npm - @versini/auth-common - Versions diffs - 2.12.0 → 3.0.0 - Mend

@versini/auth-common 2.12.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -11,12 +11,16 @@ declare const AUTH_TYPES: {
 declare const HEADERS: {
     CLIENT_ID: string;
 };
+declare const BODY: {
+    ACCESS_TOKEN: string;
+};
 declare const JWT: {
     ALG: string;
     USER_ID_KEY: string;
     TOKEN_ID_KEY: string;
     NONCE_KEY: string;
     USERNAME_KEY: string;
+    AUTH_TYPE_KEY: string;
     ISSUER: string;
 };
 declare const JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7\nw5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5\ni1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle\naMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+\nl0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE\nsjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81\nawIDAQAB\n-----END PUBLIC KEY-----";
@@ -60,6 +64,9 @@ declare function pkceChallengePair(length?: number): Promise<{
  */
 declare function verifyChallenge(code_verifier: string, expectedChallenge: string): Promise<boolean>;
+type BodyLike = Record<string, unknown> & {
+    access_token?: string;
+};
 type HeadersLike = Record<string, unknown> & {
     authorization?: string;
     "content-type"?: string;
@@ -67,11 +74,21 @@ type HeadersLike = Record<string, unknown> & {
 };
 /**
  * Get a Bearer Token from a request.
+ * It checks the following sources in order:
+ * 1. The `access_token` body parameter.
+ * 2. The `auth.${clientId}` cookie.
+ * 3. The `Authorization` header.
  *
  * @param headers An object containing the request headers, usually `req.headers`.
+ * @param body An object containing the request body, usually `req.body`.
  * @param clientId The client ID to use.
  *
  */
-declare const getToken: (headers: HeadersLike, clientId: string) => string;
+type GetToken = {
+    clientId: string;
+    headers: HeadersLike;
+    body?: BodyLike;
+};
+declare const getToken: ({ headers, body, clientId }: GetToken) => string;
-export { API_TYPE, AUTH_TYPES, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js CHANGED Viewed

@@ -1,33 +1,36 @@
 /*!
-  @versini/auth-common v2.12.0
+  @versini/auth-common v3.0.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.12.0",
-    buildTime: "07/15/2024 09:28 AM EDT",
+    version: "3.0.0",
+    buildTime: "07/19/2024 09:13 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const Qe = {
+const Ze = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
   PASSKEY: "passkey"
-}, Xe = {
+}, je = {
   CLIENT_ID: "X-Auth-ClientId"
-}, N = {
+}, ne = {
+  ACCESS_TOKEN: "access_token"
+}, U = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
   NONCE_KEY: "_nonce",
   USERNAME_KEY: "username",
+  AUTH_TYPE_KEY: "auth_type",
   ISSUER: "gizmette.com"
-}, ne = `-----BEGIN PUBLIC KEY-----
+}, ae = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -35,23 +38,23 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, Ze = {
+-----END PUBLIC KEY-----`, et = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, je = {
+}, tt = {
   AUTHENTICATE: "authenticate",
   CODE: "code",
   LOGOUT: "logout"
-}, x = crypto, z = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
-function ae(...e) {
+}, K = crypto, q = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
+function oe(...e) {
   const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
-const oe = (e) => {
+const ie = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
   for (let n = 0; n < t.length; n++)
     r[n] = t.charCodeAt(n);
@@ -60,7 +63,7 @@ const oe = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return oe(t);
+    return ie(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -90,7 +93,7 @@ class $ extends A {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class ie extends A {
+class ce extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -122,7 +125,7 @@ class S extends A {
     return "ERR_JWT_INVALID";
   }
 }
-class ce extends A {
+class se extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -136,10 +139,10 @@ function m(e, t = "algorithm.name") {
 function T(e, t) {
   return e.name === t;
 }
-function O(e) {
+function x(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function se(e) {
+function de(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -151,7 +154,7 @@ function se(e) {
       throw new Error("unreachable");
   }
 }
-function de(e, t) {
+function ue(e, t) {
   if (t.length && !t.some((r) => e.usages.includes(r))) {
     let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -161,7 +164,7 @@ function de(e, t) {
     throw new TypeError(r);
   }
 }
-function ue(e, t, ...r) {
+function le(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
@@ -169,7 +172,7 @@ function ue(e, t, ...r) {
       if (!T(e.algorithm, "HMAC"))
         throw m("HMAC");
       const n = parseInt(t.slice(2), 10);
-      if (O(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -179,7 +182,7 @@ function ue(e, t, ...r) {
       if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw m("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
-      if (O(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -189,7 +192,7 @@ function ue(e, t, ...r) {
       if (!T(e.algorithm, "RSA-PSS"))
