@tinyrack/tinyauth-server 0.5.1 → 0.6.0

package/dist/services/account-selection.service.js

@@ -0,0 +1,77 @@
+export class AccountSelectionService {
+    config;
+    constructor(config) {
+        this.config = config;
+    }
+    decide(params) {
+        const globalConfig = this.config.auth.account_selection;
+        const clientOverride = this.config.clients.find((client) => client.client_id === params.clientId)?.account_selection;
+        const mode = this.resolveMode(globalConfig.enabled, globalConfig.mode, clientOverride?.mode);
+        const activeUserSub = params.activeUserSub;
+        if (!activeUserSub) {
+            return this.continueOrErrorForMissingSelection(params);
+        }
+        if (!params.freshReauthentication &&
+            (params.prompts.includes('login') || params.maxAge === 0)) {
+            return { type: 'reauthenticate' };
+        }
+        if (mode === 'disabled' || params.accountSelected) {
+            return { type: 'continue', selectedSub: activeUserSub };
+        }
+        const hintedAccount = this.findLoginHintMatch(params.rememberedAccounts, params.loginHint);
+        const explicitlyRequiresChooser = params.prompts.includes('select_account') || mode === 'always';
+        if (explicitlyRequiresChooser) {
+            return this.promptNoneOrChooser(params, globalConfig.prompt_none_error);
+        }
+        if (params.loginHint &&
+            globalConfig.login_hint.behavior === 'require_match') {
+            if (!hintedAccount) {
+                return this.promptNoneOrChooser(params, globalConfig.prompt_none_error);
+            }
+            return { type: 'continue', selectedSub: hintedAccount.sub };
+        }
+        if (hintedAccount && globalConfig.login_hint.behavior === 'prefer') {
+            return { type: 'continue', selectedSub: hintedAccount.sub };
+        }
+        if (mode === 'smart' && params.rememberedAccounts.length >= 2) {
+            return this.promptNoneOrChooser(params, globalConfig.prompt_none_error);
+        }
+        return { type: 'continue', selectedSub: activeUserSub };
+    }
+    resolveMode(enabled, globalMode, clientMode) {
+        if (!enabled || globalMode === 'disabled' || clientMode === 'never') {
+            return 'disabled';
+        }
+        if (!clientMode || clientMode === 'inherit') {
+            return globalMode;
+        }
+        return clientMode;
+    }
+    findLoginHintMatch(accounts, loginHint) {
+        if (!loginHint) {
+            return undefined;
+        }
+        return accounts.find((account) => account.sub === loginHint || account.email === loginHint);
+    }
+    promptNoneOrChooser(params, promptNoneError) {
+        if (params.prompts.includes('none')) {
+            return {
+                type: 'oauth_error',
+                error: promptNoneError,
+                errorDescription: 'The Authorization Server requires End-User account selection.',
+            };
+        }
+        return { type: 'show_chooser' };
+    }
+    continueOrErrorForMissingSelection(params) {
+        if (params.prompts.includes('none')) {
+            return {
+                type: 'oauth_error',
+                error: 'login_required',
+                errorDescription: 'The Authorization Server requires End-User authentication.',
+            };
+        }
+        return { type: 'reauthenticate' };
+    }
+}
+//# sourceMappingURL=account-selection.service.js.map

package/dist/services/account-selection.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"account-selection.service.js","sourceRoot":"","sources":["../../src/services/account-selection.service.ts"],"names":[],"mappings":"AA6BA,MAAM,OAAO,uBAAuB;IACjB,MAAM,CAAwB;IAE/C,YAAmB,MAA6B;QAC9C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAEM,MAAM,CACX,MAAsC;QAEtC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC;QACxD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAC7C,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,KAAK,MAAM,CAAC,QAAQ,CACjD,EAAE,iBAAiB,CAAC;QAErB,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAC3B,YAAY,CAAC,OAAO,EACpB,YAAY,CAAC,IAAI,EACjB,cAAc,EAAE,IAAI,CACrB,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;QAE3C,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,CAAC;QACzD,CAAC;QAED,IACE,CAAC,MAAM,CAAC,qBAAqB;YAC7B,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EACzD,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;QACpC,CAAC;QAED,IAAI,IAAI,KAAK,UAAU,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAClD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC;QAC1D,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAC3C,MAAM,CAAC,kBAAkB,EACzB,MAAM,CAAC,SAAS,CACjB,CAAC;QACF,MAAM,yBAAyB,GAC7B,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,IAAI,KAAK,QAAQ,CAAC;QAEjE,IAAI,yBAAyB,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,CAAC;QAC1E,CAAC;QAED,IACE,MAAM,CAAC,SAAS;YAChB,YAAY,CAAC,UAAU,CAAC,QAAQ,KAAK,eAAe,EACpD,CAAC;YACD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,CAAC;YAC1E,CAAC;YACD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,GAAG,EAAE,CAAC;QAC9D,CAAC;QAED,IAAI,aAAa,IAAI,YAAY,CAAC,UAAU,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACnE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,GAAG,EAAE,CAAC;QAC9D,CAAC;QAED,IAAI,IAAI,KAAK,OAAO,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,YAAY,CAAC,iBAAiB,CAAC,CAAC;QAC1E,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC;IAC1D,CAAC;IAEO,WAAW,CACjB,OAAgB,EAChB,UAAyC,EACzC,UAMa;QAEb,IAAI,CAAC,OAAO,IAAI,UAAU,KAAK,UAAU,IAAI,UAAU,KAAK,OAAO,EAAE,CAAC;YACpE,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,IAAI,CAAC,UAAU,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC5C,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,kBAAkB,CACxB,QAA6B,EAC7B,SAA6B;QAE7B,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO,QAAQ,CAAC,IAAI,CAClB,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,KAAK,SAAS,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,CACtE,CAAC;IACJ,CAAC;IAEO,mBAAmB,CACzB,MAAsC,EACtC,eAAgE;QAEhE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EACd,+DAA+D;aAClE,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;IAClC,CAAC;IAEO,kCAAkC,CACxC,MAAsC;QAEtC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,IAAI,EAAE,aAAa;gBACnB,KAAK,EAAE,gBAAgB;gBACvB,gBAAgB,EACd,4DAA4D;aAC/D,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC;IACpC,CAAC;CACF"}

package/dist/services/container.d.ts

@@ -62,6 +62,9 @@ export declare function initializeServices(config: TinyAuthRuntimeConfig, logger
                 enabled: boolean;
                 retention: string;
             };
+            admin: {
+                enabled: boolean;
+            };
             logging: {
                 level: "error" | "trace" | "debug" | "info" | "warn" | "fatal" | "silent";
                 format: "json" | "pretty";
