
1682
  // Include httpOnly cookies
1583
1683
  });
1584
- if (!s.ok)
1684
+ if (!r.ok)
1585
1685
  throw this.tokenDeliveryManager.setSessionInvalid(), new Error("BFF token refresh failed");
1586
- const r = await s.json();
1587
- return this.tokenDeliveryManager.setSessionValid(), r.id_token && this.storageManager.setIdToken(r.id_token), this.subscribeStore.notify(a.Refresh, {
1588
- tokens: r,
1686
+ const s = await r.json();
1687
+ return this.tokenDeliveryManager.setSessionValid(), s.id_token && this.storageManager.setIdToken(s.id_token), this.subscribeStore.notify(a.Refresh, {
1688
+ tokens: s,
1589
1689
  parsedTokens: this.tokenCacheService.getParsedTokens()
1590
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, r;
1591
- } catch (s) {
1690
+ }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, s;
1691
+ } catch (r) {
1592
1692
  this.tokenDeliveryManager.setSessionInvalid();
1593
- const r = {
1594
- message: s instanceof Error ? s.message : "Token refresh failed",
1595
- originalError: s
1693
+ const s = {
1694
+ message: r instanceof Error ? r.message : "Token refresh failed",
1695
+ originalError: r
1596
1696
  };
1597
- throw this.subscribeStore.notify(a.Error, r), s;
1697
+ throw this.subscribeStore.notify(a.Error, s), r;
1598
1698
  }
1599
1699
  if (this.tokenDeliveryManager.isCookieMode())
1600
1700
  try {
1601
- const s = await this.authApi.refreshToken("", this.scopes);
1602
- return this.tokenDeliveryManager.setSessionValid(), await this.processAuthResponse(s, this.scopes), this.subscribeStore.notify(a.Refresh, {
1603
- tokens: s,
1701
+ const r = await this.authApi.refreshToken("", this.scopes);
1702
+ return this.tokenDeliveryManager.setSessionValid(), await this.processAuthResponse(r, this.scopes), this.subscribeStore.notify(a.Refresh, {
1703
+ tokens: r,
1604
1704
  parsedTokens: this.tokenCacheService.getParsedTokens()
1605
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, s;
1606
- } catch (s) {
1705
+ }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, r;
1706
+ } catch (r) {
1607
1707
  this.tokenDeliveryManager.setSessionInvalid();
1608
- const r = {
1609
- message: s instanceof Error ? s.message : "Token refresh failed",
1610
- originalError: s,
1611
- code: s instanceof u ? s.id : void 0
1708
+ const s = {
1709
+ message: r instanceof Error ? r.message : "Token refresh failed",
1710
+ originalError: r,
1711
+ code: r instanceof u ? r.id : void 0
1612
1712
  };
1613
- throw this.subscribeStore.notify(a.Error, r), s;
1713
+ throw this.subscribeStore.notify(a.Error, s), r;
1614
1714
  }
1615
1715
  const e = this.storageManager.getTokens();
1616
1716
  if (e) {
1617
1717
  if (!e?.refresh_token) {
1618
- const s = new Error("No refresh token found"), r = {
1718
+ const r = new Error("No refresh token found"), s = {
1619
1719
  message: "No refresh token found",
1620
- originalError: s
1720
+ originalError: r
1621
1721
  };
1622
- throw this.subscribeStore.notify(a.Error, r), s;
1722
+ throw this.subscribeStore.notify(a.Error, s), r;
1623
1723
  }
1624
1724
  } else {
1625
- const s = new Error("No tokens found"), r = {
1725
+ const r = new Error("No tokens found"), s = {
1626
1726
  message: "No tokens found",
1627
- originalError: s
1727
+ originalError: r
1628
1728
  };
1629
- throw this.subscribeStore.notify(a.Error, r), s;
1729
+ throw this.subscribeStore.notify(a.Error, s), r;
1630
1730
  }
1631
1731
  const t = e?.scopes ?? this.scopes;
1632
1732
  try {
1633
- const s = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
1634
- return s.scopes = t, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), this.subscribeStore.notify(a.Refresh, {
1635
- tokens: s,
1733
+ const r = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
1734
+ return r.scopes = t, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), this.subscribeStore.notify(a.Refresh, {
1735
+ tokens: r,
1636
1736
  parsedTokens: this.tokenCacheService.getParsedTokens()
1637
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, this.tokenCacheService.startTokenCheck(), s;
1638
- } catch (s) {
1639
- const r = {
1640
- message: s instanceof Error ? s.message : "Token refresh failed",
1641
- originalError: s,
1642
- code: s instanceof u ? s.id : void 0,
1643
- details: D.isAxiosError(s) && s.response ? {
1644
- status: s.response.status,
1645
- data: s.response.data
1737
+ }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, this.tokenCacheService.startTokenCheck(), r;
1738
+ } catch (r) {
1739
+ const s = {
1740
+ message: r instanceof Error ? r.message : "Token refresh failed",
1741
+ originalError: r,
1742
+ code: r instanceof u ? r.id : void 0,
1743
+ details: F.isAxiosError(r) && r.response ? {
1744
+ status: r.response.status,
1745
+ data: r.response.data
1646
1746
  } : void 0
1647
1747
  };
1648
- throw this.subscribeStore.notify(a.Error, r), s instanceof u ? s : D.isAxiosError(s) && s.response && s.response?.status >= 400 && s.response?.status < 500 ? new Error(`Getting unknown error message from server with code:${s.response.status}`) : s;
1748
+ throw this.subscribeStore.notify(a.Error, s), r instanceof u ? r : F.isAxiosError(r) && r.response && r.response?.status >= 400 && r.response?.status < 500 ? new Error(`Getting unknown error message from server with code:${r.response.status}`) : r;
1649
1749
  }
1650
1750
  }
1651
1751
  async sendPasswordResetEmail(e) {
1652
1752
  try {
1653
1753
  return await this.authApi.sendPasswordResetEmail(e);
1654
1754
  } catch (t) {
1655
- const s = {
1755
+ const r = {
1656
1756
  message: t instanceof Error ? t.message : "Failed to send password reset email",
1657
1757
  originalError: t,
1658
1758
  code: t instanceof u ? t.id : void 0
1659
1759
  };
1660
- throw this.subscribeStore.notify(a.Error, s), t;
1760
+ throw this.subscribeStore.notify(a.Error, r), t;
1661
1761
  }
1662
1762
  }
1663
1763
  async resetPassword(e, t) {
1664
1764
  this.subscribeStore.notify(a.SignInStart, {});
1665
- const r = new URLSearchParams(window.location.search).get("token") ?? void 0, n = t ?? this.scopes;
1765
+ const s = new URLSearchParams(window.location.search).get("token") ?? void 0, o = t ?? this.scopes;
1666
1766
  try {
1667
- const o = await this.authApi.resetPassword(e, n, r);
1668
- return await this.processAuthResponse(o, n), this.subscribeStore.notify(a.SignIn, {
1669
- tokens: o,
1767
+ const n = await this.authApi.resetPassword(e, o, s);
1768
+ return await this.processAuthResponse(n, o), this.subscribeStore.notify(a.SignIn, {
1769
+ tokens: n,
1670
1770
  parsedTokens: this.tokenCacheService.getParsedTokens()
1671
- }), await this.submitSessionCheck(), o;
1672
- } catch (o) {
1771
+ }), await this.submitSessionCheck(), n;
1772
+ } catch (n) {
1673
1773
  const d = {
1674
- message: o instanceof Error ? o.message : "Password reset failed",
1675
- originalError: o,
1676
- code: o instanceof u ? o.id : void 0
1774
+ message: n instanceof Error ? n.message : "Password reset failed",
1775
+ originalError: n,
1776
+ code: n instanceof u ? n.id : void 0
1677
1777
  };
1678
- throw this.subscribeStore.notify(a.Error, d), o;
1778
+ throw this.subscribeStore.notify(a.Error, d), n;
1679
1779
  }
1680
1780
  }
1681
1781
  async passkeyRegister(e) {
1682
1782
  this.subscribeStore.notify(a.RegisterStart, {});
1683
- const t = this.deviceService.getDeviceId(), s = I.web;
1783
+ const t = this.deviceService.getDeviceId(), r = b.web;
1684
1784
  e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1685
1785
  try {
1686
- const { challenge_id: r, publicKey: n } = await this.authApi.passkeyRegisterStart(e, t, s, !this.appId);
1687
- n.user.id = btoa(n.user.id);
1688
- const o = await K({
1689
- optionsJSON: n
1786
+ const { challenge_id: s, publicKey: o } = await this.authApi.passkeyRegisterStart(e, t, r, !this.appId);
1787
+ o.user.id = btoa(o.user.id);
1788
+ const n = await K({
1789
+ optionsJSON: o
1690
1790
  }), d = await this.authApi.passkeyRegisterComplete(
1691
- o,
1791
+ n,
1692
1792
  t,
1693
- r,
1793
+ s,
1694
1794
  !this.appId
1695
1795
  );
1696
1796
  return await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(a.Register, {
1697
1797
  tokens: d,
1698
1798
  parsedTokens: this.tokenCacheService.getParsedTokens()
1699
1799
  }), await this.submitSessionCheck(), d;
1700
- } catch (r) {
1701
- const n = {
1702
- message: r instanceof Error ? r.message : "Passkey registration failed",
1703
- originalError: r,
1704
- code: r instanceof u ? r.id : void 0
1800
+ } catch (s) {
1801
+ const o = {
1802
+ message: s instanceof Error ? s.message : "Passkey registration failed",
1803
+ originalError: s,
1804
+ code: s instanceof u ? s.id : void 0
1705
1805
  };
1706
- throw this.subscribeStore.notify(a.Error, n), r;
1806
+ throw this.subscribeStore.notify(a.Error, o), s;
1707
1807
  }
1708
1808
  }
1709
1809
  async passkeyAuthenticate(e) {
1710
1810
  this.subscribeStore.notify(a.SignInStart, {});
1711
- const t = this.deviceService.getDeviceId(), s = I.web;
1811
+ const t = this.deviceService.getDeviceId(), r = b.web;
1712
1812
  e.scopes = e.scopes ?? this.scopes;
1713
1813
  try {
1714
- const { challenge_id: r, publicKey: n } = await this.authApi.passkeyAuthenticateStart(e, t, s, !this.appId), o = await j({
1715
- optionsJSON: n
1814
+ const { challenge_id: s, publicKey: o } = await this.authApi.passkeyAuthenticateStart(e, t, r, !this.appId), n = await j({
1815
+ optionsJSON: o
1716
1816
  }), d = await this.authApi.passkeyAuthenticateComplete(
1717
- o,
1817
+ n,
1718
1818
  t,
1719
- r,
1819
+ s,
1720
1820
  !this.appId
1721
1821
  );
1722
1822
  return "access_token" in d && (await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(a.SignIn, {
1723
1823
  tokens: d,
1724
1824
  parsedTokens: this.tokenCacheService.getParsedTokens()
1725
1825
  }), await this.submitSessionCheck()), d;
1726
- } catch (r) {
1727
- const n = {
1728
- message: r instanceof Error ? r.message : "Passkey authentication failed",
1729
- originalError: r,
1730
- code: r instanceof u ? r.id : void 0
1826
+ } catch (s) {
1827
+ const o = {
1828
+ message: s instanceof Error ? s.message : "Passkey authentication failed",
1829
+ originalError: s,
1830
+ code: s instanceof u ? s.id : void 0
1731
1831
  };
1732
- throw this.subscribeStore.notify(a.Error, n), r;
1832
+ throw this.subscribeStore.notify(a.Error, o), s;
1733
1833
  }
1734
1834
  }
1735
1835
  createFederatedAuthUrl(e) {
1736
1836
  const t = `/auth/federated/start/${e.provider}`;
1737
1837
  if (!this.appId) throw new Error("AppId is required for federated auth");
1738
- const r = {
1838
+ const s = {
1739
1839
  scopes: (e.scopes ?? this.scopes).join(" "),
1740
1840
  redirect_url: e.redirect_url ?? this.origin,
1741
1841
  appId: this.appId,
1742
1842
  ...e.invite_token ? { invite_token: e.invite_token } : {},
1743
1843
  ...e.create_tenant ? { create_tenant: e.create_tenant.toString() } : {},
1744
1844
  ...e.device ? { device: e.device } : {}
1745
- }, n = new URL(t, this.url), o = new URLSearchParams(r);
