@stackframe/tanstack-start 0.0.1 → 2.8.92
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +7 -0
- package/README.md +26 -0
- package/dist/chunk-BE-pF4vm.js +34 -0
- package/dist/components/api-key-dialogs.d.ts +28 -0
- package/dist/components/api-key-dialogs.d.ts.map +1 -0
- package/dist/components/api-key-dialogs.js +163 -0
- package/dist/components/api-key-dialogs.js.map +1 -0
- package/dist/components/api-key-table.d.ts +10 -0
- package/dist/components/api-key-table.d.ts.map +1 -0
- package/dist/components/api-key-table.js +144 -0
- package/dist/components/api-key-table.js.map +1 -0
- package/dist/components/credential-sign-in.d.ts +7 -0
- package/dist/components/credential-sign-in.d.ts.map +1 -0
- package/dist/components/credential-sign-in.js +87 -0
- package/dist/components/credential-sign-in.js.map +1 -0
- package/dist/components/credential-sign-up.d.ts +9 -0
- package/dist/components/credential-sign-up.d.ts.map +1 -0
- package/dist/components/credential-sign-up.js +121 -0
- package/dist/components/credential-sign-up.js.map +1 -0
- package/dist/components/elements/form-warning.d.ts +11 -0
- package/dist/components/elements/form-warning.d.ts.map +1 -0
- package/dist/components/elements/form-warning.js +18 -0
- package/dist/components/elements/form-warning.js.map +1 -0
- package/dist/components/elements/maybe-full-page.d.ts +16 -0
- package/dist/components/elements/maybe-full-page.d.ts.map +1 -0
- package/dist/components/elements/maybe-full-page.js +41 -0
- package/dist/components/elements/maybe-full-page.js.map +1 -0
- package/dist/components/elements/separator-with-text.d.ts +11 -0
- package/dist/components/elements/separator-with-text.d.ts.map +1 -0
- package/dist/components/elements/separator-with-text.js +31 -0
- package/dist/components/elements/separator-with-text.js.map +1 -0
- package/dist/components/elements/sidebar-layout.d.ts +21 -0
- package/dist/components/elements/sidebar-layout.d.ts.map +1 -0
- package/dist/components/elements/sidebar-layout.js +135 -0
- package/dist/components/elements/sidebar-layout.js.map +1 -0
- package/dist/components/elements/ssr-layout-effect.d.ts +10 -0
- package/dist/components/elements/ssr-layout-effect.d.ts.map +1 -0
- package/dist/components/elements/ssr-layout-effect.js +22 -0
- package/dist/components/elements/ssr-layout-effect.js.map +1 -0
- package/dist/components/elements/user-avatar.d.ts +15 -0
- package/dist/components/elements/user-avatar.d.ts.map +1 -0
- package/dist/components/elements/user-avatar.js +30 -0
- package/dist/components/elements/user-avatar.js.map +1 -0
- package/dist/components/link.d.ts +16 -0
- package/dist/components/link.d.ts.map +1 -0
- package/dist/components/link.js +29 -0
- package/dist/components/link.js.map +1 -0
- package/dist/components/magic-link-sign-in.d.ts +7 -0
- package/dist/components/magic-link-sign-in.d.ts.map +1 -0
- package/dist/components/magic-link-sign-in.js +138 -0
- package/dist/components/magic-link-sign-in.js.map +1 -0
- package/dist/components/message-cards/known-error-message-card.d.ts +14 -0
- package/dist/components/message-cards/known-error-message-card.d.ts.map +1 -0
- package/dist/components/message-cards/known-error-message-card.js +24 -0
- package/dist/components/message-cards/known-error-message-card.js.map +1 -0
- package/dist/components/message-cards/message-card.d.ts +19 -0
- package/dist/components/message-cards/message-card.d.ts.map +1 -0
- package/dist/components/message-cards/message-card.js +46 -0
- package/dist/components/message-cards/message-card.js.map +1 -0
- package/dist/components/message-cards/predefined-message-card.d.ts +13 -0
- package/dist/components/message-cards/predefined-message-card.d.ts.map +1 -0
- package/dist/components/message-cards/predefined-message-card.js +73 -0
- package/dist/components/message-cards/predefined-message-card.js.map +1 -0
- package/dist/components/oauth-button-group.d.ts +19 -0
- package/dist/components/oauth-button-group.d.ts.map +1 -0
- package/dist/components/oauth-button-group.js +24 -0
- package/dist/components/oauth-button-group.js.map +1 -0
- package/dist/components/oauth-button.d.ts +17 -0
- package/dist/components/oauth-button.d.ts.map +1 -0
- package/dist/components/oauth-button.js +173 -0
- package/dist/components/oauth-button.js.map +1 -0
- package/dist/components/passkey-button.d.ts +11 -0
- package/dist/components/passkey-button.d.ts.map +1 -0
- package/dist/components/passkey-button.js +33 -0
- package/dist/components/passkey-button.js.map +1 -0
- package/dist/components/profile-image-editor.d.ts +15 -0
- package/dist/components/profile-image-editor.d.ts.map +1 -0
- package/dist/components/profile-image-editor.js +171 -0
- package/dist/components/profile-image-editor.js.map +1 -0
- package/dist/components/selected-team-switcher.d.ts +31 -0
- package/dist/components/selected-team-switcher.d.ts.map +1 -0
- package/dist/components/selected-team-switcher.js +59 -0
- package/dist/components/selected-team-switcher.js.map +1 -0
- package/dist/components/team-icon.d.ts +10 -0
- package/dist/components/team-icon.d.ts.map +1 -0
- package/dist/components/team-icon.js +31 -0
- package/dist/components/team-icon.js.map +1 -0
- package/dist/components/team-switcher.d.ts +31 -0
- package/dist/components/team-switcher.d.ts.map +1 -0
- package/dist/components/team-switcher.js +123 -0
- package/dist/components/team-switcher.js.map +1 -0
- package/dist/components/use-in-iframe.d.ts +5 -0
- package/dist/components/use-in-iframe.d.ts.map +1 -0
- package/dist/components/use-in-iframe.js +18 -0
- package/dist/components/use-in-iframe.js.map +1 -0
- package/dist/components/user-button.d.ts +22 -0
- package/dist/components/user-button.d.ts.map +1 -0
- package/dist/components/user-button.js +134 -0
- package/dist/components/user-button.js.map +1 -0
- package/dist/components-page/account-settings/active-sessions/active-sessions-page.d.ts +20 -0
- package/dist/components-page/account-settings/active-sessions/active-sessions-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/active-sessions/active-sessions-page.js +208 -0
- package/dist/components-page/account-settings/active-sessions/active-sessions-page.js.map +1 -0
- package/dist/components-page/account-settings/api-keys/api-keys-page.d.ts +16 -0
- package/dist/components-page/account-settings/api-keys/api-keys-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/api-keys/api-keys-page.js +115 -0
- package/dist/components-page/account-settings/api-keys/api-keys-page.js.map +1 -0
- package/dist/components-page/account-settings/editable-text.d.ts +10 -0
- package/dist/components-page/account-settings/editable-text.d.ts.map +1 -0
- package/dist/components-page/account-settings/editable-text.js +49 -0
- package/dist/components-page/account-settings/editable-text.js.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/email-and-auth-page.d.ts +9 -0
- package/dist/components-page/account-settings/email-and-auth/email-and-auth-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/email-and-auth-page.js +24 -0
- package/dist/components-page/account-settings/email-and-auth/email-and-auth-page.js.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/emails-section.d.ts +9 -0
- package/dist/components-page/account-settings/email-and-auth/emails-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/emails-section.js +181 -0
- package/dist/components-page/account-settings/email-and-auth/emails-section.js.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/mfa-section.d.ts +9 -0
- package/dist/components-page/account-settings/email-and-auth/mfa-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/mfa-section.js +121 -0
- package/dist/components-page/account-settings/email-and-auth/mfa-section.js.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/otp-section.d.ts +9 -0
- package/dist/components-page/account-settings/email-and-auth/otp-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/otp-section.js +80 -0
- package/dist/components-page/account-settings/email-and-auth/otp-section.js.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/passkey-section.d.ts +9 -0
- package/dist/components-page/account-settings/email-and-auth/passkey-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/passkey-section.js +89 -0
- package/dist/components-page/account-settings/email-and-auth/passkey-section.js.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/password-section.d.ts +9 -0
- package/dist/components-page/account-settings/email-and-auth/password-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/email-and-auth/password-section.js +161 -0
- package/dist/components-page/account-settings/email-and-auth/password-section.js.map +1 -0
- package/dist/components-page/account-settings/notifications/notifications-page.d.ts +7 -0
- package/dist/components-page/account-settings/notifications/notifications-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/notifications/notifications-page.js +42 -0
- package/dist/components-page/account-settings/notifications/notifications-page.js.map +1 -0
- package/dist/components-page/account-settings/page-layout.d.ts +9 -0
- package/dist/components-page/account-settings/page-layout.d.ts.map +1 -0
- package/dist/components-page/account-settings/page-layout.js +15 -0
- package/dist/components-page/account-settings/page-layout.js.map +1 -0
- package/dist/components-page/account-settings/payments/payments-page.d.ts +12 -0
- package/dist/components-page/account-settings/payments/payments-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/payments/payments-page.js +55 -0
- package/dist/components-page/account-settings/payments/payments-page.js.map +1 -0
- package/dist/components-page/account-settings/payments/payments-panel.d.ts +61 -0
- package/dist/components-page/account-settings/payments/payments-panel.d.ts.map +1 -0
- package/dist/components-page/account-settings/payments/payments-panel.js +466 -0
- package/dist/components-page/account-settings/payments/payments-panel.js.map +1 -0
- package/dist/components-page/account-settings/profile-page/profile-page.d.ts +12 -0
- package/dist/components-page/account-settings/profile-page/profile-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/profile-page/profile-page.js +46 -0
- package/dist/components-page/account-settings/profile-page/profile-page.js.map +1 -0
- package/dist/components-page/account-settings/section.d.ts +11 -0
- package/dist/components-page/account-settings/section.d.ts.map +1 -0
- package/dist/components-page/account-settings/section.js +29 -0
- package/dist/components-page/account-settings/section.js.map +1 -0
- package/dist/components-page/account-settings/settings/delete-account-section.d.ts +9 -0
- package/dist/components-page/account-settings/settings/delete-account-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/settings/delete-account-section.js +70 -0
- package/dist/components-page/account-settings/settings/delete-account-section.js.map +1 -0
- package/dist/components-page/account-settings/settings/settings-page.d.ts +9 -0
- package/dist/components-page/account-settings/settings/settings-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/settings/settings-page.js +15 -0
- package/dist/components-page/account-settings/settings/settings-page.js.map +1 -0
- package/dist/components-page/account-settings/settings/sign-out-section.d.ts +9 -0
- package/dist/components-page/account-settings/settings/sign-out-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/settings/sign-out-section.js +33 -0
- package/dist/components-page/account-settings/settings/sign-out-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/leave-team-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/leave-team-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/leave-team-section.js +48 -0
- package/dist/components-page/account-settings/teams/leave-team-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-api-keys-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-api-keys-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-api-keys-section.js +57 -0
- package/dist/components-page/account-settings/teams/team-api-keys-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-creation-page.d.ts +9 -0
- package/dist/components-page/account-settings/teams/team-creation-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-creation-page.js +67 -0
- package/dist/components-page/account-settings/teams/team-creation-page.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-display-name-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-display-name-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-display-name-section.js +25 -0
- package/dist/components-page/account-settings/teams/team-display-name-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-member-invitation-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-member-invitation-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-member-invitation-section.js +114 -0
- package/dist/components-page/account-settings/teams/team-member-invitation-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-member-list-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-member-list-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-member-list-section.js +40 -0
- package/dist/components-page/account-settings/teams/team-member-list-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-page.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-page.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-page.js +28 -0
- package/dist/components-page/account-settings/teams/team-page.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-profile-image-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-profile-image-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-profile-image-section.js +27 -0
- package/dist/components-page/account-settings/teams/team-profile-image-section.js.map +1 -0
- package/dist/components-page/account-settings/teams/team-profile-user-section.d.ts +10 -0
- package/dist/components-page/account-settings/teams/team-profile-user-section.d.ts.map +1 -0
- package/dist/components-page/account-settings/teams/team-profile-user-section.js +27 -0
- package/dist/components-page/account-settings/teams/team-profile-user-section.js.map +1 -0
- package/dist/components-page/account-settings.d.ts +58 -0
- package/dist/components-page/account-settings.d.ts.map +1 -0
- package/dist/components-page/account-settings.js +267 -0
- package/dist/components-page/account-settings.js.map +1 -0
- package/dist/components-page/auth-page.d.ts +26 -0
- package/dist/components-page/auth-page.d.ts.map +1 -0
- package/dist/components-page/auth-page.js +163 -0
- package/dist/components-page/auth-page.js.map +1 -0
- package/dist/components-page/cli-auth-confirm.d.ts +21 -0
- package/dist/components-page/cli-auth-confirm.d.ts.map +1 -0
- package/dist/components-page/cli-auth-confirm.js +216 -0
- package/dist/components-page/cli-auth-confirm.js.map +1 -0
- package/dist/components-page/cli-auth-confirm.test.d.ts +1 -0
- package/dist/components-page/cli-auth-confirm.test.js +176 -0
- package/dist/components-page/cli-auth-confirm.test.js.map +1 -0
- package/dist/components-page/email-verification.d.ts +10 -0
- package/dist/components-page/email-verification.d.ts.map +1 -0
- package/dist/components-page/email-verification.js +60 -0
- package/dist/components-page/email-verification.js.map +1 -0
- package/dist/components-page/error-page.d.ts +10 -0
- package/dist/components-page/error-page.d.ts.map +1 -0
- package/dist/components-page/error-page.js +77 -0
- package/dist/components-page/error-page.js.map +1 -0
- package/dist/components-page/forgot-password.d.ts +14 -0
- package/dist/components-page/forgot-password.d.ts.map +1 -0
- package/dist/components-page/forgot-password.js +103 -0
- package/dist/components-page/forgot-password.js.map +1 -0
- package/dist/components-page/magic-link-callback.d.ts +10 -0
- package/dist/components-page/magic-link-callback.d.ts.map +1 -0
- package/dist/components-page/magic-link-callback.js +75 -0
- package/dist/components-page/magic-link-callback.js.map +1 -0
- package/dist/components-page/mfa.d.ts +11 -0
- package/dist/components-page/mfa.d.ts.map +1 -0
- package/dist/components-page/mfa.js +166 -0
- package/dist/components-page/mfa.js.map +1 -0
- package/dist/components-page/oauth-callback.d.ts +11 -0
- package/dist/components-page/oauth-callback.d.ts.map +1 -0
- package/dist/components-page/oauth-callback.js +72 -0
- package/dist/components-page/oauth-callback.js.map +1 -0
- package/dist/components-page/onboarding.d.ts +9 -0
- package/dist/components-page/onboarding.d.ts.map +1 -0
- package/dist/components-page/onboarding.js +140 -0
- package/dist/components-page/onboarding.js.map +1 -0
- package/dist/components-page/password-reset.d.ts +17 -0
- package/dist/components-page/password-reset.d.ts.map +1 -0
- package/dist/components-page/password-reset.js +161 -0
- package/dist/components-page/password-reset.js.map +1 -0
- package/dist/components-page/section.d.ts +1 -0
- package/dist/components-page/section.js +2 -0
- package/dist/components-page/sign-in.d.ts +23 -0
- package/dist/components-page/sign-in.d.ts.map +1 -0
- package/dist/components-page/sign-in.js +20 -0
- package/dist/components-page/sign-in.js.map +1 -0
- package/dist/components-page/sign-out.d.ts +9 -0
- package/dist/components-page/sign-out.d.ts.map +1 -0
- package/dist/components-page/sign-out.js +26 -0
- package/dist/components-page/sign-out.js.map +1 -0
- package/dist/components-page/sign-up.d.ts +13 -0
- package/dist/components-page/sign-up.d.ts.map +1 -0
- package/dist/components-page/sign-up.js +22 -0
- package/dist/components-page/sign-up.js.map +1 -0
- package/dist/components-page/stack-handler-client.d.ts +50 -0
- package/dist/components-page/stack-handler-client.d.ts.map +1 -0
- package/dist/components-page/stack-handler-client.js +235 -0
- package/dist/components-page/stack-handler-client.js.map +1 -0
- package/dist/components-page/stack-handler.d.ts +32 -0
- package/dist/components-page/stack-handler.d.ts.map +1 -0
- package/dist/components-page/stack-handler.js +12 -0
- package/dist/components-page/stack-handler.js.map +1 -0
- package/dist/components-page/team-creation.d.ts +9 -0
- package/dist/components-page/team-creation.d.ts.map +1 -0
- package/dist/components-page/team-creation.js +80 -0
- package/dist/components-page/team-creation.js.map +1 -0
- package/dist/components-page/team-invitation.d.ts +13 -0
- package/dist/components-page/team-invitation.d.ts.map +1 -0
- package/dist/components-page/team-invitation.js +109 -0
- package/dist/components-page/team-invitation.js.map +1 -0
- package/dist/dev-tool/dev-tool-core.d.ts +7 -0
- package/dist/dev-tool/dev-tool-core.d.ts.map +1 -0
- package/dist/dev-tool/dev-tool-core.js +2107 -0
- package/dist/dev-tool/dev-tool-core.js.map +1 -0
- package/dist/dev-tool/dev-tool-styles.d.ts +5 -0
- package/dist/dev-tool/dev-tool-styles.d.ts.map +1 -0
- package/dist/dev-tool/dev-tool-styles.js +2757 -0
- package/dist/dev-tool/dev-tool-styles.js.map +1 -0
- package/dist/dev-tool/dev-tool-trigger-position.d.ts +36 -0
- package/dist/dev-tool/dev-tool-trigger-position.d.ts.map +1 -0
- package/dist/dev-tool/dev-tool-trigger-position.js +70 -0
- package/dist/dev-tool/dev-tool-trigger-position.js.map +1 -0
- package/dist/dev-tool/dev-tool-trigger-position.test.d.ts +1 -0
- package/dist/dev-tool/dev-tool-trigger-position.test.js +155 -0
- package/dist/dev-tool/dev-tool-trigger-position.test.js.map +1 -0
- package/dist/dev-tool/index.d.ts +19 -0
- package/dist/dev-tool/index.d.ts.map +1 -0
- package/dist/dev-tool/index.js +119 -0
- package/dist/dev-tool/index.js.map +1 -0
- package/dist/esm/components/api-key-dialogs.d.ts +28 -0
- package/dist/esm/components/api-key-dialogs.d.ts.map +1 -0
- package/dist/esm/components/api-key-dialogs.js +158 -0
- package/dist/esm/components/api-key-dialogs.js.map +1 -0
- package/dist/esm/components/api-key-table.d.ts +10 -0
- package/dist/esm/components/api-key-table.d.ts.map +1 -0
- package/dist/esm/components/api-key-table.js +142 -0
- package/dist/esm/components/api-key-table.js.map +1 -0
- package/dist/esm/components/credential-sign-in.d.ts +7 -0
- package/dist/esm/components/credential-sign-in.d.ts.map +1 -0
- package/dist/esm/components/credential-sign-in.js +85 -0
- package/dist/esm/components/credential-sign-in.js.map +1 -0
- package/dist/esm/components/credential-sign-up.d.ts +9 -0
- package/dist/esm/components/credential-sign-up.d.ts.map +1 -0
- package/dist/esm/components/credential-sign-up.js +117 -0
- package/dist/esm/components/credential-sign-up.js.map +1 -0
- package/dist/esm/components/elements/form-warning.d.ts +11 -0
- package/dist/esm/components/elements/form-warning.d.ts.map +1 -0
- package/dist/esm/components/elements/form-warning.js +16 -0
- package/dist/esm/components/elements/form-warning.js.map +1 -0
- package/dist/esm/components/elements/maybe-full-page.d.ts +16 -0
- package/dist/esm/components/elements/maybe-full-page.d.ts.map +1 -0
- package/dist/esm/components/elements/maybe-full-page.js +38 -0
- package/dist/esm/components/elements/maybe-full-page.js.map +1 -0
- package/dist/esm/components/elements/separator-with-text.d.ts +11 -0
- package/dist/esm/components/elements/separator-with-text.d.ts.map +1 -0
- package/dist/esm/components/elements/separator-with-text.js +29 -0
- package/dist/esm/components/elements/separator-with-text.js.map +1 -0
- package/dist/esm/components/elements/sidebar-layout.d.ts +21 -0
- package/dist/esm/components/elements/sidebar-layout.d.ts.map +1 -0
- package/dist/esm/components/elements/sidebar-layout.js +132 -0
- package/dist/esm/components/elements/sidebar-layout.js.map +1 -0
- package/dist/esm/components/elements/ssr-layout-effect.d.ts +10 -0
- package/dist/esm/components/elements/ssr-layout-effect.d.ts.map +1 -0
- package/dist/esm/components/elements/ssr-layout-effect.js +20 -0
- package/dist/esm/components/elements/ssr-layout-effect.js.map +1 -0
- package/dist/esm/components/elements/user-avatar.d.ts +15 -0
- package/dist/esm/components/elements/user-avatar.d.ts.map +1 -0
- package/dist/esm/components/elements/user-avatar.js +28 -0
- package/dist/esm/components/elements/user-avatar.js.map +1 -0
- package/dist/esm/components/link.d.ts +16 -0
- package/dist/esm/components/link.d.ts.map +1 -0
- package/dist/esm/components/link.js +26 -0
- package/dist/esm/components/link.js.map +1 -0
- package/dist/esm/components/magic-link-sign-in.d.ts +7 -0
- package/dist/esm/components/magic-link-sign-in.d.ts.map +1 -0
- package/dist/esm/components/magic-link-sign-in.js +136 -0
- package/dist/esm/components/magic-link-sign-in.js.map +1 -0
- package/dist/esm/components/message-cards/known-error-message-card.d.ts +14 -0
- package/dist/esm/components/message-cards/known-error-message-card.d.ts.map +1 -0
- package/dist/esm/components/message-cards/known-error-message-card.js +22 -0
- package/dist/esm/components/message-cards/known-error-message-card.js.map +1 -0
- package/dist/esm/components/message-cards/message-card.d.ts +19 -0
- package/dist/esm/components/message-cards/message-card.d.ts.map +1 -0
- package/dist/esm/components/message-cards/message-card.js +43 -0
- package/dist/esm/components/message-cards/message-card.js.map +1 -0
- package/dist/esm/components/message-cards/predefined-message-card.d.ts +13 -0
- package/dist/esm/components/message-cards/predefined-message-card.d.ts.map +1 -0
- package/dist/esm/components/message-cards/predefined-message-card.js +71 -0
- package/dist/esm/components/message-cards/predefined-message-card.js.map +1 -0
- package/dist/esm/components/oauth-button-group.d.ts +19 -0
- package/dist/esm/components/oauth-button-group.d.ts.map +1 -0
- package/dist/esm/components/oauth-button-group.js +22 -0
- package/dist/esm/components/oauth-button-group.js.map +1 -0
- package/dist/esm/components/oauth-button.d.ts +17 -0
- package/dist/esm/components/oauth-button.d.ts.map +1 -0
- package/dist/esm/components/oauth-button.js +170 -0
- package/dist/esm/components/oauth-button.js.map +1 -0
- package/dist/esm/components/passkey-button.d.ts +11 -0
- package/dist/esm/components/passkey-button.d.ts.map +1 -0
- package/dist/esm/components/passkey-button.js +31 -0
- package/dist/esm/components/passkey-button.js.map +1 -0
- package/dist/esm/components/profile-image-editor.d.ts +15 -0
- package/dist/esm/components/profile-image-editor.d.ts.map +1 -0
- package/dist/esm/components/profile-image-editor.js +165 -0
- package/dist/esm/components/profile-image-editor.js.map +1 -0
- package/dist/esm/components/selected-team-switcher.d.ts +31 -0
- package/dist/esm/components/selected-team-switcher.d.ts.map +1 -0
