@schemavaults/auth-common 0.7.27

package/dist/middleware/parse-navigation-path.js

@@ -0,0 +1,28 @@
+function stripSearchParams(path_url) {
+    if (!path_url.includes("?")) {
+        return path_url;
+    }
+    return path_url.split("?")[0];
+}
+export function parseNavigationPath(path_url) {
+    if (typeof path_url !== "string") {
+        throw new Error(`parseNavigationPath: path_url must be a string, received type ${typeof path_url}`);
+    }
+    let url = path_url;
+    if (url.startsWith("//")) {
+        url = url.slice(2);
+    }
+    else if (url.startsWith("/")) {
+        url = url.slice(1);
+    }
+    if (url.endsWith("/")) {
+        url = url.slice(0, -1);
+    }
+    if (url === "") {
+        return [];
+    }
+    url = stripSearchParams(url);
+    return url.split("/");
+}
+export default parseNavigationPath;
+//# sourceMappingURL=parse-navigation-path.js.map

package/dist/middleware/parse-navigation-path.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"parse-navigation-path.js","sourceRoot":"","sources":["../../src/middleware/parse-navigation-path.ts"],"names":[],"mappings":"AAEA,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IACD,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,iEAAiE,OAAO,QAAQ,EAAE,CACnF,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,GAAW,QAAQ,CAAC;IAE3B,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,IAAI,GAAG,KAAK,EAAE,EAAE,CAAC;QACf,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,GAAG,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE7B,OAAO,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACxB,CAAC;AAED,eAAe,mBAAmB,CAAC"}

package/dist/middleware/token-source.d.ts

@@ -0,0 +1,6 @@
+import type { AuthTokenTypes } from "../token-data";
+export interface PotentiallyValidTokenSource {
+    type: AuthTokenTypes;
+    token: string;
+    sourceHint?: string;
+}

package/dist/middleware/token-source.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=token-source.js.map

package/dist/middleware/token-source.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-source.js","sourceRoot":"","sources":["../../src/middleware/token-source.ts"],"names":[],"mappings":""}

package/dist/organizations/index.d.ts

@@ -0,0 +1,5 @@
+export { organizationIdSchema, isValidOrganizationID } from "./organization_id";
+export type { OrganizationID } from "./organization_id";
+export { organizationDefinitionSchema } from "./organization_definition";
+export type { OrganizationDefinition } from "./organization_definition";
+export { SCHEMAVAULTS_ORGANIZATION_ID } from "./schemavaults_org_id";

package/dist/organizations/index.js

@@ -0,0 +1,4 @@
+export { organizationIdSchema, isValidOrganizationID } from "./organization_id";
+export { organizationDefinitionSchema } from "./organization_definition";
+export { SCHEMAVAULTS_ORGANIZATION_ID } from "./schemavaults_org_id";
+//# sourceMappingURL=index.js.map

package/dist/organizations/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/organizations/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAGhF,OAAO,EAAE,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAGzE,OAAO,EAAE,4BAA4B,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/organizations/organization_constants.d.ts

@@ -0,0 +1,4 @@
+export declare const MINIMUM_ORGANIZATION_ID_LENGTH: 4;
+export declare const MAXIMUM_ORGANIZATION_ID_LENGTH: 64;
+export declare const MINIMUM_ORGANIZATION_NAME_LENGTH: 1;
+export declare const MAXIMUM_ORGANIZATION_NAME_LENGTH: 64;

package/dist/organizations/organization_constants.js

@@ -0,0 +1,5 @@
+export const MINIMUM_ORGANIZATION_ID_LENGTH = 4;
+export const MAXIMUM_ORGANIZATION_ID_LENGTH = 64;
+export const MINIMUM_ORGANIZATION_NAME_LENGTH = 1;
+export const MAXIMUM_ORGANIZATION_NAME_LENGTH = 64;
+//# sourceMappingURL=organization_constants.js.map

package/dist/organizations/organization_constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"organization_constants.js","sourceRoot":"","sources":["../../src/organizations/organization_constants.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAA2B,CAAC;AAC1E,MAAM,CAAC,MAAM,8BAA8B,GAAG,EAA4B,CAAC;AAE3E,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAA2B,CAAC;AAC5E,MAAM,CAAC,MAAM,gCAAgC,GAAG,EAA4B,CAAC"}

package/dist/organizations/organization_definition.d.ts

@@ -0,0 +1,15 @@
+import { z } from "zod";
+export declare const organizationDefinitionSchema: z.ZodObject<{
+    organization_id: z.ZodEffects<z.ZodString, string, string>;
+    name: z.ZodString;
+    created_at: z.ZodNumber;
+}, "strict", z.ZodTypeAny, {
+    organization_id: string;
+    name: string;
+    created_at: number;
+}, {
+    organization_id: string;
+    name: string;
+    created_at: number;
+}>;
+export type OrganizationDefinition = z.infer<typeof organizationDefinitionSchema>;