         throw m("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
-      if (O(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -203,7 +206,7 @@ function ue(e, t, ...r) {
     case "ES512": {
       if (!T(e.algorithm, "ECDSA"))
         throw m("ECDSA");
-      const n = se(t);
+      const n = de(t);
       if (e.algorithm.namedCurve !== n)
         throw m(n, "algorithm.namedCurve");
       break;
@@ -211,9 +214,9 @@ function ue(e, t, ...r) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  de(e, r);
+  ue(e, r);
 }
-function G(e, t, ...r) {
+function z(e, t, ...r) {
   var n;
   if (r.length > 2) {
     const a = r.pop();
@@ -221,11 +224,11 @@ function G(e, t, ...r) {
   } else r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const L = (e, ...t) => G("Key must be ", e, ...t);
-function Y(e, t, ...r) {
-  return G(`Key for the ${e} algorithm must be `, t, ...r);
+const L = (e, ...t) => z("Key must be ", e, ...t);
+function G(e, t, ...r) {
+  return z(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Q = (e) => z(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", _ = ["CryptoKey"], le = (...e) => {
+const Q = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], fe = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -244,11 +247,11 @@ const Q = (e) => z(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
   }
   return !0;
 };
-function fe(e) {
+function he(e) {
   return typeof e == "object" && e !== null;
 }
 function P(e) {
-  if (!fe(e) || Object.prototype.toString.call(e) !== "[object Object]")
+  if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -257,14 +260,14 @@ function P(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const he = (e, t) => {
+const pe = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
 };
-function pe(e) {
+function me(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -336,36 +339,36 @@ function pe(e) {
   }
   return { algorithm: t, keyUsages: r };
 }
-const me = async (e) => {
+const Se = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = pe(e), n = [
+  const { algorithm: t, keyUsages: r } = me(e), n = [
     t,
     e.ext ?? !1,
     e.key_ops ?? r
   ], a = { ...e };
-  return delete a.alg, delete a.use, x.subtle.importKey("jwk", a, ...n);
+  return delete a.alg, delete a.use, K.subtle.importKey("jwk", a, ...n);
 }, X = (e) => b(e);
 let W, J;
 const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const i = await me({ ...r, alg: n });
+  const i = await Se({ ...r, alg: n });
   return a ? a[n] = i : e.set(t, { [n]: i }), i;
-}, Se = (e, t) => {
+}, ye = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
     return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? X(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
   }
   return e;
-}, ye = (e, t) => {
+}, Ee = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
     return r.k ? X(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), j(W, e, r, t));
   }
   return e;
-}, Ee = { normalizePublicKey: Se, normalizePrivateKey: ye }, E = (e, t, r = 0) => {
+}, we = { normalizePublicKey: ye, normalizePrivateKey: Ee }, E = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
   const n = e.indexOf(t[0], r);
   if (n === -1)
@@ -391,7 +394,7 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
     default:
       throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, we = async (e, t, r, n, a) => {
+}, ge = async (e, t, r, n, a) => {
   let i, o;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
@@ -437,33 +440,33 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
     default:
       throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return x.subtle.importKey(t, c, i, !1, o);
-}, ge = (e, t, r) => we(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Ae(e, t, r) {
+  return K.subtle.importKey(t, c, i, !1, o);
+}, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return ge(e, t);
+  return Ae(e, t);
 }
-const R = (e) => e == null ? void 0 : e[Symbol.toStringTag], be = (e, t) => {
+const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
   if (!(t instanceof Uint8Array)) {
     if (!Q(t))
-      throw new TypeError(Y(e, t, ..._, "Uint8Array"));
+      throw new TypeError(G(e, t, ...R, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${R(t)} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${I(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Ce = (e, t, r) => {
+}, ve = (e, t, r) => {
   if (!Q(t))
-    throw new TypeError(Y(e, t, ..._));
+    throw new TypeError(G(e, t, ...R));
   if (t.type === "secret")
-    throw new TypeError(`${R(t)} instances for asymmetric algorithms must not be of type "secret"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && r === "verify" && t.type === "private")
-    throw new TypeError(`${R(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && r === "encrypt" && t.type === "private")
-    throw new TypeError(`${R(t)} instances for asymmetric algorithm encryption must be of type "public"`);
-}, ve = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? be(e, t) : Ce(e, t, r);
+    throw new TypeError(`${I(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+}, Te = (e, t, r) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : ve(e, t, r);