- package/dist/esm/components/selected-team-switcher.js +57 -0
- package/dist/esm/components/selected-team-switcher.js.map +1 -0
- package/dist/esm/components/team-icon.d.ts +10 -0
- package/dist/esm/components/team-icon.d.ts.map +1 -0
- package/dist/esm/components/team-icon.js +29 -0
- package/dist/esm/components/team-icon.js.map +1 -0
- package/dist/esm/components/team-switcher.d.ts +31 -0
- package/dist/esm/components/team-switcher.d.ts.map +1 -0
- package/dist/esm/components/team-switcher.js +121 -0
- package/dist/esm/components/team-switcher.js.map +1 -0
- package/dist/esm/components/use-in-iframe.d.ts +5 -0
- package/dist/esm/components/use-in-iframe.d.ts.map +1 -0
- package/dist/esm/components/use-in-iframe.js +16 -0
- package/dist/esm/components/use-in-iframe.js.map +1 -0
- package/dist/esm/components/user-button.d.ts +22 -0
- package/dist/esm/components/user-button.d.ts.map +1 -0
- package/dist/esm/components/user-button.js +131 -0
- package/dist/esm/components/user-button.js.map +1 -0
- package/dist/esm/components-page/account-settings/active-sessions/active-sessions-page.d.ts +20 -0
- package/dist/esm/components-page/account-settings/active-sessions/active-sessions-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/active-sessions/active-sessions-page.js +206 -0
- package/dist/esm/components-page/account-settings/active-sessions/active-sessions-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/api-keys/api-keys-page.d.ts +16 -0
- package/dist/esm/components-page/account-settings/api-keys/api-keys-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/api-keys/api-keys-page.js +113 -0
- package/dist/esm/components-page/account-settings/api-keys/api-keys-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/editable-text.d.ts +10 -0
- package/dist/esm/components-page/account-settings/editable-text.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/editable-text.js +47 -0
- package/dist/esm/components-page/account-settings/editable-text.js.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/email-and-auth-page.d.ts +9 -0
- package/dist/esm/components-page/account-settings/email-and-auth/email-and-auth-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/email-and-auth-page.js +22 -0
- package/dist/esm/components-page/account-settings/email-and-auth/email-and-auth-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/emails-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/email-and-auth/emails-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/emails-section.js +179 -0
- package/dist/esm/components-page/account-settings/email-and-auth/emails-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/mfa-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/email-and-auth/mfa-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/mfa-section.js +118 -0
- package/dist/esm/components-page/account-settings/email-and-auth/mfa-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/otp-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/email-and-auth/otp-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/otp-section.js +78 -0
- package/dist/esm/components-page/account-settings/email-and-auth/otp-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/passkey-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/email-and-auth/passkey-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/passkey-section.js +87 -0
- package/dist/esm/components-page/account-settings/email-and-auth/passkey-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/password-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/email-and-auth/password-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/email-and-auth/password-section.js +158 -0
- package/dist/esm/components-page/account-settings/email-and-auth/password-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/notifications/notifications-page.d.ts +7 -0
- package/dist/esm/components-page/account-settings/notifications/notifications-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/notifications/notifications-page.js +40 -0
- package/dist/esm/components-page/account-settings/notifications/notifications-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/page-layout.d.ts +9 -0
- package/dist/esm/components-page/account-settings/page-layout.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/page-layout.js +13 -0
- package/dist/esm/components-page/account-settings/page-layout.js.map +1 -0
- package/dist/esm/components-page/account-settings/payments/payments-page.d.ts +12 -0
- package/dist/esm/components-page/account-settings/payments/payments-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/payments/payments-page.js +53 -0
- package/dist/esm/components-page/account-settings/payments/payments-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/payments/payments-panel.d.ts +61 -0
- package/dist/esm/components-page/account-settings/payments/payments-panel.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/payments/payments-panel.js +464 -0
- package/dist/esm/components-page/account-settings/payments/payments-panel.js.map +1 -0
- package/dist/esm/components-page/account-settings/profile-page/profile-page.d.ts +12 -0
- package/dist/esm/components-page/account-settings/profile-page/profile-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/profile-page/profile-page.js +44 -0
- package/dist/esm/components-page/account-settings/profile-page/profile-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/section.d.ts +11 -0
- package/dist/esm/components-page/account-settings/section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/section.js +27 -0
- package/dist/esm/components-page/account-settings/section.js.map +1 -0
- package/dist/esm/components-page/account-settings/settings/delete-account-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/settings/delete-account-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/settings/delete-account-section.js +68 -0
- package/dist/esm/components-page/account-settings/settings/delete-account-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/settings/settings-page.d.ts +9 -0
- package/dist/esm/components-page/account-settings/settings/settings-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/settings/settings-page.js +13 -0
- package/dist/esm/components-page/account-settings/settings/settings-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/settings/sign-out-section.d.ts +9 -0
- package/dist/esm/components-page/account-settings/settings/sign-out-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/settings/sign-out-section.js +31 -0
- package/dist/esm/components-page/account-settings/settings/sign-out-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/leave-team-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/leave-team-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/leave-team-section.js +46 -0
- package/dist/esm/components-page/account-settings/teams/leave-team-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-api-keys-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-api-keys-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-api-keys-section.js +55 -0
- package/dist/esm/components-page/account-settings/teams/team-api-keys-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-creation-page.d.ts +9 -0
- package/dist/esm/components-page/account-settings/teams/team-creation-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-creation-page.js +65 -0
- package/dist/esm/components-page/account-settings/teams/team-creation-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-display-name-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-display-name-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-display-name-section.js +23 -0
- package/dist/esm/components-page/account-settings/teams/team-display-name-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-member-invitation-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-member-invitation-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-member-invitation-section.js +112 -0
- package/dist/esm/components-page/account-settings/teams/team-member-invitation-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-member-list-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-member-list-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-member-list-section.js +38 -0
- package/dist/esm/components-page/account-settings/teams/team-member-list-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-page.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-page.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-page.js +26 -0
- package/dist/esm/components-page/account-settings/teams/team-page.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-image-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-image-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-image-section.js +25 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-image-section.js.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-user-section.d.ts +10 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-user-section.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-user-section.js +25 -0
- package/dist/esm/components-page/account-settings/teams/team-profile-user-section.js.map +1 -0
- package/dist/esm/components-page/account-settings.d.ts +58 -0
- package/dist/esm/components-page/account-settings.d.ts.map +1 -0
- package/dist/esm/components-page/account-settings.js +264 -0
- package/dist/esm/components-page/account-settings.js.map +1 -0
- package/dist/esm/components-page/auth-page.d.ts +26 -0
- package/dist/esm/components-page/auth-page.d.ts.map +1 -0
- package/dist/esm/components-page/auth-page.js +161 -0
- package/dist/esm/components-page/auth-page.js.map +1 -0
- package/dist/esm/components-page/cli-auth-confirm.d.ts +21 -0
- package/dist/esm/components-page/cli-auth-confirm.d.ts.map +1 -0
- package/dist/esm/components-page/cli-auth-confirm.js +213 -0
- package/dist/esm/components-page/cli-auth-confirm.js.map +1 -0
- package/dist/esm/components-page/cli-auth-confirm.test.d.ts +1 -0
- package/dist/esm/components-page/cli-auth-confirm.test.js +175 -0
- package/dist/esm/components-page/cli-auth-confirm.test.js.map +1 -0
- package/dist/esm/components-page/email-verification.d.ts +10 -0
- package/dist/esm/components-page/email-verification.d.ts.map +1 -0
- package/dist/esm/components-page/email-verification.js +57 -0
- package/dist/esm/components-page/email-verification.js.map +1 -0
- package/dist/esm/components-page/error-page.d.ts +10 -0
- package/dist/esm/components-page/error-page.d.ts.map +1 -0
- package/dist/esm/components-page/error-page.js +75 -0
- package/dist/esm/components-page/error-page.js.map +1 -0
- package/dist/esm/components-page/forgot-password.d.ts +14 -0
- package/dist/esm/components-page/forgot-password.d.ts.map +1 -0
- package/dist/esm/components-page/forgot-password.js +100 -0
- package/dist/esm/components-page/forgot-password.js.map +1 -0
- package/dist/esm/components-page/magic-link-callback.d.ts +10 -0
- package/dist/esm/components-page/magic-link-callback.d.ts.map +1 -0
- package/dist/esm/components-page/magic-link-callback.js +72 -0
- package/dist/esm/components-page/magic-link-callback.js.map +1 -0
- package/dist/esm/components-page/mfa.d.ts +11 -0
- package/dist/esm/components-page/mfa.d.ts.map +1 -0
- package/dist/esm/components-page/mfa.js +164 -0
- package/dist/esm/components-page/mfa.js.map +1 -0
- package/dist/esm/components-page/oauth-callback.d.ts +11 -0
- package/dist/esm/components-page/oauth-callback.d.ts.map +1 -0
- package/dist/esm/components-page/oauth-callback.js +70 -0
- package/dist/esm/components-page/oauth-callback.js.map +1 -0
- package/dist/esm/components-page/onboarding.d.ts +9 -0
- package/dist/esm/components-page/onboarding.d.ts.map +1 -0
- package/dist/esm/components-page/onboarding.js +138 -0
- package/dist/esm/components-page/onboarding.js.map +1 -0
- package/dist/esm/components-page/password-reset.d.ts +17 -0
- package/dist/esm/components-page/password-reset.d.ts.map +1 -0
- package/dist/esm/components-page/password-reset.js +157 -0
- package/dist/esm/components-page/password-reset.js.map +1 -0
- package/dist/esm/components-page/section.d.ts +1 -0
- package/dist/esm/components-page/section.js +4 -0
- package/dist/esm/components-page/sign-in.d.ts +23 -0
- package/dist/esm/components-page/sign-in.d.ts.map +1 -0
- package/dist/esm/components-page/sign-in.js +18 -0
- package/dist/esm/components-page/sign-in.js.map +1 -0
- package/dist/esm/components-page/sign-out.d.ts +9 -0
- package/dist/esm/components-page/sign-out.d.ts.map +1 -0
- package/dist/esm/components-page/sign-out.js +24 -0
- package/dist/esm/components-page/sign-out.js.map +1 -0
- package/dist/esm/components-page/sign-up.d.ts +13 -0
- package/dist/esm/components-page/sign-up.d.ts.map +1 -0
- package/dist/esm/components-page/sign-up.js +20 -0
- package/dist/esm/components-page/sign-up.js.map +1 -0
- package/dist/esm/components-page/stack-handler-client.d.ts +49 -0
- package/dist/esm/components-page/stack-handler-client.d.ts.map +1 -0
- package/dist/esm/components-page/stack-handler-client.js +233 -0
- package/dist/esm/components-page/stack-handler-client.js.map +1 -0
- package/dist/esm/components-page/stack-handler.d.ts +33 -0
- package/dist/esm/components-page/stack-handler.d.ts.map +1 -0
- package/dist/esm/components-page/stack-handler.js +11 -0
- package/dist/esm/components-page/stack-handler.js.map +1 -0
- package/dist/esm/components-page/team-creation.d.ts +9 -0
- package/dist/esm/components-page/team-creation.d.ts.map +1 -0
- package/dist/esm/components-page/team-creation.js +78 -0
- package/dist/esm/components-page/team-creation.js.map +1 -0
- package/dist/esm/components-page/team-invitation.d.ts +13 -0
- package/dist/esm/components-page/team-invitation.d.ts.map +1 -0
- package/dist/esm/components-page/team-invitation.js +106 -0
- package/dist/esm/components-page/team-invitation.js.map +1 -0
- package/dist/esm/dev-tool/dev-tool-core.d.ts +7 -0
- package/dist/esm/dev-tool/dev-tool-core.d.ts.map +1 -0
- package/dist/esm/dev-tool/dev-tool-core.js +2105 -0
- package/dist/esm/dev-tool/dev-tool-core.js.map +1 -0
- package/dist/esm/dev-tool/dev-tool-styles.d.ts +5 -0
- package/dist/esm/dev-tool/dev-tool-styles.d.ts.map +1 -0
- package/dist/esm/dev-tool/dev-tool-styles.js +2755 -0
- package/dist/esm/dev-tool/dev-tool-styles.js.map +1 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.d.ts +36 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.d.ts.map +1 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.js +65 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.js.map +1 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.test.d.ts +1 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.test.js +155 -0
- package/dist/esm/dev-tool/dev-tool-trigger-position.test.js.map +1 -0
- package/dist/esm/dev-tool/index.d.ts +19 -0
- package/dist/esm/dev-tool/index.d.ts.map +1 -0
- package/dist/esm/dev-tool/index.js +117 -0
- package/dist/esm/dev-tool/index.js.map +1 -0
- package/dist/esm/generated/global-css.d.ts +5 -0
- package/dist/esm/generated/global-css.d.ts.map +1 -0
- package/dist/esm/generated/global-css.js +6 -0
- package/dist/esm/generated/global-css.js.map +1 -0
- package/dist/esm/generated/quetzal-translations.d.ts +6 -0
- package/dist/esm/generated/quetzal-translations.d.ts.map +1 -0
- package/dist/esm/generated/quetzal-translations.js +4307 -0
- package/dist/esm/generated/quetzal-translations.js.map +1 -0
- package/dist/esm/global.d.ts +1 -0
- package/dist/esm/index.d.ts +27 -0
- package/dist/esm/index.js +28 -0
- package/dist/esm/integrations/convex/component/convex.config.d.ts +7 -0
- package/dist/esm/integrations/convex/component/convex.config.d.ts.map +1 -0
- package/dist/esm/integrations/convex/component/convex.config.js +8 -0
- package/dist/esm/integrations/convex/component/convex.config.js.map +1 -0
- package/dist/esm/integrations/convex.d.ts +13 -0
- package/dist/esm/integrations/convex.d.ts.map +1 -0
- package/dist/esm/integrations/convex.js +23 -0
- package/dist/esm/integrations/convex.js.map +1 -0
- package/dist/esm/lib/auth.d.ts +29 -0
- package/dist/esm/lib/auth.d.ts.map +1 -0
- package/dist/esm/lib/auth.js +108 -0
- package/dist/esm/lib/auth.js.map +1 -0
- package/dist/esm/lib/auth.test.d.ts +1 -0
- package/dist/esm/lib/auth.test.js +60 -0
- package/dist/esm/lib/auth.test.js.map +1 -0
- package/dist/esm/lib/cookie.d.ts +50 -0
- package/dist/esm/lib/cookie.d.ts.map +1 -0
- package/dist/esm/lib/cookie.js +347 -0
- package/dist/esm/lib/cookie.js.map +1 -0
- package/dist/esm/lib/env.d.ts +37 -0
- package/dist/esm/lib/env.d.ts.map +1 -0
- package/dist/esm/lib/env.js +88 -0
- package/dist/esm/lib/env.js.map +1 -0
- package/dist/esm/lib/hooks.d.ts +33 -0
- package/dist/esm/lib/hooks.d.ts.map +1 -0
- package/dist/esm/lib/hooks.js +27 -0
- package/dist/esm/lib/hooks.js.map +1 -0
- package/dist/esm/lib/stack-app/api-keys/index.d.ts +53 -0
- package/dist/esm/lib/stack-app/api-keys/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/api-keys/index.js +22 -0
- package/dist/esm/lib/stack-app/api-keys/index.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/admin-app-impl.d.ts +423 -0
- package/dist/esm/lib/stack-app/apps/implementations/admin-app-impl.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/admin-app-impl.js +1041 -0
- package/dist/esm/lib/stack-app/apps/implementations/admin-app-impl.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.d.ts +562 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.js +2631 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.oauth-prefetch.test.d.ts +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.oauth-prefetch.test.js +32 -0
- package/dist/esm/lib/stack-app/apps/implementations/client-app-impl.oauth-prefetch.test.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/common.d.ts +66 -0
- package/dist/esm/lib/stack-app/apps/implementations/common.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/common.js +167 -0
- package/dist/esm/lib/stack-app/apps/implementations/common.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.d.ts +42 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.js +211 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.test.d.ts +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.test.js +87 -0
- package/dist/esm/lib/stack-app/apps/implementations/event-tracker.test.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/index.d.ts +9 -0
- package/dist/esm/lib/stack-app/apps/implementations/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/index.js +27 -0
- package/dist/esm/lib/stack-app/apps/implementations/index.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/redirect-page-urls.d.ts +35 -0
- package/dist/esm/lib/stack-app/apps/implementations/redirect-page-urls.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/redirect-page-urls.js +187 -0
- package/dist/esm/lib/stack-app/apps/implementations/redirect-page-urls.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/server-app-impl.d.ts +260 -0
- package/dist/esm/lib/stack-app/apps/implementations/server-app-impl.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/server-app-impl.js +1383 -0
- package/dist/esm/lib/stack-app/apps/implementations/server-app-impl.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.d.ts +28 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.js +31 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.test.d.ts +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.test.js +82 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-refresh-subscription.test.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.d.ts +108 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.js +234 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.test.d.ts +1 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.test.js +29 -0
- package/dist/esm/lib/stack-app/apps/implementations/session-replay.test.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/index.d.ts +4 -0
- package/dist/esm/lib/stack-app/apps/index.js +5 -0
- package/dist/esm/lib/stack-app/apps/interfaces/admin-app.d.ts +252 -0
- package/dist/esm/lib/stack-app/apps/interfaces/admin-app.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/interfaces/admin-app.js +8 -0
- package/dist/esm/lib/stack-app/apps/interfaces/admin-app.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/interfaces/client-app.d.ts +220 -0
- package/dist/esm/lib/stack-app/apps/interfaces/client-app.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/interfaces/client-app.js +8 -0
- package/dist/esm/lib/stack-app/apps/interfaces/client-app.js.map +1 -0
- package/dist/esm/lib/stack-app/apps/interfaces/server-app.d.ts +153 -0
- package/dist/esm/lib/stack-app/apps/interfaces/server-app.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/apps/interfaces/server-app.js +8 -0
- package/dist/esm/lib/stack-app/apps/interfaces/server-app.js.map +1 -0
- package/dist/esm/lib/stack-app/common.d.ts +183 -0
- package/dist/esm/lib/stack-app/common.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/common.js +7 -0
- package/dist/esm/lib/stack-app/common.js.map +1 -0
- package/dist/esm/lib/stack-app/connected-accounts/index.d.ts +57 -0
- package/dist/esm/lib/stack-app/connected-accounts/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/connected-accounts/index.js +1 -0
- package/dist/esm/lib/stack-app/contact-channels/index.d.ts +43 -0
- package/dist/esm/lib/stack-app/contact-channels/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/contact-channels/index.js +39 -0
- package/dist/esm/lib/stack-app/contact-channels/index.js.map +1 -0
- package/dist/esm/lib/stack-app/customers/index.d.ts +129 -0
- package/dist/esm/lib/stack-app/customers/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/customers/index.js +1 -0
- package/dist/esm/lib/stack-app/data-vault/index.d.ts +14 -0
- package/dist/esm/lib/stack-app/data-vault/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/data-vault/index.js +1 -0
- package/dist/esm/lib/stack-app/email/index.d.ts +204 -0
- package/dist/esm/lib/stack-app/email/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/email/index.js +1 -0
- package/dist/esm/lib/stack-app/email-templates/index.d.ts +17 -0
- package/dist/esm/lib/stack-app/email-templates/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/email-templates/index.js +11 -0
- package/dist/esm/lib/stack-app/email-templates/index.js.map +1 -0
- package/dist/esm/lib/stack-app/index.d.ts +14 -0
- package/dist/esm/lib/stack-app/index.js +5 -0
- package/dist/esm/lib/stack-app/internal-api-keys/index.d.ts +42 -0
- package/dist/esm/lib/stack-app/internal-api-keys/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/internal-api-keys/index.js +14 -0
- package/dist/esm/lib/stack-app/internal-api-keys/index.js.map +1 -0
- package/dist/esm/lib/stack-app/notification-categories/index.d.ts +11 -0
- package/dist/esm/lib/stack-app/notification-categories/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/notification-categories/index.js +1 -0
- package/dist/esm/lib/stack-app/permissions/index.d.ts +43 -0
- package/dist/esm/lib/stack-app/permissions/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/permissions/index.js +31 -0
- package/dist/esm/lib/stack-app/permissions/index.js.map +1 -0
- package/dist/esm/lib/stack-app/project-configs/index.d.ts +99 -0
- package/dist/esm/lib/stack-app/project-configs/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/project-configs/index.js +1 -0
- package/dist/esm/lib/stack-app/projects/index.d.ts +147 -0
- package/dist/esm/lib/stack-app/projects/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/projects/index.js +66 -0
- package/dist/esm/lib/stack-app/projects/index.js.map +1 -0
- package/dist/esm/lib/stack-app/session-replays/index.d.ts +66 -0
- package/dist/esm/lib/stack-app/session-replays/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/session-replays/index.js +1 -0
- package/dist/esm/lib/stack-app/teams/index.d.ts +163 -0
- package/dist/esm/lib/stack-app/teams/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/teams/index.js +35 -0
- package/dist/esm/lib/stack-app/teams/index.js.map +1 -0
- package/dist/esm/lib/stack-app/url-targets.d.ts +40 -0
- package/dist/esm/lib/stack-app/url-targets.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/url-targets.js +280 -0
- package/dist/esm/lib/stack-app/url-targets.js.map +1 -0
- package/dist/esm/lib/stack-app/url-targets.test.d.ts +1 -0
- package/dist/esm/lib/stack-app/url-targets.test.js +169 -0
- package/dist/esm/lib/stack-app/url-targets.test.js.map +1 -0
- package/dist/esm/lib/stack-app/users/index.d.ts +400 -0
- package/dist/esm/lib/stack-app/users/index.d.ts.map +1 -0