1746
- return n.search = o.toString(), n.toString();
1845
+ }, o = new URL(t, this.url), n = new URLSearchParams(s);
1846
+ return o.search = n.toString(), o.toString();
1747
1847
  }
1748
1848
  federatedAuthWithPopup(e) {
1749
1849
  this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
1750
- const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s }), n = window.open(r, "_blank", `width=${ee},height=${te}`);
1751
- if (!n) {
1850
+ const t = e.scopes ?? this.scopes, r = this.deviceService.getDeviceId(), s = this.createFederatedAuthUrl({ ...e, scopes: t, device: r }), o = window.open(s, "_blank", `width=${ee},height=${te}`);
1851
+ if (!o) {
1752
1852
  this.federatedAuthWithRedirect(e);
1753
1853
  return;
1754
1854
  }
1755
- const o = Date.now(), d = setInterval(() => {
1756
- if (n.closed) {
1855
+ const n = Date.now(), d = setInterval(() => {
1856
+ if (o.closed) {
1757
1857
  clearInterval(d);
1758
- const c = {
1858
+ const h = {
1759
1859
  message: "Authentication popup was closed",
1760
1860
  code: "POPUP_CLOSED"
1761
1861
  };
1762
- this.subscribeStore.notify(a.Error, c);
1862
+ this.subscribeStore.notify(a.Error, h);
1763
1863
  return;
1764
1864
  }
1765
- if (Date.now() - o > re) {
1766
- clearInterval(d), n.close();
1767
- const c = {
1865
+ if (Date.now() - n > se) {
1866
+ clearInterval(d), o.close();
1867
+ const h = {
1768
1868
  message: "Authentication popup timed out",
1769
1869
  code: "POPUP_TIMEOUT"
1770
1870
  };
1771
- this.subscribeStore.notify(a.Error, c);
1871
+ this.subscribeStore.notify(a.Error, h);
1772
1872
  return;
1773
1873
  }
1774
1874
  try {
1775
- if (n.location.href.startsWith(this.origin)) {
1776
- const c = new URLSearchParams(n.location.search), g = c.get("access_token") || "", p = c.get("refresh_token") || "", f = c.get("id_token") || "", b = {
1875
+ if (o.location.href.startsWith(this.origin)) {
1876
+ const h = new URLSearchParams(o.location.search), g = h.get("access_token") || "", f = h.get("refresh_token") || "", k = h.get("id_token") || "", A = {
1777
1877
  access_token: g,
1778
- refresh_token: p || void 0,
1779
- id_token: f || void 0,
1878
+ refresh_token: f || void 0,
1879
+ id_token: k || void 0,
1780
1880
  scopes: t
1781
1881
  };
1782
- this.processAuthResponse(b, t).then(() => {
1882
+ this.processAuthResponse(A, t).then(() => {
1783
1883
  this.subscribeStore.notify(a.SignIn, {
1784
- tokens: b,
1884
+ tokens: A,
1785
1885
  parsedTokens: this.tokenCacheService.getParsedTokens()
1786
1886
  }), window.location.href = `${this.origin}`;
1787
- }), clearInterval(d), n.close();
1887
+ }), clearInterval(d), o.close();
1788
1888
  }
1789
1889
  } catch {
1790
1890
  }
1791
- }, se);
1891
+ }, re);
1792
1892
  }
1793
1893
  federatedAuthWithRedirect(e) {
1794
1894
  this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
1795
- const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s });
1796
- window.location.href = r;
1895
+ const t = e.scopes ?? this.scopes, r = this.deviceService.getDeviceId(), s = this.createFederatedAuthUrl({ ...e, scopes: t, device: r });
1896
+ window.location.href = s;
1797
1897
  }
1798
1898
  // Helper methods for authentication UI redirect
1799
1899
  authRedirectUrl(e = {}) {
1800
1900
  try {
1801
- const { url: t, redirectUrl: s, scopes: r, appId: n } = e ?? {}, o = new URL(t ?? this.url);
1802
- o.pathname = (o.pathname.endsWith("/") ? o.pathname : o.pathname + "/") + "web";
1803
- const d = r ?? this.scopes, c = {
1804
- appId: n ?? this.appId ?? "",
1805
- redirectto: s ?? window.location.href,
1901
+ const { url: t, redirectUrl: r, scopes: s, appId: o } = e ?? {}, n = new URL(t ?? this.url);
1902
+ n.pathname = (n.pathname.endsWith("/") ? n.pathname : n.pathname + "/") + "web";
1903
+ const d = s ?? this.scopes, h = {
1904
+ appId: o ?? this.appId ?? "",
1905
+ redirectto: r ?? window.location.href,
1806
1906
  scopes: d.join(",")
1807
- }, g = new URLSearchParams(c);
1808
- return o.search = g.toString(), o.toString();
1907
+ }, g = new URLSearchParams(h);
1908
+ return n.search = g.toString(), n.toString();
1809
1909
  } catch (t) {
1810
- const s = {
1910
+ const r = {
1811
1911
  message: t instanceof Error ? t.message : "Failed to create auth redirect URL",
1812
1912
  originalError: t
1813
1913
  };
1814
- throw this.subscribeStore.notify(a.Error, s), t;
1914
+ throw this.subscribeStore.notify(a.Error, r), t;
1815
1915
  }
1816
1916
  }
1817
1917
  authRedirect(e = {}) {
1818
1918
  try {
1819
1919
  window.location.href = this.authRedirectUrl(e);
1820
1920
  } catch (t) {
1821
- const s = {
1921
+ const r = {
1822
1922
  message: t instanceof Error ? t.message : "Failed to redirect to auth page",
1823
1923
  originalError: t
1824
1924
  };
1825
- throw this.subscribeStore.notify(a.Error, s), t;
1925
+ throw this.subscribeStore.notify(a.Error, r), t;
1826
1926
  }
1827
1927
  }
1828
1928
  /**
@@ -1832,33 +1932,33 @@ class Ie {
1832
1932
  isAuthenticated(e) {
1833
1933
  try {
1834
1934
  if (this.tokenDeliveryManager.isCookieMode() || this.tokenDeliveryManager.isBFFMode()) {
1835
- const t = !!e?.id_token || !!this.storageManager.getIdToken(), s = this.tokenDeliveryManager.isSessionValid(), r = this.tokenDeliveryManager.isSessionUnknown();
1836
- return t && (s || r);
1935
+ const t = !!e?.id_token || !!this.storageManager.getIdToken(), r = this.tokenDeliveryManager.isSessionValid(), s = this.tokenDeliveryManager.isSessionUnknown();
1936
+ return t && (r || s);
1837
1937
  }
1838
- return !e || !e.access_token ? !1 : !m(e.access_token) || e.refresh_token !== void 0 && !m(e.refresh_token);
1938
+ return !e || !e.access_token ? !1 : !S(e.access_token) || e.refresh_token !== void 0 && !S(e.refresh_token);
1839
1939
  } catch (t) {
1840
- const s = {
1940
+ const r = {
1841
1941
  message: t instanceof Error ? t.message : "Failed to check authentication status",
1842
1942
  originalError: t
1843
1943
  };
1844
- return this.subscribeStore.notify(a.Error, s), !1;
1944
+ return this.subscribeStore.notify(a.Error, r), !1;
1845
1945
  }
1846
1946
  }
1847
1947
  /**
1848
1948
  * Handle session check and callbacks
1849
1949
  */
1850
1950
  async submitSessionCheck(e = !1) {
1851
- let t, s;
1951
+ let t, r;
1852
1952
  try {
1853
- t = await this.getTokens(e), s = this.tokenCacheService.getParsedTokens();
1854
- } catch (r) {
1855
- const n = {
1856
- message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
1857
- originalError: r
1953
+ t = await this.getTokens(e), r = this.tokenCacheService.getParsedTokens();
1954
+ } catch (s) {
1955
+ const o = {
1956
+ message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
1957
+ originalError: s
1858
1958
  };
1859
- this.subscribeStore.notify(a.Error, n), t = void 0;
1959
+ this.subscribeStore.notify(a.Error, o), t = void 0;
1860
1960
  }
1861
- return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: s }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
1961
+ return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: r }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
1862
1962
  }
1863
1963
  /**
1864
1964
  * Get tokens and refresh if needed
@@ -1868,19 +1968,19 @@ class Ie {
1868
1968
  async getTokens(e) {
1869
1969
  try {
1870
1970
  if (this.tokenDeliveryManager.isCookieMode() || this.tokenDeliveryManager.isBFFMode()) {
1871
- const r = this.storageManager.getTokens();
1872
- return r?.id_token ? this.tokenDeliveryManager.isSessionInvalid() && e ? await this.refreshToken() : r : void 0;
1971
+ const s = this.storageManager.getTokens();
1972
+ return s?.id_token ? this.tokenDeliveryManager.isSessionInvalid() && e ? await this.refreshToken() : s : void 0;
1873
1973
  }
1874
1974
  const t = this.storageManager.getTokens();
1875
1975
  if (!t || !t.access_token) return;
1876
- const s = y(t.access_token);
1877
- return m(s) ? e ? await this.refreshToken() : void 0 : t;
1976
+ const r = v(t.access_token);
1977
+ return S(r) ? e ? await this.refreshToken() : void 0 : t;
1878
1978
  } catch (t) {
1879
- const s = {
1979
+ const r = {
1880
1980
  message: t instanceof Error ? t.message : "Failed to get tokens",
1881
1981
  originalError: t
1882
1982
  };
1883
- this.subscribeStore.notify(a.Error, s);
1983
+ this.subscribeStore.notify(a.Error, r);
1884
1984
  return;
1885
1985
  }
1886
1986
  }
@@ -1930,7 +2030,7 @@ class be {
1930
2030
  return this.invitationApi.getInvitationLink(e);
1931
2031
  }
1932
2032
  }
1933
- class Ce {
2033
+ class Ae {
1934
2034
  error(e, ...t) {
1935
2035
  console.error(e, ...t);
1936
2036
  }
@@ -1944,51 +2044,51 @@ class Ce {
1944
2044
  console.debug(e, ...t);
1945
2045
  }
1946
2046
  }
1947
- function Ae() {
1948
- return new Ce();
2047
+ function Ce() {
2048
+ return new Ae();
1949
2049
  }
1950
2050
  class Re {
1951
2051
  constructor(e) {
1952
2052
  this.data = this.normalize(e);
1953
2053
  }
1954
2054
  normalize(e) {
1955
- const t = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), n = [];
1956
- return e.groups?.forEach((o) => {
1957
- s.set(o.id, {
1958
- id: o.id,
1959
- name: o.name,
1960
- default: o.default ?? !1,
1961
- updated_at: o.updated_at,
1962
- created_at: o.created_at
2055
+ const t = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), o = [];
2056
+ return e.groups?.forEach((n) => {
2057
+ r.set(n.id, {
2058
+ id: n.id,
2059
+ name: n.name,
2060
+ default: n.default ?? !1,
2061
+ updated_at: n.updated_at,
2062
+ created_at: n.created_at
1963
2063
  });
1964
- }), e.roles?.forEach((o) => {
1965
- r.set(o.id, {
1966
- id: o.id,
1967
- tenant_id: o.tenant_id,
1968
- name: o.name
2064
+ }), e.roles?.forEach((n) => {
2065
+ s.set(n.id, {
2066
+ id: n.id,
2067
+ tenant_id: n.tenant_id,
2068
+ name: n.name
1969
2069
  });
1970
- }), e.users_in_groups?.forEach((o) => {
1971
- const d = o.user;
2070
+ }), e.users_in_groups?.forEach((n) => {
2071
+ const d = n.user;
1972
2072
  d && !t.has(d.id) && t.set(d.id, {
1973
2073
  id: d.id,
1974
2074
  name: d.name ?? null,
1975
2075
  email: d.email ?? null,
1976
2076
  phone: d.phone ?? null
1977
- }), d && o.group_id && s.has(o.group_id) && n.push({
2077
+ }), d && n.group_id && r.has(n.group_id) && o.push({
1978
2078
  userId: d.id,
1979
- groupId: o.group_id,
1980
- roleIds: o.roles?.map((c) => c.id) ?? []
2079
+ groupId: n.group_id,
2080
+ roleIds: n.roles?.map((h) => h.id) ?? []
1981
2081
  });
1982
2082
  }), {
1983
2083
  tenant_id: e.tenant_id,
1984
2084
  tenant_name: e.tenant_name,
1985
2085
  users: Array.from(t.values()),
1986
- groups: Array.from(s.values()),
1987
- roles: Array.from(r.values()),
1988
- memberships: n,
2086
+ groups: Array.from(r.values()),
2087
+ roles: Array.from(s.values()),
2088
+ memberships: o,
1989
2089
  usersById: t,
1990
- groupsById: s,
1991
- rolesById: r
2090
+ groupsById: r,
2091
+ rolesById: s
1992
2092
  };
1993
2093
  }
1994
2094
  /**
@@ -2007,8 +2107,8 @@ class Re {
2007
2107
  * Returns all roles that the specified user has in the specified group.
