@versini/auth-common 2.8.0 → 2.10.0

package/dist/index.d.ts

@@ -5,6 +5,7 @@ declare const AUTH_TYPES: {
     ACCESS_TOKEN: string;
     ID_AND_ACCESS_TOKEN: string;
     CODE: string;
+    REFRESH_TOKEN: string;
 };
 declare const HEADERS: {
     CLIENT_ID: string;
@@ -29,6 +30,7 @@ declare const API_TYPE: {
 };
 
 declare const verifyAndExtractToken: (token: string) => Promise<jose.JWTVerifyResult<jose.JWTPayload> | undefined>;
+declare const decodeToken: (token: string) => jose.JWTPayload | undefined;
 
 /**
  * Generate a PKCE code challenge from a code verifier.
@@ -56,4 +58,4 @@ declare function pkceChallengePair(length?: number): Promise<{
  */
 declare function verifyChallenge(code_verifier: string, expectedChallenge: string): Promise<boolean>;
 
-export { API_TYPE, AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, generateCodeChallenge, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
+export { API_TYPE, AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, pkceChallengePair, verifyAndExtractToken, verifyChallenge };

package/dist/index.js

@@ -1,30 +1,31 @@
 /*!
-  @versini/auth-common v2.8.0
+  @versini/auth-common v2.10.0
   © 2024 gizmette.com
 */
 try {
   window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
-    version: "2.8.0",
-    buildTime: "06/27/2024 06:57 PM EDT",
+    version: "2.10.0",
+    buildTime: "06/29/2024 12:23 PM EDT",
     homepage: "https://github.com/aversini/auth-client",
     license: "MIT"
   });
 } catch {
 }
-const Ke = {
+const Ge = {
   ID_TOKEN: "id_token",
   ACCESS_TOKEN: "token",
   ID_AND_ACCESS_TOKEN: "id_token token",
-  CODE: "code"
-}, De = {
+  CODE: "code",
+  REFRESH_TOKEN: "refresh_token"
+}, ze = {
   CLIENT_ID: "X-Auth-ClientId"
-}, K = {
+}, N = {
   ALG: "RS256",
   USER_ID_KEY: "sub",
   TOKEN_ID_KEY: "__raw",
   NONCE_KEY: "_nonce",
   ISSUER: "gizmette.com"
-}, X = `-----BEGIN PUBLIC KEY-----
+}, ne = `-----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
 w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
 i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -32,32 +33,32 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
 l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
 sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
 awIDAQAB
------END PUBLIC KEY-----`, He = {
+-----END PUBLIC KEY-----`, Ye = {
   ACCESS: "5m",
   ID: "90d",
   REFRESH: "90d"
-}, Ne = {
+}, Qe = {
   AUTHENTICATE: "authenticate",
   CODE: "code",
   LOGOUT: "logout"
-}, O = crypto, V = (e) => e instanceof CryptoKey, g = new TextEncoder(), _ = new TextDecoder();
-function j(...e) {
-  const t = e.reduce((o, { length: i }) => o + i, 0), n = new Uint8Array(t);
-  let r = 0;
-  for (const o of e)
-    n.set(o, r), r += o.length;
-  return n;
+}, x = crypto, G = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
+function ae(...e) {
+  const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
+  let n = 0;
+  for (const a of e)
+    r.set(a, n), n += a.length;
+  return r;
 }
-const Z = (e) => {
-  const t = atob(e), n = new Uint8Array(t.length);
-  for (let r = 0; r < t.length; r++)
-    n[r] = t.charCodeAt(r);
-  return n;
-}, R = (e) => {
+const oe = (e) => {
+  const t = atob(e), r = new Uint8Array(t.length);
+  for (let n = 0; n < t.length; n++)
+    r[n] = t.charCodeAt(n);
+  return r;
+}, A = (e) => {
   let t = e;
-  t instanceof Uint8Array && (t = _.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
   try {
-    return Z(t);
+    return oe(t);
   } catch {
     throw new TypeError("The input to be decoded is not correctly encoded.");
   }
@@ -67,27 +68,27 @@ class b extends Error {
     return "ERR_JOSE_GENERIC";
   }
   constructor(t) {
-    var n;
-    super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
+    var r;
+    super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
   }
 }
-class h extends b {
+class f extends b {
   static get code() {
     return "ERR_JWT_CLAIM_VALIDATION_FAILED";
   }
-  constructor(t, n, r = "unspecified", o = "unspecified") {
-    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = o, this.payload = n;
+  constructor(t, r, n = "unspecified", a = "unspecified") {
+    super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class D extends b {
+class $ extends b {
   static get code() {
     return "ERR_JWT_EXPIRED";
   }
-  constructor(t, n, r = "unspecified", o = "unspecified") {
-    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = o, this.payload = n;
+  constructor(t, r, n = "unspecified", a = "unspecified") {
+    super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
   }
 }
-class ee extends b {
+class ie extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
   }
@@ -95,7 +96,7 @@ class ee extends b {
     return "ERR_JOSE_ALG_NOT_ALLOWED";
   }
