npm - @pod-os/core - Versions diffs - 0.16.1-rc.bdd004d.0 → 0.16.1 - Mend

@pod-os/core 0.16.1-rc.bdd004d.0 → 0.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/lib/index.js CHANGED Viewed

@@ -43332,11 +43332,6 @@ _:patch
         }
         break;
       }
-      case "Ed25519": {
-        if (!isAlgorithm(key3.algorithm, "Ed25519"))
-          throw unusable("Ed25519");
-        break;
-      }
       case "ES256":
       case "ES384":
       case "ES512": {
@@ -43520,10 +43515,6 @@ _:patch
       }
       case "OKP": {
         switch (jwk.alg) {
-          case "Ed25519":
-            algorithm3 = { name: "Ed25519" };
-            keyUsages = jwk.d ? ["sign"] : ["verify"];
-            break;
           case "EdDSA":
             algorithm3 = { name: jwk.crv };
             keyUsages = jwk.d ? ["sign"] : ["verify"];
@@ -43641,7 +43632,7 @@ _:patch
         }
         return decode(jwk.k);
       case "RSA":
-        if ("oth" in jwk && jwk.oth !== void 0) {
+        if (jwk.oth !== void 0) {
           throw new JOSENotSupported('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');
         }
       case "EC":
@@ -43812,8 +43803,6 @@ _:patch
       case "ES384":
       case "ES512":
         return { hash: hash2, name: "ECDSA", namedCurve: algorithm3.namedCurve };
-      case "Ed25519":
-        return { name: "Ed25519" };
       case "EdDSA":
         return { name: algorithm3.name };
       default:
@@ -44387,6 +44376,9 @@ _:patch
         if (candidate4 && Array.isArray(jwk2.key_ops)) {
           candidate4 = jwk2.key_ops.includes("verify");
         }
+        if (candidate4 && alg === "EdDSA") {
+          candidate4 = jwk2.crv === "Ed25519" || jwk2.crv === "Ed448";
+        }
         if (candidate4) {
           switch (alg) {
             case "ES256":
@@ -44401,12 +44393,6 @@ _:patch
             case "ES512":
               candidate4 = jwk2.crv === "P-521";
               break;
-            case "Ed25519":
-              candidate4 = jwk2.crv === "Ed25519";
-              break;
-            case "EdDSA":
-              candidate4 = jwk2.crv === "Ed25519" || jwk2.crv === "Ed448";
-              break;
           }
         }
         return candidate4;
@@ -44497,7 +44483,7 @@ _:patch
   var USER_AGENT;
   if (typeof navigator === "undefined" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) {
     const NAME = "jose";
-    const VERSION = "v5.10.0";
+    const VERSION = "v5.9.6";
     USER_AGENT = `${NAME}/${VERSION}`;
   }
   var jwksCache = Symbol();
@@ -44670,10 +44656,6 @@ _:patch
         algorithm3 = { name: "ECDSA", namedCurve: "P-521" };
         keyUsages = ["sign", "verify"];
         break;
-      case "Ed25519":
-        algorithm3 = { name: "Ed25519" };
-        keyUsages = ["sign", "verify"];
-        break;
       case "EdDSA": {
         keyUsages = ["sign", "verify"];
         const crv = options?.crv ?? "Ed25519";
@@ -44752,17 +44734,11 @@ _:patch
       return native_default.randomUUID();
     }
     options = options || {};
-    const rnds = options.random ?? options.rng?.() ?? rng();
-    if (rnds.length < 16) {
-      throw new Error("Random bytes length must be >= 16");
-    }
+    const rnds = options.random || (options.rng || rng)();
     rnds[6] = rnds[6] & 15 | 64;
     rnds[8] = rnds[8] & 63 | 128;
     if (buf) {
       offset3 = offset3 || 0;
-      if (offset3 < 0 || offset3 + 16 > buf.length) {
-        throw new RangeError(`UUID byte range ${offset3}:${offset3 + 15} is out of buffer bounds`);
-      }
       for (let i = 0; i < 16; ++i) {
         buf[offset3 + i] = rnds[i];
       }
@@ -44781,8 +44757,6 @@ _:patch
     LOGIN: "login",
     LOGOUT: "logout",
     NEW_REFRESH_TOKEN: "newRefreshToken",
-    NEW_TOKENS: "newTokens",
-    AUTHORIZATION_REQUEST: "authorizationRequest",
     SESSION_EXPIRED: "sessionExpired",
     SESSION_EXTENDED: "sessionExtended",
     SESSION_RESTORED: "sessionRestore",
@@ -44794,7 +44768,6 @@ _:patch
   var SCOPE_WEBID = "webid";
   var DEFAULT_SCOPES = [SCOPE_OPENID, SCOPE_OFFLINE, SCOPE_WEBID].join(" ");
   var AggregateHandler = class {
-    handleables;
     constructor(handleables) {
       this.handleables = handleables;
       this.handleables = handleables;
@@ -44890,21 +44863,19 @@ _:patch
     return Boolean(fallback);
   }
   var AuthorizationCodeWithPkceOidcHandlerBase = class {
-    storageUtility;
-    redirector;
     constructor(storageUtility, redirector) {
       this.storageUtility = storageUtility;
       this.redirector = redirector;
+      this.parametersGuard = (oidcLoginOptions) => {
+        return oidcLoginOptions.issuerConfiguration.grantTypesSupported !== void 0 && oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf("authorization_code") > -1 && oidcLoginOptions.redirectUrl !== void 0;
+      };
       this.storageUtility = storageUtility;
       this.redirector = redirector;
     }
-    parametersGuard = (oidcLoginOptions) => {
-      return oidcLoginOptions.issuerConfiguration.grantTypesSupported !== void 0 && oidcLoginOptions.issuerConfiguration.grantTypesSupported.indexOf("authorization_code") > -1 && oidcLoginOptions.redirectUrl !== void 0;
-    };
     async canHandle(oidcLoginOptions) {
