@versini/auth-common 2.9.0 → 2.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.d.ts +2 -1
  2. package/dist/index.js +443 -307
  3. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -30,6 +30,7 @@ declare const API_TYPE: {
30
30
  };
31
31
 
32
32
  declare const verifyAndExtractToken: (token: string) => Promise<jose.JWTVerifyResult<jose.JWTPayload> | undefined>;
33
+ declare const decodeToken: (token: string) => jose.JWTPayload | undefined;
33
34
 
34
35
  /**
35
36
  * Generate a PKCE code challenge from a code verifier.
@@ -57,4 +58,4 @@ declare function pkceChallengePair(length?: number): Promise<{
57
58
  */
58
59
  declare function verifyChallenge(code_verifier: string, expectedChallenge: string): Promise<boolean>;
59
60
 
60
- export { API_TYPE, AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, generateCodeChallenge, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
61
+ export { API_TYPE, AUTH_TYPES, HEADERS, JWT, JWT_PUBLIC_KEY, TOKEN_EXPIRATION, decodeToken, generateCodeChallenge, pkceChallengePair, verifyAndExtractToken, verifyChallenge };
package/dist/index.js CHANGED
@@ -1,31 +1,31 @@
1
1
  /*!
2
- @versini/auth-common v2.9.0
2
+ @versini/auth-common v2.10.0
3
3
  © 2024 gizmette.com
4
4
  */
5
5
  try {
6
6
  window.__VERSINI_AUTH_COMMON__ || (window.__VERSINI_AUTH_COMMON__ = {
7
- version: "2.9.0",
8
- buildTime: "06/28/2024 09:16 AM EDT",
7
+ version: "2.10.0",
8
+ buildTime: "06/29/2024 12:23 PM EDT",
9
9
  homepage: "https://github.com/aversini/auth-client",
10
10
  license: "MIT"
11
11
  });
12
12
  } catch {
13
13
  }
14
- const Ue = {
14
+ const Ge = {
15
15
  ID_TOKEN: "id_token",
16
16
  ACCESS_TOKEN: "token",
17
17
  ID_AND_ACCESS_TOKEN: "id_token token",
18
18
  CODE: "code",
19
19
  REFRESH_TOKEN: "refresh_token"
20
- }, De = {
20
+ }, ze = {
21
21
  CLIENT_ID: "X-Auth-ClientId"
22
- }, U = {
22
+ }, N = {
23
23
  ALG: "RS256",
24
24
  USER_ID_KEY: "sub",
25
25
  TOKEN_ID_KEY: "__raw",
26
26
  NONCE_KEY: "_nonce",
27
27
  ISSUER: "gizmette.com"
28
- }, X = `-----BEGIN PUBLIC KEY-----
28
+ }, ne = `-----BEGIN PUBLIC KEY-----
29
29
  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsF6i3Jd9fY/3COqCw/m7
30
30
  w5PKyTYLGAI2I6SIIdpe6i6DOCbEkmDz7LdVsBqwNtVi8gvWYIj+8ol6rU3qu1v5
31
31
  i1Jd45GSK4kzkVdgCmQZbM5ak0KI99q5wsrAIzUd+LRJ2HRvWtr5IYdsIiXaQjle
@@ -33,32 +33,32 @@ aMwPFOIcJH+rKfFgNcHLcaS5syp7zU1ANwZ+trgR+DifBr8TLVkBynmNeTyhDm2+
33
33
  l0haqjMk0UoNPPE8iYBWUHQJJE1Dqstj65d6Eh5g64Pao25y4cmYJbKjiblIGEkE
34
34
  sjqybA9mARAqh9k/eiIopecWSiffNQTwVQVd2I9ZH3BalhEXHlqFgrjz51kFqg81
35
35
  awIDAQAB
36
- -----END PUBLIC KEY-----`, He = {
36
+ -----END PUBLIC KEY-----`, Ye = {
37
37
  ACCESS: "5m",
38
38
  ID: "90d",
39
39
  REFRESH: "90d"
40
- }, Ne = {
40
+ }, Qe = {
41
41
  AUTHENTICATE: "authenticate",
42
42
  CODE: "code",
43
43
  LOGOUT: "logout"
44
- }, O = crypto, V = (e) => e instanceof CryptoKey, g = new TextEncoder(), _ = new TextDecoder();
45
- function j(...e) {
46
- const t = e.reduce((o, { length: i }) => o + i, 0), n = new Uint8Array(t);
47
- let r = 0;
48
- for (const o of e)
49
- n.set(o, r), r += o.length;
50
- return n;
44
+ }, x = crypto, G = (e) => e instanceof CryptoKey, v = new TextEncoder(), C = new TextDecoder();
45
+ function ae(...e) {
46
+ const t = e.reduce((a, { length: i }) => a + i, 0), r = new Uint8Array(t);
47
+ let n = 0;
48
+ for (const a of e)
49
+ r.set(a, n), n += a.length;
50
+ return r;
51
51
  }
52
- const Z = (e) => {
53
- const t = atob(e), n = new Uint8Array(t.length);
54
- for (let r = 0; r < t.length; r++)
55
- n[r] = t.charCodeAt(r);
56
- return n;
57
- }, R = (e) => {
52
+ const oe = (e) => {
53
+ const t = atob(e), r = new Uint8Array(t.length);
54
+ for (let n = 0; n < t.length; n++)
55
+ r[n] = t.charCodeAt(n);
56
+ return r;
57
+ }, A = (e) => {
58
58
  let t = e;
59
- t instanceof Uint8Array && (t = _.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
59
+ t instanceof Uint8Array && (t = C.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
60
60
  try {
61
- return Z(t);
61
+ return oe(t);
62
62
  } catch {
63
63
  throw new TypeError("The input to be decoded is not correctly encoded.");
64
64
  }
@@ -68,27 +68,27 @@ class b extends Error {
68
68
  return "ERR_JOSE_GENERIC";
69
69
  }
70
70
  constructor(t) {
71
- var n;
72
- super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (n = Error.captureStackTrace) == null || n.call(Error, this, this.constructor);
71
+ var r;
72
+ super(t), this.code = "ERR_JOSE_GENERIC", this.name = this.constructor.name, (r = Error.captureStackTrace) == null || r.call(Error, this, this.constructor);
73
73
  }
74
74
  }
75
- class h extends b {
75
+ class f extends b {
76
76
  static get code() {
77
77
  return "ERR_JWT_CLAIM_VALIDATION_FAILED";
78
78
  }
79
- constructor(t, n, r = "unspecified", o = "unspecified") {
80
- super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = r, this.reason = o, this.payload = n;
79
+ constructor(t, r, n = "unspecified", a = "unspecified") {
80
+ super(t), this.code = "ERR_JWT_CLAIM_VALIDATION_FAILED", this.claim = n, this.reason = a, this.payload = r;
81
81
  }
82
82
  }
83
- class D extends b {
83
+ class $ extends b {
84
84
  static get code() {
85
85
  return "ERR_JWT_EXPIRED";
86
86
  }
87
- constructor(t, n, r = "unspecified", o = "unspecified") {
88
- super(t), this.code = "ERR_JWT_EXPIRED", this.claim = r, this.reason = o, this.payload = n;
87
+ constructor(t, r, n = "unspecified", a = "unspecified") {
88
+ super(t), this.code = "ERR_JWT_EXPIRED", this.claim = n, this.reason = a, this.payload = r;
