@sesamy/sesamy-js 1.89.0 → 1.90.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth0-plugin.mjs +1006 -670
- package/dist/sesamy-js.cjs +37 -7
- package/dist/sesamy-js.iife.js +1 -1
- package/dist/sesamy-js.mjs +3227 -2852
- package/package.json +3 -3
- package/dist/auth0-plugin.cjs +0 -4
- package/dist/auth0-plugin.d.ts +0 -64
- package/dist/browser-CSL3DDPL.mjs +0 -396
- package/dist/browser-CZBGlvEr.js +0 -31
package/dist/auth0-plugin.mjs
CHANGED
|
@@ -1,77 +1,76 @@
|
|
|
1
|
-
|
|
2
|
-
function O(n, e) {
|
|
1
|
+
function O(o, e) {
|
|
3
2
|
var t = {};
|
|
4
|
-
for (var
|
|
5
|
-
if (
|
|
3
|
+
for (var n in o) Object.prototype.hasOwnProperty.call(o, n) && e.indexOf(n) < 0 && (t[n] = o[n]);
|
|
4
|
+
if (o != null && typeof Object.getOwnPropertySymbols == "function") {
|
|
6
5
|
var i = 0;
|
|
7
|
-
for (
|
|
6
|
+
for (n = Object.getOwnPropertySymbols(o); i < n.length; i++) e.indexOf(n[i]) < 0 && Object.prototype.propertyIsEnumerable.call(o, n[i]) && (t[n[i]] = o[n[i]]);
|
|
8
7
|
}
|
|
9
8
|
return t;
|
|
10
9
|
}
|
|
11
|
-
var
|
|
12
|
-
function
|
|
13
|
-
return
|
|
10
|
+
var j = typeof globalThis < "u" ? globalThis : typeof window < "u" ? window : typeof global < "u" ? global : typeof self < "u" ? self : {};
|
|
11
|
+
function we(o) {
|
|
12
|
+
return o && o.__esModule && Object.prototype.hasOwnProperty.call(o, "default") ? o.default : o;
|
|
14
13
|
}
|
|
15
|
-
function
|
|
16
|
-
return
|
|
14
|
+
function be(o, e) {
|
|
15
|
+
return o(e = { exports: {} }, e.exports), e.exports;
|
|
17
16
|
}
|
|
18
|
-
var R =
|
|
17
|
+
var R = be((function(o, e) {
|
|
19
18
|
Object.defineProperty(e, "__esModule", { value: !0 });
|
|
20
19
|
var t = (function() {
|
|
21
|
-
function
|
|
20
|
+
function n() {
|
|
22
21
|
var i = this;
|
|
23
|
-
this.locked = /* @__PURE__ */ new Map(), this.addToLocked = function(r,
|
|
22
|
+
this.locked = /* @__PURE__ */ new Map(), this.addToLocked = function(r, c) {
|
|
24
23
|
var h = i.locked.get(r);
|
|
25
|
-
h === void 0 ?
|
|
24
|
+
h === void 0 ? c === void 0 ? i.locked.set(r, []) : i.locked.set(r, [c]) : c !== void 0 && (h.unshift(c), i.locked.set(r, h));
|
|
26
25
|
}, this.isLocked = function(r) {
|
|
27
26
|
return i.locked.has(r);
|
|
28
27
|
}, this.lock = function(r) {
|
|
29
|
-
return new Promise((function(
|
|
30
|
-
i.isLocked(r) ? i.addToLocked(r,
|
|
28
|
+
return new Promise((function(c, h) {
|
|
29
|
+
i.isLocked(r) ? i.addToLocked(r, c) : (i.addToLocked(r), c());
|
|
31
30
|
}));
|
|
32
31
|
}, this.unlock = function(r) {
|
|
33
|
-
var
|
|
34
|
-
if (
|
|
35
|
-
var h =
|
|
36
|
-
i.locked.set(r,
|
|
32
|
+
var c = i.locked.get(r);
|
|
33
|
+
if (c !== void 0 && c.length !== 0) {
|
|
34
|
+
var h = c.pop();
|
|
35
|
+
i.locked.set(r, c), h !== void 0 && setTimeout(h, 0);
|
|
37
36
|
} else i.locked.delete(r);
|
|
38
37
|
};
|
|
39
38
|
}
|
|
40
|
-
return
|
|
41
|
-
return
|
|
42
|
-
},
|
|
39
|
+
return n.getInstance = function() {
|
|
40
|
+
return n.instance === void 0 && (n.instance = new n()), n.instance;
|
|
41
|
+
}, n;
|
|
43
42
|
})();
|
|
44
43
|
e.default = function() {
|
|
45
44
|
return t.getInstance();
|
|
46
45
|
};
|
|
47
46
|
}));
|
|
48
|
-
|
|
49
|
-
var
|
|
50
|
-
var t =
|
|
47
|
+
we(R);
|
|
48
|
+
var nt = we(be((function(o, e) {
|
|
49
|
+
var t = j && j.__awaiter || function(s, l, a, u) {
|
|
51
50
|
return new (a || (a = Promise))((function(p, g) {
|
|
52
|
-
function f(
|
|
51
|
+
function f(k) {
|
|
53
52
|
try {
|
|
54
|
-
b(
|
|
53
|
+
b(u.next(k));
|
|
55
54
|
} catch (y) {
|
|
56
55
|
g(y);
|
|
57
56
|
}
|
|
58
57
|
}
|
|
59
|
-
function w(
|
|
58
|
+
function w(k) {
|
|
60
59
|
try {
|
|
61
|
-
b(
|
|
60
|
+
b(u.throw(k));
|
|
62
61
|
} catch (y) {
|
|
63
62
|
g(y);
|
|
64
63
|
}
|
|
65
64
|
}
|
|
66
|
-
function b(
|
|
67
|
-
|
|
68
|
-
y(
|
|
65
|
+
function b(k) {
|
|
66
|
+
k.done ? p(k.value) : new a((function(y) {
|
|
67
|
+
y(k.value);
|
|
69
68
|
})).then(f, w);
|
|
70
69
|
}
|
|
71
|
-
b((
|
|
70
|
+
b((u = u.apply(s, l || [])).next());
|
|
72
71
|
}));
|
|
73
|
-
},
|
|
74
|
-
var a,
|
|
72
|
+
}, n = j && j.__generator || function(s, l) {
|
|
73
|
+
var a, u, p, g, f = { label: 0, sent: function() {
|
|
75
74
|
if (1 & p[0]) throw p[1];
|
|
76
75
|
return p[1];
|
|
77
76
|
}, trys: [], ops: [] };
|
|
@@ -79,12 +78,12 @@ var et = fe(ge((function(n, e) {
|
|
|
79
78
|
return this;
|
|
80
79
|
}), g;
|
|
81
80
|
function w(b) {
|
|
82
|
-
return function(
|
|
81
|
+
return function(k) {
|
|
83
82
|
return (function(y) {
|
|
84
83
|
if (a) throw new TypeError("Generator is already executing.");
|
|
85
84
|
for (; f; ) try {
|
|
86
|
-
if (a = 1,
|
|
87
|
-
switch (
|
|
85
|
+
if (a = 1, u && (p = 2 & y[0] ? u.return : y[0] ? u.throw || ((p = u.return) && p.call(u), 0) : u.next) && !(p = p.call(u, y[1])).done) return p;
|
|
86
|
+
switch (u = 0, p && (y = [2 & y[0], p.value]), y[0]) {
|
|
88
87
|
case 0:
|
|
89
88
|
case 1:
|
|
90
89
|
p = y;
|
|
@@ -92,7 +91,7 @@ var et = fe(ge((function(n, e) {
|
|
|
92
91
|
case 4:
|
|
93
92
|
return f.label++, { value: y[1], done: !1 };
|
|
94
93
|
case 5:
|
|
95
|
-
f.label++,
|
|
94
|
+
f.label++, u = y[1], y = [0];
|
|
96
95
|
continue;
|
|
97
96
|
case 7:
|
|
98
97
|
y = f.ops.pop(), f.trys.pop();
|
|
@@ -119,44 +118,44 @@ var et = fe(ge((function(n, e) {
|
|
|
119
118
|
}
|
|
120
119
|
y = l.call(s, f);
|
|
121
120
|
} catch (S) {
|
|
122
|
-
y = [6, S],
|
|
121
|
+
y = [6, S], u = 0;
|
|
123
122
|
} finally {
|
|
124
123
|
a = p = 0;
|
|
125
124
|
}
|
|
126
125
|
if (5 & y[0]) throw y[1];
|
|
127
126
|
return { value: y[0] ? y[1] : void 0, done: !0 };
|
|
128
|
-
})([b,
|
|
127
|
+
})([b, k]);
|
|
129
128
|
};
|
|
130
129
|
}
|
|
131
|
-
}, i =
|
|
130
|
+
}, i = j;
|
|
132
131
|
Object.defineProperty(e, "__esModule", { value: !0 });
|
|
133
|
-
var r = "browser-tabs-lock-key",
|
|
132
|
+
var r = "browser-tabs-lock-key", c = { key: function(s) {
|
|
134
133
|
return t(i, void 0, void 0, (function() {
|
|
135
|
-
return
|
|
134
|
+
return n(this, (function(l) {
|
|
136
135
|
throw new Error("Unsupported");
|
|
137
136
|
}));
|
|
138
137
|
}));
|
|
139
138
|
}, getItem: function(s) {
|
|
140
139
|
return t(i, void 0, void 0, (function() {
|
|
141
|
-
return
|
|
140
|
+
return n(this, (function(l) {
|
|
142
141
|
throw new Error("Unsupported");
|
|
143
142
|
}));
|
|
144
143
|
}));
|
|
145
144
|
}, clear: function() {
|
|
146
145
|
return t(i, void 0, void 0, (function() {
|
|
147
|
-
return
|
|
146
|
+
return n(this, (function(s) {
|
|
148
147
|
return [2, window.localStorage.clear()];
|
|
149
148
|
}));
|
|
150
149
|
}));
|
|
151
150
|
}, removeItem: function(s) {
|
|
152
151
|
return t(i, void 0, void 0, (function() {
|
|
153
|
-
return
|
|
152
|
+
return n(this, (function(l) {
|
|
154
153
|
throw new Error("Unsupported");
|
|
155
154
|
}));
|
|
156
155
|
}));
|
|
157
156
|
}, setItem: function(s, l) {
|
|
158
157
|
return t(i, void 0, void 0, (function() {
|
|
159
|
-
return
|
|
158
|
+
return n(this, (function(a) {
|
|
160
159
|
throw new Error("Unsupported");
|
|
161
160
|
}));
|
|
162
161
|
}));
|
|
@@ -177,7 +176,7 @@ var et = fe(ge((function(n, e) {
|
|
|
177
176
|
}));
|
|
178
177
|
}
|
|
179
178
|
function d(s) {
|
|
180
|
-
for (var l = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz", a = "",
|
|
179
|
+
for (var l = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz", a = "", u = 0; u < s; u++)
|
|
181
180
|
a += l[Math.floor(Math.random() * l.length)];
|
|
182
181
|
return a;
|
|
183
182
|
}
|
|
@@ -187,25 +186,25 @@ var et = fe(ge((function(n, e) {
|
|
|
187
186
|
}
|
|
188
187
|
return s.prototype.acquireLock = function(l, a) {
|
|
189
188
|
return a === void 0 && (a = 5e3), t(this, void 0, void 0, (function() {
|
|
190
|
-
var
|
|
191
|
-
return
|
|
189
|
+
var u, p, g, f, w, b, k;
|
|
190
|
+
return n(this, (function(y) {
|
|
192
191
|
switch (y.label) {
|
|
193
192
|
case 0:
|
|
194
|
-
|
|
193
|
+
u = Date.now() + d(4), p = Date.now() + a, g = r + "-" + l, f = this.storageHandler === void 0 ? c : this.storageHandler, y.label = 1;
|
|
195
194
|
case 1:
|
|
196
195
|
return Date.now() < p ? [4, h(30)] : [3, 8];
|
|
197
196
|
case 2:
|
|
198
|
-
return y.sent(), f.getItemSync(g) !== null ? [3, 5] : (w = this.id + "-" + l + "-" +
|
|
197
|
+
return y.sent(), f.getItemSync(g) !== null ? [3, 5] : (w = this.id + "-" + l + "-" + u, [4, h(Math.floor(25 * Math.random()))]);
|
|
199
198
|
case 3:
|
|
200
|
-
return y.sent(), f.setItemSync(g, JSON.stringify({ id: this.id, iat:
|
|
199
|
+
return y.sent(), f.setItemSync(g, JSON.stringify({ id: this.id, iat: u, timeoutKey: w, timeAcquired: Date.now(), timeRefreshed: Date.now() })), [4, h(30)];
|
|
201
200
|
case 4:
|
|
202
|
-
return y.sent(), (b = f.getItemSync(g)) !== null && (
|
|
201
|
+
return y.sent(), (b = f.getItemSync(g)) !== null && (k = JSON.parse(b)).id === this.id && k.iat === u ? (this.acquiredIatSet.add(u), this.refreshLockWhileAcquired(g, u), [2, !0]) : [3, 7];
|
|
203
202
|
case 5:
|
|
204
|
-
return s.lockCorrector(this.storageHandler === void 0 ?
|
|
203
|
+
return s.lockCorrector(this.storageHandler === void 0 ? c : this.storageHandler), [4, this.waitForSomethingToChange(p)];
|
|
205
204
|
case 6:
|
|
206
205
|
y.sent(), y.label = 7;
|
|
207
206
|
case 7:
|
|
208
|
-
return
|
|
207
|
+
return u = Date.now() + d(4), [3, 1];
|
|
209
208
|
case 8:
|
|
210
209
|
return [2, !1];
|
|
211
210
|
}
|
|
@@ -213,17 +212,17 @@ var et = fe(ge((function(n, e) {
|
|
|
213
212
|
}));
|
|
214
213
|
}, s.prototype.refreshLockWhileAcquired = function(l, a) {
|
|
215
214
|
return t(this, void 0, void 0, (function() {
|
|
216
|
-
var
|
|
217
|
-
return
|
|
215
|
+
var u = this;
|
|
216
|
+
return n(this, (function(p) {
|
|
218
217
|
return setTimeout((function() {
|
|
219
|
-
return t(
|
|
218
|
+
return t(u, void 0, void 0, (function() {
|
|
220
219
|
var g, f, w;
|
|
221
|
-
return
|
|
220
|
+
return n(this, (function(b) {
|
|
222
221
|
switch (b.label) {
|
|
223
222
|
case 0:
|
|
224
223
|
return [4, R.default().lock(a)];
|
|
225
224
|
case 1:
|
|
226
|
-
return b.sent(), this.acquiredIatSet.has(a) ? (g = this.storageHandler === void 0 ?
|
|
225
|
+
return b.sent(), this.acquiredIatSet.has(a) ? (g = this.storageHandler === void 0 ? c : this.storageHandler, (f = g.getItemSync(l)) === null ? (R.default().unlock(a), [2]) : ((w = JSON.parse(f)).timeRefreshed = Date.now(), g.setItemSync(l, JSON.stringify(w)), R.default().unlock(a), this.refreshLockWhileAcquired(l, a), [2])) : (R.default().unlock(a), [2]);
|
|
227
226
|
}
|
|
228
227
|
}));
|
|
229
228
|
}));
|
|
@@ -232,16 +231,16 @@ var et = fe(ge((function(n, e) {
|
|
|
232
231
|
}));
|
|
233
232
|
}, s.prototype.waitForSomethingToChange = function(l) {
|
|
234
233
|
return t(this, void 0, void 0, (function() {
|
|
235
|
-
return
|
|
234
|
+
return n(this, (function(a) {
|
|
236
235
|
switch (a.label) {
|
|
237
236
|
case 0:
|
|
238
|
-
return [4, new Promise((function(
|
|
237
|
+
return [4, new Promise((function(u) {
|
|
239
238
|
var p = !1, g = Date.now(), f = !1;
|
|
240
239
|
function w() {
|
|
241
240
|
if (f || (window.removeEventListener("storage", w), s.removeFromWaiting(w), clearTimeout(b), f = !0), !p) {
|
|
242
241
|
p = !0;
|
|
243
|
-
var
|
|
244
|
-
|
|
242
|
+
var k = 50 - (Date.now() - g);
|
|
243
|
+
k > 0 ? setTimeout(u, k) : u(null);
|
|
245
244
|
}
|
|
246
245
|
}
|
|
247
246
|
window.addEventListener("storage", w), s.addToWaiting(w);
|
|
@@ -264,7 +263,7 @@ var et = fe(ge((function(n, e) {
|
|
|
264
263
|
}));
|
|
265
264
|
}, s.prototype.releaseLock = function(l) {
|
|
266
265
|
return t(this, void 0, void 0, (function() {
|
|
267
|
-
return
|
|
266
|
+
return n(this, (function(a) {
|
|
268
267
|
switch (a.label) {
|
|
269
268
|
case 0:
|
|
270
269
|
return [4, this.releaseLock__private__(l)];
|
|
@@ -275,31 +274,31 @@ var et = fe(ge((function(n, e) {
|
|
|
275
274
|
}));
|
|
276
275
|
}, s.prototype.releaseLock__private__ = function(l) {
|
|
277
276
|
return t(this, void 0, void 0, (function() {
|
|
278
|
-
var a,
|
|
279
|
-
return
|
|
277
|
+
var a, u, p, g;
|
|
278
|
+
return n(this, (function(f) {
|
|
280
279
|
switch (f.label) {
|
|
281
280
|
case 0:
|
|
282
|
-
return a = this.storageHandler === void 0 ?