@@ -92,6 +95,21 @@ export declare function initializeServices(config: TinyAuthRuntimeConfig, logger
                     rp_id?: string | undefined;
                     origins?: string[] | undefined;
                 };
+                account_selection: {
+                    enabled: boolean;
+                    mode: "always" | "oidc_prompt" | "disabled" | "smart";
+                    remember_accounts: {
+                        enabled: boolean;
+                        max_accounts: number;
+                        ttl: string;
+                    };
+                    allow_add_account: boolean;
+                    allow_remove_account: boolean;
+                    login_hint: {
+                        behavior: "prefer" | "ignore" | "require_match";
+                    };
+                    prompt_none_error: "login_required" | "account_selection_required";
+                };
             };
             security: {
                 session_secret: string;
@@ -148,6 +166,10 @@ export declare function initializeServices(config: TinyAuthRuntimeConfig, logger
                 skip_consent: boolean;
                 logo_uri?: string | undefined;
                 client_secret?: string | undefined;
+                account_selection?: {
+                    mode: "inherit" | "never" | "always" | "oidc_prompt" | "smart";
+                    allow_add_account?: boolean | undefined;
+                } | undefined;
             }[];
             users: {
                 sub: string;

package/dist/services/container.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"container.d.ts","sourceRoot":"","sources":["../../src/services/container.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,qBAAqB,EAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EACL,KAAK,cAAc,EAEpB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAE/D,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,cAAc,CAAC;CAC7B;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,qBAAqB,EAC7B,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,yBAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiHxC;AAED,MAAM,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC,CAAC;AACxE,MAAM,MAAM,gBAAgB,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC"}
+{"version":3,"file":"container.d.ts","sourceRoot":"","sources":["../../src/services/container.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,qBAAqB,EAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EACL,KAAK,cAAc,EAEpB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAE/D,MAAM,WAAW,yBAAyB;IACxC,UAAU,CAAC,EAAE,cAAc,CAAC;CAC7B;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,qBAAqB,EAC7B,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,yBAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiHxC;AAED,MAAM,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC,CAAC;AACxE,MAAM,MAAM,gBAAgB,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC"}

package/dist/services/jwt.service.js

@@ -529,11 +529,11 @@ export class JwtService {
         if (!authHeader) {
             throw new e.MissingAuthorizationHeader.Error();
         }
-        const parts = authHeader.split(' ');
-        if (parts.length !== 2 || parts[0] !== 'Bearer') {
+        const match = authHeader.match(/^\s*Bearer\s+(.+?)\s*$/i);
+        if (!match) {
             throw new e.InvalidAuthorizationHeaderFormat.Error();
         }
-        const token = parts[1];
+        const token = match[1]?.trim();
         if (!token) {
             throw new e.MissingBearerToken.Error();
         }

package/dist/services/jwt.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,WAAW,EACX,UAAU,EACV,eAAe,EACf,WAAW,EACX,UAAU,EAEV,SAAS,EACT,OAAO,GACR,MAAM,MAAM,CAAC;AACd,OAAO,EAAqB,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEnE,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAqIxC;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,UAAU;IACrB,mCAAmC;IAC3B,cAAc,GAAwB,IAAI,CAAC;IAC3C,kBAAkB,GAAW,CAAC,CAAC;IACtB,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;IAEtD,8DAA8D;IACtD,sBAAsB,GAAiC,IAAI,CAAC;IAEnD,MAAM,CAAwB;IAC9B,KAAK,CAAe;IACrC,YAAY,MAA6B,EAAE,KAAmB;QAC5D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,8EAA8E;IAC9E,8BAA8B;IAC9B,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,eAAe;QACnB,mCAAmC;QACnC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE;YAC/D,aAAa,EAAE,IAAI;YACnB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,qDAAqD;QACrD,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,sBAAsB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAE/B,OAAO;YACL,GAAG;YACH,UAAU,EAAE,aAAa;YACzB,SAAS,EAAE,YAAY;YACvB,SAAS,EAAE,OAAO;SACnB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,WAAW;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,OAAO,OAAO,SAAS,IAAI,MAAM,EAAE,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAEzD,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oDAAoD;QACpD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAErD,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QAED,kDAAkD;QAClD,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC;QAEnE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,YAAY,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACtC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,UAAU,EAAE,OAAO,CAAC,SAAS;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QAE5C,cAAc;QACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAE3B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC;QAEnE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,YAAY,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACtC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,UAAU,EAAE,OAAO,CAAC,SAAS;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,YAAY,CAAC,IAAI;YACzB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QAE5C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,GAAiB;QACjC,GAAG,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;QACjC,GAAG,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC;QAE9B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;QAEzC,cAAc;QACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAE3B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAE7D,gCAAgC;QAChC,IAAI,aAAa,EAAE,CAAC;YAClB,aAAa,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC;YAC7C,aAAa,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC;QAC5C,CAAC;QAED,yBAAyB;QACzB,IAAI,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAEnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,CAAC;QAED,wBAAwB;QACxB,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;QACrC,OAAO,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC;QAElC,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,cAAc;QACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAE3B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,WAAoB;QACtC,MAAM,IAAI,GAAG,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC;QACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAEnE,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC;YAClC,GAAG,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAC9B,CAAC;QAED,OAAO,YAAY,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,cAAc;QACd,IACE,IAAI,CAAC,cAAc;YACnB,GAAG,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,EACjD,CAAC;YACD,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QAED,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAEjD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,0DAA0D;YAC1D,wDAAwD;YACxD,0CAA0C;YAC1C,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBACjC,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;oBAChE,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;gBACrC,CAAC,CAAC,CAAC;YACL,CAAC;YACD,GAAG,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;QAC1C,CAAC;QAED,eAAe;QACf,IAAI,CAAC,cAAc,GAAG,GAAG,CAAC;QAC1B,IAAI,CAAC,kBAAkB,GAAG,GAAG,CAAC;QAE9B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,GAAW;QAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;IACjD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,GAAiB;QAClC,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAElE,gBAAgB;QAChB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;QAEvC,4CAA4C;QAC5C,OAAO;YACL,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,KAAK;YACrB,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,GAAG,CAAC,SAAS;YAClB,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1B,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;SAC3B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO;QAGX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAErD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAE1E,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,mBAAmB;QACjB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,OAA2B;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,MAAM,UAAU,GAAG,IAAI,OAAO,CAAC;YAC7B,GAAG,EAAE,cAAc;YACnB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;aACpE,MAAM,CAAC,GAAG,CAAC;aACX,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;aAC5B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE/C,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAA4B;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,GAAG,EAAE,eAAe;YACpB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;aACpE,MAAM,CAAC,GAAG,CAAC;aACX,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;aAC5B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;aAC3C,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,WAAW,CAAC,OAAuB;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAErE,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;YAC9C,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;YACxE,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;YACpD,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;YAC9C,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,IAAI;gBAC1C,cAAc,EAAE,OAAO,CAAC,cAAc;aACvC,CAAC;YACF,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;YAC3C,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;SACrD,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;aACpE,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;aAC5B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;aAC3C,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAE9C,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,qBAAqB;IACrB,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAE9C,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAE1C,MAAM,IAAI,CAAC,iCAAiC,CAAC,OAAO,CAAC,CAAC;YAEtD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,OAAO,IAAI,CAAC,sCAAsC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,mCAAmC,CACvC,KAAa;QAEb,OAAO,IAAI,CAAC,sCAAsC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,sCAAsC,CAClD,KAAa,EACb,eAAwB;QAExB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAE9C,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YAED,MAAM,IAAI,CAAC,iCAAiC,CAAC,OAAO,CAAC,CAAC;YAEtD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CACjC,OAAiD;QAEjD,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvE,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,CACjE,OAAO,CAAC,QAAQ,CACjB,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,KAAa;QACrC,2BAA2B;QAC3B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAA4B,IAAI,CAAC,KAAK,CAChD,aAAa,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CACzC,CAAC;QACF,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE1E,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAExC,IAAI,CAAC,GAAG,EAAE,iBAAiB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,GAAG,KAAK,GAAG,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAClE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE;YACpD,UAAU,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;YAC3B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa;SACzC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,iCAAiC,CAC7C,OAAiD;QAEjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC;YAClD,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IACE,OAAO,CAAC,GAAG,KAAK,cAAc;YAC9B,OAAO,CAAC,UAAU,KAAK,oBAAoB,EAC3C,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtC,MAAM,IAAI,KAAK,CACb,wDAAwD,CACzD,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC1B,OAAmB;QAEnB,OAAO,CACL,OAAO,CAAC,KAAK,CAAC,KAAK,cAAc;YACjC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAC/B,OAAO,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ;YACxC,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,QAAQ,CACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC3B,OAAmB;QAEnB,OAAO,CACL,OAAO,CAAC,KAAK,CAAC,KAAK,eAAe;YAClC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAC/B,OAAO,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ;YACxC,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,QAAQ,CACrC,CAAC;IACJ,CAAC;IAEO,gBAAgB,CACtB,OAAmB;QAEnB,OAAO,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,KAAa;QACvB,IAAI,CAAC;YACH,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,0BAA0B;IAC1B,8EAA8E;IAE9E;;;;;;;;;;;;;;OAcG;IACH,kBAAkB,CAAC,GAA4C;QAC7D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,CAAC,0BAA0B,CAAC,KAAK,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,CAAC,CAAC,gCAAgC,CAAC,KAAK,EAAE,CAAC;QACvD,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAEzB;QACC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAE3C,8CAA8C;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}
