@softwarepatterns/am 0.0.1 → 0.1.0

package/dist/index.d.ts

@@ -1,3 +1,34 @@
+/**
+ * Standard error object following RFC 7807 (Problem Details for HTTP APIs).
+ *
+ * Returned in AuthError.problem when the server responds with application/problem+json.
+ *
+ * - `type`: A URI reference that identifies the problem type. Often links to human-readable documentation.
+ * - `title`: A short, human-readable summary of the problem type.
+ * - `status`: The HTTP status code.
+ * - `code`: Application-specific error code for programmatic handling. Maps to the final part of the error type.
+ * - `detail`: Human-readable explanation specific to this occurrence. Do not rely on this for programmatic handling.
+ * - `invalidParams`: Present on validation errors (typically 400). Provides field-level details
+ *   for building precise UI feedback and can be used for programmatic handling. Each entry includes:
+ *   - `in`: Location of the invalid parameter (body, cookie, header, query, path).
+ *   - `path`: Dot-separated path to the invalid parameter.
+ *   - `type`: Error type code for this parameter (e.g. "required", "email", "min_length").
+ *   - `received`: The actual value received.
+ *   - `expected`: (optional) Description of the expected value.
+ *
+ * @example
+ * ```ts
+ * catch (e) {
+ *   if (e instanceof AuthError && e.invalidParams) {
+ *     const errors = e.invalidParams.reduce((acc, p) => {
+ *       acc[p.path] = p.type;
+ *       return acc;
+ *     }, {} as Record<string, string>);
+ *     setFieldErrors(errors);
+ *   }
+ * }
+ * ```
+ */
 type ProblemDetails = {
     type: string;
     title: string;
@@ -12,28 +43,98 @@ type ProblemDetails = {
         expected?: string;
     }[];
 };
+/**
+ * Opaque identifier for a client application.
+ *
+ * Used to look up client-specific settings on how authentication should be handled.
+ *
+ * All client-specific operations (invites, branding, rate limits) are scoped to a ClientId.
+ */
 type ClientId = `cid${string}`;
+/** Identifier for a user. */
 type UserId = `uid${string}`;
+/** Identifier for an account (i.e., a billable entity). */
 type AccountId = `acc${string}`;
+/** Identifier for a membership linking a user to an account. */
 type MembershipId = `mbr${string}`;
-type UserStatus = "active" | "trial" | "past_due" | "suspended" | "closed";
+/**
+ * Possible statuses for an account.
+ *
+ * - active: Normal operation
+ * - trial: In trial period
+ * - past_due: Payment failed but grace period active
+ * - suspended: Access restricted due to billing or policy
+ * - closed: Permanently closed
+ */
+type AccountStatus = "active" | "trial" | "past_due" | "suspended" | "closed";
+/**
+ * Accounts are billable entities that can access resources. Users are linked to accounts via memberships with roles.
+ *
+ * An account with subaccounts is acting as a tenant, and is used to create services with their own billing,
+ * accounts, users, memberships, etc. This is useful for SaaS platforms that want to offer isolated environments
+ * for different customers, and to allow reselling of their services to other SaaS providers.
+ *
+ * For example, an email service lets customers sign up. However, some customers want to offer
+ * email services to their own clients. Therefore, the email provider has an account for each customer, and those
+ * customers have accounts for their own clients as well. Each level is isolated, with separate billing and users.
+ */
+type AccountResource = {
+    id: AccountId;
+    parentId: AccountId | null;
+    /** Display name chosen by the account owner */
+    name: string | null;
+    /** URL to the account's avatar image */
+    avatarUrl: string | null;
+    /** Current account status */
+    status: AccountStatus;
+    /** ISO 8601 timestamp until which the account is paid (null if never paid or closed) */
+    paidUntil: string | null;
+};
+/**
+ * Possible statuses for a user.
+ *
+ * - active: Normal operation
+ * - trial: In trial period
+ * - past_due: Payment failed but grace period active
+ * - suspended: Access restricted due to billing or policy
+ * - closed: Permanently closed
+ */
+type UserStatus = "active" | "disabled" | "suspended" | "deleted";
+/**
+ * A reference to a user. Will not be deleted even due to GDPR requests or account closures,
+ * to maintain referential integrity in audit logs and historical records.
+ */
 type UserResource = {
     id: UserId;
     accountId: AccountId;
     status: UserStatus;
     preferredMembershipId: MembershipId | null;
 };
+/**
+ * Personal identity information (PII) for a user. Will be deleted due to GDPR requests or account
+ * closures to respect legal requirements of various regions..
+ */
 type UserIdentity = {
     id: UserId;
     avatarUrl: string | null;
+    /** External identifier from third-party provider (i.e., SCIM) */
     externalId: string | null;
     givenName: string | null;
     familyName: string | null;
     displayName: string | null;
+    /** Preferred language code (en-CA, fr-FR, zh-CN, etc.) */
     preferredLanguage: string | null;
+    /** Locale code (e.g., "en-US") */
     locale: string | null;
     timezone: string | null;
 };
+/**
+ * Roles within an account membership.
+ *
+ * - owner: Full administrative access, may perform destructive actions.
+ * - member: Standard non-destructive access
+ * - viewer: Read-only access
+ */
 type MembershipRole = "owner" | "member" | "viewer";
 type Membership = {
     id: MembershipId;
@@ -41,34 +142,128 @@ type Membership = {
     accountId: AccountId;
     role: MembershipRole;
 };
+/**
+ * Email credential record attached to a user.
+ *
+ * Sensitive fields (email) are only included when explicitly requested
+ * or when the caller has appropriate permissions.
+ */
 type EmailCredential = {
     id: string;
     email: string | null;
-    hashedEmail: string | null;
-    hashedPassword: string | null;
     emailVerifiedAt: string | null;
 };
 type SessionTokens = {
+    /** Signed JWT access token for authenticating API requests */
     accessToken: string;
+    /** Opaque refresh token for obtaining new access tokens */
     refreshToken: string;
     tokenType: "Bearer";
+    /** Seconds until the access token expires from time of issuance */
     expiresIn: number;
     idToken?: string;
+    /** Absolute expiration time (milliseconds since epoch) set by the client library */
+    expiresAt: number;
 };
+/**
+ * Complete profile of the currently authenticated user.
+ *
+ * Combines basic user data with identity, credentials, memberships, and freshness timestamp.
+ *
+ * `lastUpdatedAt` is updated whenever the profile is fetched from the server.
+ */
 type SessionProfile = UserResource & {
-    identity: UserIdentity;
+    identity: UserIdentity | null;
     emailCredentials: EmailCredential[];
-    memberships: Membership[];
+    memberships: (Membership & {
+        account: AccountResource;
+    })[];
+    /** Currently active membership in the accessToken (determined by preferredMembershipId or context) */
     activeMembership: Membership | null;
+    lastUpdatedAt: number;
 };
-type AuthenticationResult = {
-    session: SessionTokens;
+/**
+ * Combined authentication state containing tokens and optional profile.
+ */
+type Authentication = {
+    tokens: SessionTokens;
     profile: SessionProfile;
 };
+/**
+ * Result of checkEmail() indicating whether the email is registered.
+ */
 type EmailCheckStatus = "active" | "inactive";
+/**
+ * Supported login methods for an email address.
+ *
+ * Currently limited to email/password and magic link flows.
+ */
 type LoginMethod = "email_password" | "magic_link";
+/**
+ * Minimal storage interface required for session persistence.
+ *
+ * Compatible with localStorage, sessionStorage, AsyncStorage (React Native), or any custom implementation.
+ */
+type StorageLike = {
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+};
 
+type StorageConfig = StorageLike | "localStorage" | null | undefined;
 type FetchFn = (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
+type Config = {
+    baseUrl: string;
+    earlyRefreshMs: number;
+    fetchFn: FetchFn;
+    profileStorageKey: string;
+    storage: StorageConfig;
+    tokensStorageKey: string;
+};
+type AuthEventMap = {
+    refresh: SessionTokens;
+    profileChange: SessionProfile;
+    unauthenticated: AuthError;
+    sessionChange: AuthSession | null;
+};
+/**
+ * AuthError represents structured authentication failures from Accountmaker endpoints.
+ *
+ * AuthError wraps RFC 7807 Problem Details. invalidParams may be present for field-level validation.
+ * Network failures throw other error types.
+ *
+ * Also note that the `type` field often contains a URI that points to documentation about the
+ * specific error type, including how to resolve it, code samples, and links to the RFCs or other
+ * standards that define the error.
+ *
+ * @example
+ * ```ts
+ * try {
+ *  const session = await am.signIn({ email: 'test@example.com', password: 'password123' });
+ * } catch (e) {
+ *  if (e instanceof AuthError) {
+ *   console.error("Authentication failed:", e.title);
+ *   if (e.invalidParams) {
+ *    for (const param of e.invalidParams) {
+ *      console.error(` - Invalid parameter: ${param.path} (${param.type})`);
+ *     }
+ *    }
+ *   } else {
+ *    console.error("Unexpected error:", e);
+ *   }
+ * }
+ * ```
+ *
+ * Note that HTTP error codes are distinctly:
+ * - 400: Client error (bad request, invalid input, etc.)