package/dist/organizations/organization_definition.js

@@ -0,0 +1,20 @@
+import { z } from "zod";
+import { organizationIdSchema } from "./organization_id";
+import { MAXIMUM_ORGANIZATION_NAME_LENGTH, MINIMUM_ORGANIZATION_NAME_LENGTH, } from "./organization_constants";
+const organizationNameSchema = z
+    .string()
+    .min(MINIMUM_ORGANIZATION_NAME_LENGTH, `Organization name must be at least ${MINIMUM_ORGANIZATION_NAME_LENGTH} character${MINIMUM_ORGANIZATION_NAME_LENGTH >= 2 ? "s" : ""} long.`)
+    .max(MAXIMUM_ORGANIZATION_NAME_LENGTH, `Organization name may not be longer than ${MAXIMUM_ORGANIZATION_NAME_LENGTH} characters long.`);
+export const organizationDefinitionSchema = z
+    .object({
+    organization_id: organizationIdSchema,
+    name: organizationNameSchema,
+    created_at: z.number().positive(),
+})
+    .required({
+    organization_id: true,
+    name: true,
+    created_at: true,
+})
+    .strict();
+//# sourceMappingURL=organization_definition.js.map

package/dist/organizations/organization_definition.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"organization_definition.js","sourceRoot":"","sources":["../../src/organizations/organization_definition.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AACzD,OAAO,EACL,gCAAgC,EAChC,gCAAgC,GACjC,MAAM,0BAA0B,CAAC;AAElC,MAAM,sBAAsB,GAAG,CAAC;KAC7B,MAAM,EAAE;KACR,GAAG,CACF,gCAAgC,EAChC,sCAAsC,gCAAgC,aAAa,gCAAgC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAC5I;KACA,GAAG,CACF,gCAAgC,EAChC,4CAA4C,gCAAgC,mBAAmB,CAChG,CAAC;AAEJ,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC;KAC1C,MAAM,CAAC;IACN,eAAe,EAAE,oBAAoB;IACrC,IAAI,EAAE,sBAAsB;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC;KACD,QAAQ,CAAC;IACR,eAAe,EAAE,IAAI;IACrB,IAAI,EAAE,IAAI;IACV,UAAU,EAAE,IAAI;CACjB,CAAC;KACD,MAAM,EAAE,CAAC"}

package/dist/organizations/organization_id.d.ts

@@ -0,0 +1,4 @@
+import { z } from "zod";
+export declare const organizationIdSchema: z.ZodEffects<z.ZodString, string, string>;
+export type OrganizationID = z.infer<typeof organizationIdSchema>;
+export declare function isValidOrganizationID(organization_id: string): organization_id is OrganizationID;

package/dist/organizations/organization_id.js

@@ -0,0 +1,17 @@
+import { z } from "zod";
+import { MAXIMUM_ORGANIZATION_ID_LENGTH, MINIMUM_ORGANIZATION_ID_LENGTH, } from "./organization_constants";
+export const organizationIdSchema = z
+    .string()
+    .min(MINIMUM_ORGANIZATION_ID_LENGTH, `Organization ID must be at least ${MINIMUM_ORGANIZATION_ID_LENGTH} characters long.`)
+    .max(MAXIMUM_ORGANIZATION_ID_LENGTH, `Organization ID may not be longer than ${MAXIMUM_ORGANIZATION_ID_LENGTH} characters long.`)
+    .regex(/^[a-z][a-z0-9_-]+$/, "Organization ID must start with a letter, and may only contain lowercase alphanumeric characters, numbers, hyphens and underscores.")
+    .refine((orgId) => {
+    if (orgId.endsWith("_") || orgId.endsWith("-")) {
+        return false;
+    }
+    return true;
+}, "Organization ID may not end with a hyphen or dash.");
+export function isValidOrganizationID(organization_id) {
+    return organizationIdSchema.safeParse(organization_id).success;
+}
+//# sourceMappingURL=organization_id.js.map

package/dist/organizations/organization_id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"organization_id.js","sourceRoot":"","sources":["../../src/organizations/organization_id.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,GAC/B,MAAM,0BAA0B,CAAC;AAElC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC;KAClC,MAAM,EAAE;KACR,GAAG,CACF,8BAA8B,EAC9B,oCAAoC,8BAA8B,mBAAmB,CACtF;KACA,GAAG,CACF,8BAA8B,EAC9B,0CAA0C,8BAA8B,mBAAmB,CAC5F;KACA,KAAK,CACJ,oBAAoB,EACpB,qIAAqI,CACtI;KACA,MAAM,CAAC,CAAC,KAAa,EAAW,EAAE;IACjC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,EAAE,oDAAoD,CAAC,CAAC;AAI3D,MAAM,UAAU,qBAAqB,CACnC,eAAuB;IAEvB,OAAO,oBAAoB,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC;AACjE,CAAC"}

package/dist/organizations/schemavaults_org_id.d.ts

@@ -0,0 +1 @@
+export declare const SCHEMAVAULTS_ORGANIZATION_ID: "schemavaults";

package/dist/organizations/schemavaults_org_id.js

@@ -0,0 +1,2 @@
+export const SCHEMAVAULTS_ORGANIZATION_ID = "schemavaults";
+//# sourceMappingURL=schemavaults_org_id.js.map

package/dist/organizations/schemavaults_org_id.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemavaults_org_id.js","sourceRoot":"","sources":["../../src/organizations/schemavaults_org_id.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,4BAA4B,GACvC,cAAgD,CAAC"}