|
|
281
|
+
return a = this.storageHandler === void 0 ? c : this.storageHandler, u = r + "-" + l, (p = a.getItemSync(u)) === null ? [2] : (g = JSON.parse(p)).id !== this.id ? [3, 2] : [4, R.default().lock(g.iat)];
|
|
283
282
|
case 1:
|
|
284
|
-
f.sent(), this.acquiredIatSet.delete(g.iat), a.removeItemSync(
|
|
283
|
+
f.sent(), this.acquiredIatSet.delete(g.iat), a.removeItemSync(u), R.default().unlock(g.iat), s.notifyWaiters(), f.label = 2;
|
|
285
284
|
case 2:
|
|
286
285
|
return [2];
|
|
287
286
|
}
|
|
288
287
|
}));
|
|
289
288
|
}));
|
|
290
289
|
}, s.lockCorrector = function(l) {
|
|
291
|
-
for (var a = Date.now() - 5e3,
|
|
292
|
-
var f =
|
|
290
|
+
for (var a = Date.now() - 5e3, u = l, p = [], g = 0; ; ) {
|
|
291
|
+
var f = u.keySync(g);
|
|
293
292
|
if (f === null) break;
|
|
294
293
|
p.push(f), g++;
|
|
295
294
|
}
|
|
296
295
|
for (var w = !1, b = 0; b < p.length; b++) {
|
|
297
|
-
var
|
|
298
|
-
if (
|
|
299
|
-
var y =
|
|
296
|
+
var k = p[b];
|
|
297
|
+
if (k.includes(r)) {
|
|
298
|
+
var y = u.getItemSync(k);
|
|
300
299
|
if (y !== null) {
|
|
301
300
|
var S = JSON.parse(y);
|
|
302
|
-
(S.timeRefreshed === void 0 && S.timeAcquired < a || S.timeRefreshed !== void 0 && S.timeRefreshed < a) && (
|
|
301
|
+
(S.timeRefreshed === void 0 && S.timeAcquired < a || S.timeRefreshed !== void 0 && S.timeRefreshed < a) && (u.removeItemSync(k), w = !0);
|
|
303
302
|
}
|
|
304
303
|
}
|
|
305
304
|
}
|
|
@@ -308,7 +307,7 @@ var et = fe(ge((function(n, e) {
|
|
|
308
307
|
})();
|
|
309
308
|
e.default = m;
|
|
310
309
|
})));
|
|
311
|
-
const
|
|
310
|
+
const ot = { timeoutInSeconds: 60 }, $e = { name: "auth0-spa-js", version: "2.11.3" }, Xe = () => Date.now();
|
|
312
311
|
class _ extends Error {
|
|
313
312
|
constructor(e, t) {
|
|
314
313
|
super(t), this.error = e, this.error_description = t, Object.setPrototypeOf(this, _.prototype);
|
|
@@ -317,14 +316,14 @@ class _ extends Error {
|
|
|
317
316
|
return new _(e, t);
|
|
318
317
|
}
|
|
319
318
|
}
|
|
320
|
-
class
|
|
321
|
-
constructor(e, t,
|
|
322
|
-
super(e, t), this.state =
|
|
319
|
+
class ke extends _ {
|
|
320
|
+
constructor(e, t, n, i = null) {
|
|
321
|
+
super(e, t), this.state = n, this.appState = i, Object.setPrototypeOf(this, ke.prototype);
|
|
323
322
|
}
|
|
324
323
|
}
|
|
325
|
-
class
|
|
326
|
-
constructor(e, t,
|
|
327
|
-
super(e, t), this.connection =
|
|
324
|
+
class ve extends _ {
|
|
325
|
+
constructor(e, t, n, i, r = null) {
|
|
326
|
+
super(e, t), this.connection = n, this.state = i, this.appState = r, Object.setPrototypeOf(this, ve.prototype);
|
|
328
327
|
}
|
|
329
328
|
}
|
|
330
329
|
class Z extends _ {
|
|
@@ -332,285 +331,285 @@ class Z extends _ {
|
|
|
332
331
|
super("timeout", "Timeout"), Object.setPrototypeOf(this, Z.prototype);
|
|
333
332
|
}
|
|
334
333
|
}
|
|
335
|
-
class
|
|
334
|
+
class Se extends Z {
|
|
336
335
|
constructor(e) {
|
|
337
|
-
super(), this.popup = e, Object.setPrototypeOf(this,
|
|
336
|
+
super(), this.popup = e, Object.setPrototypeOf(this, Se.prototype);
|
|
338
337
|
}
|
|
339
338
|
}
|
|
340
|
-
class
|
|
339
|
+
class _e extends _ {
|
|
341
340
|
constructor(e) {
|
|
342
|
-
super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this,
|
|
341
|
+
super("cancelled", "Popup closed"), this.popup = e, Object.setPrototypeOf(this, _e.prototype);
|
|
343
342
|
}
|
|
344
343
|
}
|
|
345
|
-
class
|
|
344
|
+
class Ie extends _ {
|
|
346
345
|
constructor() {
|
|
347
|
-
super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this,
|
|
346
|
+
super("popup_open", "Unable to open a popup for loginWithPopup - window.open returned `null`"), Object.setPrototypeOf(this, Ie.prototype);
|
|
348
347
|
}
|
|
349
348
|
}
|
|
350
|
-
class
|
|
351
|
-
constructor(e, t,
|
|
352
|
-
super(e, t), this.mfa_token =
|
|
349
|
+
class Te extends _ {
|
|
350
|
+
constructor(e, t, n) {
|
|
351
|
+
super(e, t), this.mfa_token = n, Object.setPrototypeOf(this, Te.prototype);
|
|
353
352
|
}
|
|
354
353
|
}
|
|
355
|
-
class
|
|
354
|
+
class ce extends _ {
|
|
356
355
|
constructor(e, t) {
|
|
357
|
-
super("missing_refresh_token", `Missing Refresh Token (audience: '${
|
|
356
|
+
super("missing_refresh_token", `Missing Refresh Token (audience: '${ie(e, ["default"])}', scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, ce.prototype);
|
|
358
357
|
}
|
|
359
358
|
}
|
|
360
|
-
class
|
|
359
|
+
class Pe extends _ {
|
|
361
360
|
constructor(e, t) {
|
|
362
|
-
super("missing_scopes", `Missing requested scopes after refresh (audience: '${
|
|
361
|
+
super("missing_scopes", `Missing requested scopes after refresh (audience: '${ie(e, ["default"])}', missing scope: '${ie(t)}')`), this.audience = e, this.scope = t, Object.setPrototypeOf(this, Pe.prototype);
|
|
363
362
|
}
|
|
364
363
|
}
|
|
365
|
-
class
|
|
364
|
+
class ue extends _ {
|
|
366
365
|
constructor(e) {
|
|
367
|
-
super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = e, Object.setPrototypeOf(this,
|
|
366
|
+
super("use_dpop_nonce", "Server rejected DPoP proof: wrong nonce"), this.newDpopNonce = e, Object.setPrototypeOf(this, ue.prototype);
|
|
368
367
|
}
|
|
369
368
|
}
|
|
370
|
-
function
|
|
371
|
-
return
|
|
369
|
+
function ie(o, e = []) {
|
|
370
|
+
return o && !e.includes(o) ? o : "";
|
|
372
371
|
}
|
|
373
|
-
const
|
|
374
|
-
const
|
|
372
|
+
const re = () => window.crypto, W = () => {
|
|
373
|
+
const o = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.";
|
|
375
374
|
let e = "";
|
|
376
|
-
return Array.from(
|
|
377
|
-
},
|
|
378
|
-
const
|
|
379
|
-
return
|
|
380
|
-
}), {}),
|
|
381
|
-
var { clientId: e } =
|
|
382
|
-
return new URLSearchParams(((
|
|
383
|
-
},
|
|
384
|
-
const e = new Uint8Array(
|
|
375
|
+
return Array.from(re().getRandomValues(new Uint8Array(43))).forEach(((t) => e += o[t % o.length])), e;
|
|
376
|
+
}, de = (o) => btoa(o), it = [{ key: "name", type: ["string"] }, { key: "version", type: ["string", "number"] }, { key: "env", type: ["object"] }], rt = (o) => Object.keys(o).reduce(((e, t) => {
|
|
377
|
+
const n = it.find(((i) => i.key === t));
|
|
378
|
+
return n && n.type.includes(typeof o[t]) && (e[t] = o[t]), e;
|
|
379
|
+
}), {}), fe = (o) => {
|
|
380
|
+
var { clientId: e } = o, t = O(o, ["clientId"]);
|
|
381
|
+
return new URLSearchParams(((n) => Object.keys(n).filter(((i) => n[i] !== void 0)).reduce(((i, r) => Object.assign(Object.assign({}, i), { [r]: n[r] })), {}))(Object.assign({ client_id: e }, t))).toString();
|
|
382
|
+
}, Ae = async (o) => await re().subtle.digest({ name: "SHA-256" }, new TextEncoder().encode(o)), xe = (o) => ((e) => decodeURIComponent(atob(e).split("").map(((t) => "%" + ("00" + t.charCodeAt(0).toString(16)).slice(-2))).join("")))(o.replace(/_/g, "/").replace(/-/g, "+")), Re = (o) => {
|
|
383
|
+
const e = new Uint8Array(o);
|
|
385
384
|
return ((t) => {
|
|
386
|
-
const
|
|
387
|
-
return t.replace(/[+/=]/g, ((i) =>
|
|
385
|
+
const n = { "+": "-", "/": "_", "=": "" };
|
|
386
|
+
return t.replace(/[+/=]/g, ((i) => n[i]));
|
|
388
387
|
})(window.btoa(String.fromCharCode(...Array.from(e))));
|
|
389
|
-
},
|
|
390
|
-
function
|
|
391
|
-
return typeof
|
|
388
|
+
}, st = new TextEncoder(), at = new TextDecoder();
|
|
389
|
+
function B(o) {
|
|
390
|
+
return typeof o == "string" ? st.encode(o) : at.decode(o);
|
|
392
391
|
}
|
|
393
|
-
function
|
|
394
|
-
if (typeof
|
|
392
|
+
function je(o) {
|
|
393
|
+
if (typeof o.modulusLength != "number" || o.modulusLength < 2048) throw new ut(`${o.name} modulusLength must be at least 2048 bits`);
|
|
395
394
|
}
|
|
396
|
-
async function
|
|
395
|
+
async function ct(o, e, t) {
|
|
397
396
|
if (t.usages.includes("sign") === !1) throw new TypeError('private CryptoKey instances used for signing assertions must include "sign" in their "usages"');
|
|
398
|
-
const
|
|
399
|
-
return `${
|
|
397
|
+
const n = `${q(B(JSON.stringify(o)))}.${q(B(JSON.stringify(e)))}`;
|
|
398
|
+
return `${n}.${q(await crypto.subtle.sign((function(i) {
|
|
400
399
|
switch (i.algorithm.name) {
|
|
401
400
|
case "ECDSA":
|
|
402
401
|
return { name: i.algorithm.name, hash: "SHA-256" };
|
|
403
402
|
case "RSA-PSS":
|
|
404
|
-
return
|
|
403
|
+
return je(i.algorithm), { name: i.algorithm.name, saltLength: 32 };
|
|
405
404
|
case "RSASSA-PKCS1-v1_5":
|
|
406
|
-
return
|
|
405
|
+
return je(i.algorithm), { name: i.algorithm.name };
|
|
407
406
|
case "Ed25519":
|
|
408
407
|
return { name: i.algorithm.name };
|
|
409
408
|
}
|
|
410
|
-
throw new
|
|
411
|
-
})(t), t,
|
|
409
|
+
throw new K();
|
|
410
|
+
})(t), t, B(n)))}`;
|
|
412
411
|
}
|
|
413
|
-
let
|
|
414
|
-
Uint8Array.prototype.toBase64 ?
|
|
412
|
+
let ge;
|
|
413
|
+
Uint8Array.prototype.toBase64 ? ge = (o) => (o instanceof ArrayBuffer && (o = new Uint8Array(o)), o.toBase64({ alphabet: "base64url", omitPadding: !0 })) : ge = (e) => {
|
|
415
414
|
e instanceof ArrayBuffer && (e = new Uint8Array(e));
|
|
416
415
|
const t = [];
|
|
417
|
-
for (let
|
|
416
|
+
for (let n = 0; n < e.byteLength; n += 32768) t.push(String.fromCharCode.apply(null, e.subarray(n, n + 32768)));
|
|
418
417
|
return btoa(t.join("")).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
|
|
419
418
|
};
|
|
420
|
-
function
|
|
421
|
-
return
|
|
419
|
+
function q(o) {
|
|
420
|
+
return ge(o);
|
|
422
421
|
}
|
|
423
|
-
class
|
|
422
|
+
class K extends Error {
|
|
424
423
|
constructor(e) {
|
|
425
424
|
var t;
|
|
426
425
|
super(e ?? "operation not supported"), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
|
|
427
426
|
}
|
|
428
427
|
}
|
|
429
|
-
class
|
|
428
|
+
class ut extends Error {
|
|
430
429
|
constructor(e) {
|
|
431
430
|
var t;
|
|
432
431
|
super(e), this.name = this.constructor.name, (t = Error.captureStackTrace) === null || t === void 0 || t.call(Error, this, this.constructor);
|
|
433
432
|
}
|
|
434
433
|
}
|
|
435
|
-
function
|
|
436
|
-
switch (
|
|
434
|
+
function lt(o) {
|
|
435
|
+
switch (o.algorithm.name) {
|
|
437
436
|
case "RSA-PSS":
|
|
438
437
|
return (function(e) {
|
|
439
438
|
if (e.algorithm.hash.name === "SHA-256") return "PS256";
|
|
440
|
-
throw new
|
|
441
|
-
})(
|
|
439
|
+
throw new K("unsupported RsaHashedKeyAlgorithm hash name");
|
|
440
|
+
})(o);
|
|
442
441
|
case "RSASSA-PKCS1-v1_5":
|
|
443
442
|
return (function(e) {
|
|
444
443
|
if (e.algorithm.hash.name === "SHA-256") return "RS256";
|
|
445
|
-
throw new
|
|
446
|
-
})(
|
|
444
|
+
throw new K("unsupported RsaHashedKeyAlgorithm hash name");
|
|
445
|
+
})(o);
|
|
447
446
|
case "ECDSA":
|
|
448
447
|
return (function(e) {
|
|
449
448
|
if (e.algorithm.namedCurve === "P-256") return "ES256";
|
|
450
|
-
throw new
|
|
451
|
-
})(
|
|
449
|
+
throw new K("unsupported EcKeyAlgorithm namedCurve");
|
|
450
|
+
})(o);
|
|
452
451
|
case "Ed25519":
|
|
453
452
|
return "Ed25519";
|
|
454
453
|
default:
|
|
455
|
-
throw new
|
|
454
|
+
throw new K("unsupported CryptoKey algorithm name");
|
|
456
455
|
}
|
|
457
456
|
}
|
|
458
|
-
function
|
|
459
|
-
return
|
|
457
|
+
function Ve(o) {
|
|
458
|
+
return o instanceof CryptoKey;
|
|
460
459
|
}
|
|
461
|
-
function
|
|
462
|
-
return
|
|
460
|
+
function Ge(o) {
|
|
461
|
+
return Ve(o) && o.type === "public";
|
|
463
462
|
}
|
|
464
|
-
async function
|
|
465
|
-
const
|
|
466
|
-
if (!
|
|
463
|
+
async function dt(o, e, t, n, i, r) {
|
|
464
|
+
const c = o?.privateKey, h = o?.publicKey;
|
|
465
|
+
if (!Ve(d = c) || d.type !== "private") throw new TypeError('"keypair.privateKey" must be a private CryptoKey');
|
|
467
466
|
var d;
|
|
468
|
-
if (!
|
|
467
|
+
if (!Ge(h)) throw new TypeError('"keypair.publicKey" must be a public CryptoKey');
|
|
469
468
|
if (h.extractable !== !0) throw new TypeError('"keypair.publicKey.extractable" must be true');
|
|
470
469
|
if (typeof e != "string") throw new TypeError('"htu" must be a string');
|
|
471
470
|
if (typeof t != "string") throw new TypeError('"htm" must be a string');
|
|
472
|
-
if (
|
|
471
|
+
if (n !== void 0 && typeof n != "string") throw new TypeError('"nonce" must be a string or undefined');
|
|
473
472
|
if (i !== void 0 && typeof i != "string") throw new TypeError('"accessToken" must be a string or undefined');
|
|
474
|
-
return
|
|
473
|
+
return ct({ alg: lt(c), typ: "dpop+jwt", jwk: await Me(h) }, Object.assign(Object.assign({}, r), { iat: Math.floor(Date.now() / 1e3), jti: crypto.randomUUID(), htm: t, nonce: n, htu: e, ath: i ? q(await crypto.subtle.digest("SHA-256", B(i))) : void 0 }), c);
|
|
475
474
|
}
|
|
476
|
-
async function
|
|
477
|
-
const { kty: e, e: t, n
|
|
478
|
-
return { kty: e, crv:
|
|
475
|
+
async function Me(o) {
|
|
476
|
+
const { kty: e, e: t, n, x: i, y: r, crv: c } = await crypto.subtle.exportKey("jwk", o);
|
|
477
|
+
return { kty: e, crv: c, e: t, n, x: i, y: r };
|
|
479
478
|
}
|
|
480
|
-
const
|
|
481
|
-
function
|
|
482
|
-
return (async function(
|
|
479
|
+
const ht = ["authorization_code", "refresh_token", "urn:ietf:params:oauth:grant-type:token-exchange"];
|
|
480
|
+
function pt() {
|
|
481
|
+
return (async function(o, e) {
|
|
483
482
|
var t;
|
|
484
|
-
let
|
|
485
|
-
if (
|
|
486
|
-
switch (
|
|
483
|
+
let n;
|
|
484
|
+
if (o.length === 0) throw new TypeError('"alg" must be a non-empty string');
|
|
485
|
+
switch (o) {
|
|
487
486
|
case "PS256":
|
|
488
|
-
|
|
487
|
+
n = { name: "RSA-PSS", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
|
|
489
488
|
break;
|
|
490
489
|
case "RS256":
|
|
491
|
-
|
|
490
|
+
n = { name: "RSASSA-PKCS1-v1_5", hash: "SHA-256", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]) };
|
|
492
491
|
break;
|
|
493
492
|
case "ES256":
|
|
494
|
-
|
|
493
|
+
n = { name: "ECDSA", namedCurve: "P-256" };
|
|
495
494
|
break;
|
|
496
495
|
case "Ed25519":
|
|
497
|
-
|
|
496
|
+
n = { name: "Ed25519" };
|
|
498
497
|
break;
|
|
499
498
|
default:
|
|
500
|
-
throw new
|
|
499
|
+
throw new K();
|
|
501
500
|
}
|
|
502
|
-
return crypto.subtle.generateKey(
|
|
501
|
+
return crypto.subtle.generateKey(n, (t = e?.extractable) !== null && t !== void 0 && t, ["sign", "verify"]);
|
|
503
502
|
})("ES256", { extractable: !1 });
|
|
504
503
|
}
|
|
505
|
-
function
|
|
504
|
+
function mt(o) {
|
|
506
505
|
return (async function(e) {
|
|
507
|
-
if (!
|
|
506
|
+
if (!Ge(e)) throw new TypeError('"publicKey" must be a public CryptoKey');
|
|
508
507
|
if (e.extractable !== !0) throw new TypeError('"publicKey.extractable" must be true');
|
|
509
|
-
const t = await
|
|
510
|
-
let
|
|
508
|
+
const t = await Me(e);
|
|
509
|
+
let n;
|
|
511
510
|
switch (t.kty) {
|
|
512
511
|
case "EC":
|
|
513
|
-
|
|
512
|
+
n = { crv: t.crv, kty: t.kty, x: t.x, y: t.y };
|
|
514
513
|
break;
|
|
515
514
|
case "OKP":
|
|
516
|
-
|
|
515
|
+
n = { crv: t.crv, kty: t.kty, x: t.x };
|
|
517
516
|
break;
|
|
518
517
|
case "RSA":
|
|
519
|
-
|
|
518
|
+
n = { e: t.e, kty: t.kty, n: t.n };
|
|
520
519
|
break;
|
|
521
520
|
default:
|
|
522
|
-
throw new
|
|
521
|
+
throw new K("unsupported JWK kty");
|
|
523
522
|
}
|
|
524
|
-
return
|
|
525
|
-
})(
|
|
523
|
+
return q(await crypto.subtle.digest({ name: "SHA-256" }, B(JSON.stringify(n))));
|
|
524
|
+
})(o.publicKey);
|
|
526
525
|
}
|
|
527
|
-
function
|
|
528
|
-
const r = (function(
|
|
529
|
-
const h = new URL(
|
|
526
|
+
function ft({ keyPair: o, url: e, method: t, nonce: n, accessToken: i }) {
|
|
527
|
+
const r = (function(c) {
|
|
528
|
+
const h = new URL(c);
|
|
530
529
|
return h.search = "", h.hash = "", h.href;
|
|
531
530
|
})(e);
|
|
532
|
-
return
|
|
533
|
-
}
|
|
534
|
-
const
|
|
535
|
-
const t = await fetch(
|
|
536
|
-
return { ok: t.ok, json: await t.json(), headers: (
|
|
537
|
-
var
|
|
538
|
-
},
|
|
539
|
-
const
|
|
531
|
+
return dt(o, r, t, n, i);
|
|
532
|
+
}
|
|
533
|
+
const gt = async (o, e) => {
|
|
534
|
+
const t = await fetch(o, e);
|
|
535
|
+
return { ok: t.ok, json: await t.json(), headers: (n = t.headers, [...n].reduce(((i, [r, c]) => (i[r] = c, i)), {})) };
|
|
536
|
+
var n;
|
|
537
|
+
}, yt = async (o, e, t) => {
|
|
538
|
+
const n = new AbortController();
|
|
540
539
|
let i;
|
|
541
|
-
return e.signal =
|
|
540
|
+
return e.signal = n.signal, Promise.race([gt(o, e), new Promise(((r, c) => {
|
|
542
541
|
i = setTimeout((() => {
|
|
543
|
-
|
|
542
|
+
n.abort(), c(new Error("Timeout when executing 'fetch'"));
|
|
544
543
|
}), t);
|
|
545
544
|
}))]).finally((() => {
|
|
546
545
|
clearTimeout(i);
|
|
547
546
|
}));
|
|
548
|
-
},
|
|
549
|
-
return d = { auth: { audience: e, scope: t }, timeout: i, fetchUrl:
|
|
547
|
+
}, wt = async (o, e, t, n, i, r, c, h) => {
|
|
548
|
+
return d = { auth: { audience: e, scope: t }, timeout: i, fetchUrl: o, fetchOptions: n, useFormData: c, useMrrt: h }, m = r, new Promise((function(s, l) {
|
|
550
549
|
const a = new MessageChannel();
|
|
551
|
-
a.port1.onmessage = function(
|
|
552
|
-
|
|
550
|
+
a.port1.onmessage = function(u) {
|
|
551
|
+
u.data.error ? l(new Error(u.data.error)) : s(u.data), a.port1.close();
|
|
553
552
|
}, m.postMessage(d, [a.port2]);
|
|
554
553
|
}));
|
|
555
554
|
var d, m;
|
|
556
|
-
},
|
|
557
|
-
async function
|
|
555
|
+
}, bt = async (o, e, t, n, i, r, c = 1e4, h) => i ? wt(o, e, t, n, c, i, r, h) : yt(o, n, c);
|
|
556
|
+
async function Ye(o, e, t, n, i, r, c, h, d, m) {
|
|
558
557
|
if (d) {
|
|
559
|
-
const
|
|
560
|
-
i.headers = Object.assign(Object.assign({}, i.headers), { dpop:
|
|
558
|
+
const k = await d.generateProof({ url: o, method: i.method || "GET", nonce: await d.getNonce() });
|
|
559
|
+
i.headers = Object.assign(Object.assign({}, i.headers), { dpop: k });
|
|
561
560
|
}
|
|
562
561
|
let s, l = null;
|
|
563
|
-
for (let
|
|
564
|
-
s = await
|
|
562
|
+
for (let k = 0; k < 3; k++) try {
|
|
563
|
+
s = await bt(o, t, n, i, r, c, e, h), l = null;
|
|
565
564
|
break;
|
|
566
565
|
} catch (y) {
|
|
567
566
|
l = y;
|
|
568
567
|
}
|
|
569
568
|
if (l) throw l;
|
|
570
|
-
const a = s.json, { error:
|
|
569
|
+
const a = s.json, { error: u, error_description: p } = a, g = O(a, ["error", "error_description"]), { headers: f, ok: w } = s;
|
|
571
570
|
let b;
|
|
572
571
|
if (d && (b = f["dpop-nonce"], b && await d.setNonce(b)), !w) {
|
|
573
|
-
const
|
|
574
|
-
if (
|
|
575
|
-
if (
|
|
576
|
-
if (
|
|
577
|
-
if (!d || !b || m) throw new
|
|
578
|
-
return
|
|
572
|
+
const k = p || `HTTP error. Unable to fetch ${o}`;
|
|
573
|
+
if (u === "mfa_required") throw new Te(u, k, g.mfa_token);
|
|
574
|
+
if (u === "missing_refresh_token") throw new ce(t, n);
|
|
575
|
+
if (u === "use_dpop_nonce") {
|
|
576
|
+
if (!d || !b || m) throw new ue(b);
|
|
577
|
+
return Ye(o, e, t, n, i, r, c, h, d, !0);
|
|
579
578
|
}
|
|
580
|
-
throw new _(
|
|
579
|
+
throw new _(u || "request_error", k);
|
|
581
580
|
}
|
|
582
581
|
return g;
|
|
583
582
|
}
|
|
584
|
-
async function
|
|
585
|
-
var { baseUrl: t, timeout:
|
|
586
|
-
const l = s.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", a = s.grant_type === "refresh_token" && d,
|
|
583
|
+
async function kt(o, e) {
|
|
584
|
+
var { baseUrl: t, timeout: n, audience: i, scope: r, auth0Client: c, useFormData: h, useMrrt: d, dpop: m } = o, s = O(o, ["baseUrl", "timeout", "audience", "scope", "auth0Client", "useFormData", "useMrrt", "dpop"]);
|
|
585
|
+
const l = s.grant_type === "urn:ietf:params:oauth:grant-type:token-exchange", a = s.grant_type === "refresh_token" && d, u = Object.assign(Object.assign(Object.assign(Object.assign({}, s), l && i && { audience: i }), l && r && { scope: r }), a && { audience: i, scope: r }), p = h ? fe(u) : JSON.stringify(u), g = (f = s.grant_type, ht.includes(f));
|
|
587
586
|
var f;
|
|
588
|
-
return await
|
|
587
|
+
return await Ye(`${t}/oauth/token`, n, i || "default", r, { method: "POST", body: p, headers: { "Content-Type": h ? "application/x-www-form-urlencoded" : "application/json", "Auth0-Client": btoa(JSON.stringify(rt(c || $e))) } }, e, h, d, g ? m : void 0);
|
|
589
588
|
}
|
|
590
|
-
const
|
|
591
|
-
return (e =
|
|
589
|
+
const oe = (...o) => {
|
|
590
|
+
return (e = o.filter(Boolean).join(" ").trim().split(/\s+/), Array.from(new Set(e))).join(" ");
|
|
592
591
|
var e;
|
|
593
|
-
},
|
|
594
|
-
let
|
|
595
|
-
return t && (
|
|
592
|
+
}, Q = (o, e, t) => {
|
|
593
|
+
let n;
|
|
594
|
+
return t && (n = o[t]), n || (n = o.default), oe(n, e);
|
|
596
595
|
};
|
|
597
596
|
class P {
|
|
598
|
-
constructor(e, t = "@@auth0spajs@@",
|
|
599
|
-
this.prefix = t, this.suffix =
|
|
597
|
+
constructor(e, t = "@@auth0spajs@@", n) {
|
|
598
|
+
this.prefix = t, this.suffix = n, this.clientId = e.clientId, this.scope = e.scope, this.audience = e.audience;
|
|
600
599
|
}
|
|
601
600
|
toKey() {
|
|
602
601
|
return [this.prefix, this.clientId, this.audience, this.scope, this.suffix].filter(Boolean).join("::");
|
|
603
602
|
}
|
|
604
603
|
static fromKey(e) {
|
|
605
|
-
const [t,
|
|
606
|
-
return new P({ clientId:
|
|
604
|
+
const [t, n, i, r] = e.split("::");
|
|
605
|
+
return new P({ clientId: n, scope: r, audience: i }, t);
|
|
607
606
|
}
|
|
608
607
|
static fromCacheEntry(e) {
|
|
609
|
-
const { scope: t, audience:
|
|
610
|
-
return new P({ scope: t, audience:
|
|
608
|
+
const { scope: t, audience: n, client_id: i } = e;
|
|
609
|
+
return new P({ scope: t, audience: n, clientId: i });
|
|
611
610
|
}
|
|
612
611
|
}
|
|
613
|
-
class
|
|
612
|
+
class vt {
|
|
614
613
|
set(e, t) {
|
|
615
614
|
localStorage.setItem(e, JSON.stringify(t));
|
|
616
615
|
}
|
|
@@ -629,67 +628,67 @@ class kt {
|
|
|
629
628
|
return Object.keys(window.localStorage).filter(((e) => e.startsWith("@@auth0spajs@@")));
|
|
630
629
|
}
|
|
631
630
|
}
|
|
632
|
-
class
|
|
631
|
+
class Be {
|
|
633
632
|
constructor() {
|
|
634
633
|
this.enclosedCache = /* @__PURE__ */ (function() {
|
|
635
634
|
let e = {};
|
|
636
|
-
return { set(t,
|
|
637
|
-
e[t] =
|
|
635
|
+
return { set(t, n) {
|
|
636
|
+
e[t] = n;
|
|
638
637
|
}, get(t) {
|
|
639
|
-
const
|
|
640
|
-
if (
|
|
638
|
+
const n = e[t];
|
|
639
|
+
if (n) return n;
|
|
641
640
|
}, remove(t) {
|
|
642
641
|
delete e[t];
|
|
643
642
|
}, allKeys: () => Object.keys(e) };
|
|
644
643
|
})();
|
|
645
644
|
}
|
|
646
645
|
}
|
|
647
|
-
class
|
|
648
|
-
constructor(e, t,
|
|
649
|
-
this.cache = e, this.keyManifest = t, this.nowProvider =
|
|
646
|
+
class St {
|
|
647
|
+
constructor(e, t, n) {
|
|
648
|
+
this.cache = e, this.keyManifest = t, this.nowProvider = n || Xe;
|
|
650
649
|
}
|
|
651
|
-
async setIdToken(e, t,
|
|
650
|
+
async setIdToken(e, t, n) {
|
|
652
651
|
var i;
|
|
653
652
|
const r = this.getIdTokenCacheKey(e);
|
|
654
|
-
await this.cache.set(r, { id_token: t, decodedToken:
|
|
653
|
+
await this.cache.set(r, { id_token: t, decodedToken: n }), await ((i = this.keyManifest) === null || i === void 0 ? void 0 : i.add(r));
|
|
655
654
|
}
|
|
656
655
|
async getIdToken(e) {
|
|
657
656
|
const t = await this.cache.get(this.getIdTokenCacheKey(e.clientId));
|
|
658
657
|
if (!t && e.scope && e.audience) {
|
|
659
|
-
const
|
|
660
|
-
return !
