@passflow/core 0.2.8 → 0.2.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/index.js +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/dist/index.mjs +1050 -811
  4. package/dist/index.mjs.map +1 -1
  5. package/dist/lib/api/model.d.ts +68 -1
  6. package/dist/lib/api/model.d.ts.map +1 -1
  7. package/dist/lib/api/two-factor.d.ts +51 -1
  8. package/dist/lib/api/two-factor.d.ts.map +1 -1
  9. package/dist/lib/passflow.d.ts.map +1 -1
  10. package/dist/lib/services/auth-service.d.ts.map +1 -1
  11. package/dist/lib/services/token-cache-service.d.ts.map +1 -1
  12. package/dist/lib/services/two-factor-service.d.ts +41 -1
  13. package/dist/lib/services/two-factor-service.d.ts.map +1 -1
  14. package/dist/lib/storage/index.d.ts +10 -0
  15. package/dist/lib/storage/index.d.ts.map +1 -1
  16. package/dist/lib/store.d.ts +21 -1
  17. package/dist/lib/store.d.ts.map +1 -1
  18. package/package.json +4 -2
package/dist/index.mjs CHANGED
@@ -1,20 +1,20 @@
1
- import D from "axios";
1
+ import F from "axios";
2
2
  import { v4 as H } from "uuid";
3
3
  import { startRegistration as K, startAuthentication as j } from "@simplewebauthn/browser";
4
- const z = "0.2.8", X = {
4
+ const z = "0.2.11", X = {
5
5
  version: z
6
- }, C = "X-Passflow-Clientid", _ = "Authorization", W = "X-Passflow-DeviceId", J = "X-Passflow-DeviceType", Z = X.version, Ne = ["id", "offline", "openid"], Q = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], G = "https://auth.passflow.cloud", Ke = "default", ee = 500, te = 600, se = 100, re = 6e4, V = 30, ie = 3, ne = 30, oe = 200, ae = (i) => {
6
+ }, C = "X-Passflow-Clientid", I = "Authorization", W = "X-Passflow-DeviceId", J = "X-Passflow-DeviceType", Z = X.version, Ne = ["id", "offline", "openid"], Q = ["id", "offline", "tenant", "email", "oidc", "openid", "access:tenant:all"], V = "https://auth.passflow.cloud", Ke = "default", ee = 500, te = 600, re = 100, se = 6e4, G = 30, ie = 3, oe = 30, ne = 200, ae = (i) => {
7
7
  const e = [];
8
8
  let t;
9
9
  for (t in i) {
10
- const s = i[t];
11
- if (s === void 0)
10
+ const r = i[t];
11
+ if (r === void 0)
12
12
  continue;
13
- const r = { tenant: { id: s.tenant_id, name: s.tenant_name } };
14
- r.groups = s.groups ? Object.keys(s.groups).map((n) => {
15
- const o = s.groups[n] || [];
16
- return { group: { id: n, name: s.group_names?.[n] ?? "unknown" }, roles: o };
17
- }) : [], r.tenantRoles = r.groups?.find((n) => n.group.id === s.root_group_id), e.push(r);
13
+ const s = { tenant: { id: r.tenant_id, name: r.tenant_name } };
14
+ s.groups = r.groups ? Object.keys(r.groups).map((o) => {
15
+ const a = r.groups[o] || [];
16
+ return { group: { id: o, name: r.group_names?.[o] ?? "unknown" }, roles: a };
17
+ }) : [], s.tenantRoles = s.groups?.find((o) => o.group.id === r.root_group_id), e.push(s);
18
18
  }
19
19
  return { raw: i, tenants: e };
20
20
  };
@@ -38,8 +38,8 @@ class he {
38
38
  isTokenTypeExpired(e) {
39
39
  const t = this.storageManager.getToken(e);
40
40
  if (!t) return !0;
41
- const s = y(t);
42
- return s ? m(s) : !0;
41
+ const r = v(t);
42
+ return r ? S(r) : !0;
43
43
  }
44
44
  /**
45
45
  * Parse token from storage by type.
@@ -51,21 +51,21 @@ class he {
51
51
  parseTokenType(e) {
52
52
  const t = this.storageManager.getToken(e);
53
53
  if (t)
54
- return y(t);
54
+ return v(t);
55
55
  }
56
56
  }
57
- function m(i, e = V) {
57
+ function S(i, e = G) {
58
58
  return Math.floor(Date.now() / 1e3) + e > i.exp;
59
59
  }
60
- function y(i) {
60
+ function v(i) {
61
61
  const e = i.split(".")[1];
62
62
  if (!e) throw new Error("Invalid token string");
63
- const t = e.replace(/-/g, "+").replace(/_/g, "/"), s = t + "=".repeat((4 - t.length % 4) % 4), r = ce(s), n = decodeURIComponent(
64
- r.split("").map((d) => "%" + ("00" + d.charCodeAt(0).toString(16)).slice(-2)).join("")
65
- ), o = JSON.parse(n);
66
- return o.membership = o.passflow_tm && o.type !== "invite" ? ae(o.passflow_tm) : void 0, o;
63
+ const t = e.replace(/-/g, "+").replace(/_/g, "/"), r = t + "=".repeat((4 - t.length % 4) % 4), s = ce(r), o = decodeURIComponent(
64
+ s.split("").map((d) => "%" + ("00" + d.charCodeAt(0).toString(16)).slice(-2)).join("")
65
+ ), a = JSON.parse(o);
66
+ return a.membership = a.passflow_tm && a.type !== "invite" ? ae(a.passflow_tm) : void 0, a;
67
67
  }
68
- var k = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i.two_factor = "2fa", i))(k || {}), v = /* @__PURE__ */ ((i) => (i.JsonBody = "json_body", i.Cookie = "cookie", i.Mobile = "mobile", i.BFF = "bff", i))(v || {}), q = /* @__PURE__ */ ((i) => (i.Unknown = "unknown", i.Valid = "valid", i.Invalid = "invalid", i))(q || {});
68
+ var p = /* @__PURE__ */ ((i) => (i.id_token = "id_token", i.access_token = "access", i.refresh_token = "refresh", i.invite_token = "invite", i.reset_token = "reset", i.web_cookie = "web-cookie", i.management = "management", i.signin = "signin", i.actor = "actor", i.two_factor = "2fa", i))(p || {}), y = /* @__PURE__ */ ((i) => (i.JsonBody = "json_body", i.Cookie = "cookie", i.Mobile = "mobile", i.BFF = "bff", i))(y || {}), q = /* @__PURE__ */ ((i) => (i.Unknown = "unknown", i.Valid = "valid", i.Invalid = "invalid", i))(q || {});
69
69
  class Y {
70
70
  constructor(e) {
71
71
  this.storageManager = e, this.mode = "json_body", this.sessionState = "unknown", this.isInitializedFlag = !1, this.STORAGE_PREFIX = "passflow_", this.DELIVERY_MODE_KEY = `${this.STORAGE_PREFIX}delivery_mode`, this.SESSION_STATE_KEY = `${this.STORAGE_PREFIX}session_state`, this.loadPersistedMode(), this.loadPersistedSessionState();
@@ -166,7 +166,7 @@ class Y {
166
166
  loadPersistedMode() {
167
167
  try {
168
168
  const e = this.storageManager.storage.getItem(this.DELIVERY_MODE_KEY);
169
- e && Object.values(v).includes(e) && (this.mode = e, this.isInitializedFlag = !0);
169
+ e && Object.values(y).includes(e) && (this.mode = e, this.isInitializedFlag = !0);
170
170
  } catch {
171
171
  }
172
172
  }
@@ -227,8 +227,8 @@ class $ {
227
227
  * In JSON mode: save all tokens (existing behavior)
228
228
  */
229
229
  saveTokens(e, t) {
230
- const { id_token: s, access_token: r, refresh_token: n, scopes: o } = e;
231
- t === v.Cookie || t === v.BFF ? s && this.storage.setItem(this.ID_TOKEN_KEY, s) : (s && this.storage.setItem(this.getKeyForTokenType(k.id_token), s), r && this.storage.setItem(this.getKeyForTokenType(k.access_token), r), n && this.storage.setItem(this.getKeyForTokenType(k.refresh_token), n), o && this.storage.setItem(this.scopes, o.join(",")));
230
+ const { id_token: r, access_token: s, refresh_token: o, scopes: a } = e;
231
+ t === y.Cookie || t === y.BFF ? r && this.storage.setItem(this.ID_TOKEN_KEY, r) : (r && this.storage.setItem(this.getKeyForTokenType(p.id_token), r), s && this.storage.setItem(this.getKeyForTokenType(p.access_token), s), o && this.storage.setItem(this.getKeyForTokenType(p.refresh_token), o), a && this.storage.setItem(this.scopes, a.join(",")));
232
232
  }
233
233
  getToken(e) {
234
234
  const t = this.getKeyForTokenType(e);
@@ -241,31 +241,45 @@ class $ {
241
241
  */
242
242
  getTokens() {
243
243
  const e = this.getDeliveryMode();
244
- if (e === v.Cookie || e === v.BFF) {
245
- const s = this.storage.getItem(this.ID_TOKEN_KEY);
246
- return s ? {
247
- id_token: s
244
+ if (e === y.Cookie || e === y.BFF) {
245
+ const r = this.storage.getItem(this.ID_TOKEN_KEY);
246
+ return r ? {
247
+ id_token: r
248
248
  // access_token and refresh_token are in HttpOnly cookies, not localStorage
249
249
  } : void 0;
250
250
  }
251
- const t = this.storage.getItem(this.getKeyForTokenType(k.access_token));
251
+ const t = this.storage.getItem(this.getKeyForTokenType(p.access_token));
252
252
  if (t)
253
253
  return {
254
254
  access_token: t,
255
- id_token: this.storage.getItem(this.getKeyForTokenType(k.id_token)) ?? void 0,
256
- refresh_token: this.storage.getItem(this.getKeyForTokenType(k.refresh_token)) ?? void 0,
255
+ id_token: this.storage.getItem(this.getKeyForTokenType(p.id_token)) ?? void 0,
256
+ refresh_token: this.storage.getItem(this.getKeyForTokenType(p.refresh_token)) ?? void 0,
257
257
  scopes: this.storage.getItem(this.scopes)?.split(",") ?? void 0
258
258
  };
259
259
  }
260
260
  getScopes() {
261
261
  return this.storage.getItem(this.scopes)?.split(",") ?? void 0;
262
262
  }
263
+ /**
264
+ * Check if JSON mode tokens exist in storage (ignores delivery mode)
265
+ * Used to detect stale state where delivery_mode is set but JSON tokens exist
266
+ */
267
+ hasJsonModeTokens() {
268
+ return !!this.storage.getItem(this.getKeyForTokenType(p.access_token));
269
+ }
270
+ /**
271
+ * Check if cookie mode ID token exists in storage
272
+ * Used to detect legitimate cookie/BFF mode sessions
273
+ */
274
+ hasCookieModeIdToken() {
275
+ return !!this.storage.getItem(this.ID_TOKEN_KEY);
276
+ }
263
277
  deleteToken(e) {
264
278
  const t = this.getKeyForTokenType(e);
265
279
  this.storage.removeItem(t);
266
280
  }
267
281
  deleteTokens() {
268
- this.storage.removeItem(this.getKeyForTokenType(k.id_token)), this.storage.removeItem(this.getKeyForTokenType(k.access_token)), this.storage.removeItem(this.getKeyForTokenType(k.refresh_token)), this.storage.removeItem(this.scopes), this.clearIdToken();
282
+ this.storage.removeItem(this.getKeyForTokenType(p.id_token)), this.storage.removeItem(this.getKeyForTokenType(p.access_token)), this.storage.removeItem(this.getKeyForTokenType(p.refresh_token)), this.storage.removeItem(this.scopes), this.clearIdToken(), this.clearDeliveryMode(), this.clearCsrfToken();
269
283
  }
270
284
  getDeviceId() {
271
285
  return this.storage.getItem(this.deviceId) ?? void 0;
@@ -310,7 +324,7 @@ class $ {
310
324
  getDeliveryMode() {
311
325
  try {
312
326
  const e = this.storage.getItem(this.DELIVERY_MODE_KEY);
313
- if (e && Object.values(v).includes(e))
327
+ if (e && Object.values(y).includes(e))
314
328
  return e;
315
329
  } catch {
316
330
  }
@@ -402,82 +416,82 @@ class B {
402
416
  return H();
403
417
  }
404
418
  }
405
- var E = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(E || {}), h = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.validateSession = "/user/me", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i.twoFactor = "/user/2fa", i.twoFactorStatus = "/user/2fa/status", i.twoFactorSetupBegin = "/user/2fa/setup/begin", i.twoFactorSetupConfirm = "/user/2fa/setup/confirm", i.twoFactorVerify = "/auth/2fa/verify", i.twoFactorRecovery = "/auth/2fa/recovery", i.twoFactorRegenerateCodes = "/user/2fa/recovery-codes/regenerate", i.twoFactorSetupMagicLink = "/auth/2fa-setup", i))(h || {}), w = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(w || {});
419
+ var E = /* @__PURE__ */ ((i) => (i.GET = "get", i.POST = "post", i.PUT = "put", i.PATCH = "patch", i.DELETE = "delete", i))(E || {}), c = /* @__PURE__ */ ((i) => (i.signin = "/auth/login", i.signup = "/auth/register", i.signInWithProvider = "/auth/federated/start/", i.passwordless = "/auth/passwordless/start", i.passwordlessComplete = "/auth/passwordless/complete", i.logout = "/user/logout", i.refresh = "/auth/refresh", i.validateSession = "/user/me", i.sendPasswordResetEmail = "/auth/password/reset", i.resetPassword = "/auth/password/change", i.appSettings = "/app/settings", i.passkeyRegisterStart = "/auth/passkey/register/start", i.passkeyRegisterComplete = "/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/auth/passkey/authenticate/complete", i.passkeyValidate = "/auth/validate", i.settingsAll = "/settings", i.settingsPasswordPolicy = "/settings/password", i.settingsPasskey = "/settings/passkey", i.userPasskey = "/user/passkey", i.addUserPasskey = "/user/passkey/add/start", i.completeAddUserPasskey = "/user/passkey/add/complete", i.joinInvitation = "/user/tenant/join", i.tenantPath = "/user/tenant", i.invitationsPath = "/user/tenant/:tenantID/invitations", i.requestInvitation = "/user/invite", i.invitationDelete = "/user/invite/:invitationID", i.invitationResend = "/user/invite/:invitationID/resend", i.invitationGetLink = "/user/invite/:invitationID/link", i.twoFactor = "/user/2fa", i.twoFactorStatus = "/user/2fa/status", i.twoFactorSetupBegin = "/user/2fa/setup/begin", i.twoFactorSetupConfirm = "/user/2fa/setup/confirm", i.twoFactorVerify = "/auth/2fa/verify", i.twoFactorRecovery = "/auth/2fa/recovery", i.twoFactorRegenerateCodes = "/user/2fa/recovery-codes/regenerate", i.twoFactorSetupMagicLink = "/auth/2fa-setup", i.TwoFactorMethodsAvailable = "/v2/user/2fa/methods/available", i.TwoFactorMethodsRegistered = "/v2/user/2fa/methods", i.TwoFactorMethodSetupBegin = "/v2/user/2fa/methods/:method/setup/begin", i.TwoFactorMethodSetupConfirm = "/v2/user/2fa/methods/:method/setup/confirm", i.TwoFactorMethodRemove = "/v2/user/2fa/methods/:id", i.TwoFactorChallenge = "/v2/auth/2fa/challenge", i.TwoFactorVerifyV2 = "/v2/auth/2fa/verify", i.TwoFactorAlternative = "/v2/auth/2fa/alternative", i.TwoFactorTrustedDevices = "/v2/user/2fa/trusted-devices", i.TwoFactorTrustedDeviceRevoke = "/v2/user/2fa/trusted-devices/:id", i))(c || {}), T = /* @__PURE__ */ ((i) => (i.passkeyRegisterStart = "/admin/auth/passkey/register/start", i.passkeyRegisterComplete = "/admin/auth/passkey/register/complete", i.passkeyAuthenticateStart = "/admin/auth/passkey/authenticate/start", i.passkeyAuthenticateComplete = "/admin/auth/passkey/authenticate/complete", i.passkeyValidate = "/admin/auth/validate", i.logout = "/admin/auth/logout", i))(T || {});
406
420
  class u extends Error {
407
421
  constructor(e) {
408
422
  super(), this.id = e?.id ?? "unknown", this.message = e?.message ?? e ?? "Something went wrong", this.status = e?.status ?? 500, this.location = e?.location ?? "unknown", this.time = e?.time ?? (/* @__PURE__ */ new Date()).toISOString();
409
423
  }
410
424
  }
411
- var de = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(de || {}), I = /* @__PURE__ */ ((i) => (i.web = "web", i))(I || {});
412
- function A(i, e) {
425
+ var de = /* @__PURE__ */ ((i) => (i.google = "google", i.facebook = "facebook", i))(de || {}), b = /* @__PURE__ */ ((i) => (i.web = "web", i))(b || {});
426
+ function m(i, e) {
413
427
  let t = i;
414
- return Object.entries(e).forEach(([s, r]) => {
415
- t = t.replace(`:${s}`, r);
428
+ return Object.entries(e).forEach(([r, s]) => {
429
+ t = t.replace(`:${r}`, s);
416
430
  }), t;
417
431
  }
418
432
  var ue = /* @__PURE__ */ ((i) => (i.Disabled = "disabled", i.Optional = "optional", i.Required = "required", i))(ue || {});
419
433
  const le = 3, ge = 1e3;
420
- class T {
421
- constructor(e, t, s) {
434
+ class _ {
435
+ constructor(e, t, r) {
422
436
  this.refreshPromise = null, this.isRefreshing = !1, this.origin = typeof window < "u" ? window.location.origin : "", this.defaultHeaders = {
423
437
  Accept: "application/json",
424
438
  "Content-Type": "application/json"
425
439
  }, this.nonAccessTokenEndpoints = ["/auth/", "/settings", "/settings/"], this.protectedEndpoints = ["logout", "refresh"];
426
- const { url: r, appId: n, keyStoragePrefix: o } = e;
427
- this.url = r || G, this.storageManager = t ?? new $({
428
- prefix: o ?? ""
429
- }), this.deviceService = s ?? new B(this.storageManager), this.tokenService = new he(this.storageManager), this.tokenDeliveryManager = new Y(this.storageManager), n && (this.appId = n, this.defaultHeaders = {
440
+ const { url: s, appId: o, keyStoragePrefix: a } = e;
441
+ this.url = s || V, this.storageManager = t ?? new $({
442
+ prefix: a ?? ""
443
+ }), this.deviceService = r ?? new B(this.storageManager), this.tokenService = new he(this.storageManager), this.tokenDeliveryManager = new Y(this.storageManager), o && (this.appId = o, this.defaultHeaders = {
430
444
  ...this.defaultHeaders,
431
- [C]: n
445
+ [C]: o
432
446
  });
433
447
  const d = this.deviceService.getDeviceId();
434
448
  this.defaultHeaders = {
435
449
  ...this.defaultHeaders,
436
450
  [W]: d,
437
451
  [J]: "web"
438
- }, this.detectCookieSupport(), this.instance = D.create({
452
+ }, this.detectCookieSupport(), this.instance = F.create({
439
453
  baseURL: this.url,
440
454
  headers: { ...this.defaultHeaders }
441
- }), this.instance.interceptors.request.use(async (c) => {
442
- if (this.isNonAuthEndpoint(c.url))
443
- return c;
455
+ }), this.instance.interceptors.request.use(async (h) => {
456
+ if (this.isNonAuthEndpoint(h.url))
457
+ return h;
444
458
  if (this.tokenDeliveryManager.isCookieMode()) {
445
- c.withCredentials = !0;
446
- const p = this.storageManager.getCsrfToken();
447
- return p && (c.headers["X-CSRF-Token"] = p), c;
459
+ h.withCredentials = !0;
460
+ const f = this.storageManager.getCsrfToken();
461
+ return f && (h.headers["X-CSRF-Token"] = f), h;
448
462
  }
449
- if (c.url?.includes("refresh")) {
463
+ if (h.url?.includes("refresh")) {
450
464
  if (this.isRefreshing) {
451
- const p = new AbortController();
452
- return p.abort(), c.signal = p.signal, c;
465
+ const f = new AbortController();
466
+ return f.abort(), h.signal = f.signal, h;
453
467
  }
454
- return c;
468
+ return h;
455
469
  }
456
470
  const g = this.storageManager.getTokens();
457
471
  if (g?.access_token) {
458
- const p = y(g.access_token);
459
- if (m(p, V) && g.refresh_token)
472
+ const f = v(g.access_token);
473
+ if (S(f, G) && g.refresh_token)
460
474
  try {
461
475
  if (this.refreshPromise) {
462
- const f = await this.refreshPromise;
463
- return f?.data?.access_token && (c.headers[_] = `Bearer ${f.data.access_token}`), c;
476
+ const k = await this.refreshPromise;
477
+ return k?.data?.access_token && (h.headers[I] = `Bearer ${k.data.access_token}`), h;
464
478
  }
465
479
  this.refreshPromise = this.refreshTokens();
466
480
  try {
467
- const f = await this.refreshPromise;
468
- return f?.data?.access_token && (c.headers[_] = `Bearer ${f.data.access_token}`), c;
481
+ const k = await this.refreshPromise;
482
+ return k?.data?.access_token && (h.headers[I] = `Bearer ${k.data.access_token}`), h;
469
483
  } finally {
470
484