package/dist/pkce/code_challenge.d.ts

@@ -0,0 +1,31 @@
+import { z } from "zod";
+import { type CodeVerifierWithDetails, type CodeVerifier } from "./code_verifier";
+export declare const code_challenge_method: "S256";
+export interface CreateCodeChallengeInputOptions {
+    code_verifier: Partial<CodeVerifierWithDetails> & {
+        code_verifier: CodeVerifier;
+        challenge_time: number;
+    };
+    sha256_digest: (code_verifier: string) => Promise<string>;
+}
+export declare function create_code_challenge(verifier_opts: CreateCodeChallengeInputOptions): Promise<CodeChallengeWithDetails>;
+export declare const codeChallengeSchema: z.ZodEffects<z.ZodString, string, string>;
+export type CodeChallenge = z.infer<typeof codeChallengeSchema>;
+export declare const codeChallengeWithDetailsSchema: z.ZodObject<{
+    code_challenge: z.ZodEffects<z.ZodString, string, string>;
+    code_challenge_method: z.ZodLiteral<"S256">;
+    challenge_time: z.ZodNumber;
+}, "strict", z.ZodTypeAny, {
+    challenge_time: number;
+    code_challenge: string;
+    code_challenge_method: "S256";
+}, {
+    challenge_time: number;
+    code_challenge: string;
+    code_challenge_method: "S256";
+}>;
+export type CodeChallengeWithDetails = {
+    code_challenge: CodeChallenge;
+    code_challenge_method: typeof code_challenge_method;
+    challenge_time: number;
+};

package/dist/pkce/code_challenge.js

@@ -0,0 +1,43 @@
+import { z } from "zod";
+import { MAX_PKCE_CODE_VERIFIER_AGE } from "./code_verifier";
+export const code_challenge_method = 'S256';
+// Create code challenge for Oauth2 PKCE
+// https://datatracker.ietf.org/doc/html/rfc7636#section-4.2
+export async function create_code_challenge(verifier_opts) {
+    if (!verifier_opts.code_verifier) {
+        throw new Error("[create_code_challenge] Missing code_verifier");
+    }
+    const { expires_at, max_age, code_verifier, challenge_time } = verifier_opts.code_verifier;
+    code_verifier;
+    if (typeof expires_at === 'number') {
+        if (expires_at < Date.now()) {
+            throw new Error("Code verifier has expired");
+        }
+    }
+    if (typeof max_age === 'number' && max_age !== MAX_PKCE_CODE_VERIFIER_AGE) {
+        throw new Error("Code verifier has invalid max_age");
+    }
+    const base64url_encoded_hash = await verifier_opts.sha256_digest(code_verifier);
+    if (typeof challenge_time !== 'number') {
+        throw new Error("'challenge_time' is a required field!");
+    }
+    return {
+        code_challenge: base64url_encoded_hash,
+        code_challenge_method,
+        challenge_time
+    };
+}
+const MIN_CODE_CHALLENGE_LENGTH = 43;
+const MAX_CODE_CHALLENGE_LENGTH = 1024;
+export const codeChallengeSchema = z.string()
+    .min(MIN_CODE_CHALLENGE_LENGTH)
+    .max(MAX_CODE_CHALLENGE_LENGTH)
+    .refine(value => /^[A-Za-z0-9_-]+$/.test(value), {
+    message: `Code challenge is not base64url encoded string`,
+});
+export const codeChallengeWithDetailsSchema = z.object({
+    code_challenge: codeChallengeSchema,
+    code_challenge_method: z.literal(code_challenge_method),
+    challenge_time: z.number().nonnegative()
+}).required().strict();
+//# sourceMappingURL=code_challenge.js.map

package/dist/pkce/code_challenge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"code_challenge.js","sourceRoot":"","sources":["../../src/pkce/code_challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAgC,0BAA0B,EAAqB,MAAM,iBAAiB,CAAC;AAE9G,MAAM,CAAC,MAAM,qBAAqB,GAAG,MAAe,CAAC;AAOrD,wCAAwC;AACxC,4DAA4D;AAC5D,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,aAA8C;IAE9C,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,aAAa,CAAC,aAAa,CAAC;IAC3F,aAAoC,CAAC;IACrC,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnC,IAAI,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAED,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAK,OAAO,KAAK,0BAA0B,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,sBAAsB,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;IAEhF,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO;QACL,cAAc,EAAE,sBAAsB;QACtC,qBAAqB;QACrB,cAAc;KACf,CAAC;AACJ,CAAC;AAED,MAAM,yBAAyB,GAAG,EAAW,CAAC;AAC9C,MAAM,yBAAyB,GAAG,IAAa,CAAC;AAEhD,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,EAAE;KAC1C,GAAG,CAAC,yBAAyB,CAAC;KAC9B,GAAG,CAAC,yBAAyB,CAAC;KAC9B,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;IAC/C,OAAO,EAAE,gDAAgD;CAC1D,CAAC,CAAC;AAIL,MAAM,CAAC,MAAM,8BAA8B,GAAG,CAAC,CAAC,MAAM,CAAC;IACrD,cAAc,EAAE,mBAAmB;IACnC,qBAAqB,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC;IACvD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;CACzC,CAAC,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,CAAA"}