 };
-function Te(e, t, r, n, a) {
+function _e(e, t, r, n, a) {
   if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
@@ -513,27 +516,27 @@ function Re(e, t) {
       throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function _e(e, t, r) {
-  if (t = await Ee.normalizePublicKey(t, e), z(t))
-    return ue(t, e, r), t;
+async function Pe(e, t, r) {
+  if (t = await we.normalizePublicKey(t, e), q(t))
+    return le(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(L(t, ..._));
-    return x.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
+      throw new TypeError(L(t, ...R));
+    return K.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(L(t, ..._, "Uint8Array"));
+  throw new TypeError(L(t, ...R, "Uint8Array"));
 }
-const Pe = async (e, t, r, n) => {
-  const a = await _e(e, t, "verify");
-  he(e, a);
+const Ke = async (e, t, r, n) => {
+  const a = await Pe(e, t, "verify");
+  pe(e, a);
   const i = Re(e, a.algorithm);
   try {
-    return await x.subtle.verify(i, a, r, n);
+    return await K.subtle.verify(i, a, r, n);
   } catch {
     return !1;
   }
 };
-async function xe(e, t, r) {
+async function Oe(e, t, r) {
   if (!P(e))
     throw new u("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
@@ -549,17 +552,17 @@ async function xe(e, t, r) {
   let n = {};
   if (e.protected)
     try {
-      const K = b(e.protected);
-      n = JSON.parse(C.decode(K));
+      const O = b(e.protected);
+      n = JSON.parse(C.decode(O));
     } catch {
       throw new u("JWS Protected Header is invalid");
     }
-  if (!le(n, e.header))
+  if (!fe(n, e.header))
     throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, i = Te(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  }, i = _e(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
   let o = !0;
   if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
@@ -568,23 +571,23 @@ async function xe(e, t, r) {
     throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
   const s = r && Ie("algorithms", r.algorithms);
   if (s && !s.has(c))
-    throw new ie('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
   if (o) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new u("JWS Payload must be a string or an Uint8Array instance");
   let p = !1;
-  typeof t == "function" && (t = await t(n, e), p = !0), ve(c, t, "verify");
-  const g = ae(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(n, e), p = !0), Te(c, t, "verify");
+  const g = oe(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
   let f;
   try {
     f = b(e.signature);
   } catch {
     throw new u("Failed to base64url decode the signature");
   }
-  if (!await Pe(c, t, f, g))
-    throw new ce();
+  if (!await Ke(c, t, f, g))
+    throw new se();
   let y;
   if (o)
     try {
@@ -596,17 +599,17 @@ async function xe(e, t, r) {
   const l = { payload: y };
   return e.protected !== void 0 && (l.protectedHeader = n), e.header !== void 0 && (l.unprotectedHeader = e.header), p ? { ...l, key: t } : l;
 }
-async function Ke(e, t, r) {
+async function xe(e, t, r) {
   if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new u("Compact JWS must be a string or Uint8Array");
   const { 0: n, 1: a, 2: i, length: o } = e.split(".");
   if (o !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await xe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await Oe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te * 24, We = H * 7, Je = H * 365.25, De = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, k = (e) => {
-  const t = De.exec(e);
+const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te * 24, Je = H * 7, De = H * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, k = (e) => {
+  const t = He.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const r = parseFloat(t[2]), n = t[3].toLowerCase();
@@ -641,14 +644,14 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * We);
+      a = Math.round(r * Je);
       break;
     default:
-      a = Math.round(r * Je);
+      a = Math.round(r * De);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, V = (e) => e.toLowerCase().replace(/^application\//, ""), He = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
+}, B = (e) => e.toLowerCase().replace(/^application\//, ""), Ne = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
   let n;
   try {
     n = JSON.parse(C.decode(t));
@@ -657,7 +660,7 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
   if (!P(n))
     throw new S("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
-  if (a && (typeof e.typ != "string" || V(e.typ) !== V(a)))
+  if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
   const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
   p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
@@ -668,7 +671,7 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (s && !He(n.aud, typeof s == "string" ? [s] : s))
+  if (s && !Ne(n.aud, typeof s == "string" ? [s] : s))
     throw new h('unexpected "aud" claim value', n, "aud", "check_failed");
   let f;
   switch (typeof r.clockTolerance) {
@@ -684,7 +687,7 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: U } = r, y = Oe(U || /* @__PURE__ */ new Date());