- package/dist/esm/lib/stack-app/users/index.js +71 -0
- package/dist/esm/lib/stack-app/users/index.js.map +1 -0
- package/dist/esm/lib/translations.d.ts +7 -0
- package/dist/esm/lib/translations.d.ts.map +1 -0
- package/dist/esm/lib/translations.js +18 -0
- package/dist/esm/lib/translations.js.map +1 -0
- package/dist/esm/providers/stack-context.d.ts +10 -0
- package/dist/esm/providers/stack-context.d.ts.map +1 -0
- package/dist/esm/providers/stack-context.js +10 -0
- package/dist/esm/providers/stack-context.js.map +1 -0
- package/dist/esm/providers/stack-provider-client.d.ts +17 -0
- package/dist/esm/providers/stack-provider-client.d.ts.map +1 -0
- package/dist/esm/providers/stack-provider-client.js +30 -0
- package/dist/esm/providers/stack-provider-client.js.map +1 -0
- package/dist/esm/providers/stack-provider.d.ts +26 -0
- package/dist/esm/providers/stack-provider.d.ts.map +1 -0
- package/dist/esm/providers/stack-provider.js +24 -0
- package/dist/esm/providers/stack-provider.js.map +1 -0
- package/dist/esm/providers/theme-provider.d.ts +46 -0
- package/dist/esm/providers/theme-provider.d.ts.map +1 -0
- package/dist/esm/providers/theme-provider.js +68 -0
- package/dist/esm/providers/theme-provider.js.map +1 -0
- package/dist/esm/providers/translation-provider-client.d.ts +16 -0
- package/dist/esm/providers/translation-provider-client.d.ts.map +1 -0
- package/dist/esm/providers/translation-provider-client.js +20 -0
- package/dist/esm/providers/translation-provider-client.js.map +1 -0
- package/dist/esm/providers/translation-provider.d.ts +16 -0
- package/dist/esm/providers/translation-provider.d.ts.map +1 -0
- package/dist/esm/providers/translation-provider.js +23 -0
- package/dist/esm/providers/translation-provider.js.map +1 -0
- package/dist/esm/tanstack-start-server-context.combined.d.ts +12 -0
- package/dist/esm/tanstack-start-server-context.combined.d.ts.map +1 -0
- package/dist/esm/tanstack-start-server-context.combined.js +1 -0
- package/dist/esm/tanstack-start-server-context.default.d.ts +9 -0
- package/dist/esm/tanstack-start-server-context.default.d.ts.map +1 -0
- package/dist/esm/tanstack-start-server-context.default.js +10 -0
- package/dist/esm/tanstack-start-server-context.default.js.map +1 -0
- package/dist/esm/tanstack-start-server-context.server.d.ts +2 -0
- package/dist/esm/tanstack-start-server-context.server.js +3 -0
- package/dist/esm/utils/browser-script.d.ts +9 -0
- package/dist/esm/utils/browser-script.d.ts.map +1 -0
- package/dist/esm/utils/browser-script.js +105 -0
- package/dist/esm/utils/browser-script.js.map +1 -0
- package/dist/esm/utils/constants.d.ts +81 -0
- package/dist/esm/utils/constants.d.ts.map +1 -0
- package/dist/esm/utils/constants.js +82 -0
- package/dist/esm/utils/constants.js.map +1 -0
- package/dist/esm/utils/url.d.ts +5 -0
- package/dist/esm/utils/url.d.ts.map +1 -0
- package/dist/esm/utils/url.js +16 -0
- package/dist/esm/utils/url.js.map +1 -0
- package/dist/generated/global-css.d.ts +5 -0
- package/dist/generated/global-css.d.ts.map +1 -0
- package/dist/generated/global-css.js +8 -0
- package/dist/generated/global-css.js.map +1 -0
- package/dist/generated/quetzal-translations.d.ts +6 -0
- package/dist/generated/quetzal-translations.d.ts.map +1 -0
- package/dist/generated/quetzal-translations.js +4310 -0
- package/dist/generated/quetzal-translations.js.map +1 -0
- package/dist/global.d.d.ts +0 -0
- package/dist/global.d.ts +1 -0
- package/dist/index.d.ts +40 -0
- package/dist/index.js +192 -0
- package/dist/integrations/convex/component/convex.config.d.ts +61 -0
- package/dist/integrations/convex/component/convex.config.d.ts.map +1 -0
- package/dist/integrations/convex/component/convex.config.js +9 -0
- package/dist/integrations/convex/component/convex.config.js.map +1 -0
- package/dist/integrations/convex.d.ts +13 -0
- package/dist/integrations/convex.d.ts.map +1 -0
- package/dist/integrations/convex.js +25 -0
- package/dist/integrations/convex.js.map +1 -0
- package/dist/lib/auth.d.ts +29 -0
- package/dist/lib/auth.d.ts.map +1 -0
- package/dist/lib/auth.js +111 -0
- package/dist/lib/auth.js.map +1 -0
- package/dist/lib/auth.test.d.ts +1 -0
- package/dist/lib/auth.test.js +60 -0
- package/dist/lib/auth.test.js.map +1 -0
- package/dist/lib/cookie.d.ts +50 -0
- package/dist/lib/cookie.d.ts.map +1 -0
- package/dist/lib/cookie.js +366 -0
- package/dist/lib/cookie.js.map +1 -0
- package/dist/lib/env.d.ts +37 -0
- package/dist/lib/env.d.ts.map +1 -0
- package/dist/lib/env.js +90 -0
- package/dist/lib/env.js.map +1 -0
- package/dist/lib/hooks.d.ts +35 -0
- package/dist/lib/hooks.d.ts.map +1 -0
- package/dist/lib/hooks.js +30 -0
- package/dist/lib/hooks.js.map +1 -0
- package/dist/lib/stack-app/api-keys/index.d.ts +53 -0
- package/dist/lib/stack-app/api-keys/index.d.ts.map +1 -0
- package/dist/lib/stack-app/api-keys/index.js +25 -0
- package/dist/lib/stack-app/api-keys/index.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/admin-app-impl.d.ts +421 -0
- package/dist/lib/stack-app/apps/implementations/admin-app-impl.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/admin-app-impl.js +1043 -0
- package/dist/lib/stack-app/apps/implementations/admin-app-impl.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.d.ts +561 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.js +2637 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.oauth-prefetch.test.d.ts +1 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.oauth-prefetch.test.js +32 -0
- package/dist/lib/stack-app/apps/implementations/client-app-impl.oauth-prefetch.test.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/common.d.ts +66 -0
- package/dist/lib/stack-app/apps/implementations/common.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/common.js +186 -0
- package/dist/lib/stack-app/apps/implementations/common.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.d.ts +42 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.js +213 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.test.d.ts +1 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.test.js +87 -0
- package/dist/lib/stack-app/apps/implementations/event-tracker.test.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/index.d.ts +9 -0
- package/dist/lib/stack-app/apps/implementations/index.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/index.js +31 -0
- package/dist/lib/stack-app/apps/implementations/index.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/redirect-page-urls.d.ts +35 -0
- package/dist/lib/stack-app/apps/implementations/redirect-page-urls.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/redirect-page-urls.js +191 -0
- package/dist/lib/stack-app/apps/implementations/redirect-page-urls.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/server-app-impl.d.ts +260 -0
- package/dist/lib/stack-app/apps/implementations/server-app-impl.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/server-app-impl.js +1385 -0
- package/dist/lib/stack-app/apps/implementations/server-app-impl.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.d.ts +28 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.js +33 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.test.d.ts +1 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.test.js +82 -0
- package/dist/lib/stack-app/apps/implementations/session-refresh-subscription.test.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.d.ts +108 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.js +242 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.js.map +1 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.test.d.ts +1 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.test.js +29 -0
- package/dist/lib/stack-app/apps/implementations/session-replay.test.js.map +1 -0
- package/dist/lib/stack-app/apps/index.d.ts +4 -0
- package/dist/lib/stack-app/apps/index.js +24 -0
- package/dist/lib/stack-app/apps/interfaces/admin-app.d.ts +252 -0
- package/dist/lib/stack-app/apps/interfaces/admin-app.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/interfaces/admin-app.js +10 -0
- package/dist/lib/stack-app/apps/interfaces/admin-app.js.map +1 -0
- package/dist/lib/stack-app/apps/interfaces/client-app.d.ts +220 -0
- package/dist/lib/stack-app/apps/interfaces/client-app.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/interfaces/client-app.js +10 -0
- package/dist/lib/stack-app/apps/interfaces/client-app.js.map +1 -0
- package/dist/lib/stack-app/apps/interfaces/server-app.d.ts +153 -0
- package/dist/lib/stack-app/apps/interfaces/server-app.d.ts.map +1 -0
- package/dist/lib/stack-app/apps/interfaces/server-app.js +10 -0
- package/dist/lib/stack-app/apps/interfaces/server-app.js.map +1 -0
- package/dist/lib/stack-app/common.d.ts +183 -0
- package/dist/lib/stack-app/common.d.ts.map +1 -0
- package/dist/lib/stack-app/common.js +9 -0
- package/dist/lib/stack-app/common.js.map +1 -0
- package/dist/lib/stack-app/connected-accounts/index.d.ts +57 -0
- package/dist/lib/stack-app/connected-accounts/index.d.ts.map +1 -0
- package/dist/lib/stack-app/connected-accounts/index.js +0 -0
- package/dist/lib/stack-app/contact-channels/index.d.ts +43 -0
- package/dist/lib/stack-app/contact-channels/index.d.ts.map +1 -0
- package/dist/lib/stack-app/contact-channels/index.js +44 -0
- package/dist/lib/stack-app/contact-channels/index.js.map +1 -0
- package/dist/lib/stack-app/customers/index.d.ts +129 -0
- package/dist/lib/stack-app/customers/index.d.ts.map +1 -0
- package/dist/lib/stack-app/customers/index.js +0 -0
- package/dist/lib/stack-app/data-vault/index.d.ts +14 -0
- package/dist/lib/stack-app/data-vault/index.d.ts.map +1 -0
- package/dist/lib/stack-app/data-vault/index.js +0 -0
- package/dist/lib/stack-app/email/index.d.ts +204 -0
- package/dist/lib/stack-app/email/index.d.ts.map +1 -0
- package/dist/lib/stack-app/email/index.js +0 -0
- package/dist/lib/stack-app/email-templates/index.d.ts +17 -0
- package/dist/lib/stack-app/email-templates/index.d.ts.map +1 -0
- package/dist/lib/stack-app/email-templates/index.js +13 -0
- package/dist/lib/stack-app/email-templates/index.js.map +1 -0
- package/dist/lib/stack-app/index.d.ts +15 -0
- package/dist/lib/stack-app/index.js +36 -0
- package/dist/lib/stack-app/internal-api-keys/index.d.ts +42 -0
- package/dist/lib/stack-app/internal-api-keys/index.d.ts.map +1 -0
- package/dist/lib/stack-app/internal-api-keys/index.js +16 -0
- package/dist/lib/stack-app/internal-api-keys/index.js.map +1 -0
- package/dist/lib/stack-app/notification-categories/index.d.ts +11 -0
- package/dist/lib/stack-app/notification-categories/index.d.ts.map +1 -0
- package/dist/lib/stack-app/notification-categories/index.js +0 -0
- package/dist/lib/stack-app/permissions/index.d.ts +43 -0
- package/dist/lib/stack-app/permissions/index.d.ts.map +1 -0
- package/dist/lib/stack-app/permissions/index.js +36 -0
- package/dist/lib/stack-app/permissions/index.js.map +1 -0
- package/dist/lib/stack-app/project-configs/index.d.ts +99 -0
- package/dist/lib/stack-app/project-configs/index.d.ts.map +1 -0
- package/dist/lib/stack-app/project-configs/index.js +0 -0
- package/dist/lib/stack-app/projects/index.d.ts +147 -0
- package/dist/lib/stack-app/projects/index.d.ts.map +1 -0
- package/dist/lib/stack-app/projects/index.js +69 -0
- package/dist/lib/stack-app/projects/index.js.map +1 -0
- package/dist/lib/stack-app/session-replays/index.d.ts +66 -0
- package/dist/lib/stack-app/session-replays/index.d.ts.map +1 -0
- package/dist/lib/stack-app/session-replays/index.js +0 -0
- package/dist/lib/stack-app/teams/index.d.ts +163 -0
- package/dist/lib/stack-app/teams/index.d.ts.map +1 -0
- package/dist/lib/stack-app/teams/index.js +40 -0
- package/dist/lib/stack-app/teams/index.js.map +1 -0
- package/dist/lib/stack-app/url-targets.d.ts +40 -0
- package/dist/lib/stack-app/url-targets.d.ts.map +1 -0
- package/dist/lib/stack-app/url-targets.js +289 -0
- package/dist/lib/stack-app/url-targets.js.map +1 -0
- package/dist/lib/stack-app/url-targets.test.d.ts +1 -0
- package/dist/lib/stack-app/url-targets.test.js +169 -0
- package/dist/lib/stack-app/url-targets.test.js.map +1 -0
- package/dist/lib/stack-app/users/index.d.ts +400 -0
- package/dist/lib/stack-app/users/index.d.ts.map +1 -0
- package/dist/lib/stack-app/users/index.js +76 -0
- package/dist/lib/stack-app/users/index.js.map +1 -0
- package/dist/lib/translations.d.ts +7 -0
- package/dist/lib/translations.d.ts.map +1 -0
- package/dist/lib/translations.js +21 -0
- package/dist/lib/translations.js.map +1 -0
- package/dist/providers/stack-context.d.ts +10 -0
- package/dist/providers/stack-context.d.ts.map +1 -0
- package/dist/providers/stack-context.js +13 -0
- package/dist/providers/stack-context.js.map +1 -0
- package/dist/providers/stack-provider-client.d.ts +17 -0
- package/dist/providers/stack-provider-client.d.ts.map +1 -0
- package/dist/providers/stack-provider-client.js +34 -0
- package/dist/providers/stack-provider-client.js.map +1 -0
- package/dist/providers/stack-provider.d.ts +25 -0
- package/dist/providers/stack-provider.d.ts.map +1 -0
- package/dist/providers/stack-provider.js +26 -0
- package/dist/providers/stack-provider.js.map +1 -0
- package/dist/providers/theme-provider.d.ts +46 -0
- package/dist/providers/theme-provider.d.ts.map +1 -0
- package/dist/providers/theme-provider.js +72 -0
- package/dist/providers/theme-provider.js.map +1 -0
- package/dist/providers/translation-provider-client.d.ts +16 -0
- package/dist/providers/translation-provider-client.d.ts.map +1 -0
- package/dist/providers/translation-provider-client.js +23 -0
- package/dist/providers/translation-provider-client.js.map +1 -0
- package/dist/providers/translation-provider.d.ts +16 -0
- package/dist/providers/translation-provider.d.ts.map +1 -0
- package/dist/providers/translation-provider.js +25 -0
- package/dist/providers/translation-provider.js.map +1 -0
- package/dist/storage-CKzvsBxG.d.ts +1912 -0
- package/dist/storage-CKzvsBxG.d.ts.map +1 -0
- package/dist/tanstack-start-server-context.combined.d.ts +12 -0
- package/dist/tanstack-start-server-context.combined.d.ts.map +1 -0
- package/dist/tanstack-start-server-context.combined.js +0 -0
- package/dist/tanstack-start-server-context.default.d.ts +9 -0
- package/dist/tanstack-start-server-context.default.d.ts.map +1 -0
- package/dist/tanstack-start-server-context.default.js +16 -0
- package/dist/tanstack-start-server-context.default.js.map +1 -0
- package/dist/tanstack-start-server-context.server.d.ts +2 -0
- package/dist/tanstack-start-server-context.server.js +34 -0
- package/dist/utils/browser-script.d.ts +9 -0
- package/dist/utils/browser-script.d.ts.map +1 -0
- package/dist/utils/browser-script.js +107 -0
- package/dist/utils/browser-script.js.map +1 -0
- package/dist/utils/constants.d.ts +81 -0
- package/dist/utils/constants.d.ts.map +1 -0
- package/dist/utils/constants.js +92 -0
- package/dist/utils/constants.js.map +1 -0
- package/dist/utils/url.d.ts +5 -0
- package/dist/utils/url.d.ts.map +1 -0
- package/dist/utils/url.js +18 -0
- package/dist/utils/url.js.map +1 -0
- package/package.json +129 -6
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cookie.js","names":["tanstackStartServerContext","StackAssertionError","Cookies"],"sources":["../../../../node_modules/.pnpm/oauth4webapi@3.8.5/node_modules/oauth4webapi/build/index.js","../../src/lib/cookie.ts"],"sourcesContent":["let USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'oauth4webapi';\n const VERSION = 'v3.8.5';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nfunction looseInstanceOf(input, expected) {\n if (input == null) {\n return false;\n }\n try {\n return (input instanceof expected ||\n Object.getPrototypeOf(input)[Symbol.toStringTag] === expected.prototype[Symbol.toStringTag]);\n }\n catch {\n return false;\n }\n}\nconst ERR_INVALID_ARG_VALUE = 'ERR_INVALID_ARG_VALUE';\nconst ERR_INVALID_ARG_TYPE = 'ERR_INVALID_ARG_TYPE';\nfunction CodedTypeError(message, code, cause) {\n const err = new TypeError(message, { cause });\n Object.assign(err, { code });\n return err;\n}\nexport const allowInsecureRequests = Symbol();\nexport const clockSkew = Symbol();\nexport const clockTolerance = Symbol();\nexport const customFetch = Symbol();\nexport const modifyAssertion = Symbol();\nexport const jweDecrypt = Symbol();\nexport const jwksCache = Symbol();\nconst encoder = new TextEncoder();\nconst decoder = new TextDecoder();\nfunction buf(input) {\n if (typeof input === 'string') {\n return encoder.encode(input);\n }\n return decoder.decode(input);\n}\nlet encodeBase64Url;\nif (Uint8Array.prototype.toBase64) {\n encodeBase64Url = (input) => {\n if (input instanceof ArrayBuffer) {\n input = new Uint8Array(input);\n }\n return input.toBase64({ alphabet: 'base64url', omitPadding: true });\n };\n}\nelse {\n const CHUNK_SIZE = 0x8000;\n encodeBase64Url = (input) => {\n if (input instanceof ArrayBuffer) {\n input = new Uint8Array(input);\n }\n const arr = [];\n for (let i = 0; i < input.byteLength; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, input.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join('')).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n };\n}\nlet decodeBase64Url;\nif (Uint8Array.fromBase64) {\n decodeBase64Url = (input) => {\n try {\n return Uint8Array.fromBase64(input, { alphabet: 'base64url' });\n }\n catch (cause) {\n throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);\n }\n };\n}\nelse {\n decodeBase64Url = (input) => {\n try {\n const binary = atob(input.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, ''));\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n }\n catch (cause) {\n throw CodedTypeError('The input to be decoded is not correctly encoded.', ERR_INVALID_ARG_VALUE, cause);\n }\n };\n}\nfunction b64u(input) {\n if (typeof input === 'string') {\n return decodeBase64Url(input);\n }\n return encodeBase64Url(input);\n}\nexport class UnsupportedOperationError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = UNSUPPORTED_OPERATION;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class OperationProcessingError extends Error {\n code;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n if (options?.code) {\n this.code = options?.code;\n }\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nfunction OPE(message, code, cause) {\n return new OperationProcessingError(message, { code, cause });\n}\nasync function calculateJwkThumbprint(jwk) {\n let components;\n switch (jwk.kty) {\n case 'EC':\n components = {\n crv: jwk.crv,\n kty: jwk.kty,\n x: jwk.x,\n y: jwk.y,\n };\n break;\n case 'OKP':\n components = {\n crv: jwk.crv,\n kty: jwk.kty,\n x: jwk.x,\n };\n break;\n case 'AKP':\n components = {\n alg: jwk.alg,\n kty: jwk.kty,\n pub: jwk.pub,\n };\n break;\n case 'RSA':\n components = {\n e: jwk.e,\n kty: jwk.kty,\n n: jwk.n,\n };\n break;\n default:\n throw new UnsupportedOperationError('unsupported JWK key type', { cause: jwk });\n }\n return b64u(await crypto.subtle.digest('SHA-256', buf(JSON.stringify(components))));\n}\nfunction assertCryptoKey(key, it) {\n if (!(key instanceof CryptoKey)) {\n throw CodedTypeError(`${it} must be a CryptoKey`, ERR_INVALID_ARG_TYPE);\n }\n}\nfunction assertPrivateKey(key, it) {\n assertCryptoKey(key, it);\n if (key.type !== 'private') {\n throw CodedTypeError(`${it} must be a private CryptoKey`, ERR_INVALID_ARG_VALUE);\n }\n}\nfunction assertPublicKey(key, it) {\n assertCryptoKey(key, it);\n if (key.type !== 'public') {\n throw CodedTypeError(`${it} must be a public CryptoKey`, ERR_INVALID_ARG_VALUE);\n }\n}\nfunction normalizeTyp(value) {\n return value.toLowerCase().replace(/^application\\//, '');\n}\nfunction isJsonObject(input) {\n if (input === null || typeof input !== 'object' || Array.isArray(input)) {\n return false;\n }\n return true;\n}\nfunction prepareHeaders(input) {\n if (looseInstanceOf(input, Headers)) {\n input = Object.fromEntries(input.entries());\n }\n const headers = new Headers(input ?? {});\n if (USER_AGENT && !headers.has('user-agent')) {\n headers.set('user-agent', USER_AGENT);\n }\n if (headers.has('authorization')) {\n throw CodedTypeError('\"options.headers\" must not include the \"authorization\" header name', ERR_INVALID_ARG_VALUE);\n }\n return headers;\n}\nfunction signal(url, value) {\n if (value !== undefined) {\n if (typeof value === 'function') {\n value = value(url.href);\n }\n if (!(value instanceof AbortSignal)) {\n throw CodedTypeError('\"options.signal\" must return or be an instance of AbortSignal', ERR_INVALID_ARG_TYPE);\n }\n return value;\n }\n return undefined;\n}\nfunction replaceDoubleSlash(pathname) {\n if (pathname.includes('//')) {\n return pathname.replace('//', '/');\n }\n return pathname;\n}\nfunction prependWellKnown(url, wellKnown, allowTerminatingSlash = false) {\n if (url.pathname === '/') {\n url.pathname = wellKnown;\n }\n else {\n url.pathname = replaceDoubleSlash(`${wellKnown}/${allowTerminatingSlash ? url.pathname : url.pathname.replace(/(\\/)$/, '')}`);\n }\n return url;\n}\nfunction appendWellKnown(url, wellKnown) {\n url.pathname = replaceDoubleSlash(`${url.pathname}/${wellKnown}`);\n return url;\n}\nasync function performDiscovery(input, urlName, transform, options) {\n if (!(input instanceof URL)) {\n throw CodedTypeError(`\"${urlName}\" must be an instance of URL`, ERR_INVALID_ARG_TYPE);\n }\n checkProtocol(input, options?.[allowInsecureRequests] !== true);\n const url = transform(new URL(input.href));\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return (options?.[customFetch] || fetch)(url.href, {\n body: undefined,\n headers: Object.fromEntries(headers.entries()),\n method: 'GET',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nexport async function discoveryRequest(issuerIdentifier, options) {\n return performDiscovery(issuerIdentifier, 'issuerIdentifier', (url) => {\n switch (options?.algorithm) {\n case undefined:\n case 'oidc':\n appendWellKnown(url, '.well-known/openid-configuration');\n break;\n case 'oauth2':\n prependWellKnown(url, '.well-known/oauth-authorization-server');\n break;\n default:\n throw CodedTypeError('\"options.algorithm\" must be \"oidc\" (default), or \"oauth2\"', ERR_INVALID_ARG_VALUE);\n }\n return url;\n }, options);\n}\nfunction assertNumber(input, allow0, it, code, cause) {\n try {\n if (typeof input !== 'number' || !Number.isFinite(input)) {\n throw CodedTypeError(`${it} must be a number`, ERR_INVALID_ARG_TYPE, cause);\n }\n if (input > 0)\n return;\n if (allow0) {\n if (input !== 0) {\n throw CodedTypeError(`${it} must be a non-negative number`, ERR_INVALID_ARG_VALUE, cause);\n }\n return;\n }\n throw CodedTypeError(`${it} must be a positive number`, ERR_INVALID_ARG_VALUE, cause);\n }\n catch (err) {\n if (code) {\n throw OPE(err.message, code, cause);\n }\n throw err;\n }\n}\nfunction assertString(input, it, code, cause) {\n try {\n if (typeof input !== 'string') {\n throw CodedTypeError(`${it} must be a string`, ERR_INVALID_ARG_TYPE, cause);\n }\n if (input.length === 0) {\n throw CodedTypeError(`${it} must not be empty`, ERR_INVALID_ARG_VALUE, cause);\n }\n }\n catch (err) {\n if (code) {\n throw OPE(err.message, code, cause);\n }\n throw err;\n }\n}\nexport async function processDiscoveryResponse(expectedIssuerIdentifier, response) {\n const expected = expectedIssuerIdentifier;\n if (!(expected instanceof URL) && expected !== _nodiscoverycheck) {\n throw CodedTypeError('\"expectedIssuerIdentifier\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform Authorization Server Metadata response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.issuer, '\"response\" body \"issuer\" property', INVALID_RESPONSE, { body: json });\n if (expected !== _nodiscoverycheck && new URL(json.issuer).href !== expected.href) {\n throw OPE('\"response\" body \"issuer\" property does not match the expected value', JSON_ATTRIBUTE_COMPARISON, { expected: expected.href, body: json, attribute: 'issuer' });\n }\n return json;\n}\nfunction assertApplicationJson(response) {\n assertContentType(response, 'application/json');\n}\nfunction notJson(response, ...types) {\n let msg = '\"response\" content-type must be ';\n if (types.length > 2) {\n const last = types.pop();\n msg += `${types.join(', ')}, or ${last}`;\n }\n else if (types.length === 2) {\n msg += `${types[0]} or ${types[1]}`;\n }\n else {\n msg += types[0];\n }\n return OPE(msg, RESPONSE_IS_NOT_JSON, response);\n}\nfunction assertContentTypes(response, ...types) {\n if (!types.includes(getContentType(response))) {\n throw notJson(response, ...types);\n }\n}\nfunction assertContentType(response, contentType) {\n if (getContentType(response) !