package/dist/pkce/code_verifier.d.ts

@@ -0,0 +1,27 @@
+import { z } from "zod";
+export declare const MAX_PKCE_CODE_VERIFIER_AGE: number;
+export interface CreateCodeVerifierInputOptions {
+    challenge_time?: number;
+    generateRandomCodeVerifier?: () => string;
+    debug?: boolean;
+}
+export declare function create_code_verifier({ challenge_time, generateRandomCodeVerifier, debug, }: CreateCodeVerifierInputOptions): CodeVerifierWithDetails;
+export declare const codeVerifierSchema: z.ZodEffects<z.ZodString, string, string>;
+export type CodeVerifier = z.infer<typeof codeVerifierSchema>;
+export declare const codeVerifierWithDetailsSchema: z.ZodObject<{
+    challenge_time: z.ZodNumber;
+    code_verifier: z.ZodEffects<z.ZodString, string, string>;
+    expires_at: z.ZodNumber;
+    max_age: z.ZodNumber;
+}, "strict", z.ZodTypeAny, {
+    challenge_time: number;
+    code_verifier: string;
+    expires_at: number;
+    max_age: number;
+}, {
+    challenge_time: number;
+    code_verifier: string;
+    expires_at: number;
+    max_age: number;
+}>;
+export type CodeVerifierWithDetails = z.infer<typeof codeVerifierWithDetailsSchema>;

package/dist/pkce/code_verifier.js

@@ -0,0 +1,76 @@
+import isCryptoApiAvailable from "../is_crypto_api_available";
+import { z } from "zod";
+const MIN_CODE_VERIFIER_LENGTH = 43;
+const MAX_CODE_VERIFIER_LENGTH = 1024;
+export const MAX_PKCE_CODE_VERIFIER_AGE = 1000 * 60 * 60; // 1 hour
+function secureContextRandomCharacters() {
+    return Buffer.from(crypto.getRandomValues(new Uint8Array(512))).toString("base64");
+}
+function generatePseudoRandomBase64String() {
+    const randomCodeVerifierLength = Math.floor(Math.random() * (MAX_CODE_VERIFIER_LENGTH - MIN_CODE_VERIFIER_LENGTH + 1)) + MIN_CODE_VERIFIER_LENGTH;
+    const clamped_n_chars = Math.max(MIN_CODE_VERIFIER_LENGTH, Math.min(MAX_CODE_VERIFIER_LENGTH, randomCodeVerifierLength));
+    const n_chars = clamped_n_chars;
+    const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+    let result = "";
+    for (let i = 0; i < n_chars; i++) {
+        result += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return result;
+}
+// Create code verifier for Oauth2 PKCE
+// https://datatracker.ietf.org/doc/html/rfc7636#section-4.1
+export function create_code_verifier({ challenge_time, generateRandomCodeVerifier, debug = false, }) {
+    try {
+        let code_verifier = typeof generateRandomCodeVerifier === "function"
+            ? generateRandomCodeVerifier()
+            : (() => {
+                if (isCryptoApiAvailable()) {
+                    return secureContextRandomCharacters();
+                }
+                else {
+                    return generatePseudoRandomBase64String();
+                }
+            })();
+        const base64url_encoded_verifier = code_verifier.replace(/[^A-Za-z0-9_-]/g, "_");
+        if (debug) {
+            console.log("Created new code_verifier: ", base64url_encoded_verifier);
+        }
+        if (base64url_encoded_verifier.length < MIN_CODE_VERIFIER_LENGTH ||
+            base64url_encoded_verifier.length > MAX_CODE_VERIFIER_LENGTH) {
+            throw new Error(`Invalid code_verifier length: ${base64url_encoded_verifier.length}`);
+        }
+        const now = typeof challenge_time === "number" ? challenge_time : Date.now();
+        return {
+            code_verifier: base64url_encoded_verifier,
+            challenge_time: now,
+            expires_at: now + MAX_PKCE_CODE_VERIFIER_AGE - 1,
+            max_age: MAX_PKCE_CODE_VERIFIER_AGE,
+        };
+    }
+    catch (e) {
+        console.error("Failed to generate a new code_verifier with crypto: ", e);
+        throw new Error("Failed to generate a new code_verifier with crypto");
+    }
+}
+export const codeVerifierSchema = z
+    .string()
+    .min(MIN_CODE_VERIFIER_LENGTH)
+    .max(MAX_CODE_VERIFIER_LENGTH)
+    .refine((value) => /^[A-Za-z0-9_-]+$/.test(value), {
+    message: `Code verifier is not base64url encoded string`,
+});
+export const codeVerifierWithDetailsSchema = z
+    .object({
+    code_verifier: codeVerifierSchema,
+    challenge_time: z.number().nonnegative(),
+    expires_at: z.number().nonnegative(),
+    max_age: z.number().nonnegative(),
+})
+    .required({
+    code_verifier: true,
+    challenge_time: true,
+    expires_at: true,
+    max_age: true,
+})
+    .strict();
+//# sourceMappingURL=code_verifier.js.map

