@schemavaults/auth-common 0.7.27

package/dist/pkce/sha256_digest/sha256_digest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sha256_digest.js","sourceRoot":"","sources":["../../../src/pkce/sha256_digest/sha256_digest.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,kBAAkB,CAAC;AAC5C,OAAO,eAAe,MAAM,sBAAsB,CAAC;AAEnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAkB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,aAAqB;IACvD,IAAI,MAAkD,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,GAAG,KAAK,EAAE,aAAqB,EAAmB,EAAE;YACxD,MAAM,UAAU,GAAW,eAAe,CAAC,SAAS,CAClD,YAAY,CAAC,aAAa,CAAC,CAC5B,CAAC;YACF,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;YACJ,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,CAAC,CAAC,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,UAAU,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CACb,iGAAiG,CAClG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAW,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAEnD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzD,CAAC;IAED,aAAa;IACb,OAAO,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,eAAe,aAAa,CAAC"}

package/dist/request_tokens_result.d.ts

@@ -0,0 +1,342 @@
+import { z } from "zod";
+export declare const successfullyGeneratedTokensRecordSchema: z.ZodObject<{
+    access: z.ZodOptional<z.ZodRecord<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
+        type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+        uid: z.ZodString;
+        iat: z.ZodNumber;
+        exp: z.ZodNumber;
+        token: z.ZodString;
+        aud: z.ZodString;
+        orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+    }, {
+        type: z.ZodLiteral<"access">;
+    }>, "strict", z.ZodTypeAny, {
+        type: "access";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    }, {
+        type: "access";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    }>, z.ZodLiteral<"AS_HTTP_ONLY_COOKIE">]>>>;
+    refresh: z.ZodOptional<z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
+        type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+        uid: z.ZodString;
+        iat: z.ZodNumber;
+        exp: z.ZodNumber;
+        token: z.ZodString;
+        aud: z.ZodString;
+        orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+    }, {
+        type: z.ZodLiteral<"refresh">;
+    }>, "strict", z.ZodTypeAny, {
+        type: "refresh";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    }, {
+        type: "refresh";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    }>, z.ZodLiteral<"AS_HTTP_ONLY_COOKIE">]>>;
+}, "strict", z.ZodTypeAny, {
+    refresh?: {
+        type: "refresh";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    } | "AS_HTTP_ONLY_COOKIE" | undefined;
+    access?: Record<string, {
+        type: "access";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    } | "AS_HTTP_ONLY_COOKIE"> | undefined;
+}, {
+    refresh?: {
+        type: "refresh";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    } | "AS_HTTP_ONLY_COOKIE" | undefined;
+    access?: Record<string, {
+        type: "access";
+        uid: string;
+        iat: number;
+        exp: number;
+        token: string;
+        aud: string;
+        orgs?: string[] | undefined;
+    } | "AS_HTTP_ONLY_COOKIE"> | undefined;
+}>;
+export type SuccessfullyGeneratedTokensRecord = z.infer<typeof successfullyGeneratedTokensRecordSchema>;
+export declare const requestTokensResultSchema: z.ZodUnion<[z.ZodObject<{
+    message: z.ZodString;
+    success: z.ZodLiteral<false>;
+    error: z.ZodLiteral<true>;
+}, "strict", z.ZodTypeAny, {
+    message: string;
+    success: false;
+    error: true;
+}, {
+    message: string;
+    success: false;
+    error: true;
+}>, z.ZodObject<{
+    message: z.ZodString;
+    client_app_id: z.ZodUnion<readonly [z.ZodString, z.ZodEffects<z.ZodString, "schemavaults-auth" | "schemavaults-mail" | "schemavaults-web" | "schemavaults-cli", string>]>;
+    success: z.ZodLiteral<true>;
+    error: z.ZodLiteral<false>;
+    tokens: z.ZodOptional<z.ZodObject<{
+        access: z.ZodOptional<z.ZodRecord<z.ZodUnion<[z.ZodString, z.ZodLiteral<"schemavaults-registry">, z.ZodLiteral<"schemavaults-auth">, z.ZodLiteral<"schemavaults-mail">]>, z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
+            type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+            uid: z.ZodString;
+            iat: z.ZodNumber;
+            exp: z.ZodNumber;
+            token: z.ZodString;
+            aud: z.ZodString;
+            orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+        }, {
+            type: z.ZodLiteral<"access">;
+        }>, "strict", z.ZodTypeAny, {
+            type: "access";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        }, {
+            type: "access";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        }>, z.ZodLiteral<"AS_HTTP_ONLY_COOKIE">]>>>;
+        refresh: z.ZodOptional<z.ZodUnion<[z.ZodObject<z.objectUtil.extendShape<{