== contentType) {\n throw notJson(response, contentType);\n }\n}\nfunction randomBytes() {\n return b64u(crypto.getRandomValues(new Uint8Array(32)));\n}\nexport function generateRandomCodeVerifier() {\n return randomBytes();\n}\nexport function generateRandomState() {\n return randomBytes();\n}\nexport function generateRandomNonce() {\n return randomBytes();\n}\nexport async function calculatePKCECodeChallenge(codeVerifier) {\n assertString(codeVerifier, 'codeVerifier');\n return b64u(await crypto.subtle.digest('SHA-256', buf(codeVerifier)));\n}\nfunction getKeyAndKid(input) {\n if (input instanceof CryptoKey) {\n return { key: input };\n }\n if (!(input?.key instanceof CryptoKey)) {\n return {};\n }\n if (input.kid !== undefined) {\n assertString(input.kid, '\"kid\"');\n }\n return {\n key: input.key,\n kid: input.kid,\n };\n}\nfunction psAlg(key) {\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n return 'PS256';\n case 'SHA-384':\n return 'PS384';\n case 'SHA-512':\n return 'PS512';\n default:\n throw new UnsupportedOperationError('unsupported RsaHashedKeyAlgorithm hash name', {\n cause: key,\n });\n }\n}\nfunction rsAlg(key) {\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n return 'RS256';\n case 'SHA-384':\n return 'RS384';\n case 'SHA-512':\n return 'RS512';\n default:\n throw new UnsupportedOperationError('unsupported RsaHashedKeyAlgorithm hash name', {\n cause: key,\n });\n }\n}\nfunction esAlg(key) {\n switch (key.algorithm.namedCurve) {\n case 'P-256':\n return 'ES256';\n case 'P-384':\n return 'ES384';\n case 'P-521':\n return 'ES512';\n default:\n throw new UnsupportedOperationError('unsupported EcKeyAlgorithm namedCurve', { cause: key });\n }\n}\nfunction keyToJws(key) {\n switch (key.algorithm.name) {\n case 'RSA-PSS':\n return psAlg(key);\n case 'RSASSA-PKCS1-v1_5':\n return rsAlg(key);\n case 'ECDSA':\n return esAlg(key);\n case 'Ed25519':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return key.algorithm.name;\n case 'EdDSA':\n return 'Ed25519';\n default:\n throw new UnsupportedOperationError('unsupported CryptoKey algorithm name', { cause: key });\n }\n}\nfunction getClockSkew(client) {\n const skew = client?.[clockSkew];\n return typeof skew === 'number' && Number.isFinite(skew) ? skew : 0;\n}\nfunction getClockTolerance(client) {\n const tolerance = client?.[clockTolerance];\n return typeof tolerance === 'number' && Number.isFinite(tolerance) && Math.sign(tolerance) !== -1\n ? tolerance\n : 30;\n}\nfunction epochTime() {\n return Math.floor(Date.now() / 1000);\n}\nfunction assertAs(as) {\n if (typeof as !== 'object' || as === null) {\n throw CodedTypeError('\"as\" must be an object', ERR_INVALID_ARG_TYPE);\n }\n assertString(as.issuer, '\"as.issuer\"');\n}\nfunction assertClient(client) {\n if (typeof client !== 'object' || client === null) {\n throw CodedTypeError('\"client\" must be an object', ERR_INVALID_ARG_TYPE);\n }\n assertString(client.client_id, '\"client.client_id\"');\n}\nfunction formUrlEncode(token) {\n return encodeURIComponent(token).replace(/(?:[-_.!~*'()]|%20)/g, (substring) => {\n switch (substring) {\n case '-':\n case '_':\n case '.':\n case '!':\n case '~':\n case '*':\n case \"'\":\n case '(':\n case ')':\n return `%${substring.charCodeAt(0).toString(16).toUpperCase()}`;\n case '%20':\n return '+';\n default:\n throw new Error();\n }\n });\n}\nexport function ClientSecretPost(clientSecret) {\n assertString(clientSecret, '\"clientSecret\"');\n return (_as, client, body, _headers) => {\n body.set('client_id', client.client_id);\n body.set('client_secret', clientSecret);\n };\n}\nexport function ClientSecretBasic(clientSecret) {\n assertString(clientSecret, '\"clientSecret\"');\n return (_as, client, _body, headers) => {\n const username = formUrlEncode(client.client_id);\n const password = formUrlEncode(clientSecret);\n const credentials = btoa(`${username}:${password}`);\n headers.set('authorization', `Basic ${credentials}`);\n };\n}\nfunction clientAssertionPayload(as, client) {\n const now = epochTime() + getClockSkew(client);\n return {\n jti: randomBytes(),\n aud: as.issuer,\n exp: now + 60,\n iat: now,\n nbf: now,\n iss: client.client_id,\n sub: client.client_id,\n };\n}\nexport function PrivateKeyJwt(clientPrivateKey, options) {\n const { key, kid } = getKeyAndKid(clientPrivateKey);\n assertPrivateKey(key, '\"clientPrivateKey.key\"');\n return async (as, client, body, _headers) => {\n const header = { alg: keyToJws(key), kid };\n const payload = clientAssertionPayload(as, client);\n options?.[modifyAssertion]?.(header, payload);\n body.set('client_id', client.client_id);\n body.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n body.set('client_assertion', await signJwt(header, payload, key));\n };\n}\nexport function ClientSecretJwt(clientSecret, options) {\n assertString(clientSecret, '\"clientSecret\"');\n const modify = options?.[modifyAssertion];\n let key;\n return async (as, client, body, _headers) => {\n key ||= await crypto.subtle.importKey('raw', buf(clientSecret), { hash: 'SHA-256', name: 'HMAC' }, false, ['sign']);\n const header = { alg: 'HS256' };\n const payload = clientAssertionPayload(as, client);\n modify?.(header, payload);\n const data = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(payload)))}`;\n const hmac = await crypto.subtle.sign(key.algorithm, key, buf(data));\n body.set('client_id', client.client_id);\n body.set('client_assertion_type', 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer');\n body.set('client_assertion', `${data}.${b64u(new Uint8Array(hmac))}`);\n };\n}\nexport function None() {\n return (_as, client, body, _headers) => {\n body.set('client_id', client.client_id);\n };\n}\nexport function TlsClientAuth() {\n return None();\n}\nasync function signJwt(header, payload, key) {\n if (!key.usages.includes('sign')) {\n throw CodedTypeError('CryptoKey instances used for signing assertions must include \"sign\" in their \"usages\"', ERR_INVALID_ARG_VALUE);\n }\n const input = `${b64u(buf(JSON.stringify(header)))}.${b64u(buf(JSON.stringify(payload)))}`;\n const signature = b64u(await crypto.subtle.sign(keyToSubtle(key), key, buf(input)));\n return `${input}.${signature}`;\n}\nexport async function issueRequestObject(as, client, parameters, privateKey, options) {\n assertAs(as);\n assertClient(client);\n parameters = new URLSearchParams(parameters);\n const { key, kid } = getKeyAndKid(privateKey);\n assertPrivateKey(key, '\"privateKey.key\"');\n parameters.set('client_id', client.client_id);\n const now = epochTime() + getClockSkew(client);\n const claims = {\n ...Object.fromEntries(parameters.entries()),\n jti: randomBytes(),\n aud: as.issuer,\n exp: now + 60,\n iat: now,\n nbf: now,\n iss: client.client_id,\n };\n let resource;\n if (parameters.has('resource') &&\n (resource = parameters.getAll('resource')) &&\n resource.length > 1) {\n claims.resource = resource;\n }\n {\n let value = parameters.get('max_age');\n if (value !== null) {\n claims.max_age = parseInt(value, 10);\n assertNumber(claims.max_age, true, '\"max_age\" parameter');\n }\n }\n {\n let value = parameters.get('claims');\n if (value !== null) {\n try {\n claims.claims = JSON.parse(value);\n }\n catch (cause) {\n throw OPE('failed to parse the \"claims\" parameter as JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(claims.claims)) {\n throw CodedTypeError('\"claims\" parameter must be a JSON with a top level object', ERR_INVALID_ARG_VALUE);\n }\n }\n }\n {\n let value = parameters.get('authorization_details');\n if (value !== null) {\n try {\n claims.authorization_details = JSON.parse(value);\n }\n catch (cause) {\n throw OPE('failed to parse the \"authorization_details\" parameter as JSON', PARSE_ERROR, cause);\n }\n if (!Array.isArray(claims.authorization_details)) {\n throw CodedTypeError('\"authorization_details\" parameter must be a JSON with a top level array', ERR_INVALID_ARG_VALUE);\n }\n }\n }\n const header = {\n alg: keyToJws(key),\n typ: 'oauth-authz-req+jwt',\n kid,\n };\n options?.[modifyAssertion]?.(header, claims);\n return signJwt(header, claims, key);\n}\nlet jwkCache;\nasync function getSetPublicJwkCache(key, alg) {\n const { kty, e, n, x, y, crv, pub } = await crypto.subtle.exportKey('jwk', key);\n const jwk = { kty, e, n, x, y, crv, pub };\n if (kty === 'AKP')\n jwk.alg = alg;\n jwkCache.set(key, jwk);\n return jwk;\n}\nasync function publicJwk(key, alg) {\n jwkCache ||= new WeakMap();\n return jwkCache.get(key) || getSetPublicJwkCache(key, alg);\n}\nconst URLParse = URL.parse\n ?\n (url, base) => URL.parse(url, base)\n : (url, base) => {\n try {\n return new URL(url, base);\n }\n catch {\n return null;\n }\n };\nexport function checkProtocol(url, enforceHttps) {\n if (enforceHttps && url.protocol !== 'https:') {\n throw OPE('only requests to HTTPS are allowed', HTTP_REQUEST_FORBIDDEN, url);\n }\n if (url.protocol !== 'https:' && url.protocol !== 'http:') {\n throw OPE('only HTTP and HTTPS requests are allowed', REQUEST_PROTOCOL_FORBIDDEN, url);\n }\n}\nfunction validateEndpoint(value, endpoint, useMtlsAlias, enforceHttps) {\n let url;\n if (typeof value !== 'string' || !(url = URLParse(value))) {\n throw OPE(`authorization server metadata does not contain a valid ${useMtlsAlias ? `\"as.mtls_endpoint_aliases.${endpoint}\"` : `\"as.${endpoint}\"`}`, value === undefined ? MISSING_SERVER_METADATA : INVALID_SERVER_METADATA, { attribute: useMtlsAlias ? `mtls_endpoint_aliases.${endpoint}` : endpoint });\n }\n checkProtocol(url, enforceHttps);\n return url;\n}\nexport function resolveEndpoint(as, endpoint, useMtlsAlias, enforceHttps) {\n if (useMtlsAlias && as.mtls_endpoint_aliases && endpoint in as.mtls_endpoint_aliases) {\n return validateEndpoint(as.mtls_endpoint_aliases[endpoint], endpoint, useMtlsAlias, enforceHttps);\n }\n return validateEndpoint(as[endpoint], endpoint, useMtlsAlias, enforceHttps);\n}\nexport async function pushedAuthorizationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'pushed_authorization_request_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n if (options?.DPoP !== undefined) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, 'POST');\n }\n const response = await authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nclass DPoPHandler {\n #header;\n #privateKey;\n #publicKey;\n #clockSkew;\n #modifyAssertion;\n #map;\n #jkt;\n constructor(client, keyPair, options) {\n assertPrivateKey(keyPair?.privateKey, '\"DPoP.privateKey\"');\n assertPublicKey(keyPair?.publicKey, '\"DPoP.publicKey\"');\n if (!keyPair.publicKey.extractable) {\n throw CodedTypeError('\"DPoP.publicKey.extractable\" must be true', ERR_INVALID_ARG_VALUE);\n }\n this.#modifyAssertion = options?.[modifyAssertion];\n this.#clockSkew = getClockSkew(client);\n this.#privateKey = keyPair.privateKey;\n this.#publicKey = keyPair.publicKey;\n branded.add(this);\n }\n #get(key) {\n this.#map ||= new Map();\n let item = this.#map.get(key);\n if (item) {\n this.#map.delete(key);\n this.#map.set(key, item);\n }\n return item;\n }\n #set(key, val) {\n this.#map ||= new Map();\n this.#map.delete(key);\n if (this.#map.size === 100) {\n this.#map.delete(this.#map.keys().next().value);\n }\n this.#map.set(key, val);\n }\n async calculateThumbprint() {\n if (!this.#jkt) {\n const jwk = await crypto.subtle.exportKey('jwk', this.#publicKey);\n this.#jkt ||= await calculateJwkThumbprint(jwk);\n }\n return this.#jkt;\n }\n async addProof(url, headers, htm, accessToken) {\n const alg = keyToJws(this.#privateKey);\n this.#header ||= {\n alg,\n typ: 'dpop+jwt',\n jwk: await publicJwk(this.#publicKey, alg),\n };\n const nonce = this.#get(url.origin);\n const now = epochTime() + this.#clockSkew;\n const payload = {\n iat: now,\n jti: randomBytes(),\n htm,\n nonce,\n htu: `${url.origin}${url.pathname}`,\n ath: accessToken\n ? b64u(await crypto.subtle.digest('SHA-256', buf(accessToken)))\n : undefined,\n };\n this.#modifyAssertion?.(this.#header, payload);\n headers.set('dpop', await signJwt(this.#header, payload, this.#privateKey));\n }\n cacheNonce(response, url) {\n try {\n const nonce = response.headers.get('dpop-nonce');\n if (nonce) {\n this.#set(url.origin, nonce);\n }\n }\n catch { }\n }\n}\nexport function isDPoPNonceError(err) {\n if (err instanceof WWWAuthenticateChallengeError) {\n const { 0: challenge, length } = err.cause;\n return (length === 1 && challenge.scheme === 'dpop' && challenge.parameters.error === 'use_dpop_nonce');\n }\n if (err instanceof ResponseBodyError) {\n return err.error === 'use_dpop_nonce';\n }\n return false;\n}\nexport function DPoP(client, keyPair, options) {\n return new DPoPHandler(client, keyPair, options);\n}\nexport class ResponseBodyError extends Error {\n cause;\n code;\n error;\n status;\n error_description;\n response;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = RESPONSE_BODY_ERROR;\n this.cause = options.cause;\n this.error = options.cause.error;\n this.status = options.response.status;\n this.error_description = options.cause.error_description;\n Object.defineProperty(this, 'response', { enumerable: false, value: options.response });\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class AuthorizationResponseError extends Error {\n cause;\n code;\n error;\n error_description;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = AUTHORIZATION_RESPONSE_ERROR;\n this.cause = options.cause;\n this.error = options.cause.get('error');\n this.error_description = options.cause.get('error_description') ?? undefined;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class WWWAuthenticateChallengeError extends Error {\n cause;\n code;\n response;\n status;\n constructor(message, options) {\n super(message, options);\n this.name = this.constructor.name;\n this.code = WWW_AUTHENTICATE_CHALLENGE;\n this.cause = options.cause;\n this.status = options.response.status;\n this.response = options.response;\n Object.defineProperty(this, 'response', { enumerable: false });\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nconst tokenMatch = \"[a-zA-Z0-9!#$%&\\\\'\\\\*\\\\+\\\\-\\\\.\\\\^_`\\\\|~]+\";\nconst token68Match = '[a-zA-Z0-9\\\\-\\\\._\\\\~\\\\+\\\\/]+={0,2}';\nconst quotedMatch = '\"((?:[^\"\\\\\\\\]|\\\\\\\\[\\\\s\\\\S])*)\"';\nconst quotedParamMatcher = '(' + tokenMatch + ')\\\\s*=\\\\s*' + quotedMatch;\nconst paramMatcher = '(' + tokenMatch + ')\\\\s*=\\\\s*(' + tokenMatch + ')';\nconst schemeRE = new RegExp('^[,\\\\s]*(' + tokenMatch + ')');\nconst quotedParamRE = new RegExp('^[,\\\\s]*' + quotedParamMatcher + '[,\\\\s]*(.*)');\nconst unquotedParamRE = new RegExp('^[,\\\\s]*' + paramMatcher + '[,\\\\s]*(.*)');\nconst token68ParamRE = new RegExp('^(' + token68Match + ')(?:$|[,\\\\s])(.*)');\nfunction parseWwwAuthenticateChallenges(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n const header = response.headers.get('www-authenticate');\n if (header === null) {\n return undefined;\n }\n const challenges = [];\n let rest = header;\n while (rest) {\n let match = rest.match(schemeRE);\n const scheme = match?.['1'].toLowerCase();\n if (!scheme) {\n return undefined;\n }\n const afterScheme = rest.substring(match[0].length);\n if (afterScheme && !afterScheme.match(/^[\\s,]/)) {\n return undefined;\n }\n const spaceMatch = afterScheme.match(/^\\s+(.*)$/);\n const hasParameters = !!spaceMatch;\n rest = spaceMatch ? spaceMatch[1] : undefined;\n const parameters = {};\n let token68;\n if (hasParameters) {\n while (rest) {\n let key;\n let value;\n if ((match = rest.match(quotedParamRE))) {\n ;\n [, key, value, rest] = match;\n if (value.includes('\\\\')) {\n try {\n value = JSON.parse(`\"${value}\"`);\n }\n catch { }\n }\n parameters[key.toLowerCase()] = value;\n continue;\n }\n if ((match = rest.match(unquotedParamRE))) {\n ;\n [, key, value, rest] = match;\n parameters[key.toLowerCase()] = value;\n continue;\n }\n if ((match = rest.match(token68ParamRE))) {\n if (Object.keys(parameters).length) {\n break;\n }\n ;\n [, token68, rest] = match;\n break;\n }\n return undefined;\n }\n }\n else {\n rest = afterScheme || undefined;\n }\n const challenge = { scheme, parameters };\n if (token68) {\n challenge.token68 = token68;\n }\n challenges.push(challenge);\n }\n if (!challenges.length) {\n return undefined;\n }\n return challenges;\n}\nexport async function processPushedAuthorizationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 201, 'Pushed Authorization Request Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.request_uri, '\"response\" body \"request_uri\" property', INVALID_RESPONSE, {\n body: json,\n });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n return json;\n}\nasync function parseOAuthResponseErrorBody(response) {\n if (response.status > 399 && response.status < 500) {\n assertReadableResponse(response);\n assertApplicationJson(response);\n try {\n const json = await response.clone().json();\n if (isJsonObject(json) && typeof json.error === 'string' && json.error.length) {\n return json;\n }\n }\n catch { }\n }\n return undefined;\n}\nasync function checkOAuthBodyError(response, expected, label) {\n if (response.status !== expected) {\n checkAuthenticationChallenges(response);\n let err;\n if ((err = await parseOAuthResponseErrorBody(response))) {\n await response.body?.cancel();\n throw new ResponseBodyError('server responded with an error in the response body', {\n cause: err,\n response,\n });\n }\n throw OPE(`\"response\" is not a conform ${label} response (unexpected HTTP status code)`, RESPONSE_IS_NOT_CONFORM, response);\n }\n}\nfunction assertDPoP(option) {\n if (!branded.has(option)) {\n throw CodedTypeError('\"options.DPoP\" is not a valid DPoPHandle', ERR_INVALID_ARG_VALUE);\n }\n}\nasync function resourceRequest(accessToken, method, url, headers, body, options) {\n assertString(accessToken, '\"accessToken\"');\n if (!(url instanceof URL)) {\n throw CodedTypeError('\"url\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n checkProtocol(url, options?.[allowInsecureRequests] !== true);\n headers = prepareHeaders(headers);\n if (options?.DPoP) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, method.toUpperCase(), accessToken);\n }\n headers.set('authorization', `${headers.has('dpop') ? 'DPoP' : 'Bearer'} ${accessToken}`);\n const response = await (options?.[customFetch] || fetch)(url.href, {\n duplex: looseInstanceOf(body, ReadableStream) ? 'half' : undefined,\n body,\n headers: Object.fromEntries(headers.entries()),\n method,\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function protectedResourceRequest(accessToken, method, url, headers, body, options) {\n const response = await resourceRequest(accessToken, method, url, headers, body, options);\n checkAuthenticationChallenges(response);\n return response;\n}\nexport async function userInfoRequest(as, client, accessToken, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'userinfo_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n if (client.userinfo_signed_response_alg) {\n headers.set('accept', 'application/jwt');\n }\n else {\n headers.set('accept', 'application/json');\n headers.append('accept', 'application/jwt');\n }\n return resourceRequest(accessToken, 'GET', url, headers, null, {\n ...options,\n [clockSkew]: getClockSkew(client),\n });\n}\nlet jwksMap;\nfunction setJwksCache(as, jwks, uat, cache) {\n jwksMap ||= new WeakMap();\n jwksMap.set(as, {\n jwks,\n uat,\n get age() {\n return epochTime() - this.uat;\n },\n });\n if (cache) {\n Object.assign(cache, { jwks: structuredClone(jwks), uat });\n }\n}\nfunction isFreshJwksCache(input) {\n if (typeof input !== 'object' || input === null) {\n return false;\n }\n if (!('uat' in input) || typeof input.uat !== 'number' || epochTime() - input.uat >= 300) {\n return false;\n }\n if (!('jwks' in input) ||\n !isJsonObject(input.jwks) ||\n !Array.isArray(input.jwks.keys) ||\n !Array.prototype.every.call(input.jwks.keys, isJsonObject)) {\n return false;\n }\n return true;\n}\nfunction clearJwksCache(as, cache) {\n jwksMap?.delete(as);\n delete cache?.jwks;\n delete cache?.uat;\n}\nasync function getPublicSigKeyFromIssuerJwksUri(as, options, header) {\n const { alg, kid } = header;\n checkSupportedJwsAlg(header);\n if (!jwksMap?.has(as) && isFreshJwksCache(options?.[jwksCache])) {\n setJwksCache(as, options?.[jwksCache].jwks, options?.[jwksCache].uat);\n }\n let jwks;\n let age;\n if (jwksMap?.has(as)) {\n ;\n ({ jwks, age } = jwksMap.get(as));\n if (age >= 300) {\n clearJwksCache(as, options?.[jwksCache]);\n return getPublicSigKeyFromIssuerJwksUri(as, options, header);\n }\n }\n else {\n jwks = await jwksRequest(as, options).then(processJwksResponse);\n age = 0;\n setJwksCache(as, jwks, epochTime(), options?.[jwksCache]);\n }\n let kty;\n switch (alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n kty = 'RSA';\n break;\n case 'ES':\n kty = 'EC';\n break;\n case 'Ed':\n kty = 'OKP';\n break;\n case 'ML':\n kty = 'AKP';\n break;\n default:\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg } });\n }\n const candidates = jwks.keys.filter((jwk) => {\n if (jwk.kty !== kty) {\n return false;\n }\n if (kid !== undefined && kid !== jwk.kid) {\n return false;\n }\n if (jwk.alg !== undefined && alg !== jwk.alg) {\n return false;\n }\n if (jwk.use !== undefined && jwk.use !== 'sig') {\n return false;\n }\n if (jwk.key_ops?.includes('verify') === false) {\n return false;\n }\n switch (true) {\n case alg === 'ES256' && jwk.crv !== 'P-256':\n case alg === 'ES384' && jwk.crv !== 'P-384':\n case alg === 'ES512' && jwk.crv !== 'P-521':\n case alg === 'Ed25519' && jwk.crv !== 'Ed25519':\n case alg === 'EdDSA' && jwk.crv !== 'Ed25519':\n return false;\n }\n return true;\n });\n const { 0: jwk, length } = candidates;\n if (!length) {\n if (age >= 60) {\n clearJwksCache(as, options?.[jwksCache]);\n return getPublicSigKeyFromIssuerJwksUri(as, options, header);\n }\n throw OPE('error when selecting a JWT verification key, no applicable keys found', KEY_SELECTION, { header, candidates, jwks_uri: new URL(as.jwks_uri) });\n }\n if (length !== 1) {\n throw OPE('error when selecting a JWT verification key, multiple applicable keys found, a \"kid\" JWT Header Parameter is required', KEY_SELECTION, { header, candidates, jwks_uri: new URL(as.jwks_uri) });\n }\n return importJwk(alg, jwk);\n}\nexport const skipSubjectCheck = Symbol();\nexport function getContentType(input) {\n return input.headers.get('content-type')?.split(';')[0];\n}\nexport async function processUserInfoResponse(as, client, expectedSubject, response, options) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n checkAuthenticationChallenges(response);\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform UserInfo Endpoint response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n let json;\n if (getContentType(response) === 'application/jwt') {\n const { claims, jwt } = await validateJwt(await response.text(), checkSigningAlgorithm.bind(undefined, client.userinfo_signed_response_alg, as.userinfo_signing_alg_values_supported, undefined), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validateOptionalAudience.bind(undefined, client.client_id))\n .then(validateOptionalIssuer.bind(undefined, as));\n jwtRefs.set(response, jwt);\n json = claims;\n }\n else {\n if (client.userinfo_signed_response_alg) {\n throw OPE('JWT UserInfo Response expected', JWT_USERINFO_EXPECTED, response);\n }\n json = await getResponseJsonBody(response);\n }\n assertString(json.sub, '\"response\" body \"sub\" property', INVALID_RESPONSE, { body: json });\n switch (expectedSubject) {\n case skipSubjectCheck:\n break;\n default:\n assertString(expectedSubject, '\"expectedSubject\"');\n if (json.sub !== expectedSubject) {\n throw OPE('unexpected \"response\" body \"sub\" property value', JSON_ATTRIBUTE_COMPARISON, {\n expected: expectedSubject,\n body: json,\n attribute: 'sub',\n });\n }\n }\n return json;\n}\nasync function authenticatedRequest(as, client, clientAuthentication, url, body, headers, options) {\n await clientAuthentication(as, client, body, headers);\n headers.set('content-type', 'application/x-www-form-urlencoded;charset=UTF-8');\n return (options?.[customFetch] || fetch)(url.href, {\n body,\n headers: Object.fromEntries(headers.entries()),\n method: 'POST',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nasync function tokenEndpointRequest(as, client, clientAuthentication, grantType, parameters, options) {\n const url = resolveEndpoint(as, 'token_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n parameters.set('grant_type', grantType);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n if (options?.DPoP !