@versini/auth-common 2.3.0 → 2.5.0

package/dist/index.d.ts

@@ -2,6 +2,8 @@ import * as jose from 'jose';
 
 declare const AUTH_TYPES: {
     ID_TOKEN: string;
+    ACCESS_TOKEN: string;
+    ID_AND_ACCESS_TOKEN: string;
 };
 declare const HEADERS: {
     CLIENT_ID: string;
@@ -13,6 +15,10 @@ declare const JWT: {
     ISSUER: string;
 };
 declare const JWT_PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7\nw5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5\ni1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle\naMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+\nl0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE\nsjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81\nawIDAQAB\n-----END PUBLIC KEY-----";
+declare const TOKEN_EXPIRATION: {
+    ACCESS: string;
+    ID: string;
+};
 declare const verifyAndExtractToken: (token: string, audience: string) => Promise<jose.JWTVerifyResult<jose.JWTPayload> | undefined>;
 
-export { AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, verifyAndExtractToken };
+export { AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, verifyAndExtractToken };

package/dist/index.js

@@ -1,22 +1,22 @@
 /*!
-  @versini/auth-common v2.3.0
+  @versini/auth-common v2.5.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.3.0",
-    buildTime: "06/24/2024 06:08 PM EDT",
+    version: "2.5.0",
+    buildTime: "06/25/2024 05:52 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const P = crypto, D = (e) => e instanceof CryptoKey, b = new TextEncoder(), g = new TextDecoder();
+const P = crypto, D = (e) => e instanceof CryptoKey, A = new TextEncoder(), g = new TextDecoder();
 function V(...e) {
-  const t = e.reduce((a, { length: i }) => a + i, 0), n = new Uint8Array(t);
+  const t = e.reduce((o, { length: i }) => o + i, 0), n = new Uint8Array(t);
   let r = 0;
-  for (const a of e)
-    n.set(a, r), r += a.length;
+  for (const o of e)
+    n.set(o, r), r += o.length;
   return n;
 }
 const F = (e) => {
@@ -24,7 +24,7 @@ const F = (e) => {
   for (let r = 0; r < t.length; r++)
     n[r] = t.charCodeAt(r);
   return n;
-}, R = (e) => {
+}, C = (e) => {
   let t = e;
   t instanceof Uint8Array && (t = g.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
@@ -33,7 +33,7 @@ const F = (e) => {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
 };
-class E extends Error {
+class w extends Error {
   static get code() {
     return "ERR_JOSE_GENERIC";
   }
@@ -42,23 +42,23 @@ class E extends Error {
     super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
   }
 }
-class h extends E {
+class h extends w {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
-  constructor(t, n, r = "unspecified", a = "unspecified") {
-    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = a, this.payload = n;
+  constructor(t, n, r = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = o, this.payload = n;
   }
 }
-class O extends E {
+class O extends w {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
-  constructor(t, n, r = "unspecified", a = "unspecified") {
-    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = a, this.payload = n;
+  constructor(t, n, r = "unspecified", o = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = o, this.payload = n;
   }
 }
-class G extends E {
+class G extends w {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -66,7 +66,7 @@ class G extends E {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class I extends E {
+class I extends w {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -74,7 +74,7 @@ class I extends E {
     return "ERR_JOSE_NOT_SUPPORTED";
   }
 }
-class d extends E {
+class d extends w {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_INVALID";
   }
@@ -82,7 +82,7 @@ class d extends E {
     return "ERR_JWS_INVALID";
   }
 }
-class L extends E {
+class k extends w {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -90,7 +90,7 @@ class L extends E {
     return "ERR_JWT_INVALID";
   }
 }
-class q extends E {
+class q extends w {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -101,7 +101,7 @@ class q extends E {
 function p(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function A(e, t) {