  this.refreshPromise = null;
471
485
  }
472
- } catch (f) {
473
- return this.refreshPromise = null, this.isRefreshing = !1, this.storageManager.deleteTokens(), Promise.reject(f);
486
+ } catch (k) {
487
+ return this.refreshPromise = null, this.isRefreshing = !1, this.storageManager.deleteTokens(), Promise.reject(k);
474
488
  }
475
- return c.headers[_] = `Bearer ${g.access_token}`, c;
489
+ return h.headers[I] = `Bearer ${g.access_token}`, h;
476
490
  }
477
- return c;
491
+ return h;
478
492
  }), this.instance.interceptors.response.use(
479
- (c) => c,
480
- async (c) => (c.response?.status === 401 && this.tokenDeliveryManager.setSessionInvalid(), c.response?.status === 429 ? await this.handleRateLimitError(c) : this.handleAxiosError(c))
493
+ (h) => h,
494
+ async (h) => (h.response?.status === 401 && this.tokenDeliveryManager.setSessionInvalid(), h.response?.status === 429 ? await this.handleRateLimitError(h) : this.handleAxiosError(h))
481
495
  );
482
496
  }
483
497
  isProtectedEndpoint(e) {
@@ -506,7 +520,7 @@ class T {
506
520
  async refreshTokens() {
507
521
  if (this.tokenDeliveryManager.isCookieMode()) {
508
522
  const e = await this.instance.post(
509
- h.refresh,
523
+ c.refresh,
510
524
  {},
511
525
  // Empty body
512
526
  { withCredentials: !0 }
@@ -517,49 +531,49 @@ class T {
517
531
  if (!e?.refresh_token)
518
532
  throw new Error("No refresh token available");
519
533
  this.isRefreshing = !0;
520
- const s = {
534
+ const r = {
521
535
  refresh_token: e.refresh_token,
522
536
  scopes: t
523
- }, r = await this.instance.post(h.refresh, s, {
537
+ }, s = await this.instance.post(c.refresh, r, {
524
538
  headers: {
525
- [_]: `Bearer ${e.refresh_token}`
539
+ [I]: `Bearer ${e.refresh_token}`
526
540
  }
527
541
  });
528
- return r.data && this.storageManager.saveTokens(r.data), this.isRefreshing = !1, r;
542
+ return s.data && this.storageManager.saveTokens(s.data), this.isRefreshing = !1, s;
529
543
  }
530
544
  }
531
545
  async handleRateLimitError(e) {
532
546
  const t = e.config;
533
547
  if (!t)
534
548
  return Promise.reject(e);
535
- const s = t.method?.toUpperCase();
536
- if (!["GET", "HEAD", "OPTIONS"].includes(s || ""))
549
+ const r = t.method?.toUpperCase();
550
+ if (!["GET", "HEAD", "OPTIONS"].includes(r || ""))
537
551
  return Promise.reject(e);
538
- const n = t._retryCount || 0;
539
- if (n >= le)
552
+ const o = t._retryCount || 0;
553
+ if (o >= le)
540
554
  return Promise.reject(e);
541
- let o = ge * Math.pow(2, n);
555
+ let a = ge * Math.pow(2, o);
542
556
  const d = e.response?.headers?.["retry-after"];
543
557
  if (d) {
544
- const c = Number.parseInt(d, 10);
545
- if (!Number.isNaN(c))
546
- o = c * 1e3;
558
+ const h = Number.parseInt(d, 10);
559
+ if (!Number.isNaN(h))
560
+ a = h * 1e3;
547
561
  else {
548
562
  const g = new Date(d);
549
- Number.isNaN(g.getTime()) || (o = Math.max(0, g.getTime() - Date.now()));
563
+ Number.isNaN(g.getTime()) || (a = Math.max(0, g.getTime() - Date.now()));
550
564
  }
551
565
  }
552
- return await new Promise((c) => setTimeout(c, o)), t._retryCount = n + 1, this.instance.request(t);
566
+ return await new Promise((h) => setTimeout(h, a)), t._retryCount = o + 1, this.instance.request(t);
553
567
  }
554
568
  // eslint-disable-next-line complexity
555
569
  // biome-ignore lint/suspicious/useAwait: <explanation>
556
570
  async handleAxiosError(e) {
557
571
  if (!e.response)
558
572
  return Promise.reject(e);
559
- const t = e.response.status, s = e.response.data;
560
- if ("error" in s && typeof s.error == "object" && s.error !== null) {
561
- const { error: r } = s;
562
- return Promise.reject(new u(r));
573
+ const t = e.response.status, r = e.response.data;
574
+ if ("error" in r && typeof r.error == "object" && r.error !== null) {
575
+ const { error: s } = r;
576
+ return Promise.reject(new u(s));
563
577
  }
564
578
  return Promise.reject(
565
579
  new u({
@@ -571,24 +585,24 @@ class T {
571
585
  })
572
586
  );
573
587
  }
574
- async send(e, t, s) {
588
+ async send(e, t, r) {
575
589
  return (await this.instance.request({
576
590
  method: e,
577
591
  url: t,
578
- ...s
592
+ ...r
579
593
  })).data;
580
594
  }
581
595
  get(e, t) {
582
596
  return this.send(E.GET, e, t);
583
597
  }
584
- post(e, t, s) {
585
- return this.send(E.POST, e, { data: t, ...s });
598
+ post(e, t, r) {
599
+ return this.send(E.POST, e, { data: t, ...r });
586
600
  }
587
- put(e, t, s) {
588
- return this.send(E.PUT, e, { data: t, ...s });
601
+ put(e, t, r) {
602
+ return this.send(E.PUT, e, { data: t, ...r });
589
603
  }
590
- patch(e, t, s) {
591
- return this.send(E.PATCH, e, { data: t, ...s });
604
+ patch(e, t, r) {
605
+ return this.send(E.PATCH, e, { data: t, ...r });
592
606
  }
593
607
  delete(e, t) {
594
608
  return this.send(E.DELETE, e, t);
@@ -607,151 +621,151 @@ class T {
607
621
  }
608
622
  }
609
623
  class pe {
610
- constructor(e, t, s) {
611
- this.axiosClient = new T(e, t, s);
624
+ constructor(e, t, r) {
625
+ this.axiosClient = new _(e, t, r);
612
626
  }
613
627
  setAppId(e) {
614
628
  this.axiosClient.setAppId(e);
615
629
  }
616
630
  getAppSettings() {
617
- return this.axiosClient.get(h.appSettings);
631
+ return this.axiosClient.get(c.appSettings);
618
632
  }
619
633
  }
620
634
  class fe {
621
- constructor(e, t, s) {
622
- this.axiosClient = new T(e, t, s);
635
+ constructor(e, t, r) {
636
+ this.axiosClient = new _(e, t, r);
623
637
  }
624
638
  setAppId(e) {
625
639
  this.axiosClient.setAppId(e);
626
640
  }
627
- refreshToken(e, t, s) {
628
- const r = {
629
- access: s,
641
+ refreshToken(e, t, r) {
642
+ const s = {
643
+ access: r,
630
644
  scopes: t
631
645
  };
632
- return this.axiosClient.post(h.refresh, r, {
646
+ return this.axiosClient.post(c.refresh, s, {
633
647
  headers: {
634
- [_]: `Bearer ${e}`
648
+ [I]: `Bearer ${e}`
635
649
  }
636
650
  });
637
651
  }
638
- signIn(e, t, s) {
639
- const r = {
652
+ signIn(e, t, r) {
653
+ const s = {
640
654
  ...e,
641
655
  device: t,
642
- os: s
656
+ os: r
643
657
  };
644
658
  return this.axiosClient.post(
645
- h.signin,
646
- r
659
+ c.signin,
660
+ s
647
661
  );
648
662
  }
649
663
  signUp(e) {
650
- const { create_tenant: t, anonymous: s } = e, r = {
664
+ const { create_tenant: t, anonymous: r } = e, s = {
651
665
  ...e,
652
666
  create_tenant: t ?? !1,
653
- anonymous: s ?? !1
667
+ anonymous: r ?? !1
654
668
  };
655
669
  return this.axiosClient.post(
656
- h.signup,
657
- r
670
+ c.signup,
671
+ s
658
672
  );
659
673
  }
660
- passwordlessSignIn(e, t, s) {
661
- const { create_tenant: r } = e, n = {
674
+ passwordlessSignIn(e, t, r) {
675
+ const { create_tenant: s } = e, o = {
662
676
  ...e,
663
- create_tenant: r ?? !1,
677
+ create_tenant: s ?? !1,
664
678
  device: t,
665
- os: s
679
+ os: r
666
680
  };
667
681
  return this.axiosClient.post(
668
- h.passwordless,
669
- n
682
+ c.passwordless,
683
+ o
670
684
  );
671
685
  }
672
686
  passwordlessSignInComplete(e) {
673
687
  return this.axiosClient.post(
674
- h.passwordlessComplete,
688
+ c.passwordlessComplete,
675
689
  e
676
690
  );
677
691
  }
678
- logOut(e, t, s = !1) {
679
- const r = s ? void 0 : { refresh_token: t, device: e }, n = s ? w.logout : h.logout;
680
- return this.axiosClient.post(n, r);
692
+ logOut(e, t, r = !1) {
693
+ const s = r ? void 0 : { refresh_token: t, device: e }, o = r ? T.logout : c.logout;
694
+ return this.axiosClient.post(o, s);
681
695
  }
682
696
  validateSession() {
683
- return this.axiosClient.get(h.validateSession);
697
+ return this.axiosClient.get(c.validateSession);
684
698
  }
685
699
  sendPasswordResetEmail(e) {
686
700
  return this.axiosClient.post(
687
- h.sendPasswordResetEmail,
701
+ c.sendPasswordResetEmail,
688
702
  e
689
703
  );
690
704
  }
691
- resetPassword(e, t, s) {
692
- const r = {
705
+ resetPassword(e, t, r) {
706
+ const s = {
693
707
  password: e,
694
708
  scopes: t
695
709
  };
696
- return this.axiosClient.post(h.resetPassword, r, {
710
+ return this.axiosClient.post(c.resetPassword, s, {
697
711
  headers: {
698
- [_]: `Bearer ${s}`,
712
+ [I]: `Bearer ${r}`,
699
713
  [C]: void 0
700
714
  }
701
715
  });
702
716
  }
703
- passkeyRegisterStart(e, t, s, r = !1) {
704
- const { create_tenant: n } = e, o = {
717
+ passkeyRegisterStart(e, t, r, s = !1) {
718
+ const { create_tenant: o } = e, a = {
705
719
  ...e,
706
- create_tenant: n ?? !1,
720
+ create_tenant: o ?? !1,
707
721
  device: t,
708
- os: s
709
- }, d = r ? w.passkeyRegisterStart : h.passkeyRegisterStart;
710
- return this.axiosClient.post(d, o);
722
+ os: r
723
+ }, d = s ? T.passkeyRegisterStart : c.passkeyRegisterStart;
724
+ return this.axiosClient.post(d, a);
711
725
  }
712
- passkeyRegisterComplete(e, t, s, r = !1) {
713
- const n = {
714
- challenge_id: s,
726
+ passkeyRegisterComplete(e, t, r, s = !1) {
727
+ const o = {
728
+ challenge_id: r,
715
729
  device: t,
716
730
  passkey_data: e
717
- }, o = r ? w.passkeyRegisterComplete : h.passkeyRegisterComplete;
718
- return this.axiosClient.post(o, n);
731
+ }, a = s ? T.passkeyRegisterComplete : c.passkeyRegisterComplete;
732
+ return this.axiosClient.post(a, o);
719
733
  }
720
- passkeyAuthenticateStart(e, t, s, r = !1) {
721
- const n = {
734
+ passkeyAuthenticateStart(e, t, r, s = !1) {
735
+ const o = {
722
736
  ...e,
723
737
  user_id: e.user_id ?? "",
724
738
  device: t,
725
- os: s
726
- }, o = r ? w.passkeyAuthenticateStart : h.passkeyAuthenticateStart;
739
+ os: r
740
+ }, a = s ? T.passkeyAuthenticateStart : c.passkeyAuthenticateStart;
727
741
  return this.axiosClient.post(
728
- o,
729
- n
742
+ a,
743
+ o
730
744
  );
731
745
  }
732
- passkeyAuthenticateComplete(e, t, s, r = !1) {
733
- const n = {
734
- challenge_id: s,
746
+ passkeyAuthenticateComplete(e, t, r, s = !1) {
747
+ const o = {
748
+ challenge_id: r,
735
749
  device: t,
736
750
  passkey_data: e
737
- }, o = r ? w.passkeyAuthenticateComplete : h.passkeyAuthenticateComplete;
738
- return this.axiosClient.post(o, n);
751
+ }, a = s ? T.passkeyAuthenticateComplete : c.passkeyAuthenticateComplete;
752
+ return this.axiosClient.post(a, o);
739
753
  }
740
- passkeyValidate(e, t, s, r = !1, n) {
741
- const o = {
754
+ passkeyValidate(e, t, r, s = !1, o) {
755
+ const a = {
742
756
  otp: e,
743
757
  device: t,
744
- challenge_id: s
758
+ challenge_id: r
745
759
  };
746
- let d = h.passkeyValidate;
747
- !n && r && (d = w.passkeyValidate);
748
- const c = n ? { [C]: n } : {};
749
- return this.axiosClient.post(d, o, { headers: c });
760
+ let d = c.passkeyValidate;
761
+ !o && s && (d = T.passkeyValidate);
762
+ const h = o ? { [C]: o } : {};
763
+ return this.axiosClient.post(d, a, { headers: h });
750
764
  }
751
765
  }
752
766
  class ke {
753
- constructor(e, t, s) {
754
- this.axiosClient = new T(e, t, s);
767
+ constructor(e, t, r) {
768
+ this.axiosClient = new _(e, t, r);
755
769
  }
756
770
  setAppId(e) {
757
771
  this.axiosClient.setAppId(e);
@@ -763,7 +777,7 @@ class ke {
763
777
  */
764
778
  requestInviteLink(e) {
765
779
  return this.axiosClient.post(
766
- h.requestInvitation,
780
+ c.requestInvitation,
767
781
  e
768
782
  );
769
783
  }
@@ -775,12 +789,12 @@ class ke {
775
789
  getInvitations(e) {
776
790
  const t = {};
777
791
  e.groupID && (t.group_id = e.groupID.toString()), e.skip !== void 0 && (t.skip = e.skip.toString()), e.limit !== void 0 && (t.limit = e.limit.toString());
778
- const s = A(h.invitationsPath, {
792
+ const r = m(c.invitationsPath, {
779
793
  tenantID: e.tenantID
780
794
  });
781
- return this.axiosClient.get(s, { params: t }).then((r) => ({
782
- invites: r.invites,
783
- nextPageSkip: r.next_page_skip
795
+ return this.axiosClient.get(r, { params: t }).then((s) => ({
796
+ invites: s.invites,
797
+ nextPageSkip: s.next_page_skip
784
798
  }));
785
799
  }
786
800
  /**
@@ -789,7 +803,7 @@ class ke {
789
803
  * @returns Promise with success response
790
804
  */
791
805
  deleteInvitation(e) {
792
- const t = A(h.invitationDelete, {
806
+ const t = m(c.invitationDelete, {
793
807
  invitationID: e
794
808
  });
795
809
  return this.axiosClient.delete(t);
@@ -800,7 +814,7 @@ class ke {
800
814
  * @returns Promise with success response
801
815
  */
802
816
  resendInvitation(e) {
803
- const t = A(h.invitationResend, {
817
+ const t = m(c.invitationResend, {
804
818
  invitationID: e
805
819
  });
806
820
  return this.axiosClient.post(t, {});
@@ -811,44 +825,44 @@ class ke {
811
825
  * @returns Promise with the link
812
826
  */
813
827
  getInvitationLink(e) {
814
- const t = A(h.invitationGetLink, {
828
+ const t = m(c.invitationGetLink, {
815
829
  invitationID: e
816
830
  });
817
831
  return this.axiosClient.get(t);
818
832
  }
819
833
  }
820
- class ye {
821
- constructor(e, t, s) {
822
- this.axiosClient = new T(e, t, s);
834
+ class ve {
835
+ constructor(e, t, r) {
836
+ this.axiosClient = new _(e, t, r);
823
837
  }
824
838
  setAppId(e) {
825
839
  this.axiosClient.setAppId(e);
826
840
  }
827
841
  getSettingsAll() {
828
- return this.axiosClient.get(h.settingsAll);
842
+ return this.axiosClient.get(c.settingsAll);
829
843
  }
830
844
  getPasswordPolicySettings() {
831
- return this.axiosClient.get(h.settingsPasswordPolicy);
845
+ return this.axiosClient.get(c.settingsPasswordPolicy);
832
846
  }
833
847
  getPasskeySettings() {
834
- return this.axiosClient.get(h.settingsPasskey);
848
+ return this.axiosClient.get(c.settingsPasskey);
835
849
  }
836
850
  }
837
- class ve {
838
- constructor(e, t, s) {
839
- this.axiosClient = new T(e, t, s);
851
+ class ye {
852
+ constructor(e, t, r) {
853
+ this.axiosClient = new _(e, t, r);
840
854
  }
841
855
  setAppId(e) {
842
856
  this.axiosClient.setAppId(e);
843
857
  }
844
858
  joinInvitation(e, t) {
845
- const s = {
859
+ const r = {
846
860
  invite_token: e,
847
861
  scopes: t
848
862
  };
849
863
  return this.axiosClient.post(
850
- h.joinInvitation,
851
- s
864
+ c.joinInvitation,
865
+ r
852
866
  );
853
867
  }
854
868
  createTenant(e) {
@@ -856,7 +870,7 @@ class ve {
856
870
  name: e
857
871
  };
858
872
  return this.axiosClient.post(
859
- h.tenantPath,
873
+ c.tenantPath,
860
874
  t
861
875
  );
862
876
  }
@@ -866,7 +880,7 @@ class ve {
866
880
  * @param tenantId Tenant ID
867
881
  */
868
882
  getTenantDetails(e) {
869
- const t = `${h.tenantPath}/${e}`;
883
+ const t = `${c.tenantPath}/${e}`;
870
884
  return this.axiosClient.get(t);
871
885
  }
872
886
  /**
@@ -875,22 +889,22 @@ class ve {
875
889
  * @param name New tenant name
876
890
  */
877
891
  updateTenant(e, t) {
878
- const s = `${h.tenantPath}/${e}`, r = { name: t };
879
- return this.axiosClient.put(s, r);
892
+ const r = `${c.tenantPath}/${e}`, s = { name: t };
893
+ return this.axiosClient.put(r, s);
880
894
  }
881
895
  /**
882
896
  * Delete a tenant
883
897
  * @param tenantId Tenant ID
884
898
  */
885
899
  deleteTenant(e) {
886
- const t = `${h.tenantPath}/${e}`;
900
+ const t = `${c.tenantPath}/${e}`;
887
901
  return this.axiosClient.delete(t);
888
902
  }
889
903
  /**
890
904
  * Get user's tenant memberships
891
905
  */
892
906
  getUserTenantMembership() {
893
- return this.axiosClient.get(h.tenantPath);
907
+ return this.axiosClient.get(c.tenantPath);
894
908
  }
895
909
  // 2. Group Management
896
910
  /**
@@ -899,8 +913,8 @@ class ve {
899
913
  * @param name Group name
900
914
  */
901
915
  createGroup(e, t) {
902
- const s = `${h.tenantPath}/${e}/group`, r = { name: t };
903
- return this.axiosClient.post(s, r);
916
+ const r = `${c.tenantPath}/${e}/group`, s = { name: t };
917
+ return this.axiosClient.post(r, s);
904
918
  }
905
919
  /**
906
920
  * Get group information
@@ -908,8 +922,8 @@ class ve {
908
922
  * @param groupId Group ID
909
923
  */
910
924
  getGroupInfo(e, t) {
911
- const s = `${h.tenantPath}/${e}/group/${t}`;
912
- return this.axiosClient.get(s);
925
+ const r = `${c.tenantPath}/${e}/group/${t}`;
926
+ return this.axiosClient.get(r);
913
927
  }
914
928
  /**
915
929
  * Update a group
@@ -917,9 +931,9 @@ class ve {
917
931
  * @param groupId Group ID
918
932
  * @param name New group name
919
933
  */
920
- updateGroup(e, t, s) {
921
- const r = `${h.tenantPath}/${e}/group/${t}`, n = { name: s };
922
- return this.axiosClient.put(r, n);
934
+ updateGroup(e, t, r) {
935
+ const s = `${c.tenantPath}/${e}/group/${t}`, o = { name: r };
936
+ return this.axiosClient.put(s, o);
923
937
  }
924
938
  /**
925
939
  * Delete a group
@@ -927,8 +941,8 @@ class ve {
927
941
  * @param groupId Group ID
928
942
  */
929
943
  deleteGroup(e, t) {
930
- const s = `${h.tenantPath}/${e}/group/${t}`;
931
- return this.axiosClient.delete(s);
944
+ const r = `${c.tenantPath}/${e}/group/${t}`;
945
+ return this.axiosClient.delete(r);
932
946
  }
933
947
  /**
934
948
  * Add a user to a group
@@ -937,9 +951,9 @@ class ve {
937
951
  * @param userId User ID
938
952
  * @param role Role to assign
939
953
  */
940
- addUserToGroup(e, t, s, r) {
941
- const n = `${h.tenantPath}/${e}/group/${t}/add`, o = { user_id: s, role: r };
942
- return this.axiosClient.post(n, o);
954
+ addUserToGroup(e, t, r, s) {
955
+ const o = `${c.tenantPath}/${e}/group/${t}/add`, a = { user_id: r, role: s };
956
+ return this.axiosClient.post(o, a);
943
957
  }
944
958
  /**
945
959
  * Remove user roles from a group
@@ -948,9 +962,9 @@ class ve {
948
962
  * @param userId User ID
949
963
  * @param roles Roles to remove
950
964
  */
951
- removeUserRolesFromGroup(e, t, s, r) {
952
- const n = `${h.tenantPath}/${e}/group/${t}/remove_roles`, o = { user_id: s, roles: r };
953
- return this.axiosClient.post(n, o);
965
+ removeUserRolesFromGroup(e, t, r, s) {
966
+ const o = `${c.tenantPath}/${e}/group/${t}/remove_roles`, a = { user_id: r, roles: s };
967
+ return this.axiosClient.post(o, a);
954
968
  }
955
969
  /**
956
970
  * Change user roles in a group
@@ -959,9 +973,9 @@ class ve {
959
973
  * @param userId User ID
960
974
  * @param roles New roles to assign