+{"version":3,"file":"jwt.service.js","sourceRoot":"","sources":["../../src/services/jwt.service.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,SAAS,EACT,WAAW,EACX,UAAU,EACV,eAAe,EACf,WAAW,EACX,UAAU,EAEV,SAAS,EACT,OAAO,GACR,MAAM,MAAM,CAAC;AACd,OAAO,EAAqB,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAChF,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAEnE,OAAO,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAqIxC;;;;;;;;;;;;GAYG;AACH,MAAM,OAAO,UAAU;IACrB,mCAAmC;IAC3B,cAAc,GAAwB,IAAI,CAAC;IAC3C,kBAAkB,GAAW,CAAC,CAAC;IACtB,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW;IAEtD,8DAA8D;IACtD,sBAAsB,GAAiC,IAAI,CAAC;IAEnD,MAAM,CAAwB;IAC9B,KAAK,CAAe;IACrC,YAAY,MAA6B,EAAE,KAAmB;QAC5D,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,8EAA8E;IAC9E,8BAA8B;IAC9B,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,eAAe;QACnB,mCAAmC;QACnC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE;YAC/D,aAAa,EAAE,IAAI;YACnB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QAEH,qDAAqD;QACrD,MAAM,aAAa,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,CAAC;QACpD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;QAEjD,sBAAsB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QAE/B,OAAO;YACL,GAAG;YACH,UAAU,EAAE,aAAa;YACzB,SAAS,EAAE,YAAY;YACvB,SAAS,EAAE,OAAO;SACnB,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,WAAW;QACjB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/C,OAAO,OAAO,SAAS,IAAI,MAAM,EAAE,CAAC;IACtC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe;QACnB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAEzD,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oDAAoD;QACpD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAErD,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QAED,kDAAkD;QAClD,OAAO,IAAI,CAAC,oBAAoB,EAAE,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB;QACxB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC;QAEnE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,YAAY,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACtC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,UAAU,EAAE,OAAO,CAAC,SAAS;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,YAAY,EAAE,IAAI,IAAI,EAAE;YACxB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QAE5C,cAAc;QACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAE3B,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC;QAEnE,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;QAC7B,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,YAAY,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;YACtC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,UAAU,EAAE,OAAO,CAAC,SAAS;YAC7B,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,YAAY,CAAC,IAAI;YACzB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,CAAC;QAE5C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,GAAiB;QACjC,GAAG,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;QACjC,GAAG,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC;QAE9B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;QAEzC,cAAc;QACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAE3B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,UAAU;QACd,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAE7D,gCAAgC;QAChC,IAAI,aAAa,EAAE,CAAC;YAClB,aAAa,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC;YAC7C,aAAa,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC;QAC5C,CAAC;QAED,yBAAyB;QACzB,IAAI,OAAO,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAEnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QACvC,CAAC;QAED,wBAAwB;QACxB,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;QACrC,OAAO,CAAC,YAAY,GAAG,IAAI,IAAI,EAAE,CAAC;QAElC,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAE5B,cAAc;QACd,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAE3B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,WAAoB;QACtC,MAAM,IAAI,GAAG,WAAW,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC;QACzE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAEnE,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC;YAClC,GAAG,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC;QAC9B,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;QAC9B,CAAC;QAED,OAAO,YAAY,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,cAAc;QACd,IACE,IAAI,CAAC,cAAc;YACnB,GAAG,GAAG,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,EACjD,CAAC;YACD,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QAED,IAAI,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;QAEjD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,0DAA0D;YAC1D,wDAAwD;YACxD,0CAA0C;YAC1C,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBACjC,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;oBAChE,IAAI,CAAC,sBAAsB,GAAG,IAAI,CAAC;gBACrC,CAAC,CAAC,CAAC;YACL,CAAC;YACD,GAAG,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;QAC1C,CAAC;QAED,eAAe;QACf,IAAI,CAAC,cAAc,GAAG,GAAG,CAAC;QAC1B,IAAI,CAAC,kBAAkB,GAAG,GAAG,CAAC;QAE9B,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,GAAW;QAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB;QACvB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC;IACjD,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,GAAiB;QAClC,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAElE,gBAAgB;QAChB,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;QAEvC,4CAA4C;QAC5C,OAAO;YACL,GAAG,EAAE,GAAG,CAAC,GAAG,IAAI,KAAK;YACrB,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,EAAE,GAAG,CAAC,SAAS;YAClB,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;YAC1B,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;SAC3B,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO;QAGX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAErD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAE1E,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,mBAAmB;QACjB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED,8EAA8E;IAC9E,gBAAgB;IAChB,8EAA8E;IAE9E;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,OAA2B;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,MAAM,UAAU,GAAG,IAAI,OAAO,CAAC;YAC7B,GAAG,EAAE,cAAc;YACnB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjE,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;aACpE,MAAM,CAAC,GAAG,CAAC;aACX,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;aAC5B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE/C,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,UAAU,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACtC,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAE9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAA4B;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC;QACjD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,GAAG,EAAE,eAAe;YACpB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;aACpE,MAAM,CAAC,GAAG,CAAC;aACX,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;aAC5B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;aAC3C,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,WAAW,CAAC,OAAuB;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAErE,MAAM,GAAG,GAAG,MAAM,IAAI,OAAO,CAAC;YAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;YAC9C,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;YACxE,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;YACpD,GAAG,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC;YAC9C,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,IAAI;gBAC1C,cAAc,EAAE,OAAO,CAAC,cAAc;aACvC,CAAC;YACF,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;YAC3C,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC;SACrD,CAAC;aACC,kBAAkB,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;aACpE,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,GAAG,GAAG,CAAC;aAC5B,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;aAC3C,IAAI,CAAC,UAAU,CAAC,CAAC;QAEpB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAAa;QAC/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAE9C,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YAED,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,qBAAqB;IACrB,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAE9C,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAE1C,MAAM,IAAI,CAAC,iCAAiC,CAAC,OAAO,CAAC,CAAC;YAEtD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,kBAAkB,CAAC,KAAa;QACpC,OAAO,IAAI,CAAC,sCAAsC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,mCAAmC,CACvC,KAAa;QAEb,OAAO,IAAI,CAAC,sCAAsC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,sCAAsC,CAClD,KAAa,EACb,eAAwB;QAExB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;YAE9C,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YAED,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YAED,MAAM,IAAI,CAAC,iCAAiC,CAAC,OAAO,CAAC,CAAC;YAEtD,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,CAAC,CAAC,mBAAmB,CAAC,KAAK,EAAE,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CACjC,OAAiD;QAEjD,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvE,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;QAED,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,CACjE,OAAO,CAAC,QAAQ,CACjB,CAAC;YACF,IAAI,cAAc,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,KAAa;QACrC,2BAA2B;QAC3B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,MAAM,GAA4B,IAAI,CAAC,KAAK,CAChD,aAAa,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CACzC,CAAC;QACF,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAC1E,MAAM,GAAG,GAAG,OAAO,MAAM,CAAC,KAAK,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE1E,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAExC,IAAI,CAAC,GAAG,EAAE,iBAAiB,EAAE,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,GAAG,KAAK,GAAG,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAClE,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE;YACpD,UAAU,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC;YAC3B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa;SACzC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,KAAK,CAAC,iCAAiC,CAC7C,OAAiD;QAEjD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC;YAClD,QAAQ,EAAE,OAAO,CAAC,SAAS;SAC5B,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,IACE,OAAO,CAAC,GAAG,KAAK,cAAc;YAC9B,OAAO,CAAC,UAAU,KAAK,oBAAoB,EAC3C,CAAC;YACD,IAAI,OAAO,CAAC,GAAG,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtC,MAAM,IAAI,KAAK,CACb,wDAAwD,CACzD,CAAC;YACJ,CAAC;YACD,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;OAEG;IACK,oBAAoB,CAC1B,OAAmB;QAEnB,OAAO,CACL,OAAO,CAAC,KAAK,CAAC,KAAK,cAAc;YACjC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAC/B,OAAO,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ;YACxC,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,QAAQ,CACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,qBAAqB,CAC3B,OAAmB;QAEnB,OAAO,CACL,OAAO,CAAC,KAAK,CAAC,KAAK,eAAe;YAClC,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;YAC/B,OAAO,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ;YACxC,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,QAAQ,CACrC,CAAC;IACJ,CAAC;IAEO,gBAAgB,CACtB,OAAmB;QAEnB,OAAO,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC;IAC5E,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,KAAa;QACvB,IAAI,CAAC;YACH,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,0BAA0B;IAC1B,8EAA8E;IAE9E;;;;;;;;;;;;;;OAcG;IACH,kBAAkB,CAAC,GAA4C;QAC7D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAE7C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,CAAC,0BAA0B,CAAC,KAAK,EAAE,CAAC;QACjD,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAE1D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,CAAC,gCAAgC,CAAC,KAAK,EAAE,CAAC;QACvD,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,CAAC,CAAC,kBAAkB,CAAC,KAAK,EAAE,CAAC;QACzC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,KAAK,CAAC,mBAAmB,CAAC,GAEzB;QACC,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;QAE3C,8CAA8C;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;QACpD,OAAO,OAAO,CAAC;IACjB,CAAC;CACF"}

package/dist/services/oauth-authorize.service.d.ts

@@ -1,5 +1,6 @@
 import type z from 'zod';
 import type { TinyAuthRuntimeConfig } from '../lib/config/index.ts';
+import type { AccountSelectionSession } from '../middleware/session.ts';
 import type { f } from '../schemas/field.ts';
 import type { JwtService } from './jwt.service.ts';
 import type { MikroService } from './mikro.service.ts';
@@ -37,11 +38,15 @@ export interface AuthorizeParams {
     reauthenticated?: '1' | undefined;
     /** OIDC display mode for authentication UI */
     display?: z.infer<typeof f.display> | undefined;
-    response_mode?: 'query' | 'fragment' | 'form_post' | undefined;
+    response_mode?: string | undefined;
     login_hint?: string | undefined;
     ui_locales?: string | undefined;
     id_token_hint?: string | undefined;
     acr_values?: string | undefined;
+    /** Internal marker added after the user explicitly selected an account. */
+    account_selected?: '1' | undefined;
+    /** Internal server-side continuation id created before showing account chooser. */
+    account_selection_state?: string | undefined;
 }
 /**
  * OAuth authorization result
@@ -72,7 +77,23 @@ export declare class OAuthAuthorizeService {
             /** OIDC: Time when End-User authentication occurred (Unix timestamp) */
             authenticated_at: number;
         };
+        rememberedAccounts?: Array<{
+            sub: string;
+            authenticated_at: number;
+            last_used_at: number;
+            email?: string | undefined;
+        }>;
+        selectUserSession?: (userSub: string) => boolean | undefined | Promise<boolean | undefined>;
+        accountSelectionSession?: AccountSelectionSession | undefined;
+        setAccountSelectionSession?: (state: AccountSelectionSession) => void;
+        clearAccountSelectionSession?: () => void;
     }): Promise<AuthorizeResult>;
+    private parseResponseMode;
+    private createAccountSelectionSession;
+    private buildAccountSelectionRequestFingerprint;
+    private normalizePromptForAccountSelectionFingerprint;
+    private getTrustedAccountSelectionContinuation;
+    private enrichRememberedAccounts;
     private parsePrompt;
     private isSessionStale;
     private hasFreshReauthentication;
@@ -86,10 +107,12 @@ export declare class OAuthAuthorizeService {
      * but if they do send a code_challenge it must be S256 and well-formed.