|
|
658
|
+
const n = await this.get(e);
|
|
659
|
+
return !n || !n.id_token || !n.decodedToken ? void 0 : { id_token: n.id_token, decodedToken: n.decodedToken };
|
|
661
660
|
}
|
|
662
661
|
if (t) return { id_token: t.id_token, decodedToken: t.decodedToken };
|
|
663
662
|
}
|
|
664
|
-
async get(e, t = 0,
|
|
663
|
+
async get(e, t = 0, n = !1, i) {
|
|
665
664
|
var r;
|
|
666
|
-
let
|
|
667
|
-
if (!
|
|
665
|
+
let c = await this.cache.get(e.toKey());
|
|
666
|
+
if (!c) {
|
|
668
667
|
const m = await this.getCacheKeys();
|
|
669
668
|
if (!m) return;
|
|
670
669
|
const s = this.matchExistingCacheKey(e, m);
|
|
671
|
-
if (s && (
|
|
670
|
+
if (s && (c = await this.cache.get(s)), !c && n && i !== "cache-only") return this.getEntryWithRefreshToken(e, m);
|
|
672
671
|
}
|
|
673
|
-
if (!
|
|
672
|
+
if (!c) return;
|
|
674
673
|
const h = await this.nowProvider(), d = Math.floor(h / 1e3);
|
|
675
|
-
return
|
|
674
|
+
return c.expiresAt - t < d ? c.body.refresh_token ? this.modifiedCachedEntry(c, e) : (await this.cache.remove(e.toKey()), void await ((r = this.keyManifest) === null || r === void 0 ? void 0 : r.remove(e.toKey()))) : c.body;
|
|
676
675
|
}
|
|
677
676
|
async modifiedCachedEntry(e, t) {
|
|
678
677
|
return e.body = { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope }, await this.cache.set(t.toKey(), e), { refresh_token: e.body.refresh_token, audience: e.body.audience, scope: e.body.scope };
|
|
679
678
|
}
|
|
680
679
|
async set(e) {
|
|
681
680
|
var t;
|
|
682
|
-
const
|
|
683
|
-
await this.cache.set(
|
|
681
|
+
const n = new P({ clientId: e.client_id, scope: e.scope, audience: e.audience }), i = await this.wrapCacheEntry(e);
|
|
682
|
+
await this.cache.set(n.toKey(), i), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.add(n.toKey()));
|
|
684
683
|
}
|
|
685
|
-
async remove(e, t,
|
|
686
|
-
const i = new P({ clientId: e, scope:
|
|
684
|
+
async remove(e, t, n) {
|
|
685
|
+
const i = new P({ clientId: e, scope: n, audience: t });
|
|
687
686
|
await this.cache.remove(i.toKey());
|
|
688
687
|
}
|
|
689
688
|
async clear(e) {
|
|
690
689
|
var t;
|
|
691
|
-
const
|
|
692
|
-
|
|
690
|
+
const n = await this.getCacheKeys();
|
|
691
|
+
n && (await n.filter(((i) => !e || i.includes(e))).reduce((async (i, r) => {
|
|
693
692
|
await i, await this.cache.remove(r);
|
|
694
693
|
}), Promise.resolve()), await ((t = this.keyManifest) === null || t === void 0 ? void 0 : t.clear()));
|
|
695
694
|
}
|
|
@@ -705,37 +704,37 @@ class bt {
|
|
|
705
704
|
return new P({ clientId: e }, "@@auth0spajs@@", "@@user@@").toKey();
|
|
706
705
|
}
|
|
707
706
|
matchExistingCacheKey(e, t) {
|
|
708
|
-
return t.filter(((
|
|
707
|
+
return t.filter(((n) => {
|
|
709
708
|
var i;
|
|
710
|
-
const r = P.fromKey(
|
|
709
|
+
const r = P.fromKey(n), c = new Set(r.scope && r.scope.split(" ")), h = ((i = e.scope) === null || i === void 0 ? void 0 : i.split(" ")) || [], d = r.scope && h.reduce(((m, s) => m && c.has(s)), !0);
|
|
711
710
|
return r.prefix === "@@auth0spajs@@" && r.clientId === e.clientId && r.audience === e.audience && d;
|
|
712
711
|
}))[0];
|
|
713
712
|
}
|
|
714
713
|
async getEntryWithRefreshToken(e, t) {
|
|
715
|
-
var
|
|
714
|
+
var n;
|
|
716
715
|
for (const i of t) {
|
|
717
716
|
const r = P.fromKey(i);
|
|
718
717
|
if (r.prefix === "@@auth0spajs@@" && r.clientId === e.clientId) {
|
|
719
|
-
const
|
|
720
|
-
if (!((
|
|
718
|
+
const c = await this.cache.get(i);
|
|
719
|
+
if (!((n = c?.body) === null || n === void 0) && n.refresh_token) return this.modifiedCachedEntry(c, e);
|
|
721
720
|
}
|
|
722
721
|
}
|
|
723
722
|
}
|
|
724
723
|
async updateEntry(e, t) {
|
|
725
|
-
var
|
|
724
|
+
var n;
|
|
726
725
|
const i = await this.getCacheKeys();
|
|
727
726
|
if (i) for (const r of i) {
|
|
728
|
-
const
|
|
729
|
-
if (((
|
|
730
|
-
const h = Object.assign(Object.assign({},
|
|
727
|
+
const c = await this.cache.get(r);
|
|
728
|
+
if (((n = c?.body) === null || n === void 0 ? void 0 : n.refresh_token) === e) {
|
|
729
|
+
const h = Object.assign(Object.assign({}, c.body), { refresh_token: t });
|
|
731
730
|
await this.set(h);
|
|
732
731
|
}
|
|
733
732
|
}
|
|
734
733
|
}
|
|
735
734
|
}
|
|
736
|
-
class
|
|
737
|
-
constructor(e, t,
|
|
738
|
-
this.storage = e, this.clientId = t, this.cookieDomain =
|
|
735
|
+
class _t {
|
|
736
|
+
constructor(e, t, n) {
|
|
737
|
+
this.storage = e, this.clientId = t, this.cookieDomain = n, this.storageKey = `a0.spajs.txs.${this.clientId}`;
|
|
739
738
|
}
|
|
740
739
|
create(e) {
|
|
741
740
|
this.storage.save(this.storageKey, e, { daysUntilExpire: 1, cookieDomain: this.cookieDomain });
|
|
@@ -747,67 +746,67 @@ class vt {
|
|
|
747
746
|
this.storage.remove(this.storageKey, { cookieDomain: this.cookieDomain });
|
|
748
747
|
}
|
|
749
748
|
}
|
|
750
|
-
const J = (
|
|
751
|
-
if (!
|
|
749
|
+
const J = (o) => typeof o == "number", It = ["iss", "aud", "exp", "nbf", "iat", "jti", "azp", "nonce", "auth_time", "at_hash", "c_hash", "acr", "amr", "sub_jwk", "cnf", "sip_from_tag", "sip_date", "sip_callid", "sip_cseq_num", "sip_via_branch", "orig", "dest", "mky", "events", "toe", "txn", "rph", "sid", "vot", "vtm"], Tt = (o) => {
|
|
750
|
+
if (!o.id_token) throw new Error("ID token is required but missing");
|
|
752
751
|
const e = ((r) => {
|
|
753
|
-
const
|
|
754
|
-
if (
|
|
755
|
-
const s = JSON.parse(
|
|
756
|
-
return Object.keys(s).forEach(((
|
|
757
|
-
l[
|
|
758
|
-
})), { encoded: { header: h, payload: d, signature: m }, header: JSON.parse(
|
|
759
|
-
})(
|
|
752
|
+
const c = r.split("."), [h, d, m] = c;
|
|
753
|
+
if (c.length !== 3 || !h || !d || !m) throw new Error("ID token could not be decoded");
|
|
754
|
+
const s = JSON.parse(xe(d)), l = { __raw: r }, a = {};
|
|
755
|
+
return Object.keys(s).forEach(((u) => {
|
|
756
|
+
l[u] = s[u], It.includes(u) || (a[u] = s[u]);
|
|
757
|
+
})), { encoded: { header: h, payload: d, signature: m }, header: JSON.parse(xe(h)), claims: l, user: a };
|
|
758
|
+
})(o.id_token);
|
|
760
759
|
if (!e.claims.iss) throw new Error("Issuer (iss) claim must be a string present in the ID token");
|
|
761
|
-
if (e.claims.iss !==
|
|
760
|
+
if (e.claims.iss !== o.iss) throw new Error(`Issuer (iss) claim mismatch in the ID token; expected "${o.iss}", found "${e.claims.iss}"`);
|
|
762
761
|
if (!e.user.sub) throw new Error("Subject (sub) claim must be a string present in the ID token");
|
|
763
762
|
if (e.header.alg !== "RS256") throw new Error(`Signature algorithm of "${e.header.alg}" is not supported. Expected the ID token to be signed with "RS256".`);
|
|
764
763
|
if (!e.claims.aud || typeof e.claims.aud != "string" && !Array.isArray(e.claims.aud)) throw new Error("Audience (aud) claim must be a string or array of strings present in the ID token");
|
|
765
764
|
if (Array.isArray(e.claims.aud)) {
|
|
766
|
-
if (!e.claims.aud.includes(
|
|
765
|
+
if (!e.claims.aud.includes(o.aud)) throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but was not one of "${e.claims.aud.join(", ")}"`);
|
|
767
766
|
if (e.claims.aud.length > 1) {
|
|
768
767
|
if (!e.claims.azp) throw new Error("Authorized Party (azp) claim must be a string present in the ID token when Audience (aud) claim has multiple values");
|
|
769
|
-
if (e.claims.azp !==
|
|
768
|
+
if (e.claims.azp !== o.aud) throw new Error(`Authorized Party (azp) claim mismatch in the ID token; expected "${o.aud}", found "${e.claims.azp}"`);
|
|
770
769
|
}
|
|
771
|
-
} else if (e.claims.aud !==
|
|
772
|
-
if (
|
|
770
|
+
} else if (e.claims.aud !== o.aud) throw new Error(`Audience (aud) claim mismatch in the ID token; expected "${o.aud}" but found "${e.claims.aud}"`);
|
|
771
|
+
if (o.nonce) {
|
|
773
772
|
if (!e.claims.nonce) throw new Error("Nonce (nonce) claim must be a string present in the ID token");
|
|
774
|
-
if (e.claims.nonce !==
|
|
773
|
+
if (e.claims.nonce !== o.nonce) throw new Error(`Nonce (nonce) claim mismatch in the ID token; expected "${o.nonce}", found "${e.claims.nonce}"`);
|
|
775
774
|
}
|
|
776
|
-
if (
|
|
775
|
+
if (o.max_age && !J(e.claims.auth_time)) throw new Error("Authentication Time (auth_time) claim must be a number present in the ID token when Max Age (max_age) is specified");
|
|
777
776
|
if (e.claims.exp == null || !J(e.claims.exp)) throw new Error("Expiration Time (exp) claim must be a number present in the ID token");
|
|
778
777
|
if (!J(e.claims.iat)) throw new Error("Issued At (iat) claim must be a number present in the ID token");
|
|
779
|
-
const t =
|
|
780
|
-
if (i.setUTCSeconds(e.claims.exp + t),
|
|
778
|
+
const t = o.leeway || 60, n = new Date(o.now || Date.now()), i = /* @__PURE__ */ new Date(0);
|
|
779
|
+
if (i.setUTCSeconds(e.claims.exp + t), n > i) throw new Error(`Expiration Time (exp) claim error in the ID token; current time (${n}) is after expiration time (${i})`);
|
|
781
780
|
if (e.claims.nbf != null && J(e.claims.nbf)) {
|
|
782
781
|
const r = /* @__PURE__ */ new Date(0);
|
|
783
|
-
if (r.setUTCSeconds(e.claims.nbf - t),
|
|
782
|
+
if (r.setUTCSeconds(e.claims.nbf - t), n < r) throw new Error(`Not Before time (nbf) claim in the ID token indicates that this token can't be used just yet. Current time (${n}) is before ${r}`);
|
|
784
783
|
}
|
|
785
784
|
if (e.claims.auth_time != null && J(e.claims.auth_time)) {
|
|
786
785
|
const r = /* @__PURE__ */ new Date(0);
|
|
787
|
-
if (r.setUTCSeconds(parseInt(e.claims.auth_time) +
|
|
786
|
+
if (r.setUTCSeconds(parseInt(e.claims.auth_time) + o.max_age + t), n > r) throw new Error(`Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (${n}) is after last auth at ${r}`);
|
|
788
787
|
}
|
|
789
|
-
if (
|
|
790
|
-
const r =
|
|
788
|
+
if (o.organization) {
|
|
789
|
+
const r = o.organization.trim();
|
|
791
790
|
if (r.startsWith("org_")) {
|
|
792
|
-
const
|
|
791
|
+
const c = r;
|
|
793
792
|
if (!e.claims.org_id) throw new Error("Organization ID (org_id) claim must be a string present in the ID token");
|
|
794
|
-
if (
|
|
793
|
+
if (c !== e.claims.org_id) throw new Error(`Organization ID (org_id) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_id}"`);
|
|
795
794
|
} else {
|
|
796
|
-
const
|
|
795
|
+
const c = r.toLowerCase();
|
|
797
796
|
if (!e.claims.org_name) throw new Error("Organization Name (org_name) claim must be a string present in the ID token");
|
|
798
|
-
if (
|
|
797
|
+
if (c !== e.claims.org_name) throw new Error(`Organization Name (org_name) claim mismatch in the ID token; expected "${c}", found "${e.claims.org_name}"`);
|
|
799
798
|
}
|
|
800
799
|
}
|
|
801
800
|
return e;
|
|
802
801
|
};
|
|
803
|
-
var
|
|
804
|
-
var t =
|
|
802
|
+
var z = be((function(o, e) {
|
|
803
|
+
var t = j && j.__assign || function() {
|
|
805
804
|
return t = Object.assign || function(d) {
|
|
806
805
|
for (var m, s = 1, l = arguments.length; s < l; s++) for (var a in m = arguments[s]) Object.prototype.hasOwnProperty.call(m, a) && (d[a] = m[a]);
|
|
807
806
|
return d;
|
|
808
807
|
}, t.apply(this, arguments);
|
|
809
808
|
};
|
|
810
|
-
function
|
|
809
|
+
function n(d, m) {
|
|
811
810
|
if (!m) return "";
|
|
812
811
|
var s = "; " + d;
|
|
813
812
|
return m === !0 ? s : s + "=" + m;
|
|
@@ -818,97 +817,97 @@ var D = ge((function(n, e) {
|
|
|
818
817
|
var a = /* @__PURE__ */ new Date();
|
|
819
818
|
a.setMilliseconds(a.getMilliseconds() + 864e5 * l.expires), l.expires = a;
|
|
820
819
|
}
|
|
821
|
-
return
|
|
820
|
+
return n("Expires", l.expires ? l.expires.toUTCString() : "") + n("Domain", l.domain) + n("Path", l.path) + n("Secure", l.secure) + n("SameSite", l.sameSite);
|
|
822
821
|
})(s);
|
|
823
822
|
}
|
|
824
823
|
function r(d) {
|
|
825
824
|
for (var m = {}, s = d ? d.split("; ") : [], l = /(%[\dA-F]{2})+/gi, a = 0; a < s.length; a++) {
|
|
826
|
-
var
|
|
825
|
+
var u = s[a].split("="), p = u.slice(1).join("=");
|
|
827
826
|
p.charAt(0) === '"' && (p = p.slice(1, -1));
|
|
828
827
|
try {
|
|
829
|
-
m[
|
|
828
|
+
m[u[0].replace(l, decodeURIComponent)] = p.replace(l, decodeURIComponent);
|
|
830
829
|
} catch {
|
|
831
830
|
}
|
|
832
831
|
}
|
|
833
832
|
return m;
|
|
834
833
|
}
|
|
835
|
-
function
|
|
834
|
+
function c() {
|
|
836
835
|
return r(document.cookie);
|
|
837
836
|
}
|
|
838
837
|
function h(d, m, s) {
|
|
839
838
|
document.cookie = i(d, m, t({ path: "/" }, s));
|
|
840
839
|
}
|
|
841
|
-
e.__esModule = !0, e.encode = i, e.parse = r, e.getAll =
|
|
842
|
-
return
|
|
840
|
+
e.__esModule = !0, e.encode = i, e.parse = r, e.getAll = c, e.get = function(d) {
|
|
841
|
+
return c()[d];
|
|
843
842
|
}, e.set = h, e.remove = function(d, m) {
|
|
844
843
|
h(d, "", t(t({}, m), { expires: -1 }));
|
|
845
844
|
};
|
|
846
845
|
}));
|
|
847
|
-
|
|
848
|
-
var
|
|
849
|
-
const
|
|
850
|
-
const e =
|
|
846
|
+
we(z), z.encode, z.parse, z.getAll;
|
|
847
|
+
var Pt = z.get, qe = z.set, Qe = z.remove;
|
|
848
|
+
const L = { get(o) {
|
|
849
|
+
const e = Pt(o);
|
|
851
850
|
if (e !== void 0) return JSON.parse(e);
|
|
852
|
-
}, save(
|
|
853
|
-
let
|
|
854
|
-
window.location.protocol === "https:" && (
|
|
855
|
-
}, remove(
|
|
851
|
+
}, save(o, e, t) {
|
|
852
|
+
let n = {};
|
|
853
|
+
window.location.protocol === "https:" && (n = { secure: !0, sameSite: "none" }), t?.daysUntilExpire && (n.expires = t.daysUntilExpire), t?.cookieDomain && (n.domain = t.cookieDomain), qe(o, JSON.stringify(e), n);
|
|
854
|
+
}, remove(o, e) {
|
|
856
855
|
let t = {};
|
|
857
|
-
e?.cookieDomain && (t.domain = e.cookieDomain),
|
|
858
|
-
} },
|
|
859
|
-
return
|
|
860
|
-
}, save(
|
|
861
|
-
let
|
|
862
|
-
window.location.protocol === "https:" && (
|
|
863
|
-
}, remove(
|
|
856
|
+
e?.cookieDomain && (t.domain = e.cookieDomain), Qe(o, t);
|
|
857
|
+
} }, Ot = { get(o) {
|
|
858
|
+
return L.get(o) || L.get(`_legacy_${o}`);
|
|
859
|
+
}, save(o, e, t) {
|
|
860
|
+
let n = {};
|
|
861
|
+
