@sesamy/sesamy-js 1.124.0 → 1.125.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth0-plugin.d.ts +0 -1
- package/dist/auth0-plugin.iife.js +3 -3
- package/dist/auth0-plugin.mjs +389 -373
- package/dist/bootstrap.iife.js +1 -1
- package/dist/bootstrap.mjs +6 -6
- package/dist/sesamy-js.cjs +7 -7
- package/dist/sesamy-js.d.ts +3 -0
- package/dist/sesamy-js.iife.js +7 -7
- package/dist/sesamy-js.mjs +1500 -1453
- package/package.json +2 -2
package/dist/auth0-plugin.mjs
CHANGED
|
@@ -356,26 +356,26 @@ var a = n(r((function(e, n) {
|
|
|
356
356
|
constructor(t, n, r) {
|
|
357
357
|
super(t, n), this.mfa_token = r, Object.setPrototypeOf(this, e.prototype);
|
|
358
358
|
}
|
|
359
|
-
},
|
|
359
|
+
}, g = class e extends l {
|
|
360
360
|
constructor(t, n) {
|
|
361
|
-
super("missing_refresh_token", `Missing Refresh Token (audience: '${
|
|
361
|
+
super("missing_refresh_token", `Missing Refresh Token (audience: '${v(t, ["default"])}', scope: '${v(n)}')`), this.audience = t, this.scope = n, Object.setPrototypeOf(this, e.prototype);
|
|
362
362
|
}
|
|
363
|
-
},
|
|
363
|
+
}, _ = class e extends l {
|
|
364
364
|
constructor(t, n) {
|
|
365
|
-
super("missing_scopes", `Missing requested scopes after refresh (audience: '${
|
|
365
|
+
super("missing_scopes", `Missing requested scopes after refresh (audience: '${v(t, ["default"])}', missing scope: '${v(n)}')`), this.audience = t, this.scope = n, Object.setPrototypeOf(this, e.prototype);
|
|
366
366
|
}
|
|
367
|
-
},
|
|
367
|
+
}, te = class e extends l {
|
|
368
368
|
constructor(t) {
|
|
369
369
|
super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = t, Object.setPrototypeOf(this, e.prototype);
|
|
370
370
|
}
|
|
371
371
|
};
|
|
372
|
-
function
|
|
372
|
+
function v(e, t = []) {
|
|
373
373
|
return e && !t.includes(e) ? e : "";
|
|
374
374
|
}
|
|
375
|
-
var
|
|
375
|
+
var y = () => window.crypto, b = () => {
|
|
376
376
|
let e = "";
|
|
377
|
-
return Array.from(
|
|
378
|
-
},
|
|
377
|
+
return Array.from(y().getRandomValues(new Uint8Array(43))).forEach(((t) => e += "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~."[t % 66])), e;
|
|
378
|
+
}, x = (e) => btoa(e), ne = [
|
|
379
379
|
{
|
|
380
380
|
key: "name",
|
|
381
381
|
type: ["string"]
|
|
@@ -388,13 +388,13 @@ var v = () => window.crypto, y = () => {
|
|
|
388
388
|
key: "env",
|
|
389
389
|
type: ["object"]
|
|
390
390
|
}
|
|
391
|
-
],
|
|
392
|
-
let r =
|
|
391
|
+
], re = (e) => Object.keys(e).reduce(((t, n) => {
|
|
392
|
+
let r = ne.find(((e) => e.key === n));
|
|
393
393
|
return r && r.type.includes(typeof e[n]) && (t[n] = e[n]), t;
|
|
394
|
-
}), {}),
|
|
394
|
+
}), {}), S = (t) => {
|
|
395
395
|
var { clientId: n } = t, r = e(t, ["clientId"]);
|
|
396
396
|
return new URLSearchParams(((e) => Object.keys(e).filter(((t) => e[t] !== void 0)).reduce(((t, n) => Object.assign(Object.assign({}, t), { [n]: e[n] })), {}))(Object.assign({ client_id: n }, r))).toString();
|
|
397
|
-
},
|
|
397
|
+
}, ie = async (e) => await y().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(e)), ae = (e) => ((e) => decodeURIComponent(atob(e).split("").map(((e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2))).join("")))(e.replace(/_/g, "/").replace(/-/g, "+")), oe = (e) => {
|
|
398
398
|
let t = new Uint8Array(e);
|
|
399
399
|
return ((e) => {
|
|
400
400
|
let t = {
|
|
@@ -404,109 +404,109 @@ var v = () => window.crypto, y = () => {
|
|
|
404
404
|
};
|
|
405
405
|
return e.replace(/[+/=]/g, ((e) => t[e]));
|
|
406
406
|
})(window.btoa(String.fromCharCode(...Array.from(t))));
|
|
407
|
-
},
|
|
408
|
-
function
|
|
409
|
-
return typeof e == "string" ?
|
|
407
|
+
}, se = new TextEncoder(), ce = new TextDecoder();
|
|
408
|
+
function C(e) {
|
|
409
|
+
return typeof e == "string" ? se.encode(e) : ce.decode(e);
|
|
410
410
|
}
|
|
411
|
-
function
|
|
412
|
-
if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new
|
|
411
|
+
function le(e) {
|
|
412
|
+
if (typeof e.modulusLength != "number" || e.modulusLength < 2048) throw new de(`${e.name} modulusLength must be at least 2048 bits`);
|
|
413
413
|
}
|
|
414
|
-
async function
|
|
414
|
+
async function ue(e, t, n) {
|
|
415
415
|
if (!1 === n.usages.includes("sign")) throw TypeError("private CryptoKey instances used for signing assertions must include \"sign\" in their \"usages\"");
|
|
416
|
-
let r = `${
|
|
417
|
-
return `${r}.${
|
|
416
|
+
let r = `${T(C(JSON.stringify(e)))}.${T(C(JSON.stringify(t)))}`;
|
|
417
|
+
return `${r}.${T(await crypto.subtle.sign(function(e) {
|
|
418
418
|
switch (e.algorithm.name) {
|
|
419
419
|
case "ECDSA": return {
|
|
420
420
|
name: e.algorithm.name,
|
|
421
421
|
hash: "SHA-256"
|
|
422
422
|
};
|
|
423
|
-
case "RSA-PSS": return
|
|
423
|
+
case "RSA-PSS": return le(e.algorithm), {
|
|
424
424
|
name: e.algorithm.name,
|
|
425
425
|
saltLength: 32
|
|
426
426
|
};
|
|
427
|
-
case "RSASSA-PKCS1-v1_5": return
|
|
427
|
+
case "RSASSA-PKCS1-v1_5": return le(e.algorithm), { name: e.algorithm.name };
|
|
428
428
|
case "Ed25519": return { name: e.algorithm.name };
|
|
429
429
|
}
|
|
430
|
-
throw new
|
|
431
|
-
}(n), n,
|
|
430
|
+
throw new E();
|
|
431
|
+
}(n), n, C(r)))}`;
|
|
432
432
|
}
|
|
433
|
-
var
|
|
434
|
-
if (Uint8Array.prototype.toBase64)
|
|
433
|
+
var w;
|
|
434
|
+
if (Uint8Array.prototype.toBase64) w = (e) => (e instanceof ArrayBuffer && (e = new Uint8Array(e)), e.toBase64({
|
|
435
435
|
alphabet: "base64url",
|
|
436
436
|
omitPadding: !0
|
|
437
437
|
}));
|
|
438
438
|
else {
|
|
439
439
|
let e = 32768;
|
|
440
|
-
|
|
440
|
+
w = (t) => {
|
|
441
441
|
t instanceof ArrayBuffer && (t = new Uint8Array(t));
|
|
442
442
|
let n = [];
|
|
443
443
|
for (let r = 0; r < t.byteLength; r += e) n.push(String.fromCharCode.apply(null, t.subarray(r, r + e)));
|
|
444
444
|
return btoa(n.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
|
|
445
445
|
};
|
|
446
446
|
}
|
|
447
|
-
function
|
|
448
|
-
return
|
|
447
|
+
function T(e) {
|
|
448
|
+
return w(e);
|
|
449
449
|
}
|
|
450
|
-
var
|
|
450
|
+
var E = class extends Error {
|
|
451
451
|
constructor(e) {
|
|
452
452
|
var t;
|
|
453
453
|
super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) == null || t.call(Error, this, this.constructor);
|
|
454
454
|
}
|
|
455
|
-
},
|
|
455
|
+
}, de = class extends Error {
|
|
456
456
|
constructor(e) {
|
|
457
457
|
var t;
|
|
458
458
|
super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) == null || t.call(Error, this, this.constructor);
|
|
459
459
|
}
|
|
460
460
|
};
|
|
461
|
-
function
|
|
461
|
+
function fe(e) {
|
|
462
462
|
switch (e.algorithm.name) {
|
|
463
463
|
case "RSA-PSS": return function(e) {
|
|
464
464
|
if (e.algorithm.hash.name === "SHA-256") return "PS256";
|
|
465
|
-
throw new
|
|
465
|
+
throw new E("unsupported RsaHashedKeyAlgorithm hash name");
|
|
466
466
|
}(e);
|
|
467
467
|
case "RSASSA-PKCS1-v1_5": return function(e) {
|
|
468
468
|
if (e.algorithm.hash.name === "SHA-256") return "RS256";
|
|
469
|
-
throw new
|
|
469
|
+
throw new E("unsupported RsaHashedKeyAlgorithm hash name");
|
|
470
470
|
}(e);
|
|
471
471
|
case "ECDSA": return function(e) {
|
|
472
472
|
if (e.algorithm.namedCurve === "P-256") return "ES256";
|
|
473
|
-
throw new
|
|
473
|
+
throw new E("unsupported EcKeyAlgorithm namedCurve");
|
|
474
474
|
}(e);
|
|
475
475
|
case "Ed25519": return "Ed25519";
|
|
476
|
-
default: throw new
|
|
476
|
+
default: throw new E("unsupported CryptoKey algorithm name");
|
|
477
477
|
}
|
|
478
478
|
}
|
|
479
|
-
function
|
|
479
|
+
function pe(e) {
|
|
480
480
|
return e instanceof CryptoKey;
|
|
481
481
|
}
|
|
482
|
-
function
|
|
483
|
-
return
|
|
482
|
+
function me(e) {
|
|
483
|
+
return pe(e) && e.type === "public";
|
|
484
484
|
}
|
|
485
|
-
async function
|
|
485
|
+
async function he(e, t, n, r, i, a) {
|
|
486
486
|
let o = e?.privateKey, s = e?.publicKey;
|
|
487
|
-
if (!
|
|
487
|
+
if (!pe(c = o) || c.type !== "private") throw TypeError("\"keypair.privateKey\" must be a private CryptoKey");
|
|
488
488
|
var c;
|
|
489
|
-
if (!
|
|
489
|
+
if (!me(s)) throw TypeError("\"keypair.publicKey\" must be a public CryptoKey");
|
|
490
490
|
if (!0 !== s.extractable) throw TypeError("\"keypair.publicKey.extractable\" must be true");
|
|
491
491
|
if (typeof t != "string") throw TypeError("\"htu\" must be a string");
|
|
492
492
|
if (typeof n != "string") throw TypeError("\"htm\" must be a string");
|
|
493
493
|
if (r !== void 0 && typeof r != "string") throw TypeError("\"nonce\" must be a string or undefined");
|
|
494
494
|
if (i !== void 0 && typeof i != "string") throw TypeError("\"accessToken\" must be a string or undefined");
|
|
495
495
|
if (a !== void 0 && (typeof a != "object" || !a || Array.isArray(a))) throw TypeError("\"additional\" must be an object");
|
|
496
|
-
return
|
|
497
|
-
alg:
|
|
496
|
+
return ue({
|
|
497
|
+
alg: fe(o),
|
|
498
498
|
typ: "dpop+jwt",
|
|
499
|
-
jwk: await
|
|
499
|
+
jwk: await ge(s)
|
|
500
500
|
}, Object.assign(Object.assign({}, a), {
|
|
501
501
|
iat: Math.floor(Date.now() / 1e3),
|
|
502
502
|
jti: crypto.randomUUID(),
|
|
503
503
|
htm: n,
|
|
504
504
|
nonce: r,
|
|
505
505
|
htu: t,
|
|
506
|
-
ath: i ?