 }
-class C extends b {
+class w extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
   }
@@ -111,7 +112,7 @@ class u extends b {
     return "ERR_JWS_INVALID";
   }
 }
-class B extends b {
+class S extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWT_INVALID";
   }
@@ -119,7 +120,7 @@ class B extends b {
     return "ERR_JWT_INVALID";
   }
 }
-class te extends b {
+class ce extends b {
   constructor() {
     super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
   }
@@ -130,13 +131,13 @@ class te extends b {
 function m(e, t = "algorithm.name") {
   return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
 }
-function A(e, t) {
+function T(e, t) {
   return e.name === t;
 }
-function v(e) {
+function K(e) {
   return parseInt(e.name.slice(4), 10);
 }
-function re(e) {
+function se(e) {
   switch (e) {
     case "ES256":
       return "P-256";
@@ -148,47 +149,47 @@ function re(e) {
       throw new Error("unreachable");
   }
 }
-function ne(e, t) {
-  if (t.length && !t.some((n) => e.usages.includes(n))) {
-    let n = "CryptoKey does not support this operation, its usages must include ";
+function de(e, t) {
+  if (t.length && !t.some((r) => e.usages.includes(r))) {
+    let r = "CryptoKey does not support this operation, its usages must include ";
     if (t.length > 2) {
-      const r = t.pop();
-      n += `one of ${t.join(", ")}, or ${r}.`;
+      const n = t.pop();
+      r += `one of ${t.join(", ")}, or ${n}.`;
     } else
-      t.length === 2 ? n += `one of ${t[0]} or ${t[1]}.` : n += `${t[0]}.`;
-    throw new TypeError(n);
+      t.length === 2 ? r += `one of ${t[0]} or ${t[1]}.` : r += `${t[0]}.`;
+    throw new TypeError(r);
   }
 }
-function oe(e, t, ...n) {
+function ue(e, t, ...r) {
   switch (t) {
     case "HS256":
     case "HS384":
     case "HS512": {
-      if (!A(e.algorithm, "HMAC"))
+      if (!T(e.algorithm, "HMAC"))
         throw m("HMAC");
-      const r = parseInt(t.slice(2), 10);
-      if (v(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      const n = parseInt(t.slice(2), 10);
+      if (K(e.algorithm.hash) !== n)
+        throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "RS256":
     case "RS384":
     case "RS512": {
-      if (!A(e.algorithm, "RSASSA-PKCS1-v1_5"))
+      if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
         throw m("RSASSA-PKCS1-v1_5");
-      const r = parseInt(t.slice(2), 10);
-      if (v(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      const n = parseInt(t.slice(2), 10);
+      if (K(e.algorithm.hash) !== n)
+        throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "PS256":
     case "PS384":
     case "PS512": {
-      if (!A(e.algorithm, "RSA-PSS"))
+      if (!T(e.algorithm, "RSA-PSS"))
         throw m("RSA-PSS");
-      const r = parseInt(t.slice(2), 10);
-      if (v(e.algorithm.hash) !== r)
-        throw m(`SHA-${r}`, "algorithm.hash");
+      const n = parseInt(t.slice(2), 10);
+      if (K(e.algorithm.hash) !== n)
+        throw m(`SHA-${n}`, "algorithm.hash");
       break;
     }
     case "EdDSA": {
@@ -199,55 +200,55 @@ function oe(e, t, ...n) {
     case "ES256":
     case "ES384":
     case "ES512": {
-      if (!A(e.algorithm, "ECDSA"))
+      if (!T(e.algorithm, "ECDSA"))
         throw m("ECDSA");
-      const r = re(t);
-      if (e.algorithm.namedCurve !== r)
-        throw m(r, "algorithm.namedCurve");
+      const n = se(t);
+      if (e.algorithm.namedCurve !== n)
+        throw m(n, "algorithm.namedCurve");
       break;
     }
     default:
       throw new TypeError("CryptoKey does not support this operation");
   }
-  ne(e, n);
+  de(e, r);
 }
-function F(e, t, ...n) {
-  var r;
-  if (n.length > 2) {
-    const o = n.pop();
-    e += `one of type ${n.join(", ")}, or ${o}.`;
+function z(e, t, ...r) {
+  var n;
+  if (r.length > 2) {
+    const a = r.pop();
+    e += `one of type ${r.join(", ")}, or ${a}.`;
   } else
-    n.length === 2 ? e += `one of type ${n[0]} or ${n[1]}.` : e += `of type ${n[0]}.`;
-  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
+    r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
+  return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
 }
-const H = (e, ...t) => F("Key must be ", e, ...t);
-function G(e, t, ...n) {
-  return F(`Key for the ${e} algorithm must be `, t, ...n);
+const L = (e, ...t) => z("Key must be ", e, ...t);
+function Y(e, t, ...r) {
+  return z(`Key for the ${e} algorithm must be `, t, ...r);
 }
-const Y = (e) => V(e), E = ["CryptoKey"], ae = (...e) => {
+const Q = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], le = (...e) => {
   const t = e.filter(Boolean);
   if (t.length === 0 || t.length === 1)
     return !0;
-  let n;
-  for (const r of t) {
-    const o = Object.keys(r);
