@versini/auth-common 2.12.1 → 3.0.1

package/dist/index.d.ts

@@ -11,6 +11,9 @@ declare const AUTH_TYPES: {
 declare const HEADERS: {
     CLIENT_ID: string;
 };
+declare const BODY: {
+    ACCESS_TOKEN: string;
+};
 declare const JWT: {
     ALG: string;
     USER_ID_KEY: string;
@@ -18,6 +21,8 @@ declare const JWT: {
     NONCE_KEY: string;
     USERNAME_KEY: string;
     AUTH_TYPE_KEY: string;
+    EXPIRES_AT_KEY: string;
+    CREATED_AT_KEY: string;
     ISSUER: string;
 };
 declare const JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7\nw5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5\ni1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle\naMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+\nl0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE\nsjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81\nawIDAQAB\n-----END PUBLIC KEY-----";
@@ -61,6 +66,9 @@ declare function pkceChallengePair(length?: number): Promise<{
  */
 declare function verifyChallenge(code_verifier: string, expectedChallenge: string): Promise<boolean>;
 
+type BodyLike = Record<string, unknown> & {
+    access_token?: string;
+};
 type HeadersLike = Record<string, unknown> & {
     authorization?: string;
     "content-type"?: string;
@@ -68,11 +76,21 @@ type HeadersLike = Record<string, unknown> & {
 };
 /**
  * Get a Bearer Token from a request.
+ * It checks the following sources in order:
+ * 1. The `access_token` body parameter.
+ * 2. The `auth.${clientId}` cookie.
+ * 3. The `Authorization` header.
  *
  * @param headers An object containing the request headers, usually `req.headers`.
+ * @param body An object containing the request body, usually `req.body`.
  * @param clientId The client ID to use.
  *
  */
-declare const getToken: (headers: HeadersLike, clientId: string) => string;
+type GetToken = {
+    clientId: string;
+    headers: HeadersLike;
+    body?: BodyLike;
+};
+declare const getToken: ({ headers, body, clientId }: GetToken) => string;
 
-export { API_TYPE, AUTH_TYPES, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, BODY, type BodyLike, HEADERS, type HeadersLike, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, getToken, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js

@@ -1,34 +1,38 @@
 /*!
-  @versini/auth-common v2.12.1
+  @versini/auth-common v3.0.1
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.12.1",
-    buildTime: "07/15/2024 10:32 AM EDT",
+    version: "3.0.1",
+    buildTime: "07/20/2024 09:31 AM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const Qe = {
+const Ze = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
   CODE: "code",
   REFRESH_TOKEN: "refresh_token",
   PASSKEY: "passkey"
-}, Xe = {
+}, je = {
   CLIENT_ID: "X-Auth-ClientId"
-}, N = {
+}, ne = {
+  ACCESS_TOKEN: "access_token"
+}, U = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
   NONCE_KEY: "_nonce",
   USERNAME_KEY: "username",
   AUTH_TYPE_KEY: "auth_type",
+  EXPIRES_AT_KEY: "exp",
+  CREATED_AT_KEY: "iat",
   ISSUER: "gizmette.com"
-}, ne = `-----BEGIN PUBLIC KEY-----
+}, ae = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -36,23 +40,23 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, Ze = {
+-----END PUBLIC KEY-----`, et = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, je = {
+}, tt = {
   AUTHENTICATE: "authenticate",
   CODE: "code",
   LOGOUT: "logout"
-}, K = crypto, q = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
-function ae(...e) {
+}, K = crypto, q = (e) => e instanceof CryptoKey, T = new TextEncoder(), C = new TextDecoder();
+function oe(...e) {
   const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
   let n = 0;
   for (const a of e)
     r.set(a, n), n += a.length;
   return r;
 }
-const oe = (e) => {
+const ie = (e) => {
   const t = atob(e), r = new Uint8Array(t.length);
   for (let n = 0; n < t.length; n++)
     r[n] = t.charCodeAt(n);
@@ -61,7 +65,7 @@ const oe = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return oe(t);
+    return ie(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -91,7 +95,7 @@ class $ extends A {
     super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class ie extends A {
+class ce extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -123,7 +127,7 @@ class S extends A {
     return "ERR_JWT_INVALID";
   }
 }
-class ce extends A {
+class se extends A {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -134,13 +138,13 @@ class ce extends A {
 function m(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function T(e, t) {
+function v(e, t) {