2008
2108
  */
2009
2109
  getUserRolesInGroup(e, t) {
2010
- const s = this.data.memberships.find((r) => r.userId === e && r.groupId === t);
2011
- return s ? s.roleIds.map((r) => this.data.rolesById.get(r)).filter((r) => r !== void 0) : [];
2110
+ const r = this.data.memberships.find((s) => s.userId === e && s.groupId === t);
2111
+ return r ? r.roleIds.map((s) => this.data.rolesById.get(s)).filter((s) => s !== void 0) : [];
2012
2112
  }
2013
2113
  /**
2014
2114
  * Returns the full TenantData object.
@@ -2017,9 +2117,9 @@ class Re {
2017
2117
  return this.data;
2018
2118
  }
2019
2119
  }
2020
- class Pe {
2021
- constructor(e, t, s) {
2022
- this.tenantApi = e, this.scopes = t, this.logger = s || Ae();
2120
+ class Me {
2121
+ constructor(e, t, r) {
2122
+ this.tenantApi = e, this.scopes = t, this.logger = r || Ce();
2023
2123
  }
2024
2124
  /**
2025
2125
  * Handle Passflow API errors
@@ -2028,11 +2128,11 @@ class Pe {
2028
2128
  * @throws Formatted error with Passflow API error details
2029
2129
  */
2030
2130
  handlePassflowError(e, t) {
2031
- if (D.isAxiosError(e) && e.response?.data) {
2032
- const s = e.response.data;
2033
- if (typeof s == "object" && s !== null && "error" in s && typeof s.error == "object" && s.error !== null) {
2034
- const r = s.error;
2035
- throw this.logger.error(`${t}: ${r.id} - ${r.message} (Status: ${r.status})`), new Error(`Passflow API Error: ${r.id} - ${r.message} (Status: ${r.status})`);
2131
+ if (F.isAxiosError(e) && e.response?.data) {
2132
+ const r = e.response.data;
2133
+ if (typeof r == "object" && r !== null && "error" in r && typeof r.error == "object" && r.error !== null) {
2134
+ const s = r.error;
2135
+ throw this.logger.error(`${t}: ${s.id} - ${s.message} (Status: ${s.status})`), new Error(`Passflow API Error: ${s.id} - ${s.message} (Status: ${s.status})`);
2036
2136
  }
2037
2137
  }
2038
2138
  throw this.logger.error(`${t}:`, e), e instanceof Error ? e : new Error(String(e));
@@ -2045,10 +2145,10 @@ class Pe {
2045
2145
  */
2046
2146
  async joinInvitation(e, t) {
2047
2147
  try {
2048
- const s = t ?? this.scopes;
2049
- return await this.tenantApi.joinInvitation(e, s);
2050
- } catch (s) {
2051
- this.handlePassflowError(s, "Join invitation failed");
2148
+ const r = t ?? this.scopes;
2149
+ return await this.tenantApi.joinInvitation(e, r);
2150
+ } catch (r) {
2151
+ this.handlePassflowError(r, "Join invitation failed");
2052
2152
  }
2053
2153
  }
2054
2154
  /**
@@ -2103,8 +2203,8 @@ class Pe {
2103
2203
  async updateTenant(e, t) {
2104
2204
  try {
2105
2205
  return await this.tenantApi.updateTenant(e, t);
2106
- } catch (s) {
2107
- this.handlePassflowError(s, `Update tenant failed for tenant ID ${e}`);
2206
+ } catch (r) {
2207
+ this.handlePassflowError(r, `Update tenant failed for tenant ID ${e}`);
2108
2208
  }
2109
2209
  }
2110
2210
  /**
@@ -2140,8 +2240,8 @@ class Pe {
2140
2240
  async createGroup(e, t) {
2141
2241
  try {
2142
2242
  return await this.tenantApi.createGroup(e, t);
2143
- } catch (s) {
2144
- this.handlePassflowError(s, `Group creation failed for tenant ID ${e}`);
2243
+ } catch (r) {
2244
+ this.handlePassflowError(r, `Group creation failed for tenant ID ${e}`);
2145
2245
  }
2146
2246
  }
2147
2247
  /**
@@ -2153,8 +2253,8 @@ class Pe {
2153
2253
  async getGroupInfo(e, t) {
2154
2254
  try {
2155
2255
  return await this.tenantApi.getGroupInfo(e, t);
2156
- } catch (s) {
2157
- this.handlePassflowError(s, `Get group info failed for tenant ID ${e}, group ID ${t}`);
2256
+ } catch (r) {
2257
+ this.handlePassflowError(r, `Get group info failed for tenant ID ${e}, group ID ${t}`);
2158
2258
  }
2159
2259
  }
2160
2260
  /**
@@ -2164,11 +2264,11 @@ class Pe {
2164
2264
  * @param name New group name
2165
2265
  * @returns Promise with group response
2166
2266
  */
2167
- async updateGroup(e, t, s) {
2267
+ async updateGroup(e, t, r) {
2168
2268
  try {
2169
- return await this.tenantApi.updateGroup(e, t, s);
2170
- } catch (r) {
2171
- this.handlePassflowError(r, `Update group failed for tenant ID ${e}, group ID ${t}`);
2269
+ return await this.tenantApi.updateGroup(e, t, r);
2270
+ } catch (s) {
2271
+ this.handlePassflowError(s, `Update group failed for tenant ID ${e}, group ID ${t}`);
2172
2272
  }
2173
2273
  }
2174
2274
  /**
@@ -2180,8 +2280,8 @@ class Pe {
2180
2280
  async deleteGroup(e, t) {
2181
2281
  try {
2182
2282
  return await this.tenantApi.deleteGroup(e, t);
2183
- } catch (s) {
2184
- this.handlePassflowError(s, `Delete group failed for tenant ID ${e}, group ID ${t}`);
2283
+ } catch (r) {
2284
+ this.handlePassflowError(r, `Delete group failed for tenant ID ${e}, group ID ${t}`);
2185
2285
  }
2186
2286
  }
2187
2287
  /**
@@ -2192,13 +2292,13 @@ class Pe {
2192
2292
  * @param role Role to assign
2193
2293
  * @returns Promise with status response
2194
2294
  */
2195
- async addUserToGroup(e, t, s, r) {
2295
+ async addUserToGroup(e, t, r, s) {
2196
2296
  try {
2197
- return await this.tenantApi.addUserToGroup(e, t, s, r);
2198
- } catch (n) {
2297
+ return await this.tenantApi.addUserToGroup(e, t, r, s);
2298
+ } catch (o) {
2199
2299
  this.handlePassflowError(
2200
- n,
2201
- `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2300
+ o,
2301
+ `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2202
2302
  );
2203
2303
  }
2204
2304
  }
@@ -2210,13 +2310,13 @@ class Pe {
2210
2310
  * @param roles Roles to remove
2211
2311
  * @returns Promise with status response
2212
2312
  */
2213
- async removeUserRolesFromGroup(e, t, s, r) {
2313
+ async removeUserRolesFromGroup(e, t, r, s) {
2214
2314
  try {
2215
- return await this.tenantApi.removeUserRolesFromGroup(e, t, s, r);
2216
- } catch (n) {
2315
+ return await this.tenantApi.removeUserRolesFromGroup(e, t, r, s);
2316
+ } catch (o) {
2217
2317
  this.handlePassflowError(
2218
- n,
2219
- `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2318
+ o,
2319
+ `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2220
2320
  );
2221
2321
  }
2222
2322
  }
@@ -2228,13 +2328,13 @@ class Pe {
2228
2328
  * @param roles New roles to assign
2229
2329
  * @returns Promise with status response
2230
2330
  */
2231
- async changeUserRoles(e, t, s, r) {
2331
+ async changeUserRoles(e, t, r, s) {
2232
2332
  try {
2233
- return await this.tenantApi.changeUserRoles(e, t, s, r);
2234
- } catch (n) {
2333
+ return await this.tenantApi.changeUserRoles(e, t, r, s);
2334
+ } catch (o) {
2235
2335
  this.handlePassflowError(
2236
- n,
2237
- `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2336
+ o,
2337
+ `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2238
2338
  );
2239
2339
  }
2240
2340
  }
@@ -2245,13 +2345,13 @@ class Pe {
2245
2345
  * @param userId User ID
2246
2346
  * @returns Promise with status response
2247
2347
  */
2248
- async deleteUserFromGroup(e, t, s) {
2348
+ async deleteUserFromGroup(e, t, r) {
2249
2349
  try {
2250
- return await this.tenantApi.deleteUserFromGroup(e, t, s);
2251
- } catch (r) {
2350
+ return await this.tenantApi.deleteUserFromGroup(e, t, r);
2351
+ } catch (s) {
2252
2352
  this.handlePassflowError(
2253
- r,
2254
- `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2353
+ s,
2354
+ `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2255
2355
  );
2256
2356
  }
2257
2357
  }
@@ -2277,8 +2377,8 @@ class Pe {
2277
2377
  async createRoleForTenant(e, t) {
2278
2378
  try {
2279
2379
  return await this.tenantApi.createRoleForTenant(e, t);
2280
- } catch (s) {
2281
- this.handlePassflowError(s, `Create role for tenant failed for tenant ID ${e}`);
2380
+ } catch (r) {
2381
+ this.handlePassflowError(r, `Create role for tenant failed for tenant ID ${e}`);
2282
2382
  }
2283
2383
  }
2284
2384
  /**
@@ -2288,11 +2388,11 @@ class Pe {
2288
2388
  * @param name New role name
2289
2389
  * @returns Promise with role response
2290
2390
  */
2291
- async updateRole(e, t, s) {
2391
+ async updateRole(e, t, r) {
2292
2392
  try {
2293
- return await this.tenantApi.updateRole(e, t, s);
2294
- } catch (r) {
2295
- this.handlePassflowError(r, `Update role failed for tenant ID ${e}, role ID ${t}`);
2393
+ return await this.tenantApi.updateRole(e, t, r);
2394
+ } catch (s) {
2395
+ this.handlePassflowError(s, `Update role failed for tenant ID ${e}, role ID ${t}`);
2296
2396
  }
2297
2397
  }
2298
2398
  /**
@@ -2304,8 +2404,8 @@ class Pe {
2304
2404
  async deleteRole(e, t) {
2305
2405
  try {
2306
2406
  return await this.tenantApi.deleteRole(e, t);