89
89
  }
90
90
  }
91
- class ee extends b {
91
+ class ie extends b {
92
92
  constructor() {
93
93
  super(...arguments), this.code = "ERR_JOSE_ALG_NOT_ALLOWED";
94
94
  }
@@ -96,7 +96,7 @@ class ee extends b {
96
96
  return "ERR_JOSE_ALG_NOT_ALLOWED";
97
97
  }
98
98
  }
99
- class C extends b {
99
+ class w extends b {
100
100
  constructor() {
101
101
  super(...arguments), this.code = "ERR_JOSE_NOT_SUPPORTED";
102
102
  }
@@ -112,7 +112,7 @@ class u extends b {
112
112
  return "ERR_JWS_INVALID";
113
113
  }
114
114
  }
115
- class B extends b {
115
+ class S extends b {
116
116
  constructor() {
117
117
  super(...arguments), this.code = "ERR_JWT_INVALID";
118
118
  }
@@ -120,7 +120,7 @@ class B extends b {
120
120
  return "ERR_JWT_INVALID";
121
121
  }
122
122
  }
123
- class te extends b {
123
+ class ce extends b {
124
124
  constructor() {
125
125
  super(...arguments), this.code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED", this.message = "signature verification failed";
126
126
  }
@@ -131,13 +131,13 @@ class te extends b {
131
131
  function m(e, t = "algorithm.name") {
132
132
  return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);
133
133
  }
134
- function A(e, t) {
134
+ function T(e, t) {
135
135
  return e.name === t;
136
136
  }
137
- function v(e) {
137
+ function K(e) {
138
138
  return parseInt(e.name.slice(4), 10);
139
139
  }
140
- function re(e) {
140
+ function se(e) {
141
141
  switch (e) {
142
142
  case "ES256":
143
143
  return "P-256";
@@ -149,47 +149,47 @@ function re(e) {
149
149
  throw new Error("unreachable");
150
150
  }
151
151
  }
152
- function ne(e, t) {
153
- if (t.length && !t.some((n) => e.usages.includes(n))) {
154
- let n = "CryptoKey does not support this operation, its usages must include ";
152
+ function de(e, t) {
153
+ if (t.length && !t.some((r) => e.usages.includes(r))) {
154
+ let r = "CryptoKey does not support this operation, its usages must include ";
155
155
  if (t.length > 2) {
156
- const r = t.pop();
157
- n += `one of ${t.join(", ")}, or ${r}.`;
156
+ const n = t.pop();
157
+ r += `one of ${t.join(", ")}, or ${n}.`;
158
158
  } else
159
- t.length === 2 ? n += `one of ${t[0]} or ${t[1]}.` : n += `${t[0]}.`;
160
- throw new TypeError(n);
159
+ t.length === 2 ? r += `one of ${t[0]} or ${t[1]}.` : r += `${t[0]}.`;
160
+ throw new TypeError(r);
161
161
  }
162
162
  }
163
- function oe(e, t, ...n) {
163
+ function ue(e, t, ...r) {
164
164
  switch (t) {
165
165
  case "HS256":
166
166
  case "HS384":
167
167
  case "HS512": {
168
- if (!A(e.algorithm, "HMAC"))
168
+ if (!T(e.algorithm, "HMAC"))
169
169
  throw m("HMAC");
170
- const r = parseInt(t.slice(2), 10);
171
- if (v(e.algorithm.hash) !== r)
172
- throw m(`SHA-${r}`, "algorithm.hash");
170
+ const n = parseInt(t.slice(2), 10);
171
+ if (K(e.algorithm.hash) !== n)
172
+ throw m(`SHA-${n}`, "algorithm.hash");
173
173
  break;
174
174
  }
175
175
  case "RS256":
176
176
  case "RS384":
177
177
  case "RS512": {
178
- if (!A(e.algorithm, "RSASSA-PKCS1-v1_5"))
178
+ if (!T(e.algorithm, "RSASSA-PKCS1-v1_5"))
179
179
  throw m("RSASSA-PKCS1-v1_5");
180
- const r = parseInt(t.slice(2), 10);
181
- if (v(e.algorithm.hash) !== r)
182
- throw m(`SHA-${r}`, "algorithm.hash");
180
+ const n = parseInt(t.slice(2), 10);
181
+ if (K(e.algorithm.hash) !== n)
182
+ throw m(`SHA-${n}`, "algorithm.hash");
183
183
  break;
184
184
  }
185
185
  case "PS256":
186
186
  case "PS384":
187
187
  case "PS512": {
188
- if (!A(e.algorithm, "RSA-PSS"))
188
+ if (!T(e.algorithm, "RSA-PSS"))
189
189
  throw m("RSA-PSS");
190
- const r = parseInt(t.slice(2), 10);
191
- if (v(e.algorithm.hash) !== r)
192
- throw m(`SHA-${r}`, "algorithm.hash");
190
+ const n = parseInt(t.slice(2), 10);
191
+ if (K(e.algorithm.hash) !== n)
192
+ throw m(`SHA-${n}`, "algorithm.hash");
193
193
  break;
194
194
  }
195
195
  case "EdDSA": {
@@ -200,55 +200,55 @@ function oe(e, t, ...n) {
200
200
  case "ES256":
201
201
  case "ES384":
202
202
  case "ES512": {
203
- if (!A(e.algorithm, "ECDSA"))
203
+ if (!T(e.algorithm, "ECDSA"))
204
204
  throw m("ECDSA");
205
- const r = re(t);
206
- if (e.algorithm.namedCurve !== r)
207
- throw m(r, "algorithm.namedCurve");
205
+ const n = se(t);
206
+ if (e.algorithm.namedCurve !== n)
207
+ throw m(n, "algorithm.namedCurve");
208
208
  break;
209
209
  }
210
210
  default:
211
211
  throw new TypeError("CryptoKey does not support this operation");
212
212
  }
213
- ne(e, n);
213
+ de(e, r);
214
214
  }
215
- function F(e, t, ...n) {
216
- var r;
217
- if (n.length > 2) {
218
- const o = n.pop();
219
- e += `one of type ${n.join(", ")}, or ${o}.`;
215
+ function z(e, t, ...r) {
216
+ var n;
217
+ if (r.length > 2) {
218
+ const a = r.pop();
219
+ e += `one of type ${r.join(", ")}, or ${a}.`;
220
220
  } else
221
- n.length === 2 ? e += `one of type ${n[0]} or ${n[1]}.` : e += `of type ${n[0]}.`;
222
- return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (r = t.constructor) != null && r.name && (e += ` Received an instance of ${t.constructor.name}`), e;
221
+ r.length === 2 ? e += `one of type ${r[0]} or ${r[1]}.` : e += `of type ${r[0]}.`;
222
+ return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t != null && (n = t.constructor) != null && n.name && (e += ` Received an instance of ${t.constructor.name}`), e;
223
223
  }
224
- const H = (e, ...t) => F("Key must be ", e, ...t);
225
- function G(e, t, ...n) {
226
- return F(`Key for the ${e} algorithm must be `, t, ...n);
224
+ const L = (e, ...t) => z("Key must be ", e, ...t);