   return e.name === t;
 }
-function O(e) {
+function x(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function se(e) {
+function de(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -152,7 +156,7 @@ function se(e) {
       throw new Error("unreachable");
   }
 }
-function de(e, t) {
+function ue(e, t) {
   if (t.length && !t.some((r) => e.usages.includes(r))) {
     let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
@@ -162,35 +166,35 @@ function de(e, t) {
     throw new TypeError(r);
   }
 }
-function ue(e, t, ...r) {
+function le(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!T(e.algorithm, "HMAC"))
+      if (!v(e.algorithm, "HMAC"))
         throw m("HMAC");
       const n = parseInt(t.slice(2), 10);
-      if (O(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!v(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw m("RSASSA-PKCS1-v1_5");
       const n = parseInt(t.slice(2), 10);
-      if (O(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!T(e.algorithm, "RSA-PSS"))
+      if (!v(e.algorithm, "RSA-PSS"))
         throw m("RSA-PSS");
       const n = parseInt(t.slice(2), 10);
-      if (O(e.algorithm.hash) !== n)
+      if (x(e.algorithm.hash) !== n)
         throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
@@ -202,9 +206,9 @@ function ue(e, t, ...r) {
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!T(e.algorithm, "ECDSA"))
+      if (!v(e.algorithm, "ECDSA"))
         throw m("ECDSA");
-      const n = se(t);
+      const n = de(t);
       if (e.algorithm.namedCurve !== n)
         throw m(n, "algorithm.namedCurve");
       break;
@@ -212,7 +216,7 @@ function ue(e, t, ...r) {
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  de(e, r);
+  ue(e, r);
 }
 function z(e, t, ...r) {
   var n;
@@ -226,7 +230,7 @@ const L = (e, ...t) => z("Key must be ", e, ...t);
 function G(e, t, ...r) {
   return z(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Q = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], le = (...e) => {
+const X = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], fe = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
@@ -245,11 +249,11 @@ const Q = (e) => q(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "K
   }
   return !0;
 };
-function fe(e) {
+function he(e) {
   return typeof e == "object" && e !== null;
 }
 function P(e) {
-  if (!fe(e) || Object.prototype.toString.call(e) !== "[object Object]")
+  if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -258,14 +262,14 @@ function P(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const he = (e, t) => {
+const pe = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
     const { modulusLength: r } = t.algorithm;
     if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
 };
-function pe(e) {
+function me(e) {
   let t, r;
   switch (e.kty) {
     case "RSA": {
@@ -337,36 +341,36 @@ function pe(e) {
   }
   return { algorithm: t, keyUsages: r };
 }
-const me = async (e) => {
+const Se = async (e) => {
   if (!e.alg)
     throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
-  const { algorithm: t, keyUsages: r } = pe(e), n = [
+  const { algorithm: t, keyUsages: r } = me(e), n = [
     t,
     e.ext ?? !1,
     e.key_ops ?? r
   ], a = { ...e };
   return delete a.alg, delete a.use, K.subtle.importKey("jwk", a, ...n);
-}, X = (e) => b(e);
+}, Q = (e) => b(e);
 let W, J;
 const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
   let a = e.get(t);
   if (a != null && a[n])
     return a[n];
-  const i = await me({ ...r, alg: n });
+  const i = await Se({ ...r, alg: n });
   return a ? a[n] = i : e.set(t, { [n]: i }), i;
-}, Se = (e, t) => {
+}, ye = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? X(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? Q(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
   }
   return e;
-}, ye = (e, t) => {
+}, Ee = (e, t) => {
   if (Z(e)) {
     let r = e.export({ format: "jwk" });
-    return r.k ? X(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), j(W, e, r, t));
+    return r.k ? Q(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), j(W, e, r, t));
   }
   return e;
-}, Ee = { normalizePublicKey: Se, normalizePrivateKey: ye }, E = (e, t, r = 0) => {
+}, we = { normalizePublicKey: ye, normalizePrivateKey: Ee }, E = (e, t, r = 0) => {
   r === 0 && (t.unshift(t.length), t.unshift(6));
   const n = e.indexOf(t[0], r);
   if (n === -1)
@@ -392,7 +396,7 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
     default:
       throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, we = async (e, t, r, n, a) => {
+}, ge = async (e, t, r, n, a) => {
   let i, o;
   const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (n) {
@@ -439,21 +443,21 @@ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j
       throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
   return K.subtle.importKey(t, c, i, !1, o);
-}, ge = (e, t, r) => we(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function Ae(e, t, r) {
+}, Ae = (e, t, r) => ge(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return ge(e, t);
+  return Ae(e, t);
 }
-const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], be = (e, t) => {
+const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ce = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!Q(t))
+    if (!X(t))
       throw new TypeError(G(e, t, ...R, "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${I(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, Ce = (e, t, r) => {
-  if (!Q(t))
+}, Te = (e, t, r) => {
+  if (!X(t))
     throw new TypeError(G(e, t, ...R));
   if (t.type === "secret")
     throw new TypeError(`${I(t)} instances for asymmetric algorithms must not be of type "secret"`);
@@ -462,9 +466,9 @@ const I = (e) => e == null ? void 0 : e[Symbol.toStringTag], be = (e, t) => {
   if (t.algorithm && r === "encrypt" && t.type === "private")
     throw new TypeError(`${I(t)} instances for asymmetric algorithm encryption must be of type "public"`);
 }, ve = (e, t, r) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? be(e, t) : Ce(e, t, r);
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ce(e, t) : Te(e, t, r);
 };
-function Te(e, t, r, n, a) {
+function _e(e, t, r, n, a) {
   if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!n || n.crit === void 0)
@@ -483,13 +487,13 @@ function Te(e, t, r, n, a) {
   }
   return new Set(n.crit);
 }
-const _e = (e, t) => {
+const Ie = (e, t) => {
   if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function Ie(e, t) {
+function Re(e, t) {
   const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
@@ -514,9 +518,9 @@ function Ie(e, t) {
       throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-async function Re(e, t, r) {
-  if (t = await Ee.normalizePublicKey(t, e), q(t))
-    return ue(t, e, r), t;
+async function Pe(e, t, r) {
+  if (t = await we.normalizePublicKey(t, e), q(t))
+    return le(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
       throw new TypeError(L(t, ...R));
@@ -524,17 +528,17 @@ async function Re(e, t, r) {
   }
   throw new TypeError(L(t, ...R, "Uint8Array"));
 }
-const Pe = async (e, t, r, n) => {
-  const a = await Re(e, t, "verify");
-  he(e, a);
-  const i = Ie(e, a.algorithm);
+const Ke = async (e, t, r, n) => {
+  const a = await Pe(e, t, "verify");
+  pe(e, a);
+  const i = Re(e, a.algorithm);
   try {
     return await K.subtle.verify(i, a, r, n);
   } catch {
     return !1;
   }
 };
-async function Ke(e, t, r) {
+async function Oe(e, t, r) {
   if (!P(e))
     throw new u("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
@@ -550,26 +554,26 @@ async function Ke(e, t, r) {
   let n = {};
   if (e.protected)
     try {
-      const x = b(e.protected);
-      n = JSON.parse(C.decode(x));
+      const O = b(e.protected);
+      n = JSON.parse(C.decode(O));
     } catch {
       throw new u("JWS Protected Header is invalid");
     }
-  if (!le(n, e.header))
+  if (!fe(n, e.header))
     throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
   const a = {
     ...n,
     ...e.header
-  }, i = Te(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  }, i = _e(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
   let o = !0;
   if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
   const { alg: c } = a;
   if (typeof c != "string" || !c)
     throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = r && _e("algorithms", r.algorithms);
+  const s = r && Ie("algorithms", r.algorithms);
   if (s && !s.has(c))
-    throw new ie('"alg" (Algorithm) Header Parameter value not allowed');
+    throw new ce('"alg" (Algorithm) Header Parameter value not allowed');
   if (o) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
@@ -577,15 +581,15 @@ async function Ke(e, t, r) {
     throw new u("JWS Payload must be a string or an Uint8Array instance");
   let p = !1;
   typeof t == "function" && (t = await t(n, e), p = !0), ve(c, t, "verify");
-  const g = ae(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
+  const g = oe(T.encode(e.protected ?? ""), T.encode("."), typeof e.payload == "string" ? T.encode(e.payload) : e.payload);