+function b(e, t) {
   return e.name === t;
 }
 function T(e) {
@@ -135,7 +135,7 @@ function Q(e, t, ...n) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!A(e.algorithm, "HMAC"))
+      if (!b(e.algorithm, "HMAC"))
         throw p("HMAC");
       const r = parseInt(t.slice(2), 10);
       if (T(e.algorithm.hash) !== r)
@@ -145,7 +145,7 @@ function Q(e, t, ...n) {
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!A(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!b(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw p("RSASSA-PKCS1-v1_5");
       const r = parseInt(t.slice(2), 10);
       if (T(e.algorithm.hash) !== r)
@@ -155,7 +155,7 @@ function Q(e, t, ...n) {
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!A(e.algorithm, "RSA-PSS"))
+      if (!b(e.algorithm, "RSA-PSS"))
         throw p("RSA-PSS");
       const r = parseInt(t.slice(2), 10);
       if (T(e.algorithm.hash) !== r)
@@ -170,7 +170,7 @@ function Q(e, t, ...n) {
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!A(e.algorithm, "ECDSA"))
+      if (!b(e.algorithm, "ECDSA"))
         throw p("ECDSA");
       const r = Y(t);
       if (e.algorithm.namedCurve !== r)
@@ -182,31 +182,31 @@ function Q(e, t, ...n) {
   }
   z(e, n);
 }
-function U(e, t, ...n) {
+function L(e, t, ...n) {
   var r;
   if (n.length > 2) {
-    const a = n.pop();
-    e += `one of type ${n.join(", ")}, or ${a}.`;
+    const o = n.pop();
+    e += `one of type ${n.join(", ")}, or ${o}.`;
   } else
     n.length === 2 ? e += `one of type ${n[0]} or ${n[1]}.` : e += `of type ${n[0]}.`;
   return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const J = (e, ...t) => U("Key must be ", e, ...t);
-function $(e, t, ...n) {
-  return U(`Key for the ${e} algorithm must be `, t, ...n);
+const J = (e, ...t) => L("Key must be ", e, ...t);
+function U(e, t, ...n) {
+  return L(`Key for the ${e} algorithm must be `, t, ...n);
 }
-const k = (e) => D(e), S = ["CryptoKey"], X = (...e) => {
+const $ = (e) => D(e), S = ["CryptoKey"], X = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
   let n;
   for (const r of t) {
-    const a = Object.keys(r);
+    const o = Object.keys(r);
     if (!n || n.size === 0) {
-      n = new Set(a);
+      n = new Set(o);
       continue;
     }
-    for (const i of a) {
+    for (const i of o) {
       if (n.has(i))
         return !1;
       n.add(i);
@@ -217,7 +217,7 @@ const k = (e) => D(e), S = ["CryptoKey"], X = (...e) => {
 function j(e) {
   return typeof e == "object" && e !== null;
 }
-function C(e) {
+function R(e) {
   if (!j(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
@@ -238,9 +238,9 @@ const Z = (e, t) => {
   const r = e.indexOf(t[0], n);
   if (r === -1)
     return !1;
-  const a = e.subarray(r, r + t.length);
-  return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || y(e, t, r + 1);
-}, W = (e) => {
+  const o = e.subarray(r, r + t.length);
+  return o.length !== t.length ? !1 : o.every((i, a) => i === t[a]) || y(e, t, r + 1);
+}, K = (e) => {
   switch (!0) {
     case y(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
@@ -259,19 +259,19 @@ const Z = (e, t) => {
     default:
       throw new I("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, ee = async (e, t, n, r, a) => {
-  let i, o;
+}, ee = async (e, t, n, r, o) => {
+  let i, a;
   const c = new Uint8Array(atob(n.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
   switch (r) {
     case "PS256":
     case "PS384":
     case "PS512":
-      i = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, o = ["verify"];
+      i = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, o = ["verify"];
+      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
@@ -280,32 +280,32 @@ const Z = (e, t) => {
       i = {
         name: "RSA-OAEP",
         hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
-      }, o = ["encrypt", "wrapKey"];
+      }, a = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
+      i = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
       break;
     case "ES384":
-      i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
+      i = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
       break;