+ * - 401: Unauthenticated (we don't know who you are)
+ * - 402: Payment required (e.g. billing issue)
+ * - 403: Unauthorized (we know who you are, but you don't have permission)
+ * - 404: Not found
+ * - 409: Conflict (email already registered, user already invited, etc.)
+ * - 429: Too many requests (rate limiting)
+ * - 500: Internal server error (server's fault)
+ */
 declare class AuthError extends Error {
     readonly problem: ProblemDetails;
     constructor(problem: ProblemDetails);
@@ -79,57 +274,140 @@ declare class AuthError extends Error {
     get detail(): string | undefined;
     get invalidParams(): ProblemDetails["invalidParams"] | undefined;
 }
-type Config = {
-    fetchFn: FetchFn;
-    baseUrl: string;
-};
+/**
+ * AuthSession represents an authenticated user with automatic token refresh and persisted state.
+ *
+ * AuthSession owns tokens, profile data, refresh logic, and authenticated requests.
+ */
 declare class AuthSession {
-    private tokens;
-    private config;
-    private lastUpdated;
-    constructor(tokens: SessionTokens, config: Partial<Config>);
-    get accessToken(): string;
-    get refreshToken(): string;
-    get idToken(): string | undefined;
-    get tokenType(): "Bearer";
-    get expiresIn(): number;
-    get lastUpdatedAt(): Date;
-    get expiresAt(): Date;
+    constructor(initial: Authentication, config: Partial<Config>);
+    /**
+     * Removes all persisted data (tokens, profile) from storage, and prevents future
+     * refreshes of token and profile data. Does NOT clear current token or profile data from the
+     * session memory, but effectively deactivates the session for future use.
+     */
+    clear(): void;
+    get tokens(): SessionTokens;
+    get profile(): SessionProfile;
+    toJSON(): Authentication;
+    /**
+     * Creates an AuthSession from existing authentication data. Useful for restoring
+     * a session from custom storage or creating a session from custom server-provided data.
+     */
+    static fromJSON(initial: Authentication, config: Partial<Config>): AuthSession;
+    /**
+     * Returns true if the access token is expired or will expire soon. The
+     * "soon" threshold is configured via Config.earlyRefreshMs (default 1 minute).
+     */
     isExpired(): boolean;
     /**
-     * Fetch with automatic token refresh.
+     * Performs standard fetch() with a Bearer token and automatic refresh.
+     *
+     * Returns Response, does not parse the body, does not throw for HTTP status codes.
+     * Throws AuthError when refresh fails, trows runtime errors on network failure.
+     *
+     * @example
+     * ```ts
+     * const res = await session.fetch("/api/projects");
+     * const projects = await res.json();
+     * ```
+     *
+     * Any service can validate tokens using:
+     * https://api.accountmaker.com/.well-known/jwks.json?client_id={clientId}
+     */
+    fetch(url: string | URL, init?: RequestInit): Promise<Response>;
+    /**
+     * Replaces the access token using the refresh token.
      *
-     * If the access token is expired, it will be refreshed before making the request. The
-     * Authorization header will be set with the current access token.
+     * It is called automatically by all other methods when the access token is expired or near expiry.
      */
-    fetch(url: string | URL | Request, init?: RequestInit): Promise<Response>;
     refresh(): Promise<void>;
+    /**
+     * refetchProfile() replaces the cached profile with server state.
+     *
+     * Concurrent calls are deduplicated.
+     *
+     * @example
+     * ```ts
+     * await session.refetchProfile();
+     * console.log("Updated profile:", session.profile);
+     * ```
+     *
+     * Throws AuthError on network errors, etc.
+     * @throws AuthError
+     */
+    refetchProfile(): Promise<void>;
+    /**
+     * Requests a verification email for the current user.
+     *
+     * Throws AuthError on network errors, etc.
+     * @throws AuthError
+     */
     sendVerificationEmail(): Promise<void>;
-    me(): Promise<SessionProfile>;
-    user(id: UserId): Promise<UserResource>;
 }
+/**
+ * Am runs authentication flows and produces AuthSession.
+ *
+ * Use Am before a session exists (sign-in, sign-up, magic link, invites, password reset, CSRF).
+ *
+ * @example
+ * ```ts
+ * const am = new Am();
+ * const session = await am.signIn({ email: 'user@example.com', password: 'secret' });
+ * // Now use `session` for protected API calls
+ * ```
+ */
 declare class Am {
-    private options;
     constructor(config?: Partial<Config>);
-    static createAuthSession(tokens: SessionTokens, config?: Partial<Config>): AuthSession;
-    createAuthSession(tokens: SessionTokens): AuthSession;
-    static acceptInvite(query: {
-        clientId: ClientId;
-        token: string;
-    }, config?: Partial<Config>): Promise<AuthenticationResult>;
+    /**
+     * session returns the current AuthSession or null.
+     *
+     * Use restoreSession() to load from storage.
+     *
+     * @example
+     * ```ts
+     * const session = am.session;
+     * if (!session) throw new Error("Not authenticated");
+     * ```
+     */
+    get session(): AuthSession | null;
+    /**
+     * Constructs AuthSession from existing tokens and profile.
+     *
+     * Use this after a server-side auth handshake or custom persistence.
+     */
+    createSession(initial: Authentication): AuthSession;
+    /**
+     * restoreSession loads AuthSession from storage or returns null.
+     *
+     * Invalid or partial stored data is cleared.
+     *
+     * @example
+     * ```ts
+     * const am = new Am({ storage: 'localStorage' });
+     * const session = am.restoreSession();
+     * if (session) session.fetch("/api/me");
+     * ```
+     */
+    restoreSession(): AuthSession | null;
+    /**
+     * Subscribes to auth events and returns an unsubscribe function.
+     */
+    on<K extends keyof AuthEventMap>(event: K, fn: (v: AuthEventMap[K]) => void): () => boolean;
+    /**
+     * acceptInvite exchanges an invite token for a fresh AuthSession.
+     *
+     * Throws AuthError on invalid, expired, or already-used tokens.
+     */
     acceptInvite(query: {
         clientId: ClientId;
         token: string;
-    }): Promise<AuthenticationResult>;
-    static checkEmail(body: {
-        clientId: ClientId;
-        email: string;
-        csrfToken?: string;
-    }, config?: Partial<Config>): Promise<{
-        status: EmailCheckStatus;
-        preferred: LoginMethod[];
-        available: LoginMethod[];
-    }>;
+    }): Promise<AuthSession>;
+    /**
+     * checkEmail returns how an email should authenticate for this client.
+     *
+     * Use this to choose password vs magic link vs SSO before rendering a login form.
+     */
     checkEmail(body: {
         clientId: ClientId;
         email: string;
@@ -139,67 +417,74 @@ declare class Am {
         preferred: LoginMethod[];
         available: LoginMethod[];
     }>;
-    static csrfSession(config?: Partial<Config>): Promise<{
-        csrfToken: string;
-    }>;
+    /**
+     * Sets the httpOnly CSRF cookie.
+     *
+     * Call csrfToken() next to fetch a signed token for form posts.
+     */
     csrfSession(): Promise<{
         csrfToken: string;
     }>;
-    static csrfToken(config?: Partial<Config>): Promise<{
-        csrfToken: string;
-    }>;
+    /**
+     * Returns a signed CSRF token for form posts.
+     *
+     * Call csrfSession() first to set the CSRF cookie.
+     */
     csrfToken(): Promise<{
         csrfToken: string;
     }>;
-    static login(body: {
-        email: string;
-        password: string;
-        csrfToken?: string;
-    }, config?: Partial<Config>): Promise<AuthenticationResult>;
-    login(body: {
-        email: string;
-        password: string;
-        csrfToken?: string;
-    }): Promise<AuthenticationResult>;
-    static tokenLogin(token: string, config?: Partial<Config>): Promise<AuthenticationResult>;
-    tokenLogin(token: string): Promise<AuthenticationResult>;
-    static refresh(refreshToken: string, config?: Partial<Config>): Promise<SessionTokens>;
-    refresh(refreshToken: string): Promise<SessionTokens>;
-    static register(body: {
+    /**
+     * Authenticates with email and password and returns a new AuthSession.
+     *
+     * Tokens and profile are persisted when storage is configured.
+     */
+    signIn(body: {
+        clientId: ClientId;
         email: string;
         password: string;
         csrfToken?: string;
-    }, config?: Partial<Config>): Promise<AuthenticationResult>;
-    register(body: {
+    }): Promise<AuthSession>;
+    /**
+     * Authenticates with a one-time token and returns a new AuthSession.
+     *
+     * Use this for magic links and similar one-time login flows.
+     */
+    signInWithToken(token: string): Promise<AuthSession>;
+    /**
+     * Creates a new user and returns a new AuthSession.
+     *
+     * Tokens and profile are persisted when storage is configured.
+     */
+    signUp(body: {
+        clientId: ClientId;
         email: string;
         password: string;
         csrfToken?: string;
-    }): Promise<AuthenticationResult>;
-    static resetPassword(body: {
-        token: string;
-        newPassword: string;
-    }, config?: Partial<Config>): Promise<void>;
+    }): Promise<AuthSession>;
+    /**
+     * Sets a new password using a one-time reset token.
+     */
     resetPassword(body: {
         token: string;
         newPassword: string;
     }): Promise<void>;
-    static sendMagicLink(body: {
-        email: string;
-        csrfToken?: string;
-    }, config?: Partial<Config>): Promise<void>;
+    /**
+     * Sends a one-time sign-in link to an email address.