   let f;
   try {
     f = b(e.signature);
   } catch {
     throw new u("Failed to base64url decode the signature");
   }
-  if (!await Pe(c, t, f, g))
-    throw new ce();
+  if (!await Ke(c, t, f, g))
+    throw new se();
   let y;
   if (o)
     try {
@@ -593,7 +597,7 @@ async function Ke(e, t, r) {
     } catch {
       throw new u("Failed to base64url decode the payload");
     }
-  else typeof e.payload == "string" ? y = v.encode(e.payload) : y = e.payload;
+  else typeof e.payload == "string" ? y = T.encode(e.payload) : y = e.payload;
   const l = { payload: y };
   return e.protected !== void 0 && (l.protectedHeader = n), e.header !== void 0 && (l.unprotectedHeader = e.header), p ? { ...l, key: t } : l;
 }
@@ -603,10 +607,10 @@ async function xe(e, t, r) {
   const { 0: n, 1: a, 2: i, length: o } = e.split(".");
   if (o !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await Ke({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await Oe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, D = te * 24, We = D * 7, Je = D * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, k = (e) => {
+const We = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te * 24, Je = H * 7, De = H * 365.25, He = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, k = (e) => {
   const t = He.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
@@ -637,19 +641,19 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, D = te *
     case "day":
     case "days":
     case "d":
-      a = Math.round(r * D);
+      a = Math.round(r * H);
       break;
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(r * We);
+      a = Math.round(r * Je);
       break;
     default:
-      a = Math.round(r * Je);
+      a = Math.round(r * De);
       break;
   }
   return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, V = (e) => e.toLowerCase().replace(/^application\//, ""), De = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
+}, B = (e) => e.toLowerCase().replace(/^application\//, ""), Ne = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
   let n;
   try {
     n = JSON.parse(C.decode(t));
@@ -658,7 +662,7 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, D = te *
   if (!P(n))
     throw new S("JWT Claims Set must be a top-level JSON object");
   const { typ: a } = r;
-  if (a && (typeof e.typ != "string" || V(e.typ) !== V(a)))
+  if (a && (typeof e.typ != "string" || B(e.typ) !== B(a)))
     throw new h('unexpected "typ" JWT header value', n, "typ", "check_failed");
   const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
   p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
@@ -669,7 +673,7 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, D = te *
     throw new h('unexpected "iss" claim value', n, "iss", "check_failed");
   if (c && n.sub !== c)
     throw new h('unexpected "sub" claim value', n, "sub", "check_failed");
-  if (s && !De(n.aud, typeof s == "string" ? [s] : s))
+  if (s && !Ne(n.aud, typeof s == "string" ? [s] : s))
     throw new h('unexpected "aud" claim value', n, "aud", "check_failed");
   let f;
   switch (typeof r.clockTolerance) {
@@ -685,7 +689,7 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, D = te *
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: U } = r, y = Oe(U || /* @__PURE__ */ new Date());
+  const { currentDate: N } = r, y = We(N || /* @__PURE__ */ new Date());
   if ((n.iat !== void 0 || p) && typeof n.iat != "number")
     throw new h('"iat" claim must be a number', n, "iat", "invalid");
   if (n.nbf !== void 0) {
@@ -701,15 +705,15 @@ const Oe = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, D = te *
       throw new $('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (p) {
-    const l = y - n.iat, x = typeof p == "number" ? p : k(p);
-    if (l - f > x)
+    const l = y - n.iat, O = typeof p == "number" ? p : k(p);
+    if (l - f > O)
       throw new $('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
     if (l < 0 - f)
       throw new h('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
   return n;
 };
-async function Ne(e, t, r) {
+async function $e(e, t, r) {
   var o;
   const n = await xe(e, t, r);
   if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
@@ -717,8 +721,8 @@ async function Ne(e, t, r) {
   const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
   return typeof t == "function" ? { ...i, key: n.key } : i;
 }
-const $e = b;
-function Le(e) {
+const Le = b;
+function Me(e) {
   if (typeof e != "string")
     throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
   const { 1: t, length: r } = e.split(".");
@@ -730,7 +734,7 @@ function Le(e) {
     throw new S("JWTs must contain a payload");
   let n;
   try {
-    n = $e(t);
+    n = Le(t);
   } catch {
     throw new S("Failed to base64url decode the payload");
   }
@@ -744,46 +748,46 @@ function Le(e) {
     throw new S("Invalid JWT Claims Set");
   return a;
 }
-const et = async (e) => {
+const rt = async (e) => {
   try {
-    const t = N.ALG, n = await Ae(ne, t);
-    return await Ne(e, n, {
-      issuer: N.ISSUER
+    const t = U.ALG, n = await be(ae, t);
+    return await $e(e, n, {
+      issuer: U.ISSUER
     });
   } catch {
     return;
   }
-}, tt = (e) => {
+}, nt = (e) => {
   try {
-    return Le(e);
+    return Me(e);
   } catch {
     return;
   }
 };
 var d = [];
-for (var H = 0; H < 256; ++H)
-  d.push((H + 256).toString(16).slice(1));
-function Me(e, t = 0) {
+for (var D = 0; D < 256; ++D)
+  d.push((D + 256).toString(16).slice(1));
+function ke(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var _, ke = new Uint8Array(16);
-function Ve() {
+var _, Be = new Uint8Array(16);
+function Fe() {
   if (!_ && (_ = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !_))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return _(ke);
+  return _(Be);
 }
-var Be = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const B = {
-  randomUUID: Be
+var Ve = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const F = {
+  randomUUID: Ve
 };
-function F(e, t, r) {
-  if (B.randomUUID && !t && !e)
-    return B.randomUUID();
+function V(e, t, r) {
+  if (F.randomUUID && !t && !e)
+    return F.randomUUID();
   e = e || {};
-  var n = e.random || (e.rng || Ve)();
-  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Me(n);
+  var n = e.random || (e.rng || Fe)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, ke(n);
 }
-const Y = globalThis.crypto, Fe = (e) => `${F()}${F()}`.slice(0, e), Ye = (e) => btoa(
+const Y = globalThis.crypto, Ye = (e) => `${V()}${V()}`.slice(0, e), qe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
 async function re(e) {
@@ -792,49 +796,54 @@ async function re(e) {
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
   const t = new TextEncoder().encode(e), r = await Y.subtle.digest("SHA-256", t);
-  return Ye(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function rt(e) {
+async function at(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const r = Fe(t), n = await re(r);
+  const r = Ye(t), n = await re(r);
   return {
     code_verifier: r,
     code_challenge: n
   };
 }
-async function nt(e, t) {
+async function ot(e, t) {
   return t === await re(e);
 }
-const qe = /^Bearer (.+)$/i, ze = (e) => {
-  if (typeof e.authorization != "string")
+const ze = /^Bearer (.+)$/i, Ge = (e) => {
+  if (typeof (e == null ? void 0 : e.authorization) != "string")
     return;
-  const t = e.authorization.match(qe);
+  const t = e.authorization.match(ze);
   if (t)
     return t[1];
-}, Ge = (e, t) => {
-  const r = e.cookie, n = new RegExp(`auth.${t}=(.+?)(?:;|$)`);
+}, Xe = (e, t) => {
+  const r = e == null ? void 0 : e.cookie;
   if (typeof r != "string")
     return;
-  const a = r.match(n);
+  const n = new RegExp(`auth.${t}=(.+?)(?:;|$)`), a = r.match(n);
   if (a)
     return a[1];
-}, at = (e, t) => {
-  const r = ze(e), n = Ge(e, t);
-  return !n && !r ? "" : n || r;
+}, Qe = (e) => {
+  const t = e == null ? void 0 : e[ne.ACCESS_TOKEN];
+  if (typeof t == "string")
+    return t;
+}, it = ({ headers: e, body: t, clientId: r }) => {
+  const n = Ge(e), a = Xe(e, r);
+  return Qe(t) || a || n || "";
 };
 export {
-  je as API_TYPE,
-  Qe as AUTH_TYPES,
-  Xe as HEADERS,
-  N as JWT,
-  ne as JWT_PUBLIC_KEY,
-  Ze as TOKEN_EXPIRATION,
-  tt as decodeToken,
+  tt as API_TYPE,
+  Ze as AUTH_TYPES,
+  ne as BODY,
+  je as HEADERS,
+  U as JWT,
+  ae as JWT_PUBLIC_KEY,
+  et as TOKEN_EXPIRATION,
+  nt as decodeToken,
   re as generateCodeChallenge,
-  at as getToken,
-  rt as pkceChallengePair,
-  et as verifyAndExtractToken,
-  nt as verifyChallenge
+  it as getToken,
+  at as pkceChallengePair,
+  rt as verifyAndExtractToken,
+  ot as verifyChallenge
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "2.12.1",
+	"version": "3.0.1",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -36,5 +36,5 @@
 		"jose": "5.6.3",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "a85e00ff8943fae7d4160f582b030962fa68472d"
+	"gitHead": "b21bfead4526c0deff0a015887b5dee5e398a02d"
 }