       return this.parametersGuard(oidcLoginOptions);
     }
-    async setupRedirectHandler({ oidcLoginOptions, state: state2, codeVerifier, targetUrl: targetUrl3 }) {
+    async handleRedirect({ oidcLoginOptions, state: state2, codeVerifier, targetUrl: targetUrl3 }) {
       if (!this.parametersGuard(oidcLoginOptions)) {
         throw new Error("The authorization code grant requires a redirectUrl.");
       }
@@ -44941,7 +44912,6 @@ _:patch
     }
   };
   var GeneralLogoutHandler = class {
-    sessionInfoManager;
     constructor(sessionInfoManager) {
       this.sessionInfoManager = sessionInfoManager;
       this.sessionInfoManager = sessionInfoManager;
@@ -44954,16 +44924,15 @@ _:patch
     }
   };
   var IRpLogoutHandler = class {
-    redirector;
     constructor(redirector) {
       this.redirector = redirector;
       this.redirector = redirector;
     }
     async canHandle(userId, options) {
-      return options?.logoutType === "idp";
+      return (options === null || options === void 0 ? void 0 : options.logoutType) === "idp";
     }
     async handle(userId, options) {
-      if (options?.logoutType !== "idp") {
+      if ((options === null || options === void 0 ? void 0 : options.logoutType) !== "idp") {
         throw new Error("Attempting to call idp logout handler to perform app logout");
       }
       if (options.toLogoutUrl === void 0) {
@@ -44975,7 +44944,6 @@ _:patch
     }
   };
   var IWaterfallLogoutHandler = class {
-    handlers;
     constructor(sessionInfoManager, redirector) {
       this.handlers = [
         new GeneralLogoutHandler(sessionInfoManager),
@@ -45006,7 +44974,6 @@ _:patch
     ]);
   }
   var SessionInfoManagerBase = class {
-    storageUtility;
     constructor(storageUtility) {
       this.storageUtility = storageUtility;
       this.storageUtility = storageUtility;
@@ -45014,9 +44981,6 @@ _:patch
     update(_sessionId, _options) {
       throw new Error("Not Implemented");
     }
-    set(_sessionId, _sessionInfo) {
-      throw new Error("Not Implemented");
-    }
     get(_) {
       throw new Error("Not implemented");
     }
@@ -45027,6 +44991,7 @@ _:patch
     /**
      * This function removes all session-related information from storage.
      * @param sessionId the session identifier
+     * @param storage the storage where session info is stored
      * @hidden
      */
     async clear(sessionId) {
@@ -45034,6 +44999,7 @@ _:patch
     }
     /**
      * Registers a new session, so that its ID can be retrieved.
+     * @param sessionId
      */
     async register(_sessionId) {
       throw new Error("Not implemented");
@@ -45051,12 +45017,6 @@ _:patch
     async clearAll() {
       throw new Error("Not implemented");
     }
-    /**
-     * Sets authorization request state in storage for a given session ID.
-     */
-    async setOidcContext(_sessionId, _authorizationRequestState) {
-      throw new Error("Not implemented");
-    }
   };
   function getEndSessionUrl({ endSessionEndpoint, idTokenHint, postLogoutRedirectUri, state: state2 }) {
     const url7 = new URL(endSessionEndpoint);
@@ -45088,14 +45048,15 @@ _:patch
     try {
       new URL(url7);
       return true;
-    } catch {
+    } catch (_a) {
       return false;
     }
   }
   function determineSigningAlg(supported, preferred2) {
-    return preferred2.find((signingAlg) => {
+    var _a;
+    return (_a = preferred2.find((signingAlg) => {
       return supported.includes(signingAlg);
-    }) ?? null;
+    })) !== null && _a !== void 0 ? _a : null;
   }
   function isStaticClient(options) {
     return options.clientId !== void 0 && !isValidUrl(options.clientId);
@@ -45143,40 +45104,33 @@ _:patch
   }
   var boundFetch = (request2, init) => fetch(request2, init);
   var ClientAuthentication = class {
-    loginHandler;
-    redirectHandler;
-    logoutHandler;
-    sessionInfoManager;
-    issuerConfigFetcher;
-    boundLogout;
     constructor(loginHandler, redirectHandler, logoutHandler, sessionInfoManager, issuerConfigFetcher) {
       this.loginHandler = loginHandler;
       this.redirectHandler = redirectHandler;
       this.logoutHandler = logoutHandler;
       this.sessionInfoManager = sessionInfoManager;
       this.issuerConfigFetcher = issuerConfigFetcher;
+      this.fetch = boundFetch;
+      this.logout = async (sessionId, options) => {
+        await this.logoutHandler.handle(sessionId, (options === null || options === void 0 ? void 0 : options.logoutType) === "idp" ? {
+          ...options,
+          toLogoutUrl: this.boundLogout
+        } : options);
+        this.fetch = boundFetch;
+        delete this.boundLogout;
+      };
+      this.getSessionInfo = async (sessionId) => {
+        return this.sessionInfoManager.get(sessionId);
+      };
+      this.getAllSessionInfo = async () => {
+        return this.sessionInfoManager.getAll();
+      };
       this.loginHandler = loginHandler;
       this.redirectHandler = redirectHandler;
       this.logoutHandler = logoutHandler;
       this.sessionInfoManager = sessionInfoManager;
       this.issuerConfigFetcher = issuerConfigFetcher;
     }
-    // By default, our fetch() resolves to the environment fetch() function.