-    if (!n || n.size === 0) {
-      n = new Set(o);
+  let r;
+  for (const n of t) {
+    const a = Object.keys(n);
+    if (!r || r.size === 0) {
+      r = new Set(a);
       continue;
     }
-    for (const i of o) {
-      if (n.has(i))
+    for (const i of a) {
+      if (r.has(i))
         return !1;
-      n.add(i);
+      r.add(i);
     }
   }
   return !0;
 };
-function ie(e) {
+function he(e) {
   return typeof e == "object" && e !== null;
 }
-function x(e) {
-  if (!ie(e) || Object.prototype.toString.call(e) !== "[object Object]")
+function _(e) {
+  if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
     return !1;
   if (Object.getPrototypeOf(e) === null)
     return !0;
@@ -256,51 +257,153 @@ function x(e) {
     t = Object.getPrototypeOf(t);
   return Object.getPrototypeOf(e) === t;
 }
-const ce = (e, t) => {
+const fe = (e, t) => {
   if (e.startsWith("RS") || e.startsWith("PS")) {
-    const { modulusLength: n } = t.algorithm;
-    if (typeof n != "number" || n < 2048)
+    const { modulusLength: r } = t.algorithm;
+    if (typeof r != "number" || r < 2048)
       throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
   }
-}, S = (e, t, n = 0) => {
-  n === 0 && (t.unshift(t.length), t.unshift(6));
-  const r = e.indexOf(t[0], n);
-  if (r === -1)
+};
+function pe(e) {
+  let t, r;
+  switch (e.kty) {
+    case "RSA": {
+      switch (e.alg) {
+        case "PS256":
+        case "PS384":
+        case "PS512":
+          t = { name: "RSA-PSS", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "RS256":
+        case "RS384":
+        case "RS512":
+          t = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "RSA-OAEP":
+        case "RSA-OAEP-256":
+        case "RSA-OAEP-384":
+        case "RSA-OAEP-512":
+          t = {
+            name: "RSA-OAEP",
+            hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
+          }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
+          break;
+        default:
+          throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
+    case "EC": {
+      switch (e.alg) {
+        case "ES256":
+          t = { name: "ECDSA", namedCurve: "P-256" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ES384":
+          t = { name: "ECDSA", namedCurve: "P-384" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ES512":
+          t = { name: "ECDSA", namedCurve: "P-521" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ECDH-ES":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+          t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
+          break;
+        default:
+          throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
+    case "OKP": {
+      switch (e.alg) {
+        case "EdDSA":
+          t = { name: e.crv }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ECDH-ES":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+          t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
+          break;
+        default:
+          throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
+    default:
+      throw new w('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+  }
+  return { algorithm: t, keyUsages: r };
+}
+const me = async (e) => {
+  if (!e.alg)
+    throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
+  const { algorithm: t, keyUsages: r } = pe(e), n = [
+    t,
+    e.ext ?? !1,
+    e.key_ops ?? r
+  ], a = { ...e };
+  return delete a.alg, delete a.use, x.subtle.importKey("jwk", a, ...n);
+}, X = (e) => A(e);
+let W, J;
+const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
+  let a = e.get(t);
+  if (a != null && a[n])
+    return a[n];
+  const i = await me({ ...r, alg: n });
+  return a ? a[n] = i : e.set(t, { [n]: i }), i;
+}, Se = (e, t) => {
+  if (Z(e)) {
+    let r = e.export({ format: "jwk" });
+    return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? X(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
+  }
+  return e;
+}, ye = (e, t) => {
+  if (Z(e)) {
+    let r = e.export({ format: "jwk" });
+    return r.k ? X(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), j(W, e, r, t));
+  }
+  return e;
+}, Ee = { normalizePublicKey: Se, normalizePrivateKey: ye }, E = (e, t, r = 0) => {
+  r === 0 && (t.unshift(t.length), t.unshift(6));
+  const n = e.indexOf(t[0], r);
+  if (n === -1)
     return !1;
-  const o = e.subarray(r, r + t.length);
-  return o.length !== t.length ? !1 : o.every((i, a) => i === t[a]) || S(e, t, r + 1);
-}, N = (e) => {
+  const a = e.subarray(n, n + t.length);
+  return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || E(e, t, n + 1);
+}, M = (e) => {
   switch (!0) {
-    case S(e, [42, 134, 72, 206, 61, 3, 1, 7]):
+    case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
       return "P-256";