== undefined) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, 'POST');\n }\n const response = await authenticatedRequest(as, client, clientAuthentication, url, parameters, headers, options);\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function refreshTokenGrantRequest(as, client, clientAuthentication, refreshToken, options) {\n assertAs(as);\n assertClient(client);\n assertString(refreshToken, '\"refreshToken\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('refresh_token', refreshToken);\n return tokenEndpointRequest(as, client, clientAuthentication, 'refresh_token', parameters, options);\n}\nconst idTokenClaims = new WeakMap();\nconst jwtRefs = new WeakMap();\nexport function getValidatedIdTokenClaims(ref) {\n if (!ref.id_token) {\n return undefined;\n }\n const claims = idTokenClaims.get(ref);\n if (!claims) {\n throw CodedTypeError('\"ref\" was already garbage collected or did not resolve from the proper sources', ERR_INVALID_ARG_VALUE);\n }\n return claims;\n}\nexport async function validateApplicationLevelSignature(as, ref, options) {\n assertAs(as);\n if (!jwtRefs.has(ref)) {\n throw CodedTypeError('\"ref\" does not contain a processed JWT Response to verify the signature of', ERR_INVALID_ARG_VALUE);\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwtRefs.get(ref).split('.');\n const header = JSON.parse(buf(b64u(protectedHeader)));\n if (header.alg.startsWith('HS')) {\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg: header.alg } });\n }\n let key;\n key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, b64u(encodedSignature));\n}\nasync function processGenericAccessTokenResponse(as, client, response, additionalRequiredIdTokenClaims, decryptFn, recognizedTokenTypes) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Token Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.access_token, '\"response\" body \"access_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.token_type, '\"response\" body \"token_type\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.token_type = json.token_type.toLowerCase();\n if (json.expires_in !== undefined) {\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n }\n if (json.refresh_token !== undefined) {\n assertString(json.refresh_token, '\"response\" body \"refresh_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n if (json.scope !== undefined && typeof json.scope !== 'string') {\n throw OPE('\"response\" body \"scope\" property must be a string', INVALID_RESPONSE, { body: json });\n }\n if (json.id_token !== undefined) {\n assertString(json.id_token, '\"response\" body \"id_token\" property', INVALID_RESPONSE, {\n body: json,\n });\n const requiredClaims = ['aud', 'exp', 'iat', 'iss', 'sub'];\n if (client.require_auth_time === true) {\n requiredClaims.push('auth_time');\n }\n if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n requiredClaims.push('auth_time');\n }\n if (additionalRequiredIdTokenClaims?.length) {\n requiredClaims.push(...additionalRequiredIdTokenClaims);\n }\n const { claims, jwt } = await validateJwt(json.id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), decryptFn)\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n if (Array.isArray(claims.aud) && claims.aud.length !== 1) {\n if (claims.azp === undefined) {\n throw OPE('ID Token \"aud\" (audience) claim includes additional untrusted audiences', JWT_CLAIM_COMPARISON, { claims, claim: 'aud' });\n }\n if (claims.azp !== client.client_id) {\n throw OPE('unexpected ID Token \"azp\" (authorized party) claim value', JWT_CLAIM_COMPARISON, { expected: client.client_id, claims, claim: 'azp' });\n }\n }\n if (claims.auth_time !== undefined) {\n assertNumber(claims.auth_time, true, 'ID Token \"auth_time\" (authentication time)', INVALID_RESPONSE, { claims });\n }\n jwtRefs.set(response, jwt);\n idTokenClaims.set(json, claims);\n }\n if (recognizedTokenTypes?.[json.token_type] !== undefined) {\n recognizedTokenTypes[json.token_type](response, json);\n }\n else if (json.token_type !== 'dpop' && json.token_type !== 'bearer') {\n throw new UnsupportedOperationError('unsupported `token_type` value', { cause: { body: json } });\n }\n return json;\n}\nfunction checkAuthenticationChallenges(response) {\n let challenges;\n if ((challenges = parseWwwAuthenticateChallenges(response))) {\n throw new WWWAuthenticateChallengeError('server responded with a challenge in the WWW-Authenticate HTTP Header', { cause: challenges, response });\n }\n}\nexport async function processRefreshTokenResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nfunction validateOptionalAudience(expected, result) {\n if (result.claims.aud !== undefined) {\n return validateAudience(expected, result);\n }\n return result;\n}\nfunction validateAudience(expected, result) {\n if (Array.isArray(result.claims.aud)) {\n if (!result.claims.aud.includes(expected)) {\n throw OPE('unexpected JWT \"aud\" (audience) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'aud',\n });\n }\n }\n else if (result.claims.aud !== expected) {\n throw OPE('unexpected JWT \"aud\" (audience) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'aud',\n });\n }\n return result;\n}\nfunction validateOptionalIssuer(as, result) {\n if (result.claims.iss !== undefined) {\n return validateIssuer(as, result);\n }\n return result;\n}\nfunction validateIssuer(as, result) {\n const expected = as[_expectedIssuer]?.(result) ?? as.issuer;\n if (result.claims.iss !== expected) {\n throw OPE('unexpected JWT \"iss\" (issuer) claim value', JWT_CLAIM_COMPARISON, {\n expected,\n claims: result.claims,\n claim: 'iss',\n });\n }\n return result;\n}\nconst branded = new WeakSet();\nfunction brand(searchParams) {\n branded.add(searchParams);\n return searchParams;\n}\nexport const nopkce = Symbol();\nexport async function authorizationCodeGrantRequest(as, client, clientAuthentication, callbackParameters, redirectUri, codeVerifier, options) {\n assertAs(as);\n assertClient(client);\n if (!branded.has(callbackParameters)) {\n throw CodedTypeError('\"callbackParameters\" must be an instance of URLSearchParams obtained from \"validateAuthResponse()\", or \"validateJwtAuthResponse()', ERR_INVALID_ARG_VALUE);\n }\n assertString(redirectUri, '\"redirectUri\"');\n const code = getURLSearchParameter(callbackParameters, 'code');\n if (!code) {\n throw OPE('no authorization code in \"callbackParameters\"', INVALID_RESPONSE);\n }\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('redirect_uri', redirectUri);\n parameters.set('code', code);\n if (codeVerifier !== nopkce) {\n assertString(codeVerifier, '\"codeVerifier\"');\n parameters.set('code_verifier', codeVerifier);\n }\n return tokenEndpointRequest(as, client, clientAuthentication, 'authorization_code', parameters, options);\n}\nconst jwtClaimNames = {\n aud: 'audience',\n c_hash: 'code hash',\n client_id: 'client id',\n exp: 'expiration time',\n iat: 'issued at',\n iss: 'issuer',\n jti: 'jwt id',\n nonce: 'nonce',\n s_hash: 'state hash',\n sub: 'subject',\n ath: 'access token hash',\n htm: 'http method',\n htu: 'http uri',\n cnf: 'confirmation',\n auth_time: 'authentication time',\n};\nfunction validatePresence(required, result) {\n for (const claim of required) {\n if (result.claims[claim] === undefined) {\n throw OPE(`JWT \"${claim}\" (${jwtClaimNames[claim]}) claim missing`, INVALID_RESPONSE, {\n claims: result.claims,\n });\n }\n }\n return result;\n}\nexport const expectNoNonce = Symbol();\nexport const skipAuthTimeCheck = Symbol();\nexport async function processAuthorizationCodeResponse(as, client, response, options) {\n if (typeof options?.expectedNonce === 'string' ||\n typeof options?.maxAge === 'number' ||\n options?.requireIdToken) {\n return processAuthorizationCodeOpenIDResponse(as, client, response, options.expectedNonce, options.maxAge, options[jweDecrypt], options.recognizedTokenTypes);\n }\n return processAuthorizationCodeOAuth2Response(as, client, response, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nasync function processAuthorizationCodeOpenIDResponse(as, client, response, expectedNonce, maxAge, decryptFn, recognizedTokenTypes) {\n const additionalRequiredClaims = [];\n switch (expectedNonce) {\n case undefined:\n expectedNonce = expectNoNonce;\n break;\n case expectNoNonce:\n break;\n default:\n assertString(expectedNonce, '\"expectedNonce\" argument');\n additionalRequiredClaims.push('nonce');\n }\n maxAge ??= client.default_max_age;\n switch (maxAge) {\n case undefined:\n maxAge = skipAuthTimeCheck;\n break;\n case skipAuthTimeCheck:\n break;\n default:\n assertNumber(maxAge, true, '\"maxAge\" argument');\n additionalRequiredClaims.push('auth_time');\n }\n const result = await processGenericAccessTokenResponse(as, client, response, additionalRequiredClaims, decryptFn, recognizedTokenTypes);\n assertString(result.id_token, '\"response\" body \"id_token\" property', INVALID_RESPONSE, {\n body: result,\n });\n const claims = getValidatedIdTokenClaims(result);\n if (maxAge !== skipAuthTimeCheck) {\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + maxAge < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n if (expectedNonce === expectNoNonce) {\n if (claims.nonce !== undefined) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: undefined,\n claims,\n claim: 'nonce',\n });\n }\n }\n else if (claims.nonce !== expectedNonce) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: expectedNonce,\n claims,\n claim: 'nonce',\n });\n }\n return result;\n}\nasync function processAuthorizationCodeOAuth2Response(as, client, response, decryptFn, recognizedTokenTypes) {\n const result = await processGenericAccessTokenResponse(as, client, response, undefined, decryptFn, recognizedTokenTypes);\n const claims = getValidatedIdTokenClaims(result);\n if (claims) {\n if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + client.default_max_age < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n if (claims.nonce !== undefined) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: undefined,\n claims,\n claim: 'nonce',\n });\n }\n }\n return result;\n}\nexport const WWW_AUTHENTICATE_CHALLENGE = 'OAUTH_WWW_AUTHENTICATE_CHALLENGE';\nexport const RESPONSE_BODY_ERROR = 'OAUTH_RESPONSE_BODY_ERROR';\nexport const UNSUPPORTED_OPERATION = 'OAUTH_UNSUPPORTED_OPERATION';\nexport const AUTHORIZATION_RESPONSE_ERROR = 'OAUTH_AUTHORIZATION_RESPONSE_ERROR';\nexport const JWT_USERINFO_EXPECTED = 'OAUTH_JWT_USERINFO_EXPECTED';\nexport const PARSE_ERROR = 'OAUTH_PARSE_ERROR';\nexport const INVALID_RESPONSE = 'OAUTH_INVALID_RESPONSE';\nexport const INVALID_REQUEST = 'OAUTH_INVALID_REQUEST';\nexport const RESPONSE_IS_NOT_JSON = 'OAUTH_RESPONSE_IS_NOT_JSON';\nexport const RESPONSE_IS_NOT_CONFORM = 'OAUTH_RESPONSE_IS_NOT_CONFORM';\nexport const HTTP_REQUEST_FORBIDDEN = 'OAUTH_HTTP_REQUEST_FORBIDDEN';\nexport const REQUEST_PROTOCOL_FORBIDDEN = 'OAUTH_REQUEST_PROTOCOL_FORBIDDEN';\nexport const JWT_TIMESTAMP_CHECK = 'OAUTH_JWT_TIMESTAMP_CHECK_FAILED';\nexport const JWT_CLAIM_COMPARISON = 'OAUTH_JWT_CLAIM_COMPARISON_FAILED';\nexport const JSON_ATTRIBUTE_COMPARISON = 'OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED';\nexport const KEY_SELECTION = 'OAUTH_KEY_SELECTION_FAILED';\nexport const MISSING_SERVER_METADATA = 'OAUTH_MISSING_SERVER_METADATA';\nexport const INVALID_SERVER_METADATA = 'OAUTH_INVALID_SERVER_METADATA';\nfunction checkJwtType(expected, result) {\n if (typeof result.header.typ !== 'string' || normalizeTyp(result.header.typ) !== expected) {\n throw OPE('unexpected JWT \"typ\" header parameter value', INVALID_RESPONSE, {\n header: result.header,\n });\n }\n return result;\n}\nexport async function clientCredentialsGrantRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n return tokenEndpointRequest(as, client, clientAuthentication, 'client_credentials', new URLSearchParams(parameters), options);\n}\nexport async function genericTokenEndpointRequest(as, client, clientAuthentication, grantType, parameters, options) {\n assertAs(as);\n assertClient(client);\n assertString(grantType, '\"grantType\"');\n return tokenEndpointRequest(as, client, clientAuthentication, grantType, new URLSearchParams(parameters), options);\n}\nexport async function processGenericTokenEndpointResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function processClientCredentialsResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function revocationRequest(as, client, clientAuthentication, token, options) {\n assertAs(as);\n assertClient(client);\n assertString(token, '\"token\"');\n const url = resolveEndpoint(as, 'revocation_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(options?.additionalParameters);\n body.set('token', token);\n const headers = prepareHeaders(options?.headers);\n headers.delete('accept');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processRevocationResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Revocation Endpoint');\n return undefined;\n}\nfunction assertReadableResponse(response) {\n if (response.bodyUsed) {\n throw CodedTypeError('\"response\" body has been used already', ERR_INVALID_ARG_VALUE);\n }\n}\nexport async function introspectionRequest(as, client, clientAuthentication, token, options) {\n assertAs(as);\n assertClient(client);\n assertString(token, '\"token\"');\n const url = resolveEndpoint(as, 'introspection_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(options?.additionalParameters);\n body.set('token', token);\n const headers = prepareHeaders(options?.headers);\n if (options?.requestJwtResponse ?? client.introspection_signed_response_alg) {\n headers.set('accept', 'application/token-introspection+jwt');\n }\n else {\n headers.set('accept', 'application/json');\n }\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processIntrospectionResponse(as, client, response, options) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Introspection Endpoint');\n let json;\n if (getContentType(response) === 'application/token-introspection+jwt') {\n assertReadableResponse(response);\n const { claims, jwt } = await validateJwt(await response.text(), checkSigningAlgorithm.bind(undefined, client.introspection_signed_response_alg, as.introspection_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(checkJwtType.bind(undefined, 'token-introspection+jwt'))\n .then(validatePresence.bind(undefined, ['aud', 'iat', 'iss']))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n jwtRefs.set(response, jwt);\n if (!isJsonObject(claims.token_introspection)) {\n throw OPE('JWT \"token_introspection\" claim must be a JSON object', INVALID_RESPONSE, {\n claims,\n });\n }\n json = claims.token_introspection;\n }\n else {\n assertReadableResponse(response);\n json = await getResponseJsonBody(response);\n }\n if (typeof json.active !== 'boolean') {\n throw OPE('\"response\" body \"active\" property must be a boolean', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nasync function jwksRequest(as, options) {\n assertAs(as);\n const url = resolveEndpoint(as, 'jwks_uri', false, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n headers.append('accept', 'application/jwk-set+json');\n return (options?.[customFetch] || fetch)(url.href, {\n body: undefined,\n headers: Object.fromEntries(headers.entries()),\n method: 'GET',\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n}\nasync function processJwksResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform JSON Web Key Set response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response, (response) => assertContentTypes(response, 'application/json', 'application/jwk-set+json'));\n if (!Array.isArray(json.keys)) {\n throw OPE('\"response\" body \"keys\" property must be an array', INVALID_RESPONSE, { body: json });\n }\n if (!Array.prototype.every.call(json.keys, isJsonObject)) {\n throw OPE('\"response\" body \"keys\" property members must be JWK formatted objects', INVALID_RESPONSE, { body: json });\n }\n return json;\n}\nfunction supported(alg) {\n switch (alg) {\n case 'PS256':\n case 'ES256':\n case 'RS256':\n case 'PS384':\n case 'ES384':\n case 'RS384':\n case 'PS512':\n case 'ES512':\n case 'RS512':\n case 'Ed25519':\n case 'EdDSA':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return true;\n default:\n return false;\n }\n}\nfunction checkSupportedJwsAlg(header) {\n if (!supported(header.alg)) {\n throw new UnsupportedOperationError('unsupported JWS \"alg\" identifier', {\n cause: { alg: header.alg },\n });\n }\n}\nfunction checkRsaKeyAlgorithm(key) {\n const { algorithm } = key;\n if (typeof algorithm.modulusLength !== 'number' || algorithm.modulusLength < 2048) {\n throw new UnsupportedOperationError(`unsupported ${algorithm.name} modulusLength`, {\n cause: key,\n });\n }\n}\nfunction ecdsaHashName(key) {\n const { algorithm } = key;\n switch (algorithm.namedCurve) {\n case 'P-256':\n return 'SHA-256';\n case 'P-384':\n return 'SHA-384';\n case 'P-521':\n return 'SHA-512';\n default:\n throw new UnsupportedOperationError('unsupported ECDSA namedCurve', { cause: key });\n }\n}\nfunction keyToSubtle(key) {\n switch (key.algorithm.name) {\n case 'ECDSA':\n return {\n name: key.algorithm.name,\n hash: ecdsaHashName(key),\n };\n case 'RSA-PSS': {\n checkRsaKeyAlgorithm(key);\n switch (key.algorithm.hash.name) {\n case 'SHA-256':\n case 'SHA-384':\n case 'SHA-512':\n return {\n name: key.algorithm.name,\n saltLength: parseInt(key.algorithm.hash.name.slice(-3), 10) >> 3,\n };\n default:\n throw new UnsupportedOperationError('unsupported RSA-PSS hash name', { cause: key });\n }\n }\n case 'RSASSA-PKCS1-v1_5':\n checkRsaKeyAlgorithm(key);\n return key.algorithm.name;\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n case 'Ed25519':\n return key.algorithm.name;\n }\n throw new UnsupportedOperationError('unsupported CryptoKey algorithm name', { cause: key });\n}\nasync function validateJwsSignature(protectedHeader, payload, key, signature) {\n const data = buf(`${protectedHeader}.${payload}`);\n const algorithm = keyToSubtle(key);\n const verified = await crypto.subtle.verify(algorithm, key, signature, data);\n if (!verified) {\n throw OPE('JWT signature verification failed', INVALID_RESPONSE, {\n key,\n data,\n signature,\n algorithm,\n });\n }\n}\nasync function validateJwt(jws, checkAlg, clockSkew, clockTolerance, decryptJwt) {\n let { 0: protectedHeader, 1: payload, length } = jws.split('.');\n if (length === 5) {\n if (decryptJwt !== undefined) {\n jws = await decryptJwt(jws);\n ({ 0: protectedHeader, 1: payload, length } = jws.split('.'));\n }\n else {\n throw new UnsupportedOperationError('JWE decryption is not configured', { cause: jws });\n }\n }\n if (length !== 3) {\n throw OPE('Invalid JWT', INVALID_RESPONSE, jws);\n }\n let header;\n try {\n header = JSON.parse(buf(b64u(protectedHeader)));\n }\n catch (cause) {\n throw OPE('failed to parse JWT Header body as base64url encoded JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(header)) {\n throw OPE('JWT Header must be a top level object', INVALID_RESPONSE, jws);\n }\n checkAlg(header);\n if (header.crit !== undefined) {\n throw new UnsupportedOperationError('no JWT \"crit\" header parameter extensions are supported', {\n cause: { header },\n });\n }\n let claims;\n try {\n claims = JSON.parse(buf(b64u(payload)));\n }\n catch (cause) {\n throw OPE('failed to parse JWT Payload body as base64url encoded JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(claims)) {\n throw OPE('JWT Payload must be a top level object', INVALID_RESPONSE, jws);\n }\n const now = epochTime() + clockSkew;\n if (claims.exp !== undefined) {\n if (typeof claims.exp !== 'number') {\n throw OPE('unexpected JWT \"exp\" (expiration time) claim type', INVALID_RESPONSE, { claims });\n }\n if (claims.exp <= now - clockTolerance) {\n throw OPE('unexpected JWT \"exp\" (expiration time) claim value, expiration is past current timestamp', JWT_TIMESTAMP_CHECK, { claims, now, tolerance: clockTolerance, claim: 'exp' });\n }\n }\n if (claims.iat !== undefined) {\n if (typeof claims.iat !== 'number') {\n throw OPE('unexpected JWT \"iat\" (issued at) claim type', INVALID_RESPONSE, { claims });\n }\n }\n if (claims.iss !== undefined) {\n if (typeof claims.iss !== 'string') {\n throw OPE('unexpected JWT \"iss\" (issuer) claim type', INVALID_RESPONSE, { claims });\n }\n }\n if (claims.nbf !== undefined) {\n if (typeof claims.nbf !== 'number') {\n throw OPE('unexpected JWT \"nbf\" (not before) claim type', INVALID_RESPONSE, { claims });\n }\n if (claims.nbf > now + clockTolerance) {\n throw OPE('unexpected JWT \"nbf\" (not before) claim value', JWT_TIMESTAMP_CHECK, {\n claims,\n now,\n tolerance: clockTolerance,\n claim: 'nbf',\n });\n }\n }\n if (claims.aud !== undefined) {\n if (typeof claims.aud !== 'string' && !Array.isArray(claims.aud)) {\n throw OPE('unexpected JWT \"aud\" (audience) claim type', INVALID_RESPONSE, { claims });\n }\n }\n return { header, claims, jwt: jws };\n}\nexport async function validateJwtAuthResponse(as, client, parameters, expectedState, options) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n parameters = parameters.searchParams;\n }\n if (!(parameters instanceof URLSearchParams)) {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, or URL', ERR_INVALID_ARG_TYPE);\n }\n const response = getURLSearchParameter(parameters, 'response');\n if (!response) {\n throw OPE('\"parameters\" does not contain a JARM response', INVALID_RESPONSE);\n }\n const { claims, header, jwt } = await validateJwt(response, checkSigningAlgorithm.bind(undefined, client.authorization_signed_response_alg, as.authorization_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validatePresence.bind(undefined, ['aud', 'exp', 'iss']))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwt.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n const result = new URLSearchParams();\n for (const [key, value] of Object.entries(claims)) {\n if (typeof value === 'string' && key !== 'aud') {\n result.set(key, value);\n }\n }\n return validateAuthResponse(as, client, result, expectedState);\n}\nasync function idTokenHash(data, header, claimName) {\n let algorithm;\n switch (header.alg) {\n case 'RS256':\n case 'PS256':\n case 'ES256':\n algorithm = 'SHA-256';\n break;\n case 'RS384':\n case 'PS384':\n case 'ES384':\n algorithm = 'SHA-384';\n break;\n case 'RS512':\n case 'PS512':\n case 'ES512':\n case 'Ed25519':\n case 'EdDSA':\n algorithm = 'SHA-512';\n break;\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n algorithm = { name: 'cSHAKE256', length: 512, outputLength: 512 };\n break;\n default:\n throw new UnsupportedOperationError(`unsupported JWS algorithm for ${claimName} calculation`, { cause: { alg: header.alg } });\n }\n const digest = await crypto.subtle.digest(algorithm, buf(data));\n return b64u(digest.slice(0, digest.byteLength / 2));\n}\nasync function idTokenHashMatches(data, actual, header, claimName) {\n const expected = await idTokenHash(data, header, claimName);\n return actual === expected;\n}\nexport async function validateDetachedSignatureResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options) {\n return validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, true);\n}\nexport async function validateCodeIdTokenResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options) {\n return validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, false);\n}\nasync function consumeStream(request) {\n if (request.bodyUsed) {\n throw CodedTypeError('form_post Request instances must contain a readable body', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n return request.text();\n}\nexport async function formPostResponse(request) {\n if (request.method !== 'POST') {\n throw CodedTypeError('form_post responses are expected to use the POST method', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n if (getContentType(request) !== 'application/x-www-form-urlencoded') {\n throw CodedTypeError('form_post responses are expected to use the application/x-www-form-urlencoded content-type', ERR_INVALID_ARG_VALUE, { cause: request });\n }\n return consumeStream(request);\n}\nasync function validateHybridResponse(as, client, parameters, expectedNonce, expectedState, maxAge, options, fapi) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n if (!parameters.hash.length) {\n throw CodedTypeError('\"parameters\" as an instance of URL must contain a hash (fragment) with the Authorization Response parameters', ERR_INVALID_ARG_VALUE);\n }\n parameters = new URLSearchParams(parameters.hash.slice(1));\n }\n else if (looseInstanceOf(parameters, Request)) {\n parameters = new URLSearchParams(await formPostResponse(parameters));\n }\n else if (parameters instanceof URLSearchParams) {\n parameters = new URLSearchParams(parameters);\n }\n else {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, URL, or Response', ERR_INVALID_ARG_TYPE);\n }\n const id_token = getURLSearchParameter(parameters, 'id_token');\n parameters.delete('id_token');\n switch (expectedState) {\n case undefined:\n case expectNoState:\n break;\n default:\n assertString(expectedState, '\"expectedState\" argument');\n }\n const result = validateAuthResponse({\n ...as,\n authorization_response_iss_parameter_supported: false,\n }, client, parameters, expectedState);\n if (!id_token) {\n throw OPE('\"parameters\" does not contain an ID Token', INVALID_RESPONSE);\n }\n const code = getURLSearchParameter(parameters, 'code');\n if (!code) {\n throw OPE('\"parameters\" does not contain an Authorization Code', INVALID_RESPONSE);\n }\n const requiredClaims = [\n 'aud',\n 'exp',\n 'iat',\n 'iss',\n 'sub',\n 'nonce',\n 'c_hash',\n ];\n const state = parameters.get('state');\n if (fapi && (typeof expectedState === 'string' || state !