2307
- } catch (s) {
2308
- this.handlePassflowError(s, `Delete role failed for tenant ID ${e}, role ID ${t}`);
2407
+ } catch (r) {
2408
+ this.handlePassflowError(r, `Delete role failed for tenant ID ${e}, role ID ${t}`);
2309
2409
  }
2310
2410
  }
2311
2411
  // 4. User Management in Tenants
@@ -2318,8 +2418,8 @@ class Pe {
2318
2418
  async deleteUserFromTenant(e, t) {
2319
2419
  try {
2320
2420
  return await this.tenantApi.deleteUserFromTenant(e, t);
2321
- } catch (s) {
2322
- this.handlePassflowError(s, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
2421
+ } catch (r) {
2422
+ this.handlePassflowError(r, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
2323
2423
  }
2324
2424
  }
2325
2425
  // 5. Invitation Management
@@ -2331,11 +2431,11 @@ class Pe {
2331
2431
  * @param skip Number of invitations to skip
2332
2432
  * @returns Promise with invitations response
2333
2433
  */
2334
- async getGroupInvitations(e, t, s, r) {
2434
+ async getGroupInvitations(e, t, r, s) {
2335
2435
  try {
2336
- return await this.tenantApi.getGroupInvitations(e, t, s, r);
2337
- } catch (n) {
2338
- this.handlePassflowError(n, `Get group invitations failed for tenant ID ${e}, group ID ${t}`);
2436
+ return await this.tenantApi.getGroupInvitations(e, t, r, s);
2437
+ } catch (o) {
2438
+ this.handlePassflowError(o, `Get group invitations failed for tenant ID ${e}, group ID ${t}`);
2339
2439
  }
2340
2440
  }
2341
2441
  /**
@@ -2345,11 +2445,11 @@ class Pe {
2345
2445
  * @param skip Number of invitations to skip
2346
2446
  * @returns Promise with invitations response
2347
2447
  */
2348
- async getTenantInvitations(e, t, s) {
2448
+ async getTenantInvitations(e, t, r) {
2349
2449
  try {
2350
- return await this.tenantApi.getTenantInvitations(e, t, s);
2351
- } catch (r) {
2352
- this.handlePassflowError(r, `Get tenant invitations failed for tenant ID ${e}`);
2450
+ return await this.tenantApi.getTenantInvitations(e, t, r);
2451
+ } catch (s) {
2452
+ this.handlePassflowError(s, `Get tenant invitations failed for tenant ID ${e}`);
2353
2453
  }
2354
2454
  }
2355
2455
  /**
@@ -2359,13 +2459,13 @@ class Pe {
2359
2459
  * @param inviteId Invitation ID
2360
2460
  * @returns Promise with empty record
2361
2461
  */
2362
- async invalidateInviteById(e, t, s) {
2462
+ async invalidateInviteById(e, t, r) {
2363
2463
  try {
2364
- return await this.tenantApi.invalidateInviteById(e, t, s);
2365
- } catch (r) {
2464
+ return await this.tenantApi.invalidateInviteById(e, t, r);
2465
+ } catch (s) {
2366
2466
  this.handlePassflowError(
2367
- r,
2368
- `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${s}`
2467
+ s,
2468
+ `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${r}`
2369
2469
  );
2370
2470
  }
2371
2471
  }
@@ -2376,20 +2476,20 @@ class Pe {
2376
2476
  * @param email Email address
2377
2477
  * @returns Promise with empty record
2378
2478
  */
2379
- async invalidateInviteByEmail(e, t, s) {
2479
+ async invalidateInviteByEmail(e, t, r) {
2380
2480
  try {
2381
- return await this.tenantApi.invalidateInviteByEmail(e, t, s);
2382
- } catch (r) {
2481
+ return await this.tenantApi.invalidateInviteByEmail(e, t, r);
2482
+ } catch (s) {
2383
2483
  this.handlePassflowError(
2384
- r,
2385
- `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${s}`
2484
+ s,
2485
+ `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${r}`
2386
2486
  );
2387
2487
  }
2388
2488
  }
2389
2489
  }
2390
- class De {
2391
- constructor(e, t, s) {
2392
- this.storageManager = e, this.authApi = t, this.subscribeStore = s, this.checkInterval = null, this.CHECK_INTERVAL = 6e4, this.visibilityChangeHandler = null, this.isRefreshing = !1, this.tokenExpiredFlag = !1, this.storageManager = e, this.authApi = t, this.setupPageUnloadHandler();
2490
+ class Fe {
2491
+ constructor(e, t, r) {
2492
+ this.storageManager = e, this.authApi = t, this.subscribeStore = r, this.checkInterval = null, this.CHECK_INTERVAL = 6e4, this.visibilityChangeHandler = null, this.isRefreshing = !1, this.tokenExpiredFlag = !1, this.storageManager = e, this.authApi = t, this.setupPageUnloadHandler();
2393
2493
  }
2394
2494
  initialize() {
2395
2495
  try {
@@ -2402,8 +2502,8 @@ class De {
2402
2502
  this.setTokensCache(e), this.startTokenCheck();
2403
2503
  return;
2404
2504
  }
2405
- const t = y(e.access_token);
2406
- m(t) ? (this.tokenExpiredFlag = !0, this.stopTokenCheck(), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 })) : (this.setTokensCache(e), this.startTokenCheck());
2505
+ const t = v(e.access_token);
2506
+ S(t) ? (this.tokenExpiredFlag = !0, this.stopTokenCheck(), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 })) : (this.setTokensCache(e), this.startTokenCheck());
2407
2507
  } catch (e) {
2408
2508
  const t = {
2409
2509
  message: e instanceof Error ? e.message : "Failed to get tokens",
@@ -2419,11 +2519,11 @@ class De {
2419
2519
  const t = await this.authApi.refreshToken(e?.refresh_token ?? "", e.scopes ?? [], e.access_token);
2420
2520
  this.setTokensCache(t), this.subscribeStore.notify(a.Refresh, { tokens: t, parsedTokens: this.getParsedTokens() }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenExpiredFlag = !1, this.startTokenCheck();
2421
2521
  } catch (t) {
2422
- const s = {
2522
+ const r = {
2423
2523
  message: t instanceof Error ? t.message : "Failed to get tokens",
2424
2524
  originalError: t
2425
2525
  };
2426
- this.subscribeStore.notify(a.Error, s), this.setTokensCache(void 0);
2526
+ this.subscribeStore.notify(a.Error, r), this.setTokensCache(void 0);
2427
2527
  } finally {
2428
2528
  this.isRefreshing = !1;
2429
2529
  }
@@ -2455,9 +2555,9 @@ class De {
2455
2555
  }
2456
2556
  setTokensCache(e) {
2457
2557
  this.tokensCache = e, e ? this.parsedTokensCache = {
2458
- access_token: e.access_token ? y(e.access_token) : void 0,
2459
- id_token: e.id_token ? y(e.id_token) : void 0,
2460
- refresh_token: e.refresh_token ? y(e.refresh_token) : void 0,
2558
+ access_token: e.access_token ? v(e.access_token) : void 0,
2559
+ id_token: e.id_token ? v(e.id_token) : void 0,
2560
+ refresh_token: e.refresh_token ? v(e.refresh_token) : void 0,
2461
2561
  scopes: e.scopes
2462
2562
  } : this.parsedTokensCache = void 0;
2463
2563
  }
@@ -2469,8 +2569,8 @@ class De {
2469
2569
  if (!this.tokensCache) return this.tokensCache;
2470
2570
  if (!this.tokensCache.access_token)
2471
2571
  return this.tokensCache;
2472
- const e = y(this.tokensCache.access_token);
2473
- return m(e) && !this.tokenExpiredFlag ? (await this.refreshTokensCache(this.tokensCache), this.tokensCache) : this.tokensCache;
2572
+ const e = v(this.tokensCache.access_token);
2573
+ return S(e) && !this.tokenExpiredFlag ? (await this.refreshTokensCache(this.tokensCache), this.tokensCache) : this.tokensCache;
2474
2574
  } catch (e) {
2475
2575
  const t = {
2476
2576
  message: e instanceof Error ? e.message : "Failed to get tokens",
@@ -2487,34 +2587,34 @@ class De {
2487
2587
  if (!this.tokensCache) return !0;
2488
2588
  if (!this.tokensCache.access_token)
2489
2589
  return !1;
2490
- const e = y(this.tokensCache.access_token);
2491
- return m(e);
2590
+ const e = v(this.tokensCache.access_token);
2591
+ return S(e);
2492
2592
  }
2493
2593
  }
2494
- class Me {
2594
+ class De {
2495
2595
  constructor(e, t) {
2496
2596
  this.twoFactorApi = e, this.subscribeStore = t, this.PARTIAL_AUTH_TIMEOUT_MS = 300 * 1e3, this.SESSION_STORAGE_KEY = "passflow_2fa_challenge", this.totpDigits = 6;
2497
- const s = {
2498
- onAuthChange: (r, n) => {
2499
- if (r === a.TwoFactorRequired) {
2500
- const o = n;
2501
- this.setPartialAuthState(o.email, o.challengeId, o.tfaToken);
2597
+ const r = {
2598
+ onAuthChange: (s, o) => {
2599
+ if (s === a.TwoFactorRequired) {
2600
+ const n = o;
2601
+ this.setPartialAuthState(n.email, n.challengeId, n.tfaToken);
2502
2602
  }
2503
2603
  }
2504
2604
  };
2505
- this.subscribeStore.subscribe(s, [a.TwoFactorRequired]);
2605
+ this.subscribeStore.subscribe(r, [a.TwoFactorRequired]);
2506
2606
  }
2507
2607
  /**
2508
2608
  * Emit error event and throw the error
2509
2609
  * Helper method to ensure errors are properly emitted to subscribers
2510
2610
  */
2511
2611
  emitErrorAndThrow(e, t) {
2512
- const s = e, r = {
2612
+ const r = e, s = {
2513
2613
  message: e instanceof Error ? e.message : `${t} failed`,
2514
2614
  originalError: e,
2515
- code: s?.id || void 0
2615
+ code: r?.id || void 0
2516
2616
  };