package/dist/pkce/code_verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"code_verifier.js","sourceRoot":"","sources":["../../src/pkce/code_verifier.ts"],"names":[],"mappings":"AAAA,OAAO,oBAAoB,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,wBAAwB,GAAG,EAAW,CAAC;AAC7C,MAAM,wBAAwB,GAAG,IAAa,CAAC;AAE/C,MAAM,CAAC,MAAM,0BAA0B,GAAW,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AAQ3E,SAAS,6BAA6B;IACpC,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CACtE,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,SAAS,gCAAgC;IACvC,MAAM,wBAAwB,GAC5B,IAAI,CAAC,KAAK,CACR,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,wBAAwB,GAAG,wBAAwB,GAAG,CAAC,CAAC,CAC1E,GAAG,wBAAwB,CAAC;IAC/B,MAAM,eAAe,GAAW,IAAI,CAAC,GAAG,CACtC,wBAAwB,EACxB,IAAI,CAAC,GAAG,CAAC,wBAAwB,EAAE,wBAAwB,CAAC,CAC7D,CAAC;IACF,MAAM,OAAO,GAAW,eAAe,CAAC;IACxC,MAAM,KAAK,GACT,kEAAkE,CAAC;IACrE,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,uCAAuC;AACvC,4DAA4D;AAC5D,MAAM,UAAU,oBAAoB,CAAC,EACnC,cAAc,EACd,0BAA0B,EAC1B,KAAK,GAAG,KAAK,GACkB;IAC/B,IAAI,CAAC;QACH,IAAI,aAAa,GACf,OAAO,0BAA0B,KAAK,UAAU;YAC9C,CAAC,CAAC,0BAA0B,EAAE;YAC9B,CAAC,CAAE,CAAC,GAAW,EAAE;gBACb,IAAI,oBAAoB,EAAE,EAAE,CAAC;oBAC3B,OAAO,6BAA6B,EAAE,CAAC;gBACzC,CAAC;qBAAM,CAAC;oBACN,OAAO,gCAAgC,EAAE,CAAC;gBAC5C,CAAC;YACH,CAAC,CAAC,EAAoB,CAAC;QAC7B,MAAM,0BAA0B,GAAW,aAAa,CAAC,OAAO,CAC9D,iBAAiB,EACjB,GAAG,CACJ,CAAC;QAEF,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,0BAA0B,CAAC,CAAC;QACzE,CAAC;QAED,IACE,0BAA0B,CAAC,MAAM,GAAG,wBAAwB;YAC5D,0BAA0B,CAAC,MAAM,GAAG,wBAAwB,EAC5D,CAAC;YACD,MAAM,IAAI,KAAK,CACb,iCAAiC,0BAA0B,CAAC,MAAM,EAAE,CACrE,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GACP,OAAO,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QAEnE,OAAO;YACL,aAAa,EAAE,0BAA0B;YACzC,cAAc,EAAE,GAAG;YACnB,UAAU,EAAE,GAAG,GAAG,0BAA0B,GAAG,CAAC;YAChD,OAAO,EAAE,0BAA0B;SACF,CAAC;IACtC,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,EAAE;KACR,GAAG,CAAC,wBAAwB,CAAC;KAC7B,GAAG,CAAC,wBAAwB,CAAC;KAC7B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;IACjD,OAAO,EAAE,+CAA+C;CACzD,CAAC,CAAC;AAIL,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC;KAC3C,MAAM,CAAC;IACN,aAAa,EAAE,kBAAkB;IACjC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;IACpC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE;CAClC,CAAC;KACD,QAAQ,CAAC;IACR,aAAa,EAAE,IAAI;IACnB,cAAc,EAAE,IAAI;IACpB,UAAU,EAAE,IAAI;IAChB,OAAO,EAAE,IAAI;CACd,CAAC;KACD,MAAM,EAAE,CAAC"}

package/dist/pkce/index.d.ts

@@ -0,0 +1,5 @@
+export { PKCE_ProofKeyManager } from './pkce';
+export type * from './pkce';
+export type { CodeChallenge, CodeChallengeWithDetails } from './code_challenge';
+export type { CodeVerifier, CodeVerifierWithDetails } from './code_verifier';
+export { MAX_PKCE_CODE_VERIFIER_AGE } from './code_verifier';

package/dist/pkce/index.js

@@ -0,0 +1,3 @@
+export { PKCE_ProofKeyManager } from './pkce';
+export { MAX_PKCE_CODE_VERIFIER_AGE } from './code_verifier';
+//# sourceMappingURL=index.js.map

package/dist/pkce/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/pkce/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,QAAQ,CAAC;AAK9C,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/pkce/pkce.d.ts