-    fetch = boundFetch;
-    logout = async (sessionId, options) => {
-      await this.logoutHandler.handle(sessionId, options?.logoutType === "idp" ? {
-        ...options,
-        toLogoutUrl: this.boundLogout
-      } : options);
-      this.fetch = boundFetch;
-      delete this.boundLogout;
-    };
-    getSessionInfo = async (sessionId) => {
-      return this.sessionInfoManager.get(sessionId);
-    };
-    getAllSessionInfo = async () => {
-      return this.sessionInfoManager.getAll();
-    };
   };
   async function loadOidcContextFromStorage(sessionId, storageUtility, configFetcher) {
     try {
@@ -45224,8 +45178,6 @@ _:patch
     }
   }
   var StorageUtility = class {
-    secureStorage;
-    insecureStorage;
     constructor(secureStorage, insecureStorage) {
       this.secureStorage = secureStorage;
       this.insecureStorage = insecureStorage;
@@ -45250,26 +45202,26 @@ _:patch
       await (secure ? this.secureStorage : this.insecureStorage).set(this.getKey(userId), JSON.stringify(data2));
     }
     async get(key3, options) {
-      const value7 = await (options?.secure ? this.secureStorage : this.insecureStorage).get(key3);
-      if (value7 === void 0 && options?.errorIfNull) {
+      const value7 = await ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).get(key3);
+      if (value7 === void 0 && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
         throw new Error(`[${key3}] is not stored`);
       }
       return value7;
     }
     async set(key3, value7, options) {
-      return (options?.secure ? this.secureStorage : this.insecureStorage).set(key3, value7);
+      return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).set(key3, value7);
     }
     async delete(key3, options) {
-      return (options?.secure ? this.secureStorage : this.insecureStorage).delete(key3);
+      return ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(key3);
     }
     async getForUser(userId, key3, options) {
-      const userData = await this.getUserData(userId, options?.secure);
+      const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
       let value7;
       if (!userData || !userData[key3]) {
         value7 = void 0;
       }
       value7 = userData[key3];
-      if (value7 === void 0 && options?.errorIfNull) {
+      if (value7 === void 0 && (options === null || options === void 0 ? void 0 : options.errorIfNull)) {
         throw new Error(`Field [${key3}] for user [${userId}] is not stored`);
       }
       return value7 || void 0;
@@ -45277,23 +45229,25 @@ _:patch
     async setForUser(userId, values2, options) {
       let userData;
       try {
-        userData = await this.getUserData(userId, options?.secure);
-      } catch {
+        userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
+      } catch (_a) {
         userData = {};
       }
-      await this.setUserData(userId, { ...userData, ...values2 }, options?.secure);
+      await this.setUserData(userId, { ...userData, ...values2 }, options === null || options === void 0 ? void 0 : options.secure);
     }
     async deleteForUser(userId, key3, options) {
-      const userData = await this.getUserData(userId, options?.secure);
+      const userData = await this.getUserData(userId, options === null || options === void 0 ? void 0 : options.secure);
       delete userData[key3];
-      await this.setUserData(userId, userData, options?.secure);
+      await this.setUserData(userId, userData, options === null || options === void 0 ? void 0 : options.secure);
     }
     async deleteAllUserData(userId, options) {
-      await (options?.secure ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));
+      await ((options === null || options === void 0 ? void 0 : options.secure) ? this.secureStorage : this.insecureStorage).delete(this.getKey(userId));
     }
   };
   var InMemoryStorage = class {
-    map = {};
+    constructor() {
+      this.map = {};
+    }
     async get(key3) {
       return this.map[key3] || void 0;
     }
@@ -45311,7 +45265,6 @@ _:patch
     }
   };
   var InvalidResponseError = class extends Error {
-    missingFields;
     /* istanbul ignore next */
     constructor(missingFields) {
       super(`Invalid response from OIDC provider: missing fields ${missingFields}`);
@@ -45319,8 +45272,6 @@ _:patch
     }
   };
   var OidcProviderError = class extends Error {
-    error;
-    errorDescription;
     /* istanbul ignore next */
     constructor(message5, error4, errorDescription) {
       super(message5);
@@ -45357,9 +45308,10 @@ _:patch
     return [401, 403].includes(statusCode2);
   }
   async function buildDpopFetchOptions(targetUrl3, authToken, dpopKey, defaultOptions) {
-    const headers = new Headers(defaultOptions?.headers);
+    var _a;
+    const headers = new Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
     headers.set("Authorization", `DPoP ${authToken}`);
-    headers.set("DPoP", await createDpopHeader(targetUrl3, defaultOptions?.method ?? "get", dpopKey));
+    headers.set("DPoP", await createDpopHeader(targetUrl3, (_a = defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.method) !== null && _a !== void 0 ? _a : "get", dpopKey));
     return {
       ...defaultOptions,
       headers
@@ -45369,7 +45321,7 @@ _:patch
     if (dpopKey !== void 0) {
       return buildDpopFetchOptions(targetUrl3, authToken, dpopKey, defaultOptions);
     }
-    const headers = new Headers(defaultOptions?.headers);
+    const headers = new Headers(defaultOptions === null || defaultOptions === void 0 ? void 0 : defaultOptions.headers);
     headers.set("Authorization", `Bearer ${authToken}`);
     return {
       ...defaultOptions,
@@ -45380,8 +45332,12 @@ _:patch
     return fetch(url7, await buildAuthenticatedHeaders(url7.toString(), accessToken, dpopKey, defaultRequestInit));
   }