-    case S(e, [43, 129, 4, 0, 34]):
+    case E(e, [43, 129, 4, 0, 34]):
       return "P-384";
-    case S(e, [43, 129, 4, 0, 35]):
+    case E(e, [43, 129, 4, 0, 35]):
       return "P-521";
-    case S(e, [43, 101, 110]):
+    case E(e, [43, 101, 110]):
       return "X25519";
-    case S(e, [43, 101, 111]):
+    case E(e, [43, 101, 111]):
       return "X448";
-    case S(e, [43, 101, 112]):
+    case E(e, [43, 101, 112]):
       return "Ed25519";
-    case S(e, [43, 101, 113]):
+    case E(e, [43, 101, 113]):
       return "Ed448";
     default:
-      throw new C("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
+      throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
   }
-}, se = async (e, t, n, r, o) => {
-  let i, a;
-  const c = new Uint8Array(atob(n.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
-  switch (r) {
+}, we = async (e, t, r, n, a) => {
+  let i, o;
+  const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
+  switch (n) {
     case "PS256":
     case "PS384":
     case "PS512":
-      i = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
+      i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
       break;
     case "RS256":
     case "RS384":
     case "RS512":
-      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
+      i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
       break;
     case "RSA-OAEP":
     case "RSA-OAEP-256":
@@ -308,130 +411,130 @@ const ce = (e, t) => {
     case "RSA-OAEP-512":
       i = {
         name: "RSA-OAEP",
-        hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
-      }, a = ["encrypt", "wrapKey"];
+        hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
+      }, o = ["encrypt", "wrapKey"];
       break;
     case "ES256":
-      i = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
+      i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
       break;
     case "ES384":
-      i = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
+      i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
       break;
     case "ES512":
-      i = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
+      i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
       break;
     case "ECDH-ES":
     case "ECDH-ES+A128KW":
     case "ECDH-ES+A192KW":
     case "ECDH-ES+A256KW": {
-      const s = N(c);
-      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, a = [];
+      const s = M(c);
+      i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
       break;
     }
     case "EdDSA":
-      i = { name: N(c) }, a = ["verify"];
+      i = { name: M(c) }, o = ["verify"];
       break;
     default:
-      throw new C('Invalid or unsupported "alg" (Algorithm) value');
+      throw new w('Invalid or unsupported "alg" (Algorithm) value');
   }
-  return O.subtle.importKey(t, c, i, !1, a);
-}, de = (e, t, n) => se(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
-async function ue(e, t, n) {
+  return x.subtle.importKey(t, c, i, !1, o);
+}, ge = (e, t, r) => we(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
+async function be(e, t, r) {
   if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
     throw new TypeError('"spki" must be SPKI formatted string');
-  return de(e, t);
+  return ge(e, t);
 }
-const le = (e, t) => {
+const P = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ae = (e, t) => {
   if (!(t instanceof Uint8Array)) {
-    if (!Y(t))
-      throw new TypeError(G(e, t, ...E, "Uint8Array"));
+    if (!Q(t))
+      throw new TypeError(Y(e, t, ...R, "Uint8Array"));
     if (t.type !== "secret")
-      throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
+      throw new TypeError(`${P(t)} instances for symmetric algorithms must be of type "secret"`);
   }
-}, fe = (e, t, n) => {
-  if (!Y(t))
-    throw new TypeError(G(e, t, ...E));
+}, Ce = (e, t, r) => {
+  if (!Q(t))
+    throw new TypeError(Y(e, t, ...R));
   if (t.type === "secret")
-    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
-  if (t.algorithm && n === "verify" && t.type === "private")
-    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
-  if (t.algorithm && n === "encrypt" && t.type === "private")
-    throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
-}, he = (e, t, n) => {
-  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? le(e, t) : fe(e, t, n);
+    throw new TypeError(`${P(t)} instances for asymmetric algorithms must not be of type "secret"`);
+  if (t.algorithm && r === "verify" && t.type === "private")
+    throw new TypeError(`${P(t)} instances for asymmetric algorithm verifying must be of type "public"`);
+  if (t.algorithm && r === "encrypt" && t.type === "private")
+    throw new TypeError(`${P(t)} instances for asymmetric algorithm encryption must be of type "public"`);