225
+ function Y(e, t, ...r) {
226
+ return z(`Key for the ${e} algorithm must be `, t, ...r);
227
227
  }
228
- const Y = (e) => V(e), E = ["CryptoKey"], ae = (...e) => {
228
+ const Q = (e) => G(e) ? !0 : (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", R = ["CryptoKey"], le = (...e) => {
229
229
  const t = e.filter(Boolean);
230
230
  if (t.length === 0 || t.length === 1)
231
231
  return !0;
232
- let n;
233
- for (const r of t) {
234
- const o = Object.keys(r);
235
- if (!n || n.size === 0) {
236
- n = new Set(o);
232
+ let r;
233
+ for (const n of t) {
234
+ const a = Object.keys(n);
235
+ if (!r || r.size === 0) {
236
+ r = new Set(a);
237
237
  continue;
238
238
  }
239
- for (const i of o) {
240
- if (n.has(i))
239
+ for (const i of a) {
240
+ if (r.has(i))
241
241
  return !1;
242
- n.add(i);
242
+ r.add(i);
243
243
  }
244
244
  }
245
245
  return !0;
246
246
  };
247
- function ie(e) {
247
+ function he(e) {
248
248
  return typeof e == "object" && e !== null;
249
249
  }
250
- function x(e) {
251
- if (!ie(e) || Object.prototype.toString.call(e) !== "[object Object]")
250
+ function _(e) {
251
+ if (!he(e) || Object.prototype.toString.call(e) !== "[object Object]")
252
252
  return !1;
253
253
  if (Object.getPrototypeOf(e) === null)
254
254
  return !0;
@@ -257,51 +257,153 @@ function x(e) {
257
257
  t = Object.getPrototypeOf(t);
258
258
  return Object.getPrototypeOf(e) === t;
259
259
  }
260
- const ce = (e, t) => {
260
+ const fe = (e, t) => {
261
261
  if (e.startsWith("RS") || e.startsWith("PS")) {
262
- const { modulusLength: n } = t.algorithm;
263
- if (typeof n != "number" || n < 2048)
262
+ const { modulusLength: r } = t.algorithm;
263
+ if (typeof r != "number" || r < 2048)
264
264
  throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
265
265
  }
266
- }, S = (e, t, n = 0) => {
267
- n === 0 && (t.unshift(t.length), t.unshift(6));
268
- const r = e.indexOf(t[0], n);
269
- if (r === -1)
266
+ };
267
+ function pe(e) {
268
+ let t, r;
269
+ switch (e.kty) {
270
+ case "RSA": {
271
+ switch (e.alg) {
272
+ case "PS256":
273
+ case "PS384":
274
+ case "PS512":
275
+ t = { name: "RSA-PSS", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
276
+ break;
277
+ case "RS256":
278
+ case "RS384":
279
+ case "RS512":
280
+ t = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
281
+ break;
282
+ case "RSA-OAEP":
283
+ case "RSA-OAEP-256":
284
+ case "RSA-OAEP-384":
285
+ case "RSA-OAEP-512":
286
+ t = {
287
+ name: "RSA-OAEP",
288
+ hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
289
+ }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
290
+ break;
291
+ default:
292
+ throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
293
+ }
294
+ break;
295
+ }
296
+ case "EC": {
297
+ switch (e.alg) {
298
+ case "ES256":
299
+ t = { name: "ECDSA", namedCurve: "P-256" }, r = e.d ? ["sign"] : ["verify"];
300
+ break;
301
+ case "ES384":
302
+ t = { name: "ECDSA", namedCurve: "P-384" }, r = e.d ? ["sign"] : ["verify"];
303
+ break;
304
+ case "ES512":
305
+ t = { name: "ECDSA", namedCurve: "P-521" }, r = e.d ? ["sign"] : ["verify"];
306
+ break;
307
+ case "ECDH-ES":
308
+ case "ECDH-ES+A128KW":
309
+ case "ECDH-ES+A192KW":
310
+ case "ECDH-ES+A256KW":
311
+ t = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
312
+ break;
313
+ default:
314
+ throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
315
+ }
316
+ break;
317
+ }
318
+ case "OKP": {
319
+ switch (e.alg) {
320
+ case "EdDSA":
321
+ t = { name: e.crv }, r = e.d ? ["sign"] : ["verify"];
322
+ break;
323
+ case "ECDH-ES":
324
+ case "ECDH-ES+A128KW":
325
+ case "ECDH-ES+A192KW":
326
+ case "ECDH-ES+A256KW":
327
+ t = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
328
+ break;
329
+ default:
330
+ throw new w('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
331
+ }
332
+ break;
333
+ }
334
+ default:
335
+ throw new w('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
336
+ }
337
+ return { algorithm: t, keyUsages: r };
338
+ }
339
+ const me = async (e) => {
340
+ if (!e.alg)
341
+ throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
342
+ const { algorithm: t, keyUsages: r } = pe(e), n = [
343
+ t,
344
+ e.ext ?? !1,
345
+ e.key_ops ?? r
346
+ ], a = { ...e };
347
+ return delete a.alg, delete a.use, x.subtle.importKey("jwk", a, ...n);
348
+ }, X = (e) => A(e);
349
+ let W, J;
350
+ const Z = (e) => (e == null ? void 0 : e[Symbol.toStringTag]) === "KeyObject", j = async (e, t, r, n) => {
351
+ let a = e.get(t);
352
+ if (a != null && a[n])
353
+ return a[n];
354
+ const i = await me({ ...r, alg: n });
355
+ return a ? a[n] = i : e.set(t, { [n]: i }), i;
356
+ }, Se = (e, t) => {
357
+ if (Z(e)) {
358
+ let r = e.export({ format: "jwk" });
359
+ return delete r.d, delete r.dp, delete r.dq, delete r.p, delete r.q, delete r.qi, r.k ? X(r.k) : (J || (J = /* @__PURE__ */ new WeakMap()), j(J, e, r, t));
360
+ }
361
+ return e;
362
+ }, ye = (e, t) => {
363
+ if (Z(e)) {
364
+ let r = e.export({ format: "jwk" });
365
+ return r.k ? X(r.k) : (W || (W = /* @__PURE__ */ new WeakMap()), j(W, e, r, t));
366
+ }
367
+ return e;
368
+ }, Ee = { normalizePublicKey: Se, normalizePrivateKey: ye }, E = (e, t, r = 0) => {
369
+ r === 0 && (t.unshift(t.length), t.unshift(6));
370
+ const n = e.indexOf(t[0], r);
371
+ if (n === -1)
270
372
  return !1;
271
- const o = e.subarray(r, r + t.length);
272
- return o.length !== t.length ? !1 : o.every((i, a) => i === t[a]) || S(e, t, r + 1);
273
- }, N = (e) => {
373
+ const a = e.subarray(n, n + t.length);