|
|
506
|
+
ath: i ? T(await crypto.subtle.digest("SHA-256", C(i))) : void 0
|
|
507
507
|
}), o);
|
|
508
508
|
}
|
|
509
|
-
async function
|
|
509
|
+
async function ge(e) {
|
|
510
510
|
let { kty: t, e: n, n: r, x: i, y: a, crv: o } = await crypto.subtle.exportKey("jwk", e);
|
|
511
511
|
return {
|
|
512
512
|
kty: t,
|
|
@@ -517,12 +517,12 @@ async function _e(e) {
|
|
|
517
517
|
y: a
|
|
518
518
|
};
|
|
519
519
|
}
|
|
520
|
-
var
|
|
520
|
+
var _e = [
|
|
521
521
|
"authorization_code",
|
|
522
522
|
"refresh_token",
|
|
523
523
|
"urn:ietf:params:oauth:grant-type:token-exchange"
|
|
524
524
|
];
|
|
525
|
-
function
|
|
525
|
+
function ve() {
|
|
526
526
|
return async function(e, t) {
|
|
527
527
|
var n;
|
|
528
528
|
let r;
|
|
@@ -561,16 +561,16 @@ function ye() {
|
|
|
561
561
|
case "Ed25519":
|
|
562
562
|
r = { name: "Ed25519" };
|
|
563
563
|
break;
|
|
564
|
-
default: throw new
|
|
564
|
+
default: throw new E();
|
|
565
565
|
}
|
|
566
566
|
return crypto.subtle.generateKey(r, (n = t?.extractable) != null && n, ["sign", "verify"]);
|
|
567
567
|
}("ES256", { extractable: !1 });
|
|
568
568
|
}
|
|
569
|
-
function
|
|
569
|
+
function ye(e) {
|
|
570
570
|
return async function(e) {
|
|
571
|
-
if (!
|
|
571
|
+
if (!me(e)) throw TypeError("\"publicKey\" must be a public CryptoKey");
|
|
572
572
|
if (!0 !== e.extractable) throw TypeError("\"publicKey.extractable\" must be true");
|
|
573
|
-
let t = await
|
|
573
|
+
let t = await ge(e), n;
|
|
574
574
|
switch (t.kty) {
|
|
575
575
|
case "EC":
|
|
576
576
|
n = {
|
|
@@ -594,18 +594,18 @@ function be(e) {
|
|
|
594
594
|
n: t.n
|
|
595
595
|
};
|
|
596
596
|
break;
|
|
597
|
-
default: throw new
|
|
597
|
+
default: throw new E("unsupported JWK kty");
|
|
598
598
|
}
|
|
599
|
-
return
|
|
599
|
+
return T(await crypto.subtle.digest({ name: "SHA-256" }, C(JSON.stringify(n))));
|
|
600
600
|
}(e.publicKey);
|
|
601
601
|
}
|
|
602
|
-
function
|
|
603
|
-
return
|
|
602
|
+
function be({ keyPair: e, url: t, method: n, nonce: r, accessToken: i }) {
|
|
603
|
+
return he(e, function(e) {
|
|
604
604
|
let t = new URL(e);
|
|
605
605
|
return t.search = "", t.hash = "", t.href;
|
|
606
606
|
}(t), n, r, i);
|
|
607
607
|
}
|
|
608
|
-
var
|
|
608
|
+
var xe = async (e, t) => {
|
|
609
609
|
let n = await fetch(e, t);
|
|
610
610
|
return {
|
|
611
611
|
ok: n.ok,
|
|
@@ -613,16 +613,16 @@ var Se = async (e, t) => {
|
|
|
613
613
|
headers: (r = n.headers, [...r].reduce(((e, [t, n]) => (e[t] = n, e)), {}))
|
|
614
614
|
};
|
|
615
615
|
var r;
|
|
616
|
-
},
|
|
616
|
+
}, Se = async (e, t, n) => {
|
|
617
617
|
let r = new AbortController(), i;
|
|
618
|
-
return t.signal = r.signal, Promise.race([
|
|
618
|
+
return t.signal = r.signal, Promise.race([xe(e, t), new Promise(((e, t) => {
|
|
619
619
|
i = setTimeout((() => {
|
|
620
620
|
r.abort(), t(/* @__PURE__ */ Error("Timeout when executing 'fetch'"));
|
|
621
621
|
}), n);
|
|
622
622
|
}))]).finally((() => {
|
|
623
623
|
clearTimeout(i);
|
|
624
624
|
}));
|
|
625
|
-
},
|
|
625
|
+
}, Ce = async (e, t, n, r, i, a, o, s) => {
|
|
626
626
|
return c = {
|
|
627
627
|
auth: {
|
|
628
628
|
audience: t,
|
|
@@ -640,8 +640,8 @@ var Se = async (e, t) => {
|
|
|
640
640
|
}, l.postMessage(c, [n.port2]);
|
|
641
641
|
}));
|
|
642
642
|
var c, l;
|
|
643
|
-
},
|
|
644
|
-
async function
|
|
643
|
+
}, we = async (e, t, n, r, i, a, o = 1e4, s) => i ? Ce(e, t, n, r, o, i, a, s) : Se(e, r, o);
|
|
644
|
+
async function Te(t, n, r, i, a, o, s, c, u, d) {
|
|
645
645
|
if (u) {
|
|
646
646
|
let e = await u.generateProof({
|
|
647
647
|
url: t,
|
|
@@ -652,26 +652,26 @@ async function Ee(t, n, r, i, a, o, s, c, u, d) {
|
|
|
652
652
|
}
|
|
653
653
|
let f, p = null;
|
|
654
654
|
for (let e = 0; e < 3; e++) try {
|
|
655
|
-
f = await
|
|
655
|
+
f = await we(t, r, i, a, o, s, n, c), p = null;
|
|
656
656
|
break;
|
|
657
657
|
} catch (e) {
|
|
658
658
|
p = e;
|
|
659
659
|
}
|
|
660
660
|
if (p) throw p;
|
|
661
|
-
let m = f.json, { error: h, error_description:
|
|
662
|
-
if (u && (
|
|
663
|
-
let e =
|
|
664
|
-
if (h === "mfa_required") throw new ee(h, e,
|
|
665
|
-
if (h === "missing_refresh_token") throw new
|
|
661
|
+
let m = f.json, { error: h, error_description: _ } = m, v = e(m, ["error", "error_description"]), { headers: y, ok: b } = f, x;
|
|
662
|
+
if (u && (x = y["dpop-nonce"], x && await u.setNonce(x)), !b) {
|
|
663
|
+
let e = _ || `HTTP error. Unable to fetch ${t}`;
|
|
664
|
+
if (h === "mfa_required") throw new ee(h, e, v.mfa_token);
|
|
665
|
+
if (h === "missing_refresh_token") throw new g(r, i);
|
|
666
666
|
if (h === "use_dpop_nonce") {
|
|
667
|
-
if (!u || !
|
|
668
|
-
return
|
|
667
|
+
if (!u || !x || d) throw new te(x);
|
|
668
|
+
return Te(t, n, r, i, a, o, s, c, u, !0);
|
|
669
669
|
}
|
|
670
670
|
throw new l(h || "request_error", e);
|
|
671
671
|
}
|
|
672
|
-
return
|
|
672
|
+
return v;
|
|
673
673
|
}
|
|
674
|
-
async function
|
|
674
|
+
async function Ee(t, n) {
|
|
675
675
|
var { baseUrl: r, timeout: i, audience: a, scope: o, auth0Client: c, useFormData: l, useMrrt: u, dpop: d } = t, f = e(t, [
|
|
676
676
|
"baseUrl",
|
|
677
677
|
"timeout",
|
|
@@ -685,24 +685,24 @@ async function De(t, n) {
|
|
|
685
685
|
let p = f.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", m = f.grant_type === "refresh_token" && u, h = Object.assign(Object.assign(Object.assign(Object.assign({}, f), p && a && { audience: a }), p && o && { scope: o }), m && {
|
|
686
686
|
audience: a,
|
|
687
687
|
scope: o
|
|
688
|
-
}), ee = l ?
|
|
689
|
-
var
|
|
690
|
-
return await
|
|
688
|
+
}), ee = l ? S(h) : JSON.stringify(h), g = (_ = f.grant_type, _e.includes(_));
|
|
689
|
+
var _;
|
|
690
|
+
return await Te(`${r}/oauth/token`, i, a || "default", o, {
|
|
691
691
|
method: "POST",
|
|
692
692
|
body: ee,
|
|
693
693
|
headers: {
|
|
694
694
|
"Content-Type": l ? "application/x-www-form-urlencoded" : "application/json",
|
|
695
|
-
"Auth0-Client": btoa(JSON.stringify(
|
|
695
|
+
"Auth0-Client": btoa(JSON.stringify(re(c || s)))
|
|
696
696
|
}
|
|
697
|
-
}, n, l, u,
|
|
697
|
+
}, n, l, u, g ? d : void 0);
|
|
698
698
|
}
|
|
699
|
-
var
|
|
699
|
+
var D = (...e) => {
|
|
700
700
|
return (t = e.filter(Boolean).join(" ").trim().split(/\s+/), Array.from(new Set(t))).join(" ");
|
|
701
701
|
var t;
|
|
702
|
-
},
|
|
702
|
+
}, O = (e, t, n) => {
|
|
703
703
|
let r;
|
|
704
|
-
return n && (r = e[n]), r ||= e.default,
|
|
705
|
-
},
|
|
704
|
+
return n && (r = e[n]), r ||= e.default, D(r, t);
|
|
705
|
+
}, k = class e {
|
|
706
706
|
constructor(e, t = "@@auth0spajs@@", n) {
|
|
707
707
|
this.prefix = t, this.suffix = n, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
|
|
708
708
|
}
|
|
@@ -731,7 +731,7 @@ var E = (...e) => {
|
|
|
731
731
|
clientId: i
|
|
732
732
|
});
|
|
733
733
|
}
|
|
734
|
-
},
|
|
734
|
+
}, De = class {
|
|
735
735
|
set(e, t) {
|
|
736
736
|
localStorage.setItem(e, JSON.stringify(t));
|
|
737
737
|
}
|
|
@@ -749,7 +749,7 @@ var E = (...e) => {
|
|
|
749
749
|
allKeys() {
|
|
750
750
|
return Object.keys(window.localStorage).filter(((e) => e.startsWith("@@auth0spajs@@")));
|
|
751
751
|
}
|
|
752
|
-
},
|
|
752
|
+
}, Oe = class {
|
|
753
753
|
constructor() {
|
|
754
754
|
this.enclosedCache = function() {
|
|
755
755
|
let e = {};
|
|
@@ -768,7 +768,7 @@ var E = (...e) => {
|
|
|
768
768
|
};
|
|
769
769
|
}();
|
|
770
770
|
}
|
|
771
|
-
},
|
|
771
|
+
}, ke = class {
|
|
772
772
|
constructor(e, t, n) {
|
|
773
773
|
this.cache = e, this.keyManifest = t, this.nowProvider = n || c;
|
|
774
774
|
}
|
|
@@ -817,7 +817,7 @@ var E = (...e) => {
|
|
|
817
817
|
};
|
|
818
818
|
}
|
|
819
819
|
async set(e) {
|
|
820
|
-
let t = new
|
|
820
|
+
let t = new k({
|
|
821
821
|
clientId: e.client_id,
|
|
822
822
|
scope: e.scope,
|
|
823
823
|
audience: e.audience
|
|
@@ -825,7 +825,7 @@ var E = (...e) => {
|
|
|
825
825
|
await this.cache.set(t.toKey(), n), await this.keyManifest?.add(t.toKey());
|
|
826
826
|
}
|
|
827
827
|
async remove(e, t, n) {
|
|
828
|
-
let r = new
|
|
828
|
+
let r = new k({
|
|
829
829
|
clientId: e,
|
|
830
830
|
scope: n,
|
|
831
831
|
audience: t
|
|
@@ -849,17 +849,17 @@ var E = (...e) => {
|
|
|
849
849
|
return this.keyManifest ? (await this.keyManifest.get())?.keys : this.cache.allKeys ? this.cache.allKeys() : void 0;
|
|
850
850
|
}
|
|
851
851
|
getIdTokenCacheKey(e) {
|
|
852
|
-
return new
|
|
852
|
+
return new k({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
|
|
853
853
|
}
|
|
854
854
|
matchExistingCacheKey(e, t) {
|
|
855
855
|
return t.filter(((t) => {
|
|
856
|
-
let n =
|
|
856
|
+
let n = k.fromKey(t), r = new Set(n.scope && n.scope.split(" ")), i = e.scope?.split(" ") || [], a = n.scope && i.reduce(((e, t) => e && r.has(t)), !0);
|
|
857
857
|
return n.prefix === "@@auth0spajs@@" && n.clientId === e.clientId && n.audience === e.audience && a;
|
|
858
858
|
}))[0];
|
|
859
859
|
}
|
|
860
860
|
async getEntryWithRefreshToken(e, t) {
|
|
861
861
|
for (let n of t) {
|
|
862
|
-
let t =
|
|
862
|
+
let t = k.fromKey(n);
|
|
863
863
|
if (t.prefix === "@@auth0spajs@@" && t.clientId === e.clientId) {
|
|
864
864
|
let t = await this.cache.get(n);
|
|
865
865
|
if (t?.body?.refresh_token) return this.modifiedCachedEntry(t, e);
|
|
@@ -876,7 +876,7 @@ var E = (...e) => {
|
|
|
876
876
|
}
|
|
877
877
|
}
|
|
878
878
|
}
|
|
879
|
-
},
|
|
879
|
+
}, Ae = class {
|
|
880
880
|
constructor(e, t, n) {
|
|
881
881
|
this.storage = e, this.clientId = t, this.cookieDomain = n, this.storageKey = `a0.spajs.txs.${this.clientId}`;
|
|
882
882
|
}
|
|
@@ -892,21 +892,21 @@ var E = (...e) => {
|
|
|
892
892
|
remove() {
|
|
893
893
|
this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
|
|
894
894
|
}
|
|
895
|
-
},
|
|
895
|
+
}, A = (e) => typeof e == "number", je = /* @__PURE__ */ "iss.aud.exp.nbf.iat.jti.azp.nonce.auth_time.at_hash.c_hash.acr.amr.sub_jwk.cnf.sip_from_tag.sip_date.sip_callid.sip_cseq_num.sip_via_branch.orig.dest.mky.events.toe.txn.rph.sid.vot.vtm".split("."), Me = (e) => {
|
|
896
896
|
if (!e.id_token) throw Error("ID token is required but missing");
|
|
897
897
|
let t = ((e) => {
|
|
898
898
|
let t = e.split("."), [n, r, i] = t;
|
|
899
899
|
if (t.length !== 3 || !n || !r || !i) throw Error("ID token could not be decoded");
|
|
900
|
-
let a = JSON.parse(
|
|
900
|
+
let a = JSON.parse(ae(r)), o = { __raw: e }, s = {};
|
|
901
901
|
return Object.keys(a).forEach(((e) => {
|
|
902
|
-
o[e] = a[e],
|
|
902
|
+
o[e] = a[e], je.includes(e) || (s[e] = a[e]);
|
|
903
903
|
})), {
|
|
904
904
|
encoded: {
|
|
905
905
|
header: n,
|
|
906
906
|
payload: r,
|
|
907
907
|
signature: i
|
|
908
908
|
},
|
|
909
|
-
header: JSON.parse(
|
|
909
|
+
header: JSON.parse(ae(n)),
|
|
910
910
|
claims: o,
|
|
911
911
|
user: s
|
|
912
912
|
};
|
|
@@ -927,16 +927,16 @@ var E = (...e) => {
|
|
|
927
927
|
if (!t.claims.nonce) throw Error("Nonce (nonce) claim must be a string present in the ID token");
|
|
928
928
|
if (t.claims.nonce !== e.nonce) throw Error(`Nonce (nonce) claim mismatch in the ID token; expected "${e.nonce}", found "${t.claims.nonce}"`);
|
|
929
929
|
}
|
|
930
|
-
if (e.max_age && !