   async function refreshAccessToken(refreshOptions, dpopKey, eventEmitter) {
+    var _a;
     const tokenSet = await refreshOptions.tokenRefresher.refresh(refreshOptions.sessionId, refreshOptions.refreshToken, dpopKey);
-    eventEmitter?.emit(EVENTS.SESSION_EXTENDED, tokenSet.expiresIn ?? DEFAULT_EXPIRATION_TIME_SECONDS);
+    eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.SESSION_EXTENDED, (_a = tokenSet.expiresIn) !== null && _a !== void 0 ? _a : DEFAULT_EXPIRATION_TIME_SECONDS);
+    if (typeof tokenSet.refreshToken === "string") {
+      eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
+    }
     return {
       accessToken: tokenSet.accessToken,
       refreshToken: tokenSet.refreshToken,
@@ -45397,12 +45353,14 @@ _:patch
     }
     return DEFAULT_EXPIRATION_TIME_SECONDS;
   };
-  function buildAuthenticatedFetch(accessToken, options) {
+  async function buildAuthenticatedFetch(accessToken, options) {
+    var _a;
     let currentAccessToken = accessToken;
     let latestTimeout;
-    const currentRefreshOptions = options?.refreshOptions;
+    const currentRefreshOptions = options === null || options === void 0 ? void 0 : options.refreshOptions;
     if (currentRefreshOptions !== void 0) {
       const proactivelyRefreshToken = async () => {
+        var _a2, _b, _c, _d;
         try {
           const { accessToken: refreshedAccessToken, refreshToken, expiresIn } = await refreshAccessToken(
             currentRefreshOptions,
@@ -45418,14 +45376,14 @@ _:patch
           }
           clearTimeout(latestTimeout);
           latestTimeout = setTimeout(proactivelyRefreshToken, computeRefreshDelay(expiresIn) * 1e3);
-          options.eventEmitter?.emit(EVENTS.TIMEOUT_SET, latestTimeout);
+          (_a2 = options.eventEmitter) === null || _a2 === void 0 ? void 0 : _a2.emit(EVENTS.TIMEOUT_SET, latestTimeout);
         } catch (e) {
           if (e instanceof OidcProviderError) {
-            options?.eventEmitter?.emit(EVENTS.ERROR, e.error, e.errorDescription);
-            options?.eventEmitter?.emit(EVENTS.SESSION_EXPIRED);
+            (_b = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _b === void 0 ? void 0 : _b.emit(EVENTS.ERROR, e.error, e.errorDescription);
+            (_c = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _c === void 0 ? void 0 : _c.emit(EVENTS.SESSION_EXPIRED);
           }
           if (e instanceof InvalidResponseError && e.missingFields.includes("access_token")) {
-            options?.eventEmitter?.emit(EVENTS.SESSION_EXPIRED);
+            (_d = options === null || options === void 0 ? void 0 : options.eventEmitter) === null || _d === void 0 ? void 0 : _d.emit(EVENTS.SESSION_EXPIRED);
           }
         }
       };
@@ -45435,7 +45393,7 @@ _:patch
         // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         computeRefreshDelay(options.expiresIn) * 1e3
       );
-      options.eventEmitter?.emit(EVENTS.TIMEOUT_SET, latestTimeout);
+      (_a = options.eventEmitter) === null || _a === void 0 ? void 0 : _a.emit(EVENTS.TIMEOUT_SET, latestTimeout);
     } else if (options !== void 0 && options.eventEmitter !== void 0) {
       const expirationTimeout = setTimeout(() => {
         options.eventEmitter.emit(EVENTS.SESSION_EXPIRED);
@@ -45443,13 +45401,13 @@ _:patch
       options.eventEmitter.emit(EVENTS.TIMEOUT_SET, expirationTimeout);
     }
     return async (url7, requestInit) => {
-      let response6 = await makeAuthenticatedRequest(currentAccessToken, url7, requestInit, options?.dpopKey);
+      let response6 = await makeAuthenticatedRequest(currentAccessToken, url7, requestInit, options === null || options === void 0 ? void 0 : options.dpopKey);
       const failedButNotExpectedAuthError = !response6.ok && !isExpectedAuthError(response6.status);
       if (response6.ok || failedButNotExpectedAuthError) {
         return response6;
       }
       const hasBeenRedirected = response6.url !== url7;
-      if (hasBeenRedirected && options?.dpopKey !== void 0) {
+      if (hasBeenRedirected && (options === null || options === void 0 ? void 0 : options.dpopKey) !== void 0) {
         response6 = await makeAuthenticatedRequest(
           currentAccessToken,
           // Replace the original target IRI (`url`) by the redirection target
@@ -45494,17 +45452,11 @@ _:patch
       return native_default2.randomUUID();
     }
     options = options || {};
-    const rnds = options.random ?? options.rng?.() ?? rng2();
-    if (rnds.length < 16) {
-      throw new Error("Random bytes length must be >= 16");
-    }
+    const rnds = options.random || (options.rng || rng2)();
     rnds[6] = rnds[6] & 15 | 64;
     rnds[8] = rnds[8] & 63 | 128;
     if (buf) {
       offset3 = offset3 || 0;
-      if (offset3 < 0 || offset3 + 16 > buf.length) {
-        throw new RangeError(`UUID byte range ${offset3}:${offset3 + 15} is out of buffer bounds`);
-      }
       for (let i = 0; i < 16; ++i) {
         buf[offset3 + i] = rnds[i];
       }
@@ -45521,32 +45473,27 @@ _:patch
   var import_oidc_client = __toESM(require_oidc_client_min());
   var import_oidc_client2 = __toESM(require_oidc_client_min());
   function processErrorResponse(responseBody, options) {
+    var _a, _b, _c, _d;
     if (responseBody.error === "invalid_redirect_uri") {
-      throw new Error(`Dynamic client registration failed: the provided redirect uri [${options.redirectUrl?.toString()}] is invalid - ${responseBody.error_description ?? ""}`);
+      throw new Error(`Dynamic client registration failed: the provided redirect uri [${(_a = options.redirectUrl) === null || _a === void 0 ? void 0 : _a.toString()}] is invalid - ${(_b = responseBody.error_description) !== null && _b !== void 0 ? _b : ""}`);
     }
     if (responseBody.error === "invalid_client_metadata") {