== null)) {\n requiredClaims.push('s_hash');\n }\n if (maxAge !== undefined) {\n assertNumber(maxAge, true, '\"maxAge\" argument');\n }\n else if (client.default_max_age !== undefined) {\n assertNumber(client.default_max_age, true, '\"client.default_max_age\"');\n }\n maxAge ??= client.default_max_age ?? skipAuthTimeCheck;\n if (client.require_auth_time || maxAge !== skipAuthTimeCheck) {\n requiredClaims.push('auth_time');\n }\n const { claims, header, jwt } = await validateJwt(id_token, checkSigningAlgorithm.bind(undefined, client.id_token_signed_response_alg, as.id_token_signing_alg_values_supported, 'RS256'), getClockSkew(client), getClockTolerance(client), options?.[jweDecrypt])\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, client.client_id));\n const clockSkew = getClockSkew(client);\n const now = epochTime() + clockSkew;\n if (claims.iat < now - 3600) {\n throw OPE('unexpected JWT \"iat\" (issued at) claim value, it is too far in the past', JWT_TIMESTAMP_CHECK, { now, claims, claim: 'iat' });\n }\n assertString(claims.c_hash, 'ID Token \"c_hash\" (code hash) claim value', INVALID_RESPONSE, {\n claims,\n });\n if (claims.auth_time !== undefined) {\n assertNumber(claims.auth_time, true, 'ID Token \"auth_time\" (authentication time)', INVALID_RESPONSE, { claims });\n }\n if (maxAge !== skipAuthTimeCheck) {\n const now = epochTime() + getClockSkew(client);\n const tolerance = getClockTolerance(client);\n if (claims.auth_time + maxAge < now - tolerance) {\n throw OPE('too much time has elapsed since the last End-User authentication', JWT_TIMESTAMP_CHECK, { claims, now, tolerance, claim: 'auth_time' });\n }\n }\n assertString(expectedNonce, '\"expectedNonce\" argument');\n if (claims.nonce !== expectedNonce) {\n throw OPE('unexpected ID Token \"nonce\" claim value', JWT_CLAIM_COMPARISON, {\n expected: expectedNonce,\n claims,\n claim: 'nonce',\n });\n }\n if (Array.isArray(claims.aud) && claims.aud.length !== 1) {\n if (claims.azp === undefined) {\n throw OPE('ID Token \"aud\" (audience) claim includes additional untrusted audiences', JWT_CLAIM_COMPARISON, { claims, claim: 'aud' });\n }\n if (claims.azp !== client.client_id) {\n throw OPE('unexpected ID Token \"azp\" (authorized party) claim value', JWT_CLAIM_COMPARISON, {\n expected: client.client_id,\n claims,\n claim: 'azp',\n });\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = jwt.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n if ((await idTokenHashMatches(code, claims.c_hash, header, 'c_hash')) !== true) {\n throw OPE('invalid ID Token \"c_hash\" (code hash) claim value', JWT_CLAIM_COMPARISON, {\n code,\n alg: header.alg,\n claim: 'c_hash',\n claims,\n });\n }\n if ((fapi && state !== null) || claims.s_hash !== undefined) {\n assertString(claims.s_hash, 'ID Token \"s_hash\" (state hash) claim value', INVALID_RESPONSE, {\n claims,\n });\n assertString(state, '\"state\" response parameter', INVALID_RESPONSE, { parameters });\n if ((await idTokenHashMatches(state, claims.s_hash, header, 's_hash')) !== true) {\n throw OPE('invalid ID Token \"s_hash\" (state hash) claim value', JWT_CLAIM_COMPARISON, {\n state,\n alg: header.alg,\n claim: 's_hash',\n claims,\n });\n }\n }\n return result;\n}\nfunction checkSigningAlgorithm(client, issuer, fallback, header) {\n if (client !== undefined) {\n if (typeof client === 'string' ? header.alg !== client : !client.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: client,\n reason: 'client configuration',\n });\n }\n return;\n }\n if (Array.isArray(issuer)) {\n if (!issuer.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: issuer,\n reason: 'authorization server metadata',\n });\n }\n return;\n }\n if (fallback !== undefined) {\n if (typeof fallback === 'string'\n ? header.alg !== fallback\n : typeof fallback === 'function'\n ? !fallback(header.alg)\n : !fallback.includes(header.alg)) {\n throw OPE('unexpected JWT \"alg\" header parameter', INVALID_RESPONSE, {\n header,\n expected: fallback,\n reason: 'default value',\n });\n }\n return;\n }\n throw OPE('missing client or server configuration to verify used JWT \"alg\" header parameter', undefined, { client, issuer, fallback });\n}\nfunction getURLSearchParameter(parameters, name) {\n const { 0: value, length } = parameters.getAll(name);\n if (length > 1) {\n throw OPE(`\"${name}\" parameter must be provided only once`, INVALID_RESPONSE);\n }\n return value;\n}\nexport const skipStateCheck = Symbol();\nexport const expectNoState = Symbol();\nexport function validateAuthResponse(as, client, parameters, expectedState) {\n assertAs(as);\n assertClient(client);\n if (parameters instanceof URL) {\n parameters = parameters.searchParams;\n }\n if (!(parameters instanceof URLSearchParams)) {\n throw CodedTypeError('\"parameters\" must be an instance of URLSearchParams, or URL', ERR_INVALID_ARG_TYPE);\n }\n if (getURLSearchParameter(parameters, 'response')) {\n throw OPE('\"parameters\" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()', INVALID_RESPONSE, { parameters });\n }\n const iss = getURLSearchParameter(parameters, 'iss');\n const state = getURLSearchParameter(parameters, 'state');\n if (!iss && as.authorization_response_iss_parameter_supported) {\n throw OPE('response parameter \"iss\" (issuer) missing', INVALID_RESPONSE, { parameters });\n }\n if (iss && iss !== as.issuer) {\n throw OPE('unexpected \"iss\" (issuer) response parameter value', INVALID_RESPONSE, {\n expected: as.issuer,\n parameters,\n });\n }\n switch (expectedState) {\n case undefined:\n case expectNoState:\n if (state !== undefined) {\n throw OPE('unexpected \"state\" response parameter encountered', INVALID_RESPONSE, {\n expected: undefined,\n parameters,\n });\n }\n break;\n case skipStateCheck:\n break;\n default:\n assertString(expectedState, '\"expectedState\" argument');\n if (state !== expectedState) {\n throw OPE(state === undefined\n ? 'response parameter \"state\" missing'\n : 'unexpected \"state\" response parameter value', INVALID_RESPONSE, { expected: expectedState, parameters });\n }\n }\n const error = getURLSearchParameter(parameters, 'error');\n if (error) {\n throw new AuthorizationResponseError('authorization response from the server is an error', {\n cause: parameters,\n });\n }\n const id_token = getURLSearchParameter(parameters, 'id_token');\n const token = getURLSearchParameter(parameters, 'token');\n if (id_token !== undefined || token !== undefined) {\n throw new UnsupportedOperationError('implicit and hybrid flows are not supported');\n }\n return brand(new URLSearchParams(parameters));\n}\nfunction algToSubtle(alg) {\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n case 'ES256':\n case 'ES384':\n return { name: 'ECDSA', namedCurve: `P-${alg.slice(-3)}` };\n case 'ES512':\n return { name: 'ECDSA', namedCurve: 'P-521' };\n case 'EdDSA':\n return 'Ed25519';\n case 'Ed25519':\n case 'ML-DSA-44':\n case 'ML-DSA-65':\n case 'ML-DSA-87':\n return alg;\n default:\n throw new UnsupportedOperationError('unsupported JWS algorithm', { cause: { alg } });\n }\n}\nasync function importJwk(alg, jwk) {\n const { ext, key_ops, use, ...key } = jwk;\n return crypto.subtle.importKey('jwk', key, algToSubtle(alg), true, ['verify']);\n}\nexport async function deviceAuthorizationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'device_authorization_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processDeviceAuthorizationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Device Authorization Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.device_code, '\"response\" body \"device_code\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.user_code, '\"response\" body \"user_code\" property', INVALID_RESPONSE, {\n body: json,\n });\n assertString(json.verification_uri, '\"response\" body \"verification_uri\" property', INVALID_RESPONSE, { body: json });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n if (json.verification_uri_complete !== undefined) {\n assertString(json.verification_uri_complete, '\"response\" body \"verification_uri_complete\" property', INVALID_RESPONSE, { body: json });\n }\n if (json.interval !== undefined) {\n assertNumber(json.interval, false, '\"response\" body \"interval\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function deviceCodeGrantRequest(as, client, clientAuthentication, deviceCode, options) {\n assertAs(as);\n assertClient(client);\n assertString(deviceCode, '\"deviceCode\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('device_code', deviceCode);\n return tokenEndpointRequest(as, client, clientAuthentication, 'urn:ietf:params:oauth:grant-type:device_code', parameters, options);\n}\nexport async function processDeviceCodeResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function generateKeyPair(alg, options) {\n assertString(alg, '\"alg\"');\n const algorithm = algToSubtle(alg);\n if (alg.startsWith('PS') || alg.startsWith('RS')) {\n Object.assign(algorithm, {\n modulusLength: options?.modulusLength ?? 2048,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n });\n }\n return crypto.subtle.generateKey(algorithm, options?.extractable ?? false, [\n 'sign',\n 'verify',\n ]);\n}\nfunction normalizeHtu(htu) {\n const url = new URL(htu);\n url.search = '';\n url.hash = '';\n return url.href;\n}\nasync function validateDPoP(request, accessToken, accessTokenClaims, options) {\n const headerValue = request.headers.get('dpop');\n if (headerValue === null) {\n throw OPE('operation indicated DPoP use but the request has no DPoP HTTP Header', INVALID_REQUEST, { headers: request.headers });\n }\n if (request.headers.get('authorization')?.toLowerCase().startsWith('dpop ') === false) {\n throw OPE(`operation indicated DPoP use but the request's Authorization HTTP Header scheme is not DPoP`, INVALID_REQUEST, { headers: request.headers });\n }\n if (typeof accessTokenClaims.cnf?.jkt !== 'string') {\n throw OPE('operation indicated DPoP use but the JWT Access Token has no jkt confirmation claim', INVALID_REQUEST, { claims: accessTokenClaims });\n }\n const clockSkew = getClockSkew(options);\n const proof = await validateJwt(headerValue, checkSigningAlgorithm.bind(undefined, options?.signingAlgorithms, undefined, supported), clockSkew, getClockTolerance(options), undefined)\n .then(checkJwtType.bind(undefined, 'dpop+jwt'))\n .then(validatePresence.bind(undefined, ['iat', 'jti', 'ath', 'htm', 'htu']));\n const now = epochTime() + clockSkew;\n const diff = Math.abs(now - proof.claims.iat);\n if (diff > 300) {\n throw OPE('DPoP Proof iat is not recent enough', JWT_TIMESTAMP_CHECK, {\n now,\n claims: proof.claims,\n claim: 'iat',\n });\n }\n if (proof.claims.htm !== request.method) {\n throw OPE('DPoP Proof htm mismatch', JWT_CLAIM_COMPARISON, {\n expected: request.method,\n claims: proof.claims,\n claim: 'htm',\n });\n }\n if (typeof proof.claims.htu !== 'string' ||\n normalizeHtu(proof.claims.htu) !== normalizeHtu(request.url)) {\n throw OPE('DPoP Proof htu mismatch', JWT_CLAIM_COMPARISON, {\n expected: normalizeHtu(request.url),\n claims: proof.claims,\n claim: 'htu',\n });\n }\n {\n const expected = b64u(await crypto.subtle.digest('SHA-256', buf(accessToken)));\n if (proof.claims.ath !== expected) {\n throw OPE('DPoP Proof ath mismatch', JWT_CLAIM_COMPARISON, {\n expected,\n claims: proof.claims,\n claim: 'ath',\n });\n }\n }\n {\n const expected = await calculateJwkThumbprint(proof.header.jwk);\n if (accessTokenClaims.cnf.jkt !== expected) {\n throw OPE('JWT Access Token confirmation mismatch', JWT_CLAIM_COMPARISON, {\n expected,\n claims: accessTokenClaims,\n claim: 'cnf.jkt',\n });\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = headerValue.split('.');\n const signature = b64u(encodedSignature);\n const { jwk, alg } = proof.header;\n if (!jwk) {\n throw OPE('DPoP Proof is missing the jwk header parameter', INVALID_REQUEST, {\n header: proof.header,\n });\n }\n const key = await importJwk(alg, jwk);\n if (key.type !== 'public') {\n throw OPE('DPoP Proof jwk header parameter must contain a public key', INVALID_REQUEST, {\n header: proof.header,\n });\n }\n await validateJwsSignature(protectedHeader, payload, key, signature);\n}\nexport async function validateJwtAccessToken(as, request, expectedAudience, options) {\n assertAs(as);\n if (!looseInstanceOf(request, Request)) {\n throw CodedTypeError('\"request\" must be an instance of Request', ERR_INVALID_ARG_TYPE);\n }\n assertString(expectedAudience, '\"expectedAudience\"');\n const authorization = request.headers.get('authorization');\n if (authorization === null) {\n throw OPE('\"request\" is missing an Authorization HTTP Header', INVALID_REQUEST, {\n headers: request.headers,\n });\n }\n let { 0: scheme, 1: accessToken, length } = authorization.split(' ');\n scheme = scheme.toLowerCase();\n switch (scheme) {\n case 'dpop':\n case 'bearer':\n break;\n default:\n throw new UnsupportedOperationError('unsupported Authorization HTTP Header scheme', {\n cause: { headers: request.headers },\n });\n }\n if (length !== 2) {\n throw OPE('invalid Authorization HTTP Header format', INVALID_REQUEST, {\n headers: request.headers,\n });\n }\n const requiredClaims = [\n 'iss',\n 'exp',\n 'aud',\n 'sub',\n 'iat',\n 'jti',\n 'client_id',\n ];\n if (options?.requireDPoP || scheme === 'dpop' || request.headers.has('dpop')) {\n requiredClaims.push('cnf');\n }\n const { claims, header } = await validateJwt(accessToken, checkSigningAlgorithm.bind(undefined, options?.signingAlgorithms, undefined, supported), getClockSkew(options), getClockTolerance(options), undefined)\n .then(checkJwtType.bind(undefined, 'at+jwt'))\n .then(validatePresence.bind(undefined, requiredClaims))\n .then(validateIssuer.bind(undefined, as))\n .then(validateAudience.bind(undefined, expectedAudience))\n .catch(reassignRSCode);\n for (const claim of ['client_id', 'jti', 'sub']) {\n if (typeof claims[claim] !== 'string') {\n throw OPE(`unexpected JWT \"${claim}\" claim type`, INVALID_REQUEST, { claims });\n }\n }\n if ('cnf' in claims) {\n if (!isJsonObject(claims.cnf)) {\n throw OPE('unexpected JWT \"cnf\" (confirmation) claim value', INVALID_REQUEST, { claims });\n }\n const { 0: cnf, length } = Object.keys(claims.cnf);\n if (length) {\n if (length !== 1) {\n throw new UnsupportedOperationError('multiple confirmation claims are not supported', {\n cause: { claims },\n });\n }\n if (cnf !== 'jkt') {\n throw new UnsupportedOperationError('unsupported JWT Confirmation method', {\n cause: { claims },\n });\n }\n }\n }\n const { 0: protectedHeader, 1: payload, 2: encodedSignature } = accessToken.split('.');\n const signature = b64u(encodedSignature);\n const key = await getPublicSigKeyFromIssuerJwksUri(as, options, header);\n await validateJwsSignature(protectedHeader, payload, key, signature);\n if (options?.requireDPoP ||\n scheme === 'dpop' ||\n claims.cnf?.jkt !== undefined ||\n request.headers.has('dpop')) {\n await validateDPoP(request, accessToken, claims, options).catch(reassignRSCode);\n }\n return claims;\n}\nfunction reassignRSCode(err) {\n if (err instanceof OperationProcessingError && err?.code === INVALID_REQUEST) {\n err.code = INVALID_RESPONSE;\n }\n throw err;\n}\nexport async function backchannelAuthenticationRequest(as, client, clientAuthentication, parameters, options) {\n assertAs(as);\n assertClient(client);\n const url = resolveEndpoint(as, 'backchannel_authentication_endpoint', client.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const body = new URLSearchParams(parameters);\n body.set('client_id', client.client_id);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n return authenticatedRequest(as, client, clientAuthentication, url, body, headers, options);\n}\nexport async function processBackchannelAuthenticationResponse(as, client, response) {\n assertAs(as);\n assertClient(client);\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 200, 'Backchannel Authentication Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.auth_req_id, '\"response\" body \"auth_req_id\" property', INVALID_RESPONSE, {\n body: json,\n });\n let expiresIn = typeof json.expires_in !== 'number' ? parseFloat(json.expires_in) : json.expires_in;\n assertNumber(expiresIn, true, '\"response\" body \"expires_in\" property', INVALID_RESPONSE, {\n body: json,\n });\n json.expires_in = expiresIn;\n if (json.interval !== undefined) {\n assertNumber(json.interval, false, '\"response\" body \"interval\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function backchannelAuthenticationGrantRequest(as, client, clientAuthentication, authReqId, options) {\n assertAs(as);\n assertClient(client);\n assertString(authReqId, '\"authReqId\"');\n const parameters = new URLSearchParams(options?.additionalParameters);\n parameters.set('auth_req_id', authReqId);\n return tokenEndpointRequest(as, client, clientAuthentication, 'urn:openid:params:grant-type:ciba', parameters, options);\n}\nexport async function processBackchannelAuthenticationGrantResponse(as, client, response, options) {\n return processGenericAccessTokenResponse(as, client, response, undefined, options?.[jweDecrypt], options?.recognizedTokenTypes);\n}\nexport async function dynamicClientRegistrationRequest(as, metadata, options) {\n assertAs(as);\n const url = resolveEndpoint(as, 'registration_endpoint', metadata.use_mtls_endpoint_aliases, options?.[allowInsecureRequests] !== true);\n const headers = prepareHeaders(options?.headers);\n headers.set('accept', 'application/json');\n headers.set('content-type', 'application/json');\n const method = 'POST';\n if (options?.DPoP) {\n assertDPoP(options.DPoP);\n await options.DPoP.addProof(url, headers, method, options.initialAccessToken);\n }\n if (options?.initialAccessToken) {\n headers.set('authorization', `${headers.has('dpop') ? 'DPoP' : 'Bearer'} ${options.initialAccessToken}`);\n }\n const response = await (options?.[customFetch] || fetch)(url.href, {\n body: JSON.stringify(metadata),\n headers: Object.fromEntries(headers.entries()),\n method,\n redirect: 'manual',\n signal: signal(url, options?.signal),\n });\n options?.DPoP?.cacheNonce(response, url);\n return response;\n}\nexport async function processDynamicClientRegistrationResponse(response) {\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n await checkOAuthBodyError(response, 201, 'Dynamic Client Registration Endpoint');\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.client_id, '\"response\" body \"client_id\" property', INVALID_RESPONSE, {\n body: json,\n });\n if (json.client_secret !== undefined) {\n assertString(json.client_secret, '\"response\" body \"client_secret\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n if (json.client_secret) {\n assertNumber(json.client_secret_expires_at, true, '\"response\" body \"client_secret_expires_at\" property', INVALID_RESPONSE, {\n body: json,\n });\n }\n return json;\n}\nexport async function resourceDiscoveryRequest(resourceIdentifier, options) {\n return performDiscovery(resourceIdentifier, 'resourceIdentifier', (url) => {\n prependWellKnown(url, '.well-known/oauth-protected-resource', true);\n return url;\n }, options);\n}\nexport async function processResourceDiscoveryResponse(expectedResourceIdentifier, response) {\n const expected = expectedResourceIdentifier;\n if (!(expected instanceof URL) && expected !== _nodiscoverycheck) {\n throw CodedTypeError('\"expectedResourceIdentifier\" must be an instance of URL', ERR_INVALID_ARG_TYPE);\n }\n if (!looseInstanceOf(response, Response)) {\n throw CodedTypeError('\"response\" must be an instance of Response', ERR_INVALID_ARG_TYPE);\n }\n if (response.status !== 200) {\n throw OPE('\"response\" is not a conform Resource Server Metadata response (unexpected HTTP status code)', RESPONSE_IS_NOT_CONFORM, response);\n }\n assertReadableResponse(response);\n const json = await getResponseJsonBody(response);\n assertString(json.resource, '\"response\" body \"resource\" property', INVALID_RESPONSE, {\n body: json,\n });\n if (expected !== _nodiscoverycheck && new URL(json.resource).href !== expected.href) {\n throw OPE('\"response\" body \"resource\" property does not match the expected value', JSON_ATTRIBUTE_COMPARISON, { expected: expected.href, body: json, attribute: 'resource' });\n }\n return json;\n}\nasync function getResponseJsonBody(response, check = assertApplicationJson) {\n let json;\n try {\n json = await response.json();\n }\n catch (cause) {\n check(response);\n throw OPE('failed to parse \"response\" body as JSON', PARSE_ERROR, cause);\n }\n if (!isJsonObject(json)) {\n throw OPE('\"response\" body must be a top level object', INVALID_RESPONSE, { body: json });\n }\n return json;\n}\nexport const _nopkce = nopkce;\nexport const _nodiscoverycheck = Symbol();\nexport const _expectedIssuer = Symbol();\n//# sourceMappingURL=index.js.map","\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { isBrowserLike } from '@stackframe/stack-shared/dist/utils/env';\nimport { StackAssertionError } from '@stackframe/stack-shared/dist/utils/errors';\nimport * as tanstackStartServerContext from \"@stackframe/tanstack-start/tanstack-start-server-context\"; // THIS_LINE_PLATFORM tanstack-start\nimport Cookies from \"js-cookie\";\nimport { calculatePKCECodeChallenge, generateRandomCodeVerifier, generateRandomState } from \"oauth4webapi\";\n\n\n// INFO: This file is used to manage cookies. It also sets some cookie flags automatically, see this description.\n//\n// It provides asynchronous setCookie, getCookie, deleteCookie, etc. functions that can be used in various environments\n// (browser + Next.js for now). Under the hood, they just get a CookieHelper object and then set the cookies there.\n//\n// The CookieHelper object is a simple object that lets you set, get and delete cookies synchronously. Acquiring one\n// is asynchronous (except for browser environments, where they can be acquired synchronously), but once you have it,\n// you can use it synchronously. This function is useful if you cannot await in the calling code, but otherwise you\n// should prefer to await the functions directly.\n//\n// Some cookie flags are set automatically by the CookieHelper (and hence also the <xyz>Cookie functions).\n// In particular:\n// - SameSite is set to `Lax` by default, which is already true in Chromium-based browsers, so this creates\n// compatibility with other browsers that use either Strict or None (particularly Safari and Firefox, and older\n// versions of Chrome). If Partitioned is automatically set (as described below), then this value is set to `None`\n// instead.\n// - Secure is set depending on whether we could successfully determine that the client is on HTTPS. For this, we use a\n// set of heuristics:\n// - In a browser environment, we check window.location.protocol which is always accurate\n// - In a Next.js server environment:\n// - First we check the `stack-is-https` cookie, which is set in various places on the\n// client with a Secure attribute. If that one is passed on to the server, we know that the client is on HTTPS\n// and we can set the Secure flag on the cookie. TODO: Should we also do this with a second cookie with a\n// __Host- prefix, so a malicious subdomain of the current domain cannot forcibly enable HTTPS mode and\n// therefore prevent new cookies from being set?\n// - Otherwise, we check the X-Forwarded-Proto header. If that one is `https`, we know that the client is\n// (pretending to be) on HTTPS and we can set the Secure flag on the cookie. Note that this header is\n// spoofable by malicious clients (so is the cookie actually), but since setting this value can only *increase*\n// security (and therefore prevent setting of a cookie), and requires a malicious client, this is still safe.\n// - If neither of the above is true, we don't set the Secure flag on the cookie.