961
975
  */
962
- changeUserRoles(e, t, s, r) {
963
- const n = `${h.tenantPath}/${e}/group/${t}/change`, o = { user_id: s, roles: r };
964
- return this.axiosClient.post(n, o);
976
+ changeUserRoles(e, t, r, s) {
977
+ const o = `${c.tenantPath}/${e}/group/${t}/change`, a = { user_id: r, roles: s };
978
+ return this.axiosClient.post(o, a);
965
979
  }
966
980
  /**
967
981
  * Delete a user from a group
@@ -969,9 +983,9 @@ class ve {
969
983
  * @param groupId Group ID
970
984
  * @param userId User ID
971
985
  */
972
- deleteUserFromGroup(e, t, s) {
973
- const r = `${h.tenantPath}/${e}/group/${t}/${s}`;
974
- return this.axiosClient.delete(r);
986
+ deleteUserFromGroup(e, t, r) {
987
+ const s = `${c.tenantPath}/${e}/group/${t}/${r}`;
988
+ return this.axiosClient.delete(s);
975
989
  }
976
990
  // 3. Role Management
977
991
  /**
@@ -979,7 +993,7 @@ class ve {
979
993
  * @param tenantId Tenant ID
980
994
  */
981
995
  getRolesForTenant(e) {
982
- const t = `${h.tenantPath}/${e}/role`;
996
+ const t = `${c.tenantPath}/${e}/role`;
983
997
  return this.axiosClient.get(t);
984
998
  }
985
999
  /**
@@ -988,8 +1002,8 @@ class ve {
988
1002
  * @param name Role name
989
1003
  */
990
1004
  createRoleForTenant(e, t) {
991
- const s = `${h.tenantPath}/${e}/role`, r = { name: t };
992
- return this.axiosClient.post(s, r);
1005
+ const r = `${c.tenantPath}/${e}/role`, s = { name: t };
1006
+ return this.axiosClient.post(r, s);
993
1007
  }
994
1008
  /**
995
1009
  * Update a role
@@ -997,9 +1011,9 @@ class ve {
997
1011
  * @param roleId Role ID
998
1012
  * @param name New role name
999
1013
  */
1000
- updateRole(e, t, s) {
1001
- const r = `${h.tenantPath}/${e}/role/${t}`, n = { name: s };
1002
- return this.axiosClient.put(r, n);
1014
+ updateRole(e, t, r) {
1015
+ const s = `${c.tenantPath}/${e}/role/${t}`, o = { name: r };
1016
+ return this.axiosClient.put(s, o);
1003
1017
  }
1004
1018
  /**
1005
1019
  * Delete a role
@@ -1007,8 +1021,8 @@ class ve {
1007
1021
  * @param roleId Role ID
1008
1022
  */
1009
1023
  deleteRole(e, t) {
1010
- const s = `${h.tenantPath}/${e}/role/${t}`;
1011
- return this.axiosClient.delete(s);
1024
+ const r = `${c.tenantPath}/${e}/role/${t}`;
1025
+ return this.axiosClient.delete(r);
1012
1026
  }
1013
1027
  // 4. User Management in Tenants
1014
1028
  /**
@@ -1017,8 +1031,8 @@ class ve {
1017
1031
  * @param userId User ID
1018
1032
  */
1019
1033
  deleteUserFromTenant(e, t) {
1020
- const s = `${h.tenantPath}/${e}/user/${t}`;
1021
- return this.axiosClient.delete(s);
1034
+ const r = `${c.tenantPath}/${e}/user/${t}`;
1035
+ return this.axiosClient.delete(r);
1022
1036
  }
1023
1037
  // 5. Invitation Management
1024
1038
  /**
@@ -1028,10 +1042,10 @@ class ve {
1028
1042
  * @param limit Maximum number of invitations to return
1029
1043
  * @param skip Number of invitations to skip
1030
1044
  */
1031
- getGroupInvitations(e, t, s, r) {
1032
- const n = `${h.tenantPath}/${e}/group/${t}/invitations`;
1033
- return this.axiosClient.get(n, {
1034
- params: { limit: s, skip: r }
1045
+ getGroupInvitations(e, t, r, s) {
1046
+ const o = `${c.tenantPath}/${e}/group/${t}/invitations`;
1047
+ return this.axiosClient.get(o, {
1048
+ params: { limit: r, skip: s }
1035
1049
  });
1036
1050
  }
1037
1051
  /**
@@ -1040,10 +1054,10 @@ class ve {
1040
1054
  * @param limit Maximum number of invitations to return
1041
1055
  * @param skip Number of invitations to skip
1042
1056
  */
1043
- getTenantInvitations(e, t, s) {
1044
- const r = `${h.tenantPath}/${e}/invitations`;
1045
- return this.axiosClient.get(r, {
1046
- params: { limit: t, skip: s }
1057
+ getTenantInvitations(e, t, r) {
1058
+ const s = `${c.tenantPath}/${e}/invitations`;
1059
+ return this.axiosClient.get(s, {
1060
+ params: { limit: t, skip: r }
1047
1061
  });
1048
1062
  }
1049
1063
  /**
@@ -1052,9 +1066,9 @@ class ve {
1052
1066
  * @param groupId Group ID
1053
1067
  * @param inviteId Invitation ID
1054
1068
  */
1055
- invalidateInviteById(e, t, s) {
1056
- const r = `${h.tenantPath}/${e}/group/${t}/invite/${s}`;
1057
- return this.axiosClient.delete(r);
1069
+ invalidateInviteById(e, t, r) {
1070
+ const s = `${c.tenantPath}/${e}/group/${t}/invite/${r}`;
1071
+ return this.axiosClient.delete(s);
1058
1072
  }
1059
1073
  /**
1060
1074
  * Invalidate an invitation by email
@@ -1062,14 +1076,14 @@ class ve {
1062
1076
  * @param groupId Group ID
1063
1077
  * @param email Email address
1064
1078
  */
1065
- invalidateInviteByEmail(e, t, s) {
1066
- const r = `${h.tenantPath}/${e}/group/${t}/invite/email/${s}`;
1067
- return this.axiosClient.delete(r);
1079
+ invalidateInviteByEmail(e, t, r) {
1080
+ const s = `${c.tenantPath}/${e}/group/${t}/invite/email/${r}`;
1081
+ return this.axiosClient.delete(s);
1068
1082
  }
1069
1083
  }
1070
1084
  class me {
1071
- constructor(e, t, s) {
1072
- this.axiosClient = new T(e, t, s);
1085
+ constructor(e, t, r) {
1086
+ this.axiosClient = new _(e, t, r);
1073
1087
  }
1074
1088
  setAppId(e) {
1075
1089
  this.axiosClient.setAppId(e);
@@ -1079,7 +1093,7 @@ class me {
1079
1093
  * GET /user/2fa/status
1080
1094
  */
1081
1095
  getStatus() {
1082
- return this.axiosClient.get(h.twoFactorStatus);
1096
+ return this.axiosClient.get(c.twoFactorStatus);
1083
1097
  }
1084
1098
  /**
1085
1099
  * Begin 2FA setup process
@@ -1087,7 +1101,7 @@ class me {
1087
1101
  * Returns secret and QR code for authenticator app
1088
1102
  */
1089
1103
  beginSetup() {
1090
- return this.axiosClient.post(h.twoFactorSetupBegin, {});
1104
+ return this.axiosClient.post(c.twoFactorSetupBegin, {});
1091
1105
  }
1092
1106
  /**
1093
1107
  * Confirm 2FA setup with TOTP code
@@ -1096,7 +1110,7 @@ class me {
1096
1110
  */
1097
1111
  confirmSetup(e) {
1098
1112
  return this.axiosClient.post(
1099
- h.twoFactorSetupConfirm,
1113
+ c.twoFactorSetupConfirm,
1100
1114
  e
1101
1115
  );
1102
1116
  }
@@ -1106,10 +1120,10 @@ class me {
1106
1120
  * Uses tfa_token as Bearer token for authentication
1107
1121
  */
1108
1122
  verify(e) {
1109
- const { tfa_token: t, code: s } = e;
1123
+ const { tfa_token: t, code: r } = e;
1110
1124
  return this.axiosClient.post(
1111
- h.twoFactorVerify,
1112
- { code: s },
1125
+ c.twoFactorVerify,
1126
+ { code: r },
1113
1127
  {
1114
1128
  headers: {
1115
1129
  Authorization: `Bearer ${t}`
@@ -1123,10 +1137,10 @@ class me {
1123
1137
  * Uses tfa_token as Bearer token for authentication
1124
1138
  */
1125
1139
  useRecoveryCode(e) {
1126
- const { tfa_token: t, recovery_code: s } = e;
1140
+ const { tfa_token: t, recovery_code: r } = e;
1127
1141
  return this.axiosClient.post(
1128
- h.twoFactorRecovery,
1129
- { recovery_code: s },
1142
+ c.twoFactorRecovery,
1143
+ { recovery_code: r },
1130
1144
  {
1131
1145
  headers: {
1132
1146
  Authorization: `Bearer ${t}`
@@ -1139,7 +1153,7 @@ class me {
1139
1153
  * DELETE /user/2fa
1140
1154
  */
1141
1155
  disable(e) {
1142
- return this.axiosClient.delete(h.twoFactor, { data: e });
1156
+ return this.axiosClient.delete(c.twoFactor, { data: e });
1143
1157
  }
1144
1158
  /**
1145
1159
  * Regenerate recovery codes
@@ -1147,7 +1161,7 @@ class me {
1147
1161
  */
1148
1162
  regenerateRecoveryCodes(e) {
1149
1163
  return this.axiosClient.post(
1150
- h.twoFactorRegenerateCodes,
1164
+ c.twoFactorRegenerateCodes,
1151
1165
  e
1152
1166
  );
1153
1167
  }
@@ -1166,30 +1180,30 @@ class me {
1166
1180
  * @returns Validation response with scoped session token or error
1167
1181
  */
1168
1182
  validateTwoFactorSetupMagicLink(e) {
1169
- const t = `${h.twoFactorSetupMagicLink}/${e}`;
1183
+ const t = `${c.twoFactorSetupMagicLink}/${e}`;
1170
1184
  return this.axiosClient.get(t, {
1171
1185
  // Override default auth headers (this is a public endpoint)
1172
1186
  transformRequest: [
1173
- (s, r) => (r && delete r.Authorization, s)
1187
+ (r, s) => (s && delete s.Authorization, r)
1174
1188
  ]
1175
- }).then((s) => {
1176
- const r = s;
1189
+ }).then((r) => {
1190
+ const s = r;
1177
1191
  return {
1178
1192
  success: !0,
1179
- sessionToken: r.session_token,
1180
- userId: r.user_id,
1181
- expiresIn: r.expires_in,
1182
- appId: r.app_id
1193
+ sessionToken: s.session_token,
1194
+ userId: s.user_id,
1195
+ expiresIn: s.expires_in,
1196
+ appId: s.app_id
1183
1197
  };
1184
- }).catch((s) => {
1185
- if (s.response) {
1186
- const r = s.response.status, n = s.response.data || {}, o = s.response.headers?.["retry-after"] ? parseInt(s.response.headers["retry-after"], 10) : void 0;
1198
+ }).catch((r) => {
1199
+ if (r.response) {
1200
+ const s = r.response.status, o = r.response.data || {}, a = r.response.headers?.["retry-after"] ? parseInt(r.response.headers["retry-after"], 10) : void 0;
1187
1201
  return {
1188
1202
  success: !1,
1189
1203
  error: {
1190
- code: n.error || this.mapStatusToErrorCode(r),
1191
- message: n.message || this.getDefaultErrorMessage(r),
1192
- retryAfter: o
1204
+ code: o.error || this.mapStatusToErrorCode(s),
1205
+ message: o.message || this.getDefaultErrorMessage(s),
1206
+ retryAfter: a
1193
1207
  }
1194
1208
  };
1195
1209
  }
@@ -1197,7 +1211,7 @@ class me {
1197
1211
  success: !1,
1198
1212
  error: {
1199
1213
  code: "SERVER_ERROR",
1200
- message: s instanceof Error ? s.message : "Unable to connect to the server. Please check your connection."
1214
+ message: r instanceof Error ? r.message : "Unable to connect to the server. Please check your connection."
1201
1215
  }
1202
1216
  };
1203
1217
  });
@@ -1236,53 +1250,139 @@ class me {
1236
1250
  return "An error occurred while validating the magic link.";
1237
1251
  }
1238
1252
  }
1253
+ // ============================================
1254
+ // v2 Multi-Method 2FA API Methods
1255
+ // ============================================
1256
+ /**
1257
+ * Get available 2FA methods for current user
1258
+ * GET /v2/user/2fa/methods/available
1259
+ */
1260
+ getAvailableMethods() {
1261
+ return this.axiosClient.get(c.TwoFactorMethodsAvailable);
1262
+ }
1263
+ /**
1264
+ * Get registered 2FA methods for current user
1265
+ * GET /v2/user/2fa/methods
1266
+ */
1267
+ getRegisteredMethods() {
1268
+ return this.axiosClient.get(c.TwoFactorMethodsRegistered);
1269
+ }
1270
+ /**
1271
+ * Begin 2FA method setup
1272
+ * POST /v2/user/2fa/methods/:method/setup/begin
1273
+ */
1274
+ beginMethodSetup(e) {
1275
+ const t = m(c.TwoFactorMethodSetupBegin, { method: e });
1276
+ return this.axiosClient.post(t, {});
1277
+ }
1278
+ /**
1279
+ * Confirm 2FA method setup
1280
+ * POST /v2/user/2fa/methods/:method/setup/confirm
1281
+ */
1282
+ confirmMethodSetup(e, t) {
1283
+ const r = m(c.TwoFactorMethodSetupConfirm, { method: e });
1284
+ return this.axiosClient.post(r, t);
1285
+ }
1286
+ /**
1287
+ * Remove registered 2FA method
1288
+ * DELETE /v2/user/2fa/methods/:id
1289
+ */
1290
+ removeMethod(e) {
1291
+ const t = m(c.TwoFactorMethodRemove, { id: e });
1292
+ return this.axiosClient.delete(t);
1293
+ }
1294
+ /**
1295
+ * Request 2FA challenge during login
1296
+ * POST /v2/auth/2fa/challenge
1297
+ */
1298
+ requestChallenge(e) {
1299
+ return this.axiosClient.post(
1300
+ c.TwoFactorChallenge,
1301
+ e
1302
+ );
1303
+ }
1304
+ /**
1305
+ * Verify 2FA challenge (v2)
1306
+ * POST /v2/auth/2fa/verify
1307
+ */
1308
+ verifyV2(e) {
1309
+ return this.axiosClient.post(
1310
+ c.TwoFactorVerifyV2,
1311
+ e
1312
+ );
1313
+ }
1314
+ /**
1315
+ * Switch to alternative 2FA method during challenge
1316
+ * POST /v2/auth/2fa/alternative
1317
+ */
1318
+ switchToAlternative(e) {
1319
+ return this.axiosClient.post(
1320
+ c.TwoFactorAlternative,
1321
+ e
1322
+ );
1323
+ }
1324
+ /**
1325
+ * Get trusted devices
1326
+ * GET /v2/user/2fa/trusted-devices
1327
+ */
1328
+ getTrustedDevices() {
1329
+ return this.axiosClient.get(c.TwoFactorTrustedDevices);
1330
+ }
1331
+ /**
1332
+ * Revoke trusted device
1333
+ * DELETE /v2/user/2fa/trusted-devices/:id
1334
+ */
1335
+ revokeTrustedDevice(e) {
1336
+ const t = m(c.TwoFactorTrustedDeviceRevoke, { id: e });
1337
+ return this.axiosClient.delete(t);
1338
+ }
1239
1339
  }
1240
1340
  class Se {
1241
- constructor(e, t, s) {
1242
- this.axiosClient = new T(e, t, s);
1341
+ constructor(e, t, r) {
1342
+ this.axiosClient = new _(e, t, r);
1243
1343
  }
1244
1344
  setAppId(e) {
1245
1345
  this.axiosClient.setAppId(e);
1246
1346
  }
1247
1347
  getUserPasskeys() {
1248
- return this.axiosClient.get(h.userPasskey);
1348
+ return this.axiosClient.get(c.userPasskey);
1249
1349
  }
1250
1350
  renameUserPasskey(e, t) {
1251
1351
  return this.axiosClient.patch(
1252
- `${h.userPasskey}/${t}`,
1352
+ `${c.userPasskey}/${t}`,
1253
1353
  {
1254
1354
  name: e
1255
1355
  }
1256
1356
  );
1257
1357
  }
1258
1358
  deleteUserPasskey(e) {
1259
- return this.axiosClient.delete(`${h.userPasskey}/${e}`);
1359
+ return this.axiosClient.delete(`${c.userPasskey}/${e}`);
1260
1360
  }
1261
1361
  addUserPasskeyStart({
1262
1362
  relyingPartyId: e,
1263
1363
  deviceId: t,
1264
- os: s,
1265
- passkeyDisplayName: r,
1266
- passkeyUsername: n
1364
+ os: r,
1365
+ passkeyDisplayName: s,
1366
+ passkeyUsername: o
1267
1367
  }) {
1268
- const o = {
1269
- passkey_display_name: r,
1270
- passkey_username: n,
1368
+ const a = {
1369
+ passkey_display_name: s,
1370
+ passkey_username: o,
1271
1371
  relying_party_id: e,
1272
1372
  deviceId: t,
1273
- os: s
1373
+ os: r
1274
1374
  };
1275
- return this.axiosClient.post(h.addUserPasskey, o);
1375
+ return this.axiosClient.post(c.addUserPasskey, a);
1276
1376
  }
1277
- addUserPasskeyComplete(e, t, s) {
1278
- return this.axiosClient.post(h.completeAddUserPasskey, {
1279
- challenge_id: s,
1377
+ addUserPasskeyComplete(e, t, r) {
1378
+ return this.axiosClient.post(c.completeAddUserPasskey, {
1379
+ challenge_id: r,
1280
1380
  device: t,
1281
1381
  passkey_data: e
1282
1382
  });
1283
1383
  }
1284
1384
  }
1285
- var a = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.SessionRestored = "session:restored", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i.TwoFactorRequired = "2fa:required", i.TwoFactorSetupStarted = "2fa:setup_started", i.TwoFactorEnabled = "2fa:enabled", i.TwoFactorDisabled = "2fa:disabled", i.TwoFactorVerified = "2fa:verified", i.TwoFactorRecoveryUsed = "2fa:recovery_used", i.TwoFactorRecoveryCodesLow = "2fa:recovery_low", i.TwoFactorRecoveryCodesExhausted = "2fa:recovery_exhausted", i.TwoFactorSetupMagicLinkValidated = "2fa:magic_link_validated", i.TwoFactorSetupMagicLinkFailed = "2fa:magic_link_failed", i))(a || {});
1385
+ var n = /* @__PURE__ */ ((i) => (i.SignIn = "signin", i.SignInStart = "signin:start", i.Register = "register", i.RegisterStart = "register:start", i.SignOut = "signout", i.SessionRestored = "session:restored", i.SessionExpired = "session:expired", i.Error = "error", i.Refresh = "refresh", i.RefreshStart = "refresh:start", i.TokenCacheExpired = "token-cache-expired", i.TwoFactorRequired = "2fa:required", i.TwoFactorSetupStarted = "2fa:setup_started", i.TwoFactorEnabled = "2fa:enabled", i.TwoFactorDisabled = "2fa:disabled", i.TwoFactorVerified = "2fa:verified", i.TwoFactorRecoveryUsed = "2fa:recovery_used", i.TwoFactorRecoveryCodesLow = "2fa:recovery_low", i.TwoFactorRecoveryCodesExhausted = "2fa:recovery_exhausted", i.TwoFactorSetupMagicLinkValidated = "2fa:magic_link_validated", i.TwoFactorSetupMagicLinkFailed = "2fa:magic_link_failed", i.TwoFactorChallengeReceived = "two_factor_challenge_received", i.TwoFactorMethodSwitched = "two_factor_method_switched", i.TwoFactorDeviceTrusted = "two_factor_device_trusted", i))(n || {});
1286
1386
  class we {
1287
1387
  constructor() {
1288
1388
  this.subscribers = /* @__PURE__ */ new Map();
@@ -1294,8 +1394,8 @@ class we {
1294
1394
  */
1295
1395
  subscribe(e, t) {
1296
1396
  if (t?.length) {
1297
- const s = new Set(t);
1298
- this.subscribers.set(e, s);
1397
+ const r = new Set(t);
1398
+ this.subscribers.set(e, r);
1299
1399
  } else
1300
1400
  this.subscribers.set(e, null);
1301
1401
  }
@@ -1309,8 +1409,8 @@ class we {
1309
1409
  this.subscribers.delete(e);
1310
1410
  return;
1311
1411
  }
1312
- const s = this.subscribers.get(e);
1313
- s && (t.forEach((r) => s.delete(r)), s.size === 0 && this.subscribers.delete(e));
1412
+ const r = this.subscribers.get(e);
1413
+ r && (t.forEach((s) => r.delete(s)), r.size === 0 && this.subscribers.delete(e));
1314
1414
  }
1315
1415
  /**
1316
1416
  * Notify subscribers of an event
@@ -1318,22 +1418,22 @@ class we {
1318
1418
  * @param payload Event-specific payload data
1319
1419
  */
1320
1420
  notify(e, t) {
1321
- this.subscribers.forEach((s, r) => {
1322
- (!s || s.has(e)) && r.onAuthChange?.(e, t);
1421
+ this.subscribers.forEach((r, s) => {
1422
+ (!r || r.has(e)) && s.onAuthChange?.(e, t);
1323
1423
  });
1324
1424
  }
1325
1425
  }
1326
- function M(i) {
1426
+ function D(i) {
1327
1427
  if (!i || typeof i != "string") return !1;
1328
1428
  const e = i.split(".");
1329
1429
  if (e.length !== 3) return !1;
1330
1430
  const t = /^[A-Za-z0-9_-]+$/;
1331
- return e.every((s) => t.test(s) && s.length > 0);
1431
+ return e.every((r) => t.test(r) && r.length > 0);
1332
1432
  }
1333
1433
  function Te(i) {
1334
- return i.replace(/<[^>]*>/g, "").substring(0, oe);
1434
+ return i.replace(/<[^>]*>/g, "").substring(0, ne);
1335
1435
  }
1336
- function F(i) {
1436
+ function P(i) {
1337
1437
  if (!i || typeof i != "string") return !1;
1338
1438
  const e = i.trim();
1339
1439
  return e.length === 0 ? !1 : /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(e);
@@ -1343,22 +1443,22 @@ function x(i) {
1343
1443
  const e = i.trim();
1344
1444
  return /^\+[1-9]\d{1,14}$/.test(e);
1345
1445
  }
1346
- function Ee(i) {
1446
+ function _e(i) {
1347
1447
  if (!i || typeof i != "string") return !1;
1348
1448
  const e = i.trim();
1349
- return e.length < ie || e.length > ne ? !1 : /^[a-zA-Z0-9_-]+$/.test(e);
1449
+ return e.length < ie || e.length > oe ? !1 : /^[a-zA-Z0-9_-]+$/.test(e);
1350