@@ -0,0 +1,63 @@
+import { code_challenge_method, type CodeChallengeWithDetails } from "./code_challenge";
+import { type CodeVerifier, type CodeVerifierWithDetails } from "./code_verifier";
+interface CheckWhetherVerifierMatchesChallengeInputOptions {
+    input_code_verifier: string;
+    saved_code_challenge: string;
+    challenge_time: number;
+}
+export declare class PKCE_ProofKeyManager {
+    private code_verifier;
+    static createCodeVerifier(challenge_time?: number): CodeVerifierWithDetails;
+    static createCodeChallenge(code_verifier: CodeVerifierWithDetails): Promise<CodeChallengeWithDetails>;
+    constructor(code_verifier?: Partial<CodeVerifierWithDetails> & {
+        challenge_time: number;
+        code_verifier: CodeVerifier;
+    });
+    getCodeChallenge(): Promise<CodeChallengeWithDetails>;
+    get challenge_time(): number;
+    get expiry_time(): number;
+    static get codeVerifierSchema(): import("zod").ZodEffects<import("zod").ZodString, string, string>;
+    static get codeVerifierWithDetailsSchema(): import("zod").ZodObject<{
+        challenge_time: import("zod").ZodNumber;
+        code_verifier: import("zod").ZodEffects<import("zod").ZodString, string, string>;
+        expires_at: import("zod").ZodNumber;
+        max_age: import("zod").ZodNumber;
+    }, "strict", import("zod").ZodTypeAny, {
+        challenge_time: number;
+        code_verifier: string;
+        expires_at: number;
+        max_age: number;
+    }, {
+        challenge_time: number;
+        code_verifier: string;
+        expires_at: number;
+        max_age: number;
+    }>;
+    static get codeChallengeSchema(): import("zod").ZodEffects<import("zod").ZodString, string, string>;
+    static get codeChallengeWithOptionsSchema(): import("zod").ZodObject<{
+        code_challenge: import("zod").ZodEffects<import("zod").ZodString, string, string>;
+        code_challenge_method: import("zod").ZodLiteral<"S256">;
+        challenge_time: import("zod").ZodNumber;
+    }, "strict", import("zod").ZodTypeAny, {
+        challenge_time: number;
+        code_challenge: string;
+        code_challenge_method: "S256";
+    }, {
+        challenge_time: number;
+        code_challenge: string;
+        code_challenge_method: "S256";
+    }>;
+    static get max_age(): number;
+    static get codeChallengeMethod(): typeof code_challenge_method;
+    static isValidCodeVerifierFormat(maybe_code_verifier: unknown): maybe_code_verifier is CodeVerifierWithDetails;
+    static isValidCodeChallengeFormat(maybe_code_challenge: unknown): maybe_code_challenge is CodeChallengeWithDetails;
+    /**
+     *
+     * @name doesVerifierMatchChallenge
+     * @param input_code_verifier Frontend client sends code_verifier, to prove they created the initial code_challenge
+     * @param saved_code_challenge The code_challenge that was generated and associated with the user's authorization code
+     * @returns sha256_hash(input_code_verifier) === saved_code_challenge
+     */
+    static doesVerifierMatchChallenge(opts: CheckWhetherVerifierMatchesChallengeInputOptions): Promise<boolean>;
+}
+export {};