+            type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+            uid: z.ZodString;
+            iat: z.ZodNumber;
+            exp: z.ZodNumber;
+            token: z.ZodString;
+            aud: z.ZodString;
+            orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+        }, {
+            type: z.ZodLiteral<"refresh">;
+        }>, "strict", z.ZodTypeAny, {
+            type: "refresh";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        }, {
+            type: "refresh";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        }>, z.ZodLiteral<"AS_HTTP_ONLY_COOKIE">]>>;
+    }, "strict", z.ZodTypeAny, {
+        refresh?: {
+            type: "refresh";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE" | undefined;
+        access?: Record<string, {
+            type: "access";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE"> | undefined;
+    }, {
+        refresh?: {
+            type: "refresh";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE" | undefined;
+        access?: Record<string, {
+            type: "access";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE"> | undefined;
+    }>>;
+    userData: z.ZodOptional<z.ZodEffects<z.ZodObject<{
+        created_at: z.ZodNumber;
+        uid: z.ZodString;
+        sub: z.ZodString;
+        email: z.ZodString;
+        email_verified: z.ZodOptional<z.ZodBoolean>;
+        admin: z.ZodOptional<z.ZodBoolean>;
+        phone_number: z.ZodOptional<z.ZodString>;
+        phone_verified: z.ZodOptional<z.ZodBoolean>;
+        disabled: z.ZodOptional<z.ZodBoolean>;
+        invite_code: z.ZodOptional<z.ZodString>;
+    }, "strict", z.ZodTypeAny, {
+        created_at: number;
+        uid: string;
+        sub: string;
+        email: string;
+        email_verified?: boolean | undefined;
+        admin?: boolean | undefined;
+        phone_number?: string | undefined;
+        phone_verified?: boolean | undefined;
+        disabled?: boolean | undefined;
+        invite_code?: string | undefined;
+    }, {
+        created_at: number;
+        uid: string;
+        sub: string;
+        email: string;
+        email_verified?: boolean | undefined;
+        admin?: boolean | undefined;
+        phone_number?: string | undefined;
+        phone_verified?: boolean | undefined;
+        disabled?: boolean | undefined;
+        invite_code?: string | undefined;
+    }>, {
+        created_at: number;
+        uid: string;
+        sub: string;
+        email: string;
+        email_verified?: boolean | undefined;
+        admin?: boolean | undefined;
+        phone_number?: string | undefined;
+        phone_verified?: boolean | undefined;
+        disabled?: boolean | undefined;
+        invite_code?: string | undefined;
+    }, {
+        created_at: number;
+        uid: string;
+        sub: string;
+        email: string;
+        email_verified?: boolean | undefined;
+        admin?: boolean | undefined;
+        phone_number?: string | undefined;
+        phone_verified?: boolean | undefined;
+        disabled?: boolean | undefined;
+        invite_code?: string | undefined;
+    }>>;
+    userOrgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    message: string;
+    client_app_id: string;
+    success: true;
+    error: false;
+    tokens?: {
+        refresh?: {
+            type: "refresh";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE" | undefined;
+        access?: Record<string, {
+            type: "access";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE"> | undefined;
+    } | undefined;
+    userData?: {
+        created_at: number;
+        uid: string;
+        sub: string;
+        email: string;
+        email_verified?: boolean | undefined;
+        admin?: boolean | undefined;
+        phone_number?: string | undefined;
+        phone_verified?: boolean | undefined;
+        disabled?: boolean | undefined;
+        invite_code?: string | undefined;
+    } | undefined;
+    userOrgs?: string[] | undefined;
+}, {
+    message: string;
+    client_app_id: string;
+    success: true;
+    error: false;
+    tokens?: {
+        refresh?: {
+            type: "refresh";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE" | undefined;
+        access?: Record<string, {
+            type: "access";
+            uid: string;
+            iat: number;
+            exp: number;
+            token: string;
+            aud: string;
+            orgs?: string[] | undefined;
+        } | "AS_HTTP_ONLY_COOKIE"> | undefined;
+    } | undefined;
+    userData?: {
+        created_at: number;
+        uid: string;
+        sub: string;
+        email: string;
+        email_verified?: boolean | undefined;
+        admin?: boolean | undefined;
+        phone_number?: string | undefined;
+        phone_verified?: boolean | undefined;
+        disabled?: boolean | undefined;
+        invite_code?: string | undefined;
+    } | undefined;
+    userOrgs?: string[] | undefined;
+}>]>;
+export type RequestTokensResult = z.infer<typeof requestTokensResultSchema>;