2517
- throw this.subscribeStore.notify(a.Error, r), e;
2617
+ throw this.subscribeStore.notify(a.Error, s), e;
2518
2618
  }
2519
2619
  /**
2520
2620
  * Get 2FA enrollment status for current user
@@ -2585,24 +2685,24 @@ class Me {
2585
2685
  */
2586
2686
  async useRecoveryCode(e) {
2587
2687
  try {
2588
- const t = _e(e);
2688
+ const t = Ee(e);
2589
2689
  if (!t)
2590
2690
  throw new Error("Invalid recovery code format. Expected format: XXXX-XXXX or XXXXXXXX (alphanumeric).");
2591
2691
  if (this.recoverPartialAuthState(), !this.isVerificationRequired())
2592
2692
  throw new Error("2FA verification expired or not required. User must sign in first.");
2593
2693
  if (!this.partialAuthState?.tfaToken)
2594
2694
  throw new Error("No TFA token found. User must sign in first.");
2595
- const s = await this.twoFactorApi.useRecoveryCode({
2695
+ const r = await this.twoFactorApi.useRecoveryCode({
2596
2696
  recovery_code: t,
2597
2697
  tfa_token: this.partialAuthState.tfaToken
2598
2698
  });
2599
- return this.clearPartialAuthState(), s.remaining_recovery_codes === 0 ? this.subscribeStore.notify(a.TwoFactorRecoveryCodesExhausted, { tokens: s }) : s.remaining_recovery_codes <= 2 && this.subscribeStore.notify(a.TwoFactorRecoveryCodesLow, {
2600
- tokens: s,
2601
- remainingCodes: s.remaining_recovery_codes
2699
+ return this.clearPartialAuthState(), r.remaining_recovery_codes === 0 ? this.subscribeStore.notify(a.TwoFactorRecoveryCodesExhausted, { tokens: r }) : r.remaining_recovery_codes <= 2 && this.subscribeStore.notify(a.TwoFactorRecoveryCodesLow, {
2700
+ tokens: r,
2701
+ remainingCodes: r.remaining_recovery_codes
2602
2702
  }), this.subscribeStore.notify(a.TwoFactorRecoveryUsed, {
2603
- tokens: s,
2604
- remainingCodes: s.remaining_recovery_codes
2605
- }), this.subscribeStore.notify(a.TwoFactorVerified, { tokens: s }), s;
2703
+ tokens: r,
2704
+ remainingCodes: r.remaining_recovery_codes
2705
+ }), this.subscribeStore.notify(a.TwoFactorVerified, { tokens: r }), r;
2606
2706
  } catch (t) {
2607
2707
  this.emitErrorAndThrow(t, "Use recovery code");
2608
2708
  }
@@ -2627,8 +2727,8 @@ class Me {
2627
2727
  if (!R(e, this.totpDigits))
2628
2728
  throw new Error(`Invalid TOTP code format. Code must be exactly ${this.totpDigits} digits.`);
2629
2729
  try {
2630
- const t = await this.twoFactorApi.regenerateRecoveryCodes({ code: e }), s = [...t.recovery_codes];
2631
- return t.recovery_codes = [], t.recovery_codes = s, t;
2730
+ const t = await this.twoFactorApi.regenerateRecoveryCodes({ code: e }), r = [...t.recovery_codes];
2731
+ return t.recovery_codes = [], t.recovery_codes = r, t;
2632
2732
  } catch (t) {
2633
2733
  this.emitErrorAndThrow(t, "Regenerate recovery codes");
2634
2734
  }
@@ -2644,11 +2744,11 @@ class Me {
2644
2744
  * Set partial auth state when login requires 2FA
2645
2745
  * Called internally via event listener when AuthService emits TwoFactorRequired
2646
2746
  */
2647
- setPartialAuthState(e, t, s) {
2747
+ setPartialAuthState(e, t, r) {
2648
2748
  if (this.partialAuthState = {
2649
2749
  email: e,
2650
2750
  challengeId: t,
2651
- tfaToken: s,
2751
+ tfaToken: r,
2652
2752
  timestamp: Date.now(),
2653
2753
  expiresAt: Date.now() + this.PARTIAL_AUTH_TIMEOUT_MS
2654
2754
  }, typeof sessionStorage < "u")
@@ -2762,8 +2862,133 @@ class Me {
2762
2862
  getTotpDigits() {
2763
2863
  return this.totpDigits;
2764
2864
  }
2865
+ // ============================================
2866
+ // v2 Multi-Method 2FA Service Methods
2867
+ // ============================================
2868
+ /**
2869
+ * Get available 2FA methods for current user
2870
+ */
2871
+ async getAvailableMethods() {
2872
+ try {
2873
+ return await this.twoFactorApi.getAvailableMethods();
2874
+ } catch (e) {
2875
+ this.emitErrorAndThrow(e, "Get available 2FA methods");
2876
+ }
2877
+ }
2878
+ /**
2879
+ * Get registered 2FA methods for current user
2880
+ */
2881
+ async getRegisteredMethods() {
2882
+ try {
2883
+ return await this.twoFactorApi.getRegisteredMethods();
2884
+ } catch (e) {
2885
+ this.emitErrorAndThrow(e, "Get registered 2FA methods");
2886
+ }
2887
+ }
2888
+ /**
2889
+ * Begin 2FA method setup
2890
+ */
2891
+ async beginMethodSetup(e) {
2892
+ try {
2893
+ const t = await this.twoFactorApi.beginMethodSetup(e);
2894
+ return this.subscribeStore.notify(a.TwoFactorSetupStarted, { secret: "", method: e }), t;
2895
+ } catch (t) {
2896
+ this.emitErrorAndThrow(t, "Begin 2FA method setup");
2897
+ }
2898
+ }
2899
+ /**
2900
+ * Confirm 2FA method setup
2901
+ */
2902
+ async confirmMethodSetup(e, t) {
2903
+ try {
2904
+ const r = await this.twoFactorApi.confirmMethodSetup(e, t);
2905
+ return this.subscribeStore.notify(a.TwoFactorEnabled, {
2906
+ recoveryCodes: [],
2907
+ clearRecoveryCodes: () => {
2908
+ }
2909
+ }), r;
2910
+ } catch (r) {
2911
+ this.emitErrorAndThrow(r, "Confirm 2FA method setup");
2912
+ }
2913
+ }
2914
+ /**
2915
+ * Remove registered 2FA method
2916
+ */
2917
+ async removeMethod(e) {
2918
+ try {
2919
+ await this.twoFactorApi.removeMethod(e);
2920
+ } catch (t) {
2921
+ this.emitErrorAndThrow(t, "Remove 2FA method");
2922
+ }
2923
+ }
2924
+ /**
2925
+ * Request 2FA challenge during login
2926
+ */
2927
+ async requestChallenge(e) {
2928
+ try {
2929
+ const t = await this.twoFactorApi.requestChallenge(e);
2930
+ return this.subscribeStore.notify(a.TwoFactorChallengeReceived, {
2931
+ challengeId: t.challenge_id,
2932
+ method: t.method,
2933
+ alternativeMethods: t.alternative_methods
2934
+ }), t;
2935
+ } catch (t) {
2936
+ this.emitErrorAndThrow(t, "Request 2FA challenge");
2937
+ }
2938
+ }
2939
+ /**
2940
+ * Verify 2FA challenge (v2)
2941
+ */
2942
+ async verifyV2(e) {
2943
+ try {
2944
+ const t = await this.twoFactorApi.verifyV2(e);
2945
+ return t.success && (this.subscribeStore.notify(a.TwoFactorVerified, {
2946
+ tokens: {
2947
+ access_token: t.access_token,
2948
+ refresh_token: t.refresh_token
2949
+ }
2950
+ }), t.device_trusted && this.subscribeStore.notify(a.TwoFactorDeviceTrusted, {})), t;
2951
+ } catch (t) {
2952
+ this.emitErrorAndThrow(t, "Verify 2FA challenge");
2953
+ }
2954
+ }
2955
+ /**
2956
+ * Switch to alternative 2FA method during challenge
2957
+ */
2958
+ async switchToAlternative(e) {
2959
+ try {
2960
+ const t = await this.twoFactorApi.switchToAlternative(e);
2961
+ return this.subscribeStore.notify(a.TwoFactorMethodSwitched, {
2962
+ challengeId: t.challenge_id,
2963
+ method: t.method,
2964
+ alternativeMethods: t.alternative_methods
2965
+ }), t;
2966
+ } catch (t) {
2967
+ this.emitErrorAndThrow(t, "Switch to alternative 2FA method");
2968
+ }
2969
+ }
2970
+ /**
2971
+ * Get trusted devices
2972
+ */
2973
+ async getTrustedDevices() {
2974
+ try {
2975
+ return await this.twoFactorApi.getTrustedDevices();
2976
+ } catch (e) {
2977
+ this.emitErrorAndThrow(e, "Get trusted devices");
2978
+ }
2979
+ }
2980
+ /**
2981
+ * Revoke trusted device
2982
+ */
2983
+ async revokeTrustedDevice(e) {
2984
+ try {
2985
+ await this.twoFactorApi.revokeTrustedDevice(e);
2986
+ } catch (t) {
2987
+ this.emitErrorAndThrow(t, "Revoke trusted device");
2988
+ }
2989
+ }
2765
2990
  }
2766
- class Fe {
2991
+ class Pe {
2767
2992
  constructor(e, t) {
2768
2993
  this.userAPI = e, this.deviceService = t;
2769
2994
  }
@@ -2799,33 +3024,33 @@ class Fe {
2799
3024
  async addUserPasskey({
2800
3025
  relyingPartyId: e,
2801
3026
  passkeyUsername: t,
2802
- passkeyDisplayName: s
3027
+ passkeyDisplayName: r
2803
3028
  } = {}) {
2804
- const r = this.deviceService.getDeviceId(), n = I.web, { challenge_id: o, publicKey: d } = await this.userAPI.addUserPasskeyStart({
3029
+ const s = this.deviceService.getDeviceId(), o = b.web, { challenge_id: n, publicKey: d } = await this.userAPI.addUserPasskeyStart({
2805
3030
  relyingPartyId: e || window?.location?.hostname,
2806
- deviceId: r,
2807
- os: n,
2808
- passkeyDisplayName: s,
3031
+ deviceId: s,
3032
+ os: o,
3033
+ passkeyDisplayName: r,
2809
3034
  passkeyUsername: t
2810
3035
  });
2811
3036
  d.user.id = btoa(d.user.id);
2812
- const c = await K({ optionsJSON: d });
2813
- return await this.userAPI.addUserPasskeyComplete(c, r, o);
3037
+ const h = await K({ optionsJSON: d });
3038
+ return await this.userAPI.addUserPasskeyComplete(h, s, n);
2814
3039
  }
2815
3040
  }
2816
3041
  const O = class O {
2817
3042
  constructor(e) {
2818
3043
  this.doRefreshTokens = !1, this.origin = window.location.origin, this.session = async ({