-      throw new Error(`Dynamic client registration failed: the provided client metadata ${JSON.stringify(options)} is invalid - ${responseBody.error_description ?? ""}`);
+      throw new Error(`Dynamic client registration failed: the provided client metadata ${JSON.stringify(options)} is invalid - ${(_c = responseBody.error_description) !== null && _c !== void 0 ? _c : ""}`);
     }
-    throw new Error(`Dynamic client registration failed: ${responseBody.error} - ${responseBody.error_description ?? ""}`);
-  }
-  function hasClientId(body) {
-    return typeof body.client_id === "string";
-  }
-  function hasRedirectUri(body) {
-    return Array.isArray(body.redirect_uris) && body.redirect_uris.every((uri6) => typeof uri6 === "string");
+    throw new Error(`Dynamic client registration failed: ${responseBody.error} - ${(_d = responseBody.error_description) !== null && _d !== void 0 ? _d : ""}`);
   }
   function validateRegistrationResponse(responseBody, options) {
-    if (!hasClientId(responseBody)) {
+    if (responseBody.client_id === void 0) {
       throw new Error(`Dynamic client registration failed: no client_id has been found on ${JSON.stringify(responseBody)}`);
     }
-    if (options.redirectUrl && hasRedirectUri(responseBody) && responseBody.redirect_uris[0] !== options.redirectUrl.toString()) {
+    if (options.redirectUrl && (responseBody.redirect_uris === void 0 || responseBody.redirect_uris[0] !== options.redirectUrl.toString())) {
       throw new Error(`Dynamic client registration failed: the returned redirect URIs ${JSON.stringify(responseBody.redirect_uris)} don't match the provided ${JSON.stringify([
         options.redirectUrl.toString()
       ])}`);
     }
-    return true;
   }
   async function registerClient(options, issuerConfig) {
+    var _a;
     if (!issuerConfig.registrationEndpoint) {
       throw new Error("Dynamic Registration could not be completed because the issuer has no registration endpoint.");
     }
@@ -45558,7 +45505,7 @@ _:patch
       /* eslint-disable camelcase */
       client_name: options.clientName,
       application_type: "web",
-      redirect_uris: [options.redirectUrl?.toString()],
+      redirect_uris: [(_a = options.redirectUrl) === null || _a === void 0 ? void 0 : _a.toString()],
       subject_type: "public",
       token_endpoint_auth_method: "client_secret_basic",
       id_token_signed_response_alg: signingAlg,
@@ -45579,7 +45526,6 @@ _:patch
       return {
         clientId: responseBody.client_id,
         clientSecret: responseBody.client_secret,
-        expiresAt: responseBody.client_secret_expires_at,
         idTokenSignedResponseAlg: responseBody.id_token_signed_response_alg,
         clientType: "dynamic"
       };
@@ -45687,7 +45633,7 @@ _:patch
     try {
       new URL(url7);
       return true;
-    } catch {
+    } catch (_a) {
       return false;
     }
   };
@@ -45788,54 +45734,50 @@ _:patch
     }
   };
   var ClientAuthentication2 = class extends ClientAuthentication {
-    // Define these functions as properties so that they don't get accidentally re-bound.
-    // Isn't Javascript fun?
-    login = async (options, eventEmitter) => {
-      if (options.prompt !== "none") {
+    constructor() {
+      super(...arguments);
+      this.login = async (options, eventEmitter) => {
+        var _a, _b;
         await this.sessionInfoManager.clear(options.sessionId);
-      }
-      const redirectUrl = options.redirectUrl ?? normalizeCallbackUrl(window.location.href);
-      if (!isValidRedirectUrl(redirectUrl)) {
-        throw new Error(`${redirectUrl} is not a valid redirect URL, it is either a malformed IRI, includes a hash fragment, or reserved query parameters ('code' or 'state').`);
-      }
-      await this.loginHandler.handle({
-        ...options,
-        redirectUrl,
-        // If no clientName is provided, the clientId may be used instead.
-        clientName: options.clientName ?? options.clientId,
-        eventEmitter
-      });
-    };
-    // Collects session information from storage, and returns them. Returns null
-    // if the expected information cannot be found.
-    // Note that the ID token is not stored, which means the session information
-    // cannot be validated at this point.
-    validateCurrentSession = async (currentSessionId) => {
-      const sessionInfo = await this.sessionInfoManager.get(currentSessionId);
-      if (sessionInfo === void 0 || sessionInfo.clientAppId === void 0 || sessionInfo.issuer === void 0) {
-        return null;
-      }
-      return sessionInfo;
-    };
-    handleIncomingRedirect = async (url7, eventEmitter) => {
-      try {
-        const redirectInfo = await this.redirectHandler.handle(url7, eventEmitter, void 0);
-        this.fetch = redirectInfo.fetch.bind(window);
-        this.boundLogout = redirectInfo.getLogoutUrl;
-        await this.cleanUrlAfterRedirect(url7);
-        return {
-          isLoggedIn: redirectInfo.isLoggedIn,
-          webId: redirectInfo.webId,
-          sessionId: redirectInfo.sessionId,
-          expirationDate: redirectInfo.expirationDate,
-          clientAppId: redirectInfo.clientAppId
-        };
-      } catch (err) {
-        await this.cleanUrlAfterRedirect(url7);
-        eventEmitter.emit(EVENTS.ERROR, "redirect", err);
-        return void 0;
-      }
-    };
+        const redirectUrl = (_a = options.redirectUrl) !== null && _a !== void 0 ? _a : normalizeCallbackUrl(window.location.href);
+        if (!isValidRedirectUrl(redirectUrl)) {
+          throw new Error(`${redirectUrl} is not a valid redirect URL, it is either a malformed IRI, includes a hash fragment, or reserved query parameters ('code' or 'state').`);
+        }
+        await this.loginHandler.handle({
+          ...options,
+          redirectUrl,
+          // If no clientName is provided, the clientId may be used instead.