window.location.protocol === "https:" && (n = { secure: !0 }), t?.daysUntilExpire && (n.expires = t.daysUntilExpire), t?.cookieDomain && (n.domain = t.cookieDomain), qe(`_legacy_${o}`, JSON.stringify(e), n), L.save(o, e, t);
|
|
862
|
+
}, remove(o, e) {
|
|
864
863
|
let t = {};
|
|
865
|
-
e?.cookieDomain && (t.domain = e.cookieDomain),
|
|
866
|
-
} },
|
|
864
|
+
e?.cookieDomain && (t.domain = e.cookieDomain), Qe(o, t), L.remove(o, e), L.remove(`_legacy_${o}`, e);
|
|
865
|
+
} }, Et = { get(o) {
|
|
867
866
|
if (typeof sessionStorage > "u") return;
|
|
868
|
-
const e = sessionStorage.getItem(
|
|
867
|
+
const e = sessionStorage.getItem(o);
|
|
869
868
|
return e != null ? JSON.parse(e) : void 0;
|
|
870
|
-
}, save(
|
|
871
|
-
sessionStorage.setItem(
|
|
872
|
-
}, remove(
|
|
873
|
-
sessionStorage.removeItem(
|
|
869
|
+
}, save(o, e) {
|
|
870
|
+
sessionStorage.setItem(o, JSON.stringify(e));
|
|
871
|
+
}, remove(o) {
|
|
872
|
+
sessionStorage.removeItem(o);
|
|
874
873
|
} };
|
|
875
|
-
var
|
|
876
|
-
(function(
|
|
877
|
-
|
|
878
|
-
})(
|
|
879
|
-
function
|
|
880
|
-
var
|
|
874
|
+
var N;
|
|
875
|
+
(function(o) {
|
|
876
|
+
o.Code = "code", o.ConnectCode = "connect_code";
|
|
877
|
+
})(N || (N = {}));
|
|
878
|
+
function Ct(o, e, t) {
|
|
879
|
+
var n = e === void 0 ? null : e, i = (function(d, m) {
|
|
881
880
|
var s = atob(d);
|
|
882
881
|
if (m) {
|
|
883
|
-
for (var l = new Uint8Array(s.length), a = 0,
|
|
882
|
+
for (var l = new Uint8Array(s.length), a = 0, u = s.length; a < u; ++a) l[a] = s.charCodeAt(a);
|
|
884
883
|
return String.fromCharCode.apply(null, new Uint16Array(l.buffer));
|
|
885
884
|
}
|
|
886
885
|
return s;
|
|
887
|
-
})(
|
|
888
|
-
`, 10) + 1,
|
|
886
|
+
})(o, t !== void 0 && t), r = i.indexOf(`
|
|
887
|
+
`, 10) + 1, c = i.substring(r) + (n ? "//# sourceMappingURL=" + n : ""), h = new Blob([c], { type: "application/javascript" });
|
|
889
888
|
return URL.createObjectURL(h);
|
|
890
889
|
}
|
|
891
|
-
var
|
|
892
|
-
return
|
|
890
|
+
var Ne, De, Ke, he, At = (Ne = "Lyogcm9sbHVwLXBsdWdpbi13ZWItd29ya2VyLWxvYWRlciAqLwohZnVuY3Rpb24oKXsidXNlIHN0cmljdCI7Y2xhc3MgZSBleHRlbmRzIEVycm9ye2NvbnN0cnVjdG9yKHQscil7c3VwZXIociksdGhpcy5lcnJvcj10LHRoaXMuZXJyb3JfZGVzY3JpcHRpb249cixPYmplY3Quc2V0UHJvdG90eXBlT2YodGhpcyxlLnByb3RvdHlwZSl9c3RhdGljIGZyb21QYXlsb2FkKHtlcnJvcjp0LGVycm9yX2Rlc2NyaXB0aW9uOnJ9KXtyZXR1cm4gbmV3IGUodCxyKX19Y2xhc3MgdCBleHRlbmRzIGV7Y29uc3RydWN0b3IoZSxzKXtzdXBlcigibWlzc2luZ19yZWZyZXNoX3Rva2VuIixgTWlzc2luZyBSZWZyZXNoIFRva2VuIChhdWRpZW5jZTogJyR7cihlLFsiZGVmYXVsdCJdKX0nLCBzY29wZTogJyR7cihzKX0nKWApLHRoaXMuYXVkaWVuY2U9ZSx0aGlzLnNjb3BlPXMsT2JqZWN0LnNldFByb3RvdHlwZU9mKHRoaXMsdC5wcm90b3R5cGUpfX1mdW5jdGlvbiByKGUsdD1bXSl7cmV0dXJuIGUmJiF0LmluY2x1ZGVzKGUpP2U6IiJ9ImZ1bmN0aW9uIj09dHlwZW9mIFN1cHByZXNzZWRFcnJvciYmU3VwcHJlc3NlZEVycm9yO2NvbnN0IHM9ZT0+e3ZhcntjbGllbnRJZDp0fT1lLHI9ZnVuY3Rpb24oZSx0KXt2YXIgcj17fTtmb3IodmFyIHMgaW4gZSlPYmplY3QucHJvdG90eXBlLmhhc093blByb3BlcnR5LmNhbGwoZSxzKSYmdC5pbmRleE9mKHMpPDAmJihyW3NdPWVbc10pO2lmKG51bGwhPWUmJiJmdW5jdGlvbiI9PXR5cGVvZiBPYmplY3QuZ2V0T3duUHJvcGVydHlTeW1ib2xzKXt2YXIgbz0wO2ZvcihzPU9iamVjdC5nZXRPd25Qcm9wZXJ0eVN5bWJvbHMoZSk7bzxzLmxlbmd0aDtvKyspdC5pbmRleE9mKHNbb10pPDAmJk9iamVjdC5wcm90b3R5cGUucHJvcGVydHlJc0VudW1lcmFibGUuY2FsbChlLHNbb10pJiYocltzW29dXT1lW3Nbb11dKX1yZXR1cm4gcn0oZSxbImNsaWVudElkIl0pO3JldHVybiBuZXcgVVJMU2VhcmNoUGFyYW1zKChlPT5PYmplY3Qua2V5cyhlKS5maWx0ZXIoKHQ9PnZvaWQgMCE9PWVbdF0pKS5yZWR1Y2UoKCh0LHIpPT5PYmplY3QuYXNzaWduKE9iamVjdC5hc3NpZ24oe30sdCkse1tyXTplW3JdfSkpLHt9KSkoT2JqZWN0LmFzc2lnbih7Y2xpZW50X2lkOnR9LHIpKSkudG9TdHJpbmcoKX07bGV0IG89e307Y29uc3Qgbj0oZSx0KT0+YCR7ZX18JHt0fWA7YWRkRXZlbnRMaXN0ZW5lcigibWVzc2FnZSIsKGFzeW5jKHtkYXRhOnt0aW1lb3V0OmUsYXV0aDpyLGZldGNoVXJsOmksZmV0Y2hPcHRpb25zOmMsdXNlRm9ybURhdGE6YSx1c2VNcnJ0OmZ9LHBvcnRzOltwXX0pPT57bGV0IGgsdSxsPXt9O2NvbnN0e2F1ZGllbmNlOmQsc2NvcGU6eX09cnx8e307dHJ5e2NvbnN0IHI9YT8oZT0+e2NvbnN0IHQ9bmV3IFVSTFNlYXJjaFBhcmFtcyhlKSxyPXt9O3JldHVybiB0LmZvckVhY2goKChlLHQpPT57clt0XT1lfSkpLHJ9KShjLmJvZHkpOkpTT04ucGFyc2UoYy5ib2R5KTtpZighci5yZWZyZXNoX3Rva2VuJiYicmVmcmVzaF90b2tlbiI9PT1yLmdyYW50X3R5cGUpe2lmKHU9KChlLHQpPT5vW24oZSx0KV0pKGQseSksIXUmJmYpe2NvbnN0IGU9by5sYXRlc3RfcmVmcmVzaF90b2tlbix0PSgoZSx0KT0+e2NvbnN0IHI9T2JqZWN0LmtleXMobykuZmluZCgocj0+e2lmKCJsYXRlc3RfcmVmcmVzaF90b2tlbiIhPT1yKXtjb25zdCBzPSgoZSx0KT0+dC5zdGFydHNXaXRoKGAke2V9fGApKSh0LHIpLG89ci5zcGxpdCgifCIpWzFdLnNwbGl0KCIgIiksbj1lLnNwbGl0KCIgIikuZXZlcnkoKGU9Pm8uaW5jbHVkZXMoZSkpKTtyZXR1cm4gcyYmbn19KSk7cmV0dXJuISFyfSkoeSxkKTtlJiYhdCYmKHU9ZSl9aWYoIXUpdGhyb3cgbmV3IHQoZCx5KTtjLmJvZHk9YT9zKE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpOkpTT04uc3RyaW5naWZ5KE9iamVjdC5hc3NpZ24oT2JqZWN0LmFzc2lnbih7fSxyKSx7cmVmcmVzaF90b2tlbjp1fSkpfWxldCBqLGs7ImZ1bmN0aW9uIj09dHlwZW9mIEFib3J0Q29udHJvbGxlciYmKGo9bmV3IEFib3J0Q29udHJvbGxlcixjLnNpZ25hbD1qLnNpZ25hbCk7dHJ5e2s9YXdhaXQgUHJvbWlzZS5yYWNlKFsoXz1lLG5ldyBQcm9taXNlKChlPT5zZXRUaW1lb3V0KGUsXykpKSksZmV0Y2goaSxPYmplY3QuYXNzaWduKHt9LGMpKV0pfWNhdGNoKGUpe3JldHVybiB2b2lkIHAucG9zdE1lc3NhZ2Uoe2Vycm9yOmUubWVzc2FnZX0pfWlmKCFrKXJldHVybiBqJiZqLmFib3J0KCksdm9pZCBwLnBvc3RNZXNzYWdlKHtlcnJvcjoiVGltZW91dCB3aGVuIGV4ZWN1dGluZyAnZmV0Y2gnIn0pO2c9ay5oZWFkZXJzLGw9Wy4uLmddLnJlZHVjZSgoKGUsW3Qscl0pPT4oZVt0XT1yLGUpKSx7fSksaD1hd2FpdCBrLmpzb24oKSxoLnJlZnJlc2hfdG9rZW4/KGYmJihvLmxhdGVzdF9yZWZyZXNoX3Rva2VuPWgucmVmcmVzaF90b2tlbixPPXUsYj1oLnJlZnJlc2hfdG9rZW4sT2JqZWN0LmVudHJpZXMobykuZm9yRWFjaCgoKFtlLHRdKT0+e3Q9PT1PJiYob1tlXT1iKX0pKSksKChlLHQscik9PntvW24odCxyKV09ZX0pKGgucmVmcmVzaF90b2tlbixkLHkpLGRlbGV0ZSBoLnJlZnJlc2hfdG9rZW4pOigoZSx0KT0+e2RlbGV0ZSBvW24oZSx0KV19KShkLHkpLHAucG9zdE1lc3NhZ2Uoe29rOmsub2ssanNvbjpoLGhlYWRlcnM6bH0pfWNhdGNoKGUpe3AucG9zdE1lc3NhZ2Uoe29rOiExLGpzb246e2Vycm9yOmUuZXJyb3IsZXJyb3JfZGVzY3JpcHRpb246ZS5tZXNzYWdlfSxoZWFkZXJzOmx9KX12YXIgTyxiLGcsX30pKX0oKTsKCg==", De = null, Ke = !1, function(o) {
|
|
891
|
+
return he = he || Ct(Ne, De, Ke), new Worker(he, o);
|
|
893
892
|
});
|
|
894
|
-
const
|
|
895
|
-
for (let t = 0; t < e; t++) if (await
|
|
893
|
+
const pe = {}, ze = async (o, e = 3) => {
|
|
894
|
+
for (let t = 0; t < e; t++) if (await o()) return !0;
|
|
896
895
|
return !1;
|
|
897
896
|
};
|
|
898
|
-
class
|
|
897
|
+
class xt {
|
|
899
898
|
constructor(e, t) {
|
|
900
899
|
this.cache = e, this.clientId = t, this.manifestKey = this.createManifestKeyFrom(this.clientId);
|
|
901
900
|
}
|
|
902
901
|
async add(e) {
|
|
903
902
|
var t;
|
|
904
|
-
const
|
|
905
|
-
|
|
903
|
+
const n = new Set(((t = await this.cache.get(this.manifestKey)) === null || t === void 0 ? void 0 : t.keys) || []);
|
|
904
|
+
n.add(e), await this.cache.set(this.manifestKey, { keys: [...n] });
|
|
906
905
|
}
|
|
907
906
|
async remove(e) {
|
|
908
907
|
const t = await this.cache.get(this.manifestKey);
|
|
909
908
|
if (t) {
|
|
910
|
-
const
|
|
911
|
-
return
|
|
909
|
+
const n = new Set(t.keys);
|
|
910
|
+
return n.delete(e), n.size > 0 ? await this.cache.set(this.manifestKey, { keys: [...n] }) : await this.cache.remove(this.manifestKey);
|
|
912
911
|
}
|
|
913
912
|
}
|
|
914
913
|
get() {
|
|
@@ -921,14 +920,14 @@ class Ct {
|
|
|
921
920
|
return `@@auth0spajs@@::${e}`;
|
|
922
921
|
}
|
|
923
922
|
}
|
|
924
|
-
const
|
|
925
|
-
const { openUrl: e, onRedirect: t } =
|
|
926
|
-
return Object.assign(Object.assign({},
|
|
927
|
-
},
|
|
923
|
+
const Rt = { memory: () => new Be().enclosedCache, localstorage: () => new vt() }, Ue = (o) => Rt[o], Le = (o) => {
|
|
924
|
+
const { openUrl: e, onRedirect: t } = o, n = O(o, ["openUrl", "onRedirect"]);
|
|
925
|
+
return Object.assign(Object.assign({}, n), { openUrl: e === !1 || e ? e : t });
|
|
926
|
+
}, He = (o, e) => {
|
|
928
927
|
const t = e?.split(" ") || [];
|
|
929
|
-
return (
|
|
930
|
-
},
|
|
931
|
-
class
|
|
928
|
+
return (o?.split(" ") || []).every(((n) => t.includes(n)));
|
|
929
|
+
}, x = { NONCE: "nonce", KEYPAIR: "keypair" };
|
|
930
|
+
class jt {
|
|
932
931
|
constructor(e) {
|
|
933
932
|
this.clientId = e;
|
|
934
933
|
}
|
|
@@ -937,17 +936,17 @@ class Kt {
|
|
|
937
936
|
}
|
|
938
937
|
createDbHandle() {
|
|
939
938
|
const e = window.indexedDB.open("auth0-spa-js", this.getVersion());
|
|
940
|
-
return new Promise(((t,
|
|
941
|
-
e.onupgradeneeded = () => Object.values(
|
|
939
|
+
return new Promise(((t, n) => {
|
|
940
|
+
e.onupgradeneeded = () => Object.values(x).forEach(((i) => e.result.createObjectStore(i))), e.onerror = () => n(e.error), e.onsuccess = () => t(e.result);
|
|
942
941
|
}));
|
|
943
942
|
}
|
|
944
943
|
async getDbHandle() {
|
|
945
944
|
return this.dbHandle || (this.dbHandle = await this.createDbHandle()), this.dbHandle;
|
|
946
945
|
}
|
|
947
|
-
async executeDbRequest(e, t,
|
|
948
|
-
const i =
|
|
949
|
-
return new Promise(((r,
|
|
950
|
-
i.onsuccess = () => r(i.result), i.onerror = () =>
|
|
946
|
+
async executeDbRequest(e, t, n) {
|
|
947
|
+
const i = n((await this.getDbHandle()).transaction(e, t).objectStore(e));
|
|
948
|
+
return new Promise(((r, c) => {
|
|
949
|
+
i.onsuccess = () => r(i.result), i.onerror = () => c(i.error);
|
|
951
950
|
}));
|
|
952
951
|
}
|
|
953
952
|
buildKey(e) {
|
|
@@ -955,40 +954,40 @@ class Kt {
|
|
|
955
954
|
return `${this.clientId}::${t}`;
|
|
956
955
|
}
|
|
957
956
|
setNonce(e, t) {
|
|
958
|
-
return this.save(
|
|
957
|
+
return this.save(x.NONCE, this.buildKey(t), e);
|
|
959
958
|
}
|
|
960
959
|
setKeyPair(e) {
|
|
961
|
-
return this.save(
|
|
960
|
+
return this.save(x.KEYPAIR, this.buildKey(), e);
|
|
962
961
|
}
|
|
963
|
-
async save(e, t,
|
|
964
|
-
await this.executeDbRequest(e, "readwrite", ((i) => i.put(
|
|
962
|
+
async save(e, t, n) {
|
|
963
|
+
await this.executeDbRequest(e, "readwrite", ((i) => i.put(n, t)));
|
|
965
964
|
}
|
|
966
965
|
findNonce(e) {
|
|
967
|
-
return this.find(
|
|
966
|
+
return this.find(x.NONCE, this.buildKey(e));
|
|
968
967
|
}
|
|
969
968
|
findKeyPair() {
|
|
970
|
-
return this.find(
|
|
969
|
+
return this.find(x.KEYPAIR, this.buildKey());
|
|
971
970
|
}
|
|
972
971
|
find(e, t) {
|
|
973
|
-
return this.executeDbRequest(e, "readonly", ((
|
|
972
|
+
return this.executeDbRequest(e, "readonly", ((n) => n.get(t)));
|
|
974
973
|
}
|
|
975
974
|
async deleteBy(e, t) {
|
|
976
|
-
const
|
|
977
|
-
|
|
975
|
+
const n = await this.executeDbRequest(e, "readonly", ((i) => i.getAllKeys()));
|
|
976
|
+
n?.filter(t).map(((i) => this.executeDbRequest(e, "readwrite", ((r) => r.delete(i)))));
|
|
978
977
|
}
|
|
979
978
|
deleteByClientId(e, t) {
|
|
980
|
-
return this.deleteBy(e, ((
|
|
979
|
+
return this.deleteBy(e, ((n) => typeof n == "string" && n.startsWith(`${t}::`)));
|
|
981
980
|
}
|
|
982
981
|
clearNonces() {
|
|
983
|
-
return this.deleteByClientId(
|
|
982
|
+
return this.deleteByClientId(x.NONCE, this.clientId);
|
|
984
983
|
}
|
|
985
984
|
clearKeyPairs() {
|
|
986
|
-
return this.deleteByClientId(
|
|
985
|
+
return this.deleteByClientId(x.KEYPAIR, this.clientId);
|
|
987
986
|
}
|
|
988
987
|
}
|
|
989
|
-
class
|
|
988
|
+
class Nt {
|
|
990
989
|
constructor(e) {
|
|
991
|
-
this.storage = new
|
|
990
|
+
this.storage = new jt(e);
|
|
992
991
|
}
|
|
993
992
|
getNonce(e) {
|
|
994
993
|
return this.storage.findNonce(e);
|
|
@@ -998,24 +997,24 @@ class Rt {
|
|
|
998
997
|
}
|
|
999
998
|
async getOrGenerateKeyPair() {
|
|
1000
999
|
let e = await this.storage.findKeyPair();
|
|
1001
|
-
return e || (e = await
|
|
1000
|
+
return e || (e = await pt(), await this.storage.setKeyPair(e)), e;
|
|
1002
1001
|
}
|
|
1003
1002
|
async generateProof(e) {
|
|
1004
1003
|
const t = await this.getOrGenerateKeyPair();
|
|
1005
|
-
return
|
|
1004
|
+
return ft(Object.assign({ keyPair: t }, e));
|
|
1006
1005
|
}
|
|
1007
1006
|
async calculateThumbprint() {
|
|
1008
|
-
return
|
|
1007
|
+
return mt(await this.getOrGenerateKeyPair());
|
|
1009
1008
|
}
|
|
1010
1009
|
async clear() {
|
|
1011
1010
|
await Promise.all([this.storage.clearNonces(), this.storage.clearKeyPairs()]);
|
|
1012
1011
|
}
|
|
1013
1012
|
}
|
|
1014
1013
|
var H;
|
|
1015
|
-
(function(
|
|
1016
|
-
|
|
1014
|
+
(function(o) {
|
|
1015
|
+
o.Bearer = "Bearer", o.DPoP = "DPoP";
|
|
1017
1016
|
})(H || (H = {}));
|
|
1018
|
-
class
|
|
1017
|
+
class Dt {
|
|
1019
1018
|
constructor(e, t) {
|
|
1020
1019
|
this.hooks = t, this.config = Object.assign(Object.assign({}, e), { fetch: e.fetch || (typeof window > "u" ? fetch : window.fetch.bind(window)) });
|
|
1021
1020
|
}
|
|
@@ -1037,21 +1036,21 @@ class xt {
|
|
|
1037
1036
|
}
|
|
1038
1037
|
buildBaseRequest(e, t) {
|
|
1039
1038
|
if (!this.config.baseUrl) return new Request(e, t);
|
|
1040
|
-
const
|
|
1039
|
+
const n = this.buildUrl(this.config.baseUrl, this.extractUrl(e)), i = e instanceof Request ? new Request(n, e) : n;
|
|
1041
1040
|
return new Request(i, t);
|
|
1042
1041
|
}
|
|
1043
|
-
setAuthorizationHeader(e, t,
|
|
1044
|
-
e.headers.set("authorization", `${
|
|
1042
|
+
setAuthorizationHeader(e, t, n = H.Bearer) {
|
|
1043
|
+
e.headers.set("authorization", `${n} ${t}`);
|
|
1045
1044
|
}
|
|
1046
1045
|
async setDpopProofHeader(e, t) {
|
|
1047
1046
|
if (!this.config.dpopNonceId) return;
|
|
1048
|
-
const
|
|
1047
|
+
const n = await this.hooks.getDpopNonce(), i = await this.hooks.generateDpopProof({ accessToken: t, method: e.method, nonce: n, url: e.url });
|
|
1049
1048
|
e.headers.set("dpop", i);
|
|
1050
1049
|
}
|
|
1051
1050
|
async prepareRequest(e, t) {
|
|
1052
|
-
const
|
|
1051
|
+
const n = await this.getAccessToken(t);
|
|
1053
1052
|
let i, r;
|
|
1054
|
-
typeof
|
|
1053
|
+
typeof n == "string" ? (i = this.config.dpopNonceId ? H.DPoP : H.Bearer, r = n) : (i = n.token_type, r = n.access_token), this.setAuthorizationHeader(e, r, i), i === H.DPoP && await this.setDpopProofHeader(e, r);
|
|
1055
1054
|
}
|
|
1056
1055
|
getHeader(e, t) {
|
|
1057
1056
|
return Array.isArray(e) ? new Headers(e).get(t) || "" : typeof e.get == "function" ? e.get(t) || "" : e[t] || "";
|
|
@@ -1062,23 +1061,23 @@ class xt {
|
|
|
1062
1061
|
return t.includes("invalid_dpop_nonce") || t.includes("use_dpop_nonce");
|
|
1063
1062
|
}
|
|
1064
1063
|
async handleResponse(e, t) {
|
|
1065
|
-
const
|
|
1066
|
-
if (
|
|
1067
|
-
if (!