1450
  }
1351
1451
  function R(i, e = 6) {
1352
1452
  return !i || typeof i != "string" ? !1 : (e === 8 ? /^\d{8}$/ : /^\d{6}$/).test(i);
1353
1453
  }
1354
- function _e(i) {
1454
+ function Ee(i) {
1355
1455
  if (!i || typeof i != "string") return null;
1356
1456
  const e = i.toUpperCase().replace(/\s+/g, "");
1357
1457
  return /^[A-Z0-9-]{4,16}$/.test(e) ? e : null;
1358
1458
  }
1359
1459
  class Ie {
1360
- constructor(e, t, s, r, n, o, d, c, g, p, f, b) {
1361
- this.authApi = e, this.deviceService = t, this.storageManager = s, this.subscribeStore = r, this.tokenCacheService = n, this.scopes = o, this.createTenantForNewUser = d, this.origin = c, this.url = g, this.sessionCallbacks = p, this.appId = f, this.tokenExchangeConfig = b, this.tokenDeliveryManager = new Y(s), b?.enabled && this.tokenDeliveryManager.setMode(v.BFF), this.initializeSession();
1460
+ constructor(e, t, r, s, o, a, d, h, g, f, k, A) {
1461
+ this.authApi = e, this.deviceService = t, this.storageManager = r, this.subscribeStore = s, this.tokenCacheService = o, this.scopes = a, this.createTenantForNewUser = d, this.origin = h, this.url = g, this.sessionCallbacks = f, this.appId = k, this.tokenExchangeConfig = A, this.tokenDeliveryManager = new Y(r), A?.enabled && this.tokenDeliveryManager.setMode(y.BFF), this.initializeSession();
1362
1462
  }
1363
1463
  /**
1364
1464
  * Initialize session state on page load for cookie/BFF mode
@@ -1387,7 +1487,7 @@ class Ie {
1387
1487
  return !1;
1388
1488
  try {
1389
1489
  const e = await this.authApi.validateSession();
1390
- return e.valid ? (this.tokenDeliveryManager.setSessionValid(), e.user && this.subscribeStore.notify(a.SessionRestored, e.user), !0) : (this.tokenDeliveryManager.setSessionInvalid(), !1);
1490
+ return e.valid ? (this.tokenDeliveryManager.setSessionValid(), e.user && this.subscribeStore.notify(n.SessionRestored, e.user), !0) : (this.tokenDeliveryManager.setSessionInvalid(), !1);
1391
1491
  } catch {
1392
1492
  return this.tokenDeliveryManager.setSessionInvalid(), !1;
1393
1493
  }
@@ -1425,132 +1525,132 @@ class Ie {
1425
1525
  throw new Error(`BFF token storage failed: ${t.status}`);
1426
1526
  }
1427
1527
  async signIn(e) {
1428
- if ("email" in e && e.email && !F(e.email)) {
1429
- const r = new Error("Invalid email format"), n = {
1528
+ if ("email" in e && e.email && !P(e.email)) {
1529
+ const s = new Error("Invalid email format"), o = {
1430
1530
  message: "Invalid email format",
1431
- originalError: r,
1531
+ originalError: s,
1432
1532
  code: "VALIDATION_ERROR"
1433
1533
  };
1434
- throw this.subscribeStore.notify(a.Error, n), r;
1534
+ throw this.subscribeStore.notify(n.Error, o), s;
1435
1535
  }
1436
- if ("username" in e && e.username && !Ee(e.username)) {
1437
- const r = new Error(
1536
+ if ("username" in e && e.username && !_e(e.username)) {
1537
+ const s = new Error(
1438
1538
  "Invalid username format. Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens"
1439
- ), n = {
1539
+ ), o = {
1440
1540
  message: "Invalid username format. Username must be 3-30 characters and contain only letters, numbers, underscores, and hyphens",
1441
- originalError: r,
1541
+ originalError: s,
1442
1542
  code: "VALIDATION_ERROR"
1443
1543
  };
1444
- throw this.subscribeStore.notify(a.Error, n), r;
1544
+ throw this.subscribeStore.notify(n.Error, o), s;
1445
1545
  }
1446
1546
  if ("phone" in e && e.phone && !x(e.phone)) {
1447
- const r = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), n = {
1547
+ const s = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1448
1548
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1449
- originalError: r,
1549
+ originalError: s,
1450
1550
  code: "VALIDATION_ERROR"
1451
1551
  };
1452
- throw this.subscribeStore.notify(a.Error, n), r;
1552
+ throw this.subscribeStore.notify(n.Error, o), s;
1453
1553
  }
1454
- this.subscribeStore.notify(a.SignInStart, { email: e.email });
1455
- const t = this.deviceService.getDeviceId(), s = I.web;
1554
+ this.subscribeStore.notify(n.SignInStart, { email: e.email });
1555
+ const t = this.deviceService.getDeviceId(), r = b.web;
1456
1556
  e.scopes = e.scopes ?? this.scopes;
1457
1557
  try {
1458
- const r = await this.authApi.signIn(e, t, s);
1459
- return "requires_2fa" in r && r.requires_2fa === !0 || "tfa_token" in r && r.tfa_token ? (this.subscribeStore.notify(a.TwoFactorRequired, {
1558
+ const s = await this.authApi.signIn(e, t, r);
1559
+ return "requires_2fa" in s && s.requires_2fa === !0 || "tfa_token" in s && s.tfa_token ? (this.subscribeStore.notify(n.TwoFactorRequired, {
1460
1560
  email: e.email || "",
1461
- challengeId: r.challenge_id || "",
1462
- tfaToken: r.tfa_token || ""
1463
- }), r) : (await this.processAuthResponse(r, e.scopes), this.subscribeStore.notify(a.SignIn, {
1464
- tokens: r,
1561
+ challengeId: s.challenge_id || "",
1562
+ tfaToken: s.tfa_token || ""
1563
+ }), s) : (await this.processAuthResponse(s, e.scopes), this.subscribeStore.notify(n.SignIn, {
1564
+ tokens: s,
1465
1565
  parsedTokens: this.tokenCacheService.getParsedTokens()
1466
- }), await this.submitSessionCheck(), r);
1467
- } catch (r) {
1468
- const n = {
1469
- message: r instanceof Error ? r.message : "Sign in failed",
1470
- originalError: r,
1471
- code: r instanceof u ? r.id : void 0
1566
+ }), await this.submitSessionCheck(), s);
1567
+ } catch (s) {
1568
+ const o = {
1569
+ message: s instanceof Error ? s.message : "Sign in failed",
1570
+ originalError: s,
1571
+ code: s instanceof u ? s.id : void 0
1472
1572
  };
1473
- throw this.subscribeStore.notify(a.Error, n), r;
1573
+ throw this.subscribeStore.notify(n.Error, o), s;
1474
1574
  }
1475
1575
  }
1476
1576
  async signUp(e) {
1477
- if (e.user.email && !F(e.user.email)) {
1478
- const t = new Error("Invalid email format"), s = {
1577
+ if (e.user.email && !P(e.user.email)) {
1578
+ const t = new Error("Invalid email format"), r = {
1479
1579
  message: "Invalid email format",
1480
1580
  originalError: t,
1481
1581
  code: "VALIDATION_ERROR"
1482
1582
  };
1483
- throw this.subscribeStore.notify(a.Error, s), t;
1583
+ throw this.subscribeStore.notify(n.Error, r), t;
1484
1584
  }
1485
1585
  if (e.user.phone_number && !x(e.user.phone_number)) {
1486
- const t = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), s = {
1586
+ const t = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), r = {
1487
1587
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1488
1588
  originalError: t,
1489
1589
  code: "VALIDATION_ERROR"
1490
1590
  };
1491
- throw this.subscribeStore.notify(a.Error, s), t;
1591
+ throw this.subscribeStore.notify(n.Error, r), t;
1492
1592
  }
1493
- this.subscribeStore.notify(a.RegisterStart, { email: e.user.email }), e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1593
+ this.subscribeStore.notify(n.RegisterStart, { email: e.user.email }), e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1494
1594
  try {
1495
1595
  const t = await this.authApi.signUp(e);
1496
- return await this.processAuthResponse(t, e.scopes), this.subscribeStore.notify(a.Register, {
1596
+ return await this.processAuthResponse(t, e.scopes), this.subscribeStore.notify(n.Register, {
1497
1597
  tokens: t,
1498
1598
  parsedTokens: this.tokenCacheService.getParsedTokens()
1499
1599
  }), await this.submitSessionCheck(), t;
1500
1600
  } catch (t) {
1501
- const s = {
1601
+ const r = {
1502
1602
  message: t instanceof Error ? t.message : "Sign up failed",
1503
1603
  originalError: t,
1504
1604
  code: t instanceof u ? t.id : void 0
1505
1605
  };
1506
- throw this.subscribeStore.notify(a.Error, s), t;
1606
+ throw this.subscribeStore.notify(n.Error, r), t;
1507
1607
  }
1508
1608
  }
1509
1609
  async passwordlessSignIn(e) {
1510
- if (e.email && !F(e.email)) {
1511
- const r = new Error("Invalid email format"), n = {
1610
+ if (e.email && !P(e.email)) {
1611
+ const s = new Error("Invalid email format"), o = {
1512
1612
  message: "Invalid email format",
1513
- originalError: r,
1613
+ originalError: s,
1514
1614
  code: "VALIDATION_ERROR"
1515
1615
  };
1516
- throw this.subscribeStore.notify(a.Error, n), r;
1616
+ throw this.subscribeStore.notify(n.Error, o), s;
1517
1617
  }
1518
1618
  if (e.phone && !x(e.phone)) {
1519
- const r = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), n = {
1619
+ const s = new Error("Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)"), o = {
1520
1620
  message: "Invalid phone number format. Phone must be in E.164 format (e.g., +12345678901)",
1521
- originalError: r,
1621
+ originalError: s,
1522
1622
  code: "VALIDATION_ERROR"
1523
1623
  };
1524
- throw this.subscribeStore.notify(a.Error, n), r;
1624
+ throw this.subscribeStore.notify(n.Error, o), s;
1525
1625
  }
1526
- this.subscribeStore.notify(a.SignInStart, { email: e.email }), e.scopes = e.scopes ?? this.scopes;
1527
- const t = this.deviceService.getDeviceId(), s = I.web;
1626
+ this.subscribeStore.notify(n.SignInStart, { email: e.email }), e.scopes = e.scopes ?? this.scopes;
1627
+ const t = this.deviceService.getDeviceId(), r = b.web;
1528
1628
  try {
1529
- return await this.authApi.passwordlessSignIn(e, t, s);
1530
- } catch (r) {
1531
- const n = {
1532
- message: r instanceof Error ? r.message : "Failed to send passwordless sign-in link",
1533
- originalError: r,
1534
- code: r instanceof u ? r.id : void 0
1629
+ return await this.authApi.passwordlessSignIn(e, t, r);
1630
+ } catch (s) {
1631
+ const o = {
1632
+ message: s instanceof Error ? s.message : "Failed to send passwordless sign-in link",
1633
+ originalError: s,
1634
+ code: s instanceof u ? s.id : void 0
1535
1635
  };
1536
- throw this.subscribeStore.notify(a.Error, n), r;
1636
+ throw this.subscribeStore.notify(n.Error, o), s;
1537
1637
  }
1538
1638
  }
1539
1639
  async passwordlessSignInComplete(e) {
1540
- this.subscribeStore.notify(a.SignInStart, {}), e.scopes = e.scopes ?? this.scopes, e.device = this.deviceService.getDeviceId();
1640
+ this.subscribeStore.notify(n.SignInStart, {}), e.scopes = e.scopes ?? this.scopes, e.device = this.deviceService.getDeviceId();
1541
1641
  try {
1542
1642
  const t = await this.authApi.passwordlessSignInComplete(e);
1543
- return await this.processAuthResponse(t, e.scopes), this.subscribeStore.notify(a.SignIn, {
1643
+ return await this.processAuthResponse(t, e.scopes), this.subscribeStore.notify(n.SignIn, {
1544
1644
  tokens: t,
1545
1645
  parsedTokens: this.tokenCacheService.getParsedTokens()
1546
1646
  }), await this.submitSessionCheck(), t;
1547
1647
  } catch (t) {
1548
- const s = {
1648
+ const r = {
1549
1649
  message: t instanceof Error ? t.message : "Passwordless sign in failed",
1550
1650
  originalError: t,
1551
1651
  code: t instanceof u ? t.id : void 0
1552
1652
  };
1553
- throw this.subscribeStore.notify(a.Error, s), t;
1653
+ throw this.subscribeStore.notify(n.Error, r), t;
1554
1654
  }
1555
1655
  }
1556
1656
  async logOut() {
@@ -1564,265 +1664,267 @@ class Ie {
1564
1664
  } catch {
1565
1665
  }
1566
1666
  else {
1567
- const e = this.storageManager.getToken(k.refresh_token), t = this.storageManager.getDeviceId();
1667
+ const e = this.storageManager.getToken(p.refresh_token), t = this.storageManager.getDeviceId();
1568
1668
  try {
1569
1669
  if ((await this.authApi.logOut(t, e, !this.appId)).status !== "ok")
1570
1670
  throw new Error("Logout failed");
1571
1671
  } catch {
1572
1672
  }
1573
1673
  }
1574
- this.storageManager.deleteTokens(), this.storageManager.clearIdToken(), this.storageManager.clearCsrfToken(), this.tokenDeliveryManager.reset(), this.subscribeStore.notify(a.SignOut, {});
1674
+ this.storageManager.deleteTokens(), this.storageManager.clearIdToken(), this.storageManager.clearCsrfToken(), this.tokenDeliveryManager.reset(), this.subscribeStore.notify(n.SignOut, {});
1575
1675
  }
1576
1676
  async refreshToken() {
1577
- if (this.subscribeStore.notify(a.RefreshStart, {}), this.tokenDeliveryManager.isBFFMode() && this.tokenExchangeConfig?.refreshUrl)
1677
+ if (this.subscribeStore.notify(n.RefreshStart, {}), this.tokenDeliveryManager.isBFFMode() && this.tokenExchangeConfig?.refreshUrl)
1578
1678
  try {
1579
- const s = await fetch(this.tokenExchangeConfig.refreshUrl, {
1679
+ const r = await fetch(this.tokenExchangeConfig.refreshUrl, {
1580
1680
  method: "POST",
1581
1681
  credentials: "include"
1582
1682
  // Include httpOnly cookies
1583
1683
  });
1584
- if (!s.ok)
1684
+ if (!r.ok)
1585
1685
  throw this.tokenDeliveryManager.setSessionInvalid(), new Error("BFF token refresh failed");
1586
- const r = await s.json();
1587
- return this.tokenDeliveryManager.setSessionValid(), r.id_token && this.storageManager.setIdToken(r.id_token), this.subscribeStore.notify(a.Refresh, {
1588
- tokens: r,
1686
+ const s = await r.json();
1687
+ return this.tokenDeliveryManager.setSessionValid(), s.id_token && this.storageManager.setIdToken(s.id_token), this.subscribeStore.notify(n.Refresh, {
1688
+ tokens: s,
1589
1689
  parsedTokens: this.tokenCacheService.getParsedTokens()
1590
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, r;
1591
- } catch (s) {
1690
+ }), this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, s;
1691
+ } catch (r) {
1592
1692
  this.tokenDeliveryManager.setSessionInvalid();
1593
- const r = {
1594
- message: s instanceof Error ? s.message : "Token refresh failed",
1595
- originalError: s
1693
+ const s = {
1694
+ message: r instanceof Error ? r.message : "Token refresh failed",
1695
+ originalError: r
1596
1696
  };
1597
- throw this.subscribeStore.notify(a.Error, r), s;
1697
+ throw this.subscribeStore.notify(n.Error, s), r;
1598
1698
  }
1599
1699
  if (this.tokenDeliveryManager.isCookieMode())
1600
1700
  try {
1601
- const s = await this.authApi.refreshToken("", this.scopes);
1602
- return this.tokenDeliveryManager.setSessionValid(), await this.processAuthResponse(s, this.scopes), this.subscribeStore.notify(a.Refresh, {
1603
- tokens: s,
1701
+ const r = await this.authApi.refreshToken("", this.scopes);
1702
+ return this.tokenDeliveryManager.setSessionValid(), await this.processAuthResponse(r, this.scopes), this.subscribeStore.notify(n.Refresh, {
1703
+ tokens: r,
1604
1704
  parsedTokens: this.tokenCacheService.getParsedTokens()
1605
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, s;
1606
- } catch (s) {
1705
+ }), this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, r;
1706
+ } catch (r) {
1607
1707
  this.tokenDeliveryManager.setSessionInvalid();
1608
- const r = {
1609
- message: s instanceof Error ? s.message : "Token refresh failed",
1610
- originalError: s,
1611
- code: s instanceof u ? s.id : void 0
1708
+ const s = {
1709
+ message: r instanceof Error ? r.message : "Token refresh failed",
1710
+ originalError: r,
1711
+ code: r instanceof u ? r.id : void 0
1612
1712
  };
1613
- throw this.subscribeStore.notify(a.Error, r), s;
1713
+ throw this.subscribeStore.notify(n.Error, s), r;
1614
1714
  }
1615
1715
  const e = this.storageManager.getTokens();
1616
1716
  if (e) {
1617
1717
  if (!e?.refresh_token) {
1618
- const s = new Error("No refresh token found"), r = {
1718
+ const r = new Error("No refresh token found"), s = {
1619
1719
  message: "No refresh token found",
1620
- originalError: s
1720
+ originalError: r
1621
1721
  };
1622
- throw this.subscribeStore.notify(a.Error, r), s;
1722
+ throw this.subscribeStore.notify(n.Error, s), r;
1623
1723
  }
1624
1724
  } else {
1625
- const s = new Error("No tokens found"), r = {
1725
+ const r = new Error("No tokens found"), s = {
1626
1726
  message: "No tokens found",
1627
- originalError: s
1727
+ originalError: r
1628
1728
  };
1629
- throw this.subscribeStore.notify(a.Error, r), s;
1729
+ throw this.subscribeStore.notify(n.Error, s), r;
1630
1730
  }
1631
1731
  const t = e?.scopes ?? this.scopes;
1632
1732
  try {
1633
- const s = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
1634
- return s.scopes = t, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), this.subscribeStore.notify(a.Refresh, {
1635
- tokens: s,
1733
+ const r = await this.authApi.refreshToken(e?.refresh_token ?? "", t, e?.access_token);
1734
+ return r.scopes = t, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), this.subscribeStore.notify(n.Refresh, {
1735
+ tokens: r,
1636
1736
  parsedTokens: this.tokenCacheService.getParsedTokens()
1637
- }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, this.tokenCacheService.startTokenCheck(), s;
1638
- } catch (s) {
1639
- const r = {
1640
- message: s instanceof Error ? s.message : "Token refresh failed",
1641
- originalError: s,
1642
- code: s instanceof u ? s.id : void 0,
1643
- details: D.isAxiosError(s) && s.response ? {
1644
- status: s.response.status,
1645
- data: s.response.data
1737
+ }), this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !1 }), this.tokenCacheService.isRefreshing = !1, this.tokenCacheService.tokenExpiredFlag = !1, this.tokenCacheService.startTokenCheck(), r;
1738
+ } catch (r) {
1739
+ const s = {
1740
+ message: r instanceof Error ? r.message : "Token refresh failed",
1741
+ originalError: r,
1742
+ code: r instanceof u ? r.id : void 0,
1743
+ details: F.isAxiosError(r) && r.response ? {
1744
+ status: r.response.status,
1745
+ data: r.response.data
1646
1746
  } : void 0
1647
1747
  };
1648
- throw this.subscribeStore.notify(a.Error, r), s instanceof u ? s : D.isAxiosError(s) && s.response && s.response?.status >= 400 && s.response?.status < 500 ? new Error(`Getting unknown error message from server with code:${s.response.status}`) : s;
1748
+ this.subscribeStore.notify(n.Error, s);
1749
+ const o = F.isAxiosError(r) && r.response?.status && r.response.status >= 400 && r.response.status < 500;
1750
+ throw o && (this.tokenCacheService.tokenExpiredFlag = !0, this.tokenCacheService.setTokensCache(void 0), this.storageManager.deleteTokens(), this.subscribeStore.notify(n.SessionExpired, { reason: "refresh_failed" })), r instanceof u ? r : o ? new Error(`Getting unknown error message from server with code:${r.response?.status}`) : r;