\n// - Partitioned is set depending on whether it is needed & supported. Unfortunately, the fact that Partitioned\n// cookies require SameSite=None, browsers that don't support it will still set them as normal third-party cookies,\n// which are fundamentally unsafe. Therefore, we need to take extra care that we only ever set Partitioned cookies\n// if we know for sure that the browser supports it.\n// - In a browser environment, we check:\n// - Whether `Secure` is set. If it's not, we don't set Partitioned.\n// - Whether we can set & retrieve cookies without Partitioned being set. If this is the case, we are likely in a\n// top-level context or a browser that partitions cookies by default (eg. Firefox). In this case, we don't need\n// Partitioned and can just proceed as normal.\n// - Whether CHIPS is supported. To prevent the case where CHIPS is not supported but third-party cookies are (in\n// which we would accidentally set SameSite=None without Partitioned as the latter requires the former), we\n// check this by running a simple test with document.cookie.\n// - Whether the browser supports Partitioned cookies. If yes, set Partitioned. Otherwise, don't set Partitioned.\n// Since there's no easy cross-compat way to do this (CookieStore and document.cookie do not return whether a\n// cookie is partitioned on some/all versions of Safari and Firefox), we use a heuristic; we run this test by\n// creating two cookies with the same name: One with Partitioned and one without. If there are two resulting\n// cookies, that means they were put into different jars, implying that the browser supports Partitioned cookies\n// (but doesn't partition cookies by default). If they result in just one cookie, that could mean that the\n// browser doesn't support Partitioned cookies, or that the browser doesn't put partitioned cookies into\n// different jars by default, in which case we still don't know. This heuristic works on Chrome, but may\n// incorrectly conclude that some other browsers don't support Partitioned. But from a security perspective,\n// that is better than accidentally setting SameSite=None without Partitioned. TODO: Find a better heuristic to\n// to determine whether the browser supports Partitioned cookies or not.\n// - In a Next.js server environment, right now we do nothing because of the complexity involved :( TODO: In the\n// future, we could improve this for example by setting hint cookies from the client, but we need to make sure that\n// no malicious actor (eg. on a malicious subdomain) can forcefully enable Partitioned cookies on a browser that\n// does not support it.\n\n\ntype SetCookieOptions = { maxAge: number | \"session\", noOpIfServerComponent?: boolean, domain?: string, secure?: boolean };\ntype DeleteCookieOptions = { noOpIfServerComponent?: boolean, domain?: string };\n\nlet tanStackStartCookieHelperPromise: Promise<CookieHelper> | null = null;\n\nfunction getTanStackStartServerContext() {\n const {\n deleteCookie,\n getCookie,\n getCookies,\n getRequestHeader,\n setCookie,\n } = tanstackStartServerContext;\n if (\n deleteCookie == null\n || getCookie == null\n || getCookies == null\n || getRequestHeader == null\n || setCookie == null\n ) {\n throw new StackAssertionError(\"TanStack Start server context is only available during server rendering\");\n }\n return {\n deleteCookie,\n getCookie,\n getCookies,\n getRequestHeader,\n setCookie,\n };\n}\n\ndeclare global {\n // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n interface ImportMetaEnv {\n SSR: boolean,\n }\n\n // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n interface ImportMeta {\n readonly env: ImportMetaEnv,\n }\n}\n\n\nfunction ensureClient() {\n if (!isBrowserLike()) {\n throw new Error(\"cookieClient functions can only be called in a browser environment, yet window is undefined\");\n }\n}\n\nexport type CookieHelper = {\n get: (name: string) => string | null,\n getAll: () => Record<string, string>,\n set: (name: string, value: string, options: SetCookieOptions) => void,\n setOrDelete: (name: string, value: string | null, options: SetCookieOptions & DeleteCookieOptions) => void,\n delete: (name: string, options: DeleteCookieOptions) => void,\n};\n\nconst placeholderCookieHelperIdentity = { \"placeholder cookie helper identity\": true };\nexport async function createPlaceholderCookieHelper(): Promise<CookieHelper> {\n function throwError(): never {\n throw new StackAssertionError(\"Throwing cookie helper is just a placeholder. This should never be called\");\n }\n return {\n get: throwError,\n getAll: throwError,\n set: throwError,\n setOrDelete: throwError,\n delete: throwError,\n };\n}\n\nfunction requiresSecureAttribute(name: string): boolean {\n return name.startsWith(\"__Host-\");\n}\n\nfunction validateCookieOptions(name: string, options: DeleteCookieOptions | SetCookieOptions) {\n if (requiresSecureAttribute(name) && options.domain !== undefined) {\n throw new StackAssertionError(\"__Host- cookies must not specify a Domain attribute\");\n }\n}\n\nexport async function createCookieHelper(): Promise<CookieHelper> {\n if (isBrowserLike()) {\n return createBrowserCookieHelper();\n } else {\n if (import.meta.env.SSR) {\n const cookieHelperPromise = tanStackStartCookieHelperPromise\n ?? Promise.resolve(createTanStackStartCookieHelper(getTanStackStartServerContext()));\n tanStackStartCookieHelperPromise = cookieHelperPromise;\n return await cookieHelperPromise;\n }\n return await createPlaceholderCookieHelper();\n }\n}\n\nexport function createCookieHelperSync(): CookieHelper {\n if (isBrowserLike()) {\n return createBrowserCookieHelper();\n }\n function throwError(): never {\n throw new StackAssertionError(\"Synchronous server cookie helpers are not available on this platform\");\n }\n return {\n get: throwError,\n getAll: throwError,\n set: throwError,\n setOrDelete: throwError,\n delete: throwError,\n };\n}\n\nfunction determineSecureFromTanStackStartContext(api: ReturnType<typeof getTanStackStartServerContext>): boolean {\n return api.getRequestHeader(\"x-forwarded-proto\") === \"https\"\n || (api.getCookie(\"stack-is-https\") !== undefined);\n}\n\nfunction refreshTanStackStartIsHttpsCookie(api: ReturnType<typeof getTanStackStartServerContext>) {\n api.setCookie(\"stack-is-https\", \"true\", {\n secure: true,\n maxAge: 60 * 60 * 24 * 365,\n sameSite: \"lax\",\n path: \"/\",\n });\n}\n\nfunction createTanStackStartCookieHelper(api: ReturnType<typeof getTanStackStartServerContext>): CookieHelper {\n const helper: CookieHelper = {\n get: (name: string) => {\n const all = helper.getAll();\n return all[name] ?? null;\n },\n getAll: () => {\n // set a helper cookie, see comment in `NextCookieHelper.set` below\n refreshTanStackStartIsHttpsCookie(api);\n return api.getCookies();\n },\n set: (name: string, value: string, options: SetCookieOptions) => {\n validateCookieOptions(name, options);\n api.setCookie(name, value, {\n secure: requiresSecureAttribute(name) || (options.secure ?? determineSecureFromTanStackStartContext(api)),\n maxAge: options.maxAge === \"session\" ? undefined : options.maxAge,\n domain: options.domain,\n sameSite: \"lax\",\n path: \"/\",\n });\n },\n setOrDelete: (name, value, options) => {\n if (value === null) helper.delete(name, options);\n else helper.set(name, value, options);\n },\n delete: (name: string, options: DeleteCookieOptions) => {\n validateCookieOptions(name, options);\n const secure = requiresSecureAttribute(name) || determineSecureFromTanStackStartContext(api);\n api.deleteCookie(name, {\n secure,\n domain: options.domain,\n path: \"/\",\n });\n },\n };\n return helper;\n}\n\nexport function createBrowserCookieHelper(): CookieHelper {\n return {\n get: getCookieClient,\n getAll: getAllCookiesClient,\n set: setCookieClient,\n setOrDelete: setOrDeleteCookieClient,\n delete: deleteCookieClient,\n };\n}\n\nfunction handleCookieError(e: unknown, options: DeleteCookieOptions | SetCookieOptions) {\n if (e instanceof Error && e.message.includes(\"Cookies can only be modified in\")) {\n if (options.noOpIfServerComponent) {\n // ignore\n } else {\n throw new StackAssertionError(\"Attempted to set cookie in server component. Pass { noOpIfServerComponent: true } in the options of Stack's cookie functions if this is intentional and you want to ignore this error. Read more: https://nextjs.org/docs/app/api-reference/functions/cookies#options\");\n }\n } else {\n throw e;\n }\n}\n\n\nexport function getCookieClient(name: string): string | null {\n const all = getAllCookiesClient();\n return all[name] ?? null;\n}\n\nexport function getAllCookiesClient(): Record<string, string> {\n ensureClient();\n // set a helper cookie, see comment in `NextCookieHelper.set` above\n Cookies.set(\"stack-is-https\", \"true\", { secure: true, expires: new Date(Date.now() + 1000 * 60 * 60 * 24 * 365) });\n return Cookies.get();\n}\n\nexport async function getCookie(name: string): Promise<string | null> {\n const cookieHelper = await createCookieHelper();\n return cookieHelper.get(name);\n}\n\nexport async function isSecure(): Promise<boolean> {\n if (isBrowserLike()) {\n return determineSecureFromClientContext();\n }\n if (import.meta.env.SSR) {\n return determineSecureFromTanStackStartContext(getTanStackStartServerContext());\n }\n return false;\n}\n\nfunction determineSecureFromClientContext(): boolean {\n return typeof window !== \"undefined\" && window.location.protocol === \"https:\";\n}\n\n\nlet _shouldSetPartitionedClientCache: boolean | undefined = undefined;\nfunction shouldSetPartitionedClient() {\n return _shouldSetPartitionedClientCache ??= _internalShouldSetPartitionedClient();\n}\nfunction _internalShouldSetPartitionedClient() {\n ensureClient();\n\n if (!(determineSecureFromClientContext())) {\n return false;\n }\n\n // check whether we can set & retrieve normal cookies (either because we're on a top-level/same-origin context or the browser partitions cookies by default)\n const cookie1Name = \"__Host-stack-temporary-chips-test-\" + Math.random().toString(36).substring(2, 15);\n document.cookie = `${cookie1Name}=value1; Secure; path=/`;\n const cookies1 = document.cookie.split(\"; \");\n document.cookie = `${cookie1Name}=delete1; Secure; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC;`;\n if (cookies1.some((c) => c.startsWith(cookie1Name + \"=\"))) {\n return false;\n }\n\n\n // check whether Partitioned cookies are supported by the browser\n // TODO: See comment at the top. Feels like we should find a better way to do this\n const cookie2Name = \"__Host-stack-temporary-chips-test-\" + Math.random().toString(36).substring(2, 15);\n\n // just to be safe, delete the cookie first to avoid weird RNG-prediction attacks\n // I don't know what they look like (since this is a host cookie) but better safe than sorry\n // (this function should be 100% bulletproof so we don't accidentally fall back to non-partitioned third party cookies on unsupported browsers)\n document.cookie = `${cookie2Name}=delete1; Secure; SameSite=None; Partitioned; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;\n document.cookie = `${cookie2Name}=delete2; Secure; SameSite=None; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;\n\n // set the cookie, once partitioned and once not partitioned\n document.cookie = `${cookie2Name}=set1; Secure; SameSite=None; Partitioned; path=/`;\n document.cookie = `${cookie2Name}=set2; Secure; SameSite=None; path=/`;\n\n // check if there are two cookies\n const cookies2 = document.cookie.split(\"; \");\n const numberOfCookiesWithThisName = cookies2.filter((c) => c.startsWith(cookie2Name + \"=\")).length;\n\n // clean up\n document.cookie = `${cookie2Name}=delete3; Secure; SameSite=None; Partitioned; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;\n document.cookie = `${cookie2Name}=delete4; Secure; SameSite=None; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/`;\n\n return numberOfCookiesWithThisName === 2;\n}\n\nfunction setCookieClientInternal(name: string, value: string, options: SetCookieOptions) {\n validateCookieOptions(name, options);\n const secure = requiresSecureAttribute(name) || (options.secure ?? determineSecureFromClientContext());\n const partitioned = shouldSetPartitionedClient();\n Cookies.set(name, value, {\n expires: options.maxAge === \"session\" ? undefined : new Date(Date.now() + (options.maxAge) * 1000),\n domain: options.domain,\n secure,\n path: \"/\",\n sameSite: \"Lax\",\n ...(partitioned ? {\n partitioned,\n sameSite: \"None\",\n } : {}),\n });\n}\n\nfunction deleteCookieClientInternal(name: string, options: DeleteCookieOptions) {\n validateCookieOptions(name, options);\n for (const partitioned of [true, false]) {\n if (options.domain !== undefined) {\n Cookies.remove(name, { domain: options.domain, secure: determineSecureFromClientContext(), partitioned, path: \"/\" });\n }\n Cookies.remove(name, { secure: requiresSecureAttribute(name) || determineSecureFromClientContext(), partitioned, path: \"/\" });\n }\n}\n\nexport function setOrDeleteCookieClient(name: string, value: string | null, options: SetCookieOptions & DeleteCookieOptions) {\n ensureClient();\n if (value === null) {\n deleteCookieClientInternal(name, options);\n } else {\n setCookieClientInternal(name, value, options);\n }\n}\n\nexport async function setOrDeleteCookie(name: string, value: string | null, options: SetCookieOptions & DeleteCookieOptions) {\n const cookieHelper = await createCookieHelper();\n cookieHelper.setOrDelete(name, value, options);\n}\n\nexport function deleteCookieClient(name: string, options: DeleteCookieOptions) {\n ensureClient();\n deleteCookieClientInternal(name, options);\n}\n\nexport async function deleteCookie(name: string, options: DeleteCookieOptions) {\n const cookieHelper = await createCookieHelper();\n cookieHelper.delete(name, options);\n}\n\nexport function setCookieClient(name: string, value: string, options: SetCookieOptions) {\n ensureClient();\n setCookieClientInternal(name, value, options);\n}\n\nexport async function setCookie(name: string, value: string, options: SetCookieOptions) {\n const cookieHelper = await createCookieHelper();\n cookieHelper.set(name, value, options);\n}\n\nexport async function saveVerifierAndState() {\n const codeVerifier = generateRandomCodeVerifier();\n const codeChallenge = await calculatePKCECodeChallenge(codeVerifier);\n const state = generateRandomState();\n\n await setCookie(\"stack-oauth-outer-\" + state, codeVerifier, { maxAge: 60 * 60 });\n\n return {\n codeChallenge,\n state,\n };\n}\n\nexport function consumeVerifierAndStateCookie(state: string) {\n ensureClient();\n const cookieName = \"stack-oauth-outer-\" + state;\n const codeVerifier = getCookieClient(cookieName);\n if (!codeVerifier) {\n return null;\n }\n deleteCookieClient(cookieName, {});\n return {\n codeVerifier,\n };\n}\n"],"x_google_ignoreList":[0],"mappings":";;;;;;;;;;AAAA,IAAI;AACJ,IAAI,OAAO,cAAc,eAAe,CAAC,UAAU,WAAW,aAAa,eAAe,CAGtF,cAAa;AAcjB,MAAM,wBAAwB;AAC9B,MAAM,uBAAuB;AAC7B,SAAS,eAAe,SAAS,MAAM,OAAO;CAC1C,MAAM,MAAM,IAAI,UAAU,SAAS,EAAE,OAAO,CAAC;AAC7C,QAAO,OAAO,KAAK,EAAE,MAAM,CAAC;AAC5B,QAAO;;AASX,MAAM,UAAU,IAAI,aAAa;AACjC,MAAM,UAAU,IAAI,aAAa;AACjC,SAAS,IAAI,OAAO;AAChB,KAAI,OAAO,UAAU,SACjB,QAAO,QAAQ,OAAO,MAAM;AAEhC,QAAO,QAAQ,OAAO,MAAM;;AAEhC,IAAI;AACJ,IAAI,WAAW,UAAU,SACrB,oBAAmB,UAAU;AACzB,KAAI,iBAAiB,YACjB,SAAQ,IAAI,WAAW,MAAM;AAEjC,QAAO,MAAM,SAAS;EAAE,UAAU;EAAa,aAAa;EAAM,CAAC;;KAGtE;CACD,MAAM,aAAa;AACnB,oBAAmB,UAAU;AACzB,MAAI,iBAAiB,YACjB,SAAQ,IAAI,WAAW,MAAM;EAEjC,MAAM,MAAM,EAAE;AACd,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,YAAY,KAAK,WACvC,KAAI,KAAK,OAAO,aAAa,MAAM,MAAM,MAAM,SAAS,GAAG,IAAI,WAAW,CAAC,CAAC;AAEhF,SAAO,KAAK,IAAI,KAAK,GAAG,CAAC,CAAC,QAAQ,MAAM,GAAG,CAAC,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;;;AAG3F,IAAI;AACJ,IAAI,WAAW,WACX,oBAAmB,UAAU;AACzB,KAAI;AACA,SAAO,WAAW,WAAW,OAAO,EAAE,UAAU,aAAa,CAAC;UAE3D,OAAO;AACV,QAAM,eAAe,qDAAqD,uBAAuB,MAAM;;;IAK/G,oBAAmB,UAAU;AACzB,KAAI;EACA,MAAM,SAAS,KAAK,MAAM,QAAQ,MAAM,IAAI,CAAC,QAAQ,MAAM,IAAI,CAAC,QAAQ,OAAO,GAAG,CAAC;EACnF,MAAM,QAAQ,IAAI,WAAW,OAAO,OAAO;AAC3C,OAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IAC/B,OAAM,KAAK,OAAO,WAAW,EAAE;AAEnC,SAAO;UAEJ,OAAO;AACV,QAAM,eAAe,qDAAqD,uBAAuB,MAAM;;;AAInH,SAAS,KAAK,OAAO;AACjB,KAAI,OAAO,UAAU,SACjB,QAAO,gBAAgB,MAAM;AAEjC,QAAO,gBAAgB,MAAM;;AAWjC,IAAa,2BAAb,cAA8C,MAAM;CAChD;CACA,YAAY,SAAS,SAAS;AAC1B,QAAM,SAAS,QAAQ;AACvB,OAAK,OAAO,KAAK,YAAY;AAC7B,MAAI,SAAS,KACT,MAAK,OAAO,SAAS;AAEzB,QAAM,oBAAoB,MAAM,KAAK,YAAY;;;AAGzD,SAAS,IAAI,SAAS,MAAM,OAAO;AAC/B,QAAO,IAAI,yBAAyB,SAAS;EAAE;EAAM;EAAO,CAAC;;AAmKjE,SAAS,aAAa,OAAO,IAAI,MAAM,OAAO;AAC1C,KAAI;AACA,MAAI,OAAO,UAAU,SACjB,OAAM,eAAe,GAAG,GAAG,oBAAoB,sBAAsB,MAAM;AAE/E,MAAI,MAAM,WAAW,EACjB,OAAM,eAAe,GAAG,GAAG,qBAAqB,uBAAuB,MAAM;UAG9E,KAAK;AACR,MAAI,KACA,OAAM,IAAI,IAAI,SAAS,MAAM,MAAM;AAEvC,QAAM;;;AAiDd,SAAS,cAAc;AACnB,QAAO,KAAK,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC;;AAE3D,SAAgB,6BAA6B;AACzC,QAAO,aAAa;;AAExB,SAAgB,sBAAsB;AAClC,QAAO,aAAa;;AAKxB,eAAsB,2BAA2B,cAAc;AAC3D,cAAa,cAAc,eAAe;AAC1C,QAAO,KAAK,MAAM,OAAO,OAAO,OAAO,WAAW,IAAI,aAAa,CAAC,CAAC;;AAgRzE,MAAM,WAAW,IAAI,SAEZ,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK,IACpC,KAAK,SAAS;AACb,KAAI;AACA,SAAO,IAAI,IAAI,KAAK,KAAK;SAEvB;AACF,SAAO;;;AAoLnB,MAAM,aAAa;AACnB,MAAM,eAAe;AAErB,MAAM,qBAAqB,MAAM,aAAa;AAC9C,MAAM,eAAe,MAAM,aAAa;AACxC,MAAM,WAAW,IAAI,OAAO,cAAc,aAAa,IAAI;AAC3D,MAAM,gBAAgB,IAAI,OAAO,aAAa,qBAAqB,cAAc;AACjF,MAAM,kBAAkB,IAAI,OAAO,aAAa,eAAe,cAAc;AAC7E,MAAM,iBAAiB,IAAI,OAAO,OAAO,eAAe,oBAAoB;;;;AC7uB5E,IAAI,mCAAiE;AAErE,SAAS,gCAAgC;CACvC,MAAM,EACJ,cACA,WACA,YACA,kBACA,cACEA;AACJ,KACE,gBAAgB,QACb,aAAa,QACb,cAAc,QACd,oBAAoB,QACpB,aAAa,KAEhB,OAAM,IAAIC,+DAAoB,0EAA0E;AAE1G,QAAO;EACL;EACA;EACA;EACA;EACA;EACD;;AAgBH,SAAS,eAAe;AACtB,KAAI,6DAAgB,CAClB,OAAM,IAAI,MAAM,8FAA8F;;AAalH,eAAsB,gCAAuD;CAC3E,SAAS,aAAoB;AAC3B,QAAM,IAAIA,+DAAoB,4EAA4E;;AAE5G,QAAO;EACL,KAAK;EACL,QAAQ;EACR,KAAK;EACL,aAAa;EACb,QAAQ;EACT;;AAGH,SAAS,wBAAwB,MAAuB;AACtD,QAAO,KAAK,WAAW,UAAU;;AAGnC,SAAS,sBAAsB,MAAc,SAAiD;AAC5F,KAAI,wBAAwB,KAAK,IAAI,QAAQ,WAAW,OACtD,OAAM,IAAIA,+DAAoB,sDAAsD;;AAIxF,eAAsB,qBAA4C;AAChE,iEAAmB,CACjB,QAAO,2BAA2B;MAC7B;AACL,SAAgB,IAAI,KAAK;GACvB,MAAM,sBAAsB,oCACvB,QAAQ,QAAQ,gCAAgC,+BAA+B,CAAC,CAAC;AACtF,sCAAmC;AACnC,UAAO,MAAM;;AAEf,SAAO,MAAM,+BAA+B;;;AAIhD,SAAgB,yBAAuC;AACrD,iEAAmB,CACjB,QAAO,2BAA2B;CAEpC,SAAS,aAAoB;AAC3B,QAAM,IAAIA,+DAAoB,uEAAuE;;AAEvG,QAAO;EACL,KAAK;EACL,QAAQ;EACR,KAAK;EACL,aAAa;EACb,QAAQ;EACT;;AAGH,SAAS,wCAAwC,KAAgE;AAC/G,QAAO,IAAI,iBAAiB,oBAAoB,KAAK,WAC/C,IAAI,UAAU,iBAAiB,KAAK;;AAG5C,SAAS,kCAAkC,KAAuD;AAChG,KAAI,UAAU,kBAAkB,QAAQ;EACtC,QAAQ;EACR,QAAQ,OAAU,KAAK;EACvB,UAAU;EACV,MAAM;EACP,CAAC;;AAGJ,SAAS,gCAAgC,KAAqE;CAC5G,MAAM,SAAuB;EAC3B,MAAM,SAAiB;AAErB,UADY,OAAO,QAAQ,CAChB,SAAS;;EAEtB,cAAc;AAEZ,qCAAkC,IAAI;AACtC,UAAO,IAAI,YAAY;;EAEzB,MAAM,MAAc,OAAe,YAA8B;AAC/D,yBAAsB,MAAM,QAAQ;AACpC,OAAI,UAAU,MAAM,OAAO;IACzB,QAAQ,wBAAwB,KAAK,KAAK,QAAQ,UAAU,wCAAwC,IAAI;IACxG,QAAQ,QAAQ,WAAW,YAAY,SAAY,QAAQ;IAC3D,QAAQ,QAAQ;IAChB,UAAU;IACV,MAAM;IACP,CAAC;;EAEJ,cAAc,MAAM,OAAO,YAAY;AACrC,OAAI,UAAU,KAAM,QAAO,OAAO,MAAM,QAAQ;OAC3C,QAAO,IAAI,MAAM,OAAO,QAAQ;;EAEvC,SAAS,MAAc,YAAiC;AACtD,yBAAsB,MAAM,QAAQ;GACpC,MAAM,SAAS,wBAAwB,KAAK,IAAI,wCAAwC,IAAI;AAC5F,OAAI,aAAa,MAAM;IACrB;IACA,QAAQ,QAAQ;IAChB,MAAM;IACP,CAAC;;EAEL;AACD,QAAO;;AAGT,SAAgB,4BAA0C;AACxD,QAAO;EACL,KAAK;EACL,QAAQ;EACR,KAAK;EACL,aAAa;EACb,QAAQ;EACT;;AAgBH,SAAgB,gBAAgB,MAA6B;AAE3D,QADY,qBAAqB,CACtB,SAAS;;AAGtB,SAAgB,sBAA8C;AAC5D,eAAc;AAEd,mBAAQ,IAAI,kBAAkB,QAAQ;EAAE,QAAQ;EAAM,SAAS,IAAI,KAAK,KAAK,KAAK,GAAG,MAAO,KAAK,KAAK,KAAK,IAAI;EAAE,CAAC;AAClH,QAAOC,kBAAQ,KAAK;;AAGtB,eAAsB,UAAU,MAAsC;AAEpE,SADqB,MAAM,oBAAoB,EAC3B,IAAI,KAAK;;AAG/B,eAAsB,WAA6B;AACjD,iEAAmB,CACjB,QAAO,kCAAkC;AAE3C,QAAgB,IAAI,IAClB,QAAO,wCAAwC,+BAA+B,CAAC;AAEjF,QAAO;;AAGT,SAAS,mCAA4C;AACnD,QAAO,OAAO,WAAW,eAAe,OAAO,SAAS,aAAa;;AAIvE,IAAI,mCAAwD;AAC5D,SAAS,6BAA6B;AACpC,QAAO,qCAAqC,qCAAqC;;AAEnF,SAAS,sCAAsC;AAC7C,eAAc;AAEd,KAAI,CAAE,kCAAkC,CACtC,QAAO;CAIT,MAAM,cAAc,uCAAuC,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,UAAU,GAAG,GAAG;AACtG,UAAS,SAAS,GAAG,YAAY;CACjC,MAAM,WAAW,SAAS,OAAO,MAAM,KAAK;AAC5C,UAAS,SAAS,GAAG,YAAY;AACjC,KAAI,SAAS,MAAM,MAAM,EAAE,WAAW,cAAc,IAAI,CAAC,CACvD,QAAO;CAMT,MAAM,cAAc,uCAAuC,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,UAAU,GAAG,GAAG;AAKtG,UAAS,SAAS,GAAG,YAAY;AACjC,UAAS,SAAS,GAAG,YAAY;AAGjC,UAAS,SAAS,GAAG,YAAY;AACjC,UAAS,SAAS,GAAG,YAAY;CAIjC,MAAM,8BADW,SAAS,OAAO,MAAM,KAAK,CACC,QAAQ,MAAM,EAAE,WAAW,cAAc,IAAI,CAAC,CAAC;AAG5F,UAAS,SAAS,GAAG,YAAY;AACjC,UAAS,SAAS,GAAG,YAAY;AAEjC,QAAO,gCAAgC;;AAGzC,SAAS,wBAAwB,MAAc,OAAe,SAA2B;AACvF,uBAAsB,MAAM,QAAQ;CACpC,MAAM,SAAS,wBAAwB,KAAK,KAAK,QAAQ,UAAU,kCAAkC;CACrG,MAAM,cAAc,4BAA4B;AAChD,mBAAQ,IAAI,MAAM,OAAO;EACvB,SAAS,QAAQ,WAAW,YAAY,SAAY,IAAI,KAAK,KAAK,KAAK,GAAI,QAAQ,SAAU,IAAK;EAClG,QAAQ,QAAQ;EAChB;EACA,MAAM;EACN,UAAU;EACV,GAAI,cAAc;GAChB;GACA,UAAU;GACX,GAAG,EAAE;EACP,CAAC;;AAGJ,SAAS,2BAA2B,MAAc,SAA8B;AAC9E,uBAAsB,MAAM,QAAQ;AACpC,MAAK,MAAM,eAAe,CAAC,MAAM,MAAM,EAAE;AACvC,MAAI,QAAQ,WAAW,OACrB,mBAAQ,OAAO,MAAM;GAAE,QAAQ,QAAQ;GAAQ,QAAQ,kCAAkC;GAAE;GAAa,MAAM;GAAK,CAAC;AAEtH,oBAAQ,OAAO,MAAM;GAAE,QAAQ,wBAAwB,KAAK,IAAI,kCAAkC;GAAE;GAAa,MAAM;GAAK,CAAC;;;AAIjI,SAAgB,wBAAwB,MAAc,OAAsB,SAAiD;AAC3H,eAAc;AACd,KAAI,UAAU,KACZ,4BAA2B,MAAM,QAAQ;KAEzC,yBAAwB,MAAM,OAAO,QAAQ;;AAIjD,eAAsB,kBAAkB,MAAc,OAAsB,SAAiD;AAE3H,EADqB,MAAM,oBAAoB,EAClC,YAAY,MAAM,OAAO,QAAQ;;AAGhD,SAAgB,mBAAmB,MAAc,SAA8B;AAC7E,eAAc;AACd,4BAA2B,MAAM,QAAQ;;AAG3C,eAAsB,aAAa,MAAc,SAA8B;AAE7E,EADqB,MAAM,oBAAoB,EAClC,OAAO,MAAM,QAAQ;;AAGpC,SAAgB,gBAAgB,MAAc,OAAe,SAA2B;AACtF,eAAc;AACd,yBAAwB,MAAM,OAAO,QAAQ;;AAG/C,eAAsB,UAAU,MAAc,OAAe,SAA2B;AAEtF,EADqB,MAAM,oBAAoB,EAClC,IAAI,MAAM,OAAO,QAAQ;;AAGxC,eAAsB,uBAAuB;CAC3C,MAAM,eAAe,4BAA4B;CACjD,MAAM,gBAAgB,MAAM,2BAA2B,aAAa;CACpE,MAAM,QAAQ,qBAAqB;AAEnC,OAAM,UAAU,uBAAuB,OAAO,cAAc,EAAE,QAAQ,MAAS,CAAC;AAEhF,QAAO;EACL;EACA;EACD;;AAGH,SAAgB,8BAA8B,OAAe;AAC3D,eAAc;CACd,MAAM,aAAa,uBAAuB;CAC1C,MAAM,eAAe,gBAAgB,WAAW;AAChD,KAAI,CAAC,aACH,QAAO;AAET,oBAAmB,YAAY,EAAE,CAAC;AAClC,QAAO,EACL,cACD"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
//#region src/lib/env.d.ts
|
|
2
|
+
/**
|
|
3
|
+
* Centralized environment-variable reads for the SDK.
|
|
4
|
+
*
|
|
5
|
+
* Keep each key explicit and reference `process.env.KEY` directly so bundlers
|
|
6
|
+
* like Next.js can inline values at build time.
|
|
7
|
+
*/
|
|
8
|
+
declare const envVars: {
|
|
9
|
+
readonly NEXT_PUBLIC_STACK_PORT_PREFIX: string | undefined;
|
|
10
|
+
readonly NEXT_PUBLIC_STACK_PROJECT_ID: string | undefined;
|
|
11
|
+
readonly STACK_PROJECT_ID: string | undefined;
|
|
12
|
+
readonly NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY: string | undefined;
|
|
13
|
+
readonly STACK_PUBLISHABLE_CLIENT_KEY: string | undefined;
|
|
14
|
+
readonly STACK_SECRET_SERVER_KEY: string | undefined;
|
|
15
|
+
readonly STACK_SUPER_SECRET_ADMIN_KEY: string | undefined;
|
|
16
|
+
readonly NEXT_PUBLIC_STACK_EXTRA_REQUEST_HEADERS: string | undefined;
|
|
17
|
+
readonly STACK_EXTRA_REQUEST_HEADERS: string | undefined;
|
|
18
|
+
readonly NEXT_PUBLIC_BROWSER_STACK_API_URL: string | undefined;
|
|
19
|
+
readonly NEXT_PUBLIC_STACK_API_URL_BROWSER: string | undefined;
|
|
20
|
+
readonly STACK_API_URL_BROWSER: string | undefined;
|
|
21
|
+
readonly NEXT_PUBLIC_SERVER_STACK_API_URL: string | undefined;
|
|
22
|
+
readonly NEXT_PUBLIC_STACK_API_URL_SERVER: string | undefined;
|
|
23
|
+
readonly STACK_API_URL_SERVER: string | undefined;
|
|
24
|
+
readonly NEXT_PUBLIC_STACK_API_URL: string | undefined;
|
|
25
|
+
readonly STACK_API_URL: string | undefined;
|
|
26
|
+
readonly NEXT_PUBLIC_STACK_URL: string | undefined;
|
|
27
|
+
readonly NEXT_PUBLIC_STACK_HOSTED_HANDLER_DOMAIN_SUFFIX: string | undefined;
|
|
28
|
+
readonly NEXT_PUBLIC_STACK_HOSTED_HANDLER_URL_TEMPLATE: string | undefined;
|
|
29
|
+
readonly NEXT_PUBLIC_STACK_STRIPE_PUBLISHABLE_KEY: string | undefined;
|
|
30
|
+
readonly NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY: string | undefined;
|
|
31
|
+
readonly NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY: string | undefined;
|
|
32
|
+
readonly NODE_ENV: string | undefined;
|
|
33
|
+
readonly NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR: string | undefined;
|
|
34
|
+
};
|
|
35
|
+
//#endregion
|
|
36
|
+
export { envVars };
|
|
37
|
+
//# sourceMappingURL=env.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"env.d.ts","names":[],"sources":["../../src/lib/env.ts"],"mappings":";;AAUA;;;;;cAAa,OAAA;EAAA"}
|
package/dist/lib/env.js
ADDED
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
|
|
3
|
+
//#region src/lib/env.ts
|
|
4
|
+
/**
|
|
5
|
+
* Centralized environment-variable reads for the SDK.
|
|
6
|
+
*
|
|
7
|
+
* Keep each key explicit and reference `process.env.KEY` directly so bundlers
|
|
8
|
+
* like Next.js can inline values at build time.