+  const { currentDate: N } = r, y = We(N || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || p) && typeof n.iat != "number")
     throw new h('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -700,24 +703,24 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te *
       throw new $('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (p) {
-    const l = y - n.iat, K = typeof p == "number" ? p : k(p);
-    if (l - f > K)
+    const l = y - n.iat, O = typeof p == "number" ? p : k(p);
+    if (l - f > O)
       throw new $('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
     if (l < 0 - f)
       throw new h('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
 };
-async function Ne(e, t, r) {
+async function $e(e, t, r) {
   var o;
-  const n = await Ke(e, t, r);
+  const n = await xe(e, t, r);
   if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
     throw new S("JWTs MUST NOT use unencoded payload");
   const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...i, key: n.key } : i;
 }
-const $e = b;
-function Le(e) {
+const Le = b;
+function Me(e) {
   if (typeof e != "string")
     throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -729,7 +732,7 @@ function Le(e) {
     throw new S("JWTs must contain a payload");
   let n;
   try {
-    n = $e(t);
+    n = Le(t);
   } catch {
     throw new S("Failed to base64url decode the payload");
   }
@@ -743,18 +746,18 @@ function Le(e) {
     throw new S("Invalid JWT Claims Set");
   return a;
 }
-const et = async (e) => {
+const rt = async (e) => {
   try {
-    const t = N.ALG, n = await Ae(ne, t);
-    return await Ne(e, n, {
-      issuer: N.ISSUER
+    const t = U.ALG, n = await be(ae, t);
+    return await $e(e, n, {
+      issuer: U.ISSUER
     });
   } catch {
     return;
   }
-}, tt = (e) => {
+}, nt = (e) => {
   try {
-    return Le(e);
+    return Me(e);
   } catch {
     return;
   }
@@ -762,48 +765,48 @@ const et = async (e) => {
 var d = [];
 for (var D = 0; D < 256; ++D)
   d.push((D + 256).toString(16).slice(1));
-function Me(e, t = 0) {
+function ke(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var I, ke = new Uint8Array(16);
-function Ve() {
-  if (!I && (I = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !I))
+var _, Be = new Uint8Array(16);
+function Fe() {
+  if (!_ && (_ = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !_))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return I(ke);
+  return _(Be);
 }
-var Be = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const B = {
-  randomUUID: Be
+var Ve = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const F = {
+  randomUUID: Ve
 };
-function F(e, t, r) {
-  if (B.randomUUID && !t && !e)
-    return B.randomUUID();
+function V(e, t, r) {
+  if (F.randomUUID && !t && !e)
+    return F.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Ve)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Me(n);
+  var n = e.random || (e.rng || Fe)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, ke(n);
 }
-const q = globalThis.crypto, Fe = (e) => `${F()}${F()}`.slice(0, e), qe = (e) => btoa(
+const Y = globalThis.crypto, Ye = (e) => `${V()}${V()}`.slice(0, e), qe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
 async function re(e) {
-  if (!q.subtle)
+  if (!Y.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), r = await q.subtle.digest("SHA-256", t);
+  const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
   return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function rt(e) {
+async function at(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = Fe(t), n = await re(r);
+  const r = Ye(t), n = await re(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-async function nt(e, t) {
+async function ot(e, t) {
   return t === await re(e);
 }
 const ze = /^Bearer (.+)$/i, Ge = (e) => {
@@ -812,28 +815,33 @@ const ze = /^Bearer (.+)$/i, Ge = (e) => {
   const t = e.authorization.match(ze);
   if (t)
     return t[1];
-}, Ye = (e, t) => {
+}, Qe = (e, t) => {
   const r = e.cookie, n = new RegExp(`auth.${t}=(.+?)(?:;|$)`);
   if (typeof r != "string")
     return;
   const a = r.match(n);
   if (a)
     return a[1];
-}, at = (e, t) => {
-  const r = Ge(e), n = Ye(e, t);
-  return !n && !r ? "" : n || r;
+}, Xe = (e) => {
+  const t = e == null ? void 0 : e[ne.ACCESS_TOKEN];
+  if (typeof t == "string")
+    return t;
+}, it = ({ headers: e, body: t, clientId: r }) => {
+  const n = Ge(e), a = Qe(e, r);
+  return Xe(t) || a || n || "";
 };
 export {
-  je as API_TYPE,
-  Qe as AUTH_TYPES,
-  Xe as HEADERS,
-  N as JWT,
-  ne as JWT_PUBLIC_KEY,
-  Ze as TOKEN_EXPIRATION,
-  tt as decodeToken,
+  tt as API_TYPE,
+  Ze as AUTH_TYPES,
+  ne as BODY,
+  je as HEADERS,
+  U as JWT,
+  ae as JWT_PUBLIC_KEY,
+  et as TOKEN_EXPIRATION,
+  nt as decodeToken,
   re as generateCodeChallenge,
-  at as getToken,
-  rt as pkceChallengePair,
-  et as verifyAndExtractToken,
-  nt as verifyChallenge
+  it as getToken,
+  at as pkceChallengePair,
+  rt as verifyAndExtractToken,
+  ot as verifyChallenge
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "2.12.0",
+	"version": "3.0.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "ae50d0965f6c30ea5bb8ace592c3cd99e736803e"
+	"gitHead": "ce92ce0065a9faf54d5c498ff63a195b249043af"
 }