+}, ve = (e, t, r) => {
+  e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ae(e, t) : Ce(e, t, r);
 };
-function pe(e, t, n, r, o) {
-  if (o.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
+function Te(e, t, r, n, a) {
+  if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
     throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
-  if (!r || r.crit === void 0)
+  if (!n || n.crit === void 0)
     return /* @__PURE__ */ new Set();
-  if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
+  if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
     throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
   let i;
-  n !== void 0 ? i = new Map([...Object.entries(n), ...t.entries()]) : i = t;
-  for (const a of r.crit) {
-    if (!i.has(a))
-      throw new C(`Extension Header Parameter "${a}" is not recognized`);
-    if (o[a] === void 0)
-      throw new e(`Extension Header Parameter "${a}" is missing`);
-    if (i.get(a) && r[a] === void 0)
-      throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
-  }
-  return new Set(r.crit);
-}
-const me = (e, t) => {
-  if (t !== void 0 && (!Array.isArray(t) || t.some((n) => typeof n != "string")))
+  r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
+  for (const o of n.crit) {
+    if (!i.has(o))
+      throw new w(`Extension Header Parameter "${o}" is not recognized`);
+    if (a[o] === void 0)
+      throw new e(`Extension Header Parameter "${o}" is missing`);
+    if (i.get(o) && n[o] === void 0)
+      throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
+  }
+  return new Set(n.crit);
+}
+const Ie = (e, t) => {
+  if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
     throw new TypeError(`"${e}" option must be an array of strings`);
   if (t)
     return new Set(t);
 };
-function ye(e, t) {
-  const n = `SHA-${e.slice(-3)}`;
+function Pe(e, t) {
+  const r = `SHA-${e.slice(-3)}`;
   switch (e) {
     case "HS256":
     case "HS384":
     case "HS512":
-      return { hash: n, name: "HMAC" };
+      return { hash: r, name: "HMAC" };
     case "PS256":
     case "PS384":
     case "PS512":
-      return { hash: n, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
+      return { hash: r, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
     case "RS256":
     case "RS384":
     case "RS512":
-      return { hash: n, name: "RSASSA-PKCS1-v1_5" };
+      return { hash: r, name: "RSASSA-PKCS1-v1_5" };
     case "ES256":
     case "ES384":
     case "ES512":
-      return { hash: n, name: "ECDSA", namedCurve: t.namedCurve };
+      return { hash: r, name: "ECDSA", namedCurve: t.namedCurve };
     case "EdDSA":
       return { name: t.name };
     default:
-      throw new C(`alg ${e} is not supported either by JOSE or your javascript runtime`);
+      throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
   }
 }
-function Se(e, t, n) {
-  if (V(t))
-    return oe(t, e, n), t;
+async function Re(e, t, r) {
+  if (t = await Ee.normalizePublicKey(t, e), G(t))
+    return ue(t, e, r), t;
   if (t instanceof Uint8Array) {
     if (!e.startsWith("HS"))
-      throw new TypeError(H(t, ...E));
-    return O.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [n]);
+      throw new TypeError(L(t, ...R));
+    return x.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
   }
-  throw new TypeError(H(t, ...E, "Uint8Array"));
+  throw new TypeError(L(t, ...R, "Uint8Array"));
 }
-const Ee = async (e, t, n, r) => {
-  const o = await Se(e, t, "verify");
-  ce(e, o);
-  const i = ye(e, o.algorithm);
+const _e = async (e, t, r, n) => {
+  const a = await Re(e, t, "verify");
+  fe(e, a);
+  const i = Pe(e, a.algorithm);
   try {
-    return await O.subtle.verify(i, o, n, r);
+    return await x.subtle.verify(i, a, r, n);
   } catch {
     return !1;
   }
 };
-async function we(e, t, n) {
-  if (!x(e))
+async function xe(e, t, r) {
+  if (!_(e))
     throw new u("Flattened JWS must be an object");
   if (e.protected === void 0 && e.header === void 0)
     throw new u('Flattened JWS must have either of the "protected" or "header" members');
@@ -441,245 +544,279 @@ async function we(e, t, n) {
     throw new u("JWS Payload missing");
   if (typeof e.signature != "string")
     throw new u("JWS Signature missing or incorrect type");
-  if (e.header !== void 0 && !x(e.header))
+  if (e.header !== void 0 && !_(e.header))
     throw new u("JWS Unprotected Header incorrect type");
-  let r = {};
+  let n = {};
   if (e.protected)
     try {
-      const T = R(e.protected);
-      r = JSON.parse(_.decode(T));
+      const O = A(e.protected);
+      n = JSON.parse(C.decode(O));
     } catch {
       throw new u("JWS Protected Header is invalid");
     }
-  if (!ae(r, e.header))
+  if (!le(n, e.header))
     throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
-  const o = {
-    ...r,
+  const a = {
+    ...n,
     ...e.header
-  }, i = pe(u, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, o);
-  let a = !0;
-  if (i.has("b64") && (a = r.b64, typeof a != "boolean"))
+  }, i = Te(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
+  let o = !0;
+  if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
     throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
-  const { alg: c } = o;
+  const { alg: c } = a;
   if (typeof c != "string" || !c)
     throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
-  const s = n && me("algorithms", n.algorithms);
+  const s = r && Ie("algorithms", r.algorithms);
   if (s && !s.has(c))
-    throw new ee('"alg" (Algorithm) Header Parameter value not allowed');
-  if (a) {
+    throw new ie('"alg" (Algorithm) Header Parameter value not allowed');
+  if (o) {
     if (typeof e.payload != "string")
       throw new u("JWS Payload must be a string");
   } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
     throw new u("JWS Payload must be a string or an Uint8Array instance");
   let p = !1;
-  typeof t == "function" && (t = await t(r, e), p = !0), he(c, t, "verify");
-  const w = j(g.encode(e.protected ?? ""), g.encode("."), typeof e.payload == "string" ? g.encode(e.payload) : e.payload);
-  let f;
+  typeof t == "function" && (t = await t(n, e), p = !0), ve(c, t, "verify");
+  const g = ae(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
+  let h;
   try {
-    f = R(e.signature);
+    h = A(e.signature);
   } catch {
     throw new u("Failed to base64url decode the signature");
   }
-  if (!await Ee(c, t, f, w))
-    throw new te();
+  if (!await _e(c, t, h, g))
+    throw new ce();
   let y;
-  if (a)
+  if (o)
     try {
-      y = R(e.payload);
+      y = A(e.payload);
     } catch {
       throw new u("Failed to base64url decode the payload");
     }
   else
-    typeof e.payload == "string" ? y = g.encode(e.payload) : y = e.payload;
+    typeof e.payload == "string" ? y = v.encode(e.payload) : y = e.payload;
   const l = { payload: y };
-  return e.protected !== void 0 && (l.protectedHeader = r), e.header !== void 0 && (l.unprotectedHeader = e.header), p ? { ...l, key: t } : l;
+  return e.protected !== void 0 && (l.protectedHeader = n), e.header !== void 0 && (l.unprotectedHeader = e.header), p ? { ...l, key: t } : l;
 }
-async function be(e, t, n) {
-  if (e instanceof Uint8Array && (e = _.decode(e)), typeof e != "string")
+async function Oe(e, t, r) {
+  if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
     throw new u("Compact JWS must be a string or Uint8Array");
-  const { 0: r, 1: o, 2: i, length: a } = e.split(".");
-  if (a !== 3)
+  const { 0: n, 1: a, 2: i, length: o } = e.split(".");
+  if (o !== 3)
     throw new u("Invalid Compact JWS");
-  const c = await we({ payload: o, protected: r, signature: i }, t, n), s = { payload: c.payload, protectedHeader: c.protectedHeader };
+  const c = await xe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
   return typeof t == "function" ? { ...s, key: c.key } : s;
 }
-const ge = (e) => Math.floor(e.getTime() / 1e3), q = 60, z = q * 60, J = z * 24, Ae = J * 7, Ie = J * 365.25, _e = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, W = (e) => {
-  const t = _e.exec(e);
+const Ke = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te * 24, We = H * 7, Je = H * 365.25, De = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, V = (e) => {
+  const t = De.exec(e);
   if (!t || t[4] && t[1])
     throw new TypeError("Invalid time period format");
-  const n = parseFloat(t[2]), r = t[3].toLowerCase();
-  let o;
-  switch (r) {
+  const r = parseFloat(t[2]), n = t[3].toLowerCase();
+  let a;
+  switch (n) {
     case "sec":
     case "secs":
     case "second":
     case "seconds":
     case "s":
-      o = Math.round(n);
+      a = Math.round(r);
       break;
     case "minute":
     case "minutes":
     case "min":
     case "mins":
     case "m":
-      o = Math.round(n * q);
+      a = Math.round(r * ee);
       break;
     case "hour":
     case "hours":
     case "hr":
     case "hrs":
     case "h":
-      o = Math.round(n * z);
+      a = Math.round(r * te);
       break;
     case "day":
     case "days":
     case "d":
-      o = Math.round(n * J);
+      a = Math.round(r * H);
       break;
     case "week":
     case "weeks":
     case "w":
-      o = Math.round(n * Ae);
+      a = Math.round(r * We);
       break;
     default:
-      o = Math.round(n * Ie);
+      a = Math.round(r * Je);
       break;
   }
-  return t[1] === "-" || t[4] === "ago" ? -o : o;
-}, $ = (e) => e.toLowerCase().replace(/^application\//, ""), Ce = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Te = (e, t, n = {}) => {