package/dist/request_tokens_result.js

@@ -0,0 +1,52 @@
+import { z } from "zod";
+import { userDataSchema } from "./user_data";
+import { accessTokenDataSchema, refreshTokenDataSchema } from "./token-data";
+import { audienceRefSchema } from "./audience-schema";
+import { organizationIdSchema } from "./organizations";
+import { appIdSchema } from "@schemavaults/app-definitions";
+export const successfullyGeneratedTokensRecordSchema = z
+    .object({
+    access: z
+        .record(
+    // map of audience (app id, fs region, or auth server url) to token for that audience
+    audienceRefSchema, z.union([accessTokenDataSchema, z.literal("AS_HTTP_ONLY_COOKIE")]))
+        .optional(),
+    refresh: z
+        .union([refreshTokenDataSchema, z.literal("AS_HTTP_ONLY_COOKIE")])
+        .optional(),
+})
+    .strict();
+const requestTokensSuccessfulResultSchema = z
+    .object({
+    success: z.literal(true),
+    error: z.literal(false),
+    message: z.string(),
+    client_app_id: appIdSchema,
+    tokens: successfullyGeneratedTokensRecordSchema.optional(),
+    userData: userDataSchema.optional(),
+    userOrgs: organizationIdSchema.array().optional(),
+})
+    .required({
+    success: true,
+    message: true,
+    error: true,
+    client_app_id: true,
+})
+    .strict();
+const requestTokensFailureResultSchema = z
+    .object({
+    success: z.literal(false),
+    error: z.literal(true),
+    message: z.string(),
+})
+    .required({
+    success: true,
+    message: true,
+    error: true,
+})
+    .strict();
+export const requestTokensResultSchema = z.union([
+    requestTokensFailureResultSchema,
+    requestTokensSuccessfulResultSchema,
+]);
+//# sourceMappingURL=request_tokens_result.js.map

package/dist/request_tokens_result.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request_tokens_result.js","sourceRoot":"","sources":["../src/request_tokens_result.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,qBAAqB,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAE5D,MAAM,CAAC,MAAM,uCAAuC,GAAG,CAAC;KACrD,MAAM,CAAC;IACN,MAAM,EAAE,CAAC;SACN,MAAM;IACL,qFAAqF;IACrF,iBAAiB,EACjB,CAAC,CAAC,KAAK,CAAC,CAAC,qBAAqB,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CACnE;SACA,QAAQ,EAAE;IACb,OAAO,EAAE,CAAC;SACP,KAAK,CAAC,CAAC,sBAAsB,EAAE,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC;SACjE,QAAQ,EAAE;CACd,CAAC;KACD,MAAM,EAAE,CAAC;AAMZ,MAAM,mCAAmC,GAAG,CAAC;KAC1C,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACxB,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,aAAa,EAAE,WAAW;IAC1B,MAAM,EAAE,uCAAuC,CAAC,QAAQ,EAAE;IAC1D,QAAQ,EAAE,cAAc,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,oBAAoB,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;CAClD,CAAC;KACD,QAAQ,CAAC;IACR,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,IAAI;IACb,KAAK,EAAE,IAAI;IACX,aAAa,EAAE,IAAI;CACpB,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,gCAAgC,GAAG,CAAC;KACvC,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IACzB,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;CACpB,CAAC;KACD,QAAQ,CAAC;IACR,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,IAAI;IACb,KAAK,EAAE,IAAI;CACZ,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC;IAC/C,gCAAgC;IAChC,mCAAmC;CACpC,CAAC,CAAC"}