+     */
     sendMagicLink(body: {
+        clientId: ClientId;
         email: string;
         csrfToken?: string;
     }): Promise<void>;
-    static sendPasswordReset(body: {
-        email: string;
-        csrfToken?: string;
-    }, config?: Partial<Config>): Promise<void>;
+    /**
+     * Sends a password reset link to an email address.
+     */
     sendPasswordReset(body: {
+        clientId: ClientId;
         email: string;
         csrfToken?: string;
     }): Promise<void>;
 }
 
 export { Am, AuthError, AuthSession };
-export type { AuthenticationResult, ClientId, EmailCheckStatus, LoginMethod, ProblemDetails, SessionProfile, SessionTokens, UserId, UserResource };
+export type { AccountId, AccountResource, AccountStatus, Authentication, ClientId, EmailCheckStatus, EmailCredential, LoginMethod, Membership, MembershipId, MembershipRole, ProblemDetails, SessionProfile, SessionTokens, StorageLike, UserId, UserIdentity, UserResource, UserStatus };

package/dist/index.mjs

@@ -1,2 +1,2 @@
-function t(t){return t.replace(/_([a-z])/g,(t,e)=>e.toUpperCase())}function e(n){if(null===n||"object"!=typeof n)return n;if(Array.isArray(n))return n.map(t=>e(t));const s=n,r={};for(const n of Object.keys(s))Object.prototype.hasOwnProperty.call(s,n)&&(r[t(n)]=e(s[n]));return r}function n(t){return t.replace(/[A-Z]/g,t=>`_${t.toLowerCase()}`)}function s(t){if(null===t||"object"!=typeof t)return t;if(Array.isArray(t))return t.map(t=>s(t));const e=t,r={};for(const t of Object.keys(e))Object.prototype.hasOwnProperty.call(e,t)&&(r[n(t)]=s(e[t]));return r}class r extends Error{constructor(t){super(t.title),this.name="AuthError",this.problem=Object.freeze(t)}get type(){return this.problem.type}get title(){return this.problem.title}get status(){return this.problem.status}get code(){return this.problem.code}get detail(){return this.problem.detail}get invalidParams(){return this.problem.invalidParams}}const a={fetchFn:function(){const t=globalThis.fetch;return"function"==typeof t?t:async()=>{throw new Error("Missing fetch implementation. Provide config.fetchFn or use a runtime with global fetch.")}}(),baseUrl:"https://api.accountmaker.com"};const i=async t=>{if(204===t.status)return;const n=await async function(t){const e=t.headers.get("Content-Type")||"";if(!e.includes("application/json")&&!e.includes("+json"))return null;try{return await t.json()}catch{return null}}(t),s=e(n);if(!t.ok){if(function(t){return(t.headers.get("Content-Type")||"").includes("application/problem+json")}(t)&&s&&"object"==typeof s)throw new r(s);throw new r(function(t,e){return{type:"about:blank",title:t.statusText||"Request failed",status:t.status,detail:e}}(t,"string"==typeof n?n:void 0))}return s},o=async({fetchFn:t,baseUrl:e},n,r={})=>{const a=new URLSearchParams(s(r)).toString(),o=a?`${e}${n}?${a}`:`${e}${n}`,c=await t(o,{method:"GET",headers:{Accept:"application/json"}});return i(c)},c=async({fetchFn:t,baseUrl:e},n,r)=>{const a=await t(`${e}${n}`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(s(r))});return i(a)},h=async({accessToken:t},{fetchFn:e,baseUrl:n},r,a={})=>{const o=new URLSearchParams(s(a)).toString(),c=o?`${n}${r}?${o}`:`${n}${r}`,h=await e(c,{method:"GET",headers:{Accept:"application/json",Authorization:`Bearer ${t}`}});return i(h)};class u{constructor(t,e){this.tokens=t,this.config={...a,...e},this.lastUpdated=new Date}get accessToken(){return this.tokens.accessToken}get refreshToken(){return this.tokens.refreshToken}get idToken(){return this.tokens.idToken}get tokenType(){return this.tokens.tokenType}get expiresIn(){return this.tokens.expiresIn}get lastUpdatedAt(){return this.lastUpdated}get expiresAt(){return new Date(this.lastUpdated.getTime()+1e3*this.expiresIn)}isExpired(){return Date.now()>=this.expiresAt.getTime()-6e4}async fetch(t,e={}){const{fetchFn:n}=this.config;return this.isExpired()&&await this.refresh(),await n(t,{...e,headers:{...e.headers||{},Authorization:`Bearer ${this.tokens.accessToken}`}})}async refresh(){const{fetchFn:t,baseUrl:e}=this.config,n=await t(`${e}/auth/refresh`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(s({refreshToken:this.tokens.refreshToken}))}),r=await i(n);this.tokens=r,this.lastUpdated=new Date}async sendVerificationEmail(){await(async({accessToken:t},{fetchFn:e,baseUrl:n},r,a)=>{const o=await e(`${n}${r}`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${t}`},body:JSON.stringify(s(a))});return i(o)})(this,this.config,"/auth/send-verification-email",{})}async me(){return await h(this,this.config,"/auth/me",{})}async user(t){return await h(this,this.config,`/auth/user/${t}`,{})}}class p{constructor(t){this.options={...a,...t}}static createAuthSession(t,e){return new p(e).createAuthSession(t)}createAuthSession(t){return new u(t,this.options)}static async acceptInvite(t,e){return new p(e).acceptInvite(t)}async acceptInvite(t){return await o(this.options,"/auth/accept-invite",t)}static async checkEmail(t,e){return new p(e).checkEmail(t)}async checkEmail(t){return c(this.options,"/auth/check-email",t)}static async csrfSession(t){return new p(t).csrfSession()}async csrfSession(){return o(this.options,"/auth/csrf-session")}static async csrfToken(t){return new p(t).csrfToken()}async csrfToken(){return o(this.options,"/auth/csrf-token")}static async login(t,e){return new p(e).login(t)}async login(t){return await c(this.options,"/auth/login",t)}static async tokenLogin(t,e){return new p(e).tokenLogin(t)}async