2819
- createSession: n,
2820
- expiredSession: o,
3044
+ createSession: o,
3045
+ expiredSession: n,
2821
3046
  doRefresh: d = !1
2822
3047
  }) => {
2823
- this.createSessionCallback = n, this.expiredSessionCallback = o, this.doRefreshTokens = d, await this.submitSessionCheck();
3048
+ this.createSessionCallback = o, this.expiredSessionCallback = n, this.doRefreshTokens = d, await this.submitSessionCheck();
2824
3049
  };
2825
- const { url: t, appId: s, scopes: r } = e;
2826
- this.url = t || G, this.appId = s, this.storageManager = new $({
3050
+ const { url: t, appId: r, scopes: s } = e;
3051
+ this.url = t || V, this.appId = r, this.storageManager = new $({
2827
3052
  prefix: e.keyStoragePrefix ?? ""
2828
- }), this.deviceService = new B(this.storageManager), this.authApi = new fe(e, this.storageManager, this.deviceService), this.appApi = new pe(e, this.storageManager, this.deviceService), this.userApi = new Se(e, this.storageManager, this.deviceService), this.settingApi = new ye(e, this.storageManager, this.deviceService), this.tenantApi = new ve(e, this.storageManager, this.deviceService), this.invitationApi = new ke(e, this.storageManager, this.deviceService), this.twoFactorApi = new me(e, this.storageManager, this.deviceService), this.subscribeStore = new we(), this.tokenCacheService = new De(this.storageManager, this.authApi, this.subscribeStore), this.scopes = r ?? Q, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new Ie(
3053
+ }), this.deviceService = new B(this.storageManager), this.authApi = new fe(e, this.storageManager, this.deviceService), this.appApi = new pe(e, this.storageManager, this.deviceService), this.userApi = new Se(e, this.storageManager, this.deviceService), this.settingApi = new ve(e, this.storageManager, this.deviceService), this.tenantApi = new ye(e, this.storageManager, this.deviceService), this.invitationApi = new ke(e, this.storageManager, this.deviceService), this.twoFactorApi = new me(e, this.storageManager, this.deviceService), this.subscribeStore = new we(), this.tokenCacheService = new Fe(this.storageManager, this.authApi, this.subscribeStore), this.scopes = s ?? Q, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new Ie(
2829
3054
  this.authApi,
2830
3055
  this.deviceService,
2831
3056
  this.storageManager,
@@ -2841,7 +3066,7 @@ const O = class O {
2841
3066
  },
2842
3067
  this.appId ?? "",
2843
3068
  e.tokenExchange
2844
- ), this.userService = new Fe(this.userApi, this.deviceService), this.tenantService = new Pe(this.tenantApi, this.scopes), this.tenant = this.tenantService, this.invitationService = new be(this.invitationApi), this.twoFactorService = new Me(this.twoFactorApi, this.subscribeStore), this.twoFactor = this.twoFactorService, e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
3069
+ ), this.userService = new Pe(this.userApi, this.deviceService), this.tenantService = new Me(this.tenantApi, this.scopes), this.tenant = this.tenantService, this.invitationService = new be(this.invitationApi), this.twoFactorService = new De(this.twoFactorApi, this.subscribeStore), this.twoFactor = this.twoFactorService, e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
2845
3070
  }
2846
3071
  /**
2847
3072
  * Update the appId and propagate it to all API clients.
@@ -2862,12 +3087,12 @@ const O = class O {
2862
3087
  let e, t;
2863
3088
  try {
2864
3089
  e = await this.authService.getTokens(this.doRefreshTokens), t = this.tokenCacheService.getParsedTokens();
2865
- } catch (s) {
2866
- const r = {
2867
- message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
2868
- originalError: s
3090
+ } catch (r) {
3091
+ const s = {
3092
+ message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
3093
+ originalError: r
2869
3094
  };
2870
- this.subscribeStore.notify(a.Error, r), e = void 0;
3095
+ this.subscribeStore.notify(a.Error, s), e = void 0;
2871
3096
  }
2872
3097
  e && this.createSessionCallback && await this.createSessionCallback({ tokens: e, parsedTokens: t }), !e && this.expiredSessionCallback && await this.expiredSessionCallback();
2873
3098
  }
@@ -2942,50 +3167,50 @@ const O = class O {
2942
3167
  checkAndSetTokens() {
2943
3168
  let e = new URLSearchParams(window.location.search), t = !1;
2944
3169
  if (!e.get("access_token") && window.location.hash) {
2945
- const c = new URLSearchParams(window.location.hash.substring(1));
2946
- c.get("access_token") && (e = c, t = !0);
3170
+ const h = new URLSearchParams(window.location.hash.substring(1));
3171
+ h.get("access_token") && (e = h, t = !0);
2947
3172
  }
2948
- const s = e.get("access_token"), r = e.get("refresh_token"), n = e.get("id_token"), o = e.get("scopes")?.split(",") ?? this.scopes;
3173
+ const r = e.get("access_token"), s = e.get("refresh_token"), o = e.get("id_token"), n = e.get("scopes")?.split(",") ?? this.scopes;
2949
3174
  let d;
2950
- if (s) {
2951
- if (!M(s)) {
2952
- const c = {
3175
+ if (r) {
3176
+ if (!D(r)) {
3177
+ const h = {
2953
3178
  message: "Invalid access token format received",
2954
3179
  code: "INVALID_TOKEN_FORMAT"
2955
3180
  };
2956
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3181
+ this.subscribeStore.notify(a.Error, h), this.cleanupUrlParams(t);
2957
3182
  return;
2958
3183
  }
2959
- if (r && !M(r)) {
2960
- const c = {
3184
+ if (s && !D(s)) {
3185
+ const h = {
2961
3186
  message: "Invalid refresh token format received",
2962
3187
  code: "INVALID_TOKEN_FORMAT"
2963
3188
  };
2964
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3189
+ this.subscribeStore.notify(a.Error, h), this.cleanupUrlParams(t);
2965
3190
  return;
2966
3191
  }
2967
- if (n && !M(n)) {
2968
- const c = {
3192
+ if (o && !D(o)) {
3193
+ const h = {
2969
3194
  message: "Invalid ID token format received",
2970
3195
  code: "INVALID_TOKEN_FORMAT"
2971
3196
  };
2972
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3197
+ this.subscribeStore.notify(a.Error, h), this.cleanupUrlParams(t);
2973
3198
  return;
2974
3199
  }
2975
3200
  return d = {
2976
- access_token: s,
2977
- refresh_token: r ?? void 0,
2978
- id_token: n ?? void 0,
2979
- scopes: o
2980
- }, this.storageManager.saveTokens(d), this.tokenCacheService.setTokensCache(d), this.subscribeStore.notify(a.SignIn, { tokens: d, parsedTokens: this.getParsedTokens() }), this.submitSessionCheck(), this.cleanupUrlParams(t), this.error = void 0, d;
3201
+ access_token: r,
3202
+ refresh_token: s ?? void 0,
3203
+ id_token: o ?? void 0,
3204
+ scopes: n
3205
+ }, this.storageManager.clearDeliveryMode(), this.storageManager.saveTokens(d), this.tokenCacheService.setTokensCache(d), this.subscribeStore.notify(a.SignIn, { tokens: d, parsedTokens: this.getParsedTokens() }), this.submitSessionCheck(), this.cleanupUrlParams(t), this.error = void 0, d;
2981
3206
  } else
2982
3207
  this.error = this.checkErrorsFromURL();
2983
3208
  }
2984
3209
  checkErrorsFromURL() {
2985
3210
  const t = new URLSearchParams(window.location.search).get("error");
2986
3211
  if (t) {
2987
- const s = Te(t);
2988
- return new Error(s);
3212
+ const r = Te(t);
3213
+ return new Error(r);
2989
3214
  }
2990
3215
  }
2991
3216
  cleanupUrlParams(e = !1) {
@@ -2997,7 +3222,19 @@ const O = class O {
2997
3222
  }
2998
3223
  }
2999
3224
  setTokensToCacheFromLocalStorage() {
3000
- const e = this.storageManager.getTokens();
3225
+ let e = this.storageManager.getTokens();
3226
+ if (!e?.access_token && this.storageManager.getDeliveryMode()) {
3227
+ if (e?.id_token && this.storageManager.hasCookieModeIdToken()) {
3228
+ this.tokenCacheService.setTokensCache(e);
3229
+ return;
3230
+ }
3231
+ if (this.storageManager.hasJsonModeTokens())
3232
+ this.storageManager.clearDeliveryMode(), e = this.storageManager.getTokens();
3233
+ else {
3234
+ this.storageManager.deleteTokens();
3235
+ return;
3236
+ }
3237
+ }
3001
3238
  e && this.tokenCacheService.setTokensCache(e);
3002
3239
  }
3003
3240
  /**
@@ -3195,12 +3432,12 @@ const O = class O {
3195
3432
  * @throws The original error after handling
3196
3433
  */
3197
3434
  handleError(e, t) {
3198
- const s = {
3435
+ const r = {
3199
3436
  message: e instanceof Error ? e.message : `${t} failed`,
3200
3437
  originalError: e,
3201
3438
  code: e instanceof u ? e.id : void 0
3202
3439
  };
3203
- throw this.subscribeStore.notify(a.Error, s), e;
3440
+ throw this.subscribeStore.notify(a.Error, r), e;
3204
3441
  }
3205
3442
  /**
3206
3443
  * Sign out the current user and clear all tokens.