|
|
1064
|
+
const n = this.getHeader(e.headers, "dpop-nonce");
|
|
1065
|
+
if (n && await this.hooks.setDpopNonce(n), !this.hasUseDpopNonceError(e)) return e;
|
|
1066
|
+
if (!n || !t.onUseDpopNonceError) throw new ue(n);
|
|
1068
1067
|
return t.onUseDpopNonceError();
|
|
1069
1068
|
}
|
|
1070
|
-
async internalFetchWithAuth(e, t,
|
|
1069
|
+
async internalFetchWithAuth(e, t, n, i) {
|
|
1071
1070
|
const r = this.buildBaseRequest(e, t);
|
|
1072
1071
|
await this.prepareRequest(r, i);
|
|
1073
|
-
const
|
|
1074
|
-
return this.handleResponse(
|
|
1072
|
+
const c = await this.config.fetch(r);
|
|
1073
|
+
return this.handleResponse(c, n);
|
|
1075
1074
|
}
|
|
1076
|
-
fetchWithAuth(e, t,
|
|
1077
|
-
const i = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, i), { onUseDpopNonceError: void 0 }),
|
|
1078
|
-
return this.internalFetchWithAuth(e, t, i,
|
|
1075
|
+
fetchWithAuth(e, t, n) {
|
|
1076
|
+
const i = { onUseDpopNonceError: () => this.internalFetchWithAuth(e, t, Object.assign(Object.assign({}, i), { onUseDpopNonceError: void 0 }), n) };
|
|
1077
|
+
return this.internalFetchWithAuth(e, t, i, n);
|
|
1079
1078
|
}
|
|
1080
1079
|
}
|
|
1081
|
-
class
|
|
1080
|
+
class Kt {
|
|
1082
1081
|
constructor(e, t) {
|
|
1083
1082
|
this.myAccountFetcher = e, this.apiBase = t;
|
|
1084
1083
|
}
|
|
@@ -1094,95 +1093,95 @@ class zt {
|
|
|
1094
1093
|
let t;
|
|
1095
1094
|
try {
|
|
1096
1095
|
t = await e.text(), t = JSON.parse(t);
|
|
1097
|
-
} catch (
|
|
1098
|
-
throw new
|
|
1096
|
+
} catch (n) {
|
|
1097
|
+
throw new se({ type: "invalid_json", status: e.status, title: "Invalid JSON response", detail: t || String(n) });
|
|
1099
1098
|
}
|
|
1100
1099
|
if (e.ok) return t;
|
|
1101
|
-
throw new
|
|
1100
|
+
throw new se(t);
|
|
1102
1101
|
}
|
|
1103
1102
|
}
|
|
1104
|
-
class
|
|
1105
|
-
constructor({ type: e, status: t, title:
|
|
1106
|
-
super(i), this.name = "MyAccountApiError", this.type = e, this.status = t, this.title =
|
|
1103
|
+
class se extends Error {
|
|
1104
|
+
constructor({ type: e, status: t, title: n, detail: i, validation_errors: r }) {
|
|
1105
|
+
super(i), this.name = "MyAccountApiError", this.type = e, this.status = t, this.title = n, this.detail = i, this.validation_errors = r, Object.setPrototypeOf(this, se.prototype);
|
|
1107
1106
|
}
|
|
1108
1107
|
}
|
|
1109
|
-
const F = new
|
|
1110
|
-
class
|
|
1108
|
+
const F = new nt();
|
|
1109
|
+
class zt {
|
|
1111
1110
|
constructor(e) {
|
|
1112
|
-
let t,
|
|
1113
|
-
if (this.userCache = new
|
|
1111
|
+
let t, n;
|
|
1112
|
+
if (this.userCache = new Be().enclosedCache, this.activeLockKeys = /* @__PURE__ */ new Set(), this.defaultOptions = { authorizationParams: { scope: "openid profile email" }, useRefreshTokensFallback: !1, useFormData: !0 }, this._releaseLockOnPageHide = async () => {
|
|
1114
1113
|
const d = Array.from(this.activeLockKeys);
|
|
1115
1114
|
for (const m of d) await F.releaseLock(m);
|
|
1116
1115
|
this.activeLockKeys.clear(), window.removeEventListener("pagehide", this._releaseLockOnPageHide);
|
|
1117
1116
|
}, this.options = Object.assign(Object.assign(Object.assign({}, this.defaultOptions), e), { authorizationParams: Object.assign(Object.assign({}, this.defaultOptions.authorizationParams), e.authorizationParams) }), typeof window < "u" && (() => {
|
|
1118
|
-
if (!
|
|
1119
|
-
if (
|
|
1117
|
+
if (!re()) throw new Error("For security reasons, `window.crypto` is required to run `auth0-spa-js`.");
|
|
1118
|
+
if (re().subtle === void 0) throw new Error(`
|
|
1120
1119
|
auth0-spa-js must run on a secure origin. See https://github.com/auth0/auth0-spa-js/blob/main/FAQ.md#why-do-i-get-auth0-spa-js-must-run-on-a-secure-origin for more information.
|
|
1121
1120
|
`);
|
|
1122
|
-
})(), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache)
|
|
1121
|
+
})(), e.cache && e.cacheLocation && console.warn("Both `cache` and `cacheLocation` options have been specified in the Auth0Client configuration; ignoring `cacheLocation` and using `cache`."), e.cache) n = e.cache;
|
|
1123
1122
|
else {
|
|
1124
|
-
if (t = e.cacheLocation || "memory", !
|
|
1125
|
-
|
|
1123
|
+
if (t = e.cacheLocation || "memory", !Ue(t)) throw new Error(`Invalid cache location "${t}"`);
|
|
1124
|
+
n = Ue(t)();
|
|
1126
1125
|
}
|
|
1127
|
-
this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = e.legacySameSiteCookie === !1 ?
|
|
1128
|
-
const i = e.useCookiesForTransactions ? this.cookieStorage :
|
|
1126
|
+
this.httpTimeoutMs = e.httpTimeoutInSeconds ? 1e3 * e.httpTimeoutInSeconds : 1e4, this.cookieStorage = e.legacySameSiteCookie === !1 ? L : Ot, this.orgHintCookieName = `auth0.${this.options.clientId}.organization_hint`, this.isAuthenticatedCookieName = ((d) => `auth0.${d}.is.authenticated`)(this.options.clientId), this.sessionCheckExpiryDays = e.sessionCheckExpiryDays || 1;
|
|
1127
|
+
const i = e.useCookiesForTransactions ? this.cookieStorage : Et;
|
|
1129
1128
|
var r;
|
|
1130
1129
|
this.scope = ((d, m, ...s) => {
|
|
1131
|
-
if (typeof d != "object") return { default:
|
|
1132
|
-
let l = { default:
|
|
1130
|
+
if (typeof d != "object") return { default: oe(m, d, ...s) };
|
|
1131
|
+
let l = { default: oe(m, ...s) };
|
|
1133
1132
|
return Object.keys(d).forEach(((a) => {
|
|
1134
|
-
const
|
|
1135
|
-
l[a] =
|
|
1133
|
+
const u = d[a];
|
|
1134
|
+
l[a] = oe(m, u, ...s);
|
|
1136
1135
|
})), l;
|
|
1137
|
-
})(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new
|
|
1138
|
-
const
|
|
1139
|
-
this.myAccountApi = new
|
|
1136
|
+
})(this.options.authorizationParams.scope, "openid", this.options.useRefreshTokens ? "offline_access" : ""), this.transactionManager = new _t(i, this.options.clientId, this.options.cookieDomain), this.nowProvider = this.options.nowProvider || Xe, this.cacheManager = new St(n, n.allKeys ? void 0 : new xt(n, this.options.clientId), this.nowProvider), this.dpop = this.options.useDpop ? new Nt(this.options.clientId) : void 0, this.domainUrl = (r = this.options.domain, /^https?:\/\//.test(r) ? r : `https://${r}`), this.tokenIssuer = ((d, m) => d ? d.startsWith("https://") ? d : `https://${d}/` : `${m}/`)(this.options.issuer, this.domainUrl);
|
|
1137
|
+
const c = `${this.domainUrl}/me/`, h = this.createFetcher(Object.assign(Object.assign({}, this.options.useDpop && { dpopNonceId: "__auth0_my_account_api__" }), { getAccessToken: () => this.getTokenSilently({ authorizationParams: { scope: "create:me:connected_accounts", audience: c }, detailedResponse: !0 }) }));
|
|
1138
|
+
this.myAccountApi = new Kt(h, c), typeof window < "u" && window.Worker && this.options.useRefreshTokens && t === "memory" && (this.options.workerUrl ? this.worker = new Worker(this.options.workerUrl) : this.worker = new At());
|
|
1140
1139
|
}
|
|
1141
1140
|
_url(e) {
|
|
1142
|
-
const t = encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client ||
|
|
1141
|
+
const t = encodeURIComponent(btoa(JSON.stringify(this.options.auth0Client || $e)));
|
|
1143
1142
|
return `${this.domainUrl}${e}&auth0Client=${t}`;
|
|
1144
1143
|
}
|
|
1145
1144
|
_authorizeUrl(e) {
|
|
1146
|
-
return this._url(`/authorize?${
|
|
1145
|
+
return this._url(`/authorize?${fe(e)}`);
|
|
1147
1146
|
}
|
|
1148
|
-
async _verifyIdToken(e, t,
|
|
1147
|
+
async _verifyIdToken(e, t, n) {
|
|
1149
1148
|
const i = await this.nowProvider();
|
|
1150
|
-
return
|
|
1149
|
+
return Tt({ iss: this.tokenIssuer, aud: this.options.clientId, id_token: e, nonce: t, organization: n, leeway: this.options.leeway, max_age: (r = this.options.authorizationParams.max_age, typeof r != "string" ? r : parseInt(r, 10) || void 0), now: i });
|
|
1151
1150
|
var r;
|
|
1152
1151
|
}
|
|
1153
1152
|
_processOrgHint(e) {
|
|
1154
1153
|
e ? this.cookieStorage.save(this.orgHintCookieName, e, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }) : this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain });
|
|
1155
1154
|
}
|
|
1156
|
-
async _prepareAuthorizeUrl(e, t,
|
|
1155
|
+
async _prepareAuthorizeUrl(e, t, n) {
|
|
1157
1156
|
var i;
|
|
1158
|
-
const r =
|
|
1159
|
-
return { nonce:
|
|
1157
|
+
const r = de(W()), c = de(W()), h = W(), d = await Ae(h), m = Re(d), s = await ((i = this.dpop) === null || i === void 0 ? void 0 : i.calculateThumbprint()), l = ((u, p, g, f, w, b, k, y, S) => Object.assign(Object.assign(Object.assign({ client_id: u.clientId }, u.authorizationParams), g), { scope: Q(p, g.scope, g.audience), response_type: "code", response_mode: y || "query", state: f, nonce: w, redirect_uri: k || u.authorizationParams.redirect_uri, code_challenge: b, code_challenge_method: "S256", dpop_jkt: S }))(this.options, this.scope, e, r, c, m, e.redirect_uri || this.options.authorizationParams.redirect_uri || n, t?.response_mode, s), a = this._authorizeUrl(l);
|
|
1158
|
+
return { nonce: c, code_verifier: h, scope: l.scope, audience: l.audience || "default", redirect_uri: l.redirect_uri, state: r, url: a };
|
|
1160
1159
|
}
|
|
1161
1160
|
async loginWithPopup(e, t) {
|
|
1162
|
-
var
|
|
1161
|
+
var n;
|
|
1163
1162
|
if (e = e || {}, !(t = t || {}).popup && (t.popup = ((h) => {
|
|
1164
1163
|
const d = window.screenX + (window.innerWidth - 400) / 2, m = window.screenY + (window.innerHeight - 600) / 2;
|
|
1165
1164
|
return window.open(h, "auth0:authorize:popup", `left=${d},top=${m},width=400,height=600,resizable,scrollbars=yes,status=1`);
|
|
1166
|
-
})(""), !t.popup)) throw new
|
|
1165
|
+
})(""), !t.popup)) throw new Ie();
|
|
1167
1166
|
const i = await this._prepareAuthorizeUrl(e.authorizationParams || {}, { response_mode: "web_message" }, window.location.origin);
|
|
1168
1167
|
t.popup.location.href = i.url;
|
|
1169
1168
|
const r = await ((h) => new Promise(((d, m) => {
|
|
1170
1169
|
let s;
|
|
1171
1170
|
const l = setInterval((() => {
|
|
1172
|
-
h.popup && h.popup.closed && (clearInterval(l), clearTimeout(a), window.removeEventListener("message", s, !1), m(new
|
|
1171
|
+
h.popup && h.popup.closed && (clearInterval(l), clearTimeout(a), window.removeEventListener("message", s, !1), m(new _e(h.popup)));
|
|
1173
1172
|
}), 1e3), a = setTimeout((() => {
|
|
1174
|
-
clearInterval(l), m(new
|
|
1173
|
+
clearInterval(l), m(new Se(h.popup)), window.removeEventListener("message", s, !1);
|
|
1175
1174
|
}), 1e3 * (h.timeoutInSeconds || 60));
|
|
1176
|
-
s = function(
|
|
1177
|
-
if (
|
|
1178
|
-
if (clearTimeout(a), clearInterval(l), window.removeEventListener("message", s, !1), h.closePopup !== !1 && h.popup.close(),
|
|
1179
|
-
d(
|
|
1175
|
+
s = function(u) {
|
|
1176
|
+
if (u.data && u.data.type === "authorization_response") {
|
|
1177
|
+
if (clearTimeout(a), clearInterval(l), window.removeEventListener("message", s, !1), h.closePopup !== !1 && h.popup.close(), u.data.response.error) return m(_.fromPayload(u.data.response));
|
|
1178
|
+
d(u.data.response);
|
|
1180
1179
|
}
|
|
1181
1180
|
}, window.addEventListener("message", s);
|
|
1182
1181
|
})))(Object.assign(Object.assign({}, t), { timeoutInSeconds: t.timeoutInSeconds || this.options.authorizeTimeoutInSeconds || 60 }));
|
|
1183
1182
|
if (i.state !== r.state) throw new _("state_mismatch", "Invalid state");
|
|
1184
|
-
const
|
|
1185
|
-
await this._requestToken({ audience: i.audience, scope: i.scope, code_verifier: i.code_verifier, grant_type: "authorization_code", code: r.code, redirect_uri: i.redirect_uri }, { nonceIn: i.nonce, organization:
|
|
1183
|
+
const c = ((n = e.authorizationParams) === null || n === void 0 ? void 0 : n.organization) || this.options.authorizationParams.organization;
|
|
1184
|
+
await this._requestToken({ audience: i.audience, scope: i.scope, code_verifier: i.code_verifier, grant_type: "authorization_code", code: r.code, redirect_uri: i.redirect_uri }, { nonceIn: i.nonce, organization: c });
|
|
1186
1185
|
}
|
|
1187
1186
|
async getUser() {
|
|
1188
1187
|
var e;
|
|
@@ -1196,38 +1195,38 @@ class Nt {
|
|
|
1196
1195
|
}
|
|
1197
1196
|
async loginWithRedirect(e = {}) {
|
|
1198
1197
|
var t;
|
|
1199
|
-
const
|
|
1200
|
-
this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, l), { appState:
|
|
1198
|
+
const n = Le(e), { openUrl: i, fragment: r, appState: c } = n, h = O(n, ["openUrl", "fragment", "appState"]), d = ((t = h.authorizationParams) === null || t === void 0 ? void 0 : t.organization) || this.options.authorizationParams.organization, m = await this._prepareAuthorizeUrl(h.authorizationParams || {}), { url: s } = m, l = O(m, ["url"]);
|
|
1199
|
+
this.transactionManager.create(Object.assign(Object.assign(Object.assign({}, l), { appState: c, response_type: N.Code }), d && { organization: d }));
|
|
1201
1200
|
const a = r ? `${s}#${r}` : s;
|
|
1202
1201
|
i ? await i(a) : window.location.assign(a);
|
|
1203
1202
|
}
|
|
1204
1203
|
async handleRedirectCallback(e = window.location.href) {
|
|
1205
1204
|
const t = e.split("?").slice(1);
|
|
1206
1205
|
if (t.length === 0) throw new Error("There are no query params available for parsing.");
|
|
1207
|
-
const
|
|
1208
|
-
if (!
|
|
1206
|
+
const n = this.transactionManager.get();
|
|
1207
|
+
if (!n) throw new _("missing_transaction", "Invalid state");
|
|
1209
1208
|
this.transactionManager.remove();
|
|
1210
1209
|
const i = ((r) => {
|
|
1211
1210
|
r.indexOf("#") > -1 && (r = r.substring(0, r.indexOf("#")));
|
|
1212
|
-
const
|
|
1213
|
-
return { state:
|
|
1211
|
+
const c = new URLSearchParams(r);
|
|
1212
|
+
return { state: c.get("state"), code: c.get("code") || void 0, connect_code: c.get("connect_code") || void 0, error: c.get("error") || void 0, error_description: c.get("error_description") || void 0 };
|
|
1214
1213
|
})(t.join(""));
|
|
1215
|
-
return
|
|
1214
|
+
return n.response_type === N.ConnectCode ? this._handleConnectAccountRedirectCallback(i, n) : this._handleLoginRedirectCallback(i, n);
|
|
1216
1215
|
}
|
|
1217
1216
|
async _handleLoginRedirectCallback(e, t) {
|
|
1218
|
-
const { code:
|
|
1219
|
-
if (r) throw new
|
|
1217
|
+
const { code: n, state: i, error: r, error_description: c } = e;
|
|
1218
|
+
if (r) throw new ke(r, c || r, i, t.appState);
|
|
1220
1219
|
if (!t.code_verifier || t.state && t.state !== i) throw new _("state_mismatch", "Invalid state");
|
|
1221
1220
|
const h = t.organization, d = t.nonce, m = t.redirect_uri;
|
|
1222
|
-
return await this._requestToken(Object.assign({ audience: t.audience, scope: t.scope, code_verifier: t.code_verifier, grant_type: "authorization_code", code:
|
|
1221
|
+
return await this._requestToken(Object.assign({ audience: t.audience, scope: t.scope, code_verifier: t.code_verifier, grant_type: "authorization_code", code: n }, m ? { redirect_uri: m } : {}), { nonceIn: d, organization: h }), { appState: t.appState, response_type: N.Code };
|
|
1223
1222
|
}
|
|
1224
1223
|
async _handleConnectAccountRedirectCallback(e, t) {
|
|
1225
|
-
const { connect_code:
|
|
1226
|
-
if (r) throw new
|
|
1227
|
-
if (!