|
|
9
|
+
*/
|
|
10
|
+
const envVars = {
|
|
11
|
+
get NEXT_PUBLIC_STACK_PORT_PREFIX() {
|
|
12
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_PORT_PREFIX : void 0) ?? void 0;
|
|
13
|
+
},
|
|
14
|
+
get NEXT_PUBLIC_STACK_PROJECT_ID() {
|
|
15
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_PROJECT_ID : void 0) ?? void 0;
|
|
16
|
+
},
|
|
17
|
+
get STACK_PROJECT_ID() {
|
|
18
|
+
return (typeof process !== "undefined" ? process.env.STACK_PROJECT_ID : void 0) ?? void 0;
|
|
19
|
+
},
|
|
20
|
+
get NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY() {
|
|
21
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY : void 0) ?? void 0;
|
|
22
|
+
},
|
|
23
|
+
get STACK_PUBLISHABLE_CLIENT_KEY() {
|
|
24
|
+
return (typeof process !== "undefined" ? process.env.STACK_PUBLISHABLE_CLIENT_KEY : void 0) ?? void 0;
|
|
25
|
+
},
|
|
26
|
+
get STACK_SECRET_SERVER_KEY() {
|
|
27
|
+
return (typeof process !== "undefined" ? process.env.STACK_SECRET_SERVER_KEY : void 0) ?? void 0;
|
|
28
|
+
},
|
|
29
|
+
get STACK_SUPER_SECRET_ADMIN_KEY() {
|
|
30
|
+
return (typeof process !== "undefined" ? process.env.STACK_SUPER_SECRET_ADMIN_KEY : void 0) ?? void 0;
|
|
31
|
+
},
|
|
32
|
+
get NEXT_PUBLIC_STACK_EXTRA_REQUEST_HEADERS() {
|
|
33
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_EXTRA_REQUEST_HEADERS : void 0) ?? void 0;
|
|
34
|
+
},
|
|
35
|
+
get STACK_EXTRA_REQUEST_HEADERS() {
|
|
36
|
+
return (typeof process !== "undefined" ? process.env.STACK_EXTRA_REQUEST_HEADERS : void 0) ?? void 0;
|
|
37
|
+
},
|
|
38
|
+
get NEXT_PUBLIC_BROWSER_STACK_API_URL() {
|
|
39
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_BROWSER_STACK_API_URL : void 0) ?? void 0;
|
|
40
|
+
},
|
|
41
|
+
get NEXT_PUBLIC_STACK_API_URL_BROWSER() {
|
|
42
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_API_URL_BROWSER : void 0) ?? void 0;
|
|
43
|
+
},
|
|
44
|
+
get STACK_API_URL_BROWSER() {
|
|
45
|
+
return (typeof process !== "undefined" ? process.env.STACK_API_URL_BROWSER : void 0) ?? void 0;
|
|
46
|
+
},
|
|
47
|
+
get NEXT_PUBLIC_SERVER_STACK_API_URL() {
|
|
48
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_SERVER_STACK_API_URL : void 0) ?? void 0;
|
|
49
|
+
},
|
|
50
|
+
get NEXT_PUBLIC_STACK_API_URL_SERVER() {
|
|
51
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_API_URL_SERVER : void 0) ?? void 0;
|
|
52
|
+
},
|
|
53
|
+
get STACK_API_URL_SERVER() {
|
|
54
|
+
return (typeof process !== "undefined" ? process.env.STACK_API_URL_SERVER : void 0) ?? void 0;
|
|
55
|
+
},
|
|
56
|
+
get NEXT_PUBLIC_STACK_API_URL() {
|
|
57
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_API_URL : void 0) ?? void 0;
|
|
58
|
+
},
|
|
59
|
+
get STACK_API_URL() {
|
|
60
|
+
return (typeof process !== "undefined" ? process.env.STACK_API_URL : void 0) ?? void 0;
|
|
61
|
+
},
|
|
62
|
+
get NEXT_PUBLIC_STACK_URL() {
|
|
63
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_URL : void 0) ?? void 0;
|
|
64
|
+
},
|
|
65
|
+
get NEXT_PUBLIC_STACK_HOSTED_HANDLER_DOMAIN_SUFFIX() {
|
|
66
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_HOSTED_HANDLER_DOMAIN_SUFFIX : void 0) ?? void 0;
|
|
67
|
+
},
|
|
68
|
+
get NEXT_PUBLIC_STACK_HOSTED_HANDLER_URL_TEMPLATE() {
|
|
69
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_HOSTED_HANDLER_URL_TEMPLATE : void 0) ?? void 0;
|
|
70
|
+
},
|
|
71
|
+
get NEXT_PUBLIC_STACK_STRIPE_PUBLISHABLE_KEY() {
|
|
72
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_STRIPE_PUBLISHABLE_KEY : void 0) ?? void 0;
|
|
73
|
+
},
|
|
74
|
+
get NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY() {
|
|
75
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY : void 0) ?? void 0;
|
|
76
|
+
},
|
|
77
|
+
get NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY() {
|
|
78
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY : void 0) ?? void 0;
|
|
79
|
+
},
|
|
80
|
+
get NODE_ENV() {
|
|
81
|
+
return (typeof process !== "undefined" ? process.env.NODE_ENV : void 0) ?? void 0;
|
|
82
|
+
},
|
|
83
|
+
get NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR() {
|
|
84
|
+
return (typeof process !== "undefined" ? process.env.NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR : void 0) ?? void 0;
|
|
85
|
+
}
|
|
86
|
+
};
|
|
87
|
+
|
|
88
|
+
//#endregion
|
|
89
|
+
exports.envVars = envVars;
|
|
90
|
+
//# sourceMappingURL=env.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"env.js","names":[],"sources":["../../src/lib/env.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\n/**\n * Centralized environment-variable reads for the SDK.\n *\n * Keep each key explicit and reference `process.env.KEY` directly so bundlers\n * like Next.js can inline values at build time.\n */\nexport const envVars = {\n get NEXT_PUBLIC_STACK_PORT_PREFIX() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_PORT_PREFIX : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_PROJECT_ID() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_PROJECT_ID : undefined) ?? undefined;\n },\n get STACK_PROJECT_ID() {\n return (typeof process !== \"undefined\" ? process.env.STACK_PROJECT_ID : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY : undefined) ?? undefined;\n },\n get STACK_PUBLISHABLE_CLIENT_KEY() {\n return (typeof process !== \"undefined\" ? process.env.STACK_PUBLISHABLE_CLIENT_KEY : undefined) ?? undefined;\n },\n get STACK_SECRET_SERVER_KEY() {\n return (typeof process !== \"undefined\" ? process.env.STACK_SECRET_SERVER_KEY : undefined) ?? undefined;\n },\n get STACK_SUPER_SECRET_ADMIN_KEY() {\n return (typeof process !== \"undefined\" ? process.env.STACK_SUPER_SECRET_ADMIN_KEY : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_EXTRA_REQUEST_HEADERS() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_EXTRA_REQUEST_HEADERS : undefined) ?? undefined;\n },\n get STACK_EXTRA_REQUEST_HEADERS() {\n return (typeof process !== \"undefined\" ? process.env.STACK_EXTRA_REQUEST_HEADERS : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_BROWSER_STACK_API_URL() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_BROWSER_STACK_API_URL : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_API_URL_BROWSER() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_API_URL_BROWSER : undefined) ?? undefined;\n },\n get STACK_API_URL_BROWSER() {\n return (typeof process !== \"undefined\" ? process.env.STACK_API_URL_BROWSER : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_SERVER_STACK_API_URL() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_SERVER_STACK_API_URL : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_API_URL_SERVER() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_API_URL_SERVER : undefined) ?? undefined;\n },\n get STACK_API_URL_SERVER() {\n return (typeof process !== \"undefined\" ? process.env.STACK_API_URL_SERVER : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_API_URL() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_API_URL : undefined) ?? undefined;\n },\n get STACK_API_URL() {\n return (typeof process !== \"undefined\" ? process.env.STACK_API_URL : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_URL() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_URL : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_HOSTED_HANDLER_DOMAIN_SUFFIX() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_HOSTED_HANDLER_DOMAIN_SUFFIX : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_HOSTED_HANDLER_URL_TEMPLATE() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_HOSTED_HANDLER_URL_TEMPLATE : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_STRIPE_PUBLISHABLE_KEY() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_STRIPE_PUBLISHABLE_KEY : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_BOT_CHALLENGE_SITE_KEY : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_BOT_CHALLENGE_INVISIBLE_SITE_KEY : undefined) ?? undefined;\n },\n get NODE_ENV() {\n return (typeof process !== \"undefined\" ? process.env.NODE_ENV : undefined) ?? undefined;\n },\n get NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR() {\n return (typeof process !== \"undefined\" ? process.env.NEXT_PUBLIC_STACK_IS_LOCAL_EMULATOR : undefined) ?? undefined;\n },\n};\n"],"mappings":";;;;;;;;;AAUA,MAAa,UAAU;CACrB,IAAI,gCAAgC;AAClC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,gCAAgC,WAAc;;CAErG,IAAI,+BAA+B;AACjC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,+BAA+B,WAAc;;CAEpG,IAAI,mBAAmB;AACrB,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,mBAAmB,WAAc;;CAExF,IAAI,2CAA2C;AAC7C,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,2CAA2C,WAAc;;CAEhH,IAAI,+BAA+B;AACjC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,+BAA+B,WAAc;;CAEpG,IAAI,0BAA0B;AAC5B,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,0BAA0B,WAAc;;CAE/F,IAAI,+BAA+B;AACjC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,+BAA+B,WAAc;;CAEpG,IAAI,0CAA0C;AAC5C,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,0CAA0C,WAAc;;CAE/G,IAAI,8BAA8B;AAChC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,8BAA8B,WAAc;;CAEnG,IAAI,oCAAoC;AACtC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,oCAAoC,WAAc;;CAEzG,IAAI,oCAAoC;AACtC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,oCAAoC,WAAc;;CAEzG,IAAI,wBAAwB;AAC1B,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,wBAAwB,WAAc;;CAE7F,IAAI,mCAAmC;AACrC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,mCAAmC,WAAc;;CAExG,IAAI,mCAAmC;AACrC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,mCAAmC,WAAc;;CAExG,IAAI,uBAAuB;AACzB,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,uBAAuB,WAAc;;CAE5F,IAAI,4BAA4B;AAC9B,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,4BAA4B,WAAc;;CAEjG,IAAI,gBAAgB;AAClB,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,gBAAgB,WAAc;;CAErF,IAAI,wBAAwB;AAC1B,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,wBAAwB,WAAc;;CAE7F,IAAI,iDAAiD;AACnD,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,iDAAiD,WAAc;;CAEtH,IAAI,gDAAgD;AAClD,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,gDAAgD,WAAc;;CAErH,IAAI,2CAA2C;AAC7C,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,2CAA2C,WAAc;;CAEhH,IAAI,2CAA2C;AAC7C,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,2CAA2C,WAAc;;CAEhH,IAAI,qDAAqD;AACvD,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,qDAAqD,WAAc;;CAE1H,IAAI,WAAW;AACb,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,WAAW,WAAc;;CAEhF,IAAI,sCAAsC;AACxC,UAAQ,OAAO,YAAY,cAAc,QAAQ,IAAI,sCAAsC,WAAc;;CAE5G"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { GetCurrentUserOptions } from "./stack-app/common.js";
|
|
2
|
+
import { CurrentInternalUser, CurrentUser } from "./stack-app/users/index.js";
|
|
3
|
+
import { StackClientApp } from "./stack-app/apps/interfaces/client-app.js";
|
|
4
|
+
|
|
5
|
+
//#region src/lib/hooks.d.ts
|
|
6
|
+
type GetUserOptions = GetCurrentUserOptions<true> & {
|
|
7
|
+
projectIdMustMatch?: string;
|
|
8
|
+
};
|
|
9
|
+
/**
|
|
10
|
+
* Returns the current user object. Equivalent to `useStackApp().useUser()`.
|
|
11
|
+
*
|
|
12
|
+
* @returns the current user
|
|
13
|
+
*/
|
|
14
|
+
declare function useUser(options: GetUserOptions & {
|
|
15
|
+
or: 'redirect' | 'throw';
|
|
16
|
+
projectIdMustMatch: "internal";
|
|
17
|
+
}): CurrentInternalUser;
|
|
18
|
+
declare function useUser(options: GetUserOptions & {
|
|
19
|
+
or: 'redirect' | 'throw';
|
|
20
|
+
}): CurrentUser;
|
|
21
|
+
declare function useUser(options: GetUserOptions & {
|
|
22
|
+
projectIdMustMatch: "internal";
|
|
23
|
+
}): CurrentInternalUser | null;
|
|
24
|
+
declare function useUser(options?: GetUserOptions): CurrentUser | CurrentInternalUser | null;
|
|
25
|
+
/**
|
|
26
|
+
* Returns the current Stack app associated with the StackProvider.
|
|
27
|
+
*
|
|
28
|
+
* @returns the current Stack app
|
|
29
|
+
*/
|
|
30
|
+
declare function useStackApp<ProjectId extends string>(options?: {
|
|
31
|
+
projectIdMustMatch?: ProjectId;
|
|
32
|
+
}): StackClientApp<true, ProjectId>;
|
|
33
|
+
//#endregion
|
|
34
|
+
export { useStackApp, useUser };
|
|
35
|
+
//# sourceMappingURL=hooks.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hooks.d.ts","names":[],"sources":["../../src/lib/hooks.tsx"],"mappings":";;;;;KAQK,cAAA,GAAiB,qBAAA;EACpB,kBAAA;AAAA;;AAHuH;;;;iBAWzG,OAAA,CAAQ,OAAA,EAAS,cAAA;EAAmB,EAAA;EAA0B,kBAAA;AAAA,IAAmC,mBAAA;AAAA,iBACjG,OAAA,CAAQ,OAAA,EAAS,cAAA;EAAmB,EAAA;AAAA,IAA6B,WAAA;AAAA,iBACjE,OAAA,CAAQ,OAAA,EAAS,cAAA;EAAmB,kBAAA;AAAA,IAAmC,mBAAA;AAAA,iBACvE,OAAA,CAAQ,OAAA,GAAU,cAAA,GAAiB,WAAA,GAAc,mBAAA;;AAFjE;;;;iBAoBgB,WAAA,0BAAA,CAAsC,OAAA;EAAW,kBAAA,GAAqB,SAAA;AAAA,IAAmB,cAAA,OAAqB,SAAA"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
|
|
2
|
+
const require_chunk = require('../chunk-BE-pF4vm.js');
|
|
3
|
+
let react = require("react");
|
|
4
|
+
let ___providers_stack_context_js = require("../providers/stack-context.js");
|
|
5
|
+
|
|
6
|
+
//#region src/lib/hooks.tsx
|
|
7
|
+
function useUser(options = {}) {
|
|
8
|
+
const stackApp = useStackApp(options);
|
|
9
|
+
if (options.projectIdMustMatch && stackApp.projectId !== options.projectIdMustMatch) throw new Error("Unexpected project ID in useStackApp: " + stackApp.projectId);
|
|
10
|
+
if (options.projectIdMustMatch === "internal") return stackApp.useUser(options);
|
|
11
|
+
else return stackApp.useUser(options);
|
|
12
|
+
}
|
|
13
|
+
/**
|
|
14
|
+
* Returns the current Stack app associated with the StackProvider.
|
|
15
|
+
*
|
|
16
|
+
* @returns the current Stack app
|
|
17
|
+
*/
|
|
18
|
+
function useStackApp(options = {}) {
|
|
19
|
+
if (typeof react.useContext !== "function") throw new Error("useStackApp() can only be used in a React Client Component. Make sure you're not calling it from a Server Component, or any other environment.");
|
|
20
|
+
const context = (0, react.useContext)(___providers_stack_context_js.StackContext);
|
|
21
|
+
if (context === null) throw new Error("useStackApp must be used within a StackProvider");
|
|
22
|
+
const stackApp = context.app;
|
|
23
|
+
if (options.projectIdMustMatch && stackApp.projectId !== options.projectIdMustMatch) throw new Error("Unexpected project ID in useStackApp: " + stackApp.projectId);
|
|
24
|
+
return stackApp;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
//#endregion
|
|
28
|
+
exports.useStackApp = useStackApp;
|
|
29
|
+
exports.useUser = useUser;
|
|
30
|
+
//# sourceMappingURL=hooks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hooks.js","names":["useContext","StackContext"],"sources":["../../src/lib/hooks.tsx"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY, INSTEAD EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { useContext } from \"react\";\nimport { StackContext } from \"../providers/stack-context\";\nimport type { GetUserOptions as AppGetUserOptions, CurrentInternalUser, CurrentUser, StackClientApp } from \"./stack-app\";\n\ntype GetUserOptions = AppGetUserOptions<true> & {\n projectIdMustMatch?: string,\n};\n\n/**\n * Returns the current user object. Equivalent to `useStackApp().useUser()`.\n *\n * @returns the current user\n */\nexport function useUser(options: GetUserOptions & { or: 'redirect' | 'throw', projectIdMustMatch: \"internal\" }): CurrentInternalUser;\nexport function useUser(options: GetUserOptions & { or: 'redirect' | 'throw' }): CurrentUser;\nexport function useUser(options: GetUserOptions & { projectIdMustMatch: \"internal\" }): CurrentInternalUser | null;\nexport function useUser(options?: GetUserOptions): CurrentUser | CurrentInternalUser | null;\nexport function useUser(options: GetUserOptions = {}): CurrentUser | CurrentInternalUser | null {\n const stackApp = useStackApp(options);\n if (options.projectIdMustMatch && stackApp.projectId !== options.projectIdMustMatch) {\n throw new Error(\"Unexpected project ID in useStackApp: \" + stackApp.projectId);\n }\n if (options.projectIdMustMatch === \"internal\") {\n return stackApp.useUser(options) as CurrentInternalUser;\n } else {\n return stackApp.useUser(options) as CurrentUser;\n }\n}\n\n/**\n * Returns the current Stack app associated with the StackProvider.\n *\n * @returns the current Stack app\n */\nexport function useStackApp<ProjectId extends string>(options: { projectIdMustMatch?: ProjectId } = {}): StackClientApp<true, ProjectId> {\n if (typeof useContext !== \"function\") {\n throw new Error(\"useStackApp() can only be used in a React Client Component. Make sure you're not calling it from a Server Component, or any other environment.\");\n }\n const context = useContext(StackContext);\n if (context === null) {\n throw new Error(\"useStackApp must be used within a StackProvider\");\n }\n const stackApp = context.app;\n if (options.projectIdMustMatch && stackApp.projectId !== options.projectIdMustMatch) {\n throw new Error(\"Unexpected project ID in useStackApp: \" + stackApp.projectId);\n }\n return stackApp as StackClientApp<true, ProjectId>;\n}\n"],"mappings":";;;;;;AAqBA,SAAgB,QAAQ,UAA0B,EAAE,EAA4C;CAC9F,MAAM,WAAW,YAAY,QAAQ;AACrC,KAAI,QAAQ,sBAAsB,SAAS,cAAc,QAAQ,mBAC/D,OAAM,IAAI,MAAM,2CAA2C,SAAS,UAAU;AAEhF,KAAI,QAAQ,uBAAuB,WACjC,QAAO,SAAS,QAAQ,QAAQ;KAEhC,QAAO,SAAS,QAAQ,QAAQ;;;;;;;AASpC,SAAgB,YAAsC,UAA8C,EAAE,EAAmC;AACvI,KAAI,OAAOA,qBAAe,WACxB,OAAM,IAAI,MAAM,iJAAiJ;CAEnK,MAAM,gCAAqBC,2CAAa;AACxC,KAAI,YAAY,KACd,OAAM,IAAI,MAAM,kDAAkD;CAEpE,MAAM,WAAW,QAAQ;AACzB,KAAI,QAAQ,sBAAsB,SAAS,cAAc,QAAQ,mBAC/D,OAAM,IAAI,MAAM,2CAA2C,SAAS,UAAU;AAEhF,QAAO"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import * as yup from "yup";
|
|
2
|
+
import { IfAndOnlyIf, PrettifyType } from "@stackframe/stack-shared/dist/utils/types";
|
|
3
|
+
import { TeamApiKeysCrud, UserApiKeysCrud, teamApiKeysCreateInputSchema, userApiKeysCreateInputSchema } from "@stackframe/stack-shared/dist/interface/crud/project-api-keys";
|
|
4
|
+
|
|
5
|
+
//#region src/lib/stack-app/api-keys/index.d.ts
|
|
6
|
+
type ApiKeyType = "user" | "team";
|
|
7
|
+
type ApiKey<Type extends ApiKeyType = ApiKeyType, IsFirstView extends boolean = false> = {
|
|
8
|
+
id: string;
|
|
9
|
+
description: string;
|
|
10
|
+
expiresAt?: Date;
|
|
11
|
+
manuallyRevokedAt?: Date | null;
|
|
12
|
+
createdAt: Date;
|
|
13
|
+
value: IfAndOnlyIf<IsFirstView, true, string, {
|
|
14
|
+
lastFour: string;
|
|
15
|
+
}>;
|
|
16
|
+
update(options: ApiKeyUpdateOptions<Type>): Promise<void>;
|
|
17
|
+
revoke: () => Promise<void>;
|
|
18
|
+
isValid: () => boolean;
|
|
19
|
+
whyInvalid: () => "manually-revoked" | "expired" | null;
|
|
20
|
+
} & (("user" extends Type ? {
|
|
21
|
+
type: "user";
|
|
22
|
+
userId: string;
|
|
23
|
+
} : never) | ("team" extends Type ? {
|
|
24
|
+
type: "team";
|
|
25
|
+
teamId: string;
|
|
26
|
+
} : never));
|
|
27
|
+
type UserApiKeyFirstView = PrettifyType<ApiKey<"user", true>>;
|
|
28
|
+
type UserApiKey = PrettifyType<ApiKey<"user", false>>;
|
|
29
|
+
type TeamApiKeyFirstView = PrettifyType<ApiKey<"team", true>>;
|
|
30
|
+
type TeamApiKey = PrettifyType<ApiKey<"team", false>>;
|
|
31
|
+
type ApiKeyCreationOptions<Type extends ApiKeyType = ApiKeyType> = {
|
|
32
|
+
description: string;
|
|
33
|
+
expiresAt: Date | null;
|
|
34
|
+
/**
|
|
35
|
+
* Whether the API key should be considered public. A public API key will not be detected by the secret scanner, which
|
|
36
|
+
* automatically revokes API keys when it detects that they may have been exposed to the public.
|
|
37
|
+
*/
|
|
38
|
+
isPublic?: boolean;
|
|
39
|
+
};
|
|
40
|
+
declare function apiKeyCreationOptionsToCrud(type: "user", userId: string, options: ApiKeyCreationOptions<"user">): Promise<yup.InferType<typeof userApiKeysCreateInputSchema>>;
|
|
41
|
+
declare function apiKeyCreationOptionsToCrud(type: "team", teamId: string, options: ApiKeyCreationOptions<"team">): Promise<yup.InferType<typeof teamApiKeysCreateInputSchema>>;
|
|
42
|
+
declare function apiKeyCreationOptionsToCrud(type: ApiKeyType, userIdOrTeamId: string, options: ApiKeyCreationOptions): Promise<yup.InferType<typeof userApiKeysCreateInputSchema> | yup.InferType<typeof teamApiKeysCreateInputSchema>>;
|
|
43
|
+
type ApiKeyUpdateOptions<Type extends ApiKeyType = ApiKeyType> = {
|
|
44
|
+
description?: string;
|
|
45
|
+
expiresAt?: Date | null;
|
|
46
|
+
revoked?: boolean;
|
|
47
|
+
};
|
|
48
|
+
declare function apiKeyUpdateOptionsToCrud(type: "user", options: ApiKeyUpdateOptions<"user">): Promise<UserApiKeysCrud["Client"]["Update"]>;
|
|
49
|
+
declare function apiKeyUpdateOptionsToCrud(type: "team", options: ApiKeyUpdateOptions<"team">): Promise<TeamApiKeysCrud["Client"]["Update"]>;
|
|
50
|
+
declare function apiKeyUpdateOptionsToCrud(type: ApiKeyType, options: ApiKeyUpdateOptions): Promise<UserApiKeysCrud["Client"]["Update"] | TeamApiKeysCrud["Client"]["Update"]>;
|
|
51
|
+
//#endregion
|
|
52
|
+
export { ApiKey, ApiKeyCreationOptions, ApiKeyType, ApiKeyUpdateOptions, TeamApiKey, TeamApiKeyFirstView, UserApiKey, UserApiKeyFirstView, apiKeyCreationOptionsToCrud, apiKeyUpdateOptionsToCrud };
|
|
53
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../../../../src/lib/stack-app/api-keys/index.ts"],"mappings":";;;;;KASY,UAAA;AAAA,KAEA,MAAA,cAAoB,UAAA,GAAa,UAAA;EAEvC,EAAA;EACA,WAAA;EACA,SAAA,GAAY,IAAA;EACZ,iBAAA,GAAoB,IAAA;EACpB,SAAA,EAAW,IAAA;EACX,KAAA,EAAO,WAAA,CAAY,WAAA;IAA6B,QAAA;EAAA;EAChD,MAAA,CAAO,OAAA,EAAS,mBAAA,CAAoB,IAAA,IAAQ,OAAA;EAC5C,MAAA,QAAc,OAAA;EACd,OAAA;EACA,UAAA;AAAA,qBAGgB,IAAA;EAAS,IAAA;EAAc,MAAA;AAAA,6BACvB,IAAA;EAAS,IAAA;EAAc,MAAA;AAAA;AAAA,KAGjC,mBAAA,GAAsB,YAAA,CAAa,MAAA;AAAA,KACnC,UAAA,GAAa,YAAA,CAAa,MAAA;AAAA,KAE1B,mBAAA,GAAsB,YAAA,CAAa,MAAA;AAAA,KACnC,UAAA,GAAa,YAAA,CAAa,MAAA;AAAA,KAE1B,qBAAA,cAAmC,UAAA,GAAa,UAAA;EAExD,WAAA;EACA,SAAA,EAAW,IAAA;EA3B0C;;;;EAgCrD,QAAA;AAAA;AAAA,iBAEY,2BAAA,CAA4B,IAAA,UAAc,MAAA,UAAgB,OAAA,EAAS,qBAAA,WAAgC,OAAA,CAAQ,GAAA,CAAI,SAAA,QAAiB,4BAAA;AAAA,iBAChI,2BAAA,CAA4B,IAAA,UAAc,MAAA,UAAgB,OAAA,EAAS,qBAAA,WAAgC,OAAA,CAAQ,GAAA,CAAI,SAAA,QAAiB,4BAAA;AAAA,iBAChI,2BAAA,CAA4B,IAAA,EAAM,UAAA,EAAY,cAAA,UAAwB,OAAA,EAAS,qBAAA,GAAwB,OAAA,CAAQ,GAAA,CAAI,SAAA,QAAiB,4BAAA,IAAgC,GAAA,CAAI,SAAA,QAAiB,4BAAA;AAAA,KAW7L,mBAAA,cAAiC,UAAA,GAAa,UAAA;EACxD,WAAA;EACA,SAAA,GAAY,IAAA;EACZ,OAAA;AAAA;AAAA,iBAEc,yBAAA,CAA0B,IAAA,UAAc,OAAA,EAAS,mBAAA,WAA8B,OAAA,CAAQ,eAAA;AAAA,iBACvF,yBAAA,CAA0B,IAAA,UAAc,OAAA,EAAS,mBAAA,WAA8B,OAAA,CAAQ,eAAA;AAAA,iBACvF,yBAAA,CAA0B,IAAA,EAAM,UAAA,EAAY,OAAA,EAAS,mBAAA,GAAsB,OAAA,CAAQ,eAAA,uBAAsC,eAAA"}
|