@@ -3611,8 +3848,8 @@ const O = class O {
3611
3848
  async renameUserPasskey(e, t) {
3612
3849
  try {
3613
3850
  return await this.userService.renameUserPasskey(e, t);
3614
- } catch (s) {
3615
- this.handleError(s, "Rename user passkey");
3851
+ } catch (r) {
3852
+ this.handleError(r, "Rename user passkey");
3616
3853
  }
3617
3854
  }
3618
3855
  /**
@@ -3672,10 +3909,10 @@ const O = class O {
3672
3909
  */
3673
3910
  async joinInvitation(e, t) {
3674
3911
  try {
3675
- const s = await this.tenant.joinInvitation(e, t);
3676
- return s.scopes = t ?? this.scopes, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), s;
3677
- } catch (s) {
3678
- this.handleError(s, "Join invitation");
3912
+ const r = await this.tenant.joinInvitation(e, t);
3913
+ return r.scopes = t ?? this.scopes, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), r;
3914
+ } catch (r) {
3915
+ this.handleError(r, "Join invitation");
3679
3916
  }
3680
3917
  }
3681
3918
  /**
@@ -3686,10 +3923,10 @@ const O = class O {
3686
3923
  */
3687
3924
  async createTenant(e, t) {
3688
3925
  try {
3689
- const s = await this.tenant.createTenant(e);
3690
- return t && await this.refreshToken(), s;
3691
- } catch (s) {
3692
- this.handleError(s, "Create tenant");
3926
+ const r = await this.tenant.createTenant(e);
3927
+ return t && await this.refreshToken(), r;
3928
+ } catch (r) {
3929
+ this.handleError(r, "Create tenant");
3693
3930
  }
3694
3931
  }
3695
3932
  // Invitation methods delegated to InvitationService
@@ -4163,15 +4400,15 @@ class l extends Error {
4163
4400
  /**
4164
4401
  * Create an M2MError from an OAuth 2.0 error response
4165
4402
  */
4166
- static fromOAuthError(e, t, s) {
4167
- const r = s ? l.parseRateLimitHeaders(s) : void 0;
4403
+ static fromOAuthError(e, t, r) {
4404
+ const s = r ? l.parseRateLimitHeaders(r) : void 0;
4168
4405
  return new l({
4169
4406
  code: e.error,
4170
4407
  message: e.error_description ?? l.getDefaultMessage(e.error),
4171
4408
  status: t,
4172
4409
  errorUri: e.error_uri,
4173
- rateLimitInfo: r,
4174
- headers: s
4410
+ rateLimitInfo: s,
4411
+ headers: r
4175
4412
  });
4176
4413
  }
4177
4414
  /**
@@ -4189,12 +4426,12 @@ class l extends Error {
4189
4426
  * Parse rate limit headers from response
4190
4427
  */
4191
4428
  static parseRateLimitHeaders(e) {
4192
- const t = e["x-ratelimit-limit"], s = e["x-ratelimit-remaining"], r = e["x-ratelimit-reset"] || e["retry-after"];
4193
- if (t && s && r)
4429
+ const t = e["x-ratelimit-limit"], r = e["x-ratelimit-remaining"], s = e["x-ratelimit-reset"] || e["retry-after"];
4430
+ if (t && r && s)
4194
4431
  return {
4195
4432
  limit: parseInt(t, 10),
4196
- remaining: parseInt(s, 10),
4197
- reset: parseInt(r, 10)
4433
+ remaining: parseInt(r, 10),
4434
+ reset: parseInt(s, 10)
4198
4435
  };
4199
4436
  }
4200
4437
  /**
@@ -4261,7 +4498,7 @@ class N extends l {
4261
4498
  }), this.name = "M2MNetworkError";
4262
4499
  }
4263
4500
  }
4264
- class P extends l {
4501
+ class M extends l {
4265
4502
  constructor(e, t) {
4266
4503
  super({
4267
4504
  code: "invalid_request",
@@ -4280,7 +4517,7 @@ class U extends l {
4280
4517
  }), this.name = "M2MConfigError";
4281
4518
  }
4282
4519
  }
4283
- const Ge = {
4520
+ const Ve = {
4284
4521
  InvalidRequest: "invalid_request",
4285
4522
  InvalidClient: "invalid_client",
4286
4523
  InvalidGrant: "invalid_grant",
@@ -4290,7 +4527,7 @@ const Ge = {
4290
4527
  RateLimitExceeded: "rate_limit_exceeded",
4291
4528
  ServerError: "server_error",
4292
4529
  TemporarilyUnavailable: "temporarily_unavailable"
4293
- }, S = {
4530
+ }, w = {
4294
4531
  /** Default token endpoint path */
4295
4532
  TOKEN_ENDPOINT: "/oauth2/token",
4296
4533
  /** Default request timeout in milliseconds */
@@ -4312,10 +4549,10 @@ class xe {
4312
4549
  const t = this.cache.get(e);
4313
4550
  return t ? Date.now() >= t.expiresAt ? (this.cache.delete(e), Promise.resolve(null)) : Promise.resolve(t.token) : Promise.resolve(null);
4314
4551
  }
4315
- set(e, t, s) {
4552
+ set(e, t, r) {
4316
4553
  return this.cache.set(e, {
4317
4554
  token: t,
4318
- expiresAt: Date.now() + s * 1e3
4555
+ expiresAt: Date.now() + r * 1e3
4319
4556
  }), Promise.resolve();
4320
4557
  }
4321
4558
  delete(e) {
@@ -4330,7 +4567,7 @@ const Ue = {
4330
4567
  return Math.pow(2, i - 1) * 1e3;
4331
4568
  }
4332
4569
  };
4333
- class Ve {
4570
+ class Ge {
4334
4571
  /**
4335
4572
  * Create a new M2M client
4336
4573
  *
@@ -4361,23 +4598,23 @@ class Ve {
4361
4598
  scopes: e.scopes,
4362
4599
  audience: e.audience,
4363
4600
  autoRefresh: e.autoRefresh ?? !1,
4364
- refreshThreshold: e.refreshThreshold ?? S.REFRESH_THRESHOLD,
4365
- timeout: e.timeout ?? S.TIMEOUT,
4366
- retries: e.retries ?? S.RETRIES,
4367
- retryDelay: e.retryDelay ?? S.RETRY_DELAY,
4601
+ refreshThreshold: e.refreshThreshold ?? w.REFRESH_THRESHOLD,
4602
+ timeout: e.timeout ?? w.TIMEOUT,
4603
+ retries: e.retries ?? w.RETRIES,
4604
+ retryDelay: e.retryDelay ?? w.RETRY_DELAY,
4368
4605
  retryStrategy: e.retryStrategy,
4369
4606
  cache: e.cache,
4370
4607
  onTokenRequest: e.onTokenRequest,
4371
4608
  onTokenResponse: e.onTokenResponse,
4372
4609
  onError: e.onError
4373
- }, this.cache = e.cache ?? new xe(), this.retryStrategy = e.retryStrategy ?? Ue, this.tokenEndpoint = `${t}${S.TOKEN_ENDPOINT}`;
4610
+ }, this.cache = e.cache ?? new xe(), this.retryStrategy = e.retryStrategy ?? Ue, this.tokenEndpoint = `${t}${w.TOKEN_ENDPOINT}`;
4374
4611
  }
4375
4612
  /**
4376
4613
  * Get the cache key for this client
4377
4614
  */
4378
4615
  getCacheKey(e, t) {
4379
- const s = e?.sort().join(",") || "", r = t?.sort().join(",") || "";
4380
- return `m2m:${this.config.clientId}:${s}:${r}`;
4616
+ const r = e?.sort().join(",") || "", s = t?.sort().join(",") || "";
4617
+ return `m2m:${this.config.clientId}:${r}:${s}`;
4381
4618
  }
4382
4619
  /**
4383
4620
  * Request an access token from the authorization server
@@ -4399,13 +4636,13 @@ class Ve {
4399
4636
  * ```
4400
4637
  */
4401
4638
  async getToken(e) {
4402
- const t = e?.scopes ?? this.config.scopes, s = e?.audience ?? this.config.audience, r = this.getCacheKey(t, s);
4639
+ const t = e?.scopes ?? this.config.scopes, r = e?.audience ?? this.config.audience, s = this.getCacheKey(t, r);
4403
4640
  if (!e?.forceRefresh) {
4404
- const n = await this.cache.get(r);
4405
- if (n && !this.isTokenExpired(n))
4406
- return n;
4641
+ const o = await this.cache.get(s);
4642
+ if (o && !this.isTokenExpired(o))
4643
+ return o;
4407
4644
  }
4408
- return this.requestToken(t, s, r);
4645
+ return this.requestToken(t, r, s);
4409
4646
  }
4410
4647
  /**
4411
4648
  * Get a valid token, automatically refreshing if needed
@@ -4423,32 +4660,32 @@ class Ve {
4423
4660
  * ```
4424
4661
  */
4425
4662
  async getValidToken() {
4426
- const e = this.config.scopes, t = this.config.audience, s = this.getCacheKey(e, t), r = await this.cache.get(s);
4427
- if (r) {
4428
- if (this.config.autoRefresh && this.isTokenExpired(r, this.config.refreshThreshold))
4429
- return this.requestToken(e, t, s);
4430
- if (!this.isTokenExpired(r))
4431
- return r;
4663
+ const e = this.config.scopes, t = this.config.audience, r = this.getCacheKey(e, t), s = await this.cache.get(r);
4664
+ if (s) {
4665
+ if (this.config.autoRefresh && this.isTokenExpired(s, this.config.refreshThreshold))
4666
+ return this.requestToken(e, t, r);
4667
+ if (!this.isTokenExpired(s))
4668
+ return s;
4432
4669
  }
4433
- return this.requestToken(e, t, s);
4670
+ return this.requestToken(e, t, r);
4434
4671
  }
4435
4672
  /**
4436
4673
  * Request a new token from the authorization server
4437
4674
  */
4438
- async requestToken(e, t, s) {
4439
- const r = {
4675
+ async requestToken(e, t, r) {
4676
+ const s = {
4440
4677
  grant_type: "client_credentials",
4441
4678
  client_id: this.config.clientId,
4442
4679
  client_secret: this.config.clientSecret
4443
4680
  };
4444
- e && e.length > 0 && (r.scope = e.join(" ")), t && t.length > 0 && (r.audience = t.join(" ")), this.config.onTokenRequest && this.config.onTokenRequest({
4681
+ e && e.length > 0 && (s.scope = e.join(" ")), t && t.length > 0 && (s.audience = t.join(" ")), this.config.onTokenRequest && this.config.onTokenRequest({
4445
4682
  clientId: this.config.clientId,
4446
4683
  scopes: e ?? [],
4447
4684
  audience: t ?? [],
4448
4685
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
4449
4686
  });
4450
- const n = await this.executeWithRetry(() => this.doTokenRequest(r));
4451
- return n.issued_at = Math.floor(Date.now() / 1e3), s && await this.cache.set(s, n, n.expires_in), this.config.onTokenResponse && this.config.onTokenResponse(n), n;
4687
+ const o = await this.executeWithRetry(() => this.doTokenRequest(s));
4688
+ return o.issued_at = Math.floor(Date.now() / 1e3), r && await this.cache.set(r, o, o.expires_in), this.config.onTokenResponse && this.config.onTokenResponse(o), o;
4452
4689
  }
4453
4690
  /**
4454
4691
  * Execute the actual HTTP request to the token endpoint
@@ -4456,41 +4693,41 @@ class Ve {
4456
4693
  async doTokenRequest(e) {
4457
4694
  const t = new URLSearchParams();
4458
4695
  t.append("grant_type", e.grant_type), t.append("client_id", e.client_id), t.append("client_secret", e.client_secret), e.scope && t.append("scope", e.scope), e.audience && t.append("audience", e.audience);