-  let r;
+  return t[1] === "-" || t[4] === "ago" ? -a : a;
+}, k = (e) => e.toLowerCase().replace(/^application\//, ""), He = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
+  let n;
   try {
-    r = JSON.parse(_.decode(t));
+    n = JSON.parse(C.decode(t));
   } catch {
   }
-  if (!x(r))
-    throw new B("JWT Claims Set must be a top-level JSON object");
-  const { typ: o } = n;
-  if (o && (typeof e.typ != "string" || $(e.typ) !== $(o)))
-    throw new h('unexpected "typ" JWT header value', r, "typ", "check_failed");
-  const { requiredClaims: i = [], issuer: a, subject: c, audience: s, maxTokenAge: p } = n, w = [...i];
-  p !== void 0 && w.push("iat"), s !== void 0 && w.push("aud"), c !== void 0 && w.push("sub"), a !== void 0 && w.push("iss");
-  for (const l of new Set(w.reverse()))
-    if (!(l in r))
-      throw new h(`missing required "${l}" claim`, r, l, "missing");
-  if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
-    throw new h('unexpected "iss" claim value', r, "iss", "check_failed");
-  if (c && r.sub !== c)
-    throw new h('unexpected "sub" claim value', r, "sub", "check_failed");
-  if (s && !Ce(r.aud, typeof s == "string" ? [s] : s))
-    throw new h('unexpected "aud" claim value', r, "aud", "check_failed");
-  let f;
-  switch (typeof n.clockTolerance) {
+  if (!_(n))
+    throw new S("JWT Claims Set must be a top-level JSON object");
+  const { typ: a } = r;
+  if (a && (typeof e.typ != "string" || k(e.typ) !== k(a)))
+    throw new f('unexpected "typ" JWT header value', n, "typ", "check_failed");
+  const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
+  p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
+  for (const l of new Set(g.reverse()))
+    if (!(l in n))
+      throw new f(`missing required "${l}" claim`, n, l, "missing");
+  if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
+    throw new f('unexpected "iss" claim value', n, "iss", "check_failed");
+  if (c && n.sub !== c)
+    throw new f('unexpected "sub" claim value', n, "sub", "check_failed");
+  if (s && !He(n.aud, typeof s == "string" ? [s] : s))
+    throw new f('unexpected "aud" claim value', n, "aud", "check_failed");
+  let h;
+  switch (typeof r.clockTolerance) {
     case "string":
-      f = W(n.clockTolerance);
+      h = V(r.clockTolerance);
       break;
     case "number":
-      f = n.clockTolerance;
+      h = r.clockTolerance;
       break;
     case "undefined":
-      f = 0;
+      h = 0;
       break;
     default:
       throw new TypeError("Invalid clockTolerance option type");
   }
-  const { currentDate: U } = n, y = ge(U || /* @__PURE__ */ new Date());
-  if ((r.iat !== void 0 || p) && typeof r.iat != "number")
-    throw new h('"iat" claim must be a number', r, "iat", "invalid");
-  if (r.nbf !== void 0) {
-    if (typeof r.nbf != "number")
-      throw new h('"nbf" claim must be a number', r, "nbf", "invalid");
-    if (r.nbf > y + f)
-      throw new h('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
-  }
-  if (r.exp !== void 0) {
-    if (typeof r.exp != "number")
-      throw new h('"exp" claim must be a number', r, "exp", "invalid");
-    if (r.exp <= y - f)
-      throw new D('"exp" claim timestamp check failed', r, "exp", "check_failed");
+  const { currentDate: U } = r, y = Ke(U || /* @__PURE__ */ new Date());
+  if ((n.iat !== void 0 || p) && typeof n.iat != "number")
+    throw new f('"iat" claim must be a number', n, "iat", "invalid");
+  if (n.nbf !== void 0) {
+    if (typeof n.nbf != "number")
+      throw new f('"nbf" claim must be a number', n, "nbf", "invalid");
+    if (n.nbf > y + h)
+      throw new f('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
+  }
+  if (n.exp !== void 0) {
+    if (typeof n.exp != "number")
+      throw new f('"exp" claim must be a number', n, "exp", "invalid");
+    if (n.exp <= y - h)
+      throw new $('"exp" claim timestamp check failed', n, "exp", "check_failed");
   }
   if (p) {
-    const l = y - r.iat, T = typeof p == "number" ? p : W(p);
-    if (l - f > T)
-      throw new D('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
-    if (l < 0 - f)
-      throw new h('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
+    const l = y - n.iat, O = typeof p == "number" ? p : V(p);
+    if (l - h > O)
+      throw new $('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
+    if (l < 0 - h)
+      throw new f('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
   }
-  return r;
+  return n;
 };
-async function Re(e, t, n) {
-  var a;
-  const r = await be(e, t, n);
-  if ((a = r.protectedHeader.crit) != null && a.includes("b64") && r.protectedHeader.b64 === !1)
-    throw new B("JWTs MUST NOT use unencoded payload");