1649
1751
  }
1650
1752
  }
1651
1753
  async sendPasswordResetEmail(e) {
1652
1754
  try {
1653
1755
  return await this.authApi.sendPasswordResetEmail(e);
1654
1756
  } catch (t) {
1655
- const s = {
1757
+ const r = {
1656
1758
  message: t instanceof Error ? t.message : "Failed to send password reset email",
1657
1759
  originalError: t,
1658
1760
  code: t instanceof u ? t.id : void 0
1659
1761
  };
1660
- throw this.subscribeStore.notify(a.Error, s), t;
1762
+ throw this.subscribeStore.notify(n.Error, r), t;
1661
1763
  }
1662
1764
  }
1663
1765
  async resetPassword(e, t) {
1664
- this.subscribeStore.notify(a.SignInStart, {});
1665
- const r = new URLSearchParams(window.location.search).get("token") ?? void 0, n = t ?? this.scopes;
1766
+ this.subscribeStore.notify(n.SignInStart, {});
1767
+ const s = new URLSearchParams(window.location.search).get("token") ?? void 0, o = t ?? this.scopes;
1666
1768
  try {
1667
- const o = await this.authApi.resetPassword(e, n, r);
1668
- return await this.processAuthResponse(o, n), this.subscribeStore.notify(a.SignIn, {
1669
- tokens: o,
1769
+ const a = await this.authApi.resetPassword(e, o, s);
1770
+ return await this.processAuthResponse(a, o), this.subscribeStore.notify(n.SignIn, {
1771
+ tokens: a,
1670
1772
  parsedTokens: this.tokenCacheService.getParsedTokens()
1671
- }), await this.submitSessionCheck(), o;
1672
- } catch (o) {
1773
+ }), await this.submitSessionCheck(), a;
1774
+ } catch (a) {
1673
1775
  const d = {
1674
- message: o instanceof Error ? o.message : "Password reset failed",
1675
- originalError: o,
1676
- code: o instanceof u ? o.id : void 0
1776
+ message: a instanceof Error ? a.message : "Password reset failed",
1777
+ originalError: a,
1778
+ code: a instanceof u ? a.id : void 0
1677
1779
  };
1678
- throw this.subscribeStore.notify(a.Error, d), o;
1780
+ throw this.subscribeStore.notify(n.Error, d), a;
1679
1781
  }
1680
1782
  }
1681
1783
  async passkeyRegister(e) {
1682
- this.subscribeStore.notify(a.RegisterStart, {});
1683
- const t = this.deviceService.getDeviceId(), s = I.web;
1784
+ this.subscribeStore.notify(n.RegisterStart, {});
1785
+ const t = this.deviceService.getDeviceId(), r = b.web;
1684
1786
  e.scopes = e.scopes ?? this.scopes, e.create_tenant = this.createTenantForNewUser;
1685
1787
  try {
1686
- const { challenge_id: r, publicKey: n } = await this.authApi.passkeyRegisterStart(e, t, s, !this.appId);
1687
- n.user.id = btoa(n.user.id);
1688
- const o = await K({
1689
- optionsJSON: n
1788
+ const { challenge_id: s, publicKey: o } = await this.authApi.passkeyRegisterStart(e, t, r, !this.appId);
1789
+ o.user.id = btoa(o.user.id);
1790
+ const a = await K({
1791
+ optionsJSON: o
1690
1792
  }), d = await this.authApi.passkeyRegisterComplete(
1691
- o,
1793
+ a,
1692
1794
  t,
1693
- r,
1795
+ s,
1694
1796
  !this.appId
1695
1797
  );
1696
- return await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(a.Register, {
1798
+ return await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(n.Register, {
1697
1799
  tokens: d,
1698
1800
  parsedTokens: this.tokenCacheService.getParsedTokens()
1699
1801
  }), await this.submitSessionCheck(), d;
1700
- } catch (r) {
1701
- const n = {
1702
- message: r instanceof Error ? r.message : "Passkey registration failed",
1703
- originalError: r,
1704
- code: r instanceof u ? r.id : void 0
1802
+ } catch (s) {
1803
+ const o = {
1804
+ message: s instanceof Error ? s.message : "Passkey registration failed",
1805
+ originalError: s,
1806
+ code: s instanceof u ? s.id : void 0
1705
1807
  };
1706
- throw this.subscribeStore.notify(a.Error, n), r;
1808
+ throw this.subscribeStore.notify(n.Error, o), s;
1707
1809
  }
1708
1810
  }
1709
1811
  async passkeyAuthenticate(e) {
1710
- this.subscribeStore.notify(a.SignInStart, {});
1711
- const t = this.deviceService.getDeviceId(), s = I.web;
1812
+ this.subscribeStore.notify(n.SignInStart, {});
1813
+ const t = this.deviceService.getDeviceId(), r = b.web;
1712
1814
  e.scopes = e.scopes ?? this.scopes;
1713
1815
  try {
1714
- const { challenge_id: r, publicKey: n } = await this.authApi.passkeyAuthenticateStart(e, t, s, !this.appId), o = await j({
1715
- optionsJSON: n
1816
+ const { challenge_id: s, publicKey: o } = await this.authApi.passkeyAuthenticateStart(e, t, r, !this.appId), a = await j({
1817
+ optionsJSON: o
1716
1818
  }), d = await this.authApi.passkeyAuthenticateComplete(
1717
- o,
1819
+ a,
1718
1820
  t,
1719
- r,
1821
+ s,
1720
1822
  !this.appId
1721
1823
  );
1722
- return "access_token" in d && (await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(a.SignIn, {
1824
+ return "access_token" in d && (await this.processAuthResponse(d, e.scopes), this.subscribeStore.notify(n.SignIn, {
1723
1825
  tokens: d,
1724
1826
  parsedTokens: this.tokenCacheService.getParsedTokens()
1725
1827
  }), await this.submitSessionCheck()), d;
1726
- } catch (r) {
1727
- const n = {
1728
- message: r instanceof Error ? r.message : "Passkey authentication failed",
1729
- originalError: r,
1730
- code: r instanceof u ? r.id : void 0
1828
+ } catch (s) {
1829
+ const o = {
1830
+ message: s instanceof Error ? s.message : "Passkey authentication failed",
1831
+ originalError: s,
1832
+ code: s instanceof u ? s.id : void 0
1731
1833
  };
1732
- throw this.subscribeStore.notify(a.Error, n), r;
1834
+ throw this.subscribeStore.notify(n.Error, o), s;
1733
1835
  }
1734
1836
  }
1735
1837
  createFederatedAuthUrl(e) {
1736
1838
  const t = `/auth/federated/start/${e.provider}`;
1737
1839
  if (!this.appId) throw new Error("AppId is required for federated auth");
1738
- const r = {
1840
+ const s = {
1739
1841
  scopes: (e.scopes ?? this.scopes).join(" "),
1740
1842
  redirect_url: e.redirect_url ?? this.origin,
1741
1843
  appId: this.appId,
1742
1844
  ...e.invite_token ? { invite_token: e.invite_token } : {},
1743
1845
  ...e.create_tenant ? { create_tenant: e.create_tenant.toString() } : {},
1744
1846
  ...e.device ? { device: e.device } : {}
1745
- }, n = new URL(t, this.url), o = new URLSearchParams(r);
1746
- return n.search = o.toString(), n.toString();
1847
+ }, o = new URL(t, this.url), a = new URLSearchParams(s);
1848
+ return o.search = a.toString(), o.toString();
1747
1849
  }
1748
1850
  federatedAuthWithPopup(e) {
1749
- this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
1750
- const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s }), n = window.open(r, "_blank", `width=${ee},height=${te}`);
1751
- if (!n) {
1851
+ this.subscribeStore.notify(n.SignInStart, { provider: e.provider });
1852
+ const t = e.scopes ?? this.scopes, r = this.deviceService.getDeviceId(), s = this.createFederatedAuthUrl({ ...e, scopes: t, device: r }), o = window.open(s, "_blank", `width=${ee},height=${te}`);
1853
+ if (!o) {
1752
1854
  this.federatedAuthWithRedirect(e);
1753
1855
  return;
1754
1856
  }
1755
- const o = Date.now(), d = setInterval(() => {
1756
- if (n.closed) {
1857
+ const a = Date.now(), d = setInterval(() => {
1858
+ if (o.closed) {
1757
1859
  clearInterval(d);
1758
- const c = {
1860
+ const h = {
1759
1861
  message: "Authentication popup was closed",
1760
1862
  code: "POPUP_CLOSED"
1761
1863
  };
1762
- this.subscribeStore.notify(a.Error, c);
1864
+ this.subscribeStore.notify(n.Error, h);
1763
1865
  return;
1764
1866
  }
1765
- if (Date.now() - o > re) {
1766
- clearInterval(d), n.close();
1767
- const c = {
1867
+ if (Date.now() - a > se) {
1868
+ clearInterval(d), o.close();
1869
+ const h = {
1768
1870
  message: "Authentication popup timed out",
1769
1871
  code: "POPUP_TIMEOUT"
1770
1872
  };
1771
- this.subscribeStore.notify(a.Error, c);
1873
+ this.subscribeStore.notify(n.Error, h);
1772
1874
  return;
1773
1875
  }
1774
1876
  try {
1775
- if (n.location.href.startsWith(this.origin)) {
1776
- const c = new URLSearchParams(n.location.search), g = c.get("access_token") || "", p = c.get("refresh_token") || "", f = c.get("id_token") || "", b = {
1877
+ if (o.location.href.startsWith(this.origin)) {
1878
+ const h = new URLSearchParams(o.location.search), g = h.get("access_token") || "", f = h.get("refresh_token") || "", k = h.get("id_token") || "", A = {
1777
1879
  access_token: g,
1778
- refresh_token: p || void 0,
1779
- id_token: f || void 0,
1880
+ refresh_token: f || void 0,
1881
+ id_token: k || void 0,
1780
1882
  scopes: t
1781
1883
  };
1782
- this.processAuthResponse(b, t).then(() => {
1783
- this.subscribeStore.notify(a.SignIn, {
1784
- tokens: b,
1884
+ this.processAuthResponse(A, t).then(() => {
1885
+ this.subscribeStore.notify(n.SignIn, {
1886
+ tokens: A,
1785
1887
  parsedTokens: this.tokenCacheService.getParsedTokens()
1786
1888
  }), window.location.href = `${this.origin}`;
1787
- }), clearInterval(d), n.close();
1889
+ }), clearInterval(d), o.close();
1788
1890
  }
1789
1891
  } catch {
1790
1892
  }
1791
- }, se);
1893
+ }, re);
1792
1894
  }
1793
1895
  federatedAuthWithRedirect(e) {
1794
- this.subscribeStore.notify(a.SignInStart, { provider: e.provider });
1795
- const t = e.scopes ?? this.scopes, s = this.deviceService.getDeviceId(), r = this.createFederatedAuthUrl({ ...e, scopes: t, device: s });
1796
- window.location.href = r;
1896
+ this.subscribeStore.notify(n.SignInStart, { provider: e.provider });
1897
+ const t = e.scopes ?? this.scopes, r = this.deviceService.getDeviceId(), s = this.createFederatedAuthUrl({ ...e, scopes: t, device: r });
1898
+ window.location.href = s;
1797
1899
  }
1798
1900
  // Helper methods for authentication UI redirect
1799
1901
  authRedirectUrl(e = {}) {
1800
1902
  try {
1801
- const { url: t, redirectUrl: s, scopes: r, appId: n } = e ?? {}, o = new URL(t ?? this.url);
1802
- o.pathname = (o.pathname.endsWith("/") ? o.pathname : o.pathname + "/") + "web";
1803
- const d = r ?? this.scopes, c = {
1804
- appId: n ?? this.appId ?? "",
1805
- redirectto: s ?? window.location.href,
1903
+ const { url: t, redirectUrl: r, scopes: s, appId: o } = e ?? {}, a = new URL(t ?? this.url);
1904
+ a.pathname = (a.pathname.endsWith("/") ? a.pathname : a.pathname + "/") + "web";
1905
+ const d = s ?? this.scopes, h = {
1906
+ appId: o ?? this.appId ?? "",
1907
+ redirectto: r ?? window.location.href,
1806
1908
  scopes: d.join(",")
1807
- }, g = new URLSearchParams(c);
1808
- return o.search = g.toString(), o.toString();
1909
+ }, g = new URLSearchParams(h);
1910
+ return a.search = g.toString(), a.toString();
1809
1911
  } catch (t) {
1810
- const s = {
1912
+ const r = {
1811
1913
  message: t instanceof Error ? t.message : "Failed to create auth redirect URL",
1812
1914
  originalError: t
1813
1915
  };
1814
- throw this.subscribeStore.notify(a.Error, s), t;
1916
+ throw this.subscribeStore.notify(n.Error, r), t;
1815
1917
  }
1816
1918
  }
1817
1919
  authRedirect(e = {}) {
1818
1920
  try {
1819
1921
  window.location.href = this.authRedirectUrl(e);
1820
1922
  } catch (t) {
1821
- const s = {
1923
+ const r = {
1822
1924
  message: t instanceof Error ? t.message : "Failed to redirect to auth page",
1823
1925
  originalError: t
1824
1926
  };
1825
- throw this.subscribeStore.notify(a.Error, s), t;
1927
+ throw this.subscribeStore.notify(n.Error, r), t;
1826
1928
  }
1827
1929
  }
1828
1930
  /**
@@ -1832,33 +1934,33 @@ class Ie {
1832
1934
  isAuthenticated(e) {
1833
1935
  try {
1834
1936
  if (this.tokenDeliveryManager.isCookieMode() || this.tokenDeliveryManager.isBFFMode()) {
1835
- const t = !!e?.id_token || !!this.storageManager.getIdToken(), s = this.tokenDeliveryManager.isSessionValid(), r = this.tokenDeliveryManager.isSessionUnknown();
1836
- return t && (s || r);
1937
+ const t = !!e?.id_token || !!this.storageManager.getIdToken(), r = this.tokenDeliveryManager.isSessionValid(), s = this.tokenDeliveryManager.isSessionUnknown();
1938
+ return t && (r || s);
1837
1939
  }
1838
- return !e || !e.access_token ? !1 : !m(e.access_token) || e.refresh_token !== void 0 && !m(e.refresh_token);
1940
+ return !e || !e.access_token ? !1 : !S(e.access_token) || e.refresh_token !== void 0 && !S(e.refresh_token);
1839
1941
  } catch (t) {
1840
- const s = {
1942
+ const r = {
1841
1943
  message: t instanceof Error ? t.message : "Failed to check authentication status",
1842
1944
  originalError: t
1843
1945
  };
1844
- return this.subscribeStore.notify(a.Error, s), !1;
1946
+ return this.subscribeStore.notify(n.Error, r), !1;
1845
1947
  }
1846
1948
  }
1847
1949
  /**
1848
1950
  * Handle session check and callbacks
1849
1951
  */
1850
1952
  async submitSessionCheck(e = !1) {
1851
- let t, s;
1953
+ let t, r;
1852
1954
  try {
1853
- t = await this.getTokens(e), s = this.tokenCacheService.getParsedTokens();
1854
- } catch (r) {
1855
- const n = {
1856
- message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
1857
- originalError: r
1955
+ t = await this.getTokens(e), r = this.tokenCacheService.getParsedTokens();
1956
+ } catch (s) {
1957
+ const o = {
1958
+ message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
1959
+ originalError: s
1858
1960
  };
1859
- this.subscribeStore.notify(a.Error, n), t = void 0;
1961
+ this.subscribeStore.notify(n.Error, o), t = void 0;
1860
1962
  }
1861
- return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: s }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
1963
+ return t && this.sessionCallbacks.createSession && await this.sessionCallbacks.createSession({ tokens: t, parsedTokens: r }), !t && this.sessionCallbacks.expiredSession && await this.sessionCallbacks.expiredSession(), t;
1862
1964
  }
1863
1965
  /**
1864
1966
  * Get tokens and refresh if needed
@@ -1868,19 +1970,19 @@ class Ie {
1868
1970
  async getTokens(e) {
1869
1971
  try {
1870
1972
  if (this.tokenDeliveryManager.isCookieMode() || this.tokenDeliveryManager.isBFFMode()) {
1871
- const r = this.storageManager.getTokens();
1872
- return r?.id_token ? this.tokenDeliveryManager.isSessionInvalid() && e ? await this.refreshToken() : r : void 0;
1973
+ const s = this.storageManager.getTokens();
1974
+ return s?.id_token ? this.tokenDeliveryManager.isSessionInvalid() && e ? await this.refreshToken() : s : void 0;
1873
1975
  }
1874
1976
  const t = this.storageManager.getTokens();
1875
1977
  if (!t || !t.access_token) return;
1876
- const s = y(t.access_token);
1877
- return m(s) ? e ? await this.refreshToken() : void 0 : t;
1978
+ const r = v(t.access_token);
1979
+ return S(r) ? e ? await this.refreshToken() : void 0 : t;
1878
1980
  } catch (t) {
1879
- const s = {
1981
+ const r = {
1880
1982
  message: t instanceof Error ? t.message : "Failed to get tokens",
1881
1983
  originalError: t
1882
1984
  };
1883
- this.subscribeStore.notify(a.Error, s);
1985
+ this.subscribeStore.notify(n.Error, r);
1884
1986
  return;
1885
1987
  }
1886
1988
  }
@@ -1930,7 +2032,7 @@ class be {
1930
2032
  return this.invitationApi.getInvitationLink(e);
1931
2033
  }
1932
2034
  }
1933
- class Ce {
2035
+ class Ae {
1934
2036
  error(e, ...t) {
1935
2037
  console.error(e, ...t);
1936
2038
  }
@@ -1944,51 +2046,51 @@ class Ce {
1944
2046
  console.debug(e, ...t);
1945
2047
  }
1946
2048
  }
1947
- function Ae() {
1948
- return new Ce();
2049
+ function Ce() {
2050
+ return new Ae();
1949
2051
  }
1950
2052
  class Re {
1951
2053
  constructor(e) {
1952
2054
  this.data = this.normalize(e);
1953
2055
  }
1954
2056
  normalize(e) {
1955
- const t = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), n = [];
1956
- return e.groups?.forEach((o) => {
1957
- s.set(o.id, {
1958
- id: o.id,
1959
- name: o.name,
1960
- default: o.default ?? !1,
1961
- updated_at: o.updated_at,
1962
- created_at: o.created_at
2057
+ const t = /* @__PURE__ */ new Map(), r = /* @__PURE__ */ new Map(), s = /* @__PURE__ */ new Map(), o = [];
2058
+ return e.groups?.forEach((a) => {
2059
+ r.set(a.id, {
2060
+ id: a.id,
2061
+ name: a.name,
2062
+ default: a.default ?? !1,
2063
+ updated_at: a.updated_at,
2064
+ created_at: a.created_at
1963
2065
  });
1964
- }), e.roles?.forEach((o) => {
1965
- r.set(o.id, {
1966
- id: o.id,
1967
- tenant_id: o.tenant_id,
1968
- name: o.name
2066
+ }), e.roles?.forEach((a) => {
2067
+ s.set(a.id, {
2068
+ id: a.id,
2069
+ tenant_id: a.tenant_id,
2070
+ name: a.name
1969
2071
  });
1970
- }), e.users_in_groups?.forEach((o) => {
1971
- const d = o.user;
2072
+ }), e.users_in_groups?.forEach((a) => {
2073
+ const d = a.user;
1972
2074
  d && !t.has(d.id) && t.set(d.id, {
1973
2075
  id: d.id,
1974
2076
  name: d.name ?? null,
1975
2077
  email: d.email ?? null,
1976
2078
  phone: d.phone ?? null
1977
- }), d && o.group_id && s.has(o.group_id) && n.push({
2079
+ }), d && a.group_id && r.has(a.group_id) && o.push({
1978
2080
  userId: d.id,
1979
- groupId: o.group_id,
1980
- roleIds: o.roles?.map((c) => c.id) ?? []
2081
+ groupId: a.group_id,
2082
+ roleIds: a.roles?.map((h) => h.id) ?? []
1981
2083
  });
1982
2084
  }), {
1983
2085
  tenant_id: e.tenant_id,
1984
2086
  tenant_name: e.tenant_name,
1985
2087
  users: Array.from(t.values()),
1986
- groups: Array.from(s.values()),
1987
- roles: Array.from(r.values()),
1988
- memberships: n,
2088
+ groups: Array.from(r.values()),
2089
+ roles: Array.from(s.values()),
2090
+ memberships: o,
1989
2091
  usersById: t,
1990
- groupsById: s,
1991
- rolesById: r
2092
+ groupsById: r,
2093
+ rolesById: s
1992
2094
  };
1993
2095
  }
1994
2096
  /**
@@ -2007,8 +2109,8 @@ class Re {
2007
2109
  * Returns all roles that the specified user has in the specified group.
2008
2110
  */
2009
2111
  getUserRolesInGroup(e, t) {
2010
- const s = this.data.memberships.find((r) => r.userId === e && r.groupId === t);
2011
- return s ? s.roleIds.map((r) => this.data.rolesById.get(r)).filter((r) => r !== void 0) : [];
2112
+ const r = this.data.memberships.find((s) => s.userId === e && s.groupId === t);
2113
+ return r ? r.roleIds.map((s) => this.data.rolesById.get(s)).filter((s) => s !== void 0) : [];
2012
2114
  }
2013
2115
  /**
2014
2116
  * Returns the full TenantData object.