     case "ES512":
-      i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
+      i = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const s = W(c);
-      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
+      const s = K(c);
+      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, a = [];
       break;
     }
     case "EdDSA":
-      i = { name: W(c) }, o = ["verify"];
+      i = { name: K(c) }, a = ["verify"];
       break;
     default:
       throw new I('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return P.subtle.importKey(t, c, i, !1, o);
+  return P.subtle.importKey(t, c, i, !1, a);
 }, te = (e, t, n) => ee(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
 async function re(e, t, n) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
@@ -314,39 +314,39 @@ async function re(e, t, n) {
 }
 const ne = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!k(t))
-      throw new TypeError($(e, t, ...S, "Uint8Array"));
+    if (!$(t))
+      throw new TypeError(U(e, t, ...S, "Uint8Array"));
     if (t.type !== "secret")
       throw new TypeError(`${S.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
   }
-}, ae = (e, t, n) => {
-  if (!k(t))
-    throw new TypeError($(e, t, ...S));
+}, oe = (e, t, n) => {
+  if (!$(t))
+    throw new TypeError(U(e, t, ...S));
   if (t.type === "secret")
     throw new TypeError(`${S.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
   if (t.algorithm && n === "verify" && t.type === "private")
     throw new TypeError(`${S.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
   if (t.algorithm && n === "encrypt" && t.type === "private")
     throw new TypeError(`${S.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
-}, oe = (e, t, n) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? ne(e, t) : ae(e, t, n);
+}, ae = (e, t, n) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? ne(e, t) : oe(e, t, n);
 };
-function ie(e, t, n, r, a) {
-  if (a.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
+function ie(e, t, n, r, o) {
+  if (o.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
   if (!r || r.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((o) => typeof o != "string" || o.length === 0))
+  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
   let i;
   n !== void 0 ? i = new Map([...Object.entries(n), ...t.entries()]) : i = t;
-  for (const o of r.crit) {
-    if (!i.has(o))
-      throw new I(`Extension Header Parameter "${o}" is not recognized`);
-    if (a[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" is missing`);
-    if (i.get(o) && r[o] === void 0)
-      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
+  for (const a of r.crit) {
+    if (!i.has(a))
+      throw new I(`Extension Header Parameter "${a}" is not recognized`);
+    if (o[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" is missing`);
+    if (i.get(a) && r[a] === void 0)
+      throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
   }
   return new Set(r.crit);
 }
@@ -392,17 +392,17 @@ function de(e, t, n) {
   throw new TypeError(J(t, ...S, "Uint8Array"));
 }
 const ue = async (e, t, n, r) => {
-  const a = await de(e, t, "verify");
-  Z(e, a);
-  const i = se(e, a.algorithm);
+  const o = await de(e, t, "verify");
+  Z(e, o);
+  const i = se(e, o.algorithm);
   try {
-    return await P.subtle.verify(i, a, n, r);
+    return await P.subtle.verify(i, o, n, r);
   } catch {
     return !1;
   }
 };
 async function fe(e, t, n) {
-  if (!C(e))
+  if (!R(e))
     throw new d("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new d('Flattened JWS must have either of the "protected" or "header" members');
@@ -412,128 +412,128 @@ async function fe(e, t, n) {
     throw new d("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new d("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !C(e.header))
+  if (e.header !== void 0 && !R(e.header))
     throw new d("JWS Unprotected Header incorrect type");
   let r = {};
   if (e.protected)
     try {
-      const _ = R(e.protected);
+      const _ = C(e.protected);
       r = JSON.parse(g.decode(_));
     } catch {
       throw new d("JWS Protected Header is invalid");
     }