374
+ return a.length !== t.length ? !1 : a.every((i, o) => i === t[o]) || E(e, t, n + 1);
375
+ }, M = (e) => {
274
376
  switch (!0) {
275
- case S(e, [42, 134, 72, 206, 61, 3, 1, 7]):
377
+ case E(e, [42, 134, 72, 206, 61, 3, 1, 7]):
276
378
  return "P-256";
277
- case S(e, [43, 129, 4, 0, 34]):
379
+ case E(e, [43, 129, 4, 0, 34]):
278
380
  return "P-384";
279
- case S(e, [43, 129, 4, 0, 35]):
381
+ case E(e, [43, 129, 4, 0, 35]):
280
382
  return "P-521";
281
- case S(e, [43, 101, 110]):
383
+ case E(e, [43, 101, 110]):
282
384
  return "X25519";
283
- case S(e, [43, 101, 111]):
385
+ case E(e, [43, 101, 111]):
284
386
  return "X448";
285
- case S(e, [43, 101, 112]):
387
+ case E(e, [43, 101, 112]):
286
388
  return "Ed25519";
287
- case S(e, [43, 101, 113]):
389
+ case E(e, [43, 101, 113]):
288
390
  return "Ed448";
289
391
  default:
290
- throw new C("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
392
+ throw new w("Invalid or unsupported EC Key Curve or OKP Key Sub Type");
291
393
  }
292
- }, se = async (e, t, n, r, o) => {
293
- let i, a;
294
- const c = new Uint8Array(atob(n.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
295
- switch (r) {
394
+ }, we = async (e, t, r, n, a) => {
395
+ let i, o;
396
+ const c = new Uint8Array(atob(r.replace(e, "")).split("").map((s) => s.charCodeAt(0)));
397
+ switch (n) {
296
398
  case "PS256":
297
399
  case "PS384":
298
400
  case "PS512":
299
- i = { name: "RSA-PSS", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
401
+ i = { name: "RSA-PSS", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
300
402
  break;
301
403
  case "RS256":
302
404
  case "RS384":
303
405
  case "RS512":
304
- i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${r.slice(-3)}` }, a = ["verify"];
406
+ i = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${n.slice(-3)}` }, o = ["verify"];
305
407
  break;
306
408
  case "RSA-OAEP":
307
409
  case "RSA-OAEP-256":
@@ -309,130 +411,130 @@ const ce = (e, t) => {
309
411
  case "RSA-OAEP-512":
310
412
  i = {
311
413
  name: "RSA-OAEP",
312
- hash: `SHA-${parseInt(r.slice(-3), 10) || 1}`
313
- }, a = ["encrypt", "wrapKey"];
414
+ hash: `SHA-${parseInt(n.slice(-3), 10) || 1}`
415
+ }, o = ["encrypt", "wrapKey"];
314
416
  break;
315
417
  case "ES256":
316
- i = { name: "ECDSA", namedCurve: "P-256" }, a = ["verify"];
418
+ i = { name: "ECDSA", namedCurve: "P-256" }, o = ["verify"];
317
419
  break;
318
420
  case "ES384":
319
- i = { name: "ECDSA", namedCurve: "P-384" }, a = ["verify"];
421
+ i = { name: "ECDSA", namedCurve: "P-384" }, o = ["verify"];
320
422
  break;
321
423
  case "ES512":
322
- i = { name: "ECDSA", namedCurve: "P-521" }, a = ["verify"];
424
+ i = { name: "ECDSA", namedCurve: "P-521" }, o = ["verify"];
323
425
  break;
324
426
  case "ECDH-ES":
325
427
  case "ECDH-ES+A128KW":
326
428
  case "ECDH-ES+A192KW":
327
429
  case "ECDH-ES+A256KW": {
328
- const s = N(c);
329
- i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, a = [];
430
+ const s = M(c);
431
+ i = s.startsWith("P-") ? { name: "ECDH", namedCurve: s } : { name: s }, o = [];
330
432
  break;
331
433
  }
332
434
  case "EdDSA":
333
- i = { name: N(c) }, a = ["verify"];
435
+ i = { name: M(c) }, o = ["verify"];
334
436
  break;
335
437
  default:
336
- throw new C('Invalid or unsupported "alg" (Algorithm) value');
438
+ throw new w('Invalid or unsupported "alg" (Algorithm) value');
337
439
  }
338
- return O.subtle.importKey(t, c, i, !1, a);
339
- }, de = (e, t, n) => se(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
340
- async function ue(e, t, n) {
440
+ return x.subtle.importKey(t, c, i, !1, o);
441
+ }, ge = (e, t, r) => we(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g, "spki", e, t);
442
+ async function be(e, t, r) {
341
443
  if (e.indexOf("-----BEGIN PUBLIC KEY-----") !== 0)
342
444
  throw new TypeError('"spki" must be SPKI formatted string');
343
- return de(e, t);
445
+ return ge(e, t);
344
446
  }
345
- const fe = (e, t) => {
447
+ const P = (e) => e == null ? void 0 : e[Symbol.toStringTag], Ae = (e, t) => {
346
448
  if (!(t instanceof Uint8Array)) {
347
- if (!Y(t))
348
- throw new TypeError(G(e, t, ...E, "Uint8Array"));
449
+ if (!Q(t))
450
+ throw new TypeError(Y(e, t, ...R, "Uint8Array"));
349
451
  if (t.type !== "secret")
350
- throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`);
452
+ throw new TypeError(`${P(t)} instances for symmetric algorithms must be of type "secret"`);
351
453
  }
352
- }, le = (e, t, n) => {
353
- if (!Y(t))
354
- throw new TypeError(G(e, t, ...E));
454
+ }, Ce = (e, t, r) => {
455
+ if (!Q(t))
456
+ throw new TypeError(Y(e, t, ...R));
355
457
  if (t.type === "secret")
356
- throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);
357
- if (t.algorithm && n === "verify" && t.type === "private")
358
- throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);
359
- if (t.algorithm && n === "encrypt" && t.type === "private")
360
- throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`);
361
- }, he = (e, t, n) => {
362
- e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? fe(e, t) : le(e, t, n);
458
+ throw new TypeError(`${P(t)} instances for asymmetric algorithms must not be of type "secret"`);
459
+ if (t.algorithm && r === "verify" && t.type === "private")
460
+ throw new TypeError(`${P(t)} instances for asymmetric algorithm verifying must be of type "public"`);
461
+ if (t.algorithm && r === "encrypt" && t.type === "private")
462