4459
- const s = new AbortController(), r = setTimeout(() => s.abort(), this.config.timeout);
4696
+ const r = new AbortController(), s = setTimeout(() => r.abort(), this.config.timeout);
4460
4697
  try {
4461
- const n = await fetch(this.tokenEndpoint, {
4698
+ const o = await fetch(this.tokenEndpoint, {
4462
4699
  method: "POST",
4463
4700
  headers: {
4464
- "Content-Type": S.CONTENT_TYPE,
4701
+ "Content-Type": w.CONTENT_TYPE,
4465
4702
  Accept: "application/json"
4466
4703
  },
4467
4704
  body: t.toString(),
4468
- signal: s.signal
4705
+ signal: r.signal
4469
4706
  });
4470
- clearTimeout(r);
4471
- const o = {};
4472
- n.headers.forEach((c, g) => {
4473
- o[g.toLowerCase()] = c;
4707
+ clearTimeout(s);
4708
+ const n = {};
4709
+ o.headers.forEach((h, g) => {
4710
+ n[g.toLowerCase()] = h;
4474
4711
  });
4475
- const d = await n.json();
4476
- if (!n.ok) {
4477
- const c = l.fromOAuthError(
4712
+ const d = await o.json();
4713
+ if (!o.ok) {
4714
+ const h = l.fromOAuthError(
4478
4715
  {
4479
4716
  error: d.error || "server_error",
4480
4717
  error_description: d.error_description || d.message,
4481
4718
  error_uri: d.error_uri
4482
4719
  },
4483
- n.status,
4484
- o
4720
+ o.status,
4721
+ n
4485
4722
  );
4486
4723
  throw this.config.onError && this.config.onError({
4487
- error: c.code,
4488
- error_description: c.message
4489
- }), c;
4724
+ error: h.code,
4725
+ error_description: h.message
4726
+ }), h;
4490
4727
  }
4491
4728
  return d;
4492
- } catch (n) {
4493
- throw clearTimeout(r), n instanceof Error && n.name === "AbortError" ? new N(`Request timed out after ${this.config.timeout}ms`) : n instanceof TypeError && n.message.includes("fetch") ? new N(`Network error: ${n.message}`, n) : n instanceof l ? n : l.fromError(n instanceof Error ? n : new Error(String(n)));
4729
+ } catch (o) {
4730
+ throw clearTimeout(s), o instanceof Error && o.name === "AbortError" ? new N(`Request timed out after ${this.config.timeout}ms`) : o instanceof TypeError && o.message.includes("fetch") ? new N(`Network error: ${o.message}`, o) : o instanceof l ? o : l.fromError(o instanceof Error ? o : new Error(String(o)));
4494
4731
  }
4495
4732
  }
4496
4733
  /**
@@ -4498,18 +4735,18 @@ class Ve {
4498
4735
  */
4499
4736
  async executeWithRetry(e) {
4500
4737
  let t;
4501
- for (let s = 1; s <= this.config.retries; s++)
4738
+ for (let r = 1; r <= this.config.retries; r++)
4502
4739
  try {
4503
4740
  return await e();
4504
- } catch (r) {
4505
- if (!(r instanceof l))
4506
- throw r;
4507
- if (t = r, s < this.config.retries && this.retryStrategy.shouldRetry({ code: r.code, status: r.status }, s)) {
4508
- const n = this.retryStrategy.getDelay(s);
4509
- await this.sleep(n);
4741
+ } catch (s) {
4742
+ if (!(s instanceof l))
4743
+ throw s;
4744
+ if (t = s, r < this.config.retries && this.retryStrategy.shouldRetry({ code: s.code, status: s.status }, r)) {
4745
+ const o = this.retryStrategy.getDelay(r);
4746
+ await this.sleep(o);
4510
4747
  continue;
4511
4748
  }
4512
- throw r;
4749
+ throw s;
4513
4750
  }
4514
4751
  throw t ?? new l({ code: "server_error", message: "Request failed after retries" });
4515
4752
  }
@@ -4563,8 +4800,8 @@ class Ve {
4563
4800
  */
4564
4801
  isTokenExpired(e, t = 0) {
4565
4802
  if (!e) return !0;
4566
- const s = Math.floor(Date.now() / 1e3), n = (e.issued_at ?? s - e.expires_in) + e.expires_in;
4567
- return s >= n - t;
4803
+ const r = Math.floor(Date.now() / 1e3), o = (e.issued_at ?? r - e.expires_in) + e.expires_in;
4804
+ return r >= o - t;
4568
4805
  }
4569
4806
  /**
4570
4807
  * Parse token claims from a JWT access token
@@ -4585,14 +4822,14 @@ class Ve {
4585
4822
  try {
4586
4823
  const t = e.split(".");
4587
4824
  if (t.length !== 3)
4588
- throw new P("Invalid JWT format: expected 3 parts");
4589
- const s = t[1];
4590
- if (!s)
4591
- throw new P("Invalid JWT format: missing payload");
4592
- const r = atob(s.replace(/-/g, "+").replace(/_/g, "/")), n = JSON.parse(r);
4593
- return n.scopes && typeof n.scopes == "string" ? n.scopes = n.scopes.split(" ") : n.scopes || (n.scopes = []), n;
4825
+ throw new M("Invalid JWT format: expected 3 parts");
4826
+ const r = t[1];
4827
+ if (!r)
4828
+ throw new M("Invalid JWT format: missing payload");
4829
+ const s = atob(r.replace(/-/g, "+").replace(/_/g, "/")), o = JSON.parse(s);
4830
+ return o.scopes && typeof o.scopes == "string" ? o.scopes = o.scopes.split(" ") : o.scopes || (o.scopes = []), o;
4594
4831
  } catch (t) {
4595
- throw t instanceof P ? t : new P(`Failed to parse token: ${t instanceof Error ? t.message : "Unknown error"}`);
4832
+ throw t instanceof M ? t : new M(`Failed to parse token: ${t instanceof Error ? t.message : "Unknown error"}`);
4596
4833
  }
4597
4834
  }
4598
4835
  /**
@@ -4627,29 +4864,29 @@ class Ve {
4627
4864
  const e = this.getCachedToken();
4628
4865
  if (!e)
4629
4866
  return;
4630
- const t = `${this.config.url}/oauth2/revoke`, s = new URLSearchParams();
4631
- s.append("token", e.access_token), s.append("client_id", this.config.clientId), s.append("client_secret", this.config.clientSecret);
4867
+ const t = `${this.config.url}/oauth2/revoke`, r = new URLSearchParams();
4868
+ r.append("token", e.access_token), r.append("client_id", this.config.clientId), r.append("client_secret", this.config.clientSecret);
4632
4869
  try {
4633
- const r = await fetch(t, {
4870
+ const s = await fetch(t, {
4634
4871
  method: "POST",
4635
4872
  headers: {
4636
- "Content-Type": S.CONTENT_TYPE
4873
+ "Content-Type": w.CONTENT_TYPE
4637
4874
  },
4638
- body: s.toString()
4875
+ body: r.toString()
4639
4876
  });
4640
- if (!r.ok && r.status !== 200) {
4641
- const n = await r.json().catch(() => ({}));
4877
+ if (!s.ok && s.status !== 200) {
4878
+ const o = await s.json().catch(() => ({}));
4642
4879
  throw l.fromOAuthError(
4643
4880
  {
4644
- error: n.error || "server_error",
4645
- error_description: n.error_description || "Token revocation failed"
4881
+ error: o.error || "server_error",
4882
+ error_description: o.error_description || "Token revocation failed"
4646
4883
  },
4647
- r.status
4884
+ s.status
4648
4885
  );
4649
4886
  }
4650
4887
  this.clearCache();
4651
- } catch (r) {
4652
- throw r instanceof l ? r : l.fromError(r instanceof Error ? r : new Error(String(r)));
4888
+ } catch (s) {
4889
+ throw s instanceof l ? s : l.fromError(s instanceof Error ? s : new Error(String(s)));
4653
4890
  }
4654
4891
  }
4655
4892
  /**
@@ -4679,7 +4916,7 @@ class Ve {
4679
4916
  }
4680
4917
  export {
4681
4918
  C as APP_ID_HEADER_KEY,
4682
- _ as AUTHORIZATION_HEADER_KEY,
4919
+ I as AUTHORIZATION_HEADER_KEY,
4683
4920
  pe as AppAPI,
4684
4921
  fe as AuthAPI,
4685
4922
  Ie as AuthService,
@@ -4687,54 +4924,54 @@ export {
4687
4924
  Q as DEFAULT_SCOPES,
4688
4925
  W as DEVICE_ID_HEADER_KEY,
4689
4926
  J as DEVICE_TYPE_HEADER_KEY,
4690
- oe as ERROR_MESSAGE_MAX_LENGTH,
4927
+ ne as ERROR_MESSAGE_MAX_LENGTH,
4691
4928
  ke as InvitationAPI,
4692
4929
  be as InvitationService,
4693
- Ve as M2MClient,
4930
+ Ge as M2MClient,
4694
4931
  U as M2MConfigError,
4695
4932
  l as M2MError,
4696
- Ge as M2MErrorCodes,
4933
+ Ve as M2MErrorCodes,
4697
4934
  N as M2MNetworkError,
4698
- P as M2MTokenParseError,
4699
- S as M2M_DEFAULTS,
4935
+ M as M2MTokenParseError,
4936
+ w as M2M_DEFAULTS,
4700
4937
  Ne as MINIMAL_DEFAULT_SCOPES,
4701
- I as OS,
4702
- G as PASSFLOW_CLOUD_URL,
4938
+ b as OS,
4939
+ V as PASSFLOW_CLOUD_URL,
4703
4940
  te as POPUP_HEIGHT,
4704
- se as POPUP_POLL_INTERVAL_MS,
4705
- re as POPUP_TIMEOUT_MS,
4941
+ re as POPUP_POLL_INTERVAL_MS,
4942
+ se as POPUP_TIMEOUT_MS,
4706
4943
  ee as POPUP_WIDTH,
4707
4944
  L as Passflow,
4708
- w as PassflowAdminEndpointPaths,
4709
- h as PassflowEndpointPaths,
4945
+ T as PassflowAdminEndpointPaths,
4946
+ c as PassflowEndpointPaths,
4710
4947
  u as PassflowError,
4711
4948
  a as PassflowEvent,
4712
4949
  de as Providers,
4713
4950
  E as RequestMethod,
4714
4951
  Z as SDK_VERSION,
4715
4952
  q as SessionState,
4716
- ye as SettingAPI,
4717
- V as TOKEN_EXPIRY_BUFFER_SECONDS,
4718
- ve as TenantAPI,
4719
- Pe as TenantService,
4953
+ ve as SettingAPI,
4954
+ G as TOKEN_EXPIRY_BUFFER_SECONDS,
4955
+ ye as TenantAPI,
4956
+ Me as TenantService,
4720
4957
  Re as TenantUserMembership,
4721
- De as TokenCacheService,
4722
- v as TokenDeliveryMode,
4723
- k as TokenType,
4958
+ Fe as TokenCacheService,
4959
+ y as TokenDeliveryMode,
4960
+ p as TokenType,
4724
4961
  me as TwoFactorApiClient,
4725
4962
  ue as TwoFactorPolicy,
4726
- Me as TwoFactorService,
4727
- ne as USERNAME_MAX_LENGTH,
4963
+ De as TwoFactorService,
4964
+ oe as USERNAME_MAX_LENGTH,
4728
4965
  ie as USERNAME_MIN_LENGTH,
4729
4966
  Se as UserAPI,
4730
- Fe as UserService,
4731
- m as isTokenExpired,
4732
- F as isValidEmail,
4733
- M as isValidJWTFormat,
4967
+ Pe as UserService,
4968
+ S as isTokenExpired,
4969
+ P as isValidEmail,
4970
+ D as isValidJWTFormat,
4734
4971
  x as isValidPhoneNumber,
4735
- Ee as isValidUsername,
4736
- y as parseToken,
4737
- A as pathWithParams,
4972
+ _e as isValidUsername,
4973
+ v as parseToken,
4974
+ m as pathWithParams,
4738
4975
  Te as sanitizeErrorMessage
4739
4976
  };
4740
4977
  //# sourceMappingURL=index.mjs.map