package/dist/sha256_digest/cryptojs_pkg_sha256.d.ts

@@ -0,0 +1,2 @@
+export declare function cryptojs_pkg_sha256(code_verifier: string): Promise<string>;
+export default cryptojs_pkg_sha256;

package/dist/sha256_digest/cryptojs_pkg_sha256.js

@@ -0,0 +1,11 @@
+import sha256Digest from "crypto-js/sha256";
+import base64Stringify from "crypto-js/enc-base64";
+export async function cryptojs_pkg_sha256(code_verifier) {
+    const sha_digest = base64Stringify.stringify(sha256Digest(code_verifier));
+    if (typeof sha_digest !== "string") {
+        throw new Error("Expected final output of sha256 digest in insecure context to be a string");
+    }
+    return sha_digest;
+}
+export default cryptojs_pkg_sha256;
+//# sourceMappingURL=cryptojs_pkg_sha256.js.map

package/dist/sha256_digest/cryptojs_pkg_sha256.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cryptojs_pkg_sha256.js","sourceRoot":"","sources":["../../src/sha256_digest/cryptojs_pkg_sha256.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,kBAAkB,CAAC;AAC5C,OAAO,eAAe,MAAM,sBAAsB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,aAAqB;IAErB,MAAM,UAAU,GAAW,eAAe,CAAC,SAAS,CAClD,YAAY,CAAC,aAAa,CAAC,CAC5B,CAAC;IACF,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,eAAe,mBAAmB,CAAC"}

package/dist/sha256_digest/index.d.ts

@@ -0,0 +1 @@
+export { sha256_digest, sha256_digest as default } from "./sha256_digest";

package/dist/sha256_digest/index.js

@@ -0,0 +1,2 @@
+export { sha256_digest, sha256_digest as default } from "./sha256_digest";
+//# sourceMappingURL=index.js.map

package/dist/sha256_digest/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sha256_digest/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/sha256_digest/sha256_digest.d.ts

@@ -0,0 +1,3 @@
+export declare const digest_algorithm: "SHA-256";
+export declare function sha256_digest(code_verifier: string): Promise<string>;
+export default sha256_digest;

package/dist/sha256_digest/sha256_digest.js

@@ -0,0 +1,28 @@
+import isCryptoApiAvailable from "../is_crypto_api_available";
+export const digest_algorithm = "SHA-256";
+export async function sha256_digest(code_verifier) {
+    let sha256;
+    try {
+        if (isCryptoApiAvailable()) {
+            sha256 = await import("./webcrypto_sha256").then((mod) => mod.default);
+        }
+        else {
+            sha256 = await import("./cryptojs_pkg_sha256").then((mod) => mod.default);
+        }
+    }
+    catch (e) {
+        console.error("Failed to load sha256 hash function: ", e);
+        throw new Error("Failed to load sha256 hash function");
+    }
+    if (typeof sha256 !== "function" && typeof sha256 !== "object") {
+        throw new Error("Failed to import sha256 library to use inplace of crypto.subtle.digest in insecure HTTP context");
+    }
+    const output = await sha256(code_verifier);
+    if (typeof output !== "string") {
+        throw new TypeError("Expected output to be a string!");
+    }
+    // url_encode
+    return output.replace(/[^A-Za-z0-9_-]/g, "_");
+}
+export default sha256_digest;
+//# sourceMappingURL=sha256_digest.js.map

package/dist/sha256_digest/sha256_digest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sha256_digest.js","sourceRoot":"","sources":["../../src/sha256_digest/sha256_digest.ts"],"names":[],"mappings":"AAAA,OAAO,oBAAoB,MAAM,2BAA2B,CAAC;AAE7D,MAAM,CAAC,MAAM,gBAAgB,GAAG,SAAkB,CAAC;AAEnD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,aAAqB;IACvD,IAAI,MAAkD,CAAC;IACvD,IAAI,CAAC;QACH,IAAI,oBAAoB,EAAE,EAAE,CAAC;YAC3B,MAAM,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,CAAC,CAAC,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,UAAU,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CACb,iGAAiG,CAClG,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAW,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAEnD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzD,CAAC;IAED,aAAa;IACb,OAAO,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;AAChD,CAAC;AAED,eAAe,aAAa,CAAC"}