+ throw new TypeError(`${P(t)} instances for asymmetric algorithm encryption must be of type "public"`);
463
+ }, ve = (e, t, r) => {
464
+ e.startsWith("HS") || e === "dir" || e.startsWith("PBES2") || /^A\d{3}(?:GCM)?KW$/.test(e) ? Ae(e, t) : Ce(e, t, r);
363
465
  };
364
- function pe(e, t, n, r, o) {
365
- if (o.crit !== void 0 && (r == null ? void 0 : r.crit) === void 0)
466
+ function Te(e, t, r, n, a) {
467
+ if (a.crit !== void 0 && (n == null ? void 0 : n.crit) === void 0)
366
468
  throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');
367
- if (!r || r.crit === void 0)
469
+ if (!n || n.crit === void 0)
368
470
  return /* @__PURE__ */ new Set();
369
- if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((a) => typeof a != "string" || a.length === 0))
471
+ if (!Array.isArray(n.crit) || n.crit.length === 0 || n.crit.some((o) => typeof o != "string" || o.length === 0))
370
472
  throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
371
473
  let i;
372
- n !== void 0 ? i = new Map([...Object.entries(n), ...t.entries()]) : i = t;
373
- for (const a of r.crit) {
374
- if (!i.has(a))
375
- throw new C(`Extension Header Parameter "${a}" is not recognized`);
376
- if (o[a] === void 0)
377
- throw new e(`Extension Header Parameter "${a}" is missing`);
378
- if (i.get(a) && r[a] === void 0)
379
- throw new e(`Extension Header Parameter "${a}" MUST be integrity protected`);
380
- }
381
- return new Set(r.crit);
382
- }
383
- const me = (e, t) => {
384
- if (t !== void 0 && (!Array.isArray(t) || t.some((n) => typeof n != "string")))
474
+ r !== void 0 ? i = new Map([...Object.entries(r), ...t.entries()]) : i = t;
475
+ for (const o of n.crit) {
476
+ if (!i.has(o))
477
+ throw new w(`Extension Header Parameter "${o}" is not recognized`);
478
+ if (a[o] === void 0)
479
+ throw new e(`Extension Header Parameter "${o}" is missing`);
480
+ if (i.get(o) && n[o] === void 0)
481
+ throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`);
482
+ }
483
+ return new Set(n.crit);
484
+ }
485
+ const Ie = (e, t) => {
486
+ if (t !== void 0 && (!Array.isArray(t) || t.some((r) => typeof r != "string")))
385
487
  throw new TypeError(`"${e}" option must be an array of strings`);
386
488
  if (t)
387
489
  return new Set(t);
388
490
  };
389
- function ye(e, t) {
390
- const n = `SHA-${e.slice(-3)}`;
491
+ function Pe(e, t) {
492
+ const r = `SHA-${e.slice(-3)}`;
391
493
  switch (e) {
392
494
  case "HS256":
393
495
  case "HS384":
394
496
  case "HS512":
395
- return { hash: n, name: "HMAC" };
497
+ return { hash: r, name: "HMAC" };
396
498
  case "PS256":
397
499
  case "PS384":
398
500
  case "PS512":
399
- return { hash: n, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
501
+ return { hash: r, name: "RSA-PSS", saltLength: e.slice(-3) >> 3 };
400
502
  case "RS256":
401
503
  case "RS384":
402
504
  case "RS512":
403
- return { hash: n, name: "RSASSA-PKCS1-v1_5" };
505
+ return { hash: r, name: "RSASSA-PKCS1-v1_5" };
404
506
  case "ES256":
405
507
  case "ES384":
406
508
  case "ES512":
407
- return { hash: n, name: "ECDSA", namedCurve: t.namedCurve };
509
+ return { hash: r, name: "ECDSA", namedCurve: t.namedCurve };
408
510
  case "EdDSA":
409
511
  return { name: t.name };
410
512
  default:
411
- throw new C(`alg ${e} is not supported either by JOSE or your javascript runtime`);
513
+ throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
412
514
  }
413
515
  }
414
- function Se(e, t, n) {
415
- if (V(t))
416
- return oe(t, e, n), t;
516
+ async function Re(e, t, r) {
517
+ if (t = await Ee.normalizePublicKey(t, e), G(t))
518
+ return ue(t, e, r), t;
417
519
  if (t instanceof Uint8Array) {
418
520
  if (!e.startsWith("HS"))
419
- throw new TypeError(H(t, ...E));
420
- return O.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [n]);
521
+ throw new TypeError(L(t, ...R));
522
+ return x.subtle.importKey("raw", t, { hash: `SHA-${e.slice(-3)}`, name: "HMAC" }, !1, [r]);
421
523
  }
422
- throw new TypeError(H(t, ...E, "Uint8Array"));
524
+ throw new TypeError(L(t, ...R, "Uint8Array"));
423
525
  }
424
- const Ee = async (e, t, n, r) => {
425
- const o = await Se(e, t, "verify");
426
- ce(e, o);
427
- const i = ye(e, o.algorithm);
526
+ const _e = async (e, t, r, n) => {
527
+ const a = await Re(e, t, "verify");
528
+ fe(e, a);
529
+ const i = Pe(e, a.algorithm);
428
530
  try {
429
- return await O.subtle.verify(i, o, n, r);
531
+ return await x.subtle.verify(i, a, r, n);
430
532
  } catch {
431
533
  return !1;
432
534
  }
433
535
  };
434
- async function we(e, t, n) {
435
- if (!x(e))
536
+ async function xe(e, t, r) {
537
+ if (!_(e))
436
538
  throw new u("Flattened JWS must be an object");
437
539
  if (e.protected === void 0 && e.header === void 0)
438
540
  throw new u('Flattened JWS must have either of the "protected" or "header" members');
@@ -442,245 +544,279 @@ async function we(e, t, n) {
442
544
  throw new u("JWS Payload missing");
443
545
  if (typeof e.signature != "string")
444
546
  throw new u("JWS Signature missing or incorrect type");
445
- if (e.header !== void 0 && !x(e.header))
547
+ if (e.header !== void 0 && !_(e.header))
446
548
  throw new u("JWS Unprotected Header incorrect type");
447
- let r = {};
549
+ let n = {};
448
550
  if (e.protected)
449
551
  try {
450
- const T = R(e.protected);
451
- r = JSON.parse(_.decode(T));
552
+ const O = A(e.protected);
553
+ n = JSON.parse(C.decode(O));
452
554
  } catch {
453
555
  throw new u("JWS Protected Header is invalid");
454
556
  }
455
- if (!ae(r, e.header))
557
+ if (!le(n, e.header))
456
558