package/dist/pkce/pkce.js

@@ -0,0 +1,141 @@
+import { create_code_challenge, codeChallengeSchema, code_challenge_method, codeChallengeWithDetailsSchema, } from "./code_challenge";
+import { create_code_verifier, codeVerifierSchema, MAX_PKCE_CODE_VERIFIER_AGE, codeVerifierWithDetailsSchema, } from "./code_verifier";
+import { sha256_digest } from "../sha256_digest";
+// Handles the creation of a PKCE code verifier and challenge
+export class PKCE_ProofKeyManager {
+    code_verifier;
+    static createCodeVerifier(challenge_time) {
+        return create_code_verifier({ challenge_time });
+    }
+    static async createCodeChallenge(code_verifier) {
+        const createCodeChallengeOptions = {
+            code_verifier,
+            sha256_digest: sha256_digest,
+        };
+        const code_challenge = await create_code_challenge(createCodeChallengeOptions);
+        return code_challenge;
+    }
+    // Create a new PKCE_ProofKeyManager instance
+    // See PKCE_ProofKeyManager.createCodeVerifier to pre-generate a code_verifier
+    constructor(code_verifier) {
+        if (typeof code_verifier === "undefined") {
+            // If no code_verifier is provided, create a new one
+            this.code_verifier = PKCE_ProofKeyManager.createCodeVerifier(Date.now());
+        }
+        else {
+            // If a code_verifier is provided, ensure it satisfies the CodeVerifier interface
+            code_verifier;
+            const verifier = code_verifier.code_verifier;
+            if (!verifier || typeof code_verifier.code_verifier !== "string") {
+                throw new Error("ProofKeyManager did not receive a code verifier to start PKCE flow!");
+            }
+            const challenge_time = code_verifier.challenge_time;
+            if (typeof challenge_time !== "number") {
+                throw new Error("Did not receive a 'challenge_time' associated with code verifier!");
+            }
+            this.code_verifier = {
+                ...code_verifier,
+                code_verifier: verifier,
+                challenge_time,
+            };
+        }
+    }
+    async getCodeChallenge() {
+        const code_verifier = this.code_verifier;
+        if (!code_verifier) {
+            throw new Error("Input code verifier not found within PKCE_ProofKeyManager!");
+        }
+        if (!code_verifier.code_verifier) {
+            throw new Error("Code verifier not found!");
+        }
+        if (typeof code_verifier.challenge_time !== "number") {
+            throw new Error("Code challenge time not found!");
+        }
+        const codeChallengeOptions = {
+            code_verifier: {
+                ...code_verifier,
+                code_verifier: code_verifier.code_verifier,
+                challenge_time: code_verifier.challenge_time,
+            },
+            sha256_digest: sha256_digest,
+        };
+        return await create_code_challenge(codeChallengeOptions);
+    }
+    get challenge_time() {
+        if (!this.code_verifier.challenge_time) {
+            throw new Error("challenge_time not set");
+        }
+        if (typeof this.code_verifier.challenge_time !== "number") {
+            throw new Error("Invalid challenge_time");
+        }
+        return this.code_verifier.challenge_time;
+    }
+    get expiry_time() {
+        if (!this.code_verifier.expires_at) {
+            throw new Error("expires_at not set");
+        }
+        return this.code_verifier.expires_at;
+    }
+    static get codeVerifierSchema() {
+        return codeVerifierSchema;
+    }
+    static get codeVerifierWithDetailsSchema() {
+        return codeVerifierWithDetailsSchema;
+    }
+    static get codeChallengeSchema() {
+        return codeChallengeSchema;
+    }
+    static get codeChallengeWithOptionsSchema() {
+        return codeChallengeWithDetailsSchema;
+    }
+    static get max_age() {
+        return MAX_PKCE_CODE_VERIFIER_AGE;
+    }
+    static get codeChallengeMethod() {
+        return code_challenge_method;
+    }
+    static isValidCodeVerifierFormat(maybe_code_verifier) {
+        return PKCE_ProofKeyManager.codeVerifierWithDetailsSchema.safeParse(maybe_code_verifier).success;
+    }
+    static isValidCodeChallengeFormat(maybe_code_challenge) {
+        return this.codeChallengeWithOptionsSchema.safeParse(maybe_code_challenge)
+            .success;
+    }
+    /**
+     *
+     * @name doesVerifierMatchChallenge
+     * @param input_code_verifier Frontend client sends code_verifier, to prove they created the initial code_challenge
+     * @param saved_code_challenge The code_challenge that was generated and associated with the user's authorization code
+     * @returns sha256_hash(input_code_verifier) === saved_code_challenge
+     */
+    static async doesVerifierMatchChallenge(opts) {
+        const { input_code_verifier, saved_code_challenge, challenge_time } = opts;
+        if (typeof input_code_verifier !== "string" || !input_code_verifier) {
+            throw new Error("Input code verifier is not a string");
+        }
+        const parsed_input_verifier = PKCE_ProofKeyManager.codeVerifierSchema.safeParse(input_code_verifier);
+        if (!parsed_input_verifier.success) {
+            console.error("Invalid input code verifier: ", parsed_input_verifier.error);
+            return false;
+        }
+        try {
+            // Put the input code verifier through the same process
+            // that (should have) created the initial code_challenge
+            const pkce_flow = new PKCE_ProofKeyManager({
+                code_verifier: input_code_verifier,
+                challenge_time,
+            });
+            const generated_challenge = await pkce_flow.getCodeChallenge();
+            const saved_challenge = {
+                code_challenge: saved_code_challenge,
+                code_challenge_method,
+            };
+            return (generated_challenge.code_challenge === saved_challenge.code_challenge);
+        }
+        catch (e) {
+            console.error(e);
+            return false;
+        }
+    }
+}
+//# sourceMappingURL=pkce.js.map