@@ -2017,9 +2119,9 @@ class Re {
2017
2119
  return this.data;
2018
2120
  }
2019
2121
  }
2020
- class Pe {
2021
- constructor(e, t, s) {
2022
- this.tenantApi = e, this.scopes = t, this.logger = s || Ae();
2122
+ class Me {
2123
+ constructor(e, t, r) {
2124
+ this.tenantApi = e, this.scopes = t, this.logger = r || Ce();
2023
2125
  }
2024
2126
  /**
2025
2127
  * Handle Passflow API errors
@@ -2028,11 +2130,11 @@ class Pe {
2028
2130
  * @throws Formatted error with Passflow API error details
2029
2131
  */
2030
2132
  handlePassflowError(e, t) {
2031
- if (D.isAxiosError(e) && e.response?.data) {
2032
- const s = e.response.data;
2033
- if (typeof s == "object" && s !== null && "error" in s && typeof s.error == "object" && s.error !== null) {
2034
- const r = s.error;
2035
- throw this.logger.error(`${t}: ${r.id} - ${r.message} (Status: ${r.status})`), new Error(`Passflow API Error: ${r.id} - ${r.message} (Status: ${r.status})`);
2133
+ if (F.isAxiosError(e) && e.response?.data) {
2134
+ const r = e.response.data;
2135
+ if (typeof r == "object" && r !== null && "error" in r && typeof r.error == "object" && r.error !== null) {
2136
+ const s = r.error;
2137
+ throw this.logger.error(`${t}: ${s.id} - ${s.message} (Status: ${s.status})`), new Error(`Passflow API Error: ${s.id} - ${s.message} (Status: ${s.status})`);
2036
2138
  }
2037
2139
  }
2038
2140
  throw this.logger.error(`${t}:`, e), e instanceof Error ? e : new Error(String(e));
@@ -2045,10 +2147,10 @@ class Pe {
2045
2147
  */
2046
2148
  async joinInvitation(e, t) {
2047
2149
  try {
2048
- const s = t ?? this.scopes;
2049
- return await this.tenantApi.joinInvitation(e, s);
2050
- } catch (s) {
2051
- this.handlePassflowError(s, "Join invitation failed");
2150
+ const r = t ?? this.scopes;
2151
+ return await this.tenantApi.joinInvitation(e, r);
2152
+ } catch (r) {
2153
+ this.handlePassflowError(r, "Join invitation failed");
2052
2154
  }
2053
2155
  }
2054
2156
  /**
@@ -2103,8 +2205,8 @@ class Pe {
2103
2205
  async updateTenant(e, t) {
2104
2206
  try {
2105
2207
  return await this.tenantApi.updateTenant(e, t);
2106
- } catch (s) {
2107
- this.handlePassflowError(s, `Update tenant failed for tenant ID ${e}`);
2208
+ } catch (r) {
2209
+ this.handlePassflowError(r, `Update tenant failed for tenant ID ${e}`);
2108
2210
  }
2109
2211
  }
2110
2212
  /**
@@ -2140,8 +2242,8 @@ class Pe {
2140
2242
  async createGroup(e, t) {
2141
2243
  try {
2142
2244
  return await this.tenantApi.createGroup(e, t);
2143
- } catch (s) {
2144
- this.handlePassflowError(s, `Group creation failed for tenant ID ${e}`);
2245
+ } catch (r) {
2246
+ this.handlePassflowError(r, `Group creation failed for tenant ID ${e}`);
2145
2247
  }
2146
2248
  }
2147
2249
  /**
@@ -2153,8 +2255,8 @@ class Pe {
2153
2255
  async getGroupInfo(e, t) {
2154
2256
  try {
2155
2257
  return await this.tenantApi.getGroupInfo(e, t);
2156
- } catch (s) {
2157
- this.handlePassflowError(s, `Get group info failed for tenant ID ${e}, group ID ${t}`);
2258
+ } catch (r) {
2259
+ this.handlePassflowError(r, `Get group info failed for tenant ID ${e}, group ID ${t}`);
2158
2260
  }
2159
2261
  }
2160
2262
  /**
@@ -2164,11 +2266,11 @@ class Pe {
2164
2266
  * @param name New group name
2165
2267
  * @returns Promise with group response
2166
2268
  */
2167
- async updateGroup(e, t, s) {
2269
+ async updateGroup(e, t, r) {
2168
2270
  try {
2169
- return await this.tenantApi.updateGroup(e, t, s);
2170
- } catch (r) {
2171
- this.handlePassflowError(r, `Update group failed for tenant ID ${e}, group ID ${t}`);
2271
+ return await this.tenantApi.updateGroup(e, t, r);
2272
+ } catch (s) {
2273
+ this.handlePassflowError(s, `Update group failed for tenant ID ${e}, group ID ${t}`);
2172
2274
  }
2173
2275
  }
2174
2276
  /**
@@ -2180,8 +2282,8 @@ class Pe {
2180
2282
  async deleteGroup(e, t) {
2181
2283
  try {
2182
2284
  return await this.tenantApi.deleteGroup(e, t);
2183
- } catch (s) {
2184
- this.handlePassflowError(s, `Delete group failed for tenant ID ${e}, group ID ${t}`);
2285
+ } catch (r) {
2286
+ this.handlePassflowError(r, `Delete group failed for tenant ID ${e}, group ID ${t}`);
2185
2287
  }
2186
2288
  }
2187
2289
  /**
@@ -2192,13 +2294,13 @@ class Pe {
2192
2294
  * @param role Role to assign
2193
2295
  * @returns Promise with status response
2194
2296
  */
2195
- async addUserToGroup(e, t, s, r) {
2297
+ async addUserToGroup(e, t, r, s) {
2196
2298
  try {
2197
- return await this.tenantApi.addUserToGroup(e, t, s, r);
2198
- } catch (n) {
2299
+ return await this.tenantApi.addUserToGroup(e, t, r, s);
2300
+ } catch (o) {
2199
2301
  this.handlePassflowError(
2200
- n,
2201
- `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2302
+ o,
2303
+ `Add user to group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2202
2304
  );
2203
2305
  }
2204
2306
  }
@@ -2210,13 +2312,13 @@ class Pe {
2210
2312
  * @param roles Roles to remove
2211
2313
  * @returns Promise with status response
2212
2314
  */
2213
- async removeUserRolesFromGroup(e, t, s, r) {
2315
+ async removeUserRolesFromGroup(e, t, r, s) {
2214
2316
  try {
2215
- return await this.tenantApi.removeUserRolesFromGroup(e, t, s, r);
2216
- } catch (n) {
2317
+ return await this.tenantApi.removeUserRolesFromGroup(e, t, r, s);
2318
+ } catch (o) {
2217
2319
  this.handlePassflowError(
2218
- n,
2219
- `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2320
+ o,
2321
+ `Remove user roles from group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2220
2322
  );
2221
2323
  }
2222
2324
  }
@@ -2228,13 +2330,13 @@ class Pe {
2228
2330
  * @param roles New roles to assign
2229
2331
  * @returns Promise with status response
2230
2332
  */
2231
- async changeUserRoles(e, t, s, r) {
2333
+ async changeUserRoles(e, t, r, s) {
2232
2334
  try {
2233
- return await this.tenantApi.changeUserRoles(e, t, s, r);
2234
- } catch (n) {
2335
+ return await this.tenantApi.changeUserRoles(e, t, r, s);
2336
+ } catch (o) {
2235
2337
  this.handlePassflowError(
2236
- n,
2237
- `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2338
+ o,
2339
+ `Change user roles failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2238
2340
  );
2239
2341
  }
2240
2342
  }
@@ -2245,13 +2347,13 @@ class Pe {
2245
2347
  * @param userId User ID
2246
2348
  * @returns Promise with status response
2247
2349
  */
2248
- async deleteUserFromGroup(e, t, s) {
2350
+ async deleteUserFromGroup(e, t, r) {
2249
2351
  try {
2250
- return await this.tenantApi.deleteUserFromGroup(e, t, s);
2251
- } catch (r) {
2352
+ return await this.tenantApi.deleteUserFromGroup(e, t, r);
2353
+ } catch (s) {
2252
2354
  this.handlePassflowError(
2253
- r,
2254
- `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${s}`
2355
+ s,
2356
+ `Delete user from group failed for tenant ID ${e}, group ID ${t}, user ID ${r}`
2255
2357
  );
2256
2358
  }
2257
2359
  }
@@ -2277,8 +2379,8 @@ class Pe {
2277
2379
  async createRoleForTenant(e, t) {
2278
2380
  try {
2279
2381
  return await this.tenantApi.createRoleForTenant(e, t);
2280
- } catch (s) {
2281
- this.handlePassflowError(s, `Create role for tenant failed for tenant ID ${e}`);
2382
+ } catch (r) {
2383
+ this.handlePassflowError(r, `Create role for tenant failed for tenant ID ${e}`);
2282
2384
  }
2283
2385
  }
2284
2386
  /**
@@ -2288,11 +2390,11 @@ class Pe {
2288
2390
  * @param name New role name
2289
2391
  * @returns Promise with role response
2290
2392
  */
2291
- async updateRole(e, t, s) {
2393
+ async updateRole(e, t, r) {
2292
2394
  try {
2293
- return await this.tenantApi.updateRole(e, t, s);
2294
- } catch (r) {
2295
- this.handlePassflowError(r, `Update role failed for tenant ID ${e}, role ID ${t}`);
2395
+ return await this.tenantApi.updateRole(e, t, r);
2396
+ } catch (s) {
2397
+ this.handlePassflowError(s, `Update role failed for tenant ID ${e}, role ID ${t}`);
2296
2398
  }
2297
2399
  }
2298
2400
  /**
@@ -2304,8 +2406,8 @@ class Pe {
2304
2406
  async deleteRole(e, t) {
2305
2407
  try {
2306
2408
  return await this.tenantApi.deleteRole(e, t);
2307
- } catch (s) {
2308
- this.handlePassflowError(s, `Delete role failed for tenant ID ${e}, role ID ${t}`);
2409
+ } catch (r) {
2410
+ this.handlePassflowError(r, `Delete role failed for tenant ID ${e}, role ID ${t}`);
2309
2411
  }
2310
2412
  }
2311
2413
  // 4. User Management in Tenants
@@ -2318,8 +2420,8 @@ class Pe {
2318
2420
  async deleteUserFromTenant(e, t) {
2319
2421
  try {
2320
2422
  return await this.tenantApi.deleteUserFromTenant(e, t);
2321
- } catch (s) {
2322
- this.handlePassflowError(s, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
2423
+ } catch (r) {
2424
+ this.handlePassflowError(r, `Delete user from tenant failed for tenant ID ${e}, user ID ${t}`);
2323
2425
  }
2324
2426
  }
2325
2427
  // 5. Invitation Management
@@ -2331,11 +2433,11 @@ class Pe {
2331
2433
  * @param skip Number of invitations to skip
2332
2434
  * @returns Promise with invitations response
2333
2435
  */
2334
- async getGroupInvitations(e, t, s, r) {
2436
+ async getGroupInvitations(e, t, r, s) {
2335
2437
  try {
2336
- return await this.tenantApi.getGroupInvitations(e, t, s, r);
2337
- } catch (n) {
2338
- this.handlePassflowError(n, `Get group invitations failed for tenant ID ${e}, group ID ${t}`);
2438
+ return await this.tenantApi.getGroupInvitations(e, t, r, s);
2439
+ } catch (o) {
2440
+ this.handlePassflowError(o, `Get group invitations failed for tenant ID ${e}, group ID ${t}`);
2339
2441
  }
2340
2442
  }
2341
2443
  /**
@@ -2345,11 +2447,11 @@ class Pe {
2345
2447
  * @param skip Number of invitations to skip
2346
2448
  * @returns Promise with invitations response
2347
2449
  */
2348
- async getTenantInvitations(e, t, s) {
2450
+ async getTenantInvitations(e, t, r) {
2349
2451
  try {
2350
- return await this.tenantApi.getTenantInvitations(e, t, s);
2351
- } catch (r) {
2352
- this.handlePassflowError(r, `Get tenant invitations failed for tenant ID ${e}`);
2452
+ return await this.tenantApi.getTenantInvitations(e, t, r);
2453
+ } catch (s) {
2454
+ this.handlePassflowError(s, `Get tenant invitations failed for tenant ID ${e}`);
2353
2455
  }
2354
2456
  }
2355
2457
  /**
@@ -2359,13 +2461,13 @@ class Pe {
2359
2461
  * @param inviteId Invitation ID
2360
2462
  * @returns Promise with empty record
2361
2463
  */
2362
- async invalidateInviteById(e, t, s) {
2464
+ async invalidateInviteById(e, t, r) {
2363
2465
  try {
2364
- return await this.tenantApi.invalidateInviteById(e, t, s);
2365
- } catch (r) {
2466
+ return await this.tenantApi.invalidateInviteById(e, t, r);
2467
+ } catch (s) {
2366
2468
  this.handlePassflowError(
2367
- r,
2368
- `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${s}`
2469
+ s,
2470
+ `Invalidate invite by ID failed for tenant ID ${e}, group ID ${t}, invite ID ${r}`
2369
2471
  );
2370
2472
  }
2371
2473
  }
@@ -2376,20 +2478,20 @@ class Pe {
2376
2478
  * @param email Email address
2377
2479
  * @returns Promise with empty record
2378
2480
  */
2379
- async invalidateInviteByEmail(e, t, s) {
2481
+ async invalidateInviteByEmail(e, t, r) {
2380
2482
  try {
2381
- return await this.tenantApi.invalidateInviteByEmail(e, t, s);
2382
- } catch (r) {
2483
+ return await this.tenantApi.invalidateInviteByEmail(e, t, r);
2484
+ } catch (s) {
2383
2485
  this.handlePassflowError(
2384
- r,
2385
- `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${s}`
2486
+ s,
2487
+ `Invalidate invite by email failed for tenant ID ${e}, group ID ${t}, email ${r}`
2386
2488
  );
2387
2489
  }
2388
2490
  }
2389
2491
  }
2390
- class De {
2391
- constructor(e, t, s) {
2392
- this.storageManager = e, this.authApi = t, this.subscribeStore = s, this.checkInterval = null, this.CHECK_INTERVAL = 6e4, this.visibilityChangeHandler = null, this.isRefreshing = !1, this.tokenExpiredFlag = !1, this.storageManager = e, this.authApi = t, this.setupPageUnloadHandler();
2492
+ class Fe {
2493
+ constructor(e, t, r) {
2494
+ this.storageManager = e, this.authApi = t, this.subscribeStore = r, this.checkInterval = null, this.CHECK_INTERVAL = 6e4, this.visibilityChangeHandler = null, this.isRefreshing = !1, this.tokenExpiredFlag = !1, this.storageManager = e, this.authApi = t, this.setupPageUnloadHandler();
2393
2495
  }
2394
2496
  initialize() {
2395
2497
  try {
@@ -2402,40 +2504,40 @@ class De {
2402
2504
  this.setTokensCache(e), this.startTokenCheck();
2403
2505
  return;
2404
2506
  }
2405
- const t = y(e.access_token);
2406
- m(t) ? (this.tokenExpiredFlag = !0, this.stopTokenCheck(), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 })) : (this.setTokensCache(e), this.startTokenCheck());
2507
+ const t = v(e.access_token);
2508
+ S(t) ? (this.tokenExpiredFlag = !0, this.stopTokenCheck(), this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !0 })) : (this.setTokensCache(e), this.startTokenCheck());
2407
2509
  } catch (e) {
2408
2510
  const t = {
2409
2511
  message: e instanceof Error ? e.message : "Failed to get tokens",
2410
2512
  originalError: e
2411
2513
  };
2412
- this.subscribeStore.notify(a.Error, t), this.setTokensCache(void 0);
2514
+ this.subscribeStore.notify(n.Error, t), this.setTokensCache(void 0);
2413
2515
  }
2414
2516
  }
2415
2517
  async refreshTokensCache(e) {
2416
2518
  if (!this.isRefreshing)
2417
2519
  try {
2418
- this.isRefreshing = !0, this.subscribeStore.notify(a.RefreshStart, {});
2520
+ this.isRefreshing = !0, this.subscribeStore.notify(n.RefreshStart, {});
2419
2521
  const t = await this.authApi.refreshToken(e?.refresh_token ?? "", e.scopes ?? [], e.access_token);
2420
- this.setTokensCache(t), this.subscribeStore.notify(a.Refresh, { tokens: t, parsedTokens: this.getParsedTokens() }), this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !1 }), this.tokenExpiredFlag = !1, this.startTokenCheck();
2522
+ this.setTokensCache(t), this.subscribeStore.notify(n.Refresh, { tokens: t, parsedTokens: this.getParsedTokens() }), this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !1 }), this.tokenExpiredFlag = !1, this.startTokenCheck();
2421
2523
  } catch (t) {
2422
- const s = {
2524
+ const r = {
2423
2525
  message: t instanceof Error ? t.message : "Failed to get tokens",
2424
2526
  originalError: t
2425
2527
  };
2426
- this.subscribeStore.notify(a.Error, s), this.setTokensCache(void 0);
2528
+ this.subscribeStore.notify(n.Error, r), this.tokenExpiredFlag = !0, this.setTokensCache(void 0), this.stopTokenCheck(), this.storageManager.deleteTokens(), this.subscribeStore.notify(n.SessionExpired, { reason: "refresh_failed" });
2427
2529
  } finally {
2428
2530
  this.isRefreshing = !1;
2429
2531
  }
2430
2532
  }
2431
2533
  startTokenCheck() {
2432
2534
  this.checkInterval && clearInterval(this.checkInterval), !this.tokenExpiredFlag && (this.setupVisibilityListener(), this.checkInterval = setInterval(() => {
2433
- typeof document < "u" && document.hidden || this.isRefreshing || this.tokenExpiredFlag || this.isExpired() && !this.tokenExpiredFlag && (this.tokenExpiredFlag = !0, this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 }), this.stopTokenCheck());
2535
+ typeof document < "u" && document.hidden || this.isRefreshing || this.tokenExpiredFlag || this.isExpired() && !this.tokenExpiredFlag && (this.tokenExpiredFlag = !0, this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !0 }), this.stopTokenCheck());
2434
2536
  }, this.CHECK_INTERVAL));
2435
2537
  }
2436
2538
  setupVisibilityListener() {
2437
2539
  typeof document > "u" || (this.visibilityChangeHandler && document.removeEventListener("visibilitychange", this.visibilityChangeHandler), this.visibilityChangeHandler = () => {
2438
- !document.hidden && this.checkInterval && !this.isRefreshing && !this.tokenExpiredFlag && this.isExpired() && (this.tokenExpiredFlag = !0, this.subscribeStore.notify(a.TokenCacheExpired, { isExpired: !0 }), this.stopTokenCheck());
2540
+ !document.hidden && this.checkInterval && !this.isRefreshing && !this.tokenExpiredFlag && this.isExpired() && (this.tokenExpiredFlag = !0, this.subscribeStore.notify(n.TokenCacheExpired, { isExpired: !0 }), this.stopTokenCheck());
2439
2541
  }, document.addEventListener("visibilitychange", this.visibilityChangeHandler));
2440
2542
  }
2441
2543
  setupPageUnloadHandler() {
@@ -2455,9 +2557,9 @@ class De {
2455
2557
  }
2456
2558
  setTokensCache(e) {
2457
2559
  this.tokensCache = e, e ? this.parsedTokensCache = {
2458
- access_token: e.access_token ? y(e.access_token) : void 0,
2459
- id_token: e.id_token ? y(e.id_token) : void 0,
2460
- refresh_token: e.refresh_token ? y(e.refresh_token) : void 0,
2560
+ access_token: e.access_token ? v(e.access_token) : void 0,
2561
+ id_token: e.id_token ? v(e.id_token) : void 0,
2562
+ refresh_token: e.refresh_token ? v(e.refresh_token) : void 0,
2461
2563
  scopes: e.scopes
2462
2564
  } : this.parsedTokensCache = void 0;
2463
2565
  }
@@ -2469,14 +2571,14 @@ class De {
2469
2571
  if (!this.tokensCache) return this.tokensCache;
2470
2572
  if (!this.tokensCache.access_token)
2471
2573
  return this.tokensCache;
2472
- const e = y(this.tokensCache.access_token);
2473
- return m(e) && !this.tokenExpiredFlag ? (await this.refreshTokensCache(this.tokensCache), this.tokensCache) : this.tokensCache;
2574
+ const e = v(this.tokensCache.access_token);
2575
+ return S(e) && !this.tokenExpiredFlag ? (await this.refreshTokensCache(this.tokensCache), this.tokensCache) : this.tokensCache;
2474
2576
  } catch (e) {
2475
2577
  const t = {
2476
2578
  message: e instanceof Error ? e.message : "Failed to get tokens",
2477
2579
  originalError: e
2478
2580
  };
2479
- this.subscribeStore.notify(a.Error, t);
2581
+ this.subscribeStore.notify(n.Error, t);
2480
2582
  return;
2481
2583
  }
2482
2584
  }
@@ -2487,34 +2589,34 @@ class De {
2487
2589
  if (!this.tokensCache) return !0;
2488
2590
  if (!this.tokensCache.access_token)
2489
2591
  return !1;
2490
- const e = y(this.tokensCache.access_token);
2491
- return m(e);
2592
+ const e = v(this.tokensCache.access_token);
2593
+ return S(e);
2492
2594
  }
2493
2595
  }
2494
- class Me {
2596
+ class De {
2495
2597
  constructor(e, t) {
2496
2598
  this.twoFactorApi = e, this.subscribeStore = t, this.PARTIAL_AUTH_TIMEOUT_MS = 300 * 1e3, this.SESSION_STORAGE_KEY = "passflow_2fa_challenge", this.totpDigits = 6;
2497
- const s = {
2498
- onAuthChange: (r, n) => {
2499
- if (r === a.TwoFactorRequired) {
2500
- const o = n;
2501
- this.setPartialAuthState(o.email, o.challengeId, o.tfaToken);
2599
+ const r = {
2600
+ onAuthChange: (s, o) => {
2601
+ if (s === n.TwoFactorRequired) {
2602
+ const a = o;
2603
+ this.setPartialAuthState(a.email, a.challengeId, a.tfaToken);
2502
2604
  }
2503
2605
  }
2504
2606
  };
2505
- this.subscribeStore.subscribe(s, [a.TwoFactorRequired]);
2607
+ this.subscribeStore.subscribe(r, [n.TwoFactorRequired]);
2506
2608
  }
2507
2609
  /**
2508
2610
  * Emit error event and throw the error
2509
2611
  * Helper method to ensure errors are properly emitted to subscribers
2510
2612
  */
2511
2613
  emitErrorAndThrow(e, t) {
2512
- const s = e, r = {
2614
+ const r = e, s = {
2513
2615
  message: e instanceof Error ? e.message : `${t} failed`,
2514
2616
  originalError: e,
2515
- code: s?.id || void 0
2617
+ code: r?.id || void 0
2516
2618
  };
2517
- throw this.subscribeStore.notify(a.Error, r), e;
2619
+ throw this.subscribeStore.notify(n.Error, s), e;
2518
2620
  }
2519
2621
  /**
2520
2622
  * Get 2FA enrollment status for current user
@@ -2534,7 +2636,7 @@ class Me {