  throw new u("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
457
- const o = {
458
- ...r,
559
+ const a = {
560
+ ...n,
459
561
  ...e.header
460
- }, i = pe(u, /* @__PURE__ */ new Map([["b64", !0]]), n == null ? void 0 : n.crit, r, o);
461
- let a = !0;
462
- if (i.has("b64") && (a = r.b64, typeof a != "boolean"))
562
+ }, i = Te(u, /* @__PURE__ */ new Map([["b64", !0]]), r == null ? void 0 : r.crit, n, a);
563
+ let o = !0;
564
+ if (i.has("b64") && (o = n.b64, typeof o != "boolean"))
463
565
  throw new u('The "b64" (base64url-encode payload) Header Parameter must be a boolean');
464
- const { alg: c } = o;
566
+ const { alg: c } = a;
465
567
  if (typeof c != "string" || !c)
466
568
  throw new u('JWS "alg" (Algorithm) Header Parameter missing or invalid');
467
- const s = n && me("algorithms", n.algorithms);
569
+ const s = r && Ie("algorithms", r.algorithms);
468
570
  if (s && !s.has(c))
469
- throw new ee('"alg" (Algorithm) Header Parameter value not allowed');
470
- if (a) {
571
+ throw new ie('"alg" (Algorithm) Header Parameter value not allowed');
572
+ if (o) {
471
573
  if (typeof e.payload != "string")
472
574
  throw new u("JWS Payload must be a string");
473
575
  } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array))
474
576
  throw new u("JWS Payload must be a string or an Uint8Array instance");
475
577
  let p = !1;
476
- typeof t == "function" && (t = await t(r, e), p = !0), he(c, t, "verify");
477
- const w = j(g.encode(e.protected ?? ""), g.encode("."), typeof e.payload == "string" ? g.encode(e.payload) : e.payload);
478
- let l;
578
+ typeof t == "function" && (t = await t(n, e), p = !0), ve(c, t, "verify");
579
+ const g = ae(v.encode(e.protected ?? ""), v.encode("."), typeof e.payload == "string" ? v.encode(e.payload) : e.payload);
580
+ let h;
479
581
  try {
480
- l = R(e.signature);
582
+ h = A(e.signature);
481
583
  } catch {
482
584
  throw new u("Failed to base64url decode the signature");
483
585
  }
484
- if (!await Ee(c, t, l, w))
485
- throw new te();
586
+ if (!await _e(c, t, h, g))
587
+ throw new ce();
486
588
  let y;
487
- if (a)
589
+ if (o)
488
590
  try {
489
- y = R(e.payload);
591
+ y = A(e.payload);
490
592
  } catch {
491
593
  throw new u("Failed to base64url decode the payload");
492
594
  }
493
595
  else
494
- typeof e.payload == "string" ? y = g.encode(e.payload) : y = e.payload;
495
- const f = { payload: y };
496
- return e.protected !== void 0 && (f.protectedHeader = r), e.header !== void 0 && (f.unprotectedHeader = e.header), p ? { ...f, key: t } : f;
596
+ typeof e.payload == "string" ? y = v.encode(e.payload) : y = e.payload;
597
+ const l = { payload: y };
598
+ return e.protected !== void 0 && (l.protectedHeader = n), e.header !== void 0 && (l.unprotectedHeader = e.header), p ? { ...l, key: t } : l;
497
599
  }
498
- async function be(e, t, n) {
499
- if (e instanceof Uint8Array && (e = _.decode(e)), typeof e != "string")
600
+ async function Oe(e, t, r) {
601
+ if (e instanceof Uint8Array && (e = C.decode(e)), typeof e != "string")
500
602
  throw new u("Compact JWS must be a string or Uint8Array");
501
- const { 0: r, 1: o, 2: i, length: a } = e.split(".");
502
- if (a !== 3)
603
+ const { 0: n, 1: a, 2: i, length: o } = e.split(".");
604
+ if (o !== 3)
503
605
  throw new u("Invalid Compact JWS");
504
- const c = await we({ payload: o, protected: r, signature: i }, t, n), s = { payload: c.payload, protectedHeader: c.protectedHeader };
606
+ const c = await xe({ payload: a, protected: n, signature: i }, t, r), s = { payload: c.payload, protectedHeader: c.protectedHeader };
505
607
  return typeof t == "function" ? { ...s, key: c.key } : s;
506
608
  }
507
- const ge = (e) => Math.floor(e.getTime() / 1e3), q = 60, z = q * 60, J = z * 24, Ae = J * 7, Ie = J * 365.25, _e = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, W = (e) => {
508
- const t = _e.exec(e);
609
+ const Ke = (e) => Math.floor(e.getTime() / 1e3), ee = 60, te = ee * 60, H = te * 24, We = H * 7, Je = H * 365.25, De = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i, V = (e) => {
610
+ const t = De.exec(e);
509
611
  if (!t || t[4] && t[1])
510
612
  throw new TypeError("Invalid time period format");
511
- const n = parseFloat(t[2]), r = t[3].toLowerCase();
512
- let o;
513
- switch (r) {
613
+ const r = parseFloat(t[2]), n = t[3].toLowerCase();
614
+ let a;
615
+ switch (n) {
514
616
  case "sec":
515
617
  case "secs":
516
618
  case "second":
517
619
  case "seconds":
518
620
  case "s":
519
- o = Math.round(n);
621
+ a = Math.round(r);
520
622
  break;
521
623
  case "minute":
522
624
  case "minutes":
523
625
  case "min":
524
626
  case "mins":
525
627
  case "m":
526
- o = Math.round(n * q);
628
+ a = Math.round(r * ee);
527
629
  break;
528
630
  case "hour":
529
631
  case "hours":
530
632
  case "hr":
531
633
  case "hrs":
532
634
  case "h":
533
- o = Math.round(n * z);
635
+ a = Math.round(r * te);
534
636
  break;
535
637
  case "day":
536
638
  case "days":
537
639
  case "d":
538
- o = Math.round(n * J);
640
+ a = Math.round(r * H);
539
641
  break;
540
642
  case "week":
541
643
  case "weeks":
542
644
  case "w":
543
- o = Math.round(n * Ae);
645
+ a = Math.round(r * We);
544
646
  break;
545
647
  default:
546
- o = Math.round(n * Ie);
648
+ a = Math.round(r * Je);
547
649
  break;
548
650
  }
549
- return t[1] === "-" || t[4] === "ago" ? -o : o;
550
- }, $ = (e) => e.toLowerCase().replace(/^application\//, ""), Ce = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Te = (e, t, n = {}) => {
551