|
|
931
|
-
if (t.claims.exp == null || !
|
|
932
|
-
if (!
|
|
930
|
+
if (e.max_age && !A(t.claims.auth_time)) throw Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
|
|
931
|
+
if (t.claims.exp == null || !A(t.claims.exp)) throw Error("Expiration Time (exp) claim must be a number present in the ID token");
|
|
932
|
+
if (!A(t.claims.iat)) throw Error("Issued At (iat) claim must be a number present in the ID token");
|
|
933
933
|
let n = e.leeway || 60, r = new Date(e.now || Date.now()), i = /* @__PURE__ */ new Date(0);
|
|
934
934
|
if (i.setUTCSeconds(t.claims.exp + n), r > i) throw Error(`Expiration Time (exp) claim error in the ID token; current time (${r}) is after expiration time (${i})`);
|
|
935
|
-
if (t.claims.nbf != null &&
|
|
935
|
+
if (t.claims.nbf != null && A(t.claims.nbf)) {
|
|
936
936
|
let e = /* @__PURE__ */ new Date(0);
|
|
937
937
|
if (e.setUTCSeconds(t.claims.nbf - n), r < e) throw Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${r}) is before ${e}`);
|
|
938
938
|
}
|
|
939
|
-
if (t.claims.auth_time != null &&
|
|
939
|
+
if (t.claims.auth_time != null && A(t.claims.auth_time)) {
|
|
940
940
|
let i = /* @__PURE__ */ new Date(0);
|
|
941
941
|
if (i.setUTCSeconds(parseInt(t.claims.auth_time) + e.max_age + n), r > i) throw Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${r}) is after last auth at ${i}`);
|
|
942
942
|
}
|
|
@@ -953,7 +953,7 @@ var E = (...e) => {
|
|
|
953
953
|
}
|
|
954
954
|
}
|
|
955
955
|
return t;
|
|
956
|
-
},
|
|
956
|
+
}, j = r((function(e, n) {
|
|
957
957
|
var r = t && t.__assign || function() {
|
|
958
958
|
return r = Object.assign || function(e) {
|
|
959
959
|
for (var t, n = 1, r = arguments.length; n < r; n++) for (var i in t = arguments[n]) Object.prototype.hasOwnProperty.call(t, i) && (e[i] = t[i]);
|
|
@@ -996,10 +996,10 @@ var E = (...e) => {
|
|
|
996
996
|
c(e, "", r(r({}, t), { expires: -1 }));
|
|
997
997
|
};
|
|
998
998
|
}));
|
|
999
|
-
n(
|
|
1000
|
-
var
|
|
999
|
+
n(j), j.encode, j.parse, j.getAll;
|
|
1000
|
+
var Ne = j.get, Pe = j.set, Fe = j.remove, M = {
|
|
1001
1001
|
get(e) {
|
|
1002
|
-
let t =
|
|
1002
|
+
let t = Ne(e);
|
|
1003
1003
|
if (t !== void 0) return JSON.parse(t);
|
|
1004
1004
|
},
|
|
1005
1005
|
save(e, t, n) {
|
|
@@ -1007,25 +1007,25 @@ var Pe = A.get, Fe = A.set, Ie = A.remove, j = {
|
|
|
1007
1007
|
window.location.protocol === "https:" && (r = {
|
|
1008
1008
|
secure: !0,
|
|
1009
1009
|
sameSite: "none"
|
|
1010
|
-
}), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain),
|
|
1010
|
+
}), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Pe(e, JSON.stringify(t), r);
|
|
1011
1011
|
},
|
|
1012
1012
|
remove(e, t) {
|
|
1013
1013
|
let n = {};
|
|
1014
|
-
t != null && t.cookieDomain && (n.domain = t.cookieDomain),
|
|
1014
|
+
t != null && t.cookieDomain && (n.domain = t.cookieDomain), Fe(e, n);
|
|
1015
1015
|
}
|
|
1016
|
-
},
|
|
1016
|
+
}, Ie = {
|
|
1017
1017
|
get(e) {
|
|
1018
|
-
return
|
|
1018
|
+
return M.get(e) || M.get(`_legacy_${e}`);
|
|
1019
1019
|
},
|
|
1020
1020
|
save(e, t, n) {
|
|
1021
1021
|
let r = {};
|
|
1022
|
-
window.location.protocol === "https:" && (r = { secure: !0 }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain),
|
|
1022
|
+
window.location.protocol === "https:" && (r = { secure: !0 }), n != null && n.daysUntilExpire && (r.expires = n.daysUntilExpire), n != null && n.cookieDomain && (r.domain = n.cookieDomain), Pe(`_legacy_${e}`, JSON.stringify(t), r), M.save(e, t, n);
|
|
1023
1023
|
},
|
|
1024
1024
|
remove(e, t) {
|
|
1025
1025
|
let n = {};
|
|
1026
|
-
t != null && t.cookieDomain && (n.domain = t.cookieDomain),
|
|
1026
|
+
t != null && t.cookieDomain && (n.domain = t.cookieDomain), Fe(e, n), M.remove(e, t), M.remove(`_legacy_${e}`, t);
|
|
1027
1027
|
}
|
|
1028
|
-
},
|
|
1028
|
+
}, Le = {
|
|
1029
1029
|
get(e) {
|
|
1030
1030
|
if (typeof sessionStorage > "u") return;
|
|
1031
1031
|
let t = sessionStorage.getItem(e);
|
|
@@ -1037,11 +1037,11 @@ var Pe = A.get, Fe = A.set, Ie = A.remove, j = {
|
|
|
1037
1037
|
remove(e) {
|
|
1038
1038
|
sessionStorage.removeItem(e);
|
|
1039
1039
|
}
|
|
1040
|
-
},
|
|
1040
|
+
}, N;
|
|
1041
1041
|
(function(e) {
|
|
1042
1042
|
e.Code = "code", e.ConnectCode = "connect_code";
|
|
1043
|
-
})(
|
|
1044
|
-
function
|
|
1043
|
+
})(N ||= {});
|
|
1044
|
+
function Re(e, t, n) {
|
|
1045
1045
|
var r = t === void 0 ? null : t, i = function(e, t) {
|
|
1046
1046
|
var n = atob(e);
|
|
1047
1047
|
if (t) {
|
|
@@ -1052,12 +1052,12 @@ function ze(e, t, n) {
|
|
|
1052
1052
|
}(e, n !== void 0 && n), a = i.indexOf("\n", 10) + 1, o = i.substring(a) + (r ? "//# sourceMappingURL=" + r : ""), s = new Blob([o], { type: "application/javascript" });
|
|
1053
1053
|
return URL.createObjectURL(s);
|
|
1054
1054
|
}
|
|
1055
|
-
var Be, Ve, He, Ue
|
|
1056
|
-
return
|
|
1057
|
-
}),
|
|
1055
|
+
var ze, Be, Ve, He, Ue = (ze = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", Be = null, Ve = !1, function(e) {
|
|
1056
|
+
return He ||= Re(ze, Be, Ve), new Worker(He, e);
|
|
1057
|
+
}), P = {}, We = async (e, t = 3) => {
|
|
1058
1058
|
for (let n = 0; n < t; n++) if (await e()) return !0;
|
|
1059
1059
|
return !1;
|
|
1060
|
-
},
|
|
1060
|
+
}, Ge = class {
|
|
1061
1061
|
constructor(e, t) {
|
|
1062
1062
|
this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
|
|
1063
1063
|
}
|
|
@@ -1081,19 +1081,19 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
|
|
|
1081
1081
|
createManifestKeyFrom(e) {
|
|
1082
1082
|
return `@@auth0spajs@@::${e}`;
|
|
1083
1083
|
}
|
|
1084
|
-
},
|
|
1085
|
-
memory: () => new
|
|
1086
|
-
localstorage: () => new
|
|
1087
|
-
},
|
|
1084
|
+
}, Ke = {
|
|
1085
|
+
memory: () => new Oe().enclosedCache,
|
|
1086
|
+
localstorage: () => new De()
|
|
1087
|
+
}, qe = (e) => Ke[e], Je = (t) => {
|
|
1088
1088
|
let { openUrl: n, onRedirect: r } = t, i = e(t, ["openUrl", "onRedirect"]);
|
|
1089
1089
|
return Object.assign(Object.assign({}, i), { openUrl: !1 === n || n ? n : r });
|
|
1090
|
-
},
|
|
1090
|
+
}, Ye = (e, t) => {
|
|
1091
1091
|
let n = t?.split(" ") || [];
|
|
1092
1092
|
return (e?.split(" ") || []).every(((e) => n.includes(e)));
|
|
1093
|
-
},
|
|
1093
|
+
}, F = {
|
|
1094
1094
|
NONCE: "nonce",
|
|
1095
1095
|
KEYPAIR: "keypair"
|
|
1096
|
-
},
|
|
1096
|
+
}, Xe = class {
|
|
1097
1097
|
constructor(e) {
|
|
1098
1098
|
this.clientId = e;
|
|
1099
1099
|
}
|
|
@@ -1103,7 +1103,7 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
|
|
|
1103
1103
|
createDbHandle() {
|
|
1104
1104
|
let e = window.indexedDB.open("auth0-spa-js", this.getVersion());
|
|
1105
1105
|
return new Promise(((t, n) => {
|
|
1106
|
-
e.onupgradeneeded = () => Object.values(
|
|
1106
|
+
e.onupgradeneeded = () => Object.values(F).forEach(((t) => e.result.createObjectStore(t))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
|
|
1107
1107
|
}));
|
|
1108
1108
|
}
|
|
1109
1109
|
async getDbHandle() {
|
|
@@ -1120,19 +1120,19 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
|
|
|
1120
1120
|
return `${this.clientId}::${t}`;
|
|
1121
1121
|
}
|
|
1122
1122
|
setNonce(e, t) {
|
|
1123
|
-
return this.save(
|
|
1123
|
+
return this.save(F.NONCE, this.buildKey(t), e);
|
|
1124
1124
|
}
|
|
1125
1125
|
setKeyPair(e) {
|
|
1126
|
-
return this.save(
|
|
1126
|
+
return this.save(F.KEYPAIR, this.buildKey(), e);
|
|
1127
1127
|
}
|
|
1128
1128
|
async save(e, t, n) {
|
|
1129
1129
|
await this.executeDbRequest(e, "readwrite", ((e) => e.put(n, t)));
|
|
1130
1130
|
}
|
|
1131
1131
|
findNonce(e) {
|
|
1132
|
-
return this.find(
|
|
1132
|
+
return this.find(F.NONCE, this.buildKey(e));
|
|
1133
1133
|
}
|
|
1134
1134
|
findKeyPair() {
|
|
1135
|
-
return this.find(
|
|
1135
|
+
return this.find(F.KEYPAIR, this.buildKey());
|
|
1136
1136
|
}
|
|
1137
1137
|
find(e, t) {
|
|
1138
1138
|
return this.executeDbRequest(e, "readonly", ((e) => e.get(t)));
|
|
@@ -1144,14 +1144,14 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
|
|
|
1144
1144
|
return this.deleteBy(e, ((e) => typeof e == "string" && e.startsWith(`${t}::`)));
|
|
1145
1145
|
}
|
|
1146
1146
|
clearNonces() {
|
|
1147
|
-
return this.deleteByClientId(
|
|
1147
|
+
return this.deleteByClientId(F.NONCE, this.clientId);
|
|
1148
1148
|
}
|
|
1149