tokenLogin(t){const e=this.options;return await o(e,"/auth/token-login",{token:t})}static async refresh(t,e){return new p(e).refresh(t)}async refresh(t){return await c(this.options,"/auth/refresh",{refreshToken:t})}static async register(t,e){return new p(e).register(t)}async register(t){return await c(this.options,"/auth/register",t)}static async resetPassword(t,e){return new p(e).resetPassword(t)}async resetPassword(t){return c(this.options,"/auth/reset-password",t)}static async sendMagicLink(t,e){return new p(e).sendMagicLink(t)}async sendMagicLink(t){return c(this.options,"/auth/send-magic-link",t)}static async sendPasswordReset(t,e){return new p(e).sendPasswordReset(t)}async sendPasswordReset(t){return c(this.options,"/auth/send-password-reset",t)}}export{p as Am,r as AuthError,u as AuthSession};
+const t=Symbol("session_state"),e=Symbol("auth_session"),n=Symbol("auth_state"),r=Symbol("emitter");function s(t){return t?"localStorage"===t?function(){try{return"undefined"==typeof window?null:window.localStorage?window.localStorage:null}catch{return null}}():t:null}function o(t,e){return t?function(t){if(!t)return null;try{return JSON.parse(t)}catch{return null}}(t.getItem(e)):null}function i(t,e,n){if(t)try{t.setItem(e,JSON.stringify(n))}catch{}}function a(t,e){if(t)try{t.removeItem(e)}catch{}}function c(t,e,n){if(!t)return;const r=o(t,e),s=l(r)?r:null;null===r||s||a(t,e),s&&s.expiresAt>=n.expiresAt||i(t,e,n)}function u(t,e,n){if(!t)return;const r=o(t,e),s=f(r)?r:null;null===r||s||a(t,e),s&&s.lastUpdatedAt>=n.lastUpdatedAt||i(t,e,n)}function l(t){return!!t&&"string"==typeof t.accessToken&&"string"==typeof t.refreshToken&&"number"==typeof t.expiresAt&&"number"==typeof t.expiresIn&&"Bearer"===t.tokenType}function f(t){return!!t&&"string"==typeof t.id&&"string"==typeof t.accountId&&"string"==typeof t.status&&"number"==typeof t.lastUpdatedAt&&("object"==typeof t.identity||null===t.identity)}function h(e){return e[t]}function p(t){return t[n]}function y(t,n){t[e]=n;const s=h(n);!function(t,e){t[r]=(t,n)=>{const r=p(e).listeners[t];if(r)for(const e of r)try{e(n)}catch{console.warn("Unhandled error in AuthEvent listener for event",t)}}}(s,t),g(s,"sessionChange",n)}function g(t,e,n){(0,t[r])(e,n)}function d(t){return t.replace(/_([a-z])/g,(t,e)=>e.toUpperCase())}function m(t){if(null===t||"object"!=typeof t)return t;if(Array.isArray(t))return t.map(t=>m(t));const e=t,n={};for(const t of Object.keys(e))Object.prototype.hasOwnProperty.call(e,t)&&(n[d(t)]=m(e[t]));return n}function w(t){return t.replace(/[A-Z]/g,t=>`_${t.toLowerCase()}`)}function b(t){if(null===t||"object"!=typeof t)return t;if(Array.isArray(t))return t.map(t=>b(t));const e=t,n={};for(const t of Object.keys(e))Object.prototype.hasOwnProperty.call(e,t)&&(n[w(t)]=b(e[t]));return n}class k extends Error{constructor(t){super(t.title),this.name="AuthError",this.problem=Object.freeze(t)}get type(){return this.problem.type}get title(){return this.problem.title}get status(){return this.problem.status}get code(){return this.problem.code}get detail(){return this.problem.detail}get invalidParams(){return this.problem.invalidParams}}const S={fetchFn:function(){const t=globalThis.fetch;return"function"==typeof t?t.bind(globalThis):async()=>{throw new Error("Missing fetch implementation. Provide config.fetchFn or use a runtime with global fetch.")}}(),baseUrl:"https://api.accountmaker.com",earlyRefreshMs:6e4,storage:null,tokensStorageKey:"am_tokens",profileStorageKey:"am_profile"};const P=async(t,e,n={})=>t.config.fetchFn(e,function(t,e){const n=new Headers(t.headers);return n.set("Authorization",`Bearer ${e}`),{...t,headers:n}}(n,t.tokens.accessToken)),A=async(t,e,n={})=>{U(t)&&await x(t);let r=await P(t,e,n);if(401!==r.status)return r;if(t.cleared)return r;try{return await x(t),r=await P(t,e,n),r}catch(e){throw!t.cleared&&K(e)&&g(t,"unauthenticated",e),e}},j=async t=>{if(204===t.status)return;const e=m(await async function(t){const e=t.headers.get("Content-Type")||"";if(!e.includes("application/json")&&!e.includes("+json"))return null;try{return await t.json()}catch{return null}}(t));if(!t.ok)throw new k(function(t,e){return function(t){return(t.headers.get("Content-Type")||"").includes("application/problem+json")}(t)&&e&&"object"==typeof e&&"string"==typeof e.type&&"string"==typeof e.title&&"number"==typeof e.status?e:function(t,e){return{type:"about:blank",title:t.statusText||"Request failed",status:t.status,detail:"string"==typeof e?e:void 0}}(t,e)}(t,e));return e},T=async(t,e,n={})=>{const r=await A(t,e,n);return j(r)},O=async({fetchFn:t,baseUrl:e},n,r={})=>{const s=new URLSearchParams(b(r)).toString(),o=s?`${e}${n}?${s}`:`${e}${n}`,i=await t(o,{method:"GET",headers:{Accept:"application/json"}});return j(i)},$=async({fetchFn:t,baseUrl:e},n,r)=>{const s=await t(`${e}${n}`,{method:"POST",headers:{Accept:"application/json","Content-Type":"application/json"},body:JSON.stringify(b(r))});return j(s)},U=t=>{const e=Math.min(Math.max(t.config.earlyRefreshMs,0),3e5);return Date.now()>=t.tokens.expiresAt-e},x=async t=>{if(!t.cleared){t.refreshPromise||(t.refreshPromise=async function(t){const{fetchFn:e,baseUrl:n}=t.config,r=await e(`${n}/auth/refresh`,{method:"POST",headers:{Accept:"application/json","Content-Type":"application/json"},body:JSON.stringify(b({refreshToken:t.tokens.refreshToken}))}),o=v(await j(r));t.tokens=o;const i=s(t.config.storage);c(i,t.config.tokensStorageKey,o),g(t,"refresh",o)}(t));try{await t.refreshPromise}finally{t.refreshPromise=null}}},K=t=>t instanceof k&&401===t.status,v=t=>{const e="number"==typeof t.expiresIn?t.expiresIn:0;return{...t,expiresAt:Date.now()+1e3*e}},I=t=>({...t,lastUpdatedAt:Date.now()});async function C(t){const e=I(await(async(t,e,n={})=>{const r=new URLSearchParams(b(n)).toString(),s=t.config.baseUrl,o=r?