- let r;
651
+ return t[1] === "-" || t[4] === "ago" ? -a : a;
652
+ }, k = (e) => e.toLowerCase().replace(/^application\//, ""), He = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1, Ue = (e, t, r = {}) => {
653
+ let n;
552
654
  try {
553
- r = JSON.parse(_.decode(t));
655
+ n = JSON.parse(C.decode(t));
554
656
  } catch {
555
657
  }
556
- if (!x(r))
557
- throw new B("JWT Claims Set must be a top-level JSON object");
558
- const { typ: o } = n;
559
- if (o && (typeof e.typ != "string" || $(e.typ) !== $(o)))
560
- throw new h('unexpected "typ" JWT header value', r, "typ", "check_failed");
561
- const { requiredClaims: i = [], issuer: a, subject: c, audience: s, maxTokenAge: p } = n, w = [...i];
562
- p !== void 0 && w.push("iat"), s !== void 0 && w.push("aud"), c !== void 0 && w.push("sub"), a !== void 0 && w.push("iss");
563
- for (const f of new Set(w.reverse()))
564
- if (!(f in r))
565
- throw new h(`missing required "${f}" claim`, r, f, "missing");
566
- if (a && !(Array.isArray(a) ? a : [a]).includes(r.iss))
567
- throw new h('unexpected "iss" claim value', r, "iss", "check_failed");
568
- if (c && r.sub !== c)
569
- throw new h('unexpected "sub" claim value', r, "sub", "check_failed");
570
- if (s && !Ce(r.aud, typeof s == "string" ? [s] : s))
571
- throw new h('unexpected "aud" claim value', r, "aud", "check_failed");
572
- let l;
573
- switch (typeof n.clockTolerance) {
658
+ if (!_(n))
659
+ throw new S("JWT Claims Set must be a top-level JSON object");
660
+ const { typ: a } = r;
661
+ if (a && (typeof e.typ != "string" || k(e.typ) !== k(a)))
662
+ throw new f('unexpected "typ" JWT header value', n, "typ", "check_failed");
663
+ const { requiredClaims: i = [], issuer: o, subject: c, audience: s, maxTokenAge: p } = r, g = [...i];
664
+ p !== void 0 && g.push("iat"), s !== void 0 && g.push("aud"), c !== void 0 && g.push("sub"), o !== void 0 && g.push("iss");
665
+ for (const l of new Set(g.reverse()))
666
+ if (!(l in n))
667
+ throw new f(`missing required "${l}" claim`, n, l, "missing");
668
+ if (o && !(Array.isArray(o) ? o : [o]).includes(n.iss))
669
+ throw new f('unexpected "iss" claim value', n, "iss", "check_failed");
670
+ if (c && n.sub !== c)
671
+ throw new f('unexpected "sub" claim value', n, "sub", "check_failed");
672
+ if (s && !He(n.aud, typeof s == "string" ? [s] : s))
673
+ throw new f('unexpected "aud" claim value', n, "aud", "check_failed");
674
+ let h;
675
+ switch (typeof r.clockTolerance) {
574
676
  case "string":
575
- l = W(n.clockTolerance);
677
+ h = V(r.clockTolerance);
576
678
  break;
577
679
  case "number":
578
- l = n.clockTolerance;
680
+ h = r.clockTolerance;
579
681
  break;
580
682
  case "undefined":
581
- l = 0;
683
+ h = 0;
582
684
  break;
583
685
  default:
584
686
  throw new TypeError("Invalid clockTolerance option type");
585
687
  }
586
- const { currentDate: K } = n, y = ge(K || /* @__PURE__ */ new Date());
587
- if ((r.iat !== void 0 || p) && typeof r.iat != "number")
588
- throw new h('"iat" claim must be a number', r, "iat", "invalid");
589
- if (r.nbf !== void 0) {
590
- if (typeof r.nbf != "number")
591
- throw new h('"nbf" claim must be a number', r, "nbf", "invalid");
592
- if (r.nbf > y + l)
593
- throw new h('"nbf" claim timestamp check failed', r, "nbf", "check_failed");
594
- }
595
- if (r.exp !== void 0) {
596
- if (typeof r.exp != "number")
597
- throw new h('"exp" claim must be a number', r, "exp", "invalid");
598
- if (r.exp <= y - l)
599
- throw new D('"exp" claim timestamp check failed', r, "exp", "check_failed");
688
+ const { currentDate: U } = r, y = Ke(U || /* @__PURE__ */ new Date());
689
+ if ((n.iat !== void 0 || p) && typeof n.iat != "number")
690
+ throw new f('"iat" claim must be a number', n, "iat", "invalid");
691
+ if (n.nbf !== void 0) {
692
+ if (typeof n.nbf != "number")
693
+ throw new f('"nbf" claim must be a number', n, "nbf", "invalid");
694
+ if (n.nbf > y + h)
695
+ throw new f('"nbf" claim timestamp check failed', n, "nbf", "check_failed");
696
+ }
697
+ if (n.exp !== void 0) {
698
+ if (typeof n.exp != "number")
699
+ throw new f('"exp" claim must be a number', n, "exp", "invalid");
700
+ if (n.exp <= y - h)
701
+ throw new $('"exp" claim timestamp check failed', n, "exp", "check_failed");
600
702
  }
601
703
  if (p) {
602
- const f = y - r.iat, T = typeof p == "number" ? p : W(p);
603
- if (f - l > T)
604
- throw new D('"iat" claim timestamp check failed (too far in the past)', r, "iat", "check_failed");
605
- if (f < 0 - l)
606
- throw new h('"iat" claim timestamp check failed (it should be in the past)', r, "iat", "check_failed");
704
+ const l = y - n.iat, O = typeof p == "number" ? p : V(p);
705
+ if (l - h > O)
706
+ throw new $('"iat" claim timestamp check failed (too far in the past)', n, "iat", "check_failed");
707
+ if (l < 0 - h)
708
+ throw new f('"iat" claim timestamp check failed (it should be in the past)', n, "iat", "check_failed");
607
709
  }
608
- return r;
710
+ return n;
609
711
  };
610
- async function Re(e, t, n) {
611
- var a;
612
- const r = await be(e, t, n);
613
- if ((a = r.protectedHeader.crit) != null && a.includes("b64") && r.protectedHeader.b64 === !1)
614
- throw new B("JWTs MUST NOT use unencoded payload");
615
- const i = { payload: Te(r.protectedHeader, r.payload, n), protectedHeader: r.protectedHeader };
616
- return typeof t == "function" ? { ...i, key: r.key } : i;
617
- }
618
- const We = async (e) => {
712
+ async function Ne(e, t, r) {
713
+ var o;
714
+ const n = await Oe(e, t, r);
715