1149
|
clearKeyPairs() {
|
|
1150
|
-
return this.deleteByClientId(
|
|
1150
|
+
return this.deleteByClientId(F.KEYPAIR, this.clientId);
|
|
1151
1151
|
}
|
|
1152
|
-
},
|
|
1152
|
+
}, Ze = class {
|
|
1153
1153
|
constructor(e) {
|
|
1154
|
-
this.storage = new
|
|
1154
|
+
this.storage = new Xe(e);
|
|
1155
1155
|
}
|
|
1156
1156
|
getNonce(e) {
|
|
1157
1157
|
return this.storage.findNonce(e);
|
|
@@ -1161,23 +1161,23 @@ var Be, Ve, He, Ue, We = (Be = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAq
|
|
|
1161
1161
|
}
|
|
1162
1162
|
async getOrGenerateKeyPair() {
|
|
1163
1163
|
let e = await this.storage.findKeyPair();
|
|
1164
|
-
return e || (e = await
|
|
1164
|
+
return e || (e = await ve(), await this.storage.setKeyPair(e)), e;
|
|
1165
1165
|
}
|
|
1166
1166
|
async generateProof(e) {
|
|
1167
1167
|
let t = await this.getOrGenerateKeyPair();
|
|
1168
|
-
return
|
|
1168
|
+
return be(Object.assign({ keyPair: t }, e));
|
|
1169
1169
|
}
|
|
1170
1170
|
async calculateThumbprint() {
|
|
1171
|
-
return
|
|
1171
|
+
return ye(await this.getOrGenerateKeyPair());
|
|
1172
1172
|
}
|
|
1173
1173
|
async clear() {
|
|
1174
1174
|
await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
|
|
1175
1175
|
}
|
|
1176
|
-
},
|
|
1176
|
+
}, I;
|
|
1177
1177
|
(function(e) {
|
|
1178
1178
|
e.Bearer = "Bearer", e.DPoP = "DPoP";
|
|
1179
|
-
})(
|
|
1180
|
-
var
|
|
1179
|
+
})(I ||= {});
|
|
1180
|
+
var Qe = class {
|
|
1181
1181
|
constructor(e, t) {
|
|
1182
1182
|
this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
|
|
1183
1183
|
}
|
|
@@ -1202,7 +1202,7 @@ var $e = class {
|
|
|
1202
1202
|
let n = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), r = e instanceof Request ? new Request(n, e) : n;
|
|
1203
1203
|
return new Request(r, t);
|
|
1204
1204
|
}
|
|
1205
|
-
setAuthorizationHeader(e, t, n =
|
|
1205
|
+
setAuthorizationHeader(e, t, n = I.Bearer) {
|
|
1206
1206
|
e.headers.set("authorization", `${n} ${t}`);
|
|
1207
1207
|
}
|
|
1208
1208
|
async setDpopProofHeader(e, t) {
|
|
@@ -1217,7 +1217,7 @@ var $e = class {
|
|
|
1217
1217
|
}
|
|
1218
1218
|
async prepareRequest(e, t) {
|
|
1219
1219
|
let n = await this.getAccessToken(t), r, i;
|
|
1220
|
-
typeof n == "string" ? (r = this.config.dpopNonceId ?
|
|
1220
|
+
typeof n == "string" ? (r = this.config.dpopNonceId ? I.DPoP : I.Bearer, i = n) : (r = n.token_type, i = n.access_token), this.setAuthorizationHeader(e, i, r), r === I.DPoP && await this.setDpopProofHeader(e, i);
|
|
1221
1221
|
}
|
|
1222
1222
|
getHeader(e, t) {
|
|
1223
1223
|
return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
|
|
@@ -1230,7 +1230,7 @@ var $e = class {
|
|
|
1230
1230
|
async handleResponse(e, t) {
|
|
1231
1231
|
let n = this.getHeader(e.headers, "dpop-nonce");
|
|
1232
1232
|
if (n && await this.hooks.setDpopNonce(n), !this.hasUseDpopNonceError(e)) return e;
|
|
1233
|
-
if (!n || !t.onUseDpopNonceError) throw new
|
|
1233
|
+
if (!n || !t.onUseDpopNonceError) throw new te(n);
|
|
1234
1234
|
return t.onUseDpopNonceError();
|
|
1235
1235
|
}
|
|
1236
1236
|
async internalFetchWithAuth(e, t, n, r) {
|
|
@@ -1243,7 +1243,7 @@ var $e = class {
|
|
|
1243
1243
|
let r = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, r), { onUseDpopNonceError: void 0 }), n) };
|
|
1244
1244
|
return this.internalFetchWithAuth(e, t, r, n);
|
|
1245
1245
|
}
|
|
1246
|
-
},
|
|
1246
|
+
}, $e = class {
|
|
1247
1247
|
constructor(e, t) {
|
|
1248
1248
|
this.myAccountFetcher = e, this.apiBase = t;
|
|
1249
1249
|
}
|
|
@@ -1268,7 +1268,7 @@ var $e = class {
|
|
|
1268
1268
|
try {
|
|
1269
1269
|
t = await e.text(), t = JSON.parse(t);
|
|
1270
1270
|
} catch (n) {
|
|
1271
|
-
throw new
|
|
1271
|
+
throw new et({
|
|
1272
1272
|
type: "invalid_json",
|
|
1273
1273
|
status: e.status,
|
|
1274
1274
|
title: "Invalid JSON response",
|
|
@@ -1276,61 +1276,61 @@ var $e = class {
|
|
|
1276
1276
|
});
|
|
1277
1277
|
}
|
|
1278
1278
|
if (e.ok) return t;
|
|
1279
|
-
throw new
|
|
1279
|
+
throw new et(t);
|
|
1280
1280
|
}
|
|
1281
|
-
},
|
|
1281
|
+
}, et = class e extends Error {
|
|
1282
1282
|
constructor({ type: t, status: n, title: r, detail: i, validation_errors: a }) {
|
|
1283
1283
|
super(i), this.name = "MyAccountApiError", this.type = t, this.status = n, this.title = r, this.detail = i, this.validation_errors = a, Object.setPrototypeOf(this, e.prototype);
|
|
1284
1284
|
}
|
|
1285
|
-
},
|
|
1285
|
+
}, L = new a(), tt = class {
|
|
1286
1286
|
constructor(e) {
|
|
1287
1287
|
let t, n;
|
|
1288
|
-
if (this.userCache = new
|
|
1288
|
+
if (this.userCache = new Oe().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = {
|
|
1289
1289
|
authorizationParams: { scope: "openid profile email" },
|
|
1290
1290
|
useRefreshTokensFallback: !1,
|
|
1291
1291
|
useFormData: !0
|
|
1292
1292
|
}, this._releaseLockOnPageHide = async () => {
|
|
1293
1293
|
let e = Array.from(this.activeLockKeys);
|
|
1294
|
-
for (let t of e) await
|
|
1294
|
+
for (let t of e) await L.releaseLock(t);
|
|
1295
1295
|
this.activeLockKeys.clear(), window.removeEventListener("pagehide", this._releaseLockOnPageHide);
|
|
1296
1296
|
}, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
|
|
1297
|
-
if (!
|
|
1298
|
-
if (
|
|
1297
|
+
if (!y()) throw Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
|
|
1298
|
+
if (y().subtle === void 0) throw Error("\n auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.\n ");
|
|
1299
1299
|
})(), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) n = e.cache;
|
|
1300
1300
|
else {
|
|
1301
|
-
if (t = e.cacheLocation || "memory", !
|
|
1302
|
-
n =
|
|
1301
|
+
if (t = e.cacheLocation || "memory", !qe(t)) throw Error(`Invalid cache location "${t}"`);
|
|
1302
|
+
n = qe(t)();
|
|
1303
1303
|
}
|
|
1304
|
-
this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = !1 === e.legacySameSiteCookie ?
|
|
1305
|
-
let r = e.useCookiesForTransactions ? this.cookieStorage :
|
|
1304
|
+
this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = !1 === e.legacySameSiteCookie ? M : Ie, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((e) => `auth0.${e}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
|
|
1305
|
+
let r = e.useCookiesForTransactions ? this.cookieStorage : Le;
|
|
1306
1306
|
var i;
|
|
1307
1307
|
this.scope = ((e, t, ...n) => {
|
|
1308
|
-
if (typeof e != "object") return { default:
|
|
1309
|
-
let r = { default:
|
|
1308
|
+
if (typeof e != "object") return { default: D(t, e, ...n) };
|
|
1309
|
+
let r = { default: D(t, ...n) };
|
|
1310
1310
|
return Object.keys(e).forEach(((i) => {
|
|
1311
1311
|
let a = e[i];
|
|
1312
|
-
r[i] =
|
|
1312
|
+
r[i] = D(t, a, ...n);
|
|
1313
1313
|
})), r;
|
|
1314
|
-
})(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new
|
|
1314
|
+
})(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new Ae(r, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || c, this.cacheManager = new ke(n, n.allKeys ? void 0 : new Ge(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Ze(this.options.clientId) : void 0, this.domainUrl = (i = this.options.domain, /^https?:\/\//.test(i) ? i : `https://${i}`), this.tokenIssuer = ((e, t) => e ? e.startsWith("https://") ? e : `https://${e}/` : `${t}/`)(this.options.issuer, this.domainUrl);
|
|
1315
1315
|
let a = `${this.domainUrl}/me/`;
|
|
1316
|
-
this.myAccountApi = new
|
|
1316
|
+
this.myAccountApi = new $e(this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({
|
|
1317
1317
|
authorizationParams: {
|
|
1318
1318
|
scope: "create:me:connected_accounts",
|
|
1319
1319
|
audience: a
|
|
1320
1320
|
},
|
|
1321
1321
|
detailedResponse: !0
|
|
1322
|
-
}) })), a), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new
|
|
1322
|
+
}) })), a), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new Ue());
|
|
1323
1323
|
}
|
|
1324
1324
|
_url(e) {
|
|
1325
1325
|
let t = encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client || s)));
|
|
1326
1326
|
return `${this.domainUrl}${e}&auth0Client=${t}`;
|
|
1327
1327
|
}
|
|
1328
1328
|
_authorizeUrl(e) {
|
|
1329
|
-
return this._url(`/authorize?${
|
|
1329
|
+
return this._url(`/authorize?${S(e)}`);
|
|
1330
1330
|
}
|
|
1331
1331
|
async _verifyIdToken(e, t, n) {
|
|
1332
1332
|
let r = await this.nowProvider();
|
|
1333
|
-
return
|
|
1333
|
+
return Me({
|
|
1334
1334
|
iss: this.tokenIssuer,
|
|
1335
1335
|
aud: this.options.clientId,
|
|
1336
1336
|
id_token: e,
|
|
@@ -1349,8 +1349,8 @@ var $e = class {
|
|
|
1349
1349
|
}) : this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain });
|
|
1350
1350
|
}
|
|
1351
1351
|
async _prepareAuthorizeUrl(e, t, n) {
|
|
1352
|
-
let r = b(
|
|
1353
|
-
scope:
|
|
1352
|
+
let r = x(b()), i = x(b()), a = b(), o = oe(await ie(a)), s = await this.dpop?.calculateThumbprint(), c = ((e, t, n, r, i, a, o, s, c) => Object.assign(Object.assign(Object.assign({ client_id: e.clientId }, e.authorizationParams), n), {
|
|
1353
|
+
scope: O(t, n.scope, n.audience),
|
|
1354
1354
|
response_type: "code",
|
|
1355
1355
|
response_mode: s || "query",
|
|
1356
1356
|
state: r,
|
|
@@ -1411,14 +1411,14 @@ var $e = class {
|
|
|
1411
1411
|
return (await this._getIdTokenFromCache())?.decodedToken?.claims;
|
|
1412
1412
|
}
|
|
1413
1413
|
async loginWithRedirect(t = {}) {
|
|
1414
|
-
let n =
|
|
1414
|
+
let n = Je(t), { openUrl: r, fragment: i, appState: a } = n, o = e(n, [
|
|
1415
1415
|
"openUrl",
|
|
1416
1416
|
"fragment",
|
|
1417
1417
|
"appState"
|
|
1418
1418
|
]), s = o.authorizationParams?.organization || this.options.authorizationParams.organization, c = await this._prepareAuthorizeUrl(o.authorizationParams || {}), { url: l } = c, u = e(c, ["url"]);
|
|
1419
1419
|
this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, u), {
|
|
1420
1420
|
appState: a,
|
|
1421
|
-
response_type:
|
|
1421
|
+
response_type: N.Code
|
|
1422
1422
|
}), s && { organization: s }));
|
|
1423
1423
|
let d = i ? `${l}#${i}` : l;
|
|
1424
1424
|
r ? await r(d) : window.location.assign(d);
|
|
@@ -1440,7 +1440,7 @@ var $e = class {
|
|
|
1440
1440
|
error_description: t.get("error_description") || void 0
|
|
1441
1441
|
};
|
|
1442
1442
|
})(t.join(""));
|
|
1443
|
-
return n.response_type ===
|
|
1443
|
+
return n.response_type === N.ConnectCode ? this._handleConnectAccountRedirectCallback(r, n) : this._handleLoginRedirectCallback(r, n);
|
|
1444
1444
|
}
|
|
1445
1445
|
async _handleLoginRedirectCallback(e, t) {
|
|
1446
1446
|
let { code: n, state: r, error: i, error_description: a } = e;
|
|
@@ -1458,7 +1458,7 @@ var $e = class {
|
|
|
1458
1458
|
organization: o
|
|
1459
1459
|
}), {
|
|
1460
1460
|
appState: t.appState,
|
|
1461
|
-
response_type:
|
|
1461
|
+
response_type: N.Code
|
|
1462
1462
|
};
|
|
1463
1463
|
}
|
|
1464
1464
|
async _handleConnectAccountRedirectCallback(e, t) {
|
|
@@ -1474,7 +1474,7 @@ var $e = class {
|
|
|
1474
1474
|
});
|
|
1475
1475
|
return Object.assign(Object.assign({}, o), {
|
|
1476
1476
|
appState: t.appState,
|
|
1477
|
-
response_type:
|
|
1477
|
+
response_type: N.ConnectCode
|
|
1478
1478
|
});
|
|
1479
1479
|
}
|
|
1480
1480
|
async checkSession(e) {
|
|
@@ -1490,11 +1490,11 @@ var $e = class {
|
|
|
1490
1490
|
} catch {}
|
|
1491
1491
|
}
|
|
1492
1492
|
async getTokenSilently(e = {}) {
|
|
1493
|
-
let t = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope:
|
|
1494
|
-
let n =
|
|
1493
|
+
let t = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: O(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) }), n = await ((e, t) => {
|
|
1494
|
+
let n = P[t];
|
|
1495
1495
|
return n || (n = e().finally((() => {
|
|
1496
|
-
delete
|
|
1497
|
-
})),
|
|
1496
|
+
delete P[t], n = null;
|
|
1497
|
+
})), P[t] = n), n;
|
|
1498
1498
|
})((() => this._getTokenSilently(t)), `${this.options.clientId}::${t.authorizationParams.audience}::${t.authorizationParams.scope}`);
|
|
1499
1499
|
return e.detailedResponse ? n : n?.access_token;
|
|
1500
1500
|
}
|
|
@@ -1512,7 +1512,7 @@ var $e = class {
|
|
|
1512
1512
|
if (n === "cache-only") return;
|
|
1513
1513
|
let i = (a = this.options.clientId, o = r.authorizationParams.audience || "default", `auth0.lock.getTokenSilently.${a}.${o}`);
|
|
1514
1514
|
var a, o;
|
|
1515
|
-
if (!await
|
|
1515
|
+
if (!await We((() => L.acquireLock(i, 5e3)), 10)) throw new f();
|
|
1516
1516
|
this.activeLockKeys.add(i), this.activeLockKeys.size === 1 && window.addEventListener("pagehide", this._releaseLockOnPageHide);
|
|
1517
1517
|
try {
|
|
1518
1518
|
if (n !== "off") {
|
|
@@ -1530,12 +1530,12 @@ var $e = class {
|
|
|
1530
1530
|
access_token: i
|
|
1531
1531
|
}, a ? { scope: a } : null), { expires_in: o });
|
|
1532
1532
|
} finally {
|
|
1533
|
-
await
|
|
1533
|
+
await L.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
|
|
1534
1534
|
}
|
|
1535
1535
|
}
|
|
1536
1536
|
async getTokenWithPopup(e = {}, t = {}) {
|
|
1537
|
-
let n = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope:
|
|
1538
|
-
return t = Object.assign(Object.assign({}, o), t), await this.loginWithPopup(n, t), (await this.cacheManager.get(new
|
|
1537
|
+
let n = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: O(this.scope, e.authorizationParams?.scope, e.authorizationParams?.audience || this.options.authorizationParams.audience) }) });
|
|
1538
|
+
return t = Object.assign(Object.assign({}, o), t), await this.loginWithPopup(n, t), (await this.cacheManager.get(new k({
|
|
1539
1539
|
scope: n.authorizationParams.scope,
|
|
1540
1540
|
audience: n.authorizationParams.audience || "default",
|
|
1541
1541
|
clientId: this.options.clientId
|
|
@@ -1547,17 +1547,17 @@ var $e = class {
|
|
|
1547
1547
|
_buildLogoutUrl(t) {
|
|
1548
1548
|
t.clientId === null ? delete t.clientId : t.clientId = t.clientId || this.options.clientId;
|
|
1549
1549
|
let n = t.logoutParams || {}, { federated: r } = n, i = e(n, ["federated"]), a = r ? "&federated" : "";
|
|
1550
|
-
return this._url(`/v2/logout?${
|
|
1550
|
+
return this._url(`/v2/logout?${S(Object.assign({ clientId: t.clientId }, i))}`) + a;
|
|
1551
1551
|
}
|
|
1552
1552
|
async logout(t = {}) {
|
|
1553
|
-
let n =
|
|
1553
|
+
let n = Je(t), { openUrl: r } = n, i = e(n, ["openUrl"]);
|
|
1554
1554
|
t.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(t.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove("@@user@@"), await this.dpop?.clear();
|
|
1555
1555
|
let a = this._buildLogoutUrl(i);
|
|
1556
1556
|
r ? await r(a) : !1 !== r && window.location.assign(a);
|
|
1557
1557
|
}
|
|
1558
1558
|
async _getTokenFromIFrame(e) {
|
|
1559
1559
|
let t = `auth0.lock.getTokenFromIFrame.${this.options.clientId}`;
|
|
1560
|
-
if (!await
|
|
1560
|
+
if (!await We((() => L.acquireLock(t, 5e3)), 10)) throw new f();
|
|
1561
1561
|
try {
|
|
1562
1562
|
let t = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), n = this.cookieStorage.get(this.orgHintCookieName);
|
|
1563
1563
|
n && !t.organization && (t.organization = n);
|
|
@@ -1602,18 +1602,18 @@ var $e = class {
|
|
|
1602
1602
|
} catch (e) {
|
|
1603
1603
|
throw e.error === "login_required" && this.logout({ openUrl: !1 }), e;
|
|
1604
1604
|
} finally {
|
|
1605
|
-
await
|
|
1605
|
+
await L.releaseLock(t);
|
|
1606
1606
|
}
|
|
1607
1607
|
}
|
|
1608
1608
|
async _getTokenUsingRefreshToken(e) {
|
|
1609
|
-
let t = await this.cacheManager.get(new
|
|
1609
|
+
let t = await this.cacheManager.get(new k({
|
|
1610
1610
|
scope: e.authorizationParams.scope,
|
|
1611
1611
|
audience: e.authorizationParams.audience || "default",
|
|
1612
1612
|
clientId: this.options.clientId
|
|
1613
1613
|
}), void 0, this.options.useMrrt);
|
|
1614
1614
|
if (!(t && t.refresh_token || this.worker)) {
|
|
1615
1615
|
if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
|
|
1616
|
-
throw new
|
|
1616
|
+
throw new g(e.authorizationParams.audience || "default", e.authorizationParams.scope);
|
|
1617
1617
|
}
|
|
1618
1618
|
let n = e.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin, r = typeof e.timeoutInSeconds == "number" ? 1e3 * e.timeoutInSeconds : null, i = ((e, t, n, r) => {
|
|
1619
1619
|
if (e && n && r) {
|
|
@@ -1629,14 +1629,14 @@ var $e = class {
|
|
|
1629
1629
|
refresh_token: t && t.refresh_token,
|
|
1630
1630
|
redirect_uri: n
|
|
1631
1631
|
}), r && { timeout: r }), { scopesToRequest: i });
|
|
1632
|
-
if (l.refresh_token && t != null && t.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, l.refresh_token), this.options.useMrrt && (a = t?.audience, o = t?.scope, s = e.authorizationParams.audience, c = e.authorizationParams.scope, (a !== s || !