|
|
1224
|
+
const { connect_code: n, state: i, error: r, error_description: c } = e;
|
|
1225
|
+
if (r) throw new ve(r, c || r, t.connection, i, t.appState);
|
|
1226
|
+
if (!n) throw new _("missing_connect_code", "Missing connect code");
|
|
1228
1227
|
if (!(t.code_verifier && t.state && t.auth_session && t.redirect_uri && t.state === i)) throw new _("state_mismatch", "Invalid state");
|
|
1229
|
-
const h = await this.myAccountApi.completeAccount({ auth_session: t.auth_session, connect_code:
|
|
1230
|
-
return Object.assign(Object.assign({}, h), { appState: t.appState, response_type:
|
|
1228
|
+
const h = await this.myAccountApi.completeAccount({ auth_session: t.auth_session, connect_code: n, redirect_uri: t.redirect_uri, code_verifier: t.code_verifier });
|
|
1229
|
+
return Object.assign(Object.assign({}, h), { appState: t.appState, response_type: N.ConnectCode });
|
|
1231
1230
|
}
|
|
1232
1231
|
async checkSession(e) {
|
|
1233
1232
|
if (!this.cookieStorage.get(this.isAuthenticatedCookieName)) {
|
|
@@ -1240,73 +1239,73 @@ class Nt {
|
|
|
1240
1239
|
}
|
|
1241
1240
|
}
|
|
1242
1241
|
async getTokenSilently(e = {}) {
|
|
1243
|
-
var t,
|
|
1244
|
-
const i = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope:
|
|
1245
|
-
let d =
|
|
1246
|
-
return d || (d =
|
|
1247
|
-
delete
|
|
1248
|
-
})),
|
|
1242
|
+
var t, n;
|
|
1243
|
+
const i = Object.assign(Object.assign({ cacheMode: "on" }, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Q(this.scope, (t = e.authorizationParams) === null || t === void 0 ? void 0 : t.scope, ((n = e.authorizationParams) === null || n === void 0 ? void 0 : n.audience) || this.options.authorizationParams.audience) }) }), r = await ((c, h) => {
|
|
1244
|
+
let d = pe[h];
|
|
1245
|
+
return d || (d = c().finally((() => {
|
|
1246
|
+
delete pe[h], d = null;
|
|
1247
|
+
})), pe[h] = d), d;
|
|
1249
1248
|
})((() => this._getTokenSilently(i)), `${this.options.clientId}::${i.authorizationParams.audience}::${i.authorizationParams.scope}`);
|
|
1250
1249
|
return e.detailedResponse ? r : r?.access_token;
|
|
1251
1250
|
}
|
|
1252
1251
|
async _getTokenSilently(e) {
|
|
1253
|
-
const { cacheMode: t } = e,
|
|
1252
|
+
const { cacheMode: t } = e, n = O(e, ["cacheMode"]);
|
|
1254
1253
|
if (t !== "off") {
|
|
1255
|
-
const h = await this._getEntryFromCache({ scope:
|
|
1254
|
+
const h = await this._getEntryFromCache({ scope: n.authorizationParams.scope, audience: n.authorizationParams.audience || "default", clientId: this.options.clientId, cacheMode: t });
|
|
1256
1255
|
if (h) return h;
|
|
1257
1256
|
}
|
|
1258
1257
|
if (t === "cache-only") return;
|
|
1259
|
-
const i = (r = this.options.clientId,
|
|
1260
|
-
var r,
|
|
1261
|
-
if (!await
|
|
1258
|
+
const i = (r = this.options.clientId, c = n.authorizationParams.audience || "default", `auth0.lock.getTokenSilently.${r}.${c}`);
|
|
1259
|
+
var r, c;
|
|
1260
|
+
if (!await ze((() => F.acquireLock(i, 5e3)), 10)) throw new Z();
|
|
1262
1261
|
this.activeLockKeys.add(i), this.activeLockKeys.size === 1 && window.addEventListener("pagehide", this._releaseLockOnPageHide);
|
|
1263
1262
|
try {
|
|
1264
1263
|
if (t !== "off") {
|
|
1265
|
-
const
|
|
1266
|
-
if (
|
|
1264
|
+
const u = await this._getEntryFromCache({ scope: n.authorizationParams.scope, audience: n.authorizationParams.audience || "default", clientId: this.options.clientId });
|
|
1265
|
+
if (u) return u;
|
|
1267
1266
|
}
|
|
1268
|
-
const h = this.options.useRefreshTokens ? await this._getTokenUsingRefreshToken(
|
|
1267
|
+
const h = this.options.useRefreshTokens ? await this._getTokenUsingRefreshToken(n) : await this._getTokenFromIFrame(n), { id_token: d, token_type: m, access_token: s, oauthTokenScope: l, expires_in: a } = h;
|
|
1269
1268
|
return Object.assign(Object.assign({ id_token: d, token_type: m, access_token: s }, l ? { scope: l } : null), { expires_in: a });
|
|
1270
1269
|
} finally {
|
|
1271
1270
|
await F.releaseLock(i), this.activeLockKeys.delete(i), this.activeLockKeys.size === 0 && window.removeEventListener("pagehide", this._releaseLockOnPageHide);
|
|
1272
1271
|
}
|
|
1273
1272
|
}
|
|
1274
1273
|
async getTokenWithPopup(e = {}, t = {}) {
|
|
1275
|
-
var
|
|
1276
|
-
const r = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope:
|
|
1277
|
-
return t = Object.assign(Object.assign({},
|
|
1274
|
+
var n, i;
|
|
1275
|
+
const r = Object.assign(Object.assign({}, e), { authorizationParams: Object.assign(Object.assign(Object.assign({}, this.options.authorizationParams), e.authorizationParams), { scope: Q(this.scope, (n = e.authorizationParams) === null || n === void 0 ? void 0 : n.scope, ((i = e.authorizationParams) === null || i === void 0 ? void 0 : i.audience) || this.options.authorizationParams.audience) }) });
|
|
1276
|
+
return t = Object.assign(Object.assign({}, ot), t), await this.loginWithPopup(r, t), (await this.cacheManager.get(new P({ scope: r.authorizationParams.scope, audience: r.authorizationParams.audience || "default", clientId: this.options.clientId }), void 0, this.options.useMrrt)).access_token;
|
|
1278
1277
|
}
|
|
1279
1278
|
async isAuthenticated() {
|
|
1280
1279
|
return !!await this.getUser();
|
|
1281
1280
|
}
|
|
1282
1281
|
_buildLogoutUrl(e) {
|
|
1283
1282
|
e.clientId !== null ? e.clientId = e.clientId || this.options.clientId : delete e.clientId;
|
|
1284
|
-
const t = e.logoutParams || {}, { federated:
|
|
1285
|
-
return this._url(`/v2/logout?${
|
|
1283
|
+
const t = e.logoutParams || {}, { federated: n } = t, i = O(t, ["federated"]), r = n ? "&federated" : "";
|
|
1284
|
+
return this._url(`/v2/logout?${fe(Object.assign({ clientId: e.clientId }, i))}`) + r;
|
|
1286
1285
|
}
|
|
1287
1286
|
async logout(e = {}) {
|
|
1288
1287
|
var t;
|
|
1289
|
-
const
|
|
1288
|
+
const n = Le(e), { openUrl: i } = n, r = O(n, ["openUrl"]);
|
|
1290
1289
|
e.clientId === null ? await this.cacheManager.clear() : await this.cacheManager.clear(e.clientId || this.options.clientId), this.cookieStorage.remove(this.orgHintCookieName, { cookieDomain: this.options.cookieDomain }), this.cookieStorage.remove(this.isAuthenticatedCookieName, { cookieDomain: this.options.cookieDomain }), this.userCache.remove("@@user@@"), await ((t = this.dpop) === null || t === void 0 ? void 0 : t.clear());
|
|
1291
|
-
const
|
|
1292
|
-
i ? await i(
|
|
1290
|
+
const c = this._buildLogoutUrl(r);
|
|
1291
|
+
i ? await i(c) : i !== !1 && window.location.assign(c);
|
|
1293
1292
|
}
|
|
1294
1293
|
async _getTokenFromIFrame(e) {
|
|
1295
1294
|
const t = `auth0.lock.getTokenFromIFrame.${this.options.clientId}`;
|
|
1296
|
-
if (!await
|
|
1295
|
+
if (!await ze((() => F.acquireLock(t, 5e3)), 10)) throw new Z();
|
|
1297
1296
|
try {
|
|
1298
|
-
const
|
|
1299
|
-
i && !
|
|
1300
|
-
const { url: r, state:
|
|
1297
|
+
const n = Object.assign(Object.assign({}, e.authorizationParams), { prompt: "none" }), i = this.cookieStorage.get(this.orgHintCookieName);
|
|
1298
|
+
i && !n.organization && (n.organization = i);
|
|
1299
|
+
const { url: r, state: c, nonce: h, code_verifier: d, redirect_uri: m, scope: s, audience: l } = await this._prepareAuthorizeUrl(n, { response_mode: "web_message" }, window.location.origin);
|
|
1301
1300
|
if (window.crossOriginIsolated) throw new _("login_required", "The application is running in a Cross-Origin Isolated context, silently retrieving a token without refresh token is not possible.");
|
|
1302
1301
|
const a = e.timeoutInSeconds || this.options.authorizeTimeoutInSeconds;
|
|
1303
|
-
let
|
|
1302
|
+
let u;
|
|
1304
1303
|
try {
|
|
1305
|
-
|
|
1304
|
+
u = new URL(this.domainUrl).origin;
|
|
1306
1305
|
} catch {
|
|
1307
|
-
|
|
1306
|
+
u = this.domainUrl;
|
|
1308
1307
|
}
|
|
1309
|
-
const p = await ((f, w, b = 60) => new Promise(((
|
|
1308
|
+
const p = await ((f, w, b = 60) => new Promise(((k, y) => {
|
|
1310
1309
|
const S = window.document.createElement("iframe");
|
|
1311
1310
|
S.setAttribute("width", "0"), S.setAttribute("height", "0"), S.style.display = "none";
|
|
1312
1311
|
const E = () => {
|
|
@@ -1318,15 +1317,15 @@ class Nt {
|
|
|
1318
1317
|
}), 1e3 * b);
|
|
1319
1318
|
T = function(I) {
|
|
1320
1319
|
if (I.origin != w || !I.data || I.data.type !== "authorization_response") return;
|
|
1321
|
-
const
|
|
1322
|
-
|
|
1320
|
+
const A = I.source;
|
|
1321
|
+
A && A.close(), I.data.response.error ? y(_.fromPayload(I.data.response)) : k(I.data.response), clearTimeout(C), window.removeEventListener("message", T, !1), setTimeout(E, 2e3);
|
|
1323
1322
|
}, window.addEventListener("message", T, !1), window.document.body.appendChild(S), S.setAttribute("src", f);
|
|
1324
|
-
})))(r,
|
|
1325
|
-
if (
|
|
1326
|
-
const g = await this._requestToken(Object.assign(Object.assign({}, e.authorizationParams), { code_verifier: d, code: p.code, grant_type: "authorization_code", redirect_uri: m, timeout: e.authorizationParams.timeout || this.httpTimeoutMs }), { nonceIn: h, organization:
|
|
1323
|
+
})))(r, u, a);
|
|
1324
|
+
if (c !== p.state) throw new _("state_mismatch", "Invalid state");
|
|
1325
|
+
const g = await this._requestToken(Object.assign(Object.assign({}, e.authorizationParams), { code_verifier: d, code: p.code, grant_type: "authorization_code", redirect_uri: m, timeout: e.authorizationParams.timeout || this.httpTimeoutMs }), { nonceIn: h, organization: n.organization });
|
|
1327
1326
|
return Object.assign(Object.assign({}, g), { scope: s, oauthTokenScope: g.scope, audience: l });
|
|
1328
|
-
} catch (
|
|
1329
|
-
throw
|
|
1327
|
+
} catch (n) {
|
|
1328
|
+
throw n.error === "login_required" && this.logout({ openUrl: !1 }), n;
|
|
1330
1329
|
} finally {
|
|
1331
1330
|
await F.releaseLock(t);
|
|
1332
1331
|
}
|
|
@@ -1335,61 +1334,61 @@ class Nt {
|
|
|
1335
1334
|
const t = await this.cacheManager.get(new P({ scope: e.authorizationParams.scope, audience: e.authorizationParams.audience || "default", clientId: this.options.clientId }), void 0, this.options.useMrrt);
|
|
1336
1335
|
if (!(t && t.refresh_token || this.worker)) {
|
|
1337
1336
|
if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
|
|
1338
|
-
throw new
|
|
1337
|
+
throw new ce(e.authorizationParams.audience || "default", e.authorizationParams.scope);
|
|
1339
1338
|
}
|
|
1340
|
-
const
|
|
1339
|
+
const n = e.authorizationParams.redirect_uri || this.options.authorizationParams.redirect_uri || window.location.origin, i = typeof e.timeoutInSeconds == "number" ? 1e3 * e.timeoutInSeconds : null, r = ((s, l, a, u) => {
|
|
1341
1340
|
var p;
|
|
1342
|
-
if (s && a &&
|
|
1341
|
+
if (s && a && u) {
|
|
1343
1342
|
if (l.audience !== a) return l.scope;
|
|
1344
|
-
const g =
|
|
1345
|
-
return g.length >= f.length && w ?
|
|
1343
|
+
const g = u.split(" "), f = ((p = l.scope) === null || p === void 0 ? void 0 : p.split(" ")) || [], w = f.every(((b) => g.includes(b)));
|
|
1344
|
+
return g.length >= f.length && w ? u : l.scope;
|
|
1346
1345
|
}
|
|
1347
1346
|
return l.scope;
|
|
1348
1347
|
})(this.options.useMrrt, e.authorizationParams, t?.audience, t?.scope);
|
|
1349
1348
|
try {
|
|
1350
|
-
const s = await this._requestToken(Object.assign(Object.assign(Object.assign({}, e.authorizationParams), { grant_type: "refresh_token", refresh_token: t && t.refresh_token, redirect_uri:
|
|
1351
|
-
if (s.refresh_token && t?.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, s.refresh_token), this.options.useMrrt && (
|
|
1349
|
+
const s = await this._requestToken(Object.assign(Object.assign(Object.assign({}, e.authorizationParams), { grant_type: "refresh_token", refresh_token: t && t.refresh_token, redirect_uri: n }), i && { timeout: i }), { scopesToRequest: r });
|
|
1350
|
+
if (s.refresh_token && t?.refresh_token && await this.cacheManager.updateEntry(t.refresh_token, s.refresh_token), this.options.useMrrt && (c = t?.audience, h = t?.scope, d = e.authorizationParams.audience, m = e.authorizationParams.scope, (c !== d || !He(m, h)) && !He(r, s.scope))) {
|
|
1352
1351
|
if (this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
|
|
1353
1352
|
await this.cacheManager.remove(this.options.clientId, e.authorizationParams.audience, e.authorizationParams.scope);
|
|
1354
|
-
const l = ((a,
|
|
1355
|
-
const p = a?.split(" ") || [], g =
|
|
1353
|
+
const l = ((a, u) => {
|
|
1354
|
+
const p = a?.split(" ") || [], g = u?.split(" ") || [];
|
|
1356
1355
|
return p.filter(((f) => g.indexOf(f) == -1)).join(",");
|
|
1357
1356
|
})(r, s.scope);
|
|
1358
|
-
throw new
|
|
1357
|
+
throw new Pe(e.authorizationParams.audience || "default", l);
|
|
1359
1358
|
}
|
|
1360
1359
|
return Object.assign(Object.assign({}, s), { scope: e.authorizationParams.scope, oauthTokenScope: s.scope, audience: e.authorizationParams.audience || "default" });
|
|
1361
1360
|
} catch (s) {
|
|
1362
1361
|
if ((s.message.indexOf("Missing Refresh Token") > -1 || s.message && s.message.indexOf("invalid refresh token") > -1) && this.options.useRefreshTokensFallback) return await this._getTokenFromIFrame(e);
|
|
1363
1362
|
throw s;
|
|
1364
1363
|
}
|
|
1365
|
-
var
|
|
1364
|
+
var c, h, d, m;
|
|
1366
1365
|
}
|
|
1367
1366
|
async _saveEntryInCache(e) {
|
|
1368
|
-
const { id_token: t, decodedToken:
|
|
1369
|
-
this.userCache.set("@@user@@", { id_token: t, decodedToken:
|
|
1367
|
+
const { id_token: t, decodedToken: n } = e, i = O(e, ["id_token", "decodedToken"]);
|
|
1368
|
+
this.userCache.set("@@user@@", { id_token: t, decodedToken: n }), await this.cacheManager.setIdToken(this.options.clientId, e.id_token, e.decodedToken), await this.cacheManager.set(i);
|
|
1370
1369
|
}
|
|
1371
1370
|
async _getIdTokenFromCache() {
|
|
1372
|
-
const e = this.options.authorizationParams.audience || "default", t = this.scope[e],
|
|
1373
|
-
return
|
|
1371
|
+
const e = this.options.authorizationParams.audience || "default", t = this.scope[e], n = await this.cacheManager.getIdToken(new P({ clientId: this.options.clientId, audience: e, scope: t })), i = this.userCache.get("@@user@@");
|
|
1372
|
+
return n && n.id_token === i?.id_token ? i : (this.userCache.set("@@user@@", n), n);
|
|
1374
1373
|
}
|
|
1375
|
-
async _getEntryFromCache({ scope: e, audience: t, clientId:
|
|
1376
|
-
const r = await this.cacheManager.get(new P({ scope: e, audience: t, clientId:
|
|
1374
|
+
async _getEntryFromCache({ scope: e, audience: t, clientId: n, cacheMode: i }) {
|
|
1375
|
+
const r = await this.cacheManager.get(new P({ scope: e, audience: t, clientId: n }), 60, this.options.useMrrt, i);
|
|
1377
1376
|
if (r && r.access_token) {
|
|
1378
|
-
const { token_type:
|
|
1379
|
-
return s && Object.assign(Object.assign({ id_token: s.id_token, token_type:
|
|
1377
|
+
const { token_type: c, access_token: h, oauthTokenScope: d, expires_in: m } = r, s = await this._getIdTokenFromCache();
|
|
1378
|
+
return s && Object.assign(Object.assign({ id_token: s.id_token, token_type: c || "Bearer", access_token: h }, d ? { scope: d } : null), { expires_in: m });
|
|
1380
1379
|
}
|
|
1381
1380
|
}
|
|
1382
1381
|
async _requestToken(e, t) {
|
|
1383
|
-
var
|
|
1384
|
-
const { nonceIn: r, organization:
|
|
1382
|
+
var n, i;
|
|
1383
|
+
const { nonceIn: r, organization: c, scopesToRequest: h } = t || {}, d = await kt(Object.assign(Object.assign({ baseUrl: this.domainUrl, client_id: this.options.clientId, auth0Client: this.options.auth0Client, useFormData: this.options.useFormData, timeout: this.httpTimeoutMs, useMrrt: this.options.useMrrt, dpop: this.dpop }, e), { scope: h || e.scope }), this.worker), m = await this._verifyIdToken(d.id_token, r, c);
|
|
1385
1384
|
if (e.grant_type === "authorization_code") {
|
|
1386
1385
|
const s = await this._getIdTokenFromCache();
|
|
1387
|
-
!((i = (
|
|
1386
|
+
!((i = (n = s?.decodedToken) === null || n === void 0 ? void 0 : n.claims) === null || i === void 0) && i.sub && s.decodedToken.claims.sub !== m.claims.sub && (await this.cacheManager.clear(this.options.clientId), this.userCache.remove("@@user@@"));
|
|
1388
1387
|
}
|
|
1389
|
-
return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, d), { decodedToken: m, scope: e.scope, audience: e.audience || "default" }), d.scope ? { oauthTokenScope: d.scope } : null), { client_id: this.options.clientId })), this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this._processOrgHint(
|
|
1388
|
+
return await this._saveEntryInCache(Object.assign(Object.assign(Object.assign(Object.assign({}, d), { decodedToken: m, scope: e.scope, audience: e.audience || "default" }), d.scope ? { oauthTokenScope: d.scope } : null), { client_id: this.options.clientId })), this.cookieStorage.save(this.isAuthenticatedCookieName, !0, { daysUntilExpire: this.sessionCheckExpiryDays, cookieDomain: this.options.cookieDomain }), this._processOrgHint(c || m.claims.org_id), Object.assign(Object.assign({}, d), { decodedToken: m });
|
|
1390
1389
|
}
|
|
1391
1390
|
async exchangeToken(e) {
|
|
1392
|
-
return this._requestToken({ grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", subject_token: e.subject_token, subject_token_type: e.subject_token_type, scope:
|
|
1391
|
+
return this._requestToken({ grant_type: "urn:ietf:params:oauth:grant-type:token-exchange", subject_token: e.subject_token, subject_token_type: e.subject_token_type, scope: Q(this.scope, e.scope, e.audience || this.options.authorizationParams.audience), audience: e.audience || this.options.authorizationParams.audience, organization: e.organization || this.options.authorizationParams.organization });
|
|
1393
1392
|
}
|
|
1394
1393
|
_assertDpop(e) {
|
|
1395
1394
|
if (!e) throw new Error("`useDpop` option must be enabled before using DPoP.");
|
|
@@ -1404,130 +1403,467 @@ class Nt {
|
|
|
1404
1403
|
return this._assertDpop(this.dpop), this.dpop.generateProof(e);
|
|
1405
1404
|
}
|
|
1406
1405
|
createFetcher(e = {}) {
|
|
1407
|
-
return new
|
|
1408
|
-
var
|
|
1409
|
-
return this.getTokenSilently({ authorizationParams: { scope: (
|
|
1406
|
+
return new Dt(e, { isDpopEnabled: () => !!this.options.useDpop, getAccessToken: (t) => {
|
|
1407
|
+
var n;
|
|
1408
|
+
return this.getTokenSilently({ authorizationParams: { scope: (n = t?.scope) === null || n === void 0 ? void 0 : n.join(" "), audience: t?.audience }, detailedResponse: !0 });
|
|
1410
1409
|
}, getDpopNonce: () => this.getDpopNonce(e.dpopNonceId), setDpopNonce: (t) => this.setDpopNonce(t, e.dpopNonceId), generateDpopProof: (t) => this.generateDpopProof(t) });
|
|
1411
1410
|
}
|
|
1412
1411
|
async connectAccountWithRedirect(e) {
|
|
1413
|
-
const { openUrl: t, appState:
|
|
1412
|
+
const { openUrl: t, appState: n, connection: i, scopes: r, authorization_params: c, redirectUri: h = this.options.authorizationParams.redirect_uri || window.location.origin } = e;
|
|
1414
1413
|
if (!i) throw new Error("connection is required");
|
|
1415
|
-
const d =
|
|
1416
|
-
this.transactionManager.create({ state: d, code_verifier: m, auth_session: p, redirect_uri: h, appState:
|
|
1414
|
+
const d = de(W()), m = W(), s = await Ae(m), l = Re(s), { connect_uri: a, connect_params: u, auth_session: p } = await this.myAccountApi.connectAccount({ connection: i, scopes: r, redirect_uri: h, state: d, code_challenge: l, code_challenge_method: "S256", authorization_params: c });
|
|
1415
|
+
this.transactionManager.create({ state: d, code_verifier: m, auth_session: p, redirect_uri: h, appState: n, connection: i, response_type: N.ConnectCode });
|
|
1417
1416
|
const g = new URL(a);
|
|
1418
|
-
g.searchParams.set("ticket",
|
|
1417
|
+
g.searchParams.set("ticket", u.ticket), t ? await t(g.toString()) : window.location.assign(g);
|
|
1419
1418
|
}
|
|
1420
1419
|
}
|
|
1421
|
-
async function
|
|
1422
|
-
const e = new
|
|
1420
|
+
async function Ut(o) {
|
|
1421
|
+
const e = new zt(o);
|
|
1423
1422
|
return await e.checkSession(), e;
|
|
1424
1423
|
}
|
|
1425
|
-
|
|
1424
|
+
const Lt = "sesamy-debug";
|
|
1425
|
+
function Ht(o) {
|
|
1426
|
+
if (typeof document > "u")
|
|
1427
|
+
return null;
|
|
1428
|
+
const e = o + "=", t = document.cookie.split(";");
|
|
1429
|
+
for (let n = 0; n < t.length; n++) {
|
|
1430
|
+
let i = t[n];
|
|
1431
|
+
for (; i.charAt(0) === " "; )
|
|
1432
|
+
i = i.substring(1);
|
|
1433
|
+
if (i.indexOf(e) === 0)
|
|
1434
|
+
return i.substring(e.length, i.length);
|
|
1435
|
+
}
|
|
1436
|
+
return null;
|
|
1437
|
+
}
|
|
1438
|
+
function Zt() {
|
|
1439
|
+
return Ht(Lt) === "true";
|
|
1440
|
+
}
|
|
1441
|
+
function v(o) {
|
|
1442
|
+
Zt() && console.log(o);
|
|
1443
|
+
}
|
|
1444
|
+
function me(o, e) {
|
|
1445
|
+
if (typeof window > "u")
|
|
1446
|
+
return;
|
|
1447
|
+
const t = new CustomEvent(o, {
|
|
1448
|
+
detail: e,
|
|
1449
|
+
bubbles: !0,
|
|
1450
|
+
composed: !0
|
|
1451
|
+
});
|
|
1452
|
+
v(`Triggering event: ${o}`), dispatchEvent(t);
|
|
1453
|
+
}
|
|
1454
|
+
var M = /* @__PURE__ */ ((o) => (o.AUTH_INITIALIZED = "sesamyJsAuthInitialized", o.READY = "sesamyJsReady", o.AUTHENTICATED = "sesamyJsAuthenticated", o.LOGOUT = "sesamyJsLogout", o.CLEAR_CACHE = "sesamyJsClearCache", o.USER_ATTRIBUTE_CHANGED = "sesamyUserAttributeChanged", o.PURCHASE = "sesamyJsPurchase", o))(M || {});
|
|
1455
|
+
const Wt = "sesamy.com", Jt = "sesamy.dev";
|
|
1456
|
+
function Ft(o, e) {
|
|
1457
|
+
return `${o}.${e === "dev" ? Jt : Wt}`;
|
|
1458
|
+
}
|
|
1459
|
+
function $t() {
|
|
1460
|
+
let e = (document.documentElement.getAttribute("lang") ?? navigator.language ?? "en").split("-")[0]?.toLowerCase() ?? "en";
|
|
1461
|
+
return e === "nn" && (e = "nb"), e;
|
|
1462
|
+
}
|
|
1463
|
+
/*!