package/dist/sha256_digest/webcrypto_sha256.d.ts

@@ -0,0 +1 @@
+export default function webcrypto_sha256(code_verifier: string): Promise<string>;

package/dist/sha256_digest/webcrypto_sha256.js

@@ -0,0 +1,5 @@
+export default async function webcrypto_sha256(code_verifier) {
+    const hash = String.fromCharCode(...new Uint8Array(await crypto.subtle.digest("SHA-256", new TextEncoder().encode(code_verifier))));
+    return btoa(hash);
+}
+//# sourceMappingURL=webcrypto_sha256.js.map

package/dist/sha256_digest/webcrypto_sha256.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webcrypto_sha256.js","sourceRoot":"","sources":["../../src/sha256_digest/webcrypto_sha256.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,gBAAgB,CAC5C,aAAqB;IAErB,MAAM,IAAI,GAAW,MAAM,CAAC,YAAY,CACtC,GAAG,IAAI,UAAU,CACf,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACxB,SAAS,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CACxC,CACF,CACF,CAAC;IACF,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC;AACpB,CAAC"}

package/dist/token-data/index.d.ts

@@ -0,0 +1,3 @@
+export { refreshTokenDataSchema, accessTokenDataSchema } from "./token-data";
+export type { AuthToken, AuthTokenTypes, RefreshToken, AccessToken, } from "./token-data";
+export { refreshTokenExpiry, accessTokenExpiry, getExpiryTime, getExpiryDurationString, } from "./token-expiry";

package/dist/token-data/index.js

@@ -0,0 +1,3 @@
+export { refreshTokenDataSchema, accessTokenDataSchema } from "./token-data";
+export { refreshTokenExpiry, accessTokenExpiry, getExpiryTime, getExpiryDurationString, } from "./token-expiry";
+//# sourceMappingURL=index.js.map

package/dist/token-data/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/token-data/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAQ7E,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,aAAa,EACb,uBAAuB,GACxB,MAAM,gBAAgB,CAAC"}

package/dist/token-data/token-data.d.ts

@@ -0,0 +1,102 @@
+import { z } from "zod";
+declare const validTokenTypes: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+export type AuthTokenTypes = z.infer<typeof validTokenTypes>;
+export declare const tokenDataSchema: z.ZodObject<{
+    type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+    uid: z.ZodString;
+    iat: z.ZodNumber;
+    exp: z.ZodNumber;
+    token: z.ZodString;
+    aud: z.ZodString;
+    orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+}, "strict", z.ZodTypeAny, {
+    type: "refresh" | "access";
+    uid: string;
+    iat: number;
+    exp: number;
+    token: string;
+    aud: string;
+    orgs?: string[] | undefined;
+}, {
+    type: "refresh" | "access";
+    uid: string;
+    iat: number;
+    exp: number;
+    token: string;
+    aud: string;
+    orgs?: string[] | undefined;
+}>;
+/**
+ * @name AuthToken
+ * @description An object which contains a JSON web token. Contains details about the token (e.g. expiry, audience).
+ * @see RefreshToken
+ * @see AccessToken
+ */
+export type AuthToken = z.infer<typeof tokenDataSchema>;
+export declare const refreshTokenDataSchema: z.ZodObject<z.objectUtil.extendShape<{
+    type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+    uid: z.ZodString;
+    iat: z.ZodNumber;
+    exp: z.ZodNumber;
+    token: z.ZodString;
+    aud: z.ZodString;
+    orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+}, {
+    type: z.ZodLiteral<"refresh">;
+}>, "strict", z.ZodTypeAny, {
+    type: "refresh";
+    uid: string;
+    iat: number;
+    exp: number;
+    token: string;
+    aud: string;
+    orgs?: string[] | undefined;
+}, {
+    type: "refresh";
+    uid: string;
+    iat: number;
+    exp: number;
+    token: string;
+    aud: string;
+    orgs?: string[] | undefined;
+}>;
+export declare const accessTokenDataSchema: z.ZodObject<z.objectUtil.extendShape<{
+    type: z.ZodUnion<[z.ZodLiteral<"refresh">, z.ZodLiteral<"access">]>;
+    uid: z.ZodString;
+    iat: z.ZodNumber;
+    exp: z.ZodNumber;
+    token: z.ZodString;
+    aud: z.ZodString;
+    orgs: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+}, {
+    type: z.ZodLiteral<"access">;
+}>, "strict", z.ZodTypeAny, {
+    type: "access";
+    uid: string;
+    iat: number;
+    exp: number;
+    token: string;
+    aud: string;
+    orgs?: string[] | undefined;
+}, {
+    type: "access";
+    uid: string;
+    iat: number;
+    exp: number;
+    token: string;
+    aud: string;
+    orgs?: string[] | undefined;
+}>;
+/**
+ * @name RefreshToken
+ * @description An object which contains a refresh token. Also contains details about the token (e.g. expiry, audience)
+ * @extends AuthToken
+ */
+export type RefreshToken = z.infer<typeof refreshTokenDataSchema>;
+/**
+ * @name AccessToken
+ * @description An object which contains an access token. Also contains details about the token (e.g. expiry, audience)
+ * @extends AuthToken
+ */
+export type AccessToken = z.infer<typeof accessTokenDataSchema>;
+export {};