+ if ((o = n.protectedHeader.crit) != null && o.includes("b64") && n.protectedHeader.b64 === !1)
716
+ throw new S("JWTs MUST NOT use unencoded payload");
717
+ const i = { payload: Ue(n.protectedHeader, n.payload, r), protectedHeader: n.protectedHeader };
718
+ return typeof t == "function" ? { ...i, key: n.key } : i;
719
+ }
720
+ const $e = A;
721
+ function Le(e) {
722
+ if (typeof e != "string")
723
+ throw new S("JWTs must use Compact JWS serialization, JWT must be a string");
724
+ const { 1: t, length: r } = e.split(".");
725
+ if (r === 5)
726
+ throw new S("Only JWTs using Compact JWS serialization can be decoded");
727
+ if (r !== 3)
728
+ throw new S("Invalid JWT");
729
+ if (!t)
730
+ throw new S("JWTs must contain a payload");
731
+ let n;
732
+ try {
733
+ n = $e(t);
734
+ } catch {
735
+ throw new S("Failed to base64url decode the payload");
736
+ }
737
+ let a;
619
738
  try {
620
- const t = U.ALG, r = await ue(X, t);
621
- return await Re(e, r, {
622
- issuer: U.ISSUER
739
+ a = JSON.parse(C.decode(n));
740
+ } catch {
741
+ throw new S("Failed to parse the decoded payload as JSON");
742
+ }
743
+ if (!_(a))
744
+ throw new S("Invalid JWT Claims Set");
745
+ return a;
746
+ }
747
+ const Xe = async (e) => {
748
+ try {
749
+ const t = N.ALG, n = await be(ne, t);
750
+ return await Ne(e, n, {
751
+ issuer: N.ISSUER
623
752
  });
624
753
  } catch {
625
754
  return;
626
755
  }
756
+ }, Ze = (e) => {
757
+ try {
758
+ return Le(e);
759
+ } catch {
760
+ return;
761
+ }
627
762
  };
628
763
  var d = [];
629
- for (var P = 0; P < 256; ++P)
630
- d.push((P + 256).toString(16).slice(1));
631
- function ve(e, t = 0) {
764
+ for (var D = 0; D < 256; ++D)
765
+ d.push((D + 256).toString(16).slice(1));
766
+ function Me(e, t = 0) {
632
767
  return (d[e[t + 0]] + d[e[t + 1]] + d[e[t + 2]] + d[e[t + 3]] + "-" + d[e[t + 4]] + d[e[t + 5]] + "-" + d[e[t + 6]] + d[e[t + 7]] + "-" + d[e[t + 8]] + d[e[t + 9]] + "-" + d[e[t + 10]] + d[e[t + 11]] + d[e[t + 12]] + d[e[t + 13]] + d[e[t + 14]] + d[e[t + 15]]).toLowerCase();
633
768
  }
634
- var I, Pe = new Uint8Array(16);
635
- function xe() {
769
+ var I, Ve = new Uint8Array(16);
770
+ function ke() {
636
771
  if (!I && (I = typeof crypto < "u" && crypto.getRandomValues && crypto.getRandomValues.bind(crypto), !I))
637
772
  throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");
638
- return I(Pe);
773
+ return I(Ve);
639
774
  }
640
- var Oe = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
641
- const L = {
642
- randomUUID: Oe
775
+ var Be = typeof crypto < "u" && crypto.randomUUID && crypto.randomUUID.bind(crypto);
776
+ const B = {
777
+ randomUUID: Be
643
778
  };
644
- function k(e, t, n) {
645
- if (L.randomUUID && !t && !e)
646
- return L.randomUUID();
779
+ function F(e, t, r) {
780
+ if (B.randomUUID && !t && !e)
781
+ return B.randomUUID();
647
782
  e = e || {};
648
- var r = e.random || (e.rng || xe)();
649
- return r[6] = r[6] & 15 | 64, r[8] = r[8] & 63 | 128, ve(r);
783
+ var n = e.random || (e.rng || ke)();
784
+ return n[6] = n[6] & 15 | 64, n[8] = n[8] & 63 | 128, Me(n);
650
785
  }
651
- const M = globalThis.crypto, Je = (e) => `${k()}${k()}`.slice(0, e), Ke = (e) => btoa(
786
+ const q = globalThis.crypto, Fe = (e) => `${F()}${F()}`.slice(0, e), qe = (e) => btoa(
652
787
  [...new Uint8Array(e)].map((t) => String.fromCharCode(t)).join("")
653
788
  );
654
- async function Q(e) {
655
- if (!M.subtle)
789
+ async function re(e) {
790
+ if (!q.subtle)
656
791
  throw new Error(
657
792
  "crypto.subtle is available only in secure contexts (HTTPS)."
658
793
  );
659
- const t = new TextEncoder().encode(e), n = await M.subtle.digest("SHA-256", t);
660
- return Ke(n).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
794
+ const t = new TextEncoder().encode(e), r = await q.subtle.digest("SHA-256", t);
795
+ return qe(r).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
661
796
  }
662
- async function $e(e) {
797
+ async function je(e) {
663
798
  const t = e || 43;
664
799
  if (t < 43 || t > 128)
665
800
  throw `Expected a length between 43 and 128. Received ${e}.`;
666
- const n = Je(t), r = await Q(n);
801
+ const r = Fe(t), n = await re(r);
667
802
  return {
668
- code_verifier: n,
669
- code_challenge: r
803
+ code_verifier: r,
804
+ code_challenge: n
670
805
  };
671
806
  }
672
- async function Le(e, t) {
673
- return t === await Q(e);
807
+ async function et(e, t) {
808
+ return t === await re(e);
674
809
  }
675
810
  export {
676
- Ne as API_TYPE,
677
- Ue as AUTH_TYPES,
678
- De as HEADERS,
679
- U as JWT,
680
- X as JWT_PUBLIC_KEY,
681
- He as TOKEN_EXPIRATION,
682
- Q as generateCodeChallenge,
683
- $e as pkceChallengePair,
684
- We as verifyAndExtractToken,
685
- Le as verifyChallenge
811
+ Qe as API_TYPE,
812
+ Ge as AUTH_TYPES,
813
+ ze as HEADERS,
814
+ N as JWT,
815
+ ne as JWT_PUBLIC_KEY,
816
+ Ye as TOKEN_EXPIRATION,
817
+ Ze as decodeToken,
818
+ re as generateCodeChallenge,
819
+ je as pkceChallengePair,
820
+ Xe as verifyAndExtractToken,
821
+ et as verifyChallenge
686
822
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@versini/auth-common",
3
- "version": "2.9.0",
3
+ "version": "2.10.0",
4
4
  "license": "MIT",
5
5
  "author": "Arno Versini",
6
6
  "publishConfig": {
@@ -32,8 +32,8 @@
32
32
  "test": "vitest run"
33
33
  },
34
34
  "dependencies": {
35
- "jose": "5.4.1",
35
+ "jose": "5.6.2",
36
36
  "uuid": "10.0.0"
37
37
  },
38
- "gitHead": "48c8a3b48dc2d614be43f407e6c72fd433530afc"
38
+ "gitHead": "5abd68fc5595a95360b4e80088cc39c067722085"
39
39
  }