      */
     private validateAuthorizationCodePKCE;
+    private copyAuthorizeParams;
     /**
      * Build login redirect URL
      */
     private buildLoginRedirectUrl;
+    private buildAccountSelectRedirectUrl;
     /**
      * Build consent redirect URL
      */

package/dist/services/oauth-authorize.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-authorize.service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-authorize.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAEpE,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAKpE;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,qEAAqE;IACrE,aAAa,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,YAAY,EAAE,MAAM,CAAC;IACrB,yFAAyF;IACzF,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,iDAAiD;IACjD,qBAAqB,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IACrD,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,8CAA8C;IAC9C,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,iEAAiE;IACjE,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC;IAC9C,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,8EAA8E;IAC9E,eAAe,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC;IAClC,8CAA8C;IAC9C,OAAO,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;IAChD,aAAa,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,WAAW,GAAG,SAAS,CAAC;IAC/D,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,IAAI,EAAE,UAAU,GAAG,WAAW,CAAC;IAC/B,wCAAwC;IACxC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;gBAEtC,MAAM,EAAE,qBAAqB,EAC7B,KAAK,EAAE,YAAY,EACnB,kBAAkB,EAAE,kBAAkB,EACtC,kBAAkB,EAAE,kBAAkB,EACtC,eAAe,EAAE,eAAe,EAChC,UAAU,EAAE,UAAU;IAUxB;;OAEG;IACU,SAAS,CAAC,MAAM,EAAE;QAC7B,KAAK,EAAE,eAAe,CAAC;QACvB,WAAW,CAAC,EAAE;YACZ,GAAG,EAAE,MAAM,CAAC;YACZ,wEAAwE;YACxE,gBAAgB,EAAE,MAAM,CAAC;SAC1B,CAAC;KACH,GAAG,OAAO,CAAC,eAAe,CAAC;IAqL5B,OAAO,CAAC,WAAW;IAiCnB,OAAO,CAAC,cAAc;IAetB,OAAO,CAAC,wBAAwB;IAehC,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,8BAA8B;IAiBtC;;;;;;OAMG;YACW,6BAA6B;IAwB3C;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAyC7B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAyC/B,OAAO,CAAC,2BAA2B;IAkBnC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAwB7B,OAAO,CAAC,6BAA6B;YAkCvB,4BAA4B;IA8E1C;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAwBxB;;OAEG;YACW,yBAAyB;CAqDxC"}
+{"version":3,"file":"oauth-authorize.service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-authorize.service.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC;AAEzB,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AACpE,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAExE,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,qBAAqB,CAAC;AAE7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAOpE;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,qEAAqE;IACrE,aAAa,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,YAAY,EAAE,MAAM,CAAC;IACrB,yFAAyF;IACzF,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,cAAc,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACpC,iDAAiD;IACjD,qBAAqB,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;IACrD,+CAA+C;IAC/C,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,8CAA8C;IAC9C,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,iEAAiE;IACjE,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,GAAG,SAAS,CAAC;IAC9C,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,8EAA8E;IAC9E,eAAe,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC;IAClC,8CAA8C;IAC9C,OAAO,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;IAChD,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IACnC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,2EAA2E;IAC3E,gBAAgB,CAAC,EAAE,GAAG,GAAG,SAAS,CAAC;IACnC,mFAAmF;IACnF,uBAAuB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9C;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,gCAAgC;IAChC,IAAI,EAAE,UAAU,GAAG,WAAW,CAAC;IAC/B,wCAAwC;IACxC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAED,qBAAa,qBAAqB;IAChC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwB;IAC/C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAqB;IACxD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;gBAEtC,MAAM,EAAE,qBAAqB,EAC7B,KAAK,EAAE,YAAY,EACnB,kBAAkB,EAAE,kBAAkB,EACtC,kBAAkB,EAAE,kBAAkB,EACtC,eAAe,EAAE,eAAe,EAChC,UAAU,EAAE,UAAU;IAUxB;;OAEG;IACU,SAAS,CAAC,MAAM,EAAE;QAC7B,KAAK,EAAE,eAAe,CAAC;QACvB,WAAW,CAAC,EAAE;YACZ,GAAG,EAAE,MAAM,CAAC;YACZ,wEAAwE;YACxE,gBAAgB,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF,kBAAkB,CAAC,EAAE,KAAK,CAAC;YACzB,GAAG,EAAE,MAAM,CAAC;YACZ,gBAAgB,EAAE,MAAM,CAAC;YACzB,YAAY,EAAE,MAAM,CAAC;YACrB,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;SAC5B,CAAC,CAAC;QACH,iBAAiB,CAAC,EAAE,CAClB,OAAO,EAAE,MAAM,KACZ,OAAO,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,GAAG,SAAS,CAAC,CAAC;QACxD,uBAAuB,CAAC,EAAE,uBAAuB,GAAG,SAAS,CAAC;QAC9D,0BAA0B,CAAC,EAAE,CAAC,KAAK,EAAE,uBAAuB,KAAK,IAAI,CAAC;QACtE,4BAA4B,CAAC,EAAE,MAAM,IAAI,CAAC;KAC3C,GAAG,OAAO,CAAC,eAAe,CAAC;IAoR5B,OAAO,CAAC,iBAAiB;IAkBzB,OAAO,CAAC,6BAA6B;IAwBrC,OAAO,CAAC,uCAAuC;IA6B/C,OAAO,CAAC,6CAA6C;IAUrD,OAAO,CAAC,sCAAsC;YAiDhC,wBAAwB;IA6BtC,OAAO,CAAC,WAAW;IAiCnB,OAAO,CAAC,cAAc;IAetB,OAAO,CAAC,wBAAwB;IAehC,OAAO,CAAC,qBAAqB;IAI7B,OAAO,CAAC,8BAA8B;IAiBtC;;;;;;OAMG;YACW,6BAA6B;IAwB3C,OAAO,CAAC,mBAAmB;IA2B3B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAyC7B,OAAO,CAAC,6BAA6B;IAgBrC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAkD/B,OAAO,CAAC,2BAA2B;IA2BnC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAwB7B,OAAO,CAAC,6BAA6B;YAkCvB,4BAA4B;IA8E1C;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAwBxB;;OAEG;YACW,yBAAyB;CAqDxC"}

package/dist/services/oauth-authorize.service.js

@@ -1,6 +1,8 @@
 import { getRandomBytes, toBase64Url } from "../lib/base64url.js";
 import { e } from "../schemas/error.js";
+import { AccountSelectionService } from "./account-selection.service.js";
 const REAUTHENTICATION_CONTINUATION_MAX_AGE_SECONDS = 60;
+const ACCOUNT_SELECTION_CONTINUATION_MAX_AGE_SECONDS = 300;
 export class OAuthAuthorizeService {
     config;
     mikro;
@@ -20,13 +22,19 @@ export class OAuthAuthorizeService {
      * Handle OAuth authorization request
      */
     async authorize(params) {
-        const { query, userSession } = params;
+        const { userSession } = params;
+        const rawQuery = params.query;
         // 1. Validate and fetch OAuth client DTO for validation methods
-        const client = await this.oauthClientService.findByClientId(query.client_id);
+        const client = await this.oauthClientService.findByClientId(rawQuery.client_id);
         // 2. Validate client is enabled
         this.oauthClientService.validateEnabled(client);
         // 3. Validate redirect_uri