|
|
1632
|
+
if (l.refresh_token && t != null && t.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, l.refresh_token), this.options.useMrrt && (a = t?.audience, o = t?.scope, s = e.authorizationParams.audience, c = e.authorizationParams.scope, (a !== s || !Ye(c, o)) && !Ye(i, l.scope))) {
|
|
1633
1633
|
if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
|
|
1634
1634
|
await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
|
|
1635
1635
|
let t = ((e, t) => {
|
|
1636
1636
|
let n = e?.split(" ") || [], r = t?.split(" ") || [];
|
|
1637
1637
|
return n.filter(((e) => r.indexOf(e) == -1)).join(",");
|
|
1638
1638
|
})(i, l.scope);
|
|
1639
|
-
throw new
|
|
1639
|
+
throw new _(e.authorizationParams.audience || "default", t);
|
|
1640
1640
|
}
|
|
1641
1641
|
return Object.assign(Object.assign({}, l), {
|
|
1642
1642
|
scope: e.authorizationParams.scope,
|
|
@@ -1657,7 +1657,7 @@ var $e = class {
|
|
|
1657
1657
|
}), await this.cacheManager.setIdToken(this.options.clientId, t.id_token, t.decodedToken), await this.cacheManager.set(i);
|
|
1658
1658
|
}
|
|
1659
1659
|
async _getIdTokenFromCache() {
|
|
1660
|
-
let e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new
|
|
1660
|
+
let e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new k({
|
|
1661
1661
|
clientId: this.options.clientId,
|
|
1662
1662
|
audience: e,
|
|
1663
1663
|
scope: t
|
|
@@ -1665,7 +1665,7 @@ var $e = class {
|
|
|
1665
1665
|
return n && n.id_token === r?.id_token ? r : (this.userCache.set("@@user@@", n), n);
|
|
1666
1666
|
}
|
|
1667
1667
|
async _getEntryFromCache({ scope: e, audience: t, clientId: n, cacheMode: r }) {
|
|
1668
|
-
let i = await this.cacheManager.get(new
|
|
1668
|
+
let i = await this.cacheManager.get(new k({
|
|
1669
1669
|
scope: e,
|
|
1670
1670
|
audience: t,
|
|
1671
1671
|
clientId: n
|
|
@@ -1681,7 +1681,7 @@ var $e = class {
|
|
|
1681
1681
|
}
|
|
1682
1682
|
async _requestToken(e, t) {
|
|
1683
1683
|
var n;
|
|
1684
|
-
let { nonceIn: r, organization: i, scopesToRequest: a } = t || {}, o = await
|
|
1684
|
+
let { nonceIn: r, organization: i, scopesToRequest: a } = t || {}, o = await Ee(Object.assign(Object.assign({
|
|
1685
1685
|
baseUrl: this.domainUrl,
|
|
1686
1686
|
client_id: this.options.clientId,
|
|
1687
1687
|
auth0Client: this.options.auth0Client,
|
|
@@ -1708,7 +1708,7 @@ var $e = class {
|
|
|
1708
1708
|
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
|
|
1709
1709
|
subject_token: e.subject_token,
|
|
1710
1710
|
subject_token_type: e.subject_token_type,
|
|
1711
|
-
scope:
|
|
1711
|
+
scope: O(this.scope, e.scope, e.audience || this.options.authorizationParams.audience),
|
|
1712
1712
|
audience: e.audience || this.options.authorizationParams.audience,
|
|
1713
1713
|
organization: e.organization || this.options.authorizationParams.organization
|
|
1714
1714
|
});
|
|
@@ -1726,7 +1726,7 @@ var $e = class {
|
|
|
1726
1726
|
return this._assertDpop(this.dpop), this.dpop.generateProof(e);
|
|
1727
1727
|
}
|
|
1728
1728
|
createFetcher(e = {}) {
|
|
1729
|
-
return new
|
|
1729
|
+
return new Qe(e, {
|
|
1730
1730
|
isDpopEnabled: () => !!this.options.useDpop,
|
|
1731
1731
|
getAccessToken: (e) => this.getTokenSilently({
|
|
1732
1732
|
authorizationParams: {
|
|
@@ -1743,7 +1743,7 @@ var $e = class {
|
|
|
1743
1743
|
async connectAccountWithRedirect(e) {
|
|
1744
1744
|
let { openUrl: t, appState: n, connection: r, scopes: i, authorization_params: a, redirectUri: o = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
|
|
1745
1745
|
if (!r) throw Error("connection is required");
|
|
1746
|
-
let s = b(
|
|
1746
|
+
let s = x(b()), c = b(), l = oe(await ie(c)), { connect_uri: u, connect_params: d, auth_session: f } = await this.myAccountApi.connectAccount({
|
|
1747
1747
|
connection: r,
|
|
1748
1748
|
scopes: i,
|
|
1749
1749
|
redirect_uri: o,
|
|
@@ -1759,20 +1759,20 @@ var $e = class {
|
|
|
1759
1759
|
redirect_uri: o,
|
|
1760
1760
|
appState: n,
|
|
1761
1761
|
connection: r,
|
|
1762
|
-
response_type:
|
|
1762
|
+
response_type: N.ConnectCode
|
|
1763
1763
|
});
|
|
1764
1764
|
let p = new URL(u);
|
|
1765
1765
|
p.searchParams.set("ticket", d.ticket), t ? await t(p.toString()) : window.location.assign(p);
|
|
1766
1766
|
}
|
|
1767
1767
|
};
|
|
1768
|
-
async function
|
|
1769
|
-
let t = new
|
|
1768
|
+
async function nt(e) {
|
|
1769
|
+
let t = new tt(e);
|
|
1770
1770
|
return await t.checkSession(), t;
|
|
1771
1771
|
}
|
|
1772
1772
|
//#endregion
|
|
1773
1773
|
//#region src/controllers/debug.ts
|
|
1774
|
-
var
|
|
1775
|
-
function
|
|
1774
|
+
var rt = "sesamy-debug";
|
|
1775
|
+
function it(e) {
|
|
1776
1776
|
if (typeof document > "u") return null;
|
|
1777
1777
|
let t = e + "=", n = document.cookie.split(";");
|
|
1778
1778
|
for (let e = 0; e < n.length; e++) {
|
|
@@ -1782,62 +1782,62 @@ function at(e) {
|
|
|
1782
1782
|
}
|
|
1783
1783
|
return null;
|
|
1784
1784
|
}
|
|
1785
|
-
function
|
|
1786
|
-
return
|
|
1785
|
+
function at() {
|
|
1786
|
+
return it(rt) === "true";
|
|
1787
1787
|
}
|
|
1788
1788
|
//#endregion
|
|
1789
1789
|
//#region src/controllers/logger.ts
|
|
1790
|
-
function
|
|
1791
|
-
|
|
1790
|
+
function R(e) {
|
|
1791
|
+
at() && console.log(e);
|
|
1792
1792
|
}
|
|
1793
1793
|
//#endregion
|
|
1794
1794
|
//#region src/types/Events.ts
|
|
1795
|
-
var
|
|
1795
|
+
var z = /* @__PURE__ */ function(e) {
|
|
1796
1796
|
return e.AUTH_INITIALIZED = "sesamyJsAuthInitialized", e.READY = "sesamyJsReady", e.AUTHENTICATED = "sesamyJsAuthenticated", e.LOGOUT = "sesamyJsLogout", e.CLEAR_CACHE = "sesamyJsClearCache", e.USER_ATTRIBUTE_CHANGED = "sesamyUserAttributeChanged", e.PURCHASE = "sesamyJsPurchase", e.CONSENT_CHANGED = "sesamyJsConsentChanged", e;
|
|
1797
1797
|
}({});
|
|
1798
1798
|
//#endregion
|
|
1799
1799
|
//#region src/events/ready.ts
|
|
1800
|
-
function
|
|
1800
|
+
function ot(e, t) {
|
|
1801
1801
|
let n = new CustomEvent(e, {
|
|
1802
1802
|
detail: t,
|
|
1803
1803
|
bubbles: !0,
|
|
1804
1804
|
composed: !0
|
|
1805
1805
|
});
|
|
1806
|
-
|
|
1806
|
+
R(`Triggering event: ${e}`), dispatchEvent(n);
|
|
1807
1807
|
}
|
|
1808
|
-
function
|
|
1809
|
-
typeof window > "u" || (e ===
|
|
1808
|
+
function B(e, t) {
|
|
1809
|
+
typeof window > "u" || (e === z.READY && document.readyState === "loading" ? document.addEventListener("DOMContentLoaded", () => ot(e, t), { once: !0 }) : ot(e, t));
|
|
1810
1810
|
}
|
|
1811
1811
|
//#endregion
|
|
1812
1812
|
//#region src/constants.ts
|
|
1813
|
-
var
|
|
1813
|
+
var st = "sesamy.com", ct = "sesamy.dev";
|
|
1814
1814
|
//#endregion
|
|
1815
1815
|
//#region src/services/config/index.ts
|
|
1816
|
-
function
|
|
1817
|
-
return `${e}.${t === "dev" ?
|
|
1816
|
+
function lt(e, t) {
|
|
1817
|
+
return `${e}.${t === "dev" ? ct : st}`;
|
|
1818
1818
|
}
|
|
1819
1819
|
//#endregion
|
|
1820
1820
|
//#region src/utils/language.ts
|
|
1821
|
-
function
|
|
1821
|
+
function ut() {
|
|
1822
1822
|
let e = (document.documentElement.getAttribute("lang") ?? navigator.language ?? "en").split("-")[0]?.toLowerCase() ?? "en";
|
|
1823
1823
|
return e === "nn" && (e = "nb"), e;
|
|
1824
1824
|
}
|
|
1825
1825
|
//#endregion
|
|
1826
1826
|
//#region ../../node_modules/.pnpm/detectincognitojs@1.6.2/node_modules/detectincognitojs/dist/detectIncognito.esm.js
|
|
1827
|
-
var
|
|
1827
|
+
var V = {
|
|
1828
1828
|
d: (e, t) => {
|
|
1829
|
-
for (var n in t)
|
|
1829
|
+
for (var n in t) V.o(t, n) && !V.o(e, n) && Object.defineProperty(e, n, {
|
|
1830
1830
|
enumerable: !0,
|
|
1831
1831
|
get: t[n]
|
|
1832
1832
|
});
|
|
1833
1833
|
},
|
|
1834
1834
|
o: (e, t) => Object.prototype.hasOwnProperty.call(e, t)
|
|
1835
|
-
},
|
|
1836
|
-
|
|
1837
|
-
A: () =>
|
|
1838
|
-
k: () =>
|
|
1835
|
+
}, H = {};
|
|
1836
|
+
V.d(H, {
|
|
1837
|
+
A: () => dt,
|
|
1838
|
+
k: () => G
|
|
1839
1839
|
});
|
|
1840
|
-
var
|
|
1840
|
+
var U = function(e, t, n, r) {
|
|
1841
1841
|
return new (n ||= Promise)(function(i, a) {
|
|
1842
1842
|
function o(e) {
|
|
1843
1843
|
try {
|
|
@@ -1861,7 +1861,7 @@ var H = function(e, t, n, r) {
|
|
|
1861
1861
|
}
|
|
1862
1862
|
c((r = r.apply(e, t || [])).next());
|
|
1863
1863
|
});
|
|
1864
|
-
},
|
|
1864
|
+
}, W = function(e, t) {
|
|
1865
1865
|
var n, r, i, a, o = {
|
|
1866
1866
|
label: 0,
|
|
1867
1867
|
sent: function() {
|
|
@@ -1934,9 +1934,9 @@ var H = function(e, t, n, r) {
|
|
|
1934
1934
|
};
|
|
1935
1935
|
}
|
|
1936
1936
|
};
|
|
1937
|
-
function
|
|
1938
|
-
return
|
|
1939
|
-
return
|
|
1937
|
+
function G() {
|
|
1938
|
+
return U(this, void 0, Promise, function() {
|
|
1939
|
+
return W(this, function(e) {
|
|
1940
1940
|
switch (e.label) {
|
|
1941
1941
|
case 0: return [4, new Promise(function(e, t) {
|
|
1942
1942
|
var n = "Unknown", r = !1;
|
|
@@ -1956,9 +1956,9 @@ function W() {
|
|
|
1956
1956
|
return e;
|
|
1957
1957
|
}
|
|
1958
1958
|
function o() {
|
|
1959
|
-
return
|
|
1959
|
+
return U(this, void 0, void 0, function() {
|
|
1960
1960
|
var e, t;
|
|
1961
|
-
return
|
|
1961
|
+
return W(this, function(n) {
|
|
1962
1962
|
switch (n.label) {
|
|
1963
1963
|
case 0: return n.trys.push([
|
|
1964
1964
|
0,
|
|
@@ -1974,8 +1974,8 @@ function W() {
|
|
|
1974
1974
|
});
|
|
1975
1975
|
}
|
|
1976
1976
|
function s() {
|
|
1977
|
-
return
|
|
1978
|
-
return
|
|
1977
|
+
return U(this, void 0, Promise, function() {
|
|
1978
|
+
return W(this, function(e) {
|
|
1979
1979
|
switch (e.label) {
|
|
1980
1980
|
case 0: return typeof navigator.storage?.getDirectory == "function" ? [4, o()] : [3, 2];
|
|
1981
1981
|
case 1: return e.sent(), [3, 3];
|
|
@@ -2038,9 +2038,9 @@ function W() {
|
|
|
2038
2038
|
});
|
|
2039
2039
|
}
|
|
2040
2040
|
function u() {
|
|
2041
|
-
return
|
|
2041
|
+
return U(this, void 0, Promise, function() {
|
|
2042
2042
|
var e, t, n;
|
|
2043
|
-
return
|
|
2043
|
+
return W(this, function(r) {
|
|
2044
2044
|
switch (r.label) {
|
|
2045
2045
|
case 0:
|
|
2046
2046
|
if (typeof navigator.storage?.getDirectory != "function") return [3, 5];
|
|
@@ -2065,8 +2065,8 @@ function W() {
|
|
|
2065
2065
|
});
|
|
2066
2066
|
}
|
|
2067
2067
|
(function() {
|
|
2068
|
-
return
|
|
2069
|
-
return
|
|
2068
|
+
return U(this, void 0, Promise, function() {
|
|
2069
|
+
return W(this, function(e) {
|
|
2070
2070
|
switch (e.label) {
|
|
2071
2071
|
case 0: return a() !== 44 && a() !== 43 ? [3, 2] : (n = "Safari", [4, s()]);
|
|
2072
2072
|
case 1: return e.sent(), [3, 6];
|
|
@@ -2086,15 +2086,15 @@ function W() {
|
|
|
2086
2086
|
});
|
|
2087
2087
|
});
|
|
2088
2088
|
}
|
|
2089
|
-
typeof window < "u" && (window.detectIncognito =
|
|
2090
|
-
var
|
|
2091
|
-
|
|
2089
|
+
typeof window < "u" && (window.detectIncognito = G);
|
|
2090
|
+
var dt = G;
|
|
2091
|
+
H.A, H.k;
|
|
2092
2092
|
//#endregion
|
|
2093
2093
|
//#region src/services/browser/detect-incognito.ts
|
|
2094
|
-
var
|
|
2095
|
-
function
|
|
2094
|
+
var ft = "sesamy_incognito_mode";
|
|
2095
|
+
function pt() {
|
|
2096
2096
|
try {
|
|
2097
|
-
let e = sessionStorage.getItem(
|
|
2097
|
+
let e = sessionStorage.getItem(ft);
|
|
2098
2098
|
return e === null ? void 0 : e === "true";
|
|
2099
2099
|
} catch {
|
|
2100
2100
|
return;
|
|
@@ -2102,7 +2102,7 @@ function mt() {
|
|
|
2102
2102
|
}
|
|
2103
2103
|
//#endregion
|
|
2104
2104
|
//#region src/utils/browser.ts
|
|
2105
|
-
function
|
|
2105
|
+
function mt() {
|
|
2106
2106
|
return typeof window < "u";
|
|
2107
2107
|
}
|
|
2108
2108
|
//#endregion
|
|
@@ -2132,55 +2132,69 @@ function _t() {
|
|
|
2132
2132
|
return /android/i.test(navigator.userAgent);
|
|
2133
2133
|
}
|
|
2134
2134
|
//#endregion
|
|
2135
|
+
//#region src/services/auth/namespace.ts
|
|
2136
|
+
function vt(e) {
|
|
2137
|
+
return e.vendorId || e.clientId || "";
|
|
2138
|
+
}
|
|
2139
|
+
function yt(e) {
|
|
2140
|
+
return e ? `sesamy_is_authenticated_${e}` : "sesamy_is_authenticated";
|
|
2141
|
+
}
|
|
2142
|
+
function bt(e) {
|
|
2143
|
+
if (typeof document > "u") return !1;
|
|
2144
|
+
let t = yt(e);
|
|
2145
|
+
try {
|
|
2146
|
+
return document.cookie.split(";").some((e) => e.trim().startsWith(`${t}=true`));
|
|
2147
|
+
} catch {
|
|
2148
|
+
return !1;
|
|
2149
|
+
}
|
|
2150
|
+
}
|
|
2151
|
+
function q(e, t) {
|
|
2152
|
+
if (typeof document > "u" || typeof window > "u") return;
|
|
2153
|
+
let n = yt(e);
|
|
2154
|
+
try {
|
|
2155
|
+
let e = t ? 720 * 60 * 60 : 0, r = window.location.protocol === "https:" ? "; Secure" : "";
|
|
2156
|
+
document.cookie = `${n}=${t}; path=/; max-age=${e}; SameSite=Lax${r}`;
|
|
2157
|
+
} catch {}
|
|
2158
|
+
}
|
|
2159
|
+
//#endregion
|
|
2135
2160
|
//#region src/auth0-plugin.ts
|
|
2136
|
-
var
|
|
2161
|
+
var J = "sesamyAccessToken", Y = "sesamyRefreshToken", X = "sesamySilentAuthThrottle", xt = 300 * 1e3, St = 60, Ct = [
|
|
2137
2162
|
"login_required",
|
|
2138
2163
|
"consent_required",
|
|
2139
2164
|
"interaction_required",
|
|
2140
2165
|
"access_denied"
|
|
2141
|
-
],
|
|
2142
|
-
function
|
|
2166
|
+
], wt = ["timeout", "Timeout"], Tt = 64;
|
|
2167
|
+
function Et(e) {
|
|
2143
2168
|
let t = e.split(".");
|
|
2144
2169
|
if (t.length !== 3) return null;
|
|
2145
2170
|
let n = t[1].replace(/-/g, "+").replace(/_/g, "/"), r = decodeURIComponent(atob(n).split("").map((e) => "%" + ("00" + e.charCodeAt(0).toString(16)).slice(-2)).join(""));
|
|
2146
2171
|
return JSON.parse(r);
|
|
2147
2172
|
}
|
|
2148
|
-
function
|
|
2149
|
-
if (!