|
|
1464
|
+
*
|
|
1465
|
+
* detectIncognito v1.6.2
|
|
1466
|
+
*
|
|
1467
|
+
* https://github.com/Joe12387/detectIncognito
|
|
1468
|
+
*
|
|
1469
|
+
* MIT License
|
|
1470
|
+
*
|
|
1471
|
+
* Copyright (c) 2021 - 2025 Joe Rutkowski <Joe@dreggle.com>
|
|
1472
|
+
*
|
|
1473
|
+
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
1474
|
+
* of this software and associated documentation files (the "Software"), to deal
|
|
1475
|
+
* in the Software without restriction, including without limitation the rights
|
|
1476
|
+
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
1477
|
+
* copies of the Software, and to permit persons to whom the Software is
|
|
1478
|
+
* furnished to do so, subject to the following conditions:
|
|
1479
|
+
*
|
|
1480
|
+
* The above copyright notice and this permission notice shall be included in all
|
|
1481
|
+
* copies or substantial portions of the Software.
|
|
1482
|
+
*
|
|
1483
|
+
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
1484
|
+
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
1485
|
+
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
1486
|
+
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
1487
|
+
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
1488
|
+
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
1489
|
+
* SOFTWARE.
|
|
1490
|
+
*
|
|
1491
|
+
* Please keep this comment intact in order to properly abide by the MIT License.
|
|
1492
|
+
*
|
|
1493
|
+
**/
|
|
1494
|
+
var ye = { d: (o, e) => {
|
|
1495
|
+
for (var t in e) ye.o(e, t) && !ye.o(o, t) && Object.defineProperty(o, t, { enumerable: !0, get: e[t] });
|
|
1496
|
+
}, o: (o, e) => Object.prototype.hasOwnProperty.call(o, e) }, Oe = {};
|
|
1497
|
+
ye.d(Oe, { A: () => Xt, k: () => Ee });
|
|
1498
|
+
var $ = function(o, e, t, n) {
|
|
1499
|
+
return new (t || (t = Promise))(function(i, r) {
|
|
1500
|
+
function c(m) {
|
|
1501
|
+
try {
|
|
1502
|
+
d(n.next(m));
|
|
1503
|
+
} catch (s) {
|
|
1504
|
+
r(s);
|
|
1505
|
+
}
|
|
1506
|
+
}
|
|
1507
|
+
function h(m) {
|
|
1508
|
+
try {
|
|
1509
|
+
d(n.throw(m));
|
|
1510
|
+
} catch (s) {
|
|
1511
|
+
r(s);
|
|
1512
|
+
}
|
|
1513
|
+
}
|
|
1514
|
+
function d(m) {
|
|
1515
|
+
var s;
|
|
1516
|
+
m.done ? i(m.value) : (s = m.value, s instanceof t ? s : new t(function(l) {
|
|
1517
|
+
l(s);
|
|
1518
|
+
})).then(c, h);
|
|
1519
|
+
}
|
|
1520
|
+
d((n = n.apply(o, [])).next());
|
|
1521
|
+
});
|
|
1522
|
+
}, X = function(o, e) {
|
|
1523
|
+
var t, n, i, r, c = { label: 0, sent: function() {
|
|
1524
|
+
if (1 & i[0]) throw i[1];
|
|
1525
|
+
return i[1];
|
|
1526
|
+
}, trys: [], ops: [] };
|
|
1527
|
+
return r = { next: h(0), throw: h(1), return: h(2) }, typeof Symbol == "function" && (r[Symbol.iterator] = function() {
|
|
1528
|
+
return this;
|
|
1529
|
+
}), r;
|
|
1530
|
+
function h(d) {
|
|
1531
|
+
return function(m) {
|
|
1532
|
+
return (function(s) {
|
|
1533
|
+
if (t) throw new TypeError("Generator is already executing.");
|
|
1534
|
+
for (; r && (r = 0, s[0] && (c = 0)), c; ) try {
|
|
1535
|
+
if (t = 1, n && (i = 2 & s[0] ? n.return : s[0] ? n.throw || ((i = n.return) && i.call(n), 0) : n.next) && !(i = i.call(n, s[1])).done) return i;
|
|
1536
|
+
switch (n = 0, i && (s = [2 & s[0], i.value]), s[0]) {
|
|
1537
|
+
case 0:
|
|
1538
|
+
case 1:
|
|
1539
|
+
i = s;
|
|
1540
|
+
break;
|
|
1541
|
+
case 4:
|
|
1542
|
+
return c.label++, { value: s[1], done: !1 };
|
|
1543
|
+
case 5:
|
|
1544
|
+
c.label++, n = s[1], s = [0];
|
|
1545
|
+
continue;
|
|
1546
|
+
case 7:
|
|
1547
|
+
s = c.ops.pop(), c.trys.pop();
|
|
1548
|
+
continue;
|
|
1549
|
+
default:
|
|
1550
|
+
if (i = c.trys, !((i = i.length > 0 && i[i.length - 1]) || s[0] !== 6 && s[0] !== 2)) {
|
|
1551
|
+
c = 0;
|
|
1552
|
+
continue;
|
|
1553
|
+
}
|
|
1554
|
+
if (s[0] === 3 && (!i || s[1] > i[0] && s[1] < i[3])) {
|
|
1555
|
+
c.label = s[1];
|
|
1556
|
+
break;
|
|
1557
|
+
}
|
|
1558
|
+
if (s[0] === 6 && c.label < i[1]) {
|
|
1559
|
+
c.label = i[1], i = s;
|
|
1560
|
+
break;
|
|
1561
|
+
}
|
|
1562
|
+
if (i && c.label < i[2]) {
|
|
1563
|
+
c.label = i[2], c.ops.push(s);
|
|
1564
|
+
break;
|
|
1565
|
+
}
|
|
1566
|
+
i[2] && c.ops.pop(), c.trys.pop();
|
|
1567
|
+
continue;
|
|
1568
|
+
}
|
|
1569
|
+
s = e.call(o, c);
|
|
1570
|
+
} catch (l) {
|
|
1571
|
+
s = [6, l], n = 0;
|
|
1572
|
+
} finally {
|
|
1573
|
+
t = i = 0;
|
|
1574
|
+
}
|
|
1575
|
+
if (5 & s[0]) throw s[1];
|
|
1576
|
+
return { value: s[0] ? s[1] : void 0, done: !0 };
|
|
1577
|
+
})([d, m]);
|
|
1578
|
+
};
|
|
1579
|
+
}
|
|
1580
|
+
};
|
|
1581
|
+
function Ee() {
|
|
1582
|
+
return $(this, void 0, Promise, function() {
|
|
1583
|
+
return X(this, function(o) {
|
|
1584
|
+
switch (o.label) {
|
|
1585
|
+
case 0:
|
|
1586
|
+
return [4, new Promise(function(e, t) {
|
|
1587
|
+
var n = "Unknown", i = !1;
|
|
1588
|
+
function r(a) {
|
|
1589
|
+
i || (i = !0, e({ isPrivate: a, browserName: n }));
|
|
1590
|
+
}
|
|
1591
|
+
function c() {
|
|
1592
|
+
var a = 0, u = parseInt("-1");
|
|
1593
|
+
try {
|
|
1594
|
+
u.toFixed(u);
|
|
1595
|
+
} catch (p) {
|
|
1596
|
+
a = p.message.length;
|
|
1597
|
+
}
|
|
1598
|
+
return a;
|
|
1599
|
+
}
|
|
1600
|
+
function h() {
|
|
1601
|
+
return $(this, void 0, void 0, function() {
|
|
1602
|
+
var a, u;
|
|
1603
|
+
return X(this, function(p) {
|
|
1604
|
+
switch (p.label) {
|
|
1605
|
+
case 0:
|
|
1606
|
+
return p.trys.push([0, 2, , 3]), [4, navigator.storage.getDirectory()];
|
|
1607
|
+
case 1:
|
|
1608
|
+
return p.sent(), r(!1), [3, 3];
|
|
1609
|
+
case 2:
|
|
1610
|
+
return a = p.sent(), u = a instanceof Error && typeof a.message == "string" ? a.message : String(a), r(u.includes("unknown transient reason")), [3, 3];
|
|
1611
|
+
case 3:
|
|
1612
|
+
return [2];
|
|
1613
|
+
}
|
|
1614
|
+
});
|
|
1615
|
+
});
|
|
1616
|
+
}
|
|
1617
|
+
function d() {
|
|
1618
|
+
var a;
|
|
1619
|
+
return $(this, void 0, Promise, function() {
|
|
1620
|
+
return X(this, function(u) {
|
|
1621
|
+
switch (u.label) {
|
|
1622
|
+
case 0:
|
|
1623
|
+
return typeof ((a = navigator.storage) === null || a === void 0 ? void 0 : a.getDirectory) != "function" ? [3, 2] : [4, h()];
|
|
1624
|
+
case 1:
|
|
1625
|
+
return u.sent(), [3, 3];
|
|
1626
|
+
case 2:
|
|
1627
|
+
navigator.maxTouchPoints !== void 0 ? (function() {
|
|
1628
|
+
var p = String(Math.random());
|
|
1629
|
+
try {
|
|
1630
|
+
var g = indexedDB.open(p, 1);
|
|
1631
|
+
g.onupgradeneeded = function(f) {
|
|
1632
|
+
var w = f.target.result, b = function(k) {
|
|
1633
|
+
r(k);
|
|
1634
|
+
};
|
|
1635
|
+
try {
|
|
1636
|
+
w.createObjectStore("t", { autoIncrement: !0 }).put(new Blob()), b(!1);
|
|
1637
|
+
} catch (k) {
|
|
1638
|
+
(k instanceof Error && typeof k.message == "string" ? k.message : String(k)).includes("are not yet supported") ? b(!0) : b(!1);
|
|
1639
|
+
} finally {
|
|
1640
|
+
w.close(), indexedDB.deleteDatabase(p);
|
|
1641
|
+
}
|
|
1642
|
+
}, g.onerror = function() {
|
|
1643
|
+
return r(!1);
|
|
1644
|
+
};
|
|
1645
|
+
} catch {
|
|
1646
|
+
r(!1);
|
|
1647
|
+
}
|
|
1648
|
+
})() : (function() {
|
|
1649
|
+
var p = window.openDatabase, g = window.localStorage;
|
|
1650
|
+
try {
|
|
1651
|
+
p(null, null, null, null);
|
|
1652
|
+
} catch {
|
|
1653
|
+
return void r(!0);
|
|
1654
|
+
}
|
|
1655
|
+
try {
|
|
1656
|
+
g.setItem("test", "1"), g.removeItem("test");
|
|
1657
|
+
} catch {
|
|
1658
|
+
return void r(!0);
|
|
1659
|
+
}
|
|
1660
|
+
r(!1);
|
|
1661
|
+
})(), u.label = 3;
|
|
1662
|
+
case 3:
|
|
1663
|
+
return [2];
|
|
1664
|
+
}
|
|
1665
|
+
});
|
|
1666
|
+
});
|
|
1667
|
+
}
|
|
1668
|
+
function m() {
|
|
1669
|
+
navigator.webkitTemporaryStorage.queryUsageAndQuota(function(a, u) {
|
|
1670
|
+
var p = Math.round(u / 1048576), g = 2 * Math.round((function() {
|
|
1671
|
+
var f, w, b, k = window;
|
|
1672
|
+
return (b = (w = (f = k?.performance) === null || f === void 0 ? void 0 : f.memory) === null || w === void 0 ? void 0 : w.jsHeapSizeLimit) !== null && b !== void 0 ? b : 1073741824;
|
|
1673
|
+
})() / 1048576);
|
|
1674
|
+
r(p < g);
|
|
1675
|
+
}, function(a) {
|
|
1676
|
+
t(new Error("detectIncognito somehow failed to query storage quota: " + a.message));
|
|
1677
|
+
});
|
|
1678
|
+
}
|
|
1679
|
+
function s() {
|
|
1680
|
+
self.Promise !== void 0 && self.Promise.allSettled !== void 0 ? m() : (0, window.webkitRequestFileSystem)(0, 1, function() {
|
|
1681
|
+
r(!1);
|
|
1682
|
+
}, function() {
|
|
1683
|
+
r(!0);
|
|
1684
|
+
});
|
|
1685
|
+
}
|
|
1686
|
+
function l() {
|
|
1687
|
+
var a;
|
|
1688
|
+
return $(this, void 0, Promise, function() {
|
|
1689
|
+
var u, p, g;
|
|
1690
|
+
return X(this, function(f) {
|
|
1691
|
+
switch (f.label) {
|
|
1692
|
+
case 0:
|
|
1693
|
+
if (typeof ((a = navigator.storage) === null || a === void 0 ? void 0 : a.getDirectory) != "function") return [3, 5];
|
|
1694
|
+
f.label = 1;
|
|
1695
|
+
case 1:
|
|
1696
|
+
return f.trys.push([1, 3, , 4]), [4, navigator.storage.getDirectory()];
|
|
1697
|
+
case 2:
|
|
1698
|
+
return f.sent(), r(!1), [3, 4];
|
|
1699
|
+
case 3:
|
|
1700
|
+
return u = f.sent(), p = u instanceof Error && typeof u.message == "string" ? u.message : String(u), r(p.includes("Security error")), [2];
|
|
1701
|
+
case 4:
|
|
1702
|
+
return [3, 6];
|
|
1703
|
+
case 5:
|
|
1704
|
+
(g = indexedDB.open("inPrivate")).onerror = function(w) {
|
|
1705
|
+
g.error && g.error.name === "InvalidStateError" && w.preventDefault(), r(!0);
|
|
1706
|
+
}, g.onsuccess = function() {
|
|
1707
|
+
indexedDB.deleteDatabase("inPrivate"), r(!1);
|
|
1708
|
+
}, f.label = 6;
|
|
1709
|
+
case 6:
|
|
1710
|
+
return [2];
|
|
1711
|
+
}
|
|
1712
|
+
});
|
|
1713
|
+
});
|
|
1714
|
+
}
|
|
1715
|
+
(function() {
|
|
1716
|
+
return $(this, void 0, Promise, function() {
|
|
1717
|
+
return X(this, function(a) {
|
|
1718
|
+
switch (a.label) {
|
|
1719
|
+
case 0:
|
|
1720
|
+
return c() !== 44 && c() !== 43 ? [3, 2] : (n = "Safari", [4, d()]);
|
|
1721
|
+
case 1:
|
|
1722
|
+
return a.sent(), [3, 6];
|
|
1723
|
+
case 2:
|
|
1724
|
+
return c() !== 51 ? [3, 3] : (u = navigator.userAgent, n = u.match(/Chrome/) ? navigator.brave !== void 0 ? "Brave" : u.match(/Edg/) ? "Edge" : u.match(/OPR/) ? "Opera" : "Chrome" : "Chromium", s(), [3, 6]);
|
|
1725
|
+
case 3:
|
|
1726
|
+
return c() !== 25 ? [3, 5] : (n = "Firefox", [4, l()]);
|
|
1727
|
+
case 4:
|
|
1728
|
+
return a.sent(), [3, 6];
|
|
1729
|
+
case 5:
|
|
1730
|
+
navigator.msSaveBlob !== void 0 ? (n = "Internet Explorer", r(window.indexedDB === void 0)) : t(new Error("detectIncognito cannot determine the browser")), a.label = 6;
|
|
1731
|
+
case 6:
|
|
1732
|
+
return [2];
|
|
1733
|
+
}
|
|
1734
|
+
var u;
|
|
1735
|
+
});
|
|
1736
|
+
});
|
|
1737
|
+
})().catch(t);
|
|
1738
|
+
})];
|
|
1739
|
+
case 1:
|
|
1740
|
+
return [2, o.sent()];
|
|
1741
|
+
}
|
|
1742
|
+
});
|
|
1743
|
+
});
|
|
1744
|
+
}
|
|
1745
|
+
typeof window < "u" && (window.detectIncognito = Ee);
|
|
1746
|
+
const Xt = Ee;
|
|
1747
|
+
Oe.A;
|
|
1748
|
+
Oe.k;
|
|
1749
|
+
const Vt = "sesamy_incognito_mode";
|
|
1750
|
+
function Ze() {
|
|
1751
|
+
try {
|
|
1752
|
+
const o = sessionStorage.getItem(Vt);
|
|
1753
|
+
return o === null ? void 0 : o === "true";
|
|
1754
|
+
} catch {
|
|
1755
|
+
return;
|
|
1756
|
+
}
|
|
1757
|
+
}
|
|
1758
|
+
function le() {
|
|
1759
|
+
return typeof window < "u";
|
|
1760
|
+
}
|
|
1761
|
+
function Gt() {
|
|
1426
1762
|
return /^((?!chrome|android).)*safari/i.test(navigator.userAgent);
|
|
1427
1763
|
}
|
|
1428
|
-
function
|
|
1764
|
+
function Mt() {
|
|
1429
1765
|
return /android/i.test(navigator.userAgent);
|
|
1430
1766
|
}
|
|
1431
|
-
const
|
|
1767
|
+
const U = "sesamyAccessToken", V = "sesamyRefreshToken", ae = "sesamySilentAuthThrottle", et = "sesamy_is_authenticated", Ce = "sesamySilentRedirectState", Yt = 300 * 1e3, We = 60, Bt = [
|
|
1432
1768
|
"login_required",
|
|
1433
1769
|
"consent_required",
|
|
1434
1770
|
"interaction_required",
|
|
1435
1771
|
"timeout",
|
|
1436
1772
|
"Timeout",
|
|
1437
1773
|
"access_denied"
|
|
1438
|
-
],
|
|
1439
|
-
function
|
|
1440
|
-
const e =
|
|
1774
|
+
], qt = 64;
|
|
1775
|
+
function Je(o) {
|
|
1776
|
+
const e = o.split(".");
|
|
1441
1777
|
if (e.length !== 3) return null;
|
|
1442
|
-
const
|
|
1443
|
-
atob(
|
|
1778
|
+
const n = e[1].replace(/-/g, "+").replace(/_/g, "/"), i = decodeURIComponent(
|
|
1779
|
+
atob(n).split("").map((r) => "%" + ("00" + r.charCodeAt(0).toString(16)).slice(-2)).join("")
|
|
1444
1780
|
);
|
|
1445
1781
|
return JSON.parse(i);
|
|
1446
1782
|
}
|
|
1447
|
-
function
|
|
1448
|
-
if (!
|
|
1783
|
+
function Fe() {
|
|
1784
|
+
if (!le()) return !1;
|
|
1449
1785
|
try {
|
|
1450
|
-
const
|
|
1451
|
-
if (
|
|
1786
|
+
const o = document.cookie.split(";").map((t) => t.trim());
|
|
1787
|
+
if (o.some((t) => t.startsWith(`${et}=true`)) || o.some((t) => t.startsWith("auth0.is.authenticated=true"))) return !0;
|
|
1452
1788
|
const e = Object.keys(localStorage).filter((t) => t.startsWith("@@auth0spajs@@"));
|
|
1453
1789
|
for (const t of e)
|
|
1454
1790
|
try {
|
|
1455
|
-
const
|
|
1456
|
-
if (
|
|
1791
|
+
const n = JSON.parse(localStorage.getItem(t) || "{}");
|
|
1792
|
+
if (n?.body?.access_token || n?.body?.refresh_token) return !0;
|
|
1457
1793
|
} catch {
|
|
1458
1794
|
}
|
|
1459
1795
|
return !1;
|
|
1460
|
-
} catch (
|
|
1461
|
-
return
|
|
1796
|
+
} catch (o) {
|
|
1797
|
+
return v(`Error checking session hint cookie: ${o.message}`), !1;
|
|
1462
1798
|
}
|
|
1463
1799
|
}
|
|
1464
|
-
function
|
|
1465
|
-
if (
|
|
1800
|
+
function Y(o) {
|
|
1801
|
+
if (le())
|
|
1466
1802
|
try {
|
|
1467
|
-
const e =
|
|
1468
|
-
document.cookie = `${
|
|
1803
|
+
const e = o ? 2592e3 : 0, t = window.location.protocol === "https:" ? "; Secure" : "";
|
|
1804
|
+
document.cookie = `${et}=${o}; path=/; max-age=${e}; SameSite=Lax${t}`;
|
|
1469
1805
|
} catch (e) {
|
|
1470
|
-
|
|
1806
|
+
v(`Error setting session hint cookie: ${e.message}`);
|
|
1471
1807
|
}
|
|
1472
1808
|
}
|
|
1473
|
-
function
|
|
1474
|
-
|
|
1809
|
+
function ee() {
|
|
1810
|
+
Y(!1);
|
|
1475
1811
|
}
|
|
1476
|
-
function
|
|
1812
|
+
function Qt() {
|
|
1477
1813
|
try {
|
|
1478
|
-
sessionStorage.setItem(
|
|
1814
|
+
sessionStorage.setItem(Ce, JSON.stringify({ timestamp: Date.now() }));
|
|
1479
1815
|
} catch {
|
|
1480
|
-
|
|
1816
|
+
v("Failed to set silent redirect state");
|
|
1481
1817
|
}
|
|
1482
1818
|
}
|
|
1483
|
-
function
|
|
1819
|
+
function te() {
|
|
1484
1820
|
try {
|
|
1485
|
-
const
|
|
1486
|
-
if (
|
|
1821
|
+
const o = sessionStorage.getItem(Ce);
|
|
1822
|
+
if (o) return JSON.parse(o);
|
|
1487
1823
|
} catch {
|
|
1488
1824
|
}
|
|
1489
1825
|
return null;
|
|
1490
1826
|
}
|
|
1491
|
-
function
|
|
1827
|
+
function G() {
|
|
1492
1828
|
try {
|
|
1493
|
-
sessionStorage.removeItem(
|
|
1829
|
+
sessionStorage.removeItem(Ce);
|
|
1494
1830
|
} catch {
|
|
1495
1831
|
}
|
|
1496
1832
|
}
|
|
1497
|
-
function
|
|
1498
|
-
const e =
|
|
1499
|
-
return
|
|
1500
|
-
(t) => e.includes(t) ||
|
|
1833
|
+
function en(o) {
|
|
1834
|
+
const e = o.message || "";
|
|
1835
|
+
return Bt.some(
|
|
1836
|
+
(t) => e.includes(t) || o.error === t
|
|
1501
1837
|
);
|
|
1502
1838
|
}
|
|
1503
|
-
function
|
|
1839
|
+
function tn() {
|
|
1504
1840
|
try {
|
|
1505
|
-
const
|
|
1506
|
-
if (!