package/dist/token-data/token-data.js

@@ -0,0 +1,29 @@
+import { organizationIdSchema } from "../organizations";
+import { z } from "zod";
+const validTokenTypes = z.union([z.literal("refresh"), z.literal("access")]);
+export const tokenDataSchema = z
+    .object({
+    type: validTokenTypes,
+    uid: z.string(),
+    iat: z.number(),
+    exp: z.number(),
+    token: z.string(),
+    aud: z.string(),
+    orgs: organizationIdSchema.array().optional(),
+})
+    .required({
+    type: true,
+    uid: true,
+    iat: true,
+    exp: true,
+    token: true,
+    aud: true,
+})
+    .strict();
+export const refreshTokenDataSchema = tokenDataSchema.extend({
+    type: z.literal("refresh"),
+});
+export const accessTokenDataSchema = tokenDataSchema.extend({
+    type: z.literal("access"),
+});
+//# sourceMappingURL=token-data.js.map

package/dist/token-data/token-data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-data.js","sourceRoot":"","sources":["../../src/token-data/token-data.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;AAG7E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC;KAC7B,MAAM,CAAC;IACN,IAAI,EAAE,eAAe;IACrB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE;IACf,IAAI,EAAE,oBAAoB,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC;KACD,QAAQ,CAAC;IACR,IAAI,EAAE,IAAI;IACV,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;IACT,GAAG,EAAE,IAAI;IACT,KAAK,EAAE,IAAI;IACX,GAAG,EAAE,IAAI;CACV,CAAC;KACD,MAAM,EAAE,CAAC;AAUZ,MAAM,CAAC,MAAM,sBAAsB,GAAG,eAAe,CAAC,MAAM,CAAC;IAC3D,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,eAAe,CAAC,MAAM,CAAC;IAC1D,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;CAC1B,CAAC,CAAC"}

package/dist/token-data/token-expiry.d.ts

@@ -0,0 +1,16 @@
+import type { AuthTokenTypes } from "../token-data";
+export declare const refreshTokenExpiry: number;
+export declare const accessTokenExpiry: number;
+/**
+ *
+ * @param type Access or refresh token -- determines the expiry time
+ * @param iat The time the token was issued at (in milliseconds)
+ * @returns The unix timestamp the token will expire at (in milliseconds)
+ */
+export declare function getExpiryTime(type: AuthTokenTypes, iat: number): number;
+/**
+ *
+ * @param type Access or refresh token -- determines the expiry time
+ * @returns A string representing the duration that the token is valid for, parsed by the jose library
+ */
+export declare function getExpiryDurationString(type: AuthTokenTypes): string;