|
|
2173
|
+
function Dt(e, t) {
|
|
2174
|
+
if (!mt()) return !1;
|
|
2150
2175
|
try {
|
|
2151
|
-
if (
|
|
2152
|
-
let
|
|
2153
|
-
for (let
|
|
2154
|
-
let
|
|
2155
|
-
if (
|
|
2176
|
+
if (bt(e)) return !0;
|
|
2177
|
+
let n = t ? `@@auth0spajs@@::${t}::` : "@@auth0spajs@@", r = Object.keys(localStorage).filter((e) => e.startsWith(n));
|
|
2178
|
+
for (let e of r) try {
|
|
2179
|
+
let t = JSON.parse(localStorage.getItem(e) || "{}");
|
|
2180
|
+
if (t?.body?.access_token || t?.body?.refresh_token) return !0;
|
|
2156
2181
|
} catch {}
|
|
2157
2182
|
return !1;
|
|
2158
2183
|
} catch (e) {
|
|
2159
|
-
return
|
|
2160
|
-
}
|
|
2161
|
-
}
|
|
2162
|
-
function X(e) {
|
|
2163
|
-
if (G()) try {
|
|
2164
|
-
let t = e ? 720 * 60 * 60 : 0, n = window.location.protocol === "https:" ? "; Secure" : "";
|
|
2165
|
-
document.cookie = `${vt}=${e}; path=/; max-age=${t}; SameSite=Lax${n}`;
|
|
2166
|
-
} catch (e) {
|
|
2167
|
-
L(`Error setting session hint cookie: ${e.message}`);
|
|
2184
|
+
return R(`Error checking session hint cookie: ${e.message}`), !1;
|
|
2168
2185
|
}
|
|
2169
2186
|
}
|
|
2170
|
-
function
|
|
2171
|
-
X(!1);
|
|
2172
|
-
}
|
|
2173
|
-
function Et(e, t) {
|
|
2187
|
+
function Ot(e, t) {
|
|
2174
2188
|
let n = e.message || "";
|
|
2175
2189
|
return t.some((t) => n.includes(t) || e.error === t);
|
|
2176
2190
|
}
|
|
2177
|
-
function
|
|
2178
|
-
return
|
|
2191
|
+
function kt(e) {
|
|
2192
|
+
return Ot(e, wt);
|
|
2179
2193
|
}
|
|
2180
|
-
function
|
|
2181
|
-
return
|
|
2194
|
+
function At(e) {
|
|
2195
|
+
return Ot(e, Ct);
|
|
2182
2196
|
}
|
|
2183
|
-
function
|
|
2197
|
+
function jt(e) {
|
|
2184
2198
|
try {
|
|
2185
2199
|
let t = new URL(e);
|
|
2186
2200
|
return t.hash = "", t.toString();
|
|
@@ -2188,59 +2202,59 @@ function kt(e) {
|
|
|
2188
2202
|
return e.split("#")[0];
|
|
2189
2203
|
}
|
|
2190
2204
|
}
|
|
2191
|
-
function
|
|
2205
|
+
function Z() {
|
|
2192
2206
|
try {
|
|
2193
|
-
let e = sessionStorage.getItem(
|
|
2207
|
+
let e = sessionStorage.getItem(X);
|
|
2194
2208
|
if (!e) return !1;
|
|
2195
2209
|
let { timestamp: t } = JSON.parse(e);
|
|
2196
|
-
return Date.now() - t <
|
|
2210
|
+
return Date.now() - t < xt;
|
|
2197
2211
|
} catch {
|
|
2198
|
-
return sessionStorage.removeItem(
|
|
2212
|
+
return sessionStorage.removeItem(X), !1;
|
|
2199
2213
|
}
|
|
2200
2214
|
}
|
|
2201
|
-
function
|
|
2215
|
+
function Q() {
|
|
2202
2216
|
try {
|
|
2203
|
-
sessionStorage.setItem(
|
|
2217
|
+
sessionStorage.setItem(X, JSON.stringify({ timestamp: Date.now() }));
|
|
2204
2218
|
} catch {
|
|
2205
|
-
|
|
2219
|
+
R("Failed to set silent auth throttle in sessionStorage");
|
|
2206
2220
|
}
|
|
2207
2221
|
}
|
|
2208
2222
|
function $() {
|
|
2209
2223
|
try {
|
|
2210
|
-
sessionStorage.removeItem(
|
|
2224
|
+
sessionStorage.removeItem(X);
|
|
2211
2225
|
} catch {}
|
|
2212
2226
|
}
|
|
2213
|
-
function
|
|
2227
|
+
function Mt(e) {
|
|
2214
2228
|
if (e.domains && e.domains.length > 0) {
|
|
2215
2229
|
let t = K(window.location.href);
|
|
2216
2230
|
if (t) {
|
|
2217
|
-
for (let n of e.domains) if (K(`https://${n}`) === t) return
|
|
2218
|
-
|
|
2231
|
+
for (let n of e.domains) if (K(`https://${n}`) === t) return R(`Found matching domain in domains array: ${n} for TLD: ${t}`), n;
|
|
2232
|
+
R(`No matching domain found in domains array for TLD: ${t}`);
|
|
2219
2233
|
}
|
|
2220
2234
|
}
|
|
2221
|
-
if (e.domain) return
|
|
2235
|
+
if (e.domain) return R(`Using fallback domain property: ${e.domain}`), e.domain;
|
|
2222
2236
|
}
|
|
2223
|
-
function
|
|
2237
|
+
function Nt() {
|
|
2224
2238
|
try {
|
|
2225
2239
|
let e = Object.keys(localStorage).filter((e) => e.startsWith("@@auth0spajs@@"));
|
|
2226
2240
|
for (let t of e) {
|
|
2227
2241
|
let e = JSON.parse(localStorage.getItem(t) || "{}"), n;
|
|
2228
|
-
if (typeof e == "object" && (e.body && typeof e.body == "object" && "refresh_token" in e.body ? n = e.body.refresh_token : "refresh_token" in e && (n = e.refresh_token)), n && typeof n == "string" && n.length ===
|
|
2242
|
+
if (typeof e == "object" && (e.body && typeof e.body == "object" && "refresh_token" in e.body ? n = e.body.refresh_token : "refresh_token" in e && (n = e.refresh_token)), n && typeof n == "string" && n.length === Tt) return !0;
|
|
2229
2243
|
}
|
|
2230
2244
|
} catch (e) {
|
|
2231
|
-
|
|
2245
|
+
R(`Error checking for existing auth0 tokens: ${e.message}`);
|
|
2232
2246
|
}
|
|
2233
2247
|
return !1;
|
|
2234
2248
|
}
|
|
2235
|
-
function
|
|
2236
|
-
let e, t, n, r = !1,
|
|
2237
|
-
|
|
2238
|
-
|
|
2249
|
+
function Pt() {
|
|
2250
|
+
let e, t, n, r = "", i = "", a = !1, o = !1, s = !1, c = !1;
|
|
2251
|
+
mt() && window.addEventListener("pageshow", () => {
|
|
2252
|
+
o = !1, s = !1;
|
|
2239
2253
|
});
|
|
2240
|
-
async function
|
|
2254
|
+
async function l(e) {
|
|
2241
2255
|
if (!e) return null;
|
|
2242
|
-
let t = localStorage.getItem(
|
|
2243
|
-
if (!t) return
|
|
2256
|
+
let t = localStorage.getItem(Y);
|
|
2257
|
+
if (!t) return R("No refresh token found in localstorage"), null;
|
|
2244
2258
|
let n = new URLSearchParams();
|
|
2245
2259
|
n.set("client_id", e.iss), n.set("refresh_token", t), n.set("grant_type", "refresh_token");
|
|
2246
2260
|
let r = new URL(e.iss);
|
|
@@ -2253,175 +2267,177 @@ function Nt() {
|
|
|
2253
2267
|
});
|
|
2254
2268
|
if (!e.ok) {
|
|
2255
2269
|
let t = await e.text().catch(() => "Unknown error");
|
|
2256
|
-
throw
|
|
2270
|
+
throw R(`Token refresh failed with status ${e.status}: ${t}`), localStorage.removeItem(Y), Error(`Renew token failed: ${e.status}`);
|
|
2257
2271
|
}
|
|
2258
2272
|
let t = await e.json();
|
|
2259
|
-
if (!t.access_token) throw
|
|
2260
|
-
return t.refresh_token && localStorage.setItem(
|
|
2273
|
+
if (!t.access_token) throw R("Token refresh response missing access_token"), Error("Invalid token response");
|
|
2274
|
+
return t.refresh_token && localStorage.setItem(Y, t.refresh_token), localStorage.setItem(J, t.access_token), t.access_token;
|
|
2261
2275
|
} catch (e) {
|
|
2262
|
-
return
|
|
2276
|
+
return R(`Token refresh error: ${e.message}`), localStorage.removeItem(Y), localStorage.removeItem(J), await m.logout(), null;
|
|
2263
2277
|
}
|
|
2264
2278
|
}
|
|
2265
|
-
async function
|
|
2266
|
-
let e = localStorage.getItem(
|
|
2279
|
+
async function u() {
|
|
2280
|
+
let e = localStorage.getItem(J);
|
|
2267
2281
|
if (!e) return null;
|
|
2268
|
-
let t =
|
|
2269
|
-
|
|
2270
|
-
|
|
2271
|
-
|
|
2272
|
-
|
|
2273
|
-
|
|
2282
|
+
let t = Et(e);
|
|
2283
|
+
if (t?.vendor_id && r && t.vendor_id !== r) return R("Ignoring local access token belonging to a different vendor"), null;
|
|
2284
|
+
let n = Date.now() / 1e3;
|
|
2285
|
+
return !t || !t.exp || t.exp < n + St ? await l(t) || (localStorage.removeItem(J), null) : e;
|
|
2286
|
+
}
|
|
2287
|
+
async function d() {
|
|
2288
|
+
if (s) {
|
|
2289
|
+
R("Silent redirect already in progress");
|
|
2274
2290
|
return;
|
|
2275
2291
|
}
|
|
2276
|
-
|
|
2292
|
+
R("Attempting prompt=none redirect to recover session"), s = !0;
|
|
2277
2293
|
try {
|
|
2278
2294
|
await e.loginWithRedirect({ authorizationParams: {
|
|
2279
2295
|
prompt: "none",
|
|
2280
|
-
redirect_uri:
|
|
2296
|
+
redirect_uri: jt(window.location.href),
|
|
2281
2297
|
organization: t
|
|
2282
2298
|
} });
|
|
2283
2299
|
} catch (e) {
|
|
2284
|
-
|
|
2300
|
+
R(`Prompt=none redirect failed: ${e.message}`), s = !1;
|
|
2285
2301
|
}
|
|
2286
2302
|
}
|
|
2287
|
-
function
|
|
2303
|
+
function f() {
|
|
2288
2304
|
return n ? K(window.location.href) !== K(`https://${n}`) : !1;
|
|
2289
2305
|
}
|
|
2290
|
-
function
|
|
2291
|
-
if (
|
|
2292
|
-
if (
|
|
2293
|
-
|
|
2294
|
-
}, 3e3), localStorage.removeItem(
|
|
2306
|
+
function p(n) {
|
|
2307
|
+
if (o) return R("Login already in progress"), null;
|
|
2308
|
+
if (o = !0, setTimeout(() => {
|
|
2309
|
+
o = !1;
|
|
2310
|
+
}, 3e3), localStorage.removeItem(J), !e) throw Error("Auth0 client not initialized");
|
|
2295
2311
|
let r = n?.authorizationParams || {};
|
|
2296
2312
|
return {
|
|
2297
2313
|
...n,
|
|
2298
2314
|
authorizationParams: {
|
|
2299
2315
|
organization: t,
|
|
2300
|
-
redirect_uri:
|
|
2301
|
-
ui_locales:
|
|
2302
|
-
incognito:
|
|
2316
|
+
redirect_uri: jt(window.location.href),
|
|
2317
|
+
ui_locales: ut(),
|
|
2318
|
+
incognito: pt(),
|
|
2303
2319
|
...r
|
|
2304
2320
|
}
|
|
2305
2321
|
};
|
|
2306
2322
|
}
|
|
2307
|
-
let
|
|
2308
|
-
async init(
|
|
2309
|
-
if (
|
|
2310
|
-
t = i.