|
|
1507
|
-
const { timestamp: e } = JSON.parse(
|
|
1508
|
-
return Date.now() - e <
|
|
1841
|
+
const o = sessionStorage.getItem(ae);
|
|
1842
|
+
if (!o) return !1;
|
|
1843
|
+
const { timestamp: e } = JSON.parse(o);
|
|
1844
|
+
return Date.now() - e < Yt;
|
|
1509
1845
|
} catch {
|
|
1510
|
-
return sessionStorage.removeItem(
|
|
1846
|
+
return sessionStorage.removeItem(ae), !1;
|
|
1511
1847
|
}
|
|
1512
1848
|
}
|
|
1513
|
-
function
|
|
1849
|
+
function nn() {
|
|
1514
1850
|
try {
|
|
1515
|
-
sessionStorage.setItem(
|
|
1851
|
+
sessionStorage.setItem(ae, JSON.stringify({ timestamp: Date.now() }));
|
|
1516
1852
|
} catch {
|
|
1517
|
-
|
|
1853
|
+
v("Failed to set silent auth throttle in sessionStorage");
|
|
1518
1854
|
}
|
|
1519
1855
|
}
|
|
1520
|
-
function
|
|
1856
|
+
function ne() {
|
|
1521
1857
|
try {
|
|
1522
|
-
sessionStorage.removeItem(
|
|
1858
|
+
sessionStorage.removeItem(ae);
|
|
1523
1859
|
} catch {
|
|
1524
1860
|
}
|
|
1525
1861
|
}
|
|
1526
|
-
function
|
|
1862
|
+
function D(o) {
|
|
1527
1863
|
try {
|
|
1528
|
-
const e = new URL(
|
|
1864
|
+
const e = new URL(o).hostname, t = e.split(".");
|
|
1529
1865
|
if (t.length <= 1) return e;
|
|
1530
|
-
const
|
|
1866
|
+
const n = [
|
|
1531
1867
|
"co.uk",
|
|
1532
1868
|
"com.au",
|
|
1533
1869
|
"co.nz",
|
|
@@ -1565,7 +1901,7 @@ function N(n) {
|
|
|
1565
1901
|
"asn.au",
|
|
1566
1902
|
"id.au"
|
|
1567
1903
|
];
|
|
1568
|
-
for (const i of
|
|
1904
|
+
for (const i of n)
|
|
1569
1905
|
if (e.endsWith(`.${i}`)) {
|
|
1570
1906
|
const r = i.split(".").length + 1;
|
|
1571
1907
|
return t.slice(-r).join(".");
|
|
@@ -1575,47 +1911,47 @@ function N(n) {
|
|
|
1575
1911
|
return null;
|
|
1576
1912
|
}
|
|
1577
1913
|
}
|
|
1578
|
-
function
|
|
1579
|
-
if (
|
|
1580
|
-
const e =
|
|
1914
|
+
function on(o) {
|
|
1915
|
+
if (o.domains && o.domains.length > 0) {
|
|
1916
|
+
const e = D(window.location.href);
|
|
1581
1917
|
if (e) {
|
|
1582
|
-
for (const t of
|
|
1583
|
-
if (
|
|
1584
|
-
return
|
|
1585
|
-
|
|
1918
|
+
for (const t of o.domains)
|
|
1919
|
+
if (D(`https://${t}`) === e)
|
|
1920
|
+
return v(`Found matching domain in domains array: ${t} for TLD: ${e}`), t;
|
|
1921
|
+
v(`No matching domain found in domains array for TLD: ${e}`);
|
|
1586
1922
|
}
|
|
1587
1923
|
}
|
|
1588
|
-
if (
|
|
1589
|
-
return
|
|
1924
|
+
if (o.domain)
|
|
1925
|
+
return v(`Using fallback domain property: ${o.domain}`), o.domain;
|
|
1590
1926
|
}
|
|
1591
|
-
function
|
|
1927
|
+
function rn() {
|
|
1592
1928
|
try {
|
|
1593
|
-
const
|
|
1929
|
+
const o = Object.keys(localStorage).filter(
|
|
1594
1930
|
(e) => e.startsWith("@@auth0spajs@@")
|
|
1595
1931
|
);
|
|
1596
|
-
for (const e of
|
|
1932
|
+
for (const e of o) {
|
|
1597
1933
|
const t = JSON.parse(localStorage.getItem(e) || "{}");
|
|
1598
|
-
let
|
|
1599
|
-
if (typeof t == "object" && (t.body && typeof t.body == "object" && "refresh_token" in t.body ?
|
|
1934
|
+
let n;
|
|
1935
|
+
if (typeof t == "object" && (t.body && typeof t.body == "object" && "refresh_token" in t.body ? n = t.body.refresh_token : "refresh_token" in t && (n = t.refresh_token)), n && typeof n == "string" && n.length === qt)
|
|
1600
1936
|
return !0;
|
|
1601
1937
|
}
|
|
1602
|
-
} catch (
|
|
1603
|
-
|
|
1938
|
+
} catch (o) {
|
|
1939
|
+
v(`Error checking for existing auth0 tokens: ${o.message}`);
|
|
1604
1940
|
}
|
|
1605
1941
|
return !1;
|
|
1606
1942
|
}
|
|
1607
|
-
function
|
|
1608
|
-
let
|
|
1609
|
-
|
|
1943
|
+
function sn() {
|
|
1944
|
+
let o, e, t, n = !1, i = !1, r = !1;
|
|
1945
|
+
le() && window.addEventListener("pageshow", () => {
|
|
1610
1946
|
i = !1, r = !1;
|
|
1611
1947
|
});
|
|
1612
|
-
async function
|
|
1948
|
+
async function c(a) {
|
|
1613
1949
|
if (!a) return null;
|
|
1614
|
-
const
|
|
1615
|
-
if (!
|
|
1616
|
-
return
|
|
1950
|
+
const u = localStorage.getItem(V);
|
|
1951
|
+
if (!u)
|
|
1952
|
+
return v("No refresh token found in localstorage"), null;
|
|
1617
1953
|
const p = new URLSearchParams();
|
|
1618
|
-
p.set("client_id", a.iss), p.set("refresh_token",
|
|
1954
|
+
p.set("client_id", a.iss), p.set("refresh_token", u), p.set("grant_type", "refresh_token");
|
|
1619
1955
|
const g = new URL(a.iss);
|
|
1620
1956
|
g.pathname = "/oauth/token", g.searchParams.set("user_id", a.sub);
|
|
1621
1957
|
try {
|
|
@@ -1626,67 +1962,67 @@ function Gt() {
|
|
|
1626
1962
|
});
|
|
1627
1963
|
if (!f.ok) {
|
|
1628
1964
|
const b = await f.text().catch(() => "Unknown error");
|
|
1629
|
-
throw
|
|
1965
|
+
throw v(`Token refresh failed with status ${f.status}: ${b}`), localStorage.removeItem(V), new Error(`Renew token failed: ${f.status}`);
|
|
1630
1966
|
}
|
|
1631
1967
|
const w = await f.json();
|
|
1632
1968
|
if (!w.access_token)
|
|
1633
|
-
throw
|
|
1634
|
-
return w.refresh_token && localStorage.setItem(
|
|
1969
|
+
throw v("Token refresh response missing access_token"), new Error("Invalid token response");
|
|
1970
|
+
return w.refresh_token && localStorage.setItem(V, w.refresh_token), localStorage.setItem(U, w.access_token), w.access_token;
|
|
1635
1971
|
} catch (f) {
|
|
1636
|
-
return
|
|
1972
|
+
return v(`Token refresh error: ${f.message}`), localStorage.removeItem(V), localStorage.removeItem(U), await l.logout(), null;
|
|
1637
1973
|
}
|
|
1638
1974
|
}
|
|
1639
1975
|
async function h() {
|
|
1640
|
-
const a = localStorage.getItem(
|
|
1976
|
+
const a = localStorage.getItem(U);
|
|
1641
1977
|
if (!a) return null;
|
|
1642
|
-
const
|
|
1643
|
-
if (!
|
|
1644
|
-
const g = await u
|
|
1645
|
-
return g || (localStorage.removeItem(
|
|
1978
|
+
const u = Je(a), p = Date.now() / 1e3;
|
|
1979
|
+
if (!u || !u.exp || u.exp < p + We) {
|
|
1980
|
+
const g = await c(u);
|
|
1981
|
+
return g || (localStorage.removeItem(U), null);
|
|
1646
1982
|
}
|
|
1647
1983
|
return a;
|
|
1648
1984
|
}
|
|
1649
1985
|
async function d() {
|
|
1650
1986
|
if (r) {
|
|
1651
|
-
|
|
1987
|
+
v("Silent redirect already in progress");
|
|
1652
1988
|
return;
|
|
1653
1989
|
}
|
|
1654
|
-
if (!
|
|
1655
|
-
|
|
1990
|
+
if (!Fe()) {
|
|
1991
|
+
v("No session hint cookie - skipping prompt=none redirect for anonymous user");
|
|
1656
1992
|
return;
|
|
1657
1993
|
}
|
|
1658
|
-
const a =
|
|
1994
|
+
const a = te();
|
|
1659
1995
|
if (a && Date.now() - a.timestamp < 3e4) {
|
|
1660
|
-
|
|
1996
|
+
v("Recently attempted silent redirect, skipping to prevent loop");
|
|
1661
1997
|
return;
|
|
1662
1998
|
}
|
|
1663
|
-
|
|
1999
|
+
v("Attempting prompt=none redirect to recover session"), r = !0, Qt();
|
|
1664
2000
|
try {
|
|
1665
|
-
await
|
|
2001
|
+
await o.loginWithRedirect({
|
|
1666
2002
|
authorizationParams: { prompt: "none", redirect_uri: window.location.href, organization: e }
|
|
1667
2003
|
});
|
|
1668
|
-
} catch (
|
|
1669
|
-
|
|
2004
|
+
} catch (u) {
|
|
2005
|
+
v(`Prompt=none redirect failed: ${u.message}`), r = !1, G();
|
|
1670
2006
|
}
|
|
1671
2007
|
}
|
|
1672
2008
|
function m() {
|
|
1673
|
-
return t ?
|
|
2009
|
+
return t ? D(window.location.href) !== D(`https://${t}`) : !1;
|
|
1674
2010
|
}
|
|
1675
2011
|
function s(a) {
|
|
1676
2012
|
if (i)
|
|
1677
|
-
return
|
|
2013
|
+
return v("Login already in progress"), null;
|
|
1678
2014
|
if (i = !0, setTimeout(() => {
|
|
1679
2015
|
i = !1;
|
|
1680
|
-
}, 3e3), localStorage.removeItem(
|
|
1681
|
-
const
|
|
2016
|
+
}, 3e3), localStorage.removeItem(U), !o) throw new Error("Auth0 client not initialized");
|
|
2017
|
+
const u = a?.authorizationParams || {};
|
|
1682
2018
|
return {
|
|
1683
2019
|
...a,
|
|
1684
2020
|
authorizationParams: {
|
|
1685
2021
|
organization: e,
|
|
1686
2022
|
redirect_uri: window.location.href,
|
|
1687
|
-
ui_locales:
|
|
1688
|
-
incognito:
|
|
1689
|
-
...
|
|
2023
|
+
ui_locales: $t(),
|
|
2024
|
+
incognito: Ze(),
|
|
2025
|
+
...u
|
|
1690
2026
|
}
|
|
1691
2027
|
};
|
|
1692
2028
|
}
|
|
@@ -1694,9 +2030,9 @@ function Gt() {
|
|
|
1694
2030
|
async init(a) {
|
|
1695
2031
|
if (a.enabled === !1) return;
|
|
1696
2032
|
e = a.organization;
|
|
1697
|
-
const
|
|
1698
|
-
t =
|
|
1699
|
-
const p =
|
|
2033
|
+
const u = on(a);
|
|
2034
|
+
t = u && !rn() ? u : Ft("token", a.environment);
|
|
2035
|
+
const p = D(window.location.href) !== D(`https://${t}`), g = D(window.location.href), f = g ? `.${g}` : void 0, w = {
|
|
1700
2036
|
domain: t,
|
|
1701
2037
|
clientId: a.clientId,
|
|
1702
2038
|
useCookiesForTransactions: !0,
|
|
@@ -1704,97 +2040,97 @@ function Gt() {
|
|
|
1704
2040
|
...f && { cookieDomain: f },
|
|
1705
2041
|
cacheLocation: "localstorage"
|
|
1706
2042
|
};
|
|
1707
|
-
(p || a.useRefreshTokens) && (w.useRefreshTokens = !0),
|
|
1708
|
-
const b = new URLSearchParams(window.location.search),
|
|
2043
|
+
(p || a.useRefreshTokens) && (w.useRefreshTokens = !0), v(`Initializing auth0 client: ${JSON.stringify(w)}`), o = await Ut(w);
|
|
2044
|
+
const b = new URLSearchParams(window.location.search), k = b.get("code"), y = b.get("state"), S = b.get("error");
|
|
1709
2045
|
if (S) {
|
|
1710
2046
|
const E = b.get("error_description");
|
|
1711
|
-
|
|
2047
|
+
v(`Auth error in URL: ${S}${E ? ` - ${E}` : ""}`);
|
|
1712
2048
|
const T = new URL(location.href);
|
|
1713
2049
|
T.searchParams.delete("error"), T.searchParams.delete("error_description"), T.searchParams.delete("state"), window.history.replaceState({}, document.title, T.toString());
|
|
1714
|
-
const C =
|
|
1715
|
-
if (C &&
|
|
1716
|
-
|
|
2050
|
+
const C = te();
|
|
2051
|
+
if (C && G(), S === "login_required")
|
|
2052
|
+
v("Silent redirect returned login_required - user is not authenticated"), ee();
|
|
1717
2053
|
else if (C)
|
|
1718
|
-
|
|
2054
|
+
v(`Silent redirect returned ${S} - treating as unauthenticated`), ee();
|
|
1719
2055
|
else {
|
|
1720
2056
|
const I = E || `Authentication failed: ${S}`;
|
|
1721
|
-
|
|
2057
|
+
v(`Non-silent auth error, alerting user: ${I}`), setTimeout(() => {
|
|
1722
2058
|
alert(I);
|
|
1723
2059
|
}, 0);
|
|
1724
2060
|
}
|
|
1725
2061
|
}
|
|
1726
|
-
if (
|
|
2062
|
+
if (k)
|
|
1727
2063
|
if (window.opener)
|
|
1728
|
-
|
|
1729
|
-
{ type: "authorization_response", response: { code:
|
|
2064
|
+
v("Code found in URL, posting to opener"), window.opener.postMessage(
|
|
2065
|
+
{ type: "authorization_response", response: { code: k, state: y } },
|
|
1730
2066
|
window.location.origin
|
|
1731
2067
|
);
|
|
1732
2068
|
else {
|
|
1733
|
-
|
|
2069
|
+
v("Code found in URL, handling redirect");
|
|
1734
2070
|
const E = window.location.href, T = new URL(location.href), C = T.searchParams;
|
|
1735
|
-
C.delete("code"), C.delete("state"), T.search = C.toString(), window.history.replaceState({}, document.title, T.toString()),
|
|
2071
|
+
C.delete("code"), C.delete("state"), T.search = C.toString(), window.history.replaceState({}, document.title, T.toString()), v("Rewrote url to remove code and state");
|
|
1736
2072
|
try {
|
|
1737
|
-
const I = await
|
|
1738
|
-
|
|
1739
|
-
const
|
|
1740
|
-
if (!
|
|
1741
|
-
|
|
2073
|
+
const I = await o.handleRedirectCallback(E);
|
|
2074
|
+
v(`Login result: ${JSON.stringify(I)}`);
|
|
2075
|
+
const A = await o.getUser();
|
|
2076
|
+
if (!A) throw new Error("No user found");
|
|
2077
|
+
v(`User found ${JSON.stringify(A)}`), ne(), te() && (v("Successfully recovered session via prompt=none redirect"), G()), Y(!0), v(`Triggering AUTHENTICATED event with appState: ${JSON.stringify(I.appState)}`), me(M.AUTHENTICATED, { ...A, appState: I.appState });
|
|
1742
2078
|
} catch (I) {
|
|
1743
|
-
|
|
2079
|
+
v(`Error handling redirect: ${I.message}`), te() ? (G(), ee(), v("Silent redirect failed, cleared session hints")) : alert("There was an error logging in"), console.error(I);
|
|
1744
2080
|
}
|
|
1745
2081
|
}
|
|
1746
|
-
|
|
2082
|
+
n = !0, me(M.AUTH_INITIALIZED, {});
|
|
1747
2083
|
},
|
|
1748
2084
|
async isAuthenticated() {
|
|
1749
|
-
if (!o) return !1;
|
|
1750
|
-
if (await h()) return !0;
|
|
1751
2085
|
if (!n) return !1;
|
|
1752
|
-
|
|
1753
|
-
|
|
2086
|
+
if (await h()) return !0;
|
|
2087
|
+
if (!o) return !1;
|
|
2088
|
+
const u = await o.isAuthenticated();
|
|
2089
|
+
return u && Y(!0), u;
|
|
1754
2090
|
},
|
|
1755
|
-
async getTokenSilently(a = !0,
|
|
1756
|
-
if (!
|
|
2091
|
+
async getTokenSilently(a = !0, u = !1) {
|
|
2092
|
+
if (!n) return null;
|
|
1757
2093
|
const p = await h();
|
|
1758
2094
|
if (p) return p;
|
|
1759
|
-
if (!
|
|
1760
|
-
if (
|
|
2095
|
+
if (!u && tn()) {
|
|
2096
|
+
if (v("Silent auth is throttled due to recent failures, skipping request"), a) throw new Error("Silent auth throttled");
|
|
1761
2097
|
return null;
|
|
1762
2098
|
}
|
|
1763
2099
|
try {
|
|
1764
|
-
if (!
|
|
1765
|
-
return
|
|
1766
|
-
let g = await
|
|
1767
|
-
const f =
|
|
1768
|
-
return
|
|
2100
|
+
if (!o)
|
|
2101
|
+
return v("Auth client not initialized"), null;
|
|
2102
|
+
let g = await o.getTokenSilently();
|
|
2103
|
+
const f = Je(g), w = Date.now() / 1e3;
|
|
2104
|
+
return u && f?.exp && f.exp - w < 3600 + We && (g = await o.getTokenSilently({ cacheMode: "off" })), ne(), Y(!0), g;
|
|
1769
2105
|
} catch (g) {
|
|
1770
2106
|
const f = g;
|
|
1771
|
-
if (
|
|
1772
|
-
if (
|
|
1773
|
-
return
|
|
1774
|
-
|
|
2107
|
+
if (v(`Failed to get token silently: ${f.message}`), en(f)) {
|
|
2108
|
+
if (v("Iframe-based auth blocked by browser privacy restrictions"), Fe())
|
|
2109
|
+
return v("Session hint present - attempting prompt=none redirect recovery"), await d(), null;
|
|
2110
|
+
v("No session hint - user is likely anonymous, not attempting redirect");
|
|
1775
2111
|
}
|
|
1776
|
-
if (
|
|
2112
|
+
if (nn(), await o.isAuthenticated() && (f.message === "Invalid refresh token" || f.message.includes("Missing Refresh Token")) && await l.logout(), a) throw g;
|
|
1777
2113
|
return null;
|
|
1778
2114
|
}
|
|
1779
2115
|
},
|
|
1780
2116
|
async getUser() {
|
|
1781
|
-
return
|
|
2117
|
+
return n ? await h() ? { sub: "local", name: "Local User" } : o ? await o.getUser() : null : null;
|
|
1782
2118
|
},
|
|
1783
2119
|
async login(a) {
|
|
1784
|
-
return m() && (
|
|
2120
|
+
return m() && (Gt() || Mt() || Ze()) ? (v("Using popup login for cross-domain auth on Safari/Android/Incognito"), l.loginWithPopup(a)) : (v("Using redirect login"), l.loginWithRedirect(a));
|
|
1785
2121
|
},
|
|
1786
2122
|
async loginWithRedirect(a) {
|
|
1787
|
-
const
|
|
1788
|
-
if (
|
|
1789
|
-
return
|
|
2123
|
+
const u = s(a);
|
|
2124
|
+
if (u)
|
|
2125
|
+
return o.loginWithRedirect(u);
|
|
1790
2126
|
},
|
|
1791
2127
|
async loginWithPopup(a) {
|
|
1792
|
-
const
|
|
1793
|
-
if (!
|
|
1794
|
-
await
|
|
1795
|
-
const p = await
|
|
2128
|
+
const u = s(a);
|
|
2129
|
+
if (!u) return;
|
|
2130
|
+
await o.loginWithPopup(u, { timeoutInSeconds: 1800 }), ne(), Y(!0);
|
|
2131
|
+
const p = await o.getUser();
|
|
1796
2132
|
if (!p) throw new Error("No user found after popup login");
|
|
1797
|
-
const g = new CustomEvent(
|
|
2133
|
+
const g = new CustomEvent(M.AUTHENTICATED, {
|
|
1798
2134
|
detail: {
|
|
1799
2135
|
...p,
|
|
1800
2136
|
appState: a?.appState
|
|
@@ -1805,8 +2141,8 @@ function Gt() {
|
|
|
1805
2141
|
window.dispatchEvent(g) && window.location.reload();
|
|
1806
2142
|
},
|
|
1807
2143
|
async logout(a = {}) {
|
|
1808
|
-
if (
|
|
1809
|
-
return
|
|
2144
|
+
if (n && (localStorage.removeItem(U), localStorage.removeItem(V), ee(), G(), ne(), me(M.LOGOUT, {}), !!o))
|
|
2145
|
+
return v(`Logout with options: ${JSON.stringify(a)}`), o.logout({
|
|
1810
2146
|
...a,
|
|
1811
2147
|
logoutParams: {
|
|
1812
2148
|
returnTo: window.location.href,
|
|
@@ -1817,12 +2153,12 @@ function Gt() {
|
|
|
1817
2153
|
};
|
|
1818
2154
|
return l;
|
|
1819
2155
|
}
|
|
1820
|
-
|
|
2156
|
+
le() && (sn(), void 0);
|
|
1821
2157
|
export {
|
|
1822
|
-
|
|
1823
|
-
|
|
1824
|
-
|
|
1825
|
-
|
|
1826
|
-
|
|
1827
|
-
|
|
2158
|
+
U as ACCESS_TOKEN_KEY,
|
|
2159
|
+
V as REFRESH_TOKEN_KEY,
|
|
2160
|
+
et as SESSION_HINT_COOKIE,
|
|
2161
|
+
ae as SILENT_AUTH_THROTTLE_KEY,
|
|
2162
|
+
Ce as SILENT_REDIRECT_STATE_KEY,
|
|
2163
|
+
sn as createAuth0Plugin
|
|
1828
2164
|
};
|