package/dist/pkce/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../src/pkce/pkce.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EAGrB,8BAA8B,GAC/B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAEL,oBAAoB,EACpB,kBAAkB,EAClB,0BAA0B,EAE1B,6BAA6B,GAC9B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAQhD,6DAA6D;AAC7D,MAAM,OAAO,oBAAoB;IACvB,aAAa,CAGnB;IAEK,MAAM,CAAC,kBAAkB,CAC9B,cAAuB;QAEvB,OAAO,oBAAoB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC;IAClD,CAAC;IAEM,MAAM,CAAC,KAAK,CAAC,mBAAmB,CACrC,aAAsC;QAEtC,MAAM,0BAA0B,GAAoC;YAClE,aAAa;YACb,aAAa,EAAE,aAAa;SAC7B,CAAC;QACF,MAAM,cAAc,GAClB,MAAM,qBAAqB,CAAC,0BAA0B,CAAC,CAAC;QAC1D,OAAO,cAAc,CAAC;IACxB,CAAC;IAED,6CAA6C;IAC7C,8EAA8E;IAC9E,YACE,aAGC;QAED,IAAI,OAAO,aAAa,KAAK,WAAW,EAAE,CAAC;YACzC,oDAAoD;YACpD,IAAI,CAAC,aAAa,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,iFAAiF;YACjF,aAA8B,CAAC;YAE/B,MAAM,QAAQ,GAA6B,aAAa,CAAC,aAAa,CAAC;YACvE,IAAI,CAAC,QAAQ,IAAI,OAAO,aAAa,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;gBACjE,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;YACJ,CAAC;YAED,MAAM,cAAc,GAAG,aAAa,CAAC,cAAc,CAAC;YACpD,IAAI,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;gBACvC,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,aAAa,GAAG;gBACnB,GAAG,aAAa;gBAChB,aAAa,EAAE,QAAQ;gBACvB,cAAc;aACf,CAAC;QACJ,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,gBAAgB;QAC3B,MAAM,aAAa,GACjB,IAAI,CAAC,aAAa,CAAC;QACrB,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,4DAA4D,CAC7D,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,OAAO,aAAa,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QACD,MAAM,oBAAoB,GAAoC;YAC5D,aAAa,EAAE;gBACb,GAAG,aAAa;gBAChB,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,cAAc,EAAE,aAAa,CAAC,cAAc;aAC7C;YACD,aAAa,EAAE,aAAa;SAC7B,CAAC;QACF,OAAO,MAAM,qBAAqB,CAAC,oBAAoB,CAAC,CAAC;IAC3D,CAAC;IAED,IAAW,cAAc;QACvB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,cAAc,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,OAAO,IAAI,CAAC,aAAa,CAAC,cAAc,KAAK,QAAQ,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;IAC3C,CAAC;IAED,IAAW,WAAW;QACpB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC;IACvC,CAAC;IAEM,MAAM,KAAK,kBAAkB;QAClC,OAAO,kBAAkB,CAAC;IAC5B,CAAC;IAEM,MAAM,KAAK,6BAA6B;QAC7C,OAAO,6BAA6B,CAAC;IACvC,CAAC;IAEM,MAAM,KAAK,mBAAmB;QACnC,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAEM,MAAM,KAAK,8BAA8B;QAC9C,OAAO,8BAA8B,CAAC;IACxC,CAAC;IAEM,MAAM,KAAK,OAAO;QACvB,OAAO,0BAA0B,CAAC;IACpC,CAAC;IAEM,MAAM,KAAK,mBAAmB;QACnC,OAAO,qBAAqB,CAAC;IAC/B,CAAC;IAEM,MAAM,CAAC,yBAAyB,CACrC,mBAA4B;QAE5B,OAAO,oBAAoB,CAAC,6BAA6B,CAAC,SAAS,CACjE,mBAAmB,CACpB,CAAC,OAAO,CAAC;IACZ,CAAC;IAEM,MAAM,CAAC,0BAA0B,CACtC,oBAA6B;QAE7B,OAAO,IAAI,CAAC,8BAA8B,CAAC,SAAS,CAAC,oBAAoB,CAAC;aACvE,OAAO,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,KAAK,CAAC,0BAA0B,CAC5C,IAAsD;QAEtD,MAAM,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;QAE3E,IAAI,OAAO,mBAAmB,KAAK,QAAQ,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,qBAAqB,GACzB,oBAAoB,CAAC,kBAAkB,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC;QACzE,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CACX,+BAA+B,EAC/B,qBAAqB,CAAC,KAAK,CAC5B,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC;YACH,uDAAuD;YACvD,wDAAwD;YACxD,MAAM,SAAS,GAAG,IAAI,oBAAoB,CAAC;gBACzC,aAAa,EAAE,mBAAmB;gBAClC,cAAc;aACf,CAAC,CAAC;YAEH,MAAM,mBAAmB,GACvB,MAAM,SAAS,CAAC,gBAAgB,EAAE,CAAC;YAErC,MAAM,eAAe,GAAsC;gBACzD,cAAc,EAAE,oBAAoB;gBACpC,qBAAqB;aACtB,CAAC;YAEF,OAAO,CACL,mBAAmB,CAAC,cAAc,KAAK,eAAe,CAAC,cAAc,CACtE,CAAC;QACJ,CAAC;QAAC,OAAO,CAAU,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}

package/dist/pkce/sha256_digest/index.d.ts

@@ -0,0 +1 @@
+export { sha256_digest, sha256_digest as default } from "./sha256_digest";

package/dist/pkce/sha256_digest/index.js

@@ -0,0 +1,2 @@
+export { sha256_digest, sha256_digest as default } from "./sha256_digest";
+//# sourceMappingURL=index.js.map

package/dist/pkce/sha256_digest/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/pkce/sha256_digest/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/pkce/sha256_digest/sha256_digest.d.ts

@@ -0,0 +1,3 @@
+export declare const digest_algorithm: "SHA-256";
+export declare function sha256_digest(code_verifier: string): Promise<string>;
+export default sha256_digest;

package/dist/pkce/sha256_digest/sha256_digest.js

@@ -0,0 +1,30 @@
+import sha256Digest from "crypto-js/sha256";
+import base64Stringify from "crypto-js/enc-base64";
+export const digest_algorithm = "SHA-256";
+export async function sha256_digest(code_verifier) {
+    let sha256;
+    try {
+        sha256 = async (code_verifier) => {
+            const sha_digest = base64Stringify.stringify(sha256Digest(code_verifier));
+            if (typeof sha_digest !== "string") {
+                throw new Error("Expected final output of sha256 digest in insecure context to be a string");
+            }
+            return sha_digest;
+        };
+    }
+    catch (e) {
+        console.error("Failed to load sha256 hash function: ", e);
+        throw new Error("Failed to load sha256 hash function");
+    }
+    if (typeof sha256 !== "function" && typeof sha256 !== "object") {
+        throw new Error("Failed to import sha256 library to use inplace of crypto.subtle.digest in insecure HTTP context");
+    }
+    const output = await sha256(code_verifier);
+    if (typeof output !== "string") {
+        throw new TypeError("Expected output to be a string!");
+    }
+    // url_encode
+    return output.replace(/[^A-Za-z0-9_-]/g, "_");
+}
+export default sha256_digest;
+//# sourceMappingURL=sha256_digest.js.map