2534
2636
  async beginSetup() {
2535
2637
  try {
2536
2638
  const e = await this.twoFactorApi.beginSetup();
2537
- return e.totp_digits && (this.totpDigits = e.totp_digits), this.subscribeStore.notify(a.TwoFactorSetupStarted, { secret: e.secret }), e;
2639
+ return e.totp_digits && (this.totpDigits = e.totp_digits), this.subscribeStore.notify(n.TwoFactorSetupStarted, { secret: e.secret }), e;
2538
2640
  } catch (e) {
2539
2641
  this.emitErrorAndThrow(e, "Begin 2FA setup");
2540
2642
  }
@@ -2548,7 +2650,7 @@ class Me {
2548
2650
  throw new Error(`Invalid TOTP code format. Code must be exactly ${this.totpDigits} digits.`);
2549
2651
  try {
2550
2652
  const t = await this.twoFactorApi.confirmSetup({ code: e });
2551
- return this.subscribeStore.notify(a.TwoFactorEnabled, {
2653
+ return this.subscribeStore.notify(n.TwoFactorEnabled, {
2552
2654
  recoveryCodes: t.recovery_codes,
2553
2655
  clearRecoveryCodes: () => {
2554
2656
  t.recovery_codes.length = 0;
@@ -2574,7 +2676,7 @@ class Me {
2574
2676
  code: e,
2575
2677
  tfa_token: this.partialAuthState.tfaToken
2576
2678
  });
2577
- return this.clearPartialAuthState(), this.subscribeStore.notify(a.TwoFactorVerified, { tokens: t }), t;
2679
+ return this.clearPartialAuthState(), this.subscribeStore.notify(n.TwoFactorVerified, { tokens: t }), t;
2578
2680
  } catch (t) {
2579
2681
  this.emitErrorAndThrow(t, "Verify 2FA code");
2580
2682
  }
@@ -2585,24 +2687,24 @@ class Me {
2585
2687
  */
2586
2688
  async useRecoveryCode(e) {
2587
2689
  try {
2588
- const t = _e(e);
2690
+ const t = Ee(e);
2589
2691
  if (!t)
2590
2692
  throw new Error("Invalid recovery code format. Expected format: XXXX-XXXX or XXXXXXXX (alphanumeric).");
2591
2693
  if (this.recoverPartialAuthState(), !this.isVerificationRequired())
2592
2694
  throw new Error("2FA verification expired or not required. User must sign in first.");
2593
2695
  if (!this.partialAuthState?.tfaToken)
2594
2696
  throw new Error("No TFA token found. User must sign in first.");
2595
- const s = await this.twoFactorApi.useRecoveryCode({
2697
+ const r = await this.twoFactorApi.useRecoveryCode({
2596
2698
  recovery_code: t,
2597
2699
  tfa_token: this.partialAuthState.tfaToken
2598
2700
  });
2599
- return this.clearPartialAuthState(), s.remaining_recovery_codes === 0 ? this.subscribeStore.notify(a.TwoFactorRecoveryCodesExhausted, { tokens: s }) : s.remaining_recovery_codes <= 2 && this.subscribeStore.notify(a.TwoFactorRecoveryCodesLow, {
2600
- tokens: s,
2601
- remainingCodes: s.remaining_recovery_codes
2602
- }), this.subscribeStore.notify(a.TwoFactorRecoveryUsed, {
2603
- tokens: s,
2604
- remainingCodes: s.remaining_recovery_codes
2605
- }), this.subscribeStore.notify(a.TwoFactorVerified, { tokens: s }), s;
2701
+ return this.clearPartialAuthState(), r.remaining_recovery_codes === 0 ? this.subscribeStore.notify(n.TwoFactorRecoveryCodesExhausted, { tokens: r }) : r.remaining_recovery_codes <= 2 && this.subscribeStore.notify(n.TwoFactorRecoveryCodesLow, {
2702
+ tokens: r,
2703
+ remainingCodes: r.remaining_recovery_codes
2704
+ }), this.subscribeStore.notify(n.TwoFactorRecoveryUsed, {
2705
+ tokens: r,
2706
+ remainingCodes: r.remaining_recovery_codes
2707
+ }), this.subscribeStore.notify(n.TwoFactorVerified, { tokens: r }), r;
2606
2708
  } catch (t) {
2607
2709
  this.emitErrorAndThrow(t, "Use recovery code");
2608
2710
  }
@@ -2615,7 +2717,7 @@ class Me {
2615
2717
  throw new Error(`Invalid TOTP code format. Code must be exactly ${this.totpDigits} digits.`);
2616
2718
  try {
2617
2719
  const t = await this.twoFactorApi.disable({ code: e });
2618
- return this.subscribeStore.notify(a.TwoFactorDisabled, {}), t;
2720
+ return this.subscribeStore.notify(n.TwoFactorDisabled, {}), t;
2619
2721
  } catch (t) {
2620
2722
  this.emitErrorAndThrow(t, "Disable 2FA");
2621
2723
  }
@@ -2627,8 +2729,8 @@ class Me {
2627
2729
  if (!R(e, this.totpDigits))
2628
2730
  throw new Error(`Invalid TOTP code format. Code must be exactly ${this.totpDigits} digits.`);
2629
2731
  try {
2630
- const t = await this.twoFactorApi.regenerateRecoveryCodes({ code: e }), s = [...t.recovery_codes];
2631
- return t.recovery_codes = [], t.recovery_codes = s, t;
2732
+ const t = await this.twoFactorApi.regenerateRecoveryCodes({ code: e }), r = [...t.recovery_codes];
2733
+ return t.recovery_codes = [], t.recovery_codes = r, t;
2632
2734
  } catch (t) {
2633
2735
  this.emitErrorAndThrow(t, "Regenerate recovery codes");
2634
2736
  }
@@ -2644,11 +2746,11 @@ class Me {
2644
2746
  * Set partial auth state when login requires 2FA
2645
2747
  * Called internally via event listener when AuthService emits TwoFactorRequired
2646
2748
  */
2647
- setPartialAuthState(e, t, s) {
2749
+ setPartialAuthState(e, t, r) {
2648
2750
  if (this.partialAuthState = {
2649
2751
  email: e,
2650
2752
  challengeId: t,
2651
- tfaToken: s,
2753
+ tfaToken: r,
2652
2754
  timestamp: Date.now(),
2653
2755
  expiresAt: Date.now() + this.PARTIAL_AUTH_TIMEOUT_MS
2654
2756
  }, typeof sessionStorage < "u")
@@ -2715,12 +2817,12 @@ class Me {
2715
2817
  scope: "2fa_setup",
2716
2818
  timestamp: Date.now(),
2717
2819
  expiresAt: Date.now() + (t.expiresIn || 3600) * 1e3
2718
- }, this.subscribeStore.notify(a.TwoFactorSetupMagicLinkValidated, {
2820
+ }, this.subscribeStore.notify(n.TwoFactorSetupMagicLinkValidated, {
2719
2821
  userId: t.userId,
2720
2822
  appId: t.appId,
2721
2823
  expiresIn: t.expiresIn || 3600,
2722
2824
  sessionToken: t.sessionToken
2723
- })) : t.error && this.subscribeStore.notify(a.TwoFactorSetupMagicLinkFailed, {
2825
+ })) : t.error && this.subscribeStore.notify(n.TwoFactorSetupMagicLinkFailed, {
2724
2826
  error: t.error
2725
2827
  }), t;
2726
2828
  }
@@ -2762,8 +2864,133 @@ class Me {
2762
2864
  getTotpDigits() {
2763
2865
  return this.totpDigits;
2764
2866
  }
2867
+ // ============================================
2868
+ // v2 Multi-Method 2FA Service Methods
2869
+ // ============================================
2870
+ /**
2871
+ * Get available 2FA methods for current user
2872
+ */
2873
+ async getAvailableMethods() {
2874
+ try {
2875
+ return await this.twoFactorApi.getAvailableMethods();
2876
+ } catch (e) {
2877
+ this.emitErrorAndThrow(e, "Get available 2FA methods");
2878
+ }
2879
+ }
2880
+ /**
2881
+ * Get registered 2FA methods for current user
2882
+ */
2883
+ async getRegisteredMethods() {
2884
+ try {
2885
+ return await this.twoFactorApi.getRegisteredMethods();
2886
+ } catch (e) {
2887
+ this.emitErrorAndThrow(e, "Get registered 2FA methods");
2888
+ }
2889
+ }
2890
+ /**
2891
+ * Begin 2FA method setup
2892
+ */
2893
+ async beginMethodSetup(e) {
2894
+ try {
2895
+ const t = await this.twoFactorApi.beginMethodSetup(e);
2896
+ return this.subscribeStore.notify(n.TwoFactorSetupStarted, { secret: "", method: e }), t;
2897
+ } catch (t) {
2898
+ this.emitErrorAndThrow(t, "Begin 2FA method setup");
2899
+ }
2900
+ }
2901
+ /**
2902
+ * Confirm 2FA method setup
2903
+ */
2904
+ async confirmMethodSetup(e, t) {
2905
+ try {
2906
+ const r = await this.twoFactorApi.confirmMethodSetup(e, t);
2907
+ return this.subscribeStore.notify(n.TwoFactorEnabled, {
2908
+ recoveryCodes: [],
2909
+ clearRecoveryCodes: () => {
2910
+ }
2911
+ }), r;
2912
+ } catch (r) {
2913
+ this.emitErrorAndThrow(r, "Confirm 2FA method setup");
2914
+ }
2915
+ }
2916
+ /**
2917
+ * Remove registered 2FA method
2918
+ */
2919
+ async removeMethod(e) {
2920
+ try {
2921
+ await this.twoFactorApi.removeMethod(e);
2922
+ } catch (t) {
2923
+ this.emitErrorAndThrow(t, "Remove 2FA method");
2924
+ }
2925
+ }
2926
+ /**
2927
+ * Request 2FA challenge during login
2928
+ */
2929
+ async requestChallenge(e) {
2930
+ try {
2931
+ const t = await this.twoFactorApi.requestChallenge(e);
2932
+ return this.subscribeStore.notify(n.TwoFactorChallengeReceived, {
2933
+ challengeId: t.challenge_id,
2934
+ method: t.method,
2935
+ alternativeMethods: t.alternative_methods
2936
+ }), t;
2937
+ } catch (t) {
2938
+ this.emitErrorAndThrow(t, "Request 2FA challenge");
2939
+ }
2940
+ }
2941
+ /**
2942
+ * Verify 2FA challenge (v2)
2943
+ */
2944
+ async verifyV2(e) {
2945
+ try {
2946
+ const t = await this.twoFactorApi.verifyV2(e);
2947
+ return t.success && (this.subscribeStore.notify(n.TwoFactorVerified, {
2948
+ tokens: {
2949
+ access_token: t.access_token,
2950
+ refresh_token: t.refresh_token
2951
+ }
2952
+ }), t.device_trusted && this.subscribeStore.notify(n.TwoFactorDeviceTrusted, {})), t;
2953
+ } catch (t) {
2954
+ this.emitErrorAndThrow(t, "Verify 2FA challenge");
2955
+ }
2956
+ }
2957
+ /**
2958
+ * Switch to alternative 2FA method during challenge
2959
+ */
2960
+ async switchToAlternative(e) {
2961
+ try {
2962
+ const t = await this.twoFactorApi.switchToAlternative(e);
2963
+ return this.subscribeStore.notify(n.TwoFactorMethodSwitched, {
2964
+ challengeId: t.challenge_id,
2965
+ method: t.method,
2966
+ alternativeMethods: t.alternative_methods
2967
+ }), t;
2968
+ } catch (t) {
2969
+ this.emitErrorAndThrow(t, "Switch to alternative 2FA method");
2970
+ }
2971
+ }
2972
+ /**
2973
+ * Get trusted devices
2974
+ */
2975
+ async getTrustedDevices() {
2976
+ try {
2977
+ return await this.twoFactorApi.getTrustedDevices();
2978
+ } catch (e) {
2979
+ this.emitErrorAndThrow(e, "Get trusted devices");
2980
+ }
2981
+ }
2982
+ /**
2983
+ * Revoke trusted device
2984
+ */
2985
+ async revokeTrustedDevice(e) {
2986
+ try {
2987
+ await this.twoFactorApi.revokeTrustedDevice(e);
2988
+ } catch (t) {
2989
+ this.emitErrorAndThrow(t, "Revoke trusted device");
2990
+ }
2991
+ }
2765
2992
  }
2766
- class Fe {
2993
+ class Pe {
2767
2994
  constructor(e, t) {
2768
2995
  this.userAPI = e, this.deviceService = t;
2769
2996
  }
@@ -2799,33 +3026,33 @@ class Fe {
2799
3026
  async addUserPasskey({
2800
3027
  relyingPartyId: e,
2801
3028
  passkeyUsername: t,
2802
- passkeyDisplayName: s
3029
+ passkeyDisplayName: r
2803
3030
  } = {}) {
2804
- const r = this.deviceService.getDeviceId(), n = I.web, { challenge_id: o, publicKey: d } = await this.userAPI.addUserPasskeyStart({
3031
+ const s = this.deviceService.getDeviceId(), o = b.web, { challenge_id: a, publicKey: d } = await this.userAPI.addUserPasskeyStart({
2805
3032
  relyingPartyId: e || window?.location?.hostname,
2806
- deviceId: r,
2807
- os: n,
2808
- passkeyDisplayName: s,
3033
+ deviceId: s,
3034
+ os: o,
3035
+ passkeyDisplayName: r,
2809
3036
  passkeyUsername: t
2810
3037
  });
2811
3038
  d.user.id = btoa(d.user.id);
2812
- const c = await K({ optionsJSON: d });
2813
- return await this.userAPI.addUserPasskeyComplete(c, r, o);
3039
+ const h = await K({ optionsJSON: d });
3040
+ return await this.userAPI.addUserPasskeyComplete(h, s, a);
2814
3041
  }
2815
3042
  }
2816
3043
  const O = class O {
2817
3044
  constructor(e) {
2818
3045
  this.doRefreshTokens = !1, this.origin = window.location.origin, this.session = async ({
2819
- createSession: n,
2820
- expiredSession: o,
3046
+ createSession: o,
3047
+ expiredSession: a,
2821
3048
  doRefresh: d = !1
2822
3049
  }) => {
2823
- this.createSessionCallback = n, this.expiredSessionCallback = o, this.doRefreshTokens = d, await this.submitSessionCheck();
3050
+ this.createSessionCallback = o, this.expiredSessionCallback = a, this.doRefreshTokens = d, await this.submitSessionCheck();
2824
3051
  };
2825
- const { url: t, appId: s, scopes: r } = e;
2826
- this.url = t || G, this.appId = s, this.storageManager = new $({
3052
+ const { url: t, appId: r, scopes: s } = e;
3053
+ this.url = t || V, this.appId = r, this.storageManager = new $({
2827
3054
  prefix: e.keyStoragePrefix ?? ""
2828
- }), this.deviceService = new B(this.storageManager), this.authApi = new fe(e, this.storageManager, this.deviceService), this.appApi = new pe(e, this.storageManager, this.deviceService), this.userApi = new Se(e, this.storageManager, this.deviceService), this.settingApi = new ye(e, this.storageManager, this.deviceService), this.tenantApi = new ve(e, this.storageManager, this.deviceService), this.invitationApi = new ke(e, this.storageManager, this.deviceService), this.twoFactorApi = new me(e, this.storageManager, this.deviceService), this.subscribeStore = new we(), this.tokenCacheService = new De(this.storageManager, this.authApi, this.subscribeStore), this.scopes = r ?? Q, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new Ie(
3055
+ }), this.deviceService = new B(this.storageManager), this.authApi = new fe(e, this.storageManager, this.deviceService), this.appApi = new pe(e, this.storageManager, this.deviceService), this.userApi = new Se(e, this.storageManager, this.deviceService), this.settingApi = new ve(e, this.storageManager, this.deviceService), this.tenantApi = new ye(e, this.storageManager, this.deviceService), this.invitationApi = new ke(e, this.storageManager, this.deviceService), this.twoFactorApi = new me(e, this.storageManager, this.deviceService), this.subscribeStore = new we(), this.tokenCacheService = new Fe(this.storageManager, this.authApi, this.subscribeStore), this.scopes = s ?? Q, this.createTenantForNewUser = e.createTenantForNewUser ?? !1, this.authService = new Ie(
2829
3056
  this.authApi,
2830
3057
  this.deviceService,
2831
3058
  this.storageManager,
@@ -2841,7 +3068,7 @@ const O = class O {
2841
3068
  },
2842
3069
  this.appId ?? "",
2843
3070
  e.tokenExchange
2844
- ), this.userService = new Fe(this.userApi, this.deviceService), this.tenantService = new Pe(this.tenantApi, this.scopes), this.tenant = this.tenantService, this.invitationService = new be(this.invitationApi), this.twoFactorService = new Me(this.twoFactorApi, this.subscribeStore), this.twoFactor = this.twoFactorService, e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
3071
+ ), this.userService = new Pe(this.userApi, this.deviceService), this.tenantService = new Me(this.tenantApi, this.scopes), this.tenant = this.tenantService, this.invitationService = new be(this.invitationApi), this.twoFactorService = new De(this.twoFactorApi, this.subscribeStore), this.twoFactor = this.twoFactorService, e.parseQueryParams && this.checkAndSetTokens(), this.setTokensToCacheFromLocalStorage();
2845
3072
  }
2846
3073
  /**
2847
3074
  * Update the appId and propagate it to all API clients.
@@ -2862,12 +3089,12 @@ const O = class O {
2862
3089
  let e, t;
2863
3090
  try {
2864
3091
  e = await this.authService.getTokens(this.doRefreshTokens), t = this.tokenCacheService.getParsedTokens();
2865
- } catch (s) {
2866
- const r = {
2867
- message: s instanceof Error || s instanceof u ? s.message : "Session check failed",
2868
- originalError: s
3092
+ } catch (r) {
3093
+ const s = {
3094
+ message: r instanceof Error || r instanceof u ? r.message : "Session check failed",
3095
+ originalError: r
2869
3096
  };
2870
- this.subscribeStore.notify(a.Error, r), e = void 0;
3097
+ this.subscribeStore.notify(n.Error, s), e = void 0;
2871
3098
  }
2872
3099
  e && this.createSessionCallback && await this.createSessionCallback({ tokens: e, parsedTokens: t }), !e && this.expiredSessionCallback && await this.expiredSessionCallback();
2873
3100
  }
@@ -2942,50 +3169,50 @@ const O = class O {
2942
3169
  checkAndSetTokens() {
2943
3170
  let e = new URLSearchParams(window.location.search), t = !1;
2944
3171
  if (!e.get("access_token") && window.location.hash) {
2945
- const c = new URLSearchParams(window.location.hash.substring(1));
2946
- c.get("access_token") && (e = c, t = !0);
3172
+ const h = new URLSearchParams(window.location.hash.substring(1));
3173
+ h.get("access_token") && (e = h, t = !0);
2947
3174
  }
2948
- const s = e.get("access_token"), r = e.get("refresh_token"), n = e.get("id_token"), o = e.get("scopes")?.split(",") ?? this.scopes;
3175
+ const r = e.get("access_token"), s = e.get("refresh_token"), o = e.get("id_token"), a = e.get("scopes")?.split(",") ?? this.scopes;
2949
3176
  let d;
2950
- if (s) {
2951
- if (!M(s)) {
2952
- const c = {
3177
+ if (r) {
3178
+ if (!D(r)) {
3179
+ const h = {
2953
3180
  message: "Invalid access token format received",
2954
3181
  code: "INVALID_TOKEN_FORMAT"
2955
3182
  };
2956
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3183
+ this.subscribeStore.notify(n.Error, h), this.cleanupUrlParams(t);
2957
3184
  return;
2958
3185
  }
2959
- if (r && !M(r)) {
2960
- const c = {
3186
+ if (s && !D(s)) {
3187
+ const h = {
2961
3188
  message: "Invalid refresh token format received",
2962
3189
  code: "INVALID_TOKEN_FORMAT"
2963
3190
  };
2964
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3191
+ this.subscribeStore.notify(n.Error, h), this.cleanupUrlParams(t);
2965
3192
  return;
2966
3193
  }
2967
- if (n && !M(n)) {
2968
- const c = {
3194
+ if (o && !D(o)) {
3195
+ const h = {
2969
3196
  message: "Invalid ID token format received",
2970
3197
  code: "INVALID_TOKEN_FORMAT"
2971
3198
  };
2972
- this.subscribeStore.notify(a.Error, c), this.cleanupUrlParams(t);
3199
+ this.subscribeStore.notify(n.Error, h), this.cleanupUrlParams(t);
2973
3200
  return;
2974
3201
  }
2975
3202
  return d = {
2976
- access_token: s,
2977
- refresh_token: r ?? void 0,
2978
- id_token: n ?? void 0,
2979
- scopes: o
2980
- }, this.storageManager.saveTokens(d), this.tokenCacheService.setTokensCache(d), this.subscribeStore.notify(a.SignIn, { tokens: d, parsedTokens: this.getParsedTokens() }), this.submitSessionCheck(), this.cleanupUrlParams(t), this.error = void 0, d;
3203
+ access_token: r,
3204
+ refresh_token: s ?? void 0,
3205
+ id_token: o ?? void 0,
3206
+ scopes: a
3207
+ }, this.storageManager.clearDeliveryMode(), this.storageManager.saveTokens(d), this.tokenCacheService.setTokensCache(d), this.subscribeStore.notify(n.SignIn, { tokens: d, parsedTokens: this.getParsedTokens() }), this.submitSessionCheck(), this.cleanupUrlParams(t), this.error = void 0, d;
2981
3208
  } else
2982
3209
  this.error = this.checkErrorsFromURL();
2983
3210
  }
2984
3211
  checkErrorsFromURL() {
2985
3212
  const t = new URLSearchParams(window.location.search).get("error");
2986
3213
  if (t) {
2987
- const s = Te(t);
2988
- return new Error(s);
3214
+ const r = Te(t);
3215
+ return new Error(r);
2989
3216
  }
2990
3217
  }
2991
3218
  cleanupUrlParams(e = !1) {
@@ -2997,7 +3224,19 @@ const O = class O {
2997
3224
  }
2998
3225
  }
2999
3226
  setTokensToCacheFromLocalStorage() {
3000
- const e = this.storageManager.getTokens();
3227
+ let e = this.storageManager.getTokens();
3228
+ if (!e?.access_token && this.storageManager.getDeliveryMode()) {
3229
+ if (e?.id_token && this.storageManager.hasCookieModeIdToken()) {
3230
+ this.tokenCacheService.setTokensCache(e);
3231
+ return;
3232
+ }
3233
+ if (this.storageManager.hasJsonModeTokens())
3234
+ this.storageManager.clearDeliveryMode(), e = this.storageManager.getTokens();
3235
+ else {
3236
+ this.storageManager.deleteTokens();
3237
+ return;
3238
+ }
3239
+ }
3001
3240
  e && this.tokenCacheService.setTokensCache(e);
3002
3241
  }
3003
3242
  /**
@@ -3195,12 +3434,12 @@ const O = class O {
3195
3434
  * @throws The original error after handling
3196
3435
  */
3197
3436
  handleError(e, t) {
3198
- const s = {
3437
+ const r = {
3199
3438
  message: e instanceof Error ? e.message : `${t} failed`,
3200
3439
  originalError: e,
3201
3440
  code: e instanceof u ? e.id : void 0
3202
3441
  };
3203
- throw this.subscribeStore.notify(a.Error, s), e;
3442
+ throw this.subscribeStore.notify(n.Error, r), e;
3204
3443
  }
3205
3444
  /**
3206
3445
  * Sign out the current user and clear all tokens.