|
|
2311
|
-
let
|
|
2312
|
-
n =
|
|
2313
|
-
let
|
|
2323
|
+
let m = {
|
|
2324
|
+
async init(o) {
|
|
2325
|
+
if (o.enabled === !1) return;
|
|
2326
|
+
t = o.organization, r = vt(o), i = o.clientId;
|
|
2327
|
+
let s = Mt(o);
|
|
2328
|
+
n = s && !Nt() ? s : lt("token", o.environment), c = K(window.location.href) !== K(`https://${n}`);
|
|
2329
|
+
let l = K(window.location.href), u = l ? `.${l}` : void 0, d = {
|
|
2314
2330
|
domain: n,
|
|
2315
|
-
clientId:
|
|
2331
|
+
clientId: o.clientId,
|
|
2316
2332
|
useCookiesForTransactions: !0,
|
|
2317
2333
|
legacySameSiteCookie: !1,
|
|
2318
|
-
...
|
|
2334
|
+
...u && { cookieDomain: u },
|
|
2319
2335
|
cacheLocation: "localstorage"
|
|
2320
2336
|
};
|
|
2321
|
-
(
|
|
2322
|
-
let
|
|
2323
|
-
if (
|
|
2324
|
-
let e =
|
|
2325
|
-
|
|
2337
|
+
(c || o.useRefreshTokens) && (d.useRefreshTokens = !0), R(`Initializing auth0 client: ${JSON.stringify(d)}`), e = await nt(d);
|
|
2338
|
+
let f = new URLSearchParams(window.location.search), p = f.get("code"), m = f.get("state"), h = f.get("error");
|
|
2339
|
+
if (h) {
|
|
2340
|
+
let e = f.get("error_description");
|
|
2341
|
+
R(`Auth error in URL: ${h}${e ? ` - ${e}` : ""}`);
|
|
2326
2342
|
let t = new URL(location.href);
|
|
2327
2343
|
t.searchParams.delete("error"), t.searchParams.delete("error_description"), t.searchParams.delete("state"), window.history.replaceState({}, document.title, t.toString());
|
|
2328
|
-
let n =
|
|
2329
|
-
if (
|
|
2330
|
-
else if (n)
|
|
2344
|
+
let n = Z();
|
|
2345
|
+
if (Ct.includes(h)) R("Silent redirect returned no-session - user is not authenticated"), q(r, !1);
|
|
2346
|
+
else if (n) R(`Silent redirect returned ${h} - treating as unauthenticated`), q(r, !1);
|
|
2331
2347
|
else {
|
|
2332
|
-
let t = e || `Authentication failed: ${
|
|
2333
|
-
|
|
2348
|
+
let t = e || `Authentication failed: ${h}`;
|
|
2349
|
+
R(`Non-silent auth error, alerting user: ${t}`), setTimeout(() => {
|
|
2334
2350
|
alert(t);
|
|
2335
2351
|
}, 0);
|
|
2336
2352
|
}
|
|
2337
2353
|
}
|
|
2338
|
-
if (
|
|
2354
|
+
if (p) if (window.opener) R("Code found in URL, posting to opener"), window.opener.postMessage({
|
|
2339
2355
|
type: "authorization_response",
|
|
2340
2356
|
response: {
|
|
2341
|
-
code:
|
|
2342
|
-
state:
|
|
2357
|
+
code: p,
|
|
2358
|
+
state: m
|
|
2343
2359
|
}
|
|
2344
2360
|
}, window.location.origin);
|
|
2345
2361
|
else {
|
|
2346
|
-
|
|
2347
|
-
let t = window.location.href, n = new URL(location.href),
|
|
2348
|
-
|
|
2362
|
+
R("Code found in URL, handling redirect");
|
|
2363
|
+
let t = window.location.href, n = new URL(location.href), i = n.searchParams;
|
|
2364
|
+
i.delete("code"), i.delete("state"), n.search = i.toString(), window.history.replaceState({}, document.title, n.toString()), R("Rewrote url to remove code and state");
|
|
2349
2365
|
try {
|
|
2350
2366
|
let n = await e.handleRedirectCallback(t);
|
|
2351
|
-
|
|
2352
|
-
let
|
|
2353
|
-
if (!
|
|
2354
|
-
|
|
2355
|
-
...
|
|
2367
|
+
R(`Login result: ${JSON.stringify(n)}`);
|
|
2368
|
+
let i = await e.getUser();
|
|
2369
|
+
if (!i) throw Error("No user found");
|
|
2370
|
+
R(`User found ${JSON.stringify(i)}`), $(), q(r, !0), R(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(n.appState)}`), B(z.AUTHENTICATED, {
|
|
2371
|
+
...i,
|
|
2356
2372
|
appState: n.appState
|
|
2357
2373
|
});
|
|
2358
2374
|
} catch (e) {
|
|
2359
|
-
|
|
2375
|
+
R(`Error handling redirect: ${e.message}`), Z() ? (q(r, !1), R("Silent redirect callback failed, cleared session hints")) : alert("There was an error logging in"), console.error(e);
|
|
2360
2376
|
}
|
|
2361
2377
|
}
|
|
2362
|
-
|
|
2378
|
+
a = !0, B(z.AUTH_INITIALIZED, {});
|
|
2363
2379
|
},
|
|
2364
2380
|
async isAuthenticated() {
|
|
2365
|
-
if (!
|
|
2366
|
-
if (await
|
|
2381
|
+
if (!a) return !1;
|
|
2382
|
+
if (await u()) return !0;
|
|
2367
2383
|
if (!e) return !1;
|
|
2368
2384
|
let t = await e.isAuthenticated();
|
|
2369
|
-
return t &&
|
|
2385
|
+
return t && q(r, !0), t;
|
|
2370
2386
|
},
|
|
2371
2387
|
async getTokenSilently(t = !0, n = !1) {
|
|
2372
|
-
if (!
|
|
2373
|
-
let
|
|
2374
|
-
if (
|
|
2375
|
-
if (!n &&
|
|
2376
|
-
if (
|
|
2388
|
+
if (!a) return null;
|
|
2389
|
+
let o = await u();
|
|
2390
|
+
if (o) return o;
|
|
2391
|
+
if (!n && Z()) {
|
|
2392
|
+
if (R("Silent auth is throttled due to recent failures, skipping request"), t) throw Error("Silent auth throttled");
|
|
2377
2393
|
return null;
|
|
2378
2394
|
}
|
|
2379
2395
|
try {
|
|
2380
|
-
if (!e) return
|
|
2381
|
-
let t = await e.getTokenSilently(),
|
|
2382
|
-
return n &&
|
|
2396
|
+
if (!e) return R("Auth client not initialized"), null;
|
|
2397
|
+
let t = await e.getTokenSilently(), i = Et(t), a = Date.now() / 1e3;
|
|
2398
|
+
return n && i?.exp && i.exp - a < 3600 + St && (t = await e.getTokenSilently({ cacheMode: "off" })), $(), q(r, !0), t;
|
|
2383
2399
|
} catch (n) {
|
|
2384
|
-
let
|
|
2385
|
-
if (
|
|
2386
|
-
if (
|
|
2400
|
+
let a = n;
|
|
2401
|
+
if (R(`Failed to get token silently: ${a.message}`), At(a) && !c) {
|
|
2402
|
+
if (R("Silent auth returned authoritative no-session - treating user as anonymous"), q(r, !1), Q(), t) throw n;
|
|
2387
2403
|
return null;
|
|
2388
2404
|
}
|
|
2389
|
-
if ((
|
|
2390
|
-
if (
|
|
2405
|
+
if ((kt(a) || At(a) && c) && Dt(r, i)) return R("Recoverable silent-auth failure with session hint - attempting prompt=none redirect"), Q(), await d(), null;
|
|
2406
|
+
if (Q(), await e.isAuthenticated() && (a.message === "Invalid refresh token" || a.message.includes("Missing Refresh Token")) && await m.logout(), t) throw n;
|
|
2391
2407
|
return null;
|
|
2392
2408
|
}
|
|
2393
2409
|
},
|
|
2394
2410
|
async getUser() {
|
|
2395
|
-
return
|
|
2411
|
+
return a ? await u() ? {
|
|
2396
2412
|
sub: "local",
|
|
2397
2413
|
name: "Local User"
|
|
2398
2414
|
} : e ? await e.getUser() : null : null;
|
|
2399
2415
|
},
|
|
2400
2416
|
async login(e) {
|
|
2401
|
-
return
|
|
2417
|
+
return f() && (gt() || _t() || pt()) ? (R("Using popup login for cross-domain auth on Safari/Android/Incognito"), m.loginWithPopup(e)) : (R("Using redirect login"), m.loginWithRedirect(e));
|
|
2402
2418
|
},
|
|
2403
2419
|
async loginWithRedirect(t) {
|
|
2404
|
-
let n =
|
|
2420
|
+
let n = p(t);
|
|
2405
2421
|
if (n) return e.loginWithRedirect(n);
|
|
2406
2422
|
},
|
|
2407
2423
|
async loginWithPopup(t) {
|
|
2408
|
-
let n =
|
|
2424
|
+
let n = p(t);
|
|
2409
2425
|
if (!n) return;
|
|
2410
|
-
await e.loginWithPopup(n, { timeoutInSeconds: 1800 }), $(),
|
|
2411
|
-
let
|
|
2412
|
-
if (!
|
|
2413
|
-
let
|
|
2426
|
+
await e.loginWithPopup(n, { timeoutInSeconds: 1800 }), $(), q(r, !0);
|
|
2427
|
+
let i = await e.getUser();
|
|
2428
|
+
if (!i) throw Error("No user found after popup login");
|
|
2429
|
+
let a = new CustomEvent(z.AUTHENTICATED, {
|
|
2414
2430
|
detail: {
|
|
2415
|
-
...
|
|
2431
|
+
...i,
|
|
2416
2432
|
appState: t?.appState
|
|
2417
2433
|
},
|
|
2418
2434
|
composed: !0,
|
|
2419
2435
|
bubbles: !0
|
|
2420
2436
|
});
|
|
2421
|
-
window.dispatchEvent(
|
|
2437
|
+
window.dispatchEvent(a) && window.location.reload();
|
|
2422
2438
|
},
|
|
2423
2439
|
async logout(t = {}) {
|
|
2424
|
-
if (
|
|
2440
|
+
if (a && (localStorage.removeItem(J), localStorage.removeItem(Y), q(r, !1), $(), B(z.LOGOUT, {}), e)) return R(`Logout with options: ${JSON.stringify(t)}`), e.logout({
|
|
2425
2441
|
...t,
|
|
2426
2442
|
logoutParams: {
|
|
2427
2443
|
returnTo: window.location.href,
|
|
@@ -2430,7 +2446,7 @@ function Nt() {
|
|
|
2430
2446
|
});
|
|
2431
2447
|
}
|
|
2432
2448
|
};
|
|
2433
|
-
return
|
|
2449
|
+
return m;
|
|
2434
2450
|
}
|
|
2435
2451
|
//#endregion
|
|
2436
|
-
export {
|
|
2452
|
+
export { J as ACCESS_TOKEN_KEY, Y as REFRESH_TOKEN_KEY, X as SILENT_AUTH_THROTTLE_KEY, Pt as createAuth0Plugin };
|