-        this.oauthClientService.validateRedirectUri(client, query.redirect_uri);
+        this.oauthClientService.validateRedirectUri(client, rawQuery.redirect_uri);
+        const responseMode = this.parseResponseMode(rawQuery.response_mode);
+        const query = {
+            ...rawQuery,
+            response_mode: responseMode,
+        };
         // 4. Validate response_type
         this.oauthClientService.validateResponseType(client, query.response_type);
         // 5. Validate and parse scope
@@ -72,9 +80,78 @@ export class OAuthAuthorizeService {
         if (userCount === 0) {
             throw new e.UserNotFound.Error();
         }
+        const rememberedAccounts = await this.enrichRememberedAccounts(params.rememberedAccounts?.length
+            ? params.rememberedAccounts
+            : [
+                {
+                    sub: userSession.sub,
+                    authenticated_at: userSession.authenticated_at,
+                    last_used_at: userSession.authenticated_at,
+                },
+            ]);
+        const accountSelectionContinuation = this.getTrustedAccountSelectionContinuation({
+            query,
+            session: params.accountSelectionSession,
+            clientId: client.clientId,
+            activeUserSub: userSession.sub,
+        });
+        const accountSelection = new AccountSelectionService(this.config).decide({
+            clientId: client.clientId,
+            prompts,
+            activeUserSub: userSession.sub,
+            rememberedAccounts,
+            maxAge: query.max_age,
+            loginHint: query.login_hint,
+            accountSelected: accountSelectionContinuation.trusted,
+            freshReauthentication: hasFreshReauthentication,
+        });
+        if (accountSelection.type === 'oauth_error') {
+            return this.buildErrorAuthorizationResult({
+                redirectUri: query.redirect_uri,
+                error: accountSelection.error,
+                errorDescription: accountSelection.errorDescription,
+                state: query.state,
+                responseMode: query.response_mode,
+            });
+        }
+        if (accountSelection.type === 'show_chooser') {
+            let accountSelectionState = accountSelectionContinuation.id;
+            if (!accountSelectionContinuation.matchesExisting ||
+                !accountSelectionState) {
+                const continuation = this.createAccountSelectionSession({
+                    clientId: client.clientId,
+                    query,
+                    rememberedAccounts,
+                });
+                params.setAccountSelectionSession?.(continuation);
+                accountSelectionState = continuation.id;
+            }
+            return {
+                type: 'redirect',
+                url: this.buildAccountSelectRedirectUrl(query, accountSelectionState),
+            };
+        }
+        if (accountSelection.type === 'reauthenticate') {
+            return {
+                type: 'redirect',
+                url: this.buildLoginRedirectUrl(query),
+            };
+        }
+        const selectedSession = rememberedAccounts.find((account) => account.sub === accountSelection.selectedSub) ?? userSession;
+        if (accountSelectionContinuation.trusted &&
+            !accountSelectionContinuation.allowAddAccount &&
+            !accountSelectionContinuation.allowedSubs.includes(selectedSession.sub)) {
+            throw new e.InvalidAuthorizationRequest.Error();
+        }
+        if (selectedSession.sub !== userSession.sub) {
+            const selected = await params.selectUserSession?.(selectedSession.sub);
+            if (selected === false) {
+                throw new e.InvalidAuthorizationRequest.Error();
+            }
+        }
         // 9. Check if consent is required (using IDs, not entities)
         const requiresConsent = await this.userConsentService.requiresConsent({
-            userSub: userSession.sub,
+            userSub: selectedSession.sub,
             clientId: client.id,
             requestedScopes,
             prompt: prompts.includes('consent') ? 'consent' : undefined,
@@ -102,20 +179,21 @@ export class OAuthAuthorizeService {
             if (!query.nonce) {
                 throw new e.InvalidAuthorizationRequest.Error();
             }
+            params.clearAccountSelectionSession?.();
             return this.buildImplicitIdTokenRedirect({
                 clientId: client.clientId,
-                userSub: userSession.sub,
+                userSub: selectedSession.sub,
                 redirectUri: query.redirect_uri,
                 scope: requestedScopes,
                 nonce: query.nonce,
                 state: query.state,
-                authTime: userSession.authenticated_at,
+                authTime: selectedSession.authenticated_at,
                 responseMode: query.response_mode,
             });
         }
         const codeParams = {
             clientId: client.id,
-            userSub: userSession.sub,
+            userSub: selectedSession.sub,
             redirectUri: query.redirect_uri,
             scope: requestedScopes,
         };
@@ -130,9 +208,10 @@ export class OAuthAuthorizeService {
         }
         // Include OIDC authentication metadata from session
         if (userSession) {
-            codeParams.authTime = userSession.authenticated_at;
+            codeParams.authTime = selectedSession.authenticated_at;
         }
         const code = await this.generateAuthorizationCode(codeParams);
+        params.clearAccountSelectionSession?.();
         // 10. Redirect back to client with authorization code
         const callbackUrl = this.buildCallbackUrl(code, query.state, query.redirect_uri, query.response_mode);
         if (query.response_mode === 'form_post') {
@@ -151,6 +230,102 @@ export class OAuthAuthorizeService {
             url: callbackUrl,
         };
     }
+    parseResponseMode(responseMode) {
+        if (responseMode === undefined) {
+            return undefined;
+        }
+        if (responseMode === 'query' ||
+            responseMode === 'fragment' ||
+            responseMode === 'form_post') {
+            return responseMode;
+        }
+        throw new e.InvalidAuthorizationRequest.Error();
+    }
+    createAccountSelectionSession(params) {
+        const clientOverride = this.config.clients.find((client) => client.client_id === params.clientId)?.account_selection;
+        return {
+            id: toBase64Url(getRandomBytes(24)),
+            client_id: params.clientId,
+            request_fingerprint: this.buildAccountSelectionRequestFingerprint(params.query),
+            allow_add_account: clientOverride?.allow_add_account ??