+          clientName: (_b = options.clientName) !== null && _b !== void 0 ? _b : options.clientId,
+          eventEmitter
+        });
+      };
+      this.validateCurrentSession = async (currentSessionId) => {
+        const sessionInfo = await this.sessionInfoManager.get(currentSessionId);
+        if (sessionInfo === void 0 || sessionInfo.clientAppId === void 0 || sessionInfo.issuer === void 0) {
+          return null;
+        }
+        return sessionInfo;
+      };
+      this.handleIncomingRedirect = async (url7, eventEmitter) => {
+        try {
+          const redirectInfo = await this.redirectHandler.handle(url7, eventEmitter, void 0);
+          this.fetch = redirectInfo.fetch.bind(window);
+          this.boundLogout = redirectInfo.getLogoutUrl;
+          await this.cleanUrlAfterRedirect(url7);
+          return {
+            isLoggedIn: redirectInfo.isLoggedIn,
+            webId: redirectInfo.webId,
+            sessionId: redirectInfo.sessionId,
+            expirationDate: redirectInfo.expirationDate,
+            clientAppId: redirectInfo.clientAppId
+          };
+        } catch (err) {
+          await this.cleanUrlAfterRedirect(url7);
+          eventEmitter.emit(EVENTS.ERROR, "redirect", err);
+          return void 0;
+        }
+      };
+    }
     async cleanUrlAfterRedirect(url7) {
       const cleanedUpUrl = removeOpenIdParams(url7).href;
       window.history.replaceState(null, "", cleanedUpUrl);
@@ -45853,10 +45795,6 @@ _:patch
     return typeof options.redirectUrl === "string";
   }
   var OidcLoginHandler = class {
-    storageUtility;
-    oidcHandler;
-    issuerConfigFetcher;
-    clientRegistrar;
     constructor(storageUtility, oidcHandler, issuerConfigFetcher, clientRegistrar) {
       this.storageUtility = storageUtility;
       this.oidcHandler = oidcHandler;
@@ -45897,6 +45835,7 @@ _:patch
   };
   var AuthorizationCodeWithPkceOidcHandler = class extends AuthorizationCodeWithPkceOidcHandlerBase {
     async handle(oidcLoginOptions) {
+      var _a;
       const oidcOptions = {
         authority: oidcLoginOptions.issuer.toString(),
         client_id: oidcLoginOptions.client.clientId,
@@ -45910,12 +45849,12 @@ _:patch
         // profile referenced by the WebId.
         loadUserInfo: false,
         code_verifier: true,
-        prompt: oidcLoginOptions.prompt ?? "consent"
+        prompt: (_a = oidcLoginOptions.prompt) !== null && _a !== void 0 ? _a : "consent"
       };
       const oidcClientLibrary = new import_oidc_client2.OidcClient(oidcOptions);
       try {
         const signingRequest = await oidcClientLibrary.createSigninRequest();
-        return await this.setupRedirectHandler({
+        return await this.handleRedirect({
           oidcLoginOptions,
           // eslint-disable-next-line no-underscore-dangle
           state: signingRequest.state._id,
@@ -46030,7 +45969,6 @@ _:patch
     return parsedConfig;
   }
   var IssuerConfigFetcher = class _IssuerConfigFetcher {
-    storageUtility;
     constructor(storageUtility) {
       this.storageUtility = storageUtility;
       this.storageUtility = storageUtility;
@@ -46113,7 +46051,7 @@ _:patch
         clientAppId: clientId,
         clientAppSecret: clientSecret,
         // Default the token type to DPoP if unspecified.
-        tokenType: tokenType ?? "DPoP"
+        tokenType: tokenType !== null && tokenType !== void 0 ? tokenType : "DPoP"
       };
     }
     /**
@@ -46140,11 +46078,6 @@ _:patch
     }
   };
   var AuthCodeRedirectHandler = class {
-    storageUtility;
-    sessionInfoManager;
-    issuerConfigFetcher;
-    clientRegistrar;
-    tokerRefresher;
     constructor(storageUtility, sessionInfoManager, issuerConfigFetcher, clientRegistrar, tokerRefresher) {
       this.storageUtility = storageUtility;
       this.sessionInfoManager = sessionInfoManager;
@@ -46204,7 +46137,7 @@ _:patch
           tokenRefresher: this.tokerRefresher
         };
       }
-      const authFetch = buildAuthenticatedFetch(tokens.accessToken, {
+      const authFetch = await buildAuthenticatedFetch(tokens.accessToken, {
         dpopKey: tokens.dpopKey,
         refreshOptions,
         eventEmitter,
@@ -46256,22 +46189,18 @@ _:patch
     }
   };
   var ClientRegistrar = class {
-    storageUtility;
     constructor(storageUtility) {
       this.storageUtility = storageUtility;
       this.storageUtility = storageUtility;
     }
     async getClient(options, issuerConfig) {
-      const [storedClientId, storedClientSecret, expiresAt, storedClientName, storedClientType] = await Promise.all([
+      const [storedClientId, storedClientSecret, storedClientName, storedClientType] = await Promise.all([
         this.storageUtility.getForUser(options.sessionId, "clientId", {
           secure: false
         }),
         this.storageUtility.getForUser(options.sessionId, "clientSecret", {
           secure: false
         }),
-        this.storageUtility.getForUser(options.sessionId, "expiresAt", {
-          secure: false
-        }),
         this.storageUtility.getForUser(options.sessionId, "clientName", {
           secure: false
         }),
@@ -46279,22 +46208,13 @@ _:patch
           secure: false
         })
       ]);
-      const expirationDate2 = expiresAt !== void 0 ? Number.parseInt(expiresAt, 10) : -1;
-      const expired = storedClientSecret !== void 0 && Math.floor(Date.now() / 1e3) > expirationDate2;
-      if (storedClientId && isKnownClientType(storedClientType) && !expired) {
-        return storedClientSecret !== void 0 ? {
+      if (storedClientId && isKnownClientType(storedClientType)) {
+        return {
           clientId: storedClientId,
           clientSecret: storedClientSecret,
           clientName: storedClientName,
           // Note: static clients are not applicable in a browser context.
-          clientType: "dynamic",
-          expiresAt: expirationDate2
-        } : {
-          clientId: storedClientId,
-          clientName: storedClientName,
-          // Note: static clients are not applicable in a browser context.
           clientType: storedClientType
-          // The type assertion is required even though the type should match the declaration.