`${s}${e}?${r}`:`${s}${e}`;return await T(t,o,{method:"GET",headers:{Accept:"application/json"}})})(t,"/auth/me",{}));t.profile=e;u(s(t.config.storage),t.config.profileStorageKey,e),g(t,"profileChange",e)}const E=t=>({tokens:v(t.tokens),profile:I(t.profile)});class J{constructor(e,n){const r={...S,...n},o={...e,config:r,refreshPromise:null,profilePromise:null,cleared:!1};!function(e,n){e[t]=n}(this,o);const i=s(r.storage);c(i,r.tokensStorageKey,o.tokens),o.profile&&u(i,r.profileStorageKey,o.profile)}clear(){const t=h(this);!function(t){const e=s(t.storage);a(e,t.profileStorageKey),a(e,t.tokensStorageKey)}(t.config),t.cleared=!0}get tokens(){return h(this).tokens}get profile(){return h(this).profile}toJSON(){const t=h(this);return{tokens:t.tokens,profile:t.profile}}static fromJSON(t,e){return new J(t,e)}isExpired(){return U(h(this))}async fetch(t,e={}){return A(h(this),t,e)}async refresh(){return x(h(this))}async refetchProfile(){const t=h(this);if(!t.cleared){t.profilePromise||(t.profilePromise=C(t));try{await t.profilePromise}finally{t.profilePromise=null}}}async sendVerificationEmail(){await(async(t,e,n)=>{const r=t.config.baseUrl;return await T(t,`${r}${e}`,{method:"POST",headers:{Accept:"application/json","Content-Type":"application/json"},body:JSON.stringify(b(n))})})(h(this),"/auth/send-verification-email",{})}}class N{constructor(t){var e,r;e=this,r={config:{...S,...t},listeners:{}},e[n]=r}get session(){return this[e]||null}createSession(t){const e=new J(t,p(this).config);return y(this,e),e}restoreSession(){const t=p(this).config,e=s(t.storage);if(!e)return null;const n=o(e,t.tokensStorageKey),r=l(n)?n:null,i=o(e,t.profileStorageKey),c=f(i)?i:null;if(!r||!c)return a(e,t.tokensStorageKey),a(e,t.profileStorageKey),null;const u=new J({tokens:r,profile:c},t);return y(this,u),u}on(t,e){const n=p(this).listeners,r=n[t]??(n[t]=new Set);return r.add(e),()=>r.delete(e)}async acceptInvite(t){const e=p(this).config,n=E(await O(e,"/auth/accept-invite",t)),r=new J(n,e);return y(this,r),r}async checkEmail(t){return $(p(this).config,"/auth/check-email",t)}async csrfSession(){return O(p(this).config,"/auth/csrf-session")}async csrfToken(){return O(p(this).config,"/auth/csrf-token")}async signIn(t){const e=p(this).config,n=E(await $(e,"/auth/sign-in",t)),r=new J(n,e);return y(this,r),r}async signInWithToken(t){const e=p(this).config,n=E(await O(e,"/auth/sign-in-with-token",{token:t})),r=new J(n,e);return y(this,r),r}async signUp(t){const e=p(this).config,n=E(await $(e,"/auth/sign-up",t)),r=new J(n,e);return y(this,r),r}async resetPassword(t){return $(p(this).config,"/auth/reset-password",t)}async sendMagicLink(t){return $(p(this).config,"/auth/send-magic-link",t)}async sendPasswordReset(t){return $(p(this).config,"/auth/send-password-reset",t)}}export{N as Am,k as AuthError,J as AuthSession};
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","sources":["../src/auth.ts"],"sourcesContent":[null],"names":["camelCaseStr","str","replace","_","letter","toUpperCase","camelCaseObj","input","Array","isArray","map","item","obj","result","key","Object","keys","prototype","hasOwnProperty","call","snakeCaseStr","toLowerCase","snakeCaseObj","AuthError","Error","constructor","problem","super","title","this","name","freeze","type","status","code","detail","invalidParams","defaultConfig","fetchFn","f","globalThis","fetch","async","defaultFetchFn","baseUrl","handleResponse","res","raw","contentType","headers","get","includes","json","readJsonSafe","ok","isProblemJson","statusText","toGenericProblem","undefined","unauthGet","path","query","qs","URLSearchParams","toString","url","method","Accept","unauthPost","body","JSON","stringify","authGet","accessToken","Authorization","AuthSession","tokens","config","lastUpdated","Date","refreshToken","idToken","tokenType","expiresIn","lastUpdatedAt","expiresAt","getTime","isExpired","now","init","refresh","sendVerificationEmail","authPost","me","user","id","Am","options","createAuthSession","acceptInvite","checkEmail","csrfSession","csrfToken","login","tokenLogin","token","register","resetPassword","sendMagicLink","sendPasswordReset"],"mappings":"AAmBA,SAASA,EAAaC,GACpB,OAAOA,EAAIC,QAAQ,YAAa,CAACC,EAAGC,IAAWA,EAAOC,cACxD,CAEA,SAASC,EAAaC,GACpB,GAAc,OAAVA,GAAmC,iBAAVA,EAC3B,OAAOA,EAGT,GAAIC,MAAMC,QAAQF,GAChB,OAAOA,EAAMG,IAAKC,GAASL,EAAaK,IAG1C,MAAMC,EAAML,EACNM,EAAkC,CAAA,EAExC,IAAK,MAAMC,KAAOC,OAAOC,KAAKJ,GACxBG,OAAOE,UAAUC,eAAeC,KAAKP,EAAKE,KAC5CD,EAAOb,EAAac,IAAQR,EAAaM,EAAIE,KAIjD,OAAOD,CACT,CAEA,SAASO,EAAanB,GACpB,OAAOA,EAAIC,QAAQ,SAAWE,GAAW,IAAIA,EAAOiB,gBACtD,CAEA,SAASC,EAAaf,GACpB,GAAc,OAAVA,GAAmC,iBAAVA,EAC3B,OAAOA,EAGT,GAAIC,MAAMC,QAAQF,GAChB,OAAOA,EAAMG,IAAKC,GAASW,EAAaX,IAG1C,MAAMC,EAAML,EACNM,EAAkC,CAAA,EAExC,IAAK,MAAMC,KAAOC,OAAOC,KAAKJ,GACxBG,OAAOE,UAAUC,eAAeC,KAAKP,EAAKE,KAC5CD,EAAOO,EAAaN,IAAQQ,EAAaV,EAAIE,KAIjD,OAAOD,CACT,CAEM,MAAOU,UAAkBC,MAG7B,WAAAC,CAAYC,GACVC,MAAMD,EAAQE,OACdC,KAAKC,KAAO,YACZD,KAAKH,QAAUX,OAAOgB,OAAOL,EAC/B,CACA,QAAIM,GACF,OAAOH,KAAKH,QAAQM,IACtB,CACA,SAAIJ,GACF,OAAOC,KAAKH,QAAQE,KACtB,CACA,UAAIK,GACF,OAAOJ,KAAKH,QAAQO,MACtB,CACA,QAAIC,GACF,OAAOL,KAAKH,QAAQQ,IACtB,CACA,UAAIC,GACF,OAAON,KAAKH,QAAQS,MACtB,CACA,iBAAIC,GACF,OAAOP,KAAKH,QAAQU,aACtB,EAmBF,MAAMC,EAAgB,CACpBC,QAZF,WACE,MAAMC,EAAKC,WAAmBC,MAC9B,MAAiB,mBAANF,EAAyBA,EAE7BG,UACL,MAAM,IAAIlB,MACR,4FAGN,CAGWmB,GACTC,QAAS,gCA+BX,MAAMC,EAAiBH,MAAOI,IAC5B,GAAmB,MAAfA,EAAIb,OACN,OAGF,MAAMc,QA5BRL,eAA4BI,GAC1B,MAAME,EAAcF,EAAIG,QAAQC,IAAI,iBAAmB,GACvD,IACGF,EAAYG,SAAS,sBACrBH,EAAYG,SAAS,SAEtB,OAAO,KACT,IACE,aAAaL,EAAIM,MACnB,CAAE,MACA,OAAO,IACT,CACF,CAgBoBC,CAAaP,GACzBM,EAAO9C,EAAayC,GAE1B,IAAKD,EAAIQ,GAAI,CACX,GArCJ,SAAuBR,GAErB,OADoBA,EAAIG,QAAQC,IAAI,iBAAmB,IACpCC,SAAS,2BAC9B,CAkCQI,CAAcT,IAAQM,GAAwB,iBAATA,EACvC,MAAM,IAAI7B,EAAU6B,GAEtB,MAAM,IAAI7B,EArBd,SAA0BuB,EAAeX,GACvC,MAAO,CACLH,KAAM,cACNJ,MAAOkB,EAAIU,YAAc,iBACzBvB,OAAQa,EAAIb,OACZE,SAEJ,CAeMsB,CAAiBX,EAAoB,iBAARC,EAAmBA,OAAMW,GAE1D,CAEA,OAAON,GAMHO,EAAYjB,OACdJ,UAASM,WACXgB,EACAC,EAAgC,MAEhC,MAAMC,EAAK,IAAIC,gBACbzC,EAAauC,IACbG,WACIC,EAAMH,EAAK,GAAGlB,IAAUgB,KAAQE,IAAO,GAAGlB,IAAUgB,IACpDd,QAAYR,EAAQ2B,EAAK,CAC7BC,OAAQ,MACRjB,QAAS,CACPkB,OAAQ,sBAGZ,OAAOtB,EAAeC,IAMlBsB,EAAa1B,OACfJ,UAASM,WACXgB,EACAS,KAEA,MAAMvB,QAAYR,EAAQ,GAAGM,IAAUgB,IAAQ,CAC7CM,OAAQ,OACRjB,QAAS,CACP,eAAgB,oBAElBoB,KAAMC,KAAKC,UAAUjD,EAAa+C,MAEpC,OAAOxB,EAAeC,IAGlB0B,EAAU9B,OACZ+B,gBACAnC,UAASM,WACXgB,EACAC,EAAgC,MAEhC,MAAMC,EAAK,IAAIC,gBACbzC,EAAauC,IACbG,WACIC,EAAMH,EAAK,GAAGlB,IAAUgB,KAAQE,IAAO,GAAGlB,IAAUgB,IACpDd,QAAYR,EAAQ2B,EAAK,CAC7BC,OAAQ,MACRjB,QAAS,CACPkB,OAAQ,mBACRO,cAAe,UAAUD,OAG7B,OAAO5B,EAAeC,UA2BX6B,EAKX,WAAAlD,CAAYmD,EAAuBC,GACjChD,KAAK+C,OAASA,EACd/C,KAAKgD,OAAS,IACTxC,KACAwC,GAELhD,KAAKiD,YAAc,IAAIC,IACzB,CAEA,eAAIN,GACF,OAAO5C,KAAK+C,OAAOH,WACrB,CACA,gBAAIO,GACF,OAAOnD,KAAK+C,OAAOI,YACrB,CACA,WAAIC,GACF,OAAOpD,KAAK+C,OAAOK,OACrB,CACA,aAAIC,GACF,OAAOrD,KAAK+C,OAAOM,SACrB,CACA,aAAIC,GACF,OAAOtD,KAAK+C,OAAOO,SACrB,CACA,iBAAIC,GACF,OAAOvD,KAAKiD,WACd,CACA,aAAIO,GACF,OAAO,IAAIN,KAAKlD,KAAKiD,YAAYQ,UAA6B,IAAjBzD,KAAKsD,UACpD,CAEA,SAAAI,GACE,OAAOR,KAAKS,OAAS3D,KAAKwD,UAAUC,UAlRtB,GAmRhB,CAQA,WAAM7C,CAAMwB,EAA6BwB,EAAoB,IAC3D,MAAMnD,QAAEA,GAAYT,KAAKgD,OAOzB,OAJIhD,KAAK0D,mBACD1D,KAAK6D,gBAGApD,EAAQ2B,EAAK,IACrBwB,EACHxC,QAAS,IACHwC,EAAKxC,SAAW,GACpByB,cAAe,UAAU7C,KAAK+C,OAAOH,gBAG3C,CAEA,aAAMiB,GACJ,MAAMpD,QAAEA,EAAOM,QAAEA,GAAYf,KAAKgD,OAC5B/B,QAAYR,EAAQ,GAAGM,iBAAwB,CACnDsB,OAAQ,OACRjB,QAAS,CACP,eAAgB,oBAElBoB,KAAMC,KAAKC,UACTjD,EAAa,CAAE0D,aAAcnD,KAAK+C,OAAOI,kBAGvC5B,QAAaP,EAAeC,GAClCjB,KAAK+C,OAASxB,EACdvB,KAAKiD,YAAc,IAAIC,IACzB,CAEA,2BAAMY,QAjGSjD,QACb+B,gBACAnC,UAASM,WACXgB,EACAS,KAEA,MAAMvB,QAAYR,EAAQ,GAAGM,IAAUgB,IAAQ,CAC7CM,OAAQ,OACRjB,QAAS,CACP,eAAgB,mBAChByB,cAAe,UAAUD,KAE3BJ,KAAMC,KAAKC,UAAUjD,EAAa+C,MAGpC,OAAOxB,EAAeC,IAmFd8C,CAAS/D,KAAMA,KAAKgD,OAAQ,gCAAiC,CAAA,EACrE,CAEA,QAAMgB,GACJ,aAAarB,EAAQ3C,KAAMA,KAAKgD,OAAQ,WAAY,GACtD,CAEA,UAAMiB,CAAKC,GACT,aAAavB,EAAQ3C,KAAMA,KAAKgD,OAAQ,cAAckB,IAAM,GAC9D,QAGWC,EAGX,WAAAvE,CAAYoD,GACVhD,KAAKoE,QAAU,IAAK5D,KAAkBwC,EACxC,CAEA,wBAAOqB,CACLtB,EACAC,GAEA,OAAO,IAAImB,EAAGnB,GAAQqB,kBAAkBtB,EAC1C,CAEA,iBAAAsB,CAAkBtB,GAChB,OAAO,IAAID,EAAYC,EAAQ/C,KAAKoE,QACtC,CAEA,yBAAaE,CACXtC,EAIAgB,GAEA,OAAO,IAAImB,EAAGnB,GAAQsB,aAAatC,EACrC,CAEA,kBAAMsC,CAAatC,GAIjB,aAAaF,EAAU9B,KAAKoE,QAAS,sBAAuBpC,EAC9D,CAEA,uBAAauC,CACX/B,EACAQ,GAMA,OAAO,IAAImB,EAAGnB,GAAQuB,WAAW/B,EACnC,CAEA,gBAAM+B,CAAW/B,GASf,OAAOD,EAAWvC,KAAKoE,QAAS,oBAAqB5B,EACvD,CAEA,wBAAagC,CACXxB,GAEA,OAAO,IAAImB,EAAGnB,GAAQwB,aACxB,CAEA,iBAAMA,GACJ,OAAO1C,EAAU9B,KAAKoE,QAAS,qBACjC,CAEA,sBAAaK,CACXzB,GAEA,OAAO,IAAImB,EAAGnB,GAAQyB,WACxB,CAEA,eAAMA,GACJ,OAAO3C,EAAU9B,KAAKoE,QAAS,mBACjC,CAEA,kBAAaM,CACXlC,EAKAQ,GAEA,OAAO,IAAImB,EAAGnB,GAAQ0B,MAAMlC,EAC9B,CAEA,WAAMkC,CAAMlC,GAKV,aAAaD,EAAWvC,KAAKoE,QAAS,cAAe5B,EACvD,CAEA,uBAAamC,CACXC,EACA5B,GAEA,OAAO,IAAImB,EAAGnB,GAAQ2B,WAAWC,EACnC,CAEA,gBAAMD,CAAWC,GACf,MAAMR,EAAUpE,KAAKoE,QACrB,aAAatC,EAAUsC,EAAS,oBAAqB,CACnDQ,SAEJ,CAEA,oBAAaf,CACXV,EACAH,GAEA,OAAO,IAAImB,EAAGnB,GAAQa,QAAQV,EAChC,CAEA,aAAMU,CAAQV,GACZ,aAAaZ,EAAWvC,KAAKoE,QAAS,gBAAiB,CACrDjB,gBAEJ,CAEA,qBAAa0B,CACXrC,EAKAQ,GAEA,OAAO,IAAImB,EAAGnB,GAAQ6B,SAASrC,EACjC,CAEA,cAAMqC,CAASrC,GAKb,aAAaD,EAAWvC,KAAKoE,QAAS,iBAAkB5B,EAC1D,CAEA,0BAAasC,CACXtC,EAIAQ,GAEA,OAAO,IAAImB,EAAGnB,GAAQ8B,cAActC,EACtC,CAEA,mBAAMsC,CAActC,GAIlB,OAAOD,EAAWvC,KAAKoE,QAAS,uBAAwB5B,EAC1D,CAEA,0BAAauC,CACXvC,EAIAQ,GAEA,OAAO,IAAImB,EAAGnB,GAAQ+B,cAAcvC,EACtC,CAEA,mBAAMuC,CAAcvC,GAIlB,OAAOD,EAAWvC,KAAKoE,QAAS,wBAAyB5B,EAC3D,CAEA,8BAAawC,CACXxC,EAIAQ,GAEA,OAAO,IAAImB,EAAGnB,GAAQgC,kBAAkBxC,EAC1C,CAEA,uBAAMwC,CAAkBxC,GAItB,OAAOD,EAAWvC,KAAKoE,QAAS,4BAA6B5B,EAC/D"}
+{"version":3,"file":"index.mjs","sources":["../src/auth.ts"],"sourcesContent":[null],"names":["SESSION_STATE","Symbol","AUTH_SESSION","AUTH_STATE","EMITTER","resolveStorage","storageConfig","window","localStorage","getBrowserLocalStorage","readJson","storage","key","raw","JSON","parse","safeParse","getItem","writeJson","value","setItem","stringify","removeKey","removeItem","writeTokensIfNewer","next","curRaw","cur","isSessionTokens","expiresAt","writeProfileIfNewer","isSessionProfile","lastUpdatedAt","x","accessToken","refreshToken","expiresIn","tokenType","id","accountId","status","identity","getSessionState","session","getAuthState","am","setAuthSession","sessionState","event","set","listeners","fn","console","warn","setSessionStateEmitter","emitSessionStateEvent","emit","camelCaseStr","str","replace","_","letter","toUpperCase","camelCaseObj","input","Array","isArray","map","item","obj","result","Object","keys","prototype","hasOwnProperty","call","snakeCaseStr","toLowerCase","snakeCaseObj","AuthError","Error","constructor","problem","super","title","this","name","freeze","type","code","detail","invalidParams","defaultConfig","fetchFn","f","globalThis","fetch","bind","async","defaultFetchFn","baseUrl","earlyRefreshMs","tokensStorageKey","profileStorageKey","fetchSessionResponse","state","init","config","token","headers","Headers","withBearer","tokens","fetchSessionResponseEnsureFresh","isExpired","refresh","res","cleared","e","isUnauthenticatedAuthError","handleJsonOrThrow","json","contentType","get","includes","readJsonSafe","ok","isProblemJson","statusText","undefined","toGenericProblem","getProblemJson","getSessionJsonEnsureFresh","unauthGet","path","query","qs","URLSearchParams","toString","url","method","Accept","unauthPost","body","early","Math","min","max","Date","now","refreshPromise","toSessionTokens","doRefresh","toSessionProfile","profile","doRefetchProfile","authGet","handleAuthenticationResponse","AuthSession","initial","merged","profilePromise","setSessionState","clear","clearAuth","toJSON","fromJSON","refetchProfile","sendVerificationEmail","authPost","Am","createSession","restoreSession","tokensRaw","profileRaw","on","Set","add","delete","acceptInvite","checkEmail","csrfSession","csrfToken","signIn","signInWithToken","signUp","resetPassword","sendMagicLink","sendPasswordReset"],"mappings":"AAWA,MACMA,EAAgBC,OAAO,iBACvBC,EAAeD,OAAO,gBACtBE,EAAaF,OAAO,cACpBG,EAAUH,OAAO,WAiDvB,SAASI,EAAeC,GACtB,OAAKA,EACiB,iBAAlBA,EAZN,WACE,IACE,MAAsB,oBAAXC,OAA+B,KACrCA,OAAOC,aACLD,OAAOC,aADmB,IAEnC,CAAE,MACA,OAAO,IACT,CACF,CAI+CC,GACtCH,EAFoB,IAG7B,CAWA,SAASI,EAAYC,EAA6BC,GAChD,OAAKD,EAVP,SAAsBE,GACpB,IAAKA,EAAK,OAAO,KACjB,IACE,OAAOC,KAAKC,MAAMF,EACpB,CAAE,MACA,OAAO,IACT,CACF,CAISG,CAAaL,EAAQM,QAAQL,IADf,IAEvB,CAEA,SAASM,EACPP,EACAC,EACAO,GAEA,GAAKR,EACL,IACEA,EAAQS,QAAQR,EAAKE,KAAKO,UAAUF,GACtC,CAAE,MAAO,CACX,CAEA,SAASG,EAAUX,EAA6BC,GAC9C,GAAKD,EACL,IACEA,EAAQY,WAAWX,EACrB,CAAE,MAAO,CACX,CAQA,SAASY,EACPb,EACAC,EACAa,GAEA,IAAKd,EAAS,OAEd,MAAMe,EAAShB,EAAkBC,EAASC,GACpCe,EAAMC,EAAgBF,GAAUA,EAAS,KAEhC,OAAXA,GAAoBC,GAAKL,EAAUX,EAASC,GAC5Ce,GAAOA,EAAIE,WAAaJ,EAAKI,WAEjCX,EAAUP,EAASC,EAAKa,EAC1B,CAEA,SAASK,EACPnB,EACAC,EACAa,GAEA,IAAKd,EAAS,OAEd,MAAMe,EAAShB,EAAkBC,EAASC,GACpCe,EAAMI,EAAiBL,GAAUA,EAAS,KAEjC,OAAXA,GAAoBC,GAAKL,EAAUX,EAASC,GAC5Ce,GAAOA,EAAIK,eAAiBP,EAAKO,eAErCd,EAAUP,EAASC,EAAKa,EAC1B,CAEA,SAASG,EAAgBK,GACvB,QACIA,GACuB,iBAAlBA,EAAEC,aACiB,iBAAnBD,EAAEE,cACc,iBAAhBF,EAAEJ,WACc,iBAAhBI,EAAEG,WACO,WAAhBH,EAAEI,SAEN,CAEA,SAASN,EAAiBE,GACxB,QACIA,GACc,iBAATA,EAAEK,IACc,iBAAhBL,EAAEM,WACW,iBAAbN,EAAEO,QACkB,iBAApBP,EAAED,gBACc,iBAAfC,EAAEQ,UAAwC,OAAfR,EAAEQ,SAEzC,CAEA,SAASC,EAAgBC,GACvB,OAAQA,EAAgB3C,EAC1B,CAMA,SAAS4C,EAAaC,GACpB,OAAQA,EAAW1C,EACrB,CAUA,SAAS2C,EAAeD,EAAQF,GAC7BE,EAAW3C,GAAgByC,EAC5B,MAAMI,EAAeL,EAAgBC,IAKvC,SAAgCI,EAA4BF,GACzDE,EAAqB3C,GAAW,CAC/B4C,EACA7B,KAEA,MACM8B,EADYL,EAAaC,GACTK,UAAUF,GAChC,GAAKC,EACL,IAAK,MAAME,KAAMF,EACf,IACEE,EAAGhC,EACL,CAAE,MACAiC,QAAQC,KAAK,kDAAmDL,EAClE,EAGN,CApBEM,CAAuBP,EAAcF,GACrCU,EAAsBR,EAAc,gBAAiBJ,EACvD,CAoBA,SAASY,EACPR,EACAC,EACA7B,IAGAqC,EADcT,EAAqB3C,IAC9B4C,EAAO7B,EACd,CAEA,SAASsC,EAAaC,GACpB,OAAOA,EAAIC,QAAQ,YAAa,CAACC,EAAGC,IAAWA,EAAOC,cACxD,CAEA,SAASC,EAAaC,GACpB,GAAc,OAAVA,GAAmC,iBAAVA,EAC3B,OAAOA,EAGT,GAAIC,MAAMC,QAAQF,GAChB,OAAOA,EAAMG,IAAKC,GAASL,EAAaK,IAG1C,MAAMC,EAAML,EACNM,EAAkC,CAAA,EAExC,IAAK,MAAM1D,KAAO2D,OAAOC,KAAKH,GACxBE,OAAOE,UAAUC,eAAeC,KAAKN,EAAKzD,KAC5C0D,EAAOb,EAAa7C,IAAQmD,EAAaM,EAAIzD,KAIjD,OAAO0D,CACT,CAEA,SAASM,EAAalB,GACpB,OAAOA,EAAIC,QAAQ,SAAWE,GAAW,IAAIA,EAAOgB,gBACtD,CAEA,SAASC,EAAad,GACpB,GAAc,OAAVA,GAAmC,iBAAVA,EAC3B,OAAOA,EAGT,GAAIC,MAAMC,QAAQF,GAChB,OAAOA,EAAMG,IAAKC,GAASU,EAAaV,IAG1C,MAAMC,EAAML,EACNM,EAAkC,CAAA,EAExC,IAAK,MAAM1D,KAAO2D,OAAOC,KAAKH,GACxBE,OAAOE,UAAUC,eAAeC,KAAKN,EAAKzD,KAC5C0D,EAAOM,EAAahE,IAAQkE,EAAaT,EAAIzD,KAIjD,OAAO0D,CACT,CAwCM,MAAOS,UAAkBC,MAG7B,WAAAC,CAAYC,GACVC,MAAMD,EAAQE,OACdC,KAAKC,KAAO,YACZD,KAAKH,QAAUX,OAAOgB,OAAOL,EAC/B,CACA,QAAIM,GACF,OAAOH,KAAKH,QAAQM,IACtB,CACA,SAAIJ,GACF,OAAOC,KAAKH,QAAQE,KACtB,CACA,UAAI5C,GACF,OAAO6C,KAAKH,QAAQ1C,MACtB,CACA,QAAIiD,GACF,OAAOJ,KAAKH,QAAQO,IACtB,CACA,UAAIC,GACF,OAAOL,KAAKH,QAAQQ,MACtB,CACA,iBAAIC,GACF,OAAON,KAAKH,QAAQS,aACtB,EAgBF,MAAMC,EAAwB,CAC5BC,QAdF,WACE,MAAMC,EAAKC,WAAmBC,MAC9B,MAAiB,mBAANF,EACFA,EAAEG,KAAKF,YAGTG,UACL,MAAM,IAAIlB,MACR,4FAGN,CAGWmB,GACTC,QAAS,+BACTC,eAjVgB,IAkVhB1F,QAAS,KACT2F,iBAAkB,YAClBC,kBAAmB,cAqDrB,MAAMC,EAAuBN,MAC3BO,EACAzC,EACA0C,EAAoB,CAAA,IAEbD,EAAME,OAAOd,QAClB7B,EAbJ,SAAoB0C,EAAmBE,GACrC,MAAMC,EAAU,IAAIC,QAAQJ,EAAKG,SAEjC,OADAA,EAAQ5D,IAAI,gBAAiB,UAAU2D,KAChC,IAAKF,EAAMG,UACpB,CAUIE,CAAWL,EAAMD,EAAMO,OAAO9E,cAK5B+E,EAAkCf,MACtCO,EACAzC,EACA0C,EAAoB,CAAA,KAEhBQ,EAAUT,UACNU,EAAQV,GAGhB,IAAIW,QAAYZ,EAAqBC,EAAOzC,EAAO0C,GAEnD,GAAmB,MAAfU,EAAI5E,OAAgB,OAAO4E,EAC/B,GAAIX,EAAMY,QAAS,OAAOD,EAE1B,IAGE,aAFMD,EAAQV,GACdW,QAAYZ,EAAqBC,EAAOzC,EAAO0C,GACxCU,CACT,CAAE,MAAOE,GAIP,MAHKb,EAAMY,SAAWE,EAA2BD,IAC/C/D,EAAsBkD,EAAO,kBAAmBa,GAE5CA,CACR,GAIIE,EAAoBtB,MAAOkB,IAC/B,GAAmB,MAAfA,EAAI5E,OAAgB,OAExB,MAAMiF,EAAO1D,QAvFfmC,eAA4BkB,GAC1B,MAAMM,EAAcN,EAAIP,QAAQc,IAAI,iBAAmB,GACvD,IACGD,EAAYE,SAAS,sBACrBF,EAAYE,SAAS,SAEtB,OAAO,KACT,IACE,aAAaR,EAAIK,MACnB,CAAE,MACA,OAAO,IACT,CACF,CA2EkCI,CAAaT,IAE7C,IAAKA,EAAIU,GACP,MAAM,IAAI/C,EAnEd,SAAwBqC,EAAeK,GACrC,OA7BF,SAAuBL,GAErB,OADoBA,EAAIP,QAAQc,IAAI,iBAAmB,IACpCC,SAAS,2BAC9B,CA2BIG,CAAcX,IACdK,GACgB,iBAATA,GACc,iBAAdA,EAAKjC,MACU,iBAAfiC,EAAKrC,OACW,iBAAhBqC,EAAKjF,OAELiF,EAlBX,SAA0BL,EAAe1B,GACvC,MAAO,CACLF,KAAM,cACNJ,MAAOgC,EAAIY,YAAc,iBACzBxF,OAAQ4E,EAAI5E,OACZkD,OAA0B,iBAAXA,EAAsBA,OAASuC,EAElD,CAaSC,CAAiBd,EAAKK,EAC/B,CAuDwBU,CAAef,EAAKK,IAG1C,OAAOA,GAGHW,EAA4BlC,MAChCO,EACAzC,EACA0C,EAAoB,CAAA,KAEpB,MAAMU,QAAYH,EAAgCR,EAAOzC,EAAO0C,GAChE,OAAOc,EAAkBJ,IAIrBiB,EAAYnC,OACdL,UAASO,WACXkC,EACAC,EAAgC,MAEhC,MAAMC,EAAK,IAAIC,gBACb3D,EAAayD,IACbG,WACIC,EAAMH,EAAK,GAAGpC,IAAUkC,KAAQE,IAAO,GAAGpC,IAAUkC,IACpDlB,QAAYvB,EAAQ8C,EAAK,CAC7BC,OAAQ,MACR/B,QAAS,CACPgC,OAAQ,sBAGZ,OAAOrB,EAAkBJ,IAIrB0B,EAAa5C,OACfL,UAASO,WACXkC,EACAS,KAEA,MAAM3B,QAAYvB,EAAQ,GAAGO,IAAUkC,IAAQ,CAC7CM,OAAQ,OACR/B,QAAS,CACPgC,OAAQ,mBACR,eAAgB,oBAElBE,KAAMjI,KAAKO,UAAUyD,EAAaiE,MAEpC,OAAOvB,EAAkBJ,IAGrBF,EAAaT,IACjB,MAAMuC,EAAQC,KAAKC,IACjBD,KAAKE,IAAI1C,EAAME,OAAON,eAAgB,GACtC,KAEF,OAAO+C,KAAKC,OAAS5C,EAAMO,OAAOnF,UAAYmH,GAG1C7B,EAAUjB,MAAOO,IACrB,IAAIA,EAAMY,QAAV,CAEKZ,EAAM6C,iBACT7C,EAAM6C,eAiEVpD,eAAyBO,GACvB,MAAMZ,QAAEA,EAAOO,QAAEA,GAAYK,EAAME,OAE7BS,QAAYvB,EAAQ,GAAGO,iBAAwB,CACnDwC,OAAQ,OACR/B,QAAS,CACPgC,OAAQ,mBACR,eAAgB,oBAElBE,KAAMjI,KAAKO,UACTyD,EAAa,CAAE3C,aAAcsE,EAAMO,OAAO7E,kBAIxC6E,EAASuC,QAAsB/B,EAAkBJ,IACvDX,EAAMO,OAASA,EAEf,MAAMrG,EAAUN,EAAeoG,EAAME,OAAOhG,SAC5Ca,EAAmBb,EAAS8F,EAAME,OAAOL,iBAAkBU,GAE3DzD,EAAsBkD,EAAO,UAAWO,EAC1C,CAtF2BwC,CAAU/C,IAGnC,UACQA,EAAM6C,cACd,SACE7C,EAAM6C,eAAiB,IACzB,CAVmB,GAaf/B,EAA8BD,GAC3BA,aAAavC,GAA0B,MAAbuC,EAAE9E,OAuC/B+G,EAAmBvC,IACvB,MAAM5E,EAAwC,iBAArB4E,EAAO5E,UAAyB4E,EAAO5E,UAAY,EAC5E,MAAO,IACF4E,EACHnF,UAAWuH,KAAKC,MAAoB,IAAZjH,IAItBqH,EAAoBC,IACjB,IACFA,EACH1H,cAAeoH,KAAKC,QA2BxBnD,eAAeyD,EAAiBlD,GAC9B,MAAMiD,EAAUD,OA1EFvD,OACdO,EACA6B,EACAC,EAAgC,CAAA,KAEhC,MAAMC,EAAK,IAAIC,gBACb3D,EAAayD,IACbG,WACItC,EAAUK,EAAME,OAAOP,QACvBuC,EAAMH,EAAK,GAAGpC,IAAUkC,KAAQE,IAAO,GAAGpC,IAAUkC,IAC1D,aAAaF,EAA0B3B,EAAOkC,EAAK,CACjDC,OAAQ,MACR/B,QAAS,CACPgC,OAAQ,uBA6D2Be,CAAQnD,EAAO,WAAY,CAAA,IAClEA,EAAMiD,QAAUA,EAGhB5H,EADgBzB,EAAeoG,EAAME,OAAOhG,SACf8F,EAAME,OAAOJ,kBAAmBmD,GAE7DnG,EAAsBkD,EAAO,gBAAiBiD,EAChD,CAEA,MAAMG,EAAgCpC,IAC7B,CACLT,OAAQuC,EAAgB9B,EAAKT,QAC7B0C,QAASD,EAAiBhC,EAAKiC,iBAStBI,EACX,WAAA7E,CAAY8E,EAAyBpD,GACnC,MAAMqD,EAAS,IAAKpE,KAAkBe,GAEhCF,EAAsB,IACvBsD,EACHpD,OAAQqD,EACRV,eAAgB,KAChBW,eAAgB,KAChB5C,SAAS,IAjdf,SAAyB1E,EAAsB8D,GAC5C9D,EAAgB3C,GAAiByG,CACpC,CAkdIyD,CAAgB7E,KAAMoB,GAEtB,MAAM9F,EAAUN,EAAe2J,EAAOrJ,SACtCa,EAAmBb,EAASqJ,EAAO1D,iBAAkBG,EAAMO,QAEvDP,EAAMiD,SAER5H,EAAoBnB,EAASqJ,EAAOzD,kBAAmBE,EAAMiD,QAEjE,CAOA,KAAAS,GACE,MAAM1D,EAAQ/D,EAAgB2C,OAriBlC,SAAmBsB,GACjB,MAAMhG,EAAUN,EAAesG,EAAOhG,SACtCW,EAAUX,EAASgG,EAAOJ,mBAC1BjF,EAAUX,EAASgG,EAAOL,iBAC5B,CAkiBI8D,CAAU3D,EAAME,QAChBF,EAAMY,SAAU,CAClB,CAEA,UAAIL,GACF,OAAOtE,EAAgB2C,MAAM2B,MAC/B,CAEA,WAAI0C,GACF,OAAOhH,EAAgB2C,MAAMqE,OAC/B,CAEA,MAAAW,GACE,MAAM5D,EAAQ/D,EAAgB2C,MAC9B,MAAO,CAAE2B,OAAQP,EAAMO,OAAQ0C,QAASjD,EAAMiD,QAChD,CAMA,eAAOY,CACLP,EACApD,GAEA,OAAO,IAAImD,EAAYC,EAASpD,EAClC,CAMA,SAAAO,GACE,OAAOA,EAAUxE,EAAgB2C,MACnC,CAiBA,WAAMW,CAAM2C,EAAmBjC,EAAoB,IACjD,OAAOO,EAAgCvE,EAAgB2C,MAAOsD,EAAKjC,EACrE,CAOA,aAAMS,GACJ,OAAOA,EAAQzE,EAAgB2C,MACjC,CAgBA,oBAAMkF,GACJ,MAAM9D,EAAQ/D,EAAgB2C,MAC9B,IAAIoB,EAAMY,QAAV,CAKKZ,EAAMwD,iBACTxD,EAAMwD,eAAiBN,EAAiBlD,IAG1C,UACQA,EAAMwD,cACd,SACExD,EAAMwD,eAAiB,IACzB,CAVA,CAWF,CAQA,2BAAMO,QAhNStE,OACfO,EACA6B,EACAS,KAEA,MAAM3C,EAAUK,EAAME,OAAOP,QAC7B,aAAagC,EAA0B3B,EAAO,GAAGL,IAAUkC,IAAQ,CACjEM,OAAQ,OACR/B,QAAS,CACPgC,OAAQ,mBACR,eAAgB,oBAElBE,KAAMjI,KAAKO,UAAUyD,EAAaiE,OAqM5B0B,CAAS/H,EAAgB2C,MAAO,gCAAiC,CAAA,EACzE,QAeWqF,EACX,WAAAzF,CAAY0B,GAtlBd,IAAsB9D,EAAQ4D,EAAR5D,EAulBLwC,KAvlBaoB,EAulBP,CACjBE,OAAQ,IAAKf,KAAkBe,GAC/BzD,UAAW,CAAA,GAxlBdL,EAAW1C,GAAcsG,CA0lB1B,CAaA,WAAI9D,GACF,OAAsB0C,KApmBLnF,IAAiB,IAqmBpC,CAOA,aAAAyK,CAAcZ,GACZ,MAAMpH,EAAU,IAAImH,EAAYC,EAASnH,EAAayC,MAAMsB,QAE5D,OADA7D,EAAeuC,KAAM1C,GACdA,CACT,CAcA,cAAAiI,GACE,MAAMjE,EAAS/D,EAAayC,MAAMsB,OAC5BhG,EAAUN,EAAesG,EAAOhG,SACtC,IAAKA,EAAS,OAAO,KAErB,MAAMkK,EAAYnK,EAAkBC,EAASgG,EAAOL,kBAC9CU,EAASpF,EAAgBiJ,GAAaA,EAAY,KAElDC,EAAapK,EAAkBC,EAASgG,EAAOJ,mBAC/CmD,EAAU3H,EAAiB+I,GAAcA,EAAa,KAE5D,IAAK9D,IAAW0C,EAGd,OAFApI,EAAUX,EAASgG,EAAOL,kBAC1BhF,EAAUX,EAASgG,EAAOJ,mBACnB,KAGT,MAAM5D,EAAU,IAAImH,EAAY,CAAE9C,SAAQ0C,WAAW/C,GAErD,OADA7D,EAAeuC,KAAM1C,GACdA,CACT,CAKA,EAAAoI,CAAiC/H,EAAUG,GACzC,MAAMD,EAAYN,EAAayC,MAAMnC,UAC/BD,EAAQC,EAAUF,KAAVE,EAAUF,GAAuB,IAAIgI,KAInD,OADA/H,EAAIgI,IAAI9H,GACD,IAAMF,EAAIiI,OAAO/H,EAC1B,CAOA,kBAAMgI,CAAa5C,GAIjB,MAAM5B,EAAS/D,EAAayC,MAAMsB,OAC5BoD,EAAUF,QACRxB,EAAU1B,EAAQ,sBAAuB4B,IAE3C5F,EAAU,IAAImH,EAAYC,EAASpD,GAEzC,OADA7D,EAAeuC,KAAM1C,GACdA,CACT,CAOA,gBAAMyI,CAAWrC,GASf,OAAOD,EAAWlG,EAAayC,MAAMsB,OAAQ,oBAAqBoC,EACpE,CAOA,iBAAMsC,GACJ,OAAOhD,EAAUzF,EAAayC,MAAMsB,OAAQ,qBAC9C,CAOA,eAAM2E,GACJ,OAAOjD,EAAUzF,EAAayC,MAAMsB,OAAQ,mBAC9C,CAOA,YAAM4E,CAAOxC,GAMX,MAAMpC,EAAS/D,EAAayC,MAAMsB,OAC5BoD,EAAUF,QACRf,EAAWnC,EAAQ,gBAAiBoC,IAGtCpG,EAAU,IAAImH,EAAYC,EAASpD,GAEzC,OADA7D,EAAeuC,KAAM1C,GACdA,CACT,CAOA,qBAAM6I,CAAgB5E,GACpB,MAAMD,EAAS/D,EAAayC,MAAMsB,OAC5BoD,EAAUF,QACRxB,EAAU1B,EAAQ,2BAA4B,CAClDC,WAIEjE,EAAU,IAAImH,EAAYC,EAASpD,GAEzC,OADA7D,EAAeuC,KAAM1C,GACdA,CACT,CAOA,YAAM8I,CAAO1C,GAMX,MAAMpC,EAAS/D,EAAayC,MAAMsB,OAC5BoD,EAAUF,QACRf,EAAWnC,EAAQ,gBAAiBoC,IAGtCpG,EAAU,IAAImH,EAAYC,EAASpD,GAEzC,OADA7D,EAAeuC,KAAM1C,GACdA,CACT,CAKA,mBAAM+I,CAAc3C,GAIlB,OAAOD,EAAWlG,EAAayC,MAAMsB,OAAQ,uBAAwBoC,EACvE,CAKA,mBAAM4C,CAAc5C,GAKlB,OAAOD,EAAWlG,EAAayC,MAAMsB,OAAQ,wBAAyBoC,EACxE,CAKA,uBAAM6C,CAAkB7C,GAKtB,OAAOD,EACLlG,EAAayC,MAAMsB,OACnB,4BACAoC,EAEJ"}