   if (!X(r, e.header))
     throw new d("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const a = {
+  const o = {
     ...r,
     ...e.header
-  }, i = ie(d, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, a);
-  let o = !0;
-  if (i.has("b64") && (o = r.b64, typeof o != "boolean"))
+  }, i = ie(d, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, o);
+  let a = !0;
+  if (i.has("b64") && (a = r.b64, typeof a != "boolean"))
     throw new d('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: c } = a;
+  const { alg: c } = o;
   if (typeof c != "string" || !c)
     throw new d('JWS "alg" (Algorithm) Header Parameter missing or invalid');
   const s = n && ce("algorithms", n.algorithms);
   if (s && !s.has(c))
     throw new G('"alg" (Algorithm) Header Parameter value not allowed');
-  if (o) {
+  if (a) {
     if (typeof e.payload != "string")
       throw new d("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new d("JWS Payload must be a string or an Uint8Array instance");
   let l = !1;
-  typeof t == "function" && (t = await t(r, e), l = !0), oe(c, t, "verify");
-  const w = V(b.encode(e.protected ?? ""), b.encode("."), typeof e.payload == "string" ? b.encode(e.payload) : e.payload);
+  typeof t == "function" && (t = await t(r, e), l = !0), ae(c, t, "verify");
+  const E = V(A.encode(e.protected ?? ""), A.encode("."), typeof e.payload == "string" ? A.encode(e.payload) : e.payload);
   let f;
   try {
-    f = R(e.signature);
+    f = C(e.signature);
   } catch {
     throw new d("Failed to base64url decode the signature");
   }
-  if (!await ue(c, t, f, w))
+  if (!await ue(c, t, f, E))
     throw new q();
   let m;
-  if (o)
+  if (a)
     try {
-      m = R(e.payload);
+      m = C(e.payload);
     } catch {
       throw new d("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? m = b.encode(e.payload) : m = e.payload;
+    typeof e.payload == "string" ? m = A.encode(e.payload) : m = e.payload;
   const u = { payload: m };
   return e.protected !== void 0 && (u.protectedHeader = r), e.header !== void 0 && (u.unprotectedHeader = e.header), l ? { ...u, key: t } : u;
 }
 async function he(e, t, n) {
   if (e instanceof Uint8Array && (e = g.decode(e)), typeof e != "string")
     throw new d("Compact JWS must be a string or Uint8Array");
-  const { 0: r, 1: a, 2: i, length: o } = e.split(".");
-  if (o !== 3)
+  const { 0: r, 1: o, 2: i, length: a } = e.split(".");
+  if (a !== 3)
     throw new d("Invalid Compact JWS");
-  const c = await fe({ payload: a, protected: r, signature: i }, t, n), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await fe({ payload: o, protected: r, signature: i }, t, n), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24, pe = v * 7, me = v * 365.25, ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, K = (e) => {
+const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24, pe = v * 7, me = v * 365.25, ye = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, W = (e) => {
   const t = ye.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
   const n = parseFloat(t[2]), r = t[3].toLowerCase();
-  let a;
+  let o;
   switch (r) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      a = Math.round(n);
+      o = Math.round(n);
       break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      a = Math.round(n * M);
+      o = Math.round(n * M);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      a = Math.round(n * B);
+      o = Math.round(n * B);
       break;
     case "day":
     case "days":
     case "d":
-      a = Math.round(n * v);
+      o = Math.round(n * v);
       break;
     case "week":
     case "weeks":
     case "w":
-      a = Math.round(n * pe);
+      o = Math.round(n * pe);
       break;
     default:
-      a = Math.round(n * me);
+      o = Math.round(n * me);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -a : a;
-}, H = (e) => e.toLowerCase().replace(/^application\//, ""), Se = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, we = (e, t, n = {}) => {
+  return t[1] === "-" || t[4] === "ago" ? -o : o;
+}, N = (e) => e.toLowerCase().replace(/^application\//, ""), Se = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ee = (e, t, n = {}) => {