         };
       }
       try {
@@ -46303,9 +46223,8 @@ _:patch
           clientId: registeredClient.clientId,
           clientType: "dynamic"
         };
-        if (registeredClient.clientSecret !== void 0) {
+        if (registeredClient.clientSecret) {
           infoToSave.clientSecret = registeredClient.clientSecret;
-          infoToSave.expiresAt = String(registeredClient.expiresAt);
         }
         if (registeredClient.idTokenSignedResponseAlg) {
           infoToSave.idTokenSignedResponseAlg = registeredClient.idTokenSignedResponseAlg;
@@ -46318,7 +46237,7 @@ _:patch
         });
         return registeredClient;
       } catch (error4) {
-        throw new Error(`Client registration failed.`, { cause: error4 });
+        throw new Error(`Client registration failed: [${error4}]`);
       }
     }
   };
@@ -46341,9 +46260,6 @@ _:patch
     }
   };
   var TokenRefresher = class {
-    storageUtility;
-    issuerConfigFetcher;
-    clientRegistrar;
     constructor(storageUtility, issuerConfigFetcher, clientRegistrar) {
       this.storageUtility = storageUtility;
       this.issuerConfigFetcher = issuerConfigFetcher;
@@ -46363,7 +46279,7 @@ _:patch
       }
       const tokenSet = await refresh(refreshToken, oidcContext.issuerConfig, clientInfo, dpopKey);
       if (tokenSet.refreshToken !== void 0) {
-        eventEmitter?.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
+        eventEmitter === null || eventEmitter === void 0 ? void 0 : eventEmitter.emit(EVENTS.NEW_REFRESH_TOKEN, tokenSet.refreshToken);
       }
       return tokenSet;
     }
@@ -46391,6 +46307,7 @@ _:patch
   var KEY_CURRENT_SESSION = `${SOLID_CLIENT_AUTHN_KEY_PREFIX}currentSession`;
   var KEY_CURRENT_URL = `${SOLID_CLIENT_AUTHN_KEY_PREFIX}currentUrl`;
   async function silentlyAuthenticate(sessionId, clientAuthn, session4) {
+    var _a;
     const storedSessionInfo = await clientAuthn.validateCurrentSession(sessionId);
     if (storedSessionInfo !== null) {
       window.localStorage.setItem(KEY_CURRENT_URL, window.location.href);
@@ -46401,28 +46318,16 @@ _:patch
         redirectUrl: storedSessionInfo.redirectUrl,
         clientId: storedSessionInfo.clientAppId,
         clientSecret: storedSessionInfo.clientAppSecret,
-        tokenType: storedSessionInfo.tokenType ?? "DPoP"
+        tokenType: (_a = storedSessionInfo.tokenType) !== null && _a !== void 0 ? _a : "DPoP"
       }, session4.events);
       return true;
     }
     return false;
   }
   function isLoggedIn(sessionInfo) {
-    return !!sessionInfo?.isLoggedIn;
+    return !!(sessionInfo === null || sessionInfo === void 0 ? void 0 : sessionInfo.isLoggedIn);
   }
   var Session = class {
-    /**
-     * Information regarding the current session.
-     */
-    info;
-    /**
-     * Session attribute exposing the EventEmitter interface, to listen on session
-     * events such as login, logout, etc.
-     * @since 1.15.0
-     */
-    events;
-    clientAuthentication;
-    tokenRequestInProgress = false;
     /**
      * Session object constructor. Typically called as follows:
      *
@@ -46439,6 +46344,62 @@ _:patch
      *
      */
     constructor(sessionOptions = {}, sessionId = void 0) {
+      this.tokenRequestInProgress = false;
+      this.login = async (options) => {
+        var _a;
+        await this.clientAuthentication.login({
+          sessionId: this.info.sessionId,
+          ...options,
+          // Defaults the token type to DPoP
+          tokenType: (_a = options.tokenType) !== null && _a !== void 0 ? _a : "DPoP"
+        }, this.events);
+        return new Promise(() => {
+        });
+      };
+      this.fetch = (url7, init) => this.clientAuthentication.fetch(url7, init);
+      this.internalLogout = async (emitSignal, options) => {
+        window.localStorage.removeItem(KEY_CURRENT_SESSION);
+        await this.clientAuthentication.logout(this.info.sessionId, options);
+        this.info.isLoggedIn = false;
+        if (emitSignal) {
+          this.events.emit(EVENTS.LOGOUT);
+        }
+      };
+      this.logout = async (options) => this.internalLogout(true, options);
+      this.handleIncomingRedirect = async (inputOptions = {}) => {
+        var _a;
+        if (this.info.isLoggedIn) {
+          return this.info;
+        }
+        if (this.tokenRequestInProgress) {
+          return void 0;
+        }
+        const options = typeof inputOptions === "string" ? { url: inputOptions } : inputOptions;
+        const url7 = (_a = options.url) !== null && _a !== void 0 ? _a : window.location.href;
+        this.tokenRequestInProgress = true;
+        const sessionInfo = await this.clientAuthentication.handleIncomingRedirect(url7, this.events);
+        if (isLoggedIn(sessionInfo)) {
+          this.setSessionInfo(sessionInfo);
+          const currentUrl = window.localStorage.getItem(KEY_CURRENT_URL);
+          if (currentUrl === null) {
+            this.events.emit(EVENTS.LOGIN);
+          } else {
+            window.localStorage.removeItem(KEY_CURRENT_URL);
+            this.events.emit(EVENTS.SESSION_RESTORED, currentUrl);
+          }
+        } else if (options.restorePreviousSession === true) {
+          const storedSessionId = window.localStorage.getItem(KEY_CURRENT_SESSION);
+          if (storedSessionId !== null) {
+            const attemptedSilentAuthentication = await silentlyAuthenticate(storedSessionId, this.clientAuthentication, this);
+            if (attemptedSilentAuthentication) {
+              return new Promise(() => {
+              });
+            }
+          }
+        }
+        this.tokenRequestInProgress = false;
+        return sessionInfo;
+      };
       this.events = new import_events.default();
       if (sessionOptions.clientAuthentication) {
         this.clientAuthentication = sessionOptions.clientAuthentication;
@@ -46459,7 +46420,7 @@ _:patch
         };
       } else {
         this.info = {
-          sessionId: sessionId ?? v4_default2(),
+          sessionId: sessionId !== null && sessionId !== void 0 ? sessionId : v4_default2(),
           isLoggedIn: false
         };
       }
@@ -46467,123 +46428,6 @@ _:patch
       this.events.on(EVENTS.SESSION_EXPIRED, () => this.internalLogout(false));
       this.events.on(EVENTS.ERROR, () => this.internalLogout(false));
     }
-    /**
-     * Triggers the login process. Note that this method will redirect the user away from your app.