@@ -3221,7 +3460,7 @@ const O = class O {
3221
3460
  */
3222
3461
  async logOut() {
3223
3462
  try {
3224
- await this.authService.logOut(), this.storageManager.deleteTokens(), this.tokenCacheService.setTokensCache(void 0), this.twoFactorService.clearPartialAuthState(), await this.submitSessionCheck(), this.subscribeStore.notify(a.SignOut, {});
3463
+ await this.authService.logOut(), this.storageManager.deleteTokens(), this.tokenCacheService.setTokensCache(void 0), this.twoFactorService.clearPartialAuthState(), await this.submitSessionCheck(), this.subscribeStore.notify(n.SignOut, {});
3225
3464
  } catch (e) {
3226
3465
  this.handleError(e, "Log out");
3227
3466
  }
@@ -3291,13 +3530,13 @@ const O = class O {
3291
3530
  * ```
3292
3531
  */
3293
3532
  reset(e) {
3294
- if (this.storageManager.deleteTokens(), this.tokenCacheService.setTokensCache(void 0), this.subscribeStore.notify(a.SignOut, {}), e) {
3533
+ if (this.storageManager.deleteTokens(), this.tokenCacheService.setTokensCache(void 0), this.subscribeStore.notify(n.SignOut, {}), e) {
3295
3534
  this.error = new Error(e);
3296
3535
  const t = {
3297
3536
  message: e,
3298
3537
  code: "RESET_ERROR"
3299
3538
  };
3300
- throw this.subscribeStore.notify(a.Error, t), this.error;
3539
+ throw this.subscribeStore.notify(n.Error, t), this.error;
3301
3540
  }
3302
3541
  }
3303
3542
  /**
@@ -3324,7 +3563,7 @@ const O = class O {
3324
3563
  try {
3325
3564
  return await this.authService.refreshToken();
3326
3565
  } catch (e) {
3327
- throw e instanceof u || this.subscribeStore.notify(a.Error, {
3566
+ throw e instanceof u || this.subscribeStore.notify(n.Error, {
3328
3567
  message: "Failed to refresh token",
3329
3568
  originalError: e
3330
3569
  }), e;
@@ -3529,7 +3768,7 @@ const O = class O {
3529
3768
  * ```
3530
3769
  */
3531
3770
  setTokens(e) {
3532
- this.storageManager.saveTokens(e), this.tokenCacheService.setTokensCache(e), this.subscribeStore.notify(a.SignIn, {
3771
+ this.storageManager.saveTokens(e), this.tokenCacheService.setTokensCache(e), this.subscribeStore.notify(n.SignIn, {
3533
3772
  tokens: e,
3534
3773
  parsedTokens: this.tokenCacheService.getParsedTokens()
3535
3774
  });
@@ -3611,8 +3850,8 @@ const O = class O {
3611
3850
  async renameUserPasskey(e, t) {
3612
3851
  try {
3613
3852
  return await this.userService.renameUserPasskey(e, t);
3614
- } catch (s) {
3615
- this.handleError(s, "Rename user passkey");
3853
+ } catch (r) {
3854
+ this.handleError(r, "Rename user passkey");
3616
3855
  }
3617
3856
  }
3618
3857
  /**
@@ -3672,10 +3911,10 @@ const O = class O {
3672
3911
  */
3673
3912
  async joinInvitation(e, t) {
3674
3913
  try {
3675
- const s = await this.tenant.joinInvitation(e, t);
3676
- return s.scopes = t ?? this.scopes, this.storageManager.saveTokens(s), this.tokenCacheService.setTokensCache(s), s;
3677
- } catch (s) {
3678
- this.handleError(s, "Join invitation");
3914
+ const r = await this.tenant.joinInvitation(e, t);
3915
+ return r.scopes = t ?? this.scopes, this.storageManager.saveTokens(r), this.tokenCacheService.setTokensCache(r), r;
3916
+ } catch (r) {
3917
+ this.handleError(r, "Join invitation");
3679
3918
  }
3680
3919
  }
3681
3920
  /**
@@ -3686,10 +3925,10 @@ const O = class O {
3686
3925
  */
3687
3926
  async createTenant(e, t) {
3688
3927
  try {
3689
- const s = await this.tenant.createTenant(e);
3690
- return t && await this.refreshToken(), s;
3691
- } catch (s) {
3692
- this.handleError(s, "Create tenant");
3928
+ const r = await this.tenant.createTenant(e);
3929
+ return t && await this.refreshToken(), r;
3930
+ } catch (r) {
3931
+ this.handleError(r, "Create tenant");
3693
3932
  }
3694
3933
  }
3695
3934
  // Invitation methods delegated to InvitationService
@@ -3965,7 +4204,7 @@ const O = class O {
3965
4204
  async verifyTwoFactor(e) {
3966
4205
  try {
3967
4206
  const t = await this.twoFactorService.verify(e);
3968
- return this.storageManager.saveTokens(t), this.tokenCacheService.setTokensCache(t), this.subscribeStore.notify(a.SignIn, {
4207
+ return this.storageManager.saveTokens(t), this.tokenCacheService.setTokensCache(t), this.subscribeStore.notify(n.SignIn, {
3969
4208
  tokens: t,
3970
4209
  parsedTokens: this.tokenCacheService.getParsedTokens()
3971
4210
  }), await this.submitSessionCheck(), t;
@@ -3992,7 +4231,7 @@ const O = class O {
3992
4231
  async useTwoFactorRecoveryCode(e) {
3993
4232
  try {
3994
4233
  const t = await this.twoFactorService.useRecoveryCode(e);
3995
- return this.storageManager.saveTokens(t), this.tokenCacheService.setTokensCache(t), this.subscribeStore.notify(a.SignIn, {
4234
+ return this.storageManager.saveTokens(t), this.tokenCacheService.setTokensCache(t), this.subscribeStore.notify(n.SignIn, {
3996
4235
  tokens: t,
3997
4236
  parsedTokens: this.tokenCacheService.getParsedTokens()
3998
4237
  }), await this.submitSessionCheck(), t;
@@ -4163,15 +4402,15 @@ class l extends Error {
4163
4402
  /**
4164
4403
  * Create an M2MError from an OAuth 2.0 error response
4165
4404
  */
4166
- static fromOAuthError(e, t, s) {
4167
- const r = s ? l.parseRateLimitHeaders(s) : void 0;
4405
+ static fromOAuthError(e, t, r) {
4406
+ const s = r ? l.parseRateLimitHeaders(r) : void 0;
4168
4407
  return new l({
4169
4408
  code: e.error,
4170
4409
  message: e.error_description ?? l.getDefaultMessage(e.error),
4171
4410
  status: t,
4172
4411
  errorUri: e.error_uri,
4173
- rateLimitInfo: r,
4174
- headers: s
4412
+ rateLimitInfo: s,
4413
+ headers: r
4175
4414
  });
4176
4415
  }
4177
4416
  /**
@@ -4189,12 +4428,12 @@ class l extends Error {
4189
4428
  * Parse rate limit headers from response
4190
4429
  */
4191
4430
  static parseRateLimitHeaders(e) {
4192
- const t = e["x-ratelimit-limit"], s = e["x-ratelimit-remaining"], r = e["x-ratelimit-reset"] || e["retry-after"];
4193
- if (t && s && r)
4431
+ const t = e["x-ratelimit-limit"], r = e["x-ratelimit-remaining"], s = e["x-ratelimit-reset"] || e["retry-after"];
4432
+ if (t && r && s)
4194
4433
  return {
4195
4434
  limit: parseInt(t, 10),
4196
- remaining: parseInt(s, 10),
4197
- reset: parseInt(r, 10)
4435
+ remaining: parseInt(r, 10),
4436
+ reset: parseInt(s, 10)
4198
4437
  };
4199
4438
  }
4200
4439
  /**
@@ -4261,7 +4500,7 @@ class N extends l {
4261
4500
  }), this.name = "M2MNetworkError";
4262
4501
  }
4263
4502
  }
4264
- class P extends l {
4503
+ class M extends l {
4265
4504
  constructor(e, t) {
4266
4505
  super({
4267
4506
  code: "invalid_request",
@@ -4280,7 +4519,7 @@ class U extends l {
4280
4519
  }), this.name = "M2MConfigError";
4281
4520
  }
4282
4521
  }
4283
- const Ge = {
4522
+ const Ve = {
4284
4523
  InvalidRequest: "invalid_request",
4285
4524
  InvalidClient: "invalid_client",
4286
4525
  InvalidGrant: "invalid_grant",
@@ -4290,7 +4529,7 @@ const Ge = {
4290
4529
  RateLimitExceeded: "rate_limit_exceeded",
4291
4530
  ServerError: "server_error",
4292
4531
  TemporarilyUnavailable: "temporarily_unavailable"
4293
- }, S = {
4532
+ }, w = {
4294
4533
  /** Default token endpoint path */
4295
4534
  TOKEN_ENDPOINT: "/oauth2/token",
4296
4535
  /** Default request timeout in milliseconds */
@@ -4312,10 +4551,10 @@ class xe {
4312
4551
  const t = this.cache.get(e);
4313
4552
  return t ? Date.now() >= t.expiresAt ? (this.cache.delete(e), Promise.resolve(null)) : Promise.resolve(t.token) : Promise.resolve(null);
4314
4553
  }
4315
- set(e, t, s) {
4554
+ set(e, t, r) {
4316
4555
  return this.cache.set(e, {
4317
4556
  token: t,
4318
- expiresAt: Date.now() + s * 1e3
4557
+ expiresAt: Date.now() + r * 1e3
4319
4558
  }), Promise.resolve();
4320
4559
  }
4321
4560
  delete(e) {
@@ -4330,7 +4569,7 @@ const Ue = {
4330
4569
  return Math.pow(2, i - 1) * 1e3;
4331
4570
  }
4332
4571
  };
4333
- class Ve {
4572
+ class Ge {
4334
4573
  /**
4335
4574
  * Create a new M2M client
4336
4575
  *
@@ -4361,23 +4600,23 @@ class Ve {
4361
4600
  scopes: e.scopes,
4362
4601
  audience: e.audience,
4363
4602
  autoRefresh: e.autoRefresh ?? !1,
4364
- refreshThreshold: e.refreshThreshold ?? S.REFRESH_THRESHOLD,
4365
- timeout: e.timeout ?? S.TIMEOUT,
4366
- retries: e.retries ?? S.RETRIES,
4367
- retryDelay: e.retryDelay ?? S.RETRY_DELAY,
4603
+ refreshThreshold: e.refreshThreshold ?? w.REFRESH_THRESHOLD,
4604
+ timeout: e.timeout ?? w.TIMEOUT,
4605
+ retries: e.retries ?? w.RETRIES,
4606
+ retryDelay: e.retryDelay ?? w.RETRY_DELAY,
4368
4607
  retryStrategy: e.retryStrategy,
4369
4608
  cache: e.cache,
4370
4609
  onTokenRequest: e.onTokenRequest,
4371
4610
  onTokenResponse: e.onTokenResponse,
4372
4611
  onError: e.onError
4373
- }, this.cache = e.cache ?? new xe(), this.retryStrategy = e.retryStrategy ?? Ue, this.tokenEndpoint = `${t}${S.TOKEN_ENDPOINT}`;
4612
+ }, this.cache = e.cache ?? new xe(), this.retryStrategy = e.retryStrategy ?? Ue, this.tokenEndpoint = `${t}${w.TOKEN_ENDPOINT}`;
4374
4613
  }
4375
4614
  /**
4376
4615
  * Get the cache key for this client
4377
4616
  */
4378
4617
  getCacheKey(e, t) {
4379
- const s = e?.sort().join(",") || "", r = t?.sort().join(",") || "";
4380
- return `m2m:${this.config.clientId}:${s}:${r}`;
4618
+ const r = e?.sort().join(",") || "", s = t?.sort().join(",") || "";
4619
+ return `m2m:${this.config.clientId}:${r}:${s}`;
4381
4620
  }
4382
4621
  /**
4383
4622
  * Request an access token from the authorization server
@@ -4399,13 +4638,13 @@ class Ve {
4399
4638
  * ```
4400
4639
  */
4401
4640
  async getToken(e) {
4402
- const t = e?.scopes ?? this.config.scopes, s = e?.audience ?? this.config.audience, r = this.getCacheKey(t, s);
4641
+ const t = e?.scopes ?? this.config.scopes, r = e?.audience ?? this.config.audience, s = this.getCacheKey(t, r);
4403
4642
  if (!e?.forceRefresh) {
4404
- const n = await this.cache.get(r);
4405
- if (n && !this.isTokenExpired(n))
4406
- return n;
4643
+ const o = await this.cache.get(s);
4644
+ if (o && !this.isTokenExpired(o))
4645
+ return o;
4407
4646
  }
4408
- return this.requestToken(t, s, r);
4647
+ return this.requestToken(t, r, s);
4409
4648
  }
4410
4649
  /**
4411
4650
  * Get a valid token, automatically refreshing if needed
@@ -4423,32 +4662,32 @@ class Ve {
4423
4662
  * ```
4424
4663
  */
4425
4664
  async getValidToken() {
4426
- const e = this.config.scopes, t = this.config.audience, s = this.getCacheKey(e, t), r = await this.cache.get(s);
4427
- if (r) {
4428
- if (this.config.autoRefresh && this.isTokenExpired(r, this.config.refreshThreshold))
4429
- return this.requestToken(e, t, s);
4430
- if (!this.isTokenExpired(r))
4431
- return r;
4665
+ const e = this.config.scopes, t = this.config.audience, r = this.getCacheKey(e, t), s = await this.cache.get(r);
4666
+ if (s) {
4667
+ if (this.config.autoRefresh && this.isTokenExpired(s, this.config.refreshThreshold))
4668
+ return this.requestToken(e, t, r);
4669
+ if (!this.isTokenExpired(s))
4670
+ return s;
4432
4671
  }
4433
- return this.requestToken(e, t, s);
4672
+ return this.requestToken(e, t, r);
4434
4673
  }
4435
4674
  /**
4436
4675
  * Request a new token from the authorization server
4437
4676
  */
4438
- async requestToken(e, t, s) {
4439
- const r = {
4677
+ async requestToken(e, t, r) {
4678
+ const s = {
4440
4679
  grant_type: "client_credentials",
4441
4680
  client_id: this.config.clientId,
4442
4681
  client_secret: this.config.clientSecret
4443
4682
  };
4444
- e && e.length > 0 && (r.scope = e.join(" ")), t && t.length > 0 && (r.audience = t.join(" ")), this.config.onTokenRequest && this.config.onTokenRequest({
4683
+ e && e.length > 0 && (s.scope = e.join(" ")), t && t.length > 0 && (s.audience = t.join(" ")), this.config.onTokenRequest && this.config.onTokenRequest({
4445
4684
  clientId: this.config.clientId,
4446
4685
  scopes: e ?? [],
4447
4686
  audience: t ?? [],
4448
4687
  timestamp: (/* @__PURE__ */ new Date()).toISOString()
4449
4688
  });
4450
- const n = await this.executeWithRetry(() => this.doTokenRequest(r));
4451
- return n.issued_at = Math.floor(Date.now() / 1e3), s && await this.cache.set(s, n, n.expires_in), this.config.onTokenResponse && this.config.onTokenResponse(n), n;
4689
+ const o = await this.executeWithRetry(() => this.doTokenRequest(s));
4690
+ return o.issued_at = Math.floor(Date.now() / 1e3), r && await this.cache.set(r, o, o.expires_in), this.config.onTokenResponse && this.config.onTokenResponse(o), o;
4452
4691
  }
4453
4692
  /**
4454
4693
  * Execute the actual HTTP request to the token endpoint
@@ -4456,41 +4695,41 @@ class Ve {
4456
4695
  async doTokenRequest(e) {
4457
4696
  const t = new URLSearchParams();
4458
4697
  t.append("grant_type", e.grant_type), t.append("client_id", e.client_id), t.append("client_secret", e.client_secret), e.scope && t.append("scope", e.scope), e.audience && t.append("audience", e.audience);
4459
- const s = new AbortController(), r = setTimeout(() => s.abort(), this.config.timeout);
4698
+ const r = new AbortController(), s = setTimeout(() => r.abort(), this.config.timeout);
4460
4699
  try {
4461
- const n = await fetch(this.tokenEndpoint, {
4700
+ const o = await fetch(this.tokenEndpoint, {
4462
4701
  method: "POST",
4463
4702
  headers: {
4464
- "Content-Type": S.CONTENT_TYPE,
4703
+ "Content-Type": w.CONTENT_TYPE,
4465
4704
  Accept: "application/json"
4466
4705
  },
4467
4706
  body: t.toString(),
4468
- signal: s.signal
4707
+ signal: r.signal
4469
4708
  });
4470
- clearTimeout(r);
4471
- const o = {};
4472
- n.headers.forEach((c, g) => {
4473
- o[g.toLowerCase()] = c;
4709
+ clearTimeout(s);
4710
+ const a = {};
4711
+ o.headers.forEach((h, g) => {
4712
+ a[g.toLowerCase()] = h;
4474
4713
  });
4475
- const d = await n.json();
4476
- if (!n.ok) {
4477
- const c = l.fromOAuthError(
4714
+ const d = await o.json();
4715
+ if (!o.ok) {
4716
+ const h = l.fromOAuthError(
4478
4717
  {
4479
4718
  error: d.error || "server_error",
4480
4719
  error_description: d.error_description || d.message,
4481
4720
  error_uri: d.error_uri
4482
4721
  },
4483
- n.status,
4484
- o
4722
+ o.status,
4723
+ a
4485
4724
  );
4486
4725
  throw this.config.onError && this.config.onError({
4487
- error: c.code,
4488
- error_description: c.message
4489
- }), c;
4726
+ error: h.code,
4727
+ error_description: h.message
4728
+ }), h;
4490
4729
  }
4491
4730
  return d;
4492
- } catch (n) {
4493
- throw clearTimeout(r), n instanceof Error && n.name === "AbortError" ? new N(`Request timed out after ${this.config.timeout}ms`) : n instanceof TypeError && n.message.includes("fetch") ? new N(`Network error: ${n.message}`, n) : n instanceof l ? n : l.fromError(n instanceof Error ? n : new Error(String(n)));
4731
+ } catch (o) {
4732
+ throw clearTimeout(s), o instanceof Error && o.name === "AbortError" ? new N(`Request timed out after ${this.config.timeout}ms`) : o instanceof TypeError && o.message.includes("fetch") ? new N(`Network error: ${o.message}`, o) : o instanceof l ? o : l.fromError(o instanceof Error ? o : new Error(String(o)));
4494
4733
  }
4495
4734
  }
4496
4735
  /**
@@ -4498,18 +4737,18 @@ class Ve {
4498
4737
  */
4499
4738
  async executeWithRetry(e) {
4500
4739
  let t;
4501
- for (let s = 1; s <= this.config.retries; s++)
4740
+ for (let r = 1; r <= this.config.retries; r++)
4502
4741
  try {
4503
4742
  return await e();
4504
- } catch (r) {
4505
- if (!(r instanceof l))
4506
- throw r;
4507
- if (t = r, s < this.config.retries && this.retryStrategy.shouldRetry({ code: r.code, status: r.status }, s)) {
4508
- const n = this.retryStrategy.getDelay(s);
4509
- await this.sleep(n);
4743
+ } catch (s) {
4744
+ if (!(s instanceof l))
4745
+ throw s;
4746
+ if (t = s, r < this.config.retries && this.retryStrategy.shouldRetry({ code: s.code, status: s.status }, r)) {
4747
+ const o = this.retryStrategy.getDelay(r);
4748
+ await this.sleep(o);
4510
4749
  continue;
4511
4750
  }
4512
- throw r;
4751
+ throw s;
4513
4752
  }
4514
4753
  throw t ?? new l({ code: "server_error", message: "Request failed after retries" });
4515
4754
  }
@@ -4563,8 +4802,8 @@ class Ve {
4563
4802
  */
4564
4803
  isTokenExpired(e, t = 0) {
4565
4804
  if (!e) return !0;
4566
- const s = Math.floor(Date.now() / 1e3), n = (e.issued_at ?? s - e.expires_in) + e.expires_in;
4567
- return s >= n - t;
4805
+ const r = Math.floor(Date.now() / 1e3), o = (e.issued_at ?? r - e.expires_in) + e.expires_in;
4806
+ return r >= o - t;
4568
4807
  }
4569
4808
  /**
4570
4809
  * Parse token claims from a JWT access token
@@ -4585,14 +4824,14 @@ class Ve {
4585
4824
  try {
4586
4825
  const t = e.split(".");
4587
4826
  if (t.length !== 3)
4588
- throw new P("Invalid JWT format: expected 3 parts");
4589
- const s = t[1];
4590
- if (!s)
4591
- throw new P("Invalid JWT format: missing payload");
4592
- const r = atob(s.replace(/-/g, "+").replace(/_/g, "/")), n = JSON.parse(r);
4593
- return n.scopes && typeof n.scopes == "string" ? n.scopes = n.scopes.split(" ") : n.scopes || (n.scopes = []), n;
4827
+ throw new M("Invalid JWT format: expected 3 parts");
4828
+ const r = t[1];
4829
+ if (!r)
4830
+ throw new M("Invalid JWT format: missing payload");
4831
+ const s = atob(r.replace(/-/g, "+").replace(/_/g, "/")), o = JSON.parse(s);
4832
+ return o.scopes && typeof o.scopes == "string" ? o.scopes = o.scopes.split(" ") : o.scopes || (o.scopes = []), o;
4594
4833
  } catch (t) {
4595
- throw t instanceof P ? t : new P(`Failed to parse token: ${t instanceof Error ? t.message : "Unknown error"}`);
4834
+ throw t instanceof M ? t : new M(`Failed to parse token: ${t instanceof Error ? t.message : "Unknown error"}`);
4596
4835
  }
4597
4836
  }
4598
4837
  /**
@@ -4627,29 +4866,29 @@ class Ve {
4627
4866
  const e = this.getCachedToken();
4628
4867
  if (!e)
4629
4868
  return;
4630
- const t = `${this.config.url}/oauth2/revoke`, s = new URLSearchParams();
4631
- s.append("token", e.access_token), s.append("client_id", this.config.clientId), s.append("client_secret", this.config.clientSecret);
4869
+ const t = `${this.config.url}/oauth2/revoke`, r = new URLSearchParams();
4870
+ r.append("token", e.access_token), r.append("client_id", this.config.clientId), r.append("client_secret", this.config.clientSecret);
4632
4871
  try {
4633
- const r = await fetch(t, {
4872
+ const s = await fetch(t, {
4634
4873
  method: "POST",
4635
4874
  headers: {
4636
- "Content-Type": S.CONTENT_TYPE
4875
+ "Content-Type": w.CONTENT_TYPE
4637
4876
  },
4638
- body: s.toString()
4877
+ body: r.toString()
4639
4878
  });
4640
- if (!r.ok && r.status !== 200) {
4641
- const n = await r.json().catch(() => ({}));
4879
+ if (!s.ok && s.status !== 200) {
4880
+ const o = await s.json().catch(() => ({}));
4642
4881
  throw l.fromOAuthError(
4643
4882
  {
4644
- error: n.error || "server_error",
4645
- error_description: n.error_description || "Token revocation failed"
4883
+ error: o.error || "server_error",
4884
+ error_description: o.error_description || "Token revocation failed"
4646
4885
  },
4647
- r.status
4886
+ s.status
4648
4887
  );
4649
4888
  }
4650
4889
  this.clearCache();
4651
- } catch (r) {
4652
- throw r instanceof l ? r : l.fromError(r instanceof Error ? r : new Error(String(r)));
4890
+ } catch (s) {
4891
+ throw s instanceof l ? s : l.fromError(s instanceof Error ? s : new Error(String(s)));
4653
4892
  }
4654
4893
  }
4655
4894
  /**
@@ -4679,7 +4918,7 @@ class Ve {
4679
4918
  }
4680
4919
  export {
4681
4920
  C as APP_ID_HEADER_KEY,
4682
- _ as AUTHORIZATION_HEADER_KEY,
4921
+ I as AUTHORIZATION_HEADER_KEY,
4683
4922
  pe as AppAPI,
4684
4923
  fe as AuthAPI,
4685
4924
  Ie as AuthService,
@@ -4687,54 +4926,54 @@ export {
4687
4926
  Q as DEFAULT_SCOPES,
4688
4927
  W as DEVICE_ID_HEADER_KEY,
4689
4928
  J as DEVICE_TYPE_HEADER_KEY,
4690
- oe as ERROR_MESSAGE_MAX_LENGTH,
4929
+ ne as ERROR_MESSAGE_MAX_LENGTH,
4691
4930
  ke as InvitationAPI,
4692
4931
  be as InvitationService,
4693
- Ve as M2MClient,
4932
+ Ge as M2MClient,
4694
4933
  U as M2MConfigError,
4695
4934
  l as M2MError,
4696
- Ge as M2MErrorCodes,
4935
+ Ve as M2MErrorCodes,
4697
4936
  N as M2MNetworkError,
4698
- P as M2MTokenParseError,
4699
- S as M2M_DEFAULTS,
4937
+ M as M2MTokenParseError,
4938
+ w as M2M_DEFAULTS,
4700
4939
  Ne as MINIMAL_DEFAULT_SCOPES,
4701
- I as OS,
4702
- G as PASSFLOW_CLOUD_URL,
4940
+ b as OS,
4941
+ V as PASSFLOW_CLOUD_URL,
4703
4942
  te as POPUP_HEIGHT,
4704
- se as POPUP_POLL_INTERVAL_MS,
4705
- re as POPUP_TIMEOUT_MS,
4943
+ re as POPUP_POLL_INTERVAL_MS,
4944
+ se as POPUP_TIMEOUT_MS,
4706
4945
  ee as POPUP_WIDTH,
4707
4946
  L as Passflow,
4708
- w as PassflowAdminEndpointPaths,
4709
- h as PassflowEndpointPaths,
4947
+ T as PassflowAdminEndpointPaths,
4948
+ c as PassflowEndpointPaths,
4710
4949
  u as PassflowError,
4711
- a as PassflowEvent,
4950
+ n as PassflowEvent,
4712
4951
  de as Providers,
4713
4952
  E as RequestMethod,
4714
4953
  Z as SDK_VERSION,
4715
4954
  q as SessionState,
4716
- ye as SettingAPI,
4717
- V as TOKEN_EXPIRY_BUFFER_SECONDS,
4718
- ve as TenantAPI,
4719
- Pe as TenantService,
4955
+ ve as SettingAPI,
4956
+ G as TOKEN_EXPIRY_BUFFER_SECONDS,
4957
+ ye as TenantAPI,
4958
+ Me as TenantService,
4720
4959
  Re as TenantUserMembership,
4721
- De as TokenCacheService,
4722
- v as TokenDeliveryMode,
4723
- k as TokenType,
4960
+ Fe as TokenCacheService,
4961
+ y as TokenDeliveryMode,
4962
+ p as TokenType,
4724
4963
  me as TwoFactorApiClient,
4725
4964
  ue as TwoFactorPolicy,
4726
- Me as TwoFactorService,
4727
- ne as USERNAME_MAX_LENGTH,
4965
+ De as TwoFactorService,
4966
+ oe as USERNAME_MAX_LENGTH,
4728
4967
  ie as USERNAME_MIN_LENGTH,
4729
4968
  Se as UserAPI,
4730
- Fe as UserService,
4731
- m as isTokenExpired,
4732
- F as isValidEmail,
4733
- M as isValidJWTFormat,
4969
+ Pe as UserService,
4970
+ S as isTokenExpired,
4971
+ P as isValidEmail,
4972
+ D as isValidJWTFormat,
4734
4973
  x as isValidPhoneNumber,
4735
- Ee as isValidUsername,
4736
- y as parseToken,
4737
- A as pathWithParams,
4974
+ _e as isValidUsername,
4975
+ v as parseToken,
4976
+ m as pathWithParams,
4738
4977
  Te as sanitizeErrorMessage
4739
4978
  };
4740
4979
  //# sourceMappingURL=index.mjs.map