-  const i = { payload: Te(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
-  return typeof t == "function" ? { ...i, key: r.key } : i;
-}
-const We = async (e) => {
+async function Ne(e, t, r) {
+  var o;
+  const n = await Oe(e, t, r);
+  if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
+    throw new S("JWTs MUST NOT use unencoded payload");
+  const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
+  return typeof t == "function" ? { ...i, key: n.key } : i;
+}
+const $e = A;
+function Le(e) {
+  if (typeof e != "string")
+    throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
+  const { 1: t, length: r } = e.split(".");
+  if (r === 5)
+    throw new S("Only JWTs using Compact JWS serialization can be decoded");
+  if (r !== 3)
+    throw new S("Invalid JWT");
+  if (!t)
+    throw new S("JWTs must contain a payload");
+  let n;
   try {
-    const t = K.ALG, r = await ue(X, t);
-    return await Re(e, r, {
-      issuer: K.ISSUER
+    n = $e(t);
+  } catch {
+    throw new S("Failed to base64url decode the payload");
+  }
+  let a;
+  try {
+    a = JSON.parse(C.decode(n));
+  } catch {
+    throw new S("Failed to parse the decoded payload as JSON");
+  }
+  if (!_(a))
+    throw new S("Invalid JWT Claims Set");
+  return a;
+}
+const Xe = async (e) => {
+  try {
+    const t = N.ALG, n = await be(ne, t);
+    return await Ne(e, n, {
+      issuer: N.ISSUER
     });
   } catch {
     return;
   }
+}, Ze = (e) => {
+  try {
+    return Le(e);
+  } catch {
+    return;
+  }
 };
 var d = [];
-for (var P = 0; P < 256; ++P)
-  d.push((P + 256).toString(16).slice(1));
-function ve(e, t = 0) {
+for (var D = 0; D < 256; ++D)
+  d.push((D + 256).toString(16).slice(1));
+function Me(e, t = 0) {
   return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
 }
-var I, Pe = new Uint8Array(16);
-function xe() {
+var I, Ve = new Uint8Array(16);
+function ke() {
   if (!I && (I = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !I))
     throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
-  return I(Pe);
+  return I(Ve);
 }
-var Oe = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
-const L = {
-  randomUUID: Oe
+var Be = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
+const B = {
+  randomUUID: Be
 };
-function k(e, t, n) {
-  if (L.randomUUID && !t && !e)
-    return L.randomUUID();
+function F(e, t, r) {
+  if (B.randomUUID && !t && !e)
+    return B.randomUUID();
   e = e || {};
-  var r = e.random || (e.rng || xe)();
-  return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, ve(r);
+  var n = e.random || (e.rng || ke)();
+  return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Me(n);
 }
-const M = globalThis.crypto, Je = (e) => `${k()}${k()}`.slice(0, e), Ue = (e) => btoa(
+const q = globalThis.crypto, Fe = (e) => `${F()}${F()}`.slice(0, e), qe = (e) => btoa(
   [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
 );
-async function Q(e) {
-  if (!M.subtle)
+async function re(e) {
+  if (!q.subtle)
     throw new Error(
       "crypto.subtle is available only in secure contexts (HTTPS)."
     );
-  const t = new TextEncoder().encode(e), n = await M.subtle.digest("SHA-256", t);
-  return Ue(n).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  const t = new TextEncoder().encode(e), r = await q.subtle.digest("SHA-256", t);
+  return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
 }
-async function $e(e) {
+async function je(e) {
   const t = e || 43;
   if (t < 43 || t > 128)
     throw `Expected a length between 43 and 128. Received ${e}.`;
-  const n = Je(t), r = await Q(n);
+  const r = Fe(t), n = await re(r);
   return {
-    code_verifier: n,
-    code_challenge: r
+    code_verifier: r,
+    code_challenge: n
   };
 }
-async function Le(e, t) {
-  return t === await Q(e);
+async function et(e, t) {
+  return t === await re(e);
 }
 export {
-  Ne as API_TYPE,
-  Ke as AUTH_TYPES,
-  De as HEADERS,
-  K as JWT,
-  X as JWT_PUBLIC_KEY,
-  He as TOKEN_EXPIRATION,
-  Q as generateCodeChallenge,
-  $e as pkceChallengePair,
-  We as verifyAndExtractToken,
-  Le as verifyChallenge
+  Qe as API_TYPE,
+  Ge as AUTH_TYPES,
+  ze as HEADERS,
+  N as JWT,
+  ne as JWT_PUBLIC_KEY,
+  Ye as TOKEN_EXPIRATION,
+  Ze as decodeToken,
+  re as generateCodeChallenge,
+  je as pkceChallengePair,
+  Xe as verifyAndExtractToken,
+  et as verifyChallenge
 };

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@versini/auth-common",
-	"version": "2.8.0",
+	"version": "2.10.0",
 	"license": "MIT",
 	"author": "Arno Versini",
 	"publishConfig": {
@@ -32,8 +32,8 @@
 		"test": "vitest run"
 	},
 	"dependencies": {
-		"jose": "5.4.1",
+		"jose": "5.6.2",
 		"uuid": "10.0.0"
 	},
-	"gitHead": "2a2665c70c76f0ee6772124b4703ac1bf3446435"
+	"gitHead": "5abd68fc5595a95360b4e80088cc39c067722085"
 }