-     *
-     * @param options Parameter to customize the login behaviour. In particular, two options are mandatory: `options.oidcIssuer`, the user's identity provider, and `options.redirectUrl`, the URL to which the user will be redirected after logging in their identity provider.
-     * @returns This method should redirect the user away from the app: it does not return anything. The login process is completed by {@linkcode handleIncomingRedirect}.
-     */
-    // Define these functions as properties so that they don't get accidentally re-bound.
-    // Isn't Javascript fun?
-    login = async (options) => {
-      await this.clientAuthentication.login({
-        sessionId: this.info.sessionId,
-        ...options,
-        // Defaults the token type to DPoP
-        tokenType: options.tokenType ?? "DPoP"
-      }, this.events);
-      return new Promise(() => {
-      });
-    };
-    /**
-     * Fetches data using available login information. If the user is not logged in, this will behave as a regular `fetch`. The signature of this method is identical to the [canonical `fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API).
-     *
-     * @param url The URL from which data should be fetched.
-     * @param init Optional parameters customizing the request, by specifying an HTTP method, headers, a body, etc. Follows the [WHATWG Fetch Standard](https://fetch.spec.whatwg.org/).
-     */
-    fetch = (url7, init) => this.clientAuthentication.fetch(url7, init);
-    /**
-     * An internal logout function, to control whether or not the logout signal
-     * should be sent, i.e. if the logout was user-initiated or is the result of
-     * an external event.
-     *
-     * @hidden
-     */
-    internalLogout = async (emitSignal, options) => {
-      window.localStorage.removeItem(KEY_CURRENT_SESSION);
-      await this.clientAuthentication.logout(this.info.sessionId, options);
-      this.info.isLoggedIn = false;
-      if (emitSignal) {
-        this.events.emit(EVENTS.LOGOUT);
-      }
-    };
-    /**
-     * Logs the user out of the application.
-     *
-     * There are 2 types of logout supported by this library,
-     * `app` logout and `idp` logout.
-     *
-     * App logout will log the user out within the application
-     * by clearing any session data from the browser. It does
-     * not log the user out of their Solid identity provider,
-     * and should not redirect the user away.
-     * App logout can be performed as follows:
-     * ```typescript
-     * await session.logout({ logoutType: 'app' });
-     * ```
-     *
-     * IDP logout will log the user out of their Solid identity provider,
-     * and will redirect the user away from the application to do so. In order
-     * for users to be redirected back to `postLogoutUrl` you MUST include the
-     * `postLogoutUrl` value in the `post_logout_redirect_uris` field in the
-     * [Client ID Document](https://docs.inrupt.com/ess/latest/security/authentication/#client-identifier-client-id).
-     * IDP logout can be performed as follows:
-     * ```typescript
-     * await session.logout({
-     *  logoutType: 'idp',
-     *  // An optional URL to redirect to after logout has completed;
-     *  // this MUST match a logout URL listed in the Client ID Document
-     *  // of the application that is logged in.
-     *  // If the application is logged in with a Client ID that is not
-     *  // a URI dereferencing to a Client ID Document then users will
-     *  // not be redirected back to the `postLogoutUrl` after logout.
-     *  postLogoutUrl: 'https://example.com/logout',
-     *  // An optional value to be included in the query parameters
-     *  // when the IDP provider redirects the user to the postLogoutRedirectUrl.
-     *  state: "my-state"
-     * });
-     * ```
-     */
-    logout = async (options) => this.internalLogout(true, options);
-    /**
-     * Completes the login process by processing the information provided by the
-     * Solid identity provider through redirect.
-     *
-     * @param options See {@link IHandleIncomingRedirectOptions}.
-     */
-    handleIncomingRedirect = async (inputOptions = {}) => {
-      if (this.info.isLoggedIn) {
-        return this.info;
-      }
-      if (this.tokenRequestInProgress) {
-        return void 0;
-      }
-      const options = typeof inputOptions === "string" ? { url: inputOptions } : inputOptions;
-      const url7 = options.url ?? window.location.href;
-      this.tokenRequestInProgress = true;
-      const sessionInfo = await this.clientAuthentication.handleIncomingRedirect(url7, this.events);
-      if (isLoggedIn(sessionInfo)) {
-        this.setSessionInfo(sessionInfo);
-        const currentUrl = window.localStorage.getItem(KEY_CURRENT_URL);
-        if (currentUrl === null) {
-          this.events.emit(EVENTS.LOGIN);
-        } else {
-          window.localStorage.removeItem(KEY_CURRENT_URL);
-          this.events.emit(EVENTS.SESSION_RESTORED, currentUrl);
-        }
-      } else if (options.restorePreviousSession === true) {
-        const storedSessionId = window.localStorage.getItem(KEY_CURRENT_SESSION);
-        if (storedSessionId !== null) {
-          const attemptedSilentAuthentication = await silentlyAuthenticate(storedSessionId, this.clientAuthentication, this);
-          if (attemptedSilentAuthentication) {
-            return new Promise(() => {
-            });
-          }
-        }
-      }
-      this.tokenRequestInProgress = false;
-      return sessionInfo;
-    };
     setSessionInfo(sessionInfo) {
       this.info.isLoggedIn = sessionInfo.isLoggedIn;
       this.info.webId = sessionInfo.webId;