+                this.config.auth.account_selection.allow_add_account,
+            allowed_subs: Array.from(new Set(params.rememberedAccounts.map((account) => account.sub))),
+            created_at: Math.floor(Date.now() / 1000),
+        };
+    }
+    buildAccountSelectionRequestFingerprint(query) {
+        return JSON.stringify([
+            ['client_id', query.client_id],
+            ['redirect_uri', query.redirect_uri],
+            ['response_type', query.response_type],
+            ['scope', query.scope],
+            ['state', query.state],
+            ['nonce', query.nonce],
+            ['code_challenge', query.code_challenge],
+            ['code_challenge_method', query.code_challenge_method],
+            [
+                'prompt',
+                this.normalizePromptForAccountSelectionFingerprint(query.prompt),
+            ],
+            ['max_age', query.max_age],
+            ['reauthenticated', query.reauthenticated],
+            ['display', query.display],
+            ['response_mode', query.response_mode],
+            ['login_hint', query.login_hint],
+            ['ui_locales', query.ui_locales],
+            ['id_token_hint', query.id_token_hint],
+            ['acr_values', query.acr_values],
+        ].filter(([, value]) => value !== undefined));
+    }
+    normalizePromptForAccountSelectionFingerprint(prompt) {
+        if (!prompt) {
+            return undefined;
+        }
+        const values = prompt.split(' ').filter((value) => value !== 'consent');
+        return values.length > 0 ? values.join(' ') : undefined;
+    }
+    getTrustedAccountSelectionContinuation(params) {
+        const { query, session } = params;
+        const now = Math.floor(Date.now() / 1000);
+        const matchesExisting = session?.client_id === params.clientId &&
+            session.request_fingerprint ===
+                this.buildAccountSelectionRequestFingerprint(query) &&
+            session.created_at <= now &&
+            now - session.created_at <=
+                ACCOUNT_SELECTION_CONTINUATION_MAX_AGE_SECONDS;
+        if (!session || !matchesExisting) {
+            return {
+                trusted: false,
+                matchesExisting: false,
+                allowAddAccount: false,
+                allowedSubs: [],
+            };
+        }
+        if (!session.allow_add_account &&
+            !session.allowed_subs.includes(params.activeUserSub)) {
+            throw new e.InvalidAuthorizationRequest.Error();
+        }
+        return {
+            trusted: query.account_selected === '1' &&
+                query.account_selection_state === session.id,
+            matchesExisting: true,
+            id: session.id,
+            allowAddAccount: session.allow_add_account,
+            allowedSubs: session.allowed_subs,
+        };
+    }
+    async enrichRememberedAccounts(accounts) {
+        return Promise.all(accounts.map(async (account) => {
+            if (account.email) {
+                return account;
+            }
+            const user = await this.mikro.user.findOne({
+                sub: account.sub,
+                deleted_at: null,
+            });
+            return user ? { ...account, email: user.email } : account;
+        }));
+    }
     parsePrompt(prompt) {
         if (!prompt) {
             return [];
@@ -231,6 +406,34 @@ export class OAuthAuthorizeService {
             throw new e.InvalidCodeChallengeMethod.Error();
         }
     }
+    copyAuthorizeParams(url, query) {
+        url.searchParams.set('client_id', query.client_id);
+        url.searchParams.set('redirect_uri', query.redirect_uri);
+        url.searchParams.set('response_type', query.response_type);
+        if (query.scope)
+            url.searchParams.set('scope', query.scope);
+        if (query.state)
+            url.searchParams.set('state', query.state);
+        if (query.nonce)
+            url.searchParams.set('nonce', query.nonce);
+        if (query.code_challenge) {
+            url.searchParams.set('code_challenge', query.code_challenge);
+        }
+        if (query.code_challenge_method) {
+            url.searchParams.set('code_challenge_method', query.code_challenge_method);
+        }
+        if (query.prompt)
+            url.searchParams.set('prompt', query.prompt);
+        if (query.max_age !== undefined) {
+            url.searchParams.set('max_age', query.max_age.toString());
+        }
+        if (query.reauthenticated) {
+            url.searchParams.set('reauthenticated', query.reauthenticated);
+        }
+        if (query.display)
+            url.searchParams.set('display', query.display);
+        this.preserveCompatibilityParams(url, query);
+    }
     /**
      * Build login redirect URL
      */
@@ -269,6 +472,15 @@ export class OAuthAuthorizeService {
         this.preserveCompatibilityParams(loginUrl, query);
         return loginUrl.toString();
     }
+    buildAccountSelectRedirectUrl(query, accountSelectionState) {
+        const accountSelectUrl = new URL('/account/select', this.config.server.public_origin);
+        this.copyAuthorizeParams(accountSelectUrl, {
+            ...query,
+            account_selected: undefined,
+            account_selection_state: accountSelectionState,
+        });
+        return accountSelectUrl.toString();
+    }
     /**
      * Build consent redirect URL
      */
@@ -301,6 +513,12 @@ export class OAuthAuthorizeService {
         if (query.reauthenticated) {
             consentUrl.searchParams.set('reauthenticated', query.reauthenticated);
         }
+        if (query.account_selected) {
+            consentUrl.searchParams.set('account_selected', query.account_selected);
+        }
+        if (query.account_selection_state) {
+            consentUrl.searchParams.set('account_selection_state', query.account_selection_state);
+        }
         if (query.display) {
             consentUrl.searchParams.set('display', query.display);
         }
@@ -323,6 +541,12 @@ export class OAuthAuthorizeService {
         if (query.acr_values) {
             url.searchParams.set('acr_values', query.acr_values);
         }
+        if (query.account_selected) {
+            url.searchParams.set('account_selected', query.account_selected);
+        }
+        if (query.account_selection_state) {
+            url.searchParams.set('account_selection_state', query.account_selection_state);
+        }
     }
     /**
      * Build error redirect URL (for OAuth errors that should redirect back)