   let r;
   try {
     r = JSON.parse(g.decode(t));
   } catch {
   }
-  if (!C(r))
-    throw new L("JWT Claims Set must be a top-level JSON object");
-  const { typ: a } = n;
-  if (a && (typeof e.typ != "string" || H(e.typ) !== H(a)))
+  if (!R(r))
+    throw new k("JWT Claims Set must be a top-level JSON object");
+  const { typ: o } = n;
+  if (o && (typeof e.typ != "string" || N(e.typ) !== N(o)))
     throw new h('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: l } = n, w = [...i];
-  l !== void 0 && w.push("iat"), s !== void 0 && w.push("aud"), c !== void 0 && w.push("sub"), o !== void 0 && w.push("iss");
-  for (const u of new Set(w.reverse()))
+  const { requiredClaims: i = [], issuer: a, subject: c, audience: s, maxTokenAge: l } = n, E = [...i];
+  l !== void 0 && E.push("iat"), s !== void 0 && E.push("aud"), c !== void 0 && E.push("sub"), a !== void 0 && E.push("iss");
+  for (const u of new Set(E.reverse()))
     if (!(u in r))
       throw new h(`missing required "${u}" claim`, r, u, "missing");
-  if (o && !(Array.isArray(o) ? o : [o]).includes(r.iss))
+  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
     throw new h('unexpected "iss" claim value', r, "iss", "check_failed");
   if (c && r.sub !== c)
     throw new h('unexpected "sub" claim value', r, "sub", "check_failed");
@@ -542,7 +542,7 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
   let f;
   switch (typeof n.clockTolerance) {
     case "string":
-      f = K(n.clockTolerance);
+      f = W(n.clockTolerance);
       break;
     case "number":
       f = n.clockTolerance;
@@ -569,7 +569,7 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
       throw new O('"exp" claim timestamp check failed', r, "exp", "check_failed");
   }
   if (l) {
-    const u = m - r.iat, _ = typeof l == "number" ? l : K(l);
+    const u = m - r.iat, _ = typeof l == "number" ? l : W(l);
     if (u - f > _)
       throw new O('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
     if (u < 0 - f)
@@ -577,24 +577,26 @@ const le = (e) => Math.floor(e.getTime() / 1e3), M = 60, B = M * 60, v = B * 24,
   }
   return r;
 };
-async function Ee(e, t, n) {
-  var o;
+async function we(e, t, n) {
+  var a;
   const r = await he(e, t, n);
-  if ((o = r.protectedHeader.crit) != null && o.includes("b64") && r.protectedHeader.b64 === !1)
-    throw new L("JWTs MUST NOT use unencoded payload");
-  const i = { payload: we(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
+  if ((a = r.protectedHeader.crit) != null && a.includes("b64") && r.protectedHeader.b64 === !1)
+    throw new k("JWTs MUST NOT use unencoded payload");
+  const i = { payload: Ee(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
   return typeof t == "function" ? { ...i, key: r.key } : i;
 }
-const Ae = {
-  ID_TOKEN: "id_token"
+const be = {
+  ID_TOKEN: "id_token",
+  ACCESS_TOKEN: "token",
+  ID_AND_ACCESS_TOKEN: "id_token token"
 }, ge = {
   CLIENT_ID: "X-Auth-ClientId"
-}, N = {
+}, H = {
   ALG: "RS256",
   USER_ID_KEY: "_id",
   TOKEN_ID_KEY: "__raw",
   ISSUER: "gizmette.com"
-}, be = `-----BEGIN PUBLIC KEY-----
+}, Ae = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -602,11 +604,14 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, Ie = async (e, t) => {
+-----END PUBLIC KEY-----`, Ie = {
+  ACCESS: "5m",
+  ID: "90d"
+}, _e = async (e, t) => {
   try {
-    const n = N.ALG, a = await re(be, n);
-    return await Ee(e, a, {
-      issuer: N.ISSUER,
+    const n = H.ALG, o = await re(Ae, n);
+    return await we(e, o, {
+      issuer: H.ISSUER,
       audience: t
     });
   } catch {
@@ -614,9 +619,10 @@ awIDAQAB
   }
 };
 export {
-  Ae as AUTH_TYPES,
+  be as AUTH_TYPES,
   ge as HEADERS,
-  N as JWT,
-  be as JWT_PUBLIC_KEY,
-  Ie as verifyAndExtractToken
+  H as JWT,
+  Ae as JWT_PUBLIC_KEY,
+  Ie as TOKEN_EXPIRATION,
+  _e as verifyAndExtractToken
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "2.3.0",
+	"version": "2.5.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -32,5 +32,5 @@
 	"dependencies": {
 		"jose": "5.4.1"
 	},
-	"gitHead": "3dd474c4a7e9b9595df1ff4a2c16a18dff8fe193"
+	"gitHead": "25c60a5226b6f9d95aa